Community discussions

Search found 46 matches

by slv
Tue Sep 18, 2018 7:23 pm
Forum: General
Topic: How to remotely administer Mikrotik routers in safeway
Replies: 19
Views: 1328

Re: How to remotely administer Mikrotik routers in safeway

Hello

Original question was how to protect router and connect to it from computer (not router) with dynamic IP. I can't use IPCloud on Windows 10 - do You agree?


Regards
Slawek
by slv
Tue Sep 18, 2018 9:27 am
Forum: General
Topic: How to remotely administer Mikrotik routers in safeway
Replies: 19
Views: 1328

Re: How to remotely administer Mikrotik routers in safeway

[/quote] Why not use the IPCloud? Just use it straight, or point a CNAME to it. Free, already installed and solves your dynamic IP problem. [/quote] Because I prefer simple and reliable solution. Of course IPCloud (could You give us url for that?) or any other dyn_dns solution is an option but this ...
by slv
Mon Sep 17, 2018 11:23 pm
Forum: General
Topic: How to remotely administer Mikrotik routers in safeway
Replies: 19
Views: 1328

Re: How to remotely administer Mikrotik routers in safeway

Set up all remote MT to call home to a sentral server using a secure VPN. It's not a good idea in my case. I have dynamic IP at home. So I'm looking in solution to safe connect to router with static IP. Is there a good example of VPN config? I saw a lot but without certs - could You share Your conf...
by slv
Mon Sep 17, 2018 9:46 pm
Forum: General
Topic: How to remotely administer Mikrotik routers in safeway
Replies: 19
Views: 1328

Re: How to remotely administer Mikrotik routers in safeway

[/quote] They have it for quite some time. Not sure when it stared, but I used it before 6.40 [/quote] Lets summary options: - using dyndns on our worstation side and FQDN in firewall rules. In that case Winbox and ssh are a good options - ssh with certificatins insted of passwords - autossh - vpn S...
by slv
Mon Sep 17, 2018 5:32 pm
Forum: General
Topic: How to remotely administer Mikrotik routers in safeway
Replies: 19
Views: 1328

Re: How to remotely administer Mikrotik routers in safeway

So next step is to use SSH but I read that I can't force to login using ONLY certificates (maybe I'm wrong?) so next step is VPN but here is also lack of using certyficates in client-server mode. When You add a certificate to a user the system disable password login for him. Just tested, with RoS 6...
by slv
Mon Sep 17, 2018 1:56 pm
Forum: General
Topic: How to remotely administer Mikrotik routers in safeway
Replies: 19
Views: 1328

Re: How to remotely administer Mikrotik routers in safeway

Best way would be to close all the ports from the outside then use autossh to tunnel the ssh port from behind the router to a remote location so you would actually have access to a system behind the router through ssh and then tunnel the Winbox port remotely this way nothing remains open. it can al...
by slv
Mon Sep 17, 2018 1:54 pm
Forum: General
Topic: How to remotely administer Mikrotik routers in safeway
Replies: 19
Views: 1328

Re: How to remotely administer Mikrotik routers in safeway

[/quote] In case you use dynamic ip simple add your dns name under adress list, than under nat add it to src address list. [/quote] hmm interesting and easy to implement. How often Mikrotik routers updates dns entries in address list? ie. My LTE modem got new IP evertytime its connect to network so ...
by slv
Mon Sep 17, 2018 1:13 pm
Forum: General
Topic: How to remotely administer Mikrotik routers in safeway
Replies: 19
Views: 1328

How to remotely administer Mikrotik routers in safeway

Hello As we all know it's very important how to configure firewall and services on our Miktotik routers. A lot of us are using Winbox for remote administrating because its easiest, changing port from 8021 to any other doesnt rise security level. So next step is to use SSH but I read that I can't for...
by slv
Wed Mar 28, 2018 1:24 pm
Forum: General
Topic: Strange logs
Replies: 6
Views: 453

Re: Strange logs

No, these entries are because other people do not update their router often enough and do not have a correct firewall like you, and this weekend they got infected by a MikroTik worm on the internet. whoow - Could You be more specific about this worm? What version of ROS are affected? Thanx for all ...
by slv
Wed Mar 28, 2018 12:29 pm
Forum: General
Topic: Strange logs
Replies: 6
Views: 453

