Community discussions

MUM Europe 2020

Search found 284 matches

by ShayanFiroozi
Mon Aug 15, 2016 1:03 pm
Forum: General
Topic: Specific routing mark or routing table on Netwatch
Replies: 1
Views: 554

Specific routing mark or routing table on Netwatch

Hi guys Is there any way to ping an IP by Netwatch with a specific routing table or routing mark ?? if there isn't i think it would be very useful in many solutions for example : i configured 2 internet gateway in 1 router, but my fail-over technique just working when the interface is physically una...
by ShayanFiroozi
Tue May 31, 2016 2:54 pm
Forum: General
Topic: how to choose the DNS server's gateway
Replies: 11
Views: 2003

Re: how to choose the DNS server's gateway

Inorder to use ROS' DNS cache feature, All my devices are using ROS as their DNS server . And I am living in China, our DNS service has been poisoned. Inorder to visit some website such as facebook, I need to force ROS to request DNS service through a VPN gateway. I've tried several ways,but it doe...
by ShayanFiroozi
Fri Apr 15, 2016 10:32 pm
Forum: General
Topic: VPN tunnel for CCTV
Replies: 6
Views: 1500

Re: VPN tunnel for CCTV

Maybe it's about your Internet , are you sure your internet speed is good enough and stable ??
by ShayanFiroozi
Fri Apr 15, 2016 8:34 am
Forum: General
Topic: Block all url and traffic internet but not yahoo and facebook
Replies: 4
Views: 678

Re: Block all url and traffic internet but not yahoo and facebook

Dear shayan,
I want to do the same config but i need more details from you.
Note that I had used web-proxy but it was not work!
Thanks for your help.
Search the internet for yahoo and facebook IP's then we can easily drop other packets !
by ShayanFiroozi
Thu Apr 14, 2016 1:00 pm
Forum: General
Topic: VPN tunnel for CCTV
Replies: 6
Views: 1500

Re: VPN tunnel for CCTV

Hello, I have problem becouse I don't know how to configure two mikrotik routers. I attachment JPG with my problem. I have configured VPN and I think it is working but I don't know how to configure routers. User doesn't see CCTV. Could anybody help me? Hi, send you both router configuration did you...
by ShayanFiroozi
Wed Apr 13, 2016 4:29 pm
Forum: General
Topic: Block all url and traffic internet but not yahoo and facebook
Replies: 4
Views: 678

Re: Block all url and traffic internet but not yahoo and facebook

Hello, i want to block all url and traffic internet in mikrotik but leave yahoo and facebook you can enable web-proxy feature or use IP firewall. With IP firewall you should find all facebook and yahoo IP's and allow them on your router and then deny all traffic from the internet , using url (Layer...
by ShayanFiroozi
Wed Apr 13, 2016 8:56 am
Forum: General
Topic: How to block Youtube and facebook Android App in router Mikrotik
Replies: 31
Views: 74821

Re: How to block Youtube and facebook Android App in router Mikrotik

thank you for your replay my setup firewall for block Facebook and YouTube from PC and laptop - from L7 create Regexp ^.+(facebook.com).*$ - create Filter Rule chain: forward Src.Address=192.168.1.2/24 layer 7 protocol= facebbok Action=Drop i need some one did block Facebook app from mobile If App ...
by ShayanFiroozi
Tue Apr 12, 2016 11:05 pm
Forum: Beginner Basics
Topic: problem ERROR: Gateway Timeout
Replies: 16
Views: 5600

Re: problem ERROR: Gateway Timeout

ok i will do it but if i need set new configuration u can tell me correct option ? or link can i learn from here ?
need to know what you gonna do ?
draw your network diagram visually with some software like visio and post it here
by ShayanFiroozi
Tue Apr 12, 2016 6:41 pm
Forum: Beginner Basics
Topic: problem ERROR: Gateway Timeout
Replies: 16
Views: 5600

Re: problem ERROR: Gateway Timeout

run export hide-sensitive in terminal
by ShayanFiroozi
Tue Apr 12, 2016 8:30 am
Forum: Beginner Basics
Topic: Bricked my RB750Gr2 will not reset
Replies: 1
Views: 762

Re: Bricked my RB750Gr2 will not reset

Newby here, Tried to update my hEX. Now unit will not give router address connected via Ethernet. Tried to use reset pin, held for 7sec. Will no longer beep during power up. Ip on computer shows 169.254.214.215 / 255.255.0.0 May have deleted boot backup in router folder. Is there hard reboot, or di...
by ShayanFiroozi
Tue Apr 12, 2016 7:55 am
Forum: Beginner Basics
Topic: Route to second WAN based on extensions
Replies: 8
Views: 1119

Re: Route to second WAN based on extensions

Same problem. Once it goes one way... The whole thing could half-work if you had provider independent addresses with two uplinks and it wouldn't matter which one is used. Then you could send outgoing traffic any way you'd want. But only outgoing, you still wouldn't be able to influence incoming tra...
by ShayanFiroozi
Tue Apr 12, 2016 7:51 am
Forum: Beginner Basics
Topic: Route to second WAN based on extensions
Replies: 8
Views: 1119

Re: Route to second WAN based on extensions

I guess routing extension will not work. Ok I found 'connection-byte' marking method. but how it will going to work in following? I want to route files above then 100MB to second wan link , will this work? how it will work, it will route to second wan link after initial 100mb transfer or will it se...
by ShayanFiroozi
Tue Apr 12, 2016 7:45 am
Forum: Beginner Basics
Topic: problem ERROR: Gateway Timeout
Replies: 16
Views: 5600

Re: problem ERROR: Gateway Timeout

and this proxy enabled: yes src-address: 192.168.1.1 Your ADSL ip is 192.168.1.1 and then you've set your web proxy src-address to 192.168.1.1 !! disable your entire web proxy and check if your ADSL modem is reachable also let web-proxy src-address to be blank , router will use the best in its rout...
by ShayanFiroozi
Mon Apr 11, 2016 11:12 pm
Forum: General
Topic: How to block Youtube and facebook Android App in router Mikrotik
Replies: 31
Views: 74821

Re: How to block Youtube and facebook Android App in router Mikrotik

Hi,
so tell us how did you do that on your PC and laptop ?
by ShayanFiroozi
Mon Apr 11, 2016 11:10 pm
Forum: Beginner Basics
Topic: Route to second WAN based on extensions
Replies: 8
Views: 1119

Re: Route to second WAN based on extensions

Is there any way I can route few extension like exe or mp3 files to second WAN link ?
will this routing work?
Hi,
the only way is to catch extension with L7 firewalling , Mark connections , Mark routing and then route them via specific interface
by ShayanFiroozi
Mon Apr 11, 2016 11:06 pm
Forum: Beginner Basics
Topic: problem ERROR: Gateway Timeout
Replies: 16
Views: 5600

Re: problem ERROR: Gateway Timeout

and this proxy enabled: yes src-address: 192.168.1.1 Your ADSL ip is 192.168.1.1 and then you've set your web proxy src-address to 192.168.1.1 !! disable your entire web proxy and check if your ADSL modem is reachable also let web-proxy src-address to be blank , router will use the best in its rout...
by ShayanFiroozi
Mon Apr 11, 2016 7:00 am
Forum: Beginner Basics
Topic: problem ERROR: Gateway Timeout
Replies: 16
Views: 5600

Re: problem ERROR: Gateway Timeout

it's better to send your router configuration here , specially firewall and proxy settings
by ShayanFiroozi
Sun Apr 10, 2016 8:08 pm
Forum: Beginner Basics
Topic: Server and public ip
Replies: 17
Views: 1691

Re: Server and public ip

I would try to help.... but I just don't understand the question. You want someone from the INTERNET or WAN to be able to reach the server when they use the FQDN (Like http://something.somethingelse.com. But not if they use the IP address of 65.54.254.3 which is the FQDNs actual IP? Yes , that's hi...
by ShayanFiroozi
Sun Apr 10, 2016 8:05 pm
Forum: Beginner Basics
Topic: Access through IP Address
Replies: 4
Views: 658

Re: Access through IP Address

As Sob said 2 devices in bridged mode should be in same IP range , in your situation your Macbook should have 192.168.1.x/24 (255.255.255.0) and your mikrotik connected to ether2 , because IP has been set on your ether2
by ShayanFiroozi
Sun Apr 10, 2016 12:04 pm
Forum: Beginner Basics
Topic: Access through IP Address
Replies: 4
Views: 658

Re: Access through IP Address

Hi,

when you remove router default configuration its default IP address will be removed
so you have to add your own IP address(based on your network configuration) in IP/Addresses

for example : 192.168.1.1/24 or etc..
by ShayanFiroozi
Sun Apr 10, 2016 11:36 am
Forum: Beginner Basics
Topic: Server and public ip
Replies: 17
Views: 1691

Re: Server and public ip

My server already has a username and password but it's not my question My question is how to restrict access to my server via my public IP but only through my domain name that's i don't know , Since it's about DNS and public IP and they are the same now ! i don't think Mikrotik could help you , but...
by ShayanFiroozi
Sun Apr 10, 2016 11:27 am
Forum: General
Topic: Why so laggy when using PPTP VPN and how to resolve it?
Replies: 1
Views: 479

Re: Why so laggy when using PPTP VPN and how to resolve it?

Hi community , I have no idea why it's so laggy when I'm using PPTP at home. I need to work at home using PPTP connect to the network of my company. While I'm operating ERP system or using Xshell SSH connect to ERP server , I'm feeling so laggy and painful . I'm seeking help here , please give me a...
by ShayanFiroozi
Sun Apr 10, 2016 11:20 am
Forum: General
Topic: Simple queues unable to catch traffic to/from the router itself?
Replies: 3
Views: 739

Re: Simple queues unable to catch traffic to/from the router itself?

Is it possible to have Simple Queues limit/control the traffic generated by the router itself? I've recreated a simple config in CHR /queue simple add dst=ether3 name=queue1 target="" /ip settings set allow-fast-path=no /ip address add address=10.1.0.1/24 interface=ether1 network=10.1.0.0 add addre...
by ShayanFiroozi
Sun Apr 10, 2016 11:15 am
Forum: SwOS
Topic: How to use acl?
Replies: 2
Views: 10764

Re: How to use acl?

Hi, I am just wondering is it possible to use the ACL feature in swos to change the vlan-id by mac address? Example: Port1: vlan 10,20 Port2: default 20 for all, but certain mac address I would like it to be part of vlan 10. Is this configuration possible? And how can I configure it? Thanks! Hi, it...
by ShayanFiroozi
Sun Apr 10, 2016 10:45 am
Forum: Beginner Basics
Topic: Server and public ip
Replies: 17
Views: 1691

Re: Server and public ip

So if you wanna make your Server public , it's public !
you have destination NAT to your Server.
it is reachable from internet because you want this.

if you limit your source IP addresses its publicity has no meaning
it's better to secure your Server with strong username and password
by ShayanFiroozi
Sun Apr 10, 2016 9:16 am
Forum: Beginner Basics
Topic: problem ERROR: Gateway Timeout
Replies: 16
Views: 5600

Re: problem ERROR: Gateway Timeout

try winbox how ?
i need login to my router adsl not mikrotik
It seems you have enabled web cache server , so exclude your ADSL modem's IP address from cache in mikrotik
by ShayanFiroozi
Sun Apr 10, 2016 9:12 am
Forum: Beginner Basics
Topic: Server and public ip
Replies: 17
Views: 1691

Re: Server and public ip

Send your NAT configuration here
by ShayanFiroozi
Sat Apr 09, 2016 7:23 pm
Forum: Beginner Basics
Topic: Server and public ip
Replies: 17
Views: 1691

Re: Server and public ip

Hi,
Drop packets which NOT coming from your LAN subnet and going to Synology device , use IP/Firewall/Filter Rules
Or it's better to set this rule when you are NATTING your packets to Synology
by ShayanFiroozi
Thu Apr 07, 2016 1:46 pm
Forum: Beginner Basics
Topic: problem ERROR: Gateway Timeout
Replies: 16
Views: 5600

Re: problem ERROR: Gateway Timeout

Try Winbox
by ShayanFiroozi
Wed Apr 06, 2016 7:12 pm
Forum: General
Topic: How to setup 2 different networks on one router with one gateway?
Replies: 6
Views: 6256

Re: How to setup 2 different networks on one router with one gateway?

