MikroTik

Rudios

just do a

/ip neighbor print file=<name>

If you need detailed information, add the 'detail' parameter.

Rudios

Aren't the LLDP packets based on the neighour discovery?
Disable this.

Rudios

You need to supply more information, like IP assignments etc.

Rudios

I guess both servers are using their default gateway (192.168.1.1) and therefore their ether2 connected slave.
I would create a dedicated route on both servers, that if the other server is the destination, forward the packet to the 10.15.x.1 gateway.

Rudios

I would put the dst-address of your hairpin nat rule being the server only
dst-address=192.168.1.252
Also I don't know what the parameter out-interface-list=all does
Last but not least, leave out the protocol parameter

Rudios

Regarding wiki I need to bridge wireless interfaces and switch master port. In this configuration, when I'm running speedtest wired, I see up to 60% CPU usage. When I removed bridge, created new one only with wireless interfaces, running dhcp on it. On master switch port second dhcp server. Then wh...

Rudios

I don't see any reason to use IP 10.10.10.10 on your DNS.
Try again after removing it, or do you have good reason to use it?

Rudios

So how to achieve this? ether1 - wan ether25 - lan wlan12 - wifi. Create bridge between ether1 & wlan12 (without lan access?), leave ether25 in normal switch mode without bridging? I tried to remove ether25 from bridge and leave there ether1 and wlan12 but it didn't works. Any help please. TIA. Don...

Rudios

I don't think this is going to work.
The RS232 connection on the RB only gives you serial connection to the management interface of RouterOS.
I don't think you would be able to read/write any tcp/ip data to/from the PLC

Rudios

Another option would be to allow dns requests to the router on UDP/TCP port 53 and block the rest.
I have to add that I follow this generic rule: Allow specific desired connection and drop everything else.

Rudios

You should be able to reach the router by winbox
On the other hand, you configured the rule on ether3, what if you connect your cable to a different port

Rudios

I vote for unknown port forward!

Rudios

I have two RB2011's just like this currently. Ports 1-5 work perfectly as a dumb switch, but there does not seem to be a way to communicate with the internals. The LCD screen is white as well. I've tried Winbox, NetInstall, serial console, ssh, telnet, mac telnet, reset button, and spanning the har...

Rudios

You have to make a Hairpin NAT Rule,
http://wiki.mikrotik.com/wiki/Hairpin_NAT

Rudios

The device has a serial port, try to connect to it in order to see if it reacts.

Rudios

I think you have to clarify a little.
If you want untagged traffic only, just use the normal interface.
Or are you looking for something that drops all packets that DO have vlan tag?

Rudios

Disable the master port assignment for port 5.

Rudios

In order to know your firewall rules are blocking the traffic in the right way,
Just ping from a PC in one subnet to a connected client on the other subnet (No the router itself)

Rudios

If you configure it as in the image, you need to create static routes in Fritzbox and Zyxel. RB750 should have similar IP: - 192.168.1.X (ideal static IP, excluded from DHCP) on the interface connected to Fritzbox, eg 192.168.1.2 - 192.168.100.X (ideal static IP, excluded from DHCP) on the interfac...

Rudios

Create the needed VLANs on Eth5 and give each VLAN interface a dedicated address (use separate subnets). Build firewall rules in such a way that the traffic can only go outside /ip firewall filter add chain=forward in-interface=vlan-x out-interface=ether1 action=allow add chain=forward in-interface=...

Rudios

You probably mean you type ping!
And what device is holding the IP 10.20.0.254.
If it is the router (interface connected to the 10.20.0.0/24 subnet) it makes sense, because connections to the router itself are handled in the input chain.

Rudios

What do you mean by "ipconfig to the other subnet"?
Maybe draw us a picture and share some more detailed information about your configuration(s)

Rudios

You have to use dst-nat for this.
create something like

/ip firewall nat
add chain=dstnat action=dst-nat src-address=192.168.88.10 protocol=udp dst-address=88.88.88.88 dst-port=xxx to-address=192.168.88.11

Rudios

That is because the dst-nat rule is carried out before the filter rule is applied, and after the dst-nat rule is applied your dst-address is not your public IP anymore but the 10.x.y.z. address. Also you have to handle the filter rules on your forward chain instead of your input because of this dst-...

Rudios

For sure that your firewall could have some negative impact on your tries.
Just temporarily disable your firewall completely on your PC.