Re: Strange logs

Hi MKX You are right - so should I concern about such entries (I assume that I have strong password and I limited management access to only few IP) ? Can I improve something in firewall? How to create logs that will be persistent on flash and size will be not bigger than xxMB ? How to do that using ...
by slv
Wed Mar 28, 2018 10:39 am
Forum: General
Topic: Strange logs
Replies: 6
Views: 453

Strange logs

Hello Since few days I see in logs: 07:20:17 firewall,info input: in:WAN out:(none), src-mac bc:4d:fb:aa:1c:d2, proto TCP (SYN), 201.92.58.210:13575->My_WAN_IP:8291, len 40 07:35:35 firewall,info input: in:WAN out:(none), src-mac bc:4d:fb:aa:1c:d2, proto TCP (SYN), 159.146.49.190:62758->My_WAN_IP:82...
by slv
Mon May 30, 2016 9:02 pm
Forum: General
Topic: Traffic Priority (Queue Tree?)
Replies: 19
Views: 7860

Re: Traffic Priority (Queue Tree?)

Hi Sytex

I hope that You are doing well

Please share your config if its possible now.


Regards
Slawek
by slv
Thu Apr 28, 2016 1:13 pm
Forum: General
Topic: Port flappings on RB1100AHx2
Replies: 4
Views: 861

Re: Port flappings on RB1100AHx2

Hello Wispwest

What wersion of ROS are You using?
Please read change logs for version 6.35 - there is a lot of changes related to flapping ports.
by slv
Tue Apr 26, 2016 9:10 pm
Forum: General
Topic: Traffic Priority (Queue Tree?)
Replies: 19
Views: 7860

Re: Traffic Priority (Queue Tree?)

Hello Sytex

Could You post here code for QoS that You configured?


Regards
Slawek
by slv
Mon Apr 18, 2016 3:25 pm
Forum: General
Topic: RB3011 & 3 RB951G VLANS
Replies: 3
Views: 665

Re: RB3011 & 3 RB951G VLANS

Hello I'm using 3011 too and would like to get VLANs working on it Problem is that since more over 1 months Mikrotik support couldnt figure it out what is wrong with port based VLANs on 3011. My config You will find http://forum.mikrotik.com/viewtopic.php?f=2&t=105582&e=1&view=unread#unread VLANs on...
by slv
Mon Apr 11, 2016 10:27 am
Forum: General
Topic: Traffic Priority (Queue Tree?)
Replies: 19
Views: 7860

Re: Traffic Priority (Queue Tree?)

as You see - in both rules (one for upload and one for download)
what is wrong with it? could You be more specific


Regards
Slawek
by slv
Sun Apr 10, 2016 1:24 pm
Forum: General
Topic: Traffic Priority (Queue Tree?)
Replies: 19
Views: 7860

Re: Traffic Priority (Queue Tree?)

I did: add chain=forward action=mark-packet new-packet-mark=download in-interface=WAN out-interface=LAN passthrough=no comment="" disabled=no add chain=forward action=mark-packet new-packet-mark=download in-interface=LAN out-interface=WAN passthrough=no comment="all upload" disabled=no What about co...
by slv
Fri Apr 08, 2016 4:10 pm
Forum: General
Topic: Traffic Priority (Queue Tree?)
Replies: 19
Views: 7860

Re: Traffic Priority (Queue Tree?)

Hello So let's start with (not)working code: /ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=LAN-down-con passthrough=yes src-address-list=Local_LANs comment="mark client traffic" disabled=no add chain=prerouting action=mark-packet new-packet-mark=all_packet passt...
by slv
Tue Apr 05, 2016 11:16 am
Forum: General
Topic: Traffic Priority (Queue Tree?)
Replies: 19
Views: 7860

Re: Traffic Priority (Queue Tree?)