I have a similar question, but in my case i need that both networks have independent gateways. Routers are not really my thing and this is the first time using a Mikrotik hardware. Something like: Network 1 - Gateway ETH1 (Has its own valid IP) - Port ETH2 (Connected to a switch) Network 2 - Gatewa...
by ShayanFiroozi
Wed Apr 06, 2016 7:11 pm
Forum: General
Topic: How to setup 2 different networks on one router with one gateway?
Replies: 6
Views: 6256

Re: How to setup 2 different networks on one router with one gateway?

I have a similar question, but in my case i need that both networks have independent gateways. Routers are not really my thing and this is the first time using a Mikrotik hardware. Something like: Network 1 - Gateway ETH1 (Has its own valid IP) - Port ETH2 (Connected to a switch) Network 2 - Gatewa...
by ShayanFiroozi
Wed Apr 06, 2016 7:09 pm
Forum: General
Topic: how to tunel
Replies: 5
Views: 825

Re: how to tunel

If you can ping last router so you can use ip/ip tunnel,if not you should setup up router's routing tables in order to get ping
by ShayanFiroozi
Mon Apr 04, 2016 8:35 am
Forum: General
Topic: how to tunel
Replies: 5
Views: 825

Re: how to tunel

in what situation ?
by ShayanFiroozi
Mon Apr 04, 2016 8:30 am
Forum: General
Topic: how to bypass NTLM traffic through mikrotik?
Replies: 3
Views: 880

Re: how to bypass NTLM traffic through mikrotik?

Would you please export your conf ?? specially firewall , IP , Route settings
by ShayanFiroozi
Mon Apr 04, 2016 8:16 am
Forum: General
Topic: bridge filters for prevent clients from seeing ip and mac ?
Replies: 12
Views: 1625

Re: bridge filters for prevent clients from seeing ip and mac ?

Assume your hotspot gateway is 192.168.88.1 you should allow your clients to communicate with their gateway with this 2 rules : add chain=forward dst-address=192.168.88.1 src-address=192.168.88.0/24 add chain=forward dst-address=192.168.88.0/24 src-address=192.168.88.1 then drop every packets in sa...
by ShayanFiroozi
Mon Apr 04, 2016 8:09 am
Forum: Scripting
Topic: How to find name by its mask?
Replies: 10
Views: 1336

Re: How to find name by its mask?

Good Luck
by ShayanFiroozi
Sun Apr 03, 2016 9:46 am
Forum: Wireless Networking
Topic: Should i put AP ip and mac in MiroTik ?
Replies: 4
Views: 682

Re: Should i put AP ip and mac in MiroTik ?

Hi, Sorry your question in not clear , but it seems what you need is Access-list you can easily add your clients MAC address in Access-list and also disable (uncheck) "Default Authenticate" feature on your AP after that AP just allow clients who their MAC addresses added by you in AP's Access-list ...
by ShayanFiroozi
Sun Apr 03, 2016 9:35 am
Forum: General
Topic: bridge filters for prevent clients from seeing ip and mac ?
Replies: 12
Views: 1625

Re: bridge filters for prevent clients from seeing ip and mac ?

Hi, why don't you use IP's ?? in Bridge/Setting/enable Use IP Firewall then in IP/Firewall add a simple rule which drop packets from same subnet which client are in ! for example drop forwarding packet from 192.168.200.0/24 to 192.168.200.0/24 i thanks Shayan very much so i have to delete my filter...
by ShayanFiroozi
Sat Apr 02, 2016 10:26 pm
Forum: General
Topic: bridge filters for prevent clients from seeing ip and mac ?
Replies: 12
Views: 1625

Re: bridge filters for prevent clients from seeing ip and mac ?

Hi,
why don't you use IP's ??

in Bridge/Setting/enable Use IP Firewall

then in IP/Firewall add a simple rule which drop packets from same subnet which client are in !

for example drop forwarding packet from 192.168.200.0/24 to 192.168.200.0/24
by ShayanFiroozi
Sat Apr 02, 2016 10:17 pm
Forum: Wireless Networking
Topic: Should i put AP ip and mac in MiroTik ?
Replies: 4
Views: 682

Re: Should i put AP ip and mac in MiroTik ?

Hi, Sorry your question in not clear , but it seems what you need is Access-list you can easily add your clients MAC address in Access-list and also disable (uncheck) "Default Authenticate" feature on your AP after that AP just allow clients who their MAC addresses added by you in AP's Access-list *...
by ShayanFiroozi
Sat Apr 02, 2016 10:04 pm
Forum: Beginner Basics
Topic: Plz MikroTik , give me solution for netcut and theft of Mac address ?
Replies: 10
Views: 1988

Re: Plz MikroTik , give me solution for netcut and theft of Mac address ?

You should add some firewall rules ,
Besides you should not allow client to communicate with each other
by ShayanFiroozi
Sat Apr 02, 2016 9:38 am
Forum: Scripting
Topic: How to find name by its mask?
Replies: 10
Views: 1336

Re: How to find name by its mask?

[find where name~"3-"]

it will give you queue ID which you can use it for any operation , Mikrotik scripting is ID based not name based
by ShayanFiroozi
Sat Apr 02, 2016 9:28 am
Forum: Beginner Basics
Topic: Plz MikroTik , give me solution for netcut and theft of Mac address ?
Replies: 10
Views: 1988

Re: Plz MikroTik , give me solution for netcut and theft of Mac address ?

Hi,
would you explain more please , what exactly the theft of Mac address is ?
by ShayanFiroozi
Fri Apr 01, 2016 6:27 pm
Forum: Scripting
Topic: How to find name by its mask?
Replies: 10
Views: 1336

Re: How to find name by its mask?

Sorry i didn't understand you , would you please give an example ?
by ShayanFiroozi
Fri Apr 01, 2016 6:25 pm
Forum: General
Topic: Qos & Adobe Flash
Replies: 1
Views: 539

Re: Qos & Adobe Flash

Hi,
it depends on your server , for HTTP sites you could catch them with L7 and file extension in firewall(.flv .mp4 .3gp and etc..) , but for HTTPS sites (like YouTube) it's better to use IP addresses.
by ShayanFiroozi
Fri Apr 01, 2016 2:56 am
Forum: Scripting
Topic: How to find name by its mask?
Replies: 10
Views: 1336

Re: How to find name by its mask?

Hi,

: put [[get 3 value-name=name]]

output is : your queue name , but :put command will print it on Terminal Window , i just used it for a working command ! ;)
by ShayanFiroozi
Thu Mar 31, 2016 8:05 am
Forum: General
Topic: Routing Youtube Traffic Doesnt Work
Replies: 10
Views: 2274

Re: Routing Youtube Traffic Doesnt Work

Working on media extension is possible only when you trying to download media's from Youtube with some download software like Download Manager , but playing media's in Youtube won't use extension , it's all about media streaming in a flash player plugin it seems you have to find all IP's !!! at leas...
by ShayanFiroozi
Wed Mar 30, 2016 9:27 pm
Forum: Beginner Basics
Topic: Public IP display problem
Replies: 28
Views: 3262

Re: Public IP display problem

Change your NAT rules priority , make sure all NATs about Synology come first in you Firewall Nat list , you can easily drag them to top on Winbox.
you are masquerading your Synology interface , of course router will change real addresses with itself IP.
by ShayanFiroozi
Wed Mar 30, 2016 9:11 pm
Forum: Beginner Basics
Topic: Help with NAT Firewall Rule with Address List of Countries
Replies: 4
Views: 1041

Re: Help with NAT Firewall Rule with Address List of Countries

add action=dst-nat chain=dstnat dst-address=1.2.3.4 dst-port=80 protocol=tcp src-address-list=US to-addresses=192.168.168.24 to-ports=80

it should work unless you have other firewall rules or NAT rules , also make sure your web server is HTTP not HTTPS
by ShayanFiroozi
Wed Mar 30, 2016 8:43 pm
Forum: Beginner Basics
Topic: Help with NAT Firewall Rule with Address List of Countries
Replies: 4
Views: 1041

Re: Help with NAT Firewall Rule with Address List of Countries

Hi,
is 192.168.168.24 your web server ??
by ShayanFiroozi
Wed Mar 30, 2016 7:53 pm
Forum: General
Topic: Port forward to Static IP
Replies: 8
Views: 1689

Re: Port forward to Static IP

Hi,
Problem is your ports.
what is port 800 ? and why did you forward it to 443 ??
use port 80
by ShayanFiroozi
Wed Mar 30, 2016 7:21 pm
Forum: General
Topic: how to tunel
Replies: 5
Views: 825

Re: how to tunel

Hi,
IP Tunnel for general purposes
IPSec for a secure tunnel
EOIP Tunnel for bridging your network and carrying Layer 2 traffic
by ShayanFiroozi
Wed Mar 30, 2016 6:12 pm
Forum: Beginner Basics
Topic: Rb941-2nd delete startup script
Replies: 3
Views: 640

Re: Rb941-2nd delete startup script

Hi , it's not a strange thing ! you are disconnecting yourself from router and it's completely normal. when configuring a router you should always make sure that you have a stable connection to it , also when you wanna connect via Winbox click on your router MAC address in list not IP , this help yo...
by ShayanFiroozi
Wed Mar 30, 2016 6:07 pm
Forum: Beginner Basics
Topic: Public IP display problem
Replies: 28
Views: 3262

Re: Public IP display problem

Hello
The problem is the same
How do I export my configuration?
on Winbox go to NewTerminal and type this command : export hide-sensitive

and don't forget to secure(hide) your router sensitive information such as public IP's
by ShayanFiroozi
Wed Mar 30, 2016 8:16 am
Forum: Beginner Basics
Topic: Public IP display problem
Replies: 28
Views: 3262

Re: Public IP display problem

It seems you have a bridge in your router ,so what is that ? in your routing table you have 192.168.1.0 reachable from bridge ! i still recommend you to post you router configuration with hide-sensitive , may be it's not about NAT at all because you are bridging some devices , also disabling your na...
by ShayanFiroozi
Wed Mar 30, 2016 7:49 am
Forum: General
Topic: Routing Youtube Traffic Doesnt Work
Replies: 10
Views: 2274

Re: Routing Youtube Traffic Doesnt Work

Hi, Google and Youtube use https , it means end to end encryption , how did you catch them with L7? i suggest you to use IP's , besides if you are separating your in/out traffic from/to Google or Youtube with different IP it may be an security issue for those servers , can't say exactly , just a tho...
by ShayanFiroozi
Wed Mar 30, 2016 7:06 am
Forum: Beginner Basics
Topic: Can't access microsoft sites or services after bridging lan with eoip
Replies: 9
Views: 1324

Re: Can't access microsoft sites or services after bridging lan with eoip

@jarda : i think it's MTU too but each site has its own internet(provider,gateway,NAT)
how it's possible some site would be unreachable just when bridging eoip with LAN ??

it seems sites reaching internet over EOIP due to the wrong configuration on default gateway or NAT , what do you think ?
by ShayanFiroozi
Wed Mar 30, 2016 1:04 am
Forum: Scripting
Topic: need minor help simple queue script
Replies: 2
Views: 1142

Re: need minor help simple queue script

below script find 1024 in all simple queues and change max-limit up/down speed as written below /queue simple set [find name~"1024 -*"] max-limit=256k/1M but i want to change only upload speed and download speed remain unchange /queue simple set [find name~"1024 -*"] max-limit=256k/?? any ideas sor...
by ShayanFiroozi
Tue Mar 29, 2016 11:22 pm
Forum: Beginner Basics
Topic: Can't access microsoft sites or services after bridging lan with eoip
Replies: 9
Views: 1324