Rudios

It depends on the channel you are checking. As of today the most current release is 6.37.3 for the stable channel, for the bug-fix-only channel the latest version is 6.36.4 In order to update you can always download the latest version from the Mikrotik website and upload the package to your routerbo...

Rudios

The thing is that I do not want to connect ( call ) through my WAN IP and use my internet bandwidth when inside WLAN. I want packet to get forwarded directly to my PBX server so that they are not going through my WAN port whenever Im inside my LAN. I guess it is just a matter of routing, you don't ...

Rudios

As I see it you either have to first knock 1000 OR 2000 and if you then knock 3000 you will be granded access. If you want a specific order, all three should be assigned a dedicated address-list. so knock 1000, add to list port-knock1 then; knock 2000, when in port-knock1, add to port-knock2 then kn...

Rudios

I would even go for one allow rule, and then a generic drop.

Rudios

I assume you have a port forward on our router in order to connect you mobile phone via your external IP.
If that is the case you should configure a HairPin NAT rule in order to be able to connect via your WAN ip when inside your network.

Rudios

MikroTik RouterBOARD RB2011UiAS-RM

That model does have a serial console port, so when you have physical access to the device, use this.

Rudios

Keep in mind to use the Legacy Network adapters on your guest configuration.
When using the Standard adapters, they will appear within RouterOS, but will not passthrough any traffic.

Rudios

I also had the first thought to go for simple solution with VLAN's.
@jarda: But how to solve the wireless links in combination with these VLAN's. I have come across some possible solution with WDS, but it is not that stable after-all.

Rudios

Based on your first screenshot you are not using the IP segment 192.168.88.0 at all on your router. Your local IP address is 192.168.1.1 You have set the subnet mask to /8 (255.0.0.0) I guess you have to revert that back to /24 (255.255.255.0) Also your WAN connection is getting an IP address in ran...

Rudios

I still would suggest my earlier solution.
Bridge all ports on the MikroTik and let the DCHP on your cable modem assign addresses to your NASs (or put static if needed)

Rudios

You actually not using the DNS server supplied by your DHCP server (use-peer-dns=no parameter on your dhcp-client)

Rudios

Please share your configurations, that will make it more easy to help you out.

Rudios

rsc is the result of export

Rudios

I would go for the export feature! The big downside to making a backup is that it could only be restored on the same type device, with exact same RouterOS version. When creating an export (rsc file) you could alter fhe file if needed and load it on practical any replacement device when needed. [EDIT...

Rudios

I am not sure, but I guess you will need a device that has 2 wirelss interfaces.
For as much as my information goes, any wireless interface can only be running as an AP or station at any given time uniquely, no dual modes together.

Rudios

Hi everyone, I found my mistake, actually everything worked well from the start, without having to add route. The packed arrived well in my LAN, but could not return to the VPN, because I marked packets in my LAN to WAN1. I therefore excluded marking packets for the VPN: chain=prerouting action=mar...

Rudios

Hi everyone, I found my mistake, actually everything worked well from the start, without having to add route. The packed arrived well in my LAN, but could not return to the VPN, because I marked packets in my LAN to WAN1. I therefore excluded marking packets for the VPN: chain=prerouting action=mar...

Rudios

not working, I already tried.

chain=dstnat action=dst-nat to-addresses=192.168.88.1 to-ports=8291 protocol=tcp in-interface=pppoe-out1 dst-port=8291 log=no log-prefix=""

for filter rules, I have default rules.

If you have default rules, you should add one for allowing traffic after dst-nat.

Rudios

What device is holding your wifi AP?
Where is the device connecting from located? At the same wifi or on the internet somewhere?

Rudios

The best way is to port-forward (dst-nat) an explicit outside port to the internal ip address of your routerboard, port 8291 (default winbox).
Additionally you probably need an allow rule in your firewall filter input chain.

Rudios

on your RB1100 put the following
/ip route
add dst-address=192.168.0.0/24 gateway=10.10.10.11

Rudios

If you do not have the possibility to alter the corp. network infrastructure, the only thing is left is adding a static route on your corp. domain systems. I don't know what type of systems you are using? As last resort you can also NAT masquerade the traffic from your lab environment towards the co...

Rudios

You should add a route to your remote network on your RB1100

Rudios

What if you do a trace route towards the server?

Rudios

Just disable all DHCP stuff on the routerboard and add all ports to the same bridge.
If bridging all ports, it is just like a switch.
Give the MikroTik an IP address for management only (in the 192.168.0.x segment)

Search found 966 matches