@Sytex I fighting with same problem On internet is a lot of examples but usually based on 5.x ROS code with is incompatibile with 6.x code. Second problem is that even on 6.x code there where some changes (like global-in dissapered and now is just global and so on). At the moment i use PCQ with equa...
by slv
Mon Apr 04, 2016 10:06 am
Forum: General
Topic: Making ssh listen on all addresses.
Replies: 11
Views: 1205

Re: Making ssh listen on all addresses.

@docmarius Why You assume that every people has only smartphones with LTE? In my opinion most people buy Mikrotik routers because are cheap and powerfull. If You have money You can buy NGF like PaloAlto - mcuh more stable and reliable than Mikrotik in my opinion. Consider that - even when You have r...
by slv
Sun Apr 03, 2016 4:02 pm
Forum: General
Topic: PCQ in multiple LANs with SNAT - problem
Replies: 5
Views: 630

Re: PCQ in multiple LANs with SNAT - problem

Hello

So in my case, I have 192.168.11x.0/24 - should I put there every network address or use 192.168.0.0/16? Is that make change to ROS?

Do I need to put it in General tab of "queue3" MAX LIMIT for download and upload?
by slv
Sun Apr 03, 2016 12:19 pm
Forum: General
Topic: PCQ in multiple LANs with SNAT - problem
Replies: 5
Views: 630

Re: PCQ in multiple LANs with SNAT - problem

Hello Yes - first step is to make equall bandwith for users. As stated in Wiki /queue simple add target-addresses=192.168.0.0/24 queue=PCQ_upload/PCQ_download Of course it doesn't working because is outdated? It's another time when I found errors on Wiki page. Please help me to correst and I will as...
by slv
Sun Apr 03, 2016 11:57 am
Forum: General
Topic: Making ssh listen on all addresses.
Replies: 11
Views: 1205

Re: Making ssh listen on all addresses.

@docmarius we a talking about internet conection so miles doesnt matter. What about simple modem connection? I know that Young people may not know what I'm talking abut ... http://www.cisco.com/c/en/us/support/docs/switches/catalyst-5000-series-switches/12016-2.html#alt_usr or any of serial over eth...
by slv
Sat Apr 02, 2016 9:45 pm
Forum: General
Topic: Making ssh listen on all addresses.
Replies: 11
Views: 1205

Re: Making ssh listen on all addresses.

Hello

Do You know Safe Mode?
http://wiki.mikrotik.com/index.php?titl ... #Safe_Mode

Is Your router has Console port (serial port)? by this port You can do everything - I know You must have access to it.

Regards
SLawek
by slv
Sat Apr 02, 2016 9:38 pm
Forum: General
Topic: PCQ in multiple LANs with SNAT - problem
Replies: 5
Views: 630

PCQ in multiple LANs with SNAT - problem

Hello I know that You wil answer could be RTFM ... but beleave me .. I spend many hours on reading/googling before I created this topic. My configuration is a bit different/complicated that regular ones that are commonly used. I have 3 LAN (as subinterface/VLAN on one ethernet port) and one WAN port...
by slv
Wed Mar 30, 2016 12:12 pm
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 105755

Re: v6.35rc [release candidate] is released, new wireless package!

Hi

I have 3011 and strange issues with port based VLANs [Ticket#2016031766000506] - could someone confirm same problems?
I have separate topic for that problem http://forum.mikrotik.com/viewtopic.php?f=2&t=106049

Regards
Slawek
by slv
Wed Mar 30, 2016 12:05 pm
Forum: General
Topic: VLANs on 3011 (without bridge) - strange problems
Replies: 3
Views: 1019

Re: VLANs on 3011 (without bridge) - strange problems

Hello

I updated my router with 6r35rc43 (lastest one, on rc42 I had isssue) -still I have same problems.
Upgarde to this version was recomended by support. Accroding to changelog there are fixes related to 3011 but still my problem isn't corected.
by slv
Tue Mar 22, 2016 1:16 pm
Forum: Beginner Basics
Topic: Reset RB3011
Replies: 11
Views: 16470

Re: Reset RB3011

Hello Today I did reinstall of my 3011... First time I tryed to put it in "recovery" mode using reset buttun on back side. No luck You have to connect by serial console, power off/on router and next press any key when You see note on serial console that You can enter into boot config. Here You have ...
by slv
Tue Mar 22, 2016 12:52 pm
Forum: General
Topic: some help with filter rules needed
Replies: 16
Views: 2485