Re: Can't access microsoft sites or services after bridging lan with eoip

i suggest you to printout you entire firewall settings
by ShayanFiroozi
Tue Mar 29, 2016 11:19 pm
Forum: Beginner Basics
Topic: Public IP display problem
Replies: 28
Views: 3262

Re: Public IP display problem

as i suggested : http://wiki.mikrotik.com/wiki/Hairpin_NAT

but he's using internet too , so a NAT should be added for internet access
by ShayanFiroozi
Tue Mar 29, 2016 2:39 pm
Forum: Beginner Basics
Topic: Public IP display problem
Replies: 28
Views: 3262

Re: Public IP display problem

disable this add action=masquerade chain=srcnat out-interface=all-ethernet
and check your Synology log , see what happens ?
by ShayanFiroozi
Tue Mar 29, 2016 2:31 pm
Forum: RouterBOARD hardware
Topic: HEX as a switch?
Replies: 5
Views: 1444

Re: HEX as a switch?

use a small fan !!

i have a RB750GL working 8 month of year in over 40C temperature without any problem or packet dropping,

if you wanna use automatic fan which on/off with different temperature it could be costly
by ShayanFiroozi
Tue Mar 29, 2016 2:18 pm
Forum: Beginner Basics
Topic: Can't access microsoft sites or services after bridging lan with eoip
Replies: 9
Views: 1324

Re: Can't access microsoft sites or services after bridging lan with eoip

Hi,
print out your NAT rules please ( on both sites)
by ShayanFiroozi
Tue Mar 29, 2016 11:45 am
Forum: Beginner Basics
Topic: Public IP display problem
Replies: 28
Views: 3262

Re: Public IP display problem

At first I was given this line: add action = masquerade chain = srcnat out-interface = vlan832 orange-to-addresses = 0.0.0.0 But to-addresses = 0.0.0.0 does not pass what is orange-to-addresses = 0.0.0.0 ? we don't know how your Synology connected to your network , and which interface , but excludi...
by ShayanFiroozi
Tue Mar 29, 2016 2:03 am
Forum: Beginner Basics
Topic: Public IP display problem
Replies: 28
Views: 3262

Re: Public IP display problem

by ShayanFiroozi
Mon Mar 28, 2016 10:33 pm
Forum: Beginner Basics
Topic: Public IP display problem
Replies: 28
Views: 3262

Re: Public IP display problem

Hi,
it's about NAT , send your router configuration please
by ShayanFiroozi
Mon Mar 28, 2016 1:18 pm
Forum: General
Topic: Is there an answer about Chain
Replies: 2
Views: 536

Re: Is there an answer about Chain

Hi, can't say exactly ! it completely depends on your network configuration. http://wiki.mikrotik.com/wiki/Manual:Packet_Flow input : packets coming to the router itself output : packets going out from the router itself forward : packets going through the router. prerouting : before the router route...
by ShayanFiroozi
Sun Mar 27, 2016 5:07 pm
Forum: Beginner Basics
Topic: Beginners quest: 2 routers, 2 subnets.
Replies: 17
Views: 2185

Re: Beginners quest: 2 routers, 2 subnets.

Remove this rule from second router, that's the unnecessary second NAT: /ip firewall nat add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway @drupol : your first router working as NAT router for you , packets route from router #2 to #1 because you have de...
by ShayanFiroozi
Sun Mar 27, 2016 5:00 pm
Forum: Beginner Basics
Topic: Beginners quest: 2 routers, 2 subnets.
Replies: 17
Views: 2185

Re: Beginners quest: 2 routers, 2 subnets.

*** pay attention here : your gateway of second router's users should be 192.168.1.1(actually your first router , then first router will route it to your modem ;) ) Sorry if I misunderstood you, but users in second 192.168.3.0/24 subnet can't have 192.168.1.1 as gateway (unless you play with proxy ...
by ShayanFiroozi
Sun Mar 27, 2016 1:15 pm
Forum: Beginner Basics
Topic: Beginners quest: 2 routers, 2 subnets.
Replies: 17
Views: 2185

Re: Beginners quest: 2 routers, 2 subnets.

NP ,it seams drupol is working hard and no result yet ;)
by ShayanFiroozi
Sun Mar 27, 2016 1:08 pm
Forum: Beginner Basics
Topic: Beginners quest: 2 routers, 2 subnets.
Replies: 17
Views: 2185

Re: Beginners quest: 2 routers, 2 subnets.

Hi , 1-Unplug your second router !! 2-first you have to setup you first router , if your first router has internet ( you can test it by ping 8.8.8.8 from Tools/Ping) then setup DHCP on first router and be sure it's working,since your modem , first router and first router's hosts are in a same subne...
by ShayanFiroozi
Sun Mar 27, 2016 12:49 pm
Forum: Beginner Basics
Topic: Beginners quest: 2 routers, 2 subnets.
Replies: 17
Views: 2185

Re: Beginners quest: 2 routers, 2 subnets.

no , use another subnet it's not important but 2 IP's should be on same subnet , set 192.168.250.1 to first router port 2 and 192.168.250.2 to second router wan(or any port which connected to the first router)
by ShayanFiroozi
Sun Mar 27, 2016 12:36 pm
Forum: Beginner Basics
Topic: Beginners quest: 2 routers, 2 subnets.
Replies: 17
Views: 2185

Re: Beginners quest: 2 routers, 2 subnets.

Hi , 1-Unplug your second router !! 2-first you have to setup you first router , if your first router has internet ( you can test it by ping 8.8.8.8 from Tools/Ping) then setup DHCP on first router and be sure it's working,since your modem , first router and first router's hosts are in a same subnet...
by ShayanFiroozi
Sat Mar 26, 2016 9:06 pm
Forum: Beginner Basics
Topic: Need some help please!!
Replies: 19
Views: 1564

Re: Need some help please!!

your welcome , you can test it easily , in this scenario 8MB will be applied to your packets which means all users
by ShayanFiroozi
Sat Mar 26, 2016 8:15 pm
Forum: Beginner Basics
Topic: Need some help please!!
Replies: 19
Views: 1564

Re: Need some help please!!

This is how it's exported, it's all as you said except for the speed limit at 8M. /ip firewall mangle add action=mark-connection chain=forward dst-address=170.10.0.5 new-connection-mark=local-storage-conn add action=mark-connection chain=forward new-connection-mark=local-storage-conn src-address=17...
by ShayanFiroozi
Sat Mar 26, 2016 7:41 pm
Forum: Beginner Basics
Topic: Need some help please!!
Replies: 19
Views: 1564

Re: Need some help please!!

send your network diagram ? with router full configuration
by ShayanFiroozi
Sat Mar 26, 2016 6:55 pm
Forum: Beginner Basics
Topic: AP bridge settings
Replies: 1
Views: 467

Re: AP bridge settings

Hi , try this format :

/interface wireless set wlan1 ssid=Mvk_networks frequency=2442 band=2.4ghz-b/g mode=ap-bridge disabled=no wireless-protocol=802.11

do not use new line between commands
by ShayanFiroozi
Sat Mar 26, 2016 6:38 pm
Forum: General
Topic: Firewall rule not working
Replies: 4
Views: 579

Re: Firewall rule not working

After changing any NAT/Filter/Mangle/it's better to restart the router , actually set connection tracking off/on will work too ;)
by ShayanFiroozi
Sat Mar 26, 2016 6:16 pm
Forum: General
Topic: Firewall rule not working
Replies: 4
Views: 579

Re: Firewall rule not working

Hi,
please print out your configuration , maybe before your rule there is a rule which accepting packets
by ShayanFiroozi
Sat Mar 26, 2016 5:18 pm
Forum: Beginner Basics
Topic: rule for speed up whatsapp!!!
Replies: 4
Views: 2057

Re: rule for speed up whatsapp!!!

Hi,
your question is so general !! describe more please , but if you wanna limit your entire internet and give WhatsApp more bandwidth and higher priority it's easy on mikrotik but first you should find WhatsApp all IP addresses , google it and post them here please
by ShayanFiroozi
Sat Mar 26, 2016 4:57 pm
Forum: Beginner Basics
Topic: Need some help please!!
Replies: 19
Views: 1564

Re: Need some help please!!

Try this and let me know the result : add action=mark-connection chain=postrouting dst-address=170.10.0.5 new-connection-mark=local-storage-conn add action=mark-connection chain=prerouting new-connection-mark=local-storage-conn src-address=170.10.0.5 add action=mark-packet chain=forward connection-m...
by ShayanFiroozi
Sat Mar 26, 2016 12:17 pm
Forum: Beginner Basics
Topic: Need some help please!!
Replies: 19
Views: 1564

Re: Need some help please!!

OK , what's you gonna do ? what is your scenario ?
by ShayanFiroozi
Sat Mar 26, 2016 6:54 am
Forum: Beginner Basics
Topic: Need some help please!!
Replies: 19
Views: 1564

Re: Need some help please!!

I was on Holliday ,sorry
Send your last configuration please
by ShayanFiroozi
Sat Mar 26, 2016 6:47 am
Forum: Forwarding Protocols
Topic: Port Forward
Replies: 3
Views: 865

Re: Port Forward

You can't use ip range on actions,just use single ip addres:192.168.79.1(i assuming 1) that's it,
You could use ip ranges in general or advanved tab when you are selecting your nat rule.
Use dst,src address to port forward just your pppoe subnet not every packets going through your router
by ShayanFiroozi
Sat Mar 19, 2016 6:17 pm
Forum: Beginner Basics
Topic: Need some help please!!
Replies: 19
Views: 1564

Re: Need some help please!!

I'm not familiar with L7 filtering and I don't recommend it , also https sites won't work with L7 , try use IP's instead of sites link
by ShayanFiroozi
Sat Mar 19, 2016 2:12 pm
Forum: General
Topic: Lắp Đặt Camera Huyện Đông Anh
Replies: 1
Views: 392

Re: Problem about config Mikrotik suitable.

Hi ,
first of all don't publish you real public IP's to the forums !! it's a security issue.

print out you router configuration here , specially Firewall / IP / Route.

and don't forget about hide-sensitive ;)
by ShayanFiroozi
Sat Mar 19, 2016 2:04 pm
Forum: General
Topic: users connect to the internet by app
Replies: 4
Views: 477

Re: users connect to the internet by app

Man C# va SQL kar kardam , az java etelaat nadaram , Hotspot vasat behtarin gozinast , ye kare dige ham mishe kard : MAC address har gooshio to IP/Firewall ya Bridge/Firewall doone doone add kon , baraye allow kardane packetashoon time moshakhas kon , too saathaye gheyre mojaz connect mishan traffic...
by ShayanFiroozi
Sat Mar 19, 2016 1:00 am
Forum: Beginner Basics
Topic: Can't login to user-manager through forwarded port in internal and in even external network?
Replies: 3
Views: 697

Re: Can't login to user-manager through forwarded port in internal and in even external network?

19 ;;; bm2hptx chain=dstnat action=dst-nat to-addresses=192.168.88.243 to-ports=80 protocol=tcp dst-port=83 log=no log-prefix="" 20 ;;; pbm5rx chain=dstnat action=dst-nat to-addresses=192.168.88.22 to-ports=80 protocol=tcp dst-port=85 log=no log-prefix="" 21 ;;; pbm5tx chain=dstnat action=dst-nat to...
by ShayanFiroozi
Sat Mar 19, 2016 12:37 am
Forum: General
Topic: How to setup 2 different networks on one router with one gateway?
Replies: 6
Views: 6256

Re: How to setup 2 different networks on one router with one gateway?

Hi, we use a RB2011UiAS-2HnD-IN. The first Eth-Port is the gateway. I´ve tried to setup two different networks (work and guests). Example: 1. Network: Ethernet Ports 2-7 IP Range: 192.168.5.0/24 2. Network: Ethernet Port 8-10 IP Range: 10.5.50.0/24 Both Networks should use Port 1 as Gateway. And th...
by ShayanFiroozi
Sat Mar 19, 2016 12:23 am
Forum: General
Topic: users connect to the internet by app
Replies: 4
Views: 477

Re: users connect to the internet by app

Hi,
Hotspot is a good option for you , but if you don't wanna login via a page , try VPN
by ShayanFiroozi
Fri Mar 18, 2016 6:22 pm
Forum: Beginner Basics
Topic: Redirect/proxy traffic using L7?
Replies: 2
Views: 570

Re: Redirect/proxy traffic using L7?

Hi , Of course your destination web server has many IP's but it's not so difficult to find them , 99% they are in a single subnet , if not at least you client application using one or two of them with , so you can find IP's L7 is not reliable feature and it's completely dependent on HTTP headers and...
by ShayanFiroozi
Fri Mar 18, 2016 6:12 pm
Forum: General
Topic: Valid connection issues when dropping invalid packets in firewall
Replies: 11
Views: 2313

Re: Valid connection issues when dropping invalid packets in firewall

Hi ,
put this rule the last one on list , first allow your related connections then drop invalids , see what happens
by ShayanFiroozi
Thu Mar 17, 2016 2:17 pm
Forum: General
Topic: unknown load on interface
Replies: 9
Views: 1712

Re: unknown load on interface

both src and dst interfaces are on RB411 ? if not what device they are ??
by ShayanFiroozi
Thu Mar 17, 2016 4:05 am
Forum: General
Topic: unknown load on interface
Replies: 9
Views: 1712

Re: unknown load on interface

Hi
http://www.speedguide.net/port.php?port=5200
http://www.speedguide.net/port.php?port=37083

there is not an explicit info, you can drop it with firewall and see what happens or what application or protocol stops working
by ShayanFiroozi
Wed Mar 16, 2016 10:21 pm
Forum: General
Topic: cant access https urls from mikrotik hotspot configuration.
Replies: 1
Views: 436

Re: cant access https urls from mikrotik hotspot configuration.

Hi,

May be using Web proxy or some firewall rules , send more config please
by ShayanFiroozi
Wed Mar 16, 2016 10:18 pm
Forum: The User Manager
Topic: Self User Reset Password
Replies: 5
Views: 2468

Re: Self User Reset Password

I have tried all that i can try, but no success. The script that i used to create a user, inside the user manager is: /tool user-manager user add username=USERNAME password=PASSWORD last-name="SURNAME" first-name="NAME" customer=admin copy-from=test Now the user is able to login to the hot spot, wi...
by ShayanFiroozi
Tue Mar 15, 2016 11:45 pm
Forum: Beginner Basics
Topic: Bridging Bonding interface and sfp+
Replies: 2
Views: 552

Re: Bridging Bonding interface and sfp+

Hi ,
what about your IP's ?? you set them on bridge ? also test another bonding mode and set a link-monitoring then see what happens ?
by ShayanFiroozi
Tue Mar 15, 2016 11:29 pm
Forum: Scripting
Topic: I need script for merge two lines dsl and setup hotspot as bridge ?
Replies: 1
Views: 632

Re: I need script for merge two lines dsl and setup hotspot as bridge ?

Hi ,
for merge two line we usually use Load Balancing or Bonding , i think bonding is better for you , has simple setup , just search it in forum
and about "setup hotspot as bridge" what that means ? more details please
by ShayanFiroozi
Tue Mar 15, 2016 11:25 pm
Forum: General
Topic: Access To MikroTik remote
Replies: 3
Views: 523

Re: Access To MikroTik remote

Hi , what is your network configuration ?
if you connected via VPN so just enter your router IP address(private IP) in winbox and connect to it , if not your router should have public ip address ,so type your public ip address in winbox and connect to it
by ShayanFiroozi
Tue Mar 15, 2016 2:38 pm
Forum: RouterBOARD hardware
Topic: i need scribt Merge two router internet in router board equally
Replies: 2
Views: 686

Re: i need scribt Merge two router internet in router board equally

Hi
Question is so general with not enough description but if I got it correctly you can use Load balancing and it won't be so easy,search about load balancing in mikrotik
by ShayanFiroozi
Tue Mar 15, 2016 11:01 am
Forum: Beginner Basics
Topic: limited and full internet rule
Replies: 7
Views: 813

Re: limited and full internet rule

Also if you can not separate your subnets , you can use Bridge firewall and force hosts to use a specific IP address , so if they change their IP address your router will drop their traffic , disadvantage of this method is that you have to set one-by-one MAC address with an IP address for each host ...
by ShayanFiroozi
Tue Mar 15, 2016 7:30 am
Forum: Beginner Basics
Topic: Help Setting Up Routerboard
Replies: 16
Views: 1834

Re: Help Setting Up Routerboard

Hi ,
i don't recommend QuickSet , configure your router manually , go to IP/Addresses , IP/DNS and IP/Routes see what happens ! add some DNS server manually
by ShayanFiroozi
Tue Mar 15, 2016 12:08 am
Forum: Beginner Basics
Topic: limited and full internet rule
Replies: 7
Views: 813

Re: limited and full internet rule

Thank you, and I just forgot to mention about your first answer of this post,he's gonna control over hosts on a same subnet which are connected to the same interface,I think interface based rule doesn't work here , he should use IPs , am I right??
by ShayanFiroozi
Mon Mar 14, 2016 11:47 pm
Forum: Beginner Basics
Topic: limited and full internet rule
Replies: 7
Views: 813

Re: limited and full internet rule

partial internet is going to require transparent proxy to get the desired effectiveness: enable the web proxy feature and configure the sites you want to allow and block the rest in that section (note that HTTPS sites cannot work with a transparent proxy - at least not the Mikrotik proxy feature) t...
by ShayanFiroozi
Mon Mar 14, 2016 11:27 pm
Forum: RouterBOARD hardware
Topic: Link Downs
Replies: 1
Views: 851

Re: Link Downs

Hi
Cant say exactly , but try high power POE , i had same problem and after searching 2 months i found out that enough amperage is not reaching properly to my device due to the long cable !!
by ShayanFiroozi
Mon Mar 14, 2016 11:10 pm
Forum: Beginner Basics
Topic: Some tests..
Replies: 2
Views: 428

Re: Some tests..

Hi ,
i think installing ROS on a x86 with VMWare Workstation is a good idea , you can easily add routers , PCs
there are many videos on youtube about that
by ShayanFiroozi
Mon Mar 14, 2016 10:52 pm
Forum: Scripting
Topic: Failover script bandwith
Replies: 4
Views: 957

Re: Failover script bandwith

Hi,
i think it's better and more efficient to use load balancing between your WANs .
testing the bandwidth itself could leads to packet loss due to its fully usage of your bandwidth !! so you never get a real result
by ShayanFiroozi
Mon Mar 14, 2016 7:59 pm
Forum: Beginner Basics
Topic: limited and full internet rule
Replies: 7
Views: 813

Re: limited and full internet rule

Hi,
send your network diagram or ROS configuration , it completely depends on how your network configured , routed ? bridged ? your firewall rules and .......
by ShayanFiroozi
Sun Mar 13, 2016 6:44 pm
Forum: General
Topic: 912 Routerboard logging in issue
Replies: 2
Views: 504

Re: 912 Routerboard logging in issue

Hi ,
in winbox there are two way to connect to your device , with IP address and with MAC address , if you click on your device MAC address in winbox discovery list you can easily connect to it without setting your IP on the same range
by ShayanFiroozi
Sun Mar 13, 2016 3:21 pm
Forum: RouterBOARD hardware
Topic: RB750r2 is dead?
Replies: 1
Views: 848

Re: RB750r2 is dead?

Hi , try hardware reset
by ShayanFiroozi
Sun Mar 13, 2016 3:04 pm
Forum: Beginner Basics
Topic: Hi, new here: I want to buy a (MikroTik) router and monitor my home network
Replies: 1
Views: 487

Re: Hi, new here: I want to buy a (MikroTik) router and monitor my home network

Hi , yes it's possible in Mikrotik , you can separate your traffic per application , per service , per host , per client , but you should know how they communicate with network , for example : their IP address and ports , or protocol they're using. Traffic marking in Mikrotik could be done by Firewa...
by ShayanFiroozi
Sun Mar 13, 2016 9:00 am
Forum: Beginner Basics
Topic: Need help prioritizing my PC for gaming
Replies: 8
Views: 7586

Re: Need help prioritizing my PC for gaming

Don't use one by one single IP , firewall supports subnets and IP ranges : one Mangle with 192.168.20.0/24 matches all IP's from 192.168.20.1 to 192.168.20.254 Also you can use IP pool which is supported with both DHCP and Firewall , very useful and you'll never get confused about your addresses (na...
by ShayanFiroozi
Sat Mar 12, 2016 11:34 pm
Forum: Forwarding Protocols
Topic: Port Forward
Replies: 3
Views: 865

Re: Port Forward

Hi ,
don't use one by one IP , IP/Firewall supports subnet and IP ranges.
instead of 192.168.10.1,192.168.10.2,192.168.10.3..............192.168.10.254 !!!
you can use 192.168.10.0/24 :)
by ShayanFiroozi
Sat Mar 12, 2016 11:29 pm
Forum: Beginner Basics
Topic: Need help prioritizing my PC for gaming
Replies: 8
Views: 7586

Re: Need help prioritizing my PC for gaming

If you use Mangle GUI instead of command line you will find many options , you can customize your Mangle , In/Out interface , port , ip addresses could be useful for you , any network has its own architecture and situation , so i can not give you an explicit Mangle because i don't know how is your n...
by ShayanFiroozi
Sat Mar 12, 2016 5:20 pm
Forum: General
Topic: Different DHCP Addresses for Different Groups
Replies: 3
Views: 696

Re: Different DHCP Addresses for Different Groups

Hi ,
i don't think so it could be done without Managed switch or router , your network is full bridged and not managed.
maybe DHCP client on windows has a feature could help you on this situation(just an idea)
by ShayanFiroozi
Sat Mar 12, 2016 5:07 pm
Forum: Beginner Basics
Topic: Need help prioritizing my PC for gaming
Replies: 8
Views: 7586

Re: Need help prioritizing my PC for gaming

Just go to / IP Firewall Mangle and put add keyword before your commands ( i forgot to write them ;) )

Also it's better to not use New Terminal ,go to IP/Firewall/Mangle and use the GUI , there are many option you can use and get familiar with them
by ShayanFiroozi
Sat Mar 12, 2016 12:18 am
Forum: General
Topic: how to bypass NTLM traffic through mikrotik?
Replies: 3
Views: 880

Re: how to bypass NTLM traffic through mikrotik?

HI,
more details or diagram about your network , it's routed or bridged ?
by ShayanFiroozi
Sat Mar 12, 2016 12:08 am
Forum: General
Topic: Block KerioVPN in layer7
Replies: 1
Views: 524

Re: Block KerioVPN in layer7

Hi
i think L7 in not a always working feature , a simple encryption cause nothing to match wit your query.
i suggest you to block IP addresses, but they could be hundreds !!
by ShayanFiroozi
Sat Mar 12, 2016 12:00 am
Forum: Beginner Basics
Topic: Need help prioritizing my PC for gaming
Replies: 8
Views: 7586

Re: Need help prioritizing my PC for gaming

Hi , Yes it's possible , we call it QOS(quality of service) aka Queue in Mikrotik. usually done by 2 step : 1-Mark our connections and packets. (It will be done by IP/Firewall/Mangle) 2-set their priority higher than others(It will be done by Queue) Marking connection and packets : **** here we mark...
by ShayanFiroozi
Fri Mar 11, 2016 8:09 am
Forum: Forwarding Protocols
Topic: EoIP bandwidth issue between two routers
Replies: 3
Views: 1528

Re: EoIP bandwidth issue between two routers

Hi, EoIP is a Mikrotik protocol , but it still uses GRE protocol for its communication , also EoIP changes the frames , adds some bytes ..... http://wiki.mikrotik.com/wiki/Manual:Interface/EoIP so it's possible your ISP firewall limiting GRE protocol(port 47) , big frames or anything else . it's bet...
by ShayanFiroozi
Thu Mar 10, 2016 10:56 pm
Forum: RouterBOARD hardware
Topic: model suggestion
Replies: 23
Views: 2281

Re: model suggestion

Hi,

http://download2.mikrotik.com/2016-Q1.pdf

you can easily check hardware and compare them , but with 1 Gb/s NAT ! definitely CCRs
by ShayanFiroozi
Thu Mar 10, 2016 10:47 pm
Forum: Beginner Basics
Topic: Need some help please!!
Replies: 19
Views: 1564

Re: Need some help please!!