Re: some help with filter rules needed

Hello I discovered new odd thing: Computer connected to port8 (port based vlan id220 on Mikrotic) _properly_ ping 8.8.8.8 when in the same time is unable to ping "wp.pl" or even worst get ansfwer from DNS about IP of wp.pl. I found rule in what is a happening: - if You ping IP - all is OK - if You p...
by slv
Tue Mar 22, 2016 10:01 am
Forum: General
Topic: VLANs on 3011 (without bridge) - strange problems
Replies: 3
Views: 1019

Re: VLANs on 3011 (without bridge) - strange problems

Hello

I'm asking You for help because Mikrotik support can't/wouldn't help me. We exchange few emails but we didn't do any progress ...

Few minuts ago I did netinstall, and restored .rsc file. I have the same problem as before.


Regards
Slawek
by slv
Mon Mar 21, 2016 3:15 pm
Forum: General
Topic: VLANs on 3011 (without bridge) - strange problems
Replies: 3
Views: 1019

VLANs on 3011 (without bridge) - strange problems

Hello I have brand new RB3011 (ROS 6.34.3 - latest one of the moment of writing this post). This router is connected to uplink port of Netgear switch (uplink with few VLAN tagged on it) and laptop connected directly to port on switch2 of Mikrotik that port is untagged on Mikrotik. Computer connected...
by slv
Fri Mar 18, 2016 6:15 pm
Forum: General
Topic: dynamic bandwidth limit base on active user?
Replies: 4
Views: 1785

Re: dynamic bandwidth limit base on active user?

Hello

You can find examples here http://wiki.mikrotik.com/index.php?titl ... edirect=no

but target-addresses should be just target also parent=global-in must be parent=global
by slv
Fri Mar 18, 2016 12:09 pm
Forum: General
Topic: some help with filter rules needed
Replies: 16
Views: 2485

Re: some help with filter rules needed

I'm not using any bridges My config look like: interface ethernet set 0 name=WAN interface ethernet set 5 name=LAN /interface ethernet set ether7 master-port=LAN set ether8 master-port=LAN set ether9 master-port=LAN set ether10 master-port=LAN /interface ethernet switch port set ether7 vlan-mode=sec...
by slv
Fri Mar 18, 2016 9:15 am
Forum: General
Topic: some help with filter rules needed
Replies: 16
Views: 2485

Re: some help with filter rules needed

Hello

I'm not using WiFi, this happend to computers connected directly to Mikrotic router.
by slv
Thu Mar 17, 2016 6:02 pm
Forum: General
Topic: some help with filter rules needed
Replies: 16
Views: 2485

Re: some help with filter rules needed

Hello ZeroBytes Thank You for so detailed explanation of SNAT .. I tryed with rule: add chain=input action=accept src-address=192.168.0.0/16 protocol=tcp dst-port=8291 interface=WAN action=accept and the WAN was a problem because I dont understand packet flow. Now I printed traffic flow diagram and ...
by slv
Thu Mar 17, 2016 3:43 pm
Forum: General
Topic: some help with filter rules needed
Replies: 16
Views: 2485

Re: some help with filter rules needed

Bump .... Please respond to this post.
by slv
Thu Mar 10, 2016 11:53 am
Forum: General
Topic: some help with filter rules needed
Replies: 16
Views: 2485

Re: some help with filter rules needed

Hello ZeroBytes Thank You ,as usually Your advice is 100% perfect. I moved the two winbox port rules and access to router is limited to WAN IP. According to: add chain=input src-address=x.y.z.128/26 protocol=tcp dst-port=8291 in-interface=WAN action=accept Every connection from x.y.z.128/26 should b...
by slv
Wed Mar 09, 2016 1:13 pm
Forum: General
Topic: some help with filter rules needed
Replies: 16
Views: 2485

Re: some help with filter rules needed

Hello Zerobyes My rules now looks like: / ip firewall filter add chain=input connection-state=invalid action=drop comment="Drop Invalid connections" add chain=input connection-state=established action=accept comment="Allow Established connections" add chain=input protocol=icmp action=accept comment=...
by slv
Mon Mar 07, 2016 11:27 pm
Forum: General
Topic: some help with filter rules needed
Replies: 16
Views: 2485