Hi, first you have to mark your traffic , for example you will mark every packets coming from 1.1.1.1 ,or coming from specific interface and many other options are available. you can mark your traffic(connections and packets) by IP/Firewall/Mangle. it's better to use IPs and ports , Viber , Whatsapp...
by ShayanFiroozi
Wed Mar 09, 2016 10:47 pm
Forum: General
Topic: IP through router
Replies: 4
Views: 516

Re: IP through router

It's not so complicated , but i'm a wireless professional , it's something about routing , firewalling and NAT which i'm not expert on these subjects. but every firewall has its own behavior over packets and you don't know how it has been configured ,may be somewhere its dropping your packets , i'm ...
by ShayanFiroozi
Wed Mar 09, 2016 10:12 pm
Forum: General
Topic: My router sxt lite 5 not cotect to ap
Replies: 23
Views: 2052

Re:

Are you sure that the Ap is mikrotik device? If not, you cannot use station bridge mode. Check your values correspond to what you have got from isp. Enable wireless debug logging and check what is recorded during connection process. Better to do the same logging on Ap side too. Reset the wireless s...
by ShayanFiroozi
Tue Mar 08, 2016 11:47 pm
Forum: General
Topic: Force all traffic to go through the router
Replies: 1
Views: 397

Re: Force all traffic to go through the router

Hi, a network map please , how your clients connected to you , you have Mikrotik router ? more details but i think you can run a private L2TP server on your router , whenever your customer wanna play game , they can connect to your router via L2TP and even Layer 2 traffic will be passed ! like bridg...
by ShayanFiroozi
Tue Mar 08, 2016 11:25 pm
Forum: General
Topic: IP through router
Replies: 4
Views: 516

Re: IP through router

Hi , yes you can assign more than one IP to an interface i didn't exactly understand you , but i think you wanna redirect your packets which targeting your public ip address to a private ip address behind your router , if i'm right we call it NAT here is an example of NAT port forwarding for remote ...
by ShayanFiroozi
Tue Mar 08, 2016 11:06 pm
Forum: Beginner Basics
Topic: Isolate IP/MAC per Port
Replies: 2
Views: 692

Re: Isolate IP/MAC per Port

Hi , First of all i strongly suggest you to use routing network not bridging because : 1- More control over IPs and use a stateful firewall. 2- Limiting your broadcast domain and reduce useless traffics and many other reasons you can search about ! if you have to use bridging there is a firewall for...
by ShayanFiroozi
Tue Mar 08, 2016 5:02 am
Forum: General
Topic: how to remote controlled router mikrotik behind another router
Replies: 26
Views: 4550

Re: how to remote controlled router mikrotik behind another router

Hi ,
you are changing ports ! so it's a one way communication , packets reach Router B , but unable to come back , i think we should have 2 NAT here , one in router A , one in B
by ShayanFiroozi
Tue Mar 08, 2016 4:29 am
Forum: The User Manager
Topic: Self User Reset Password
Replies: 5
Views: 2468

Re: Self User Reset Password

Are you ready to pay for it ?;) take it easy man , check my signature :) anyway : in ROS when you are creating any user it belongs to a user group : full,read,write do you setting your group to full when you are creating user with php ?? maybe that's why you are unable to change its password later i...
by ShayanFiroozi
Mon Mar 07, 2016 6:40 pm
Forum: General
Topic: My router sxt lite 5 not cotect to ap
Replies: 23
Views: 2052

Re: My router sxt lite 5 not cotect to ap

i really don't understand what is going on with your provider , your device is ok and able to scan and list free frequencies , so the wireless card is ok , it's all about authentication failed , you can check your log and see the error , if your device or wireless card are dead how can you connect t...
by ShayanFiroozi
Mon Mar 07, 2016 5:12 pm
Forum: General
Topic: My router sxt lite 5 not cotect to ap
Replies: 23
Views: 2052

Re: My router sxt lite 5 not cotect to ap

Sometime AP is configured with an encryption like AES and other encrypting methods which you have to got a valid password which your AP owner will give you , otherwise authentication failed will occurred as this happening to you and sometimes AP doesn't use any encryption method , it's like an open ...
by ShayanFiroozi
Mon Mar 07, 2016 4:11 pm
Forum: General
Topic: My router sxt lite 5 not cotect to ap
Replies: 23
Views: 2052

Re: My router sxt lite 5 not cotect to ap

As i checked your router via teamviewer , there are 2 possibilities : 1- you have not a valid password. 2-your AP rejecting you because of access-list - your wlan1 MAC address should be exists on your AP access-list , and this task should be done by your provider , what a provider ....!!! anyway you...
by ShayanFiroozi
Mon Mar 07, 2016 6:40 am
Forum: RouterBOARD hardware
Topic: Need advice to cover 20km wifi
Replies: 20
Views: 2200

Re: Need advice to cover 20km wifi

** This information are just my personal experience , if it's wrong any correction appreciated As frequency goes higher your need more Line of Sight and antennas should be tune perfectly, in 24 Ghz you have very narrow frequency like a laser !! so tuning antenna could be more difficult , because the...
by ShayanFiroozi
Sun Mar 06, 2016 7:26 pm
Forum: RouterBOARD hardware
Topic: Need advice to cover 20km wifi
Replies: 20
Views: 2200

Re: Need advice to cover 20km wifi

I think many questions like this has been answered several times in this forum and others , with a simple search you can find them and of course many documentations in PDF format are available for WISP. with all respects sir , you are going to do a complex scenario without any plan or map !! just th...
by ShayanFiroozi
Sun Mar 06, 2016 2:09 pm
Forum: General
Topic: My router sxt lite 5 not cotect to ap
Replies: 23
Views: 2052

Re: My router sxt lite 5 not cotect to ap

Send your wlan configuration and your device log , be cool and take it easy , all IT fields are complex and don't put yourself under pressure to solve them immediately !! get rest and sleep ,

As John Lennon said : Life is what happens to you when you are busy making other plans :D ;)
by ShayanFiroozi
Sun Mar 06, 2016 2:05 pm
Forum: The Dude
Topic: Visual C++ Runtime Error! Windows 10 Help!!!
Replies: 17
Views: 7651

Re: Visual C++ Runtime Error! Windows 10 Help!!!

it could be be a bug or incompatibility with your OS , contact support
by ShayanFiroozi
Sun Mar 06, 2016 6:19 am
Forum: RouterBOARD hardware
Topic: Need advice to cover 20km wifi
Replies: 20
Views: 2200

Re: Need advice to cover 20km wifi

Sorry, but I can't agree with ShayanFiroozi Any one chain model will be bad idea. Similiary with high power devices, so my advise is to forget about Netmetal. The same with WDS mesh, because of bandwith efficiency. 20km^2 it is not big area for ISP (~4,5 x 4,5km), but you have to explain what is ex...
by ShayanFiroozi
Sun Mar 06, 2016 6:00 am
Forum: General
Topic: I cant get more than 50 Mbps through a PtP Netmetal 5 link
Replies: 31
Views: 2964

Re: I cant get more than 50 Mbps through a PtP Netmetal 5 link

Oh my god !! you need 300 or 500 MBps not Mbps ?!! your current link is perfect man , i don't think so there is a radio which carry 500 MBps !! it's too much,what you are gonna do wit such a crazy speed ? even a link could support that speed , what device are you using to use that amount of Data ?? ...
by ShayanFiroozi
Sat Mar 05, 2016 11:01 pm
Forum: The Dude
Topic: Visual C++ Runtime Error! Windows 10 Help!!!
Replies: 17
Views: 7651

Re: Visual C++ Runtime Error! Windows 10 Help!!!

Hi,

try to uninstall/install MS VC++ runtime 2010 or 2013 , see what happens
by ShayanFiroozi
Sat Mar 05, 2016 10:55 pm
Forum: RouterBOARD hardware
Topic: Need advice to cover 20km wifi
Replies: 20
Views: 2200

Re: Need advice to cover 20km wifi

Hi , a configuration like this should be done by a expert at the place , not remotely ! but if you wanna share internet over 20 km area is not very easy , of course not possible with a single or 2 devices. i recommend you to have several distribution sites , use sector antenna like mANT , and a powe...
by ShayanFiroozi
Sat Mar 05, 2016 10:41 pm
Forum: General
Topic: I cant get more than 50 Mbps through a PtP Netmetal 5 link
Replies: 31
Views: 2964

Re: I cant get more than 50 Mbps through a PtP Netmetal 5 link

try to check reflections How do you check reflections? :| Hi, I have not checked reflections... not idea who is it and how check it :? I´m a newbie... medium user Reflection occurs when your station receiving its AP signal from more than 1 line !!! when your Fresnel zone is not really clear you AP ...
by ShayanFiroozi
Sat Mar 05, 2016 10:27 pm
Forum: General
Topic: I cant get more than 50 Mbps through a PtP Netmetal 5 link
Replies: 31
Views: 2964

Re: I cant get more than 50 Mbps through a PtP Netmetal 5 link

mANT30 PA is perfectly match with Netmetal , so strange !! try lowering the power,a 30 dbi antenna is too much for a 2 km link specially when used with a high power radio like Netalmetal , here is what you done : -28 is so strong man ;) lower your power until you get -50 ... - 55 I just wonder if l...
by ShayanFiroozi
Sat Mar 05, 2016 7:12 pm
Forum: General
Topic: Mikrotik CRS112 reachablilty issue
Replies: 3
Views: 541

Re: Mikrotik CRS112 reachablilty issue

Hi ,
Such an unstable ping could be a sign of network loop , send more details or network diagram
by ShayanFiroozi
Sat Mar 05, 2016 7:09 pm
Forum: General
Topic: My router sxt lite 5 not cotect to ap
Replies: 23
Views: 2052

Re: My router sxt lite 5 not cotect to ap

Hi, are you able to connect with Winbox ? if yes of course your device is not dead , what is you ap ?? send your SXT configuration here , it's better to giving a remote access to your pc ;) you should know that Mikrotik has its own wireless protocol like nv2 and nstreme which may be not supported by...
by ShayanFiroozi
Sat Mar 05, 2016 6:59 pm
Forum: Beginner Basics
Topic: NAT port forwarding problems
Replies: 3
Views: 1164

Re: NAT port forwarding problems

Hi, try to reorder your port forwarding rules before masquerade action with dragging them up or down in winbox list /ip firewall nat add action=dst-nat chain=dstnat in-interface=WAN1 protocol=tcp src-port=8000 to-addresses=10.20.0.5 to-ports=443 add action=dst-nat chain=dstnat in-interface=WAN1 prot...
by ShayanFiroozi
Sat Mar 05, 2016 6:39 pm
Forum: General
Topic: I cant get more than 50 Mbps through a PtP Netmetal 5 link
Replies: 31
Views: 2964

Re: I cant get more than 50 Mbps through a PtP Netmetal 5 link

mANT30 PA is perfectly match with Netmetal , so strange !!

try lowering the power,a 30 dbi antenna is too much for a 2 km link specially when used with a high power radio like Netalmetal , here is what you done : -28 is so strong man ;) lower your power until you get -50 ... - 55
by ShayanFiroozi
Sat Mar 05, 2016 4:18 pm
Forum: The User Manager
Topic: Self User Reset Password
Replies: 5
Views: 2468

Re: Self User Reset Password

Hi ,
i don't know it's possible or not , but i'm sure you can write a very simple software with C# then your user can use for changing password :)

if you are not familiar with programming i can help you
by ShayanFiroozi
Sat Mar 05, 2016 4:05 pm
Forum: Wireless Networking
Topic: point to multipoint connectivity
Replies: 1
Views: 656

Re: point to multipoint connectivity

Hi,
I think it's about CPU and memory of your device , if Base-box is not satisfying your needs , just download Router board catalog
from www.routerboard.com and compare them together , RB800 is still a powerful platform for wireless(if you use a good mini pci)
by ShayanFiroozi
Sat Mar 05, 2016 3:55 pm
Forum: General
Topic: I cant get more than 50 Mbps through a PtP Netmetal 5 link
Replies: 31
Views: 2964

Re: I cant get more than 50 Mbps through a PtP Netmetal 5 link

What is your antenna ?

looks like your are using an antenna with wide beam-width , there are many interferences on your link
by ShayanFiroozi
Sat Mar 05, 2016 7:56 am
Forum: General
Topic: Layer7 rule to block Psiphon and Opera Turbo
Replies: 6
Views: 3155

Re: Layer7 rule to block Psiphon and Opera Turbo

Hi , i have never used L7 because is not a strong and always working feature ! it works on packet data , and data could be anything , most applications and sites encrypt their traffic before send it to network so you can do nothing about that , L7 just works for simple situation , best solution for ...
by ShayanFiroozi
Sat Mar 05, 2016 5:37 am
Forum: General
Topic: I cant get more than 50 Mbps through a PtP Netmetal 5 link
Replies: 31
Views: 2964

Re: I cant get more than 50 Mbps through a PtP Netmetal 5 link

It depends on many variables ! first of all -45 is too much , may be your AP interfering with itself , decrease your AP power to achieve -50 or -55 second if you need real tcp 300 Mbps , i don't think it would be possible with a single Netmetal , may you have to use 2 independent links and bonding e...
by ShayanFiroozi
Fri Mar 04, 2016 10:21 pm
Forum: General
Topic: I cant get more than 50 Mbps through a PtP Netmetal 5 link
Replies: 31
Views: 2964

Re: I cant get more than 50 Mbps through a PtP Netmetal 5 link

Hi,
500 Mbps is not so easy !!

But 50 Mbps is nothing for Netmetal , are you sure a firewall or queue is not limiting your traffic ?? if you are sure , check your LOS , reflection , humidity , tower height , ......

it's better to export your wlan configuration here
by ShayanFiroozi
Fri Mar 04, 2016 8:15 am
Forum: General
Topic: Sxt lite 5 unable to connect to ap
Replies: 6
Views: 862

Re: Sxt lite 5 unable to connect to ap

Hi,
it's no possible to find out your problem except you post your wlan1 configuration and also tell us what is your AP device ?
by ShayanFiroozi
Thu Mar 03, 2016 11:42 pm
Forum: General
Topic: i have a mikrotik metal 2shpn, which is not working properly
Replies: 1
Views: 308

Re: i have a mikrotik metal 2shpn, which is not working properly

Hi,

please send your Metal configuration , what protocol are you using ??

and what are your clients radio ?? are they Mikrotik too ?

use 802.11 protocol , may your clients radio not supporting NV2 or nstreme
by ShayanFiroozi
Thu Mar 03, 2016 6:49 pm
Forum: General
Topic: Help blocking mac adress
Replies: 10
Views: 855

Re: Help blocking mac adress

Hi , /interface bridge filter add action=drop chain=forward log=yes log-prefix=\ "***** User using gateway ip address" mac-protocol=ip src-address=\ 192.168.1.1/32 src-mac-address=!xx:xx:xx:xx:xx:xx/FF:FF:FF:FF:FF:FF xx:xx:xx:xx:xx:xx : is your gateway device MAC address this rule deny any packets w...
by ShayanFiroozi
Thu Mar 03, 2016 5:50 pm
Forum: Beginner Basics
Topic: Isolation client on Routerboard 1100AH
Replies: 5
Views: 711

Re: Isolation client on Routerboard 1100AH

you can allow your hotspot users to communicate with hotspot gateway in firewall , then deny any packet is going to communicates in your hotspot subnet , so users can not communicate with each other ** i'm not familiar with hotspot , of course there is a better way to do that , waiting for experts....
by ShayanFiroozi
Thu Mar 03, 2016 5:01 am
Forum: General
Topic: Capture all traffic https with webproxy?
Replies: 13
Views: 17908

Re: Capture all traffic https with webproxy?

Just forgot to say you may be able to remove ROS from RB and install a light weight linux distro on your miktorik device and set it up to running as https server,
Just an idea but not sure
by ShayanFiroozi
Wed Mar 02, 2016 11:19 pm
Forum: General
Topic: How to exclude IP addresses from subnet
Replies: 8
Views: 4565

Re: How to exclude IP addresses from subnet

Hi ,
I personally didn't test that , so it's just an idea


/interface bridge filter
add action=drop chain=input comment="Disable DHCP Requests" disabled=no ip-protocol=udp mac-protocol=ip src-port=67-68

i don't know it would work with IPs , but should work well with MAC addresses
by ShayanFiroozi
Wed Mar 02, 2016 6:54 pm
Forum: Beginner Basics
Topic: Isolation client on Routerboard 1100AH
Replies: 5
Views: 711

Re: Isolation client on Routerboard 1100AH

you can allow your hotspot users to communicate with hotspot gateway in firewall , then deny any packet is going to communicates in your hotspot subnet , so users can not communicate with each other ** i'm not familiar with hotspot , of course there is a better way to do that , waiting for experts....
by ShayanFiroozi
Wed Mar 02, 2016 6:29 pm
Forum: Beginner Basics
Topic: Web page exception for blocked TCP Port
Replies: 3
Views: 665

Re: Web page exception for blocked TCP Port

Hi,in firewall you can deny what you want then allow everything else or allow what you want then deny everything else,it's all about rules order which can be done with dragging them up or down in winbox
by ShayanFiroozi
Wed Mar 02, 2016 6:23 pm
Forum: Beginner Basics
Topic: Isolation client on Routerboard 1100AH
Replies: 5
Views: 711

Re: Isolation client on Routerboard 1100AH

Hi , Isolate from what?? If you wanna deny or restrict its communication yes firewall is a good choice or maybe u can block dhcp request from specific ip or mac address with bridge firewall
by ShayanFiroozi
Wed Mar 02, 2016 6:15 pm
Forum: General
Topic: Multicast Traffic and IPIP Tunnel
Replies: 4
Views: 726

Re: Multicast Traffic and IPIP Tunnel

Hi,
I didn't exactly got what you gonna do,but I think you can use Eoip or L2tp tunnel,they carry L2 traffic
by ShayanFiroozi
Wed Mar 02, 2016 3:35 pm
Forum: General
Topic: Mikrotik block traffic between subnets
Replies: 7
Views: 2788

Re: Mikrotik block traffic between subnets

That was one of my idea to use IP Firewall, but i hoped there would be some other way to block it. In my case there is about 80 subnets, so it will be many rules in firewall. First idea was to block one by one: /ip firewall filter add chain=forward action=drop src-address=192.168.2.0/24 dst-address...
by ShayanFiroozi
Wed Mar 02, 2016 11:03 am
Forum: General
Topic: Mikrotik block traffic between subnets
Replies: 7
Views: 2788

Re: Mikrotik block traffic between subnets

Hi They are seeing each other because this is ROUTER ! your device routing your traffic between your subnets , because your have assigned ip address for each interface and of course there are dynamic routes on your routing table, use IP firewall and you can easily deny any traffic you want , use for...
by ShayanFiroozi
Wed Mar 02, 2016 10:54 am
Forum: General
Topic: Capture all traffic https with webproxy?
Replies: 13
Views: 17908

Re: Capture all traffic https with webproxy?

I think it's better to run an independent proxy sever then redirect your traffic to it
by ShayanFiroozi
Tue Mar 01, 2016 1:31 pm
Forum: General
Topic: Capture all traffic https with webproxy?
Replies: 13
Views: 17908

Re: Capture all traffic https with webproxy?

Hi,

HTTPS uses port 443
by ShayanFiroozi
Tue Mar 01, 2016 1:29 pm
Forum: General
Topic: adding port to brifge
Replies: 4
Views: 811

Re: adding port to brifge

Hi http://wiki.mikrotik.com/wiki/Manual:Interface/Bridge (R)STP algorithm assigned role of the port: Disabled port - not strictly part of STP, a network administrator can manually disable a port Root port – a forwarding port that is the best port from Nonroot-bridge to Rootbridge Alternative port – ...
by ShayanFiroozi
Tue Mar 01, 2016 11:21 am
Forum: General
Topic: Sxt lite 5 can't update automatically
Replies: 1
Views: 340

Re: Sxt lite 5 can't update automatically

Hi,

Has your SXT access to the internet ? did you set ip address and default route ?
by ShayanFiroozi
Tue Mar 01, 2016 11:01 am
Forum: General
Topic: need urgent help and will pay for it now to block all websites expect one
Replies: 8
Views: 1009

Re: need urgent help and will pay for it now to block all websites expect one

Hi , there is many features in firewall , you can play with that features to find it and exclude your page
by ShayanFiroozi
Tue Mar 01, 2016 10:57 am
Forum: General
Topic: Cannot set local IP on my interfase!
Replies: 1
Views: 383

Re: Cannot set local IP on my interfase!

Hi,
it's better to set your configuration manually , quick set is not a good option
by ShayanFiroozi
Tue Mar 01, 2016 6:23 am
Forum: Wireless Networking
Topic: Sextant with Netmetal, NV2 speeds. Are they normal?
Replies: 2
Views: 681

Re: Sextant with Netmetal, NV2 speeds. Are they normal?

Hi ,
Since you are using OMNI antenna , this bandwidth rate is perfect , remember OMNI is 360 degrees , so never should compare with a 3 or 5 solid dish anetnna
by ShayanFiroozi
Tue Mar 01, 2016 6:00 am
Forum: Wireless Networking
Topic: Full Duplex PTP over 7 to 14Kms
Replies: 24
Views: 3167

Re: Full Duplex PTP over 7 to 14Kms

I've just found my first bonding result. Sadly the tutorial no longer exist. I've used 4xSXT and 2xRB750GL. http://community.ubnt.com/t5/Business-T ... d-p/194143 Found it : http://wiki.specialistoff.net/index.php ... ti:Bonding It was a better choice for me than full duplex. the last link is in Ru...
by ShayanFiroozi
Tue Mar 01, 2016 5:53 am
Forum: Beginner Basics
Topic: Script Example for Limiting The Time An IP Address Can Be Used
Replies: 1
Views: 394

Re: Script Example for Limiting The Time An IP Address Can Be Used

Hi , it could be done with scripting , but it would be much easier with IP firewall , just drop any packet from specific users in specific date and time ! also there are a lot of features you may interested to use ;) you should know if your user changes his or her ip address it won't work anymore an...
by ShayanFiroozi
Tue Mar 01, 2016 5:40 am
Forum: Wireless Networking
Topic: Nstreme dual Link! How?
Replies: 9
Views: 1519

Re: Nstreme dual Link! How?

Of course you can, just imagine your SXT's are wlan cards and set them accordingly. You also need one mikrotik router at each end for the settings. Hi Inox, Don't you have any problem with bonding in this scenario ?? i've never used bonding on real world , but in lab it always is unstable and unrel...
by ShayanFiroozi
Mon Feb 29, 2016 5:20 pm
Forum: RouterBOARD hardware
Topic: SXT Lite5 ac in NV2 losing pings
Replies: 2
Views: 814

Re: SXT Lite5 ac in NV2 losing pings

Hi again !