Re: some help with filter rules needed

Hi Zerobytes Ad1. Corrected Ad3. Disabled Ad4. My intention (that I left winbox active) is to use winbox for administrating purposes. I added rules according to Your advice. Until wensday I'm out of direct access to LANs behind that router so I cant verify configurations. Every of my LANs must be as...
by slv
Mon Mar 07, 2016 3:59 pm
Forum: General
Topic: some help with filter rules needed
Replies: 16
Views: 2485

some help with filter rules needed

Hello I trying to build my firewall. I found some roules on internet (on excelent Greg site). I'm using 6.34.2 code My router config - 4 LAN interfaces - 1 WAN interface with 4 IPs (every network must have dedicated IP for NAT). It's IP with management services winbox is on x.y.z.170/26. - every LAN...
by slv
Tue Sep 22, 2015 9:21 pm
Forum: General
Topic: VPN s2s with PaloAlto - proxy id problem during phase2 ipsec
Replies: 4
Views: 5730

VPN s2s with PaloAlto - proxy id problem during phase2 ipsec

Hello I'm trying to connect PaloAlto PA200 PANOS 6.1.6 and Mikrotik RB951 6.32.2 Phase 1 is estabilished properly but I cant get phase 2 working. Logs from Mikrotik says: Sep/22/2015 20:09:34 ipsec,debug,packet HASH computed: Sep/22/2015 20:09:34 ipsec,debug,packet f85f12d1 b77dc7a6 3690e85b ed9102d...
by slv
Wed Jul 24, 2013 2:22 pm
Forum: General
Topic: RB751u-2HnD VLAN trunk and switch1_cpu traffic problem
Replies: 4
Views: 2567

Re: RB751u-2HnD VLAN trunk and switch1_cpu traffic problem

>winbox mac-server

whoow - thank you - I will disable it, I'm new in Mikrotik and I have to learn a loot...

Now I'm fighting with Mikrotik Suport to get working "my configuration". I will let you know when I get it working (or not working...)



Regards
Slawek
by slv
Fri Jul 19, 2013 1:29 pm
Forum: General
Topic: Multiple Vlan on single Eth1
Replies: 6
Views: 1451

Re: Multiple Vlan on single Eth1

Hi did you see http://wiki.mikrotik.com/wiki/SwOS/Router-On-A-Stick if your switch is laver 3 switch - this example is for you take a look on http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment and http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features at the bottom in section "Example - ...
by slv
Fri Jul 19, 2013 10:53 am
Forum: General
Topic: RB751u-2HnD VLAN trunk and switch1_cpu traffic problem
Replies: 4
Views: 2567

Re: RB751u-2HnD VLAN trunk and switch1_cpu traffic problem

I know that can do this using bridges but my goal was to use VLANS because it will separate traffic without using firewall. Using your setup when I plugin my laptop to port ether3 and I try to connect using WinBox and MAC address of my Mikrotik - I can connect - is it correct? I expected that I shou...
by slv
Thu Jul 18, 2013 1:32 pm
Forum: General
Topic: RB751u-2HnD VLAN trunk and switch1_cpu traffic problem
Replies: 4
Views: 2567

RB751u-2HnD VLAN trunk and switch1_cpu traffic problem

Hello RB751u-2HnD, ROS 6.1, switch with chip Atheros 7240 I digged a lot last time for similar for my problems on this forum and using Google but without sucessful answer. I read http://forum.mikrotik.com/viewtopic.php?f=2&t=69912 and http://forum.mikrotik.com/viewtopic.php?f=2&t=50066 I need to con...
by slv
Mon Jun 17, 2013 9:04 pm
Forum: General
Topic: Management interface - how to do that?
Replies: 1
Views: 1287

Management interface - how to do that?

Hi I looking for solution how to configure RB751U-2HnD to have managemet services on management vlan _only_. I have in my network all devices configured to have managemet interfaces in vlan id5. I'm new in Mikrotik world. I did some gogole resarch, also trayed to find this information on this forum ...