NV2 is fast protocol , but not much reliable as nstreme , it's all about TCP/UDP transmitting packets,

just a personal experience : when an nv2 radio is on heavy load many packets will be lost !!
by ShayanFiroozi
Mon Feb 29, 2016 4:57 pm
Forum: Wireless Networking
Topic: Nv2 or nstream - better for video ?
Replies: 5
Views: 1223

Re: Nv2 or nstream - better for video ?

Results are different in various environment , just test it , but in most cases nv2 works better for video/voice packets
by ShayanFiroozi
Mon Feb 29, 2016 4:06 pm
Forum: General
Topic: DMZ with Dynamic IP
Replies: 5
Views: 2208

Re: DMZ with Dynamic IP

Hi ,
Use dst-nat , which means destination NAT , just asking the router to NAT packets from your public IP address to an internal one which is your web server
by ShayanFiroozi
Mon Feb 29, 2016 12:03 pm
Forum: Beginner Basics
Topic: Deny All Traffic Rule
Replies: 2
Views: 2798

Re: Deny All Traffic Rule

Hi,

it's easy , first of all accept any traffic you need , then deny all traffics !!!

*** BE CAREFUL : filtering rules order is very important here , you could deny any access to the router , then you should reset its configuration
by ShayanFiroozi
Mon Feb 29, 2016 12:00 pm
Forum: Beginner Basics
Topic: any body help me pls!!!!!!!!!!!!!!
Replies: 5
Views: 649

Re: any body help me pls!!!!!!!!!!!!!!

Hi , why scripts ??
do it with queue , more reliable , google it , there are many videos on youtube and tiktube
by ShayanFiroozi
Mon Feb 29, 2016 11:51 am
Forum: General
Topic: NAT Before Route
Replies: 3
Views: 550

Re: NAT Before Route

it's gonna be a complex configuration !!! could you send a diagram ? of course there is a tricky way ;)
by ShayanFiroozi
Mon Feb 29, 2016 11:44 am
Forum: General
Topic: excluded-address in mikrotik
Replies: 5
Views: 1261

Re: excluded-address in mikrotik

Go to ip/firewall and define your filter rules http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter there are many options for filtering your users , but be careful , don't filter any packet from/to router itself , unless configuration reset will be required ! but if you filter some of your users...
by ShayanFiroozi
Sun Feb 28, 2016 11:02 pm
Forum: Wireless Networking
Topic: Wi-fi problem, unstable ping
Replies: 18
Views: 4216

Re: Wi-fi problem, unstable ping

send your configuration
How can i do that? My device is http://routerboard.com/rb941-2nd

if you are a beginner take a screenshot of your wlan1 settings , if not run export command on interface/wlan1 in terminal window and send settings as text here !!
by ShayanFiroozi
Sun Feb 28, 2016 6:25 pm
Forum: General
Topic: excluded-address in mikrotik
Replies: 5
Views: 1261

Re: excluded-address in mikrotik

Hi,
exclude from what ?!!

if you wanna block them or limit them , use IP firewall
by ShayanFiroozi
Sun Feb 28, 2016 6:23 pm
Forum: Wireless Networking
Topic: Power Supply
Replies: 7
Views: 945

Re: Power Supply

Hi, it's better to use small UPS otherwise you have to design it yourself ! there are many automatic battery charger circuit , but you should know about your battery voltage , a 12 volts SLA battery will be died forever under deep discharge , 11.9 or 12.0 volts is the minimum threshold , 13.4 or 13....
by ShayanFiroozi
Sun Feb 28, 2016 5:58 pm
Forum: Wireless Networking
Topic: Wi-fi problem, unstable ping
Replies: 18
Views: 4216

Re: Wi-fi problem, unstable ping

Hi, many reasons may cause this problem , try different frequencies , antenna direction , check obstacles , and also try to find a free frequency because 2.4 Ghz is more common and has more busy channels than 5.8 Ghz I've tried everything but my HapLite doesnt wrok properly. I created AP on my Wind...
by ShayanFiroozi
Sun Feb 28, 2016 5:34 pm
Forum: General
Topic: NAT Before Route
Replies: 3
Views: 550

Re: NAT Before Route

Hi ehsan , use packet marking , to my knowledge in mikrotik mangle is performed first ,
but what's the logic behind this ?! interface will be automatically selected by router depends on your interfaces IP address , guys correct me if i'm wrong ,
thanks
by ShayanFiroozi
Sun Feb 28, 2016 5:01 pm
Forum: Wireless Networking
Topic: poe power consider
Replies: 2
Views: 550

Re: poe power consider

Hi,

POE output on boards has serious power and current limitation , you should use them when you really have to and in most cases it's not for running powerful devices , it's better to use independent POE for each device.

besides checking device datasheet would help you about POE output max current
by ShayanFiroozi
Sun Feb 28, 2016 4:57 pm
Forum: RouterBOARD hardware
Topic: Lost wireless interface???
Replies: 2
Views: 624

Re: Lost wireless interface???

Hi,

try downgrade and check it , i think just Mikrotik can help you ! ;)
by ShayanFiroozi
Sun Feb 28, 2016 4:54 pm
Forum: Beginner Basics
Topic: Problem with routerOs
Replies: 1
Views: 423

Re: Problem with routerOs

Hi ,
I don't think the problem is your routeros , because you are fine with other browsers , try to clear cache and history of firefox , sometimes it would be happen on firefox specially with https sites
by ShayanFiroozi
Sun Feb 28, 2016 12:53 pm
Forum: Wireless Networking
Topic: SXT Lite5 ac in NV2 losing pings
Replies: 5
Views: 1325

Re: SXT Lite5 ac in NV2 losing pings

Hi
i personally think nv2 is so fast protocol but not so reliable , nstreme is better and much more reliable , just test it ;)

it's all about TCP and UDP and sometimes CPU or memory weakness on heavy traffics cause packet loss, it's normal , tcp will re-transmit it
by ShayanFiroozi
Sun Feb 28, 2016 12:46 pm
Forum: Beginner Basics
Topic: Mikrotik Bridge HELP !
Replies: 3
Views: 667

Re: Mikrotik Bridge HELP !

Hi ,

As ZeroByte said it's easy , but don't forget about bridging/routing and DHCP server on your own AP , it's more secure and you have more control over your own users , such as Qos or etc...
by ShayanFiroozi
Sun Feb 28, 2016 12:18 pm
Forum: Wireless Networking
Topic: Full Duplex PTP over 7 to 14Kms
Replies: 24
Views: 3167

Re: Full Duplex PTP over 7 to 14Kms

Hi,

guys you think interface bonding is better than OSPF full duplex ?? any real experience ?

thanks
by ShayanFiroozi
Sun Feb 28, 2016 12:04 pm
Forum: Wireless Networking
Topic: Configuration Groove a-52HPn
Replies: 4
Views: 3797

Re: Configuration Groove a-52HPn

Hi, if you are a beginner , let's think about your device : you have 2 interfaces on your device , a wlan1 which has wireless connectivity and ether1 which has cable connectivity. in normal cases we receive the internet from ether1 with cable and transmit it via wlan1 with wireless. first we have to...
by ShayanFiroozi
Sun Feb 28, 2016 11:41 am
Forum: Wireless Networking
Topic: Nv2 or nstream - better for video ?
Replies: 5
Views: 1223

Re: Nv2 or nstream - better for video ?

Hi,
i use nv2 for video or voice because re-transmitting the packet may cause interfering and delay on your video or voice , packet loss is common on nv2
by ShayanFiroozi
Sun Feb 28, 2016 11:39 am
Forum: Wireless Networking
Topic: Wi-fi problem, unstable ping
Replies: 18
Views: 4216

Re: Wi-fi problem, unstable ping

Hi,

many reasons may cause this problem , try different frequencies , antenna direction , check obstacles , and also try to find a free frequency because 2.4 Ghz is more common and has more busy channels than 5.8 Ghz
by ShayanFiroozi
Sun Feb 28, 2016 8:44 am
Forum: Wireless Networking
Topic: 100mbps TCP Full duplex link using 4 dish ( NV2 )
Replies: 9
Views: 2766

Re: 100mbps TCP Full duplex link using 4 dish ( NV2 )

Hi , it's a 3 years posts but i'm going to answer it !! it's not so easy , but you can do it with OSPF routing protocol !! that's all if you are not friend;t with OSPF , use static routing , but in this case you will loose redundancy , with OSPF you could have full duplex and redundancy in case of r...
by ShayanFiroozi
Sun Feb 22, 2015 9:22 am
Forum: General
Topic: Firewall issues with RouterOS and VoIP system
Replies: 13
Views: 2655

Re: Firewall issues with RouterOS and VoIP system

It's better to send your network diagram
by ShayanFiroozi
Sat Feb 21, 2015 10:51 am
Forum: General
Topic: Best way to access ADSL modem web config
Replies: 6
Views: 2220

Re: Best way to access ADSL modem web config

Hello
If your ADSL model is in bridged mode with your Mikrotik Device use Bridge/Firewall or if it's routed use IP/Firewall to keep on your traffics.
by ShayanFiroozi
Sat Feb 21, 2015 10:46 am
Forum: General
Topic: SXT 5HPnD unknow state
Replies: 3
Views: 795

Re: SXT 5HPnD unknow state

I've experienced similar problem and was fixed by RouterBoard hardware reset and reinstalling ROS
by ShayanFiroozi
Sat Feb 21, 2015 10:39 am
Forum: Beginner Basics
Topic: Hybrid VLAN again
Replies: 1
Views: 776

Re: Hybrid VLAN again

Hi
sorry i can not fully explain your solution because of my time limitation
You could use Bridge/Firewall and Bridge/Nat to get to it , because your network it bridged or use IP/Firewall , but you must force ROS to use IP Firewall for bridged interfaces by enbaling Use IP Firewall on Bridge Setting.
by ShayanFiroozi
Sat Feb 21, 2015 10:30 am
Forum: Beginner Basics
Topic: DoS attack? / CCR1036 / garbage floods from customers (18Mbps at the moment)
Replies: 3
Views: 1337

Re: DoS attack? / CCR1036 / garbage floods from customers (18Mbps at the moment)

Hi
Fist of all i'm not an expert.
i think you can not block 100% of DOS or DDOS attacks but using IP/Firewall to limit traffic flooding or limiting customer's maximum connection to your router should help.
by ShayanFiroozi
Sat Feb 21, 2015 10:17 am
Forum: General
Topic: Firewall issues with RouterOS and VoIP system
Replies: 13
Views: 2655

Re: Firewall issues with RouterOS and VoIP system

Hello my friend ,
I think it's about firewall chain you are using
input,output,forward
and maybe it's better to use stateful firewalling and use proper chain
by ShayanFiroozi
Thu Feb 12, 2015 4:03 pm
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

all i need is to got a little module or programm from Mikrotik which allow me to change webfig appearance at all ! they said ni it's not possible and i'm working on it , because there's no other way :(
by ShayanFiroozi
Thu Feb 12, 2015 3:59 pm
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

Agree with you jarda , but when they run winbox and see Metal2 or Metal 5 , they say Mettaaaaallll ?!!! no it's no allowed , and they don't care its configuration , but if i say my Radio is TP-Link(for example !) they ohhh , ok , goood :d i know its funny but they just sensitive about radio model :D...
by ShayanFiroozi
Thu Feb 12, 2015 3:51 pm
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

yeeah i'm working on ;)
by ShayanFiroozi
Thu Feb 12, 2015 3:46 pm
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

so what we should show them as our device brand and device configuration web page or software ?!!!! exactly this is the problem :-s
by ShayanFiroozi
Thu Feb 12, 2015 3:43 pm
Forum: Beginner Basics
Topic: IP Tunnel problem
Replies: 4
Views: 855

Re: IP Tunnel problem

would you please send your network diagram ?
by ShayanFiroozi
Thu Feb 12, 2015 3:32 pm
Forum: Beginner Basics
Topic: How to shutdown a port programmatically?
Replies: 7
Views: 1354

Re: How to shutdown a port programmatically?

that's not possible !! if you disabled an ether1 no connection could established , maybe hardware or software bug , report to support
by ShayanFiroozi
Thu Feb 12, 2015 3:30 pm
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

the problem is we can not use radio stronger than 300mw ! and with this power most of long distance links are not possible , and they know most of Mikrotik radios got more power than 300mw , that's why we wanna softwarely hide mikrotik from web or winbox !!!! because they never check hardware which ...
by ShayanFiroozi
Tue Feb 10, 2015 2:00 pm
Forum: General
Topic: Mikrotik limit internet bandwidth problem
Replies: 3
Views: 1796

Re: Mikrotik limit internet bandwidth problem

Use RB 800 for wireless or RB1100AHx2 for router , your reaching CPU limitation
by ShayanFiroozi
Tue Feb 10, 2015 1:19 pm
Forum: Wireless Networking
Topic: NLOS link possible with the SXT 5 ac units?
Replies: 14
Views: 2174

Re: NLOS link possible with the SXT 5 ac units?

Dear Dixit
200Mbps is too much for a NLOS link !! it's better to use repeater or cabling may be the best way if your traffic is real time and important
by ShayanFiroozi
Tue Feb 10, 2015 1:16 pm
Forum: Beginner Basics
Topic: How to shutdown a port programmatically?
Replies: 7
Views: 1354

Re: How to shutdown a port programmatically?

Hi
jarda is right , send you network map ,if you think it's up maybe traffic is traveling through another port , in that case you should have loop on your network if RSTP in not running
by ShayanFiroozi
Tue Feb 10, 2015 1:13 pm
Forum: Beginner Basics
Topic: Multiple VLANs on Wan
Replies: 3
Views: 1414

Re: Multiple VLANs on Wan

Hi
VLAN works on layer 2 , if you wanna send VLAN traffic over L3 network you should use EoIP tunnel between devices
by ShayanFiroozi
Tue Feb 10, 2015 1:02 pm
Forum: Beginner Basics
Topic: Silly question: Source vs Destination. Is one always LAN and one always WAN?
Replies: 3
Views: 637

Re: Silly question: Source vs Destination. Is one always LAN and one always WAN?

Hi
it depend on your firewall chain , prerouting or postrouting
check mikrotik packet flow to learn more
by ShayanFiroozi
Tue Feb 10, 2015 12:13 pm
Forum: Beginner Basics
Topic: how to block traffic
Replies: 8
Views: 1381

Re: how to block traffic

Also you should know IP firewall doesn't work on bridged interface except you enable Use IP Firewall on Bridge/Setting
by ShayanFiroozi
Tue Feb 10, 2015 12:05 pm
Forum: Scripting
Topic: Windows scripting with Mikrotik
Replies: 1
Views: 484

Re: Windows scripting with Mikrotik

yes you can do that , but you should have little programming background
Search for mikrotik API programming , there's many examples
by ShayanFiroozi
Tue Feb 10, 2015 12:04 pm
Forum: General
Topic: How to make NAT best way
Replies: 1
Views: 354

Re: How to make NAT best way

it's a good idea , using IPSec or other security scenarios is depends on importance of data traveling over your network.
by ShayanFiroozi
Tue Feb 10, 2015 11:59 am
Forum: Beginner Basics
Topic: IP Tunnel problem
Replies: 4
Views: 855

Re: IP Tunnel problem

hi
why you wanna make IPIP or Eoip tunnel between them ?? tunneling may reduce your router performance
connect 2 routers together with cable and set a private ip on router1 and set a private ip address on the same range on other side
dynamic route will automatically created.
by ShayanFiroozi
Tue Feb 10, 2015 11:54 am
Forum: Beginner Basics
Topic: how to block traffic
Replies: 8
Views: 1381

Re: how to block traffic

Maybe your interface is bridged
go to bridge/bridge tab / settings/select use ip firewall

may help you
by ShayanFiroozi
Tue Feb 10, 2015 11:02 am
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

They didn't do that , but they are going to do ..... they said mikrotik got security issues and specially its wireless devices making so noise on 2.4 and 5.8 GHZ band :( there's hundred ISP in Iran using mikrotik devices and we should change all Metals , Grooves , SXTs and ................ they allo...
by ShayanFiroozi
Tue Feb 10, 2015 10:54 am
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

Dear normis you know my country has problem with other country or may be other countries got problem with us !! we buy Mikrotik Devices from other countries like UAE or Turkey ..... Anyway they said we are unable to use mikrotik devices anymore , it's not important why ! i don't care , i just have t...
by ShayanFiroozi
Tue Feb 10, 2015 7:25 am
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

i'm working deep on RouterBoard®

Working on Reverse Eng on Board , because i have to , i want to use Mikrotik but Country restriction in going to force me to do not use Mikrotik :(

Mikrotik Support doesn't care about a good Market like a country
by ShayanFiroozi
Mon Feb 09, 2015 11:54 am
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

OK
it seems i have to find a way :( thanks everyone
if i find a way be sure i will inform you
by ShayanFiroozi
Mon Feb 09, 2015 11:39 am
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

Hi normis , thank you , i sent an email to support but no there is no answer !
i know i can customize webfig but everyone could find out this is a RouterOS !!
i need a full customization so that nobody could find out this is Mikrotik Device , please give me a suggestion
thank you again
by ShayanFiroozi
Mon Feb 09, 2015 11:31 am
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

Thank you very much for your great help , i know there's a feature called Brandy maker for mikrotik .
i want to use brandy maker to customize WebFig page but this feature is available just for distributors :(
also it's difficult to write a custom software like winbox for entire RouterOs features !
by ShayanFiroozi
Mon Feb 09, 2015 10:05 am
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

thank for raply Unfortunately using Mikrotik devices is going to be prohibited in my country for unknown reason. they prefer to use Cisco , Juniper or ...... we are using thousands of Mikrotik devices in Iran , Wireless Devices , Core Routers , Firewall and etc.. and we find it handy I am serious to...
by ShayanFiroozi
Sun Feb 08, 2015 7:29 am
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Re: Programming OS for Mikrotik Boards !!!

There's a situation that i have to use RouterBoards !!
by ShayanFiroozi
Sat Feb 07, 2015 12:43 pm
Forum: Virtualization
Topic: Programming OS for Mikrotik Boards !!!
Replies: 32
Views: 6071

Programming OS for Mikrotik Boards !!!

Hi everyone
i'm wanna make an custom OS for mikrotik boards , i need to know the way ?!!
i don't want to write it from base , i want to use most routeros features but make some change on them

how can i do that ? should i use linux kernel ? or openWrt or what ??
thank you
by ShayanFiroozi
Thu Jan 01, 2015 11:01 am
Forum: General
Topic: forward users from one page to another automatically
Replies: 8
Views: 1393

Re: forward users from one page to another automatically

in Filter

Forwards means packet going through the router , input means which packet going to your router itself.

you should use input my friend :)

it's good for you : http://wiki.mikrotik.com/wiki/Manual:Packet_Flow

good luck
by ShayanFiroozi
Thu Jan 01, 2015 10:58 am
Forum: General
Topic: i need this terminal code :(
Replies: 4
Views: 1036

Re: i need this terminal code :(

My friend , make some moves ;) serach the internet there are thousands of codes for Mikrotik scripting.
it's simple , search and think a little
by ShayanFiroozi
Wed Dec 31, 2014 7:23 pm
Forum: General
Topic: virtual ip and privately access lan
Replies: 7
Views: 1166

Re: virtual ip and privately access lan

Dear Amir it's clear that when you use Dst Nat action you are able to redirect packets from outsides(public ip address) to any private one in inside your network , and during this action router remove destination ip address(your public ip) with user defined private on and packet's will forward throu...
by ShayanFiroozi
Wed Dec 31, 2014 7:08 pm
Forum: General
Topic: forward users from one page to another automatically
Replies: 8
Views: 1393

Re: forward users from one page to another automatically

i'm not sure and never done something like this , but i think the solution is to use redirect action
by ShayanFiroozi
Wed Dec 31, 2014 10:35 am
Forum: General
Topic: i need this terminal code :(
Replies: 4
Views: 1036

Re: i need this terminal code :(

Hi
System--> Scheduler
by ShayanFiroozi
Wed Dec 31, 2014 5:42 am
Forum: Wireless Networking
Topic: Wifi for bus station
Replies: 8
Views: 2028

Re: Wifi for bus station

i'm agree with jarda :) if you can use wire on that place of course it's better than wireless !
in some countries sector antenna are not allowed for personal use or they are expensive.
by ShayanFiroozi
Wed Dec 31, 2014 5:38 am
Forum: General
Topic: Cisco 2960 Switch With Mikrotik CCR Router
Replies: 2
Views: 732

Re: Cisco 2960 Switch With Mikrotik CCR Router

yes i can , but that's not the point !! my problem is how to control packets from one subnet to the other in same Switch !!
by ShayanFiroozi
Tue Dec 30, 2014 10:51 pm
Forum: General
Topic: virtual ip and privately access lan
Replies: 7
Views: 1166

Re: virtual ip and privately access lan

Hi Amir

DST NAT is your solution , test it ;)

good luck
by ShayanFiroozi
Tue Dec 30, 2014 10:44 pm
Forum: General
Topic: balance-rr Bonding on top of EoIP keep losing packets?
Replies: 2
Views: 1446

Re: balance-rr Bonding on top of EoIP keep losing packets?

Hi
sometimes bonding has problem with different link bandwidth
i suggest you to use PCC load balancing with firewall mangle to reach your needs

good luck
by ShayanFiroozi
Tue Dec 30, 2014 10:38 pm
Forum: Wireless Networking
Topic: High jitter on short indoor link
Replies: 1
Views: 729

Re: High jitter on short indoor link

Hi
try limiting you bandwidth or reduce TX power , it seems signal is too strong
by ShayanFiroozi
Tue Dec 30, 2014 10:34 pm
Forum: Wireless Networking
Topic: Wifi for bus station
Replies: 8
Views: 2028

Re: Wifi for bus station

Hi
first of all i think you don't need CCR , CCR is very strong and expensive just for 700 users !! RB450 Or RB 1100 AHX2 is enough.

i think RB Metal 2 is good for your solution , but you can use 8 of them with OMNI antenna in WDS mode to cover your area

good luck
by ShayanFiroozi
Tue Dec 30, 2014 10:24 pm
Forum: General
Topic: forward users from one page to another automatically
Replies: 8
Views: 1393

Re: forward users from one page to another automatically

Hi
Use IP firewall , chain = input src address : "your wifi client's network(for example 192.168.1.0/24) destination address : your router address chain drop (means kill packets and deny access to the router) or redirect (means redirect packets to any ip orport than you want !)

good luck
by ShayanFiroozi
Tue Dec 30, 2014 10:18 pm
Forum: General
Topic: Hide real ip
Replies: 5
Views: 1340

Re: Hide real ip

Hi ,

Secure your router with firewall rules my friend , hiding IP address or establishing VPN is not a real solution

Good luck
by ShayanFiroozi
Tue Dec 30, 2014 10:16 pm
Forum: General
Topic: Fail over and traffic passes issue
Replies: 2
Views: 608

Re: Fail over and traffic passes issue

Hi,
yes , there are many ways !! PCC load balancing is good for you , and maybe link bonding , you should have good firewall mangle knowledge for PCC load balancing ,
Good Luck
by ShayanFiroozi
Tue Dec 30, 2014 10:10 pm
Forum: General
Topic: firewall mangle problem in 6.24 and 6.25
Replies: 4
Views: 1025

Re: firewall mangle problem in 6.24

hi , you didn't tell us more details about your network design , but may be using forward chain may help you
by ShayanFiroozi
Tue Dec 30, 2014 10:00 pm
Forum: General
Topic: I want to block from WiFi user to get to the router-how to?
Replies: 4
Views: 1055

Re: I want to block from WiFi user to get to the router-how

Hi,
you can use In/Out interface in firewall rules , or IP addresses , chain is input , src address is you Wifi network subnet such as 192.168.200.0/24 or something like that , and your dest address is your router address action is drop or tarpit