Community discussions

Search found 14 matches

by baks
Tue Jul 16, 2019 10:50 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 61544

Re: v6.45.1 [stable] is released!

Regarding protocol 47. Tested on CHR 6.45.1 (stable) with no default configuration. Added the folowing 3 filters: /ip firewall filter add action=passthrough chain=input connection-state=invalid protocol=gre add action=passthrough chain=input connection-state=new protocol=gre add action=passthrough ...
by baks
Thu Jul 11, 2019 8:01 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 61544

Re: v6.45.1 [stable] is released!

I agree with sindy and pe1chl. To my mind "IP/Firewall/Connection tracking" in RoS is equivalent of RHEL 'conntrack-tool' which operate with raw network packets that get into firewall processing and try to bind each packet to 'new/established/related/untracked' connection state in terms of 'Connecti...
by baks
Thu Jul 11, 2019 3:34 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 61544

Re: v6.45.1 [stable] is released!

It is not possible to say which is the "correct" way because the firewall rules form up an inter-dependent system: if you have no firewall rules at all (which is by no means recommended, just to illustrate the case), any packet from anywhere, including the GRE ones, will be accepted, because the de...
by baks
Thu Jul 11, 2019 3:12 pm
Forum: General
Topic: Problem with Huawei E3372 4G modem
Replies: 68
Views: 126317

Re: Problem with Huawei E3372 4G modem

Can't you use HiLink mode? It works OK. Of course it has the disadvantage of an extra NAT layer.
I have extended my post, with highlights of direct IP assignment limitation in HiLink. Huawei's NAT usually causes different problems with IPSec even with DMZ feature enabled ;(
by baks
Thu Jul 11, 2019 3:06 pm
Forum: General
Topic: Problem with Huawei E3372 4G modem
Replies: 68
Views: 126317

Re: Problem with Huawei E3372 4G modem

Mikrotik, hello from 2019 ;) e3372h + HAPac is still popular cheap solution to bring small offices online, or get fast occasional backup link at least in the east EU. Is there any plans to support stick e3372h firmware (21.XXX) in full speed modes like NCM, NDIS? HiLink firmware (22.XXX) is limited ...
by baks
Wed Jul 10, 2019 3:44 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 61544

Re: v6.45.1 [stable] is released!

Hi Colleagues, After reading the whole topic and testing using my own prod ;) ("CRS326-24G-2S+" < GRE over IKEv2 tunnel > "HAPac") site it is still unclear for Me which firewall configuration expected to be 'proper' since fixing CVE-2014-8160 in RoS 6.45.1 My observations after update from RoS 6.44....
by baks
Tue May 21, 2019 5:23 pm
Forum: General
Topic: Two IKEv2 initiator peers behind same NAT can't connect simulteniously [SOLVED]
Replies: 3
Views: 253

Re: Two IKEv2 initiator peers behind same NAT can't connect simulteniously [SOLVED]

Dear Sindy,
Thank you very much for such a prompt hint. It works like a charm!

Resolved.
by baks
Tue May 21, 2019 4:15 pm
Forum: General
Topic: Two IKEv2 initiator peers behind same NAT can't connect simulteniously [SOLVED]
Replies: 3
Views: 253

Two IKEv2 initiator peers behind same NAT can't connect simulteniously [SOLVED]

Hi All, WAN network scheme is the following: RESPONDER: CRS326-24G-2S+ (RoS 6.44.3) connected via two separate ISPs, public IP addresses('Public_IP0', 'Public_IP1') assigned on RoS side, policy based routing is configured. INITIATOR: hAPac (RoS 6.44.3) connected via 3G modem, private IP address assi...
by baks
Mon May 13, 2019 11:54 pm
Forum: General
Topic: MAC based VLAN rules don't applied on CRS326-24G-2S+RM
Replies: 2
Views: 336

Re: MAC based VLAN rules don't applied on CRS326-24G-2S+RM

JFH: From [Ticket#2019050122001921] > Unfortunately, it seems that MAC-based VLAN setup is not possible when packets are forwarded to switch CPU port (bridge), > it works as expected when forwarding between switch ports. We will see if this could be improved in further RouterOS versions, but I canno...
by baks
Wed Apr 24, 2019 6:08 pm
Forum: General
Topic: MAC based VLAN rules don't applied on CRS326-24G-2S+RM
Replies: 2
Views: 336

Re: MAC based VLAN rules don't applied on CRS326-24G-2S+RM

Hi, I have tried to set 'pvid=1' for the access port from my example (eth24-mgmt) as suggested by guy from Russian mikrotik chat in Telegram, but it didn't change situation much, switch rule still ignored and override by port's pvid. I have also made several packets sniff over 'br0-local' bridge , w...
by baks
Thu Apr 18, 2019 7:36 pm
Forum: General
Topic: MAC based VLAN rules don't applied on CRS326-24G-2S+RM
Replies: 2
Views: 336

MAC based VLAN rules don't applied on CRS326-24G-2S+RM

HI Guys, I have a problem with using MAC based VLAN feature on my CRS326-24G-2S+RM My setup is the following: 'dhcp-server5-guest' listens on 'vlan32-guest' VLAN interface (VLAN-ID=32) created on top of 'br0-local' bridge(PVID=30). Behind one of the access ports 'eth24-mgmt'(PVID=99), placed WIFI ro...
by baks
Mon Nov 03, 2014 11:46 am
Forum: RouterBOARD hardware
Topic: rb435g serial console isn't react on input from PC keybord
Replies: 3
Views: 921

Re: rb435g serial console isn't react on input from PC keybo

Hi, I have fixed this problem via replacing RS232 controller chip SPIEX SP3243 http://www.farnell.com/datasheets/71003.pdf Most probably it was broken by some ESD on RS232 connector when RB was detached from grounding. As a prevention measure I have set-up additional permanent grounding wire to the ...
by baks
Thu Jul 17, 2014 11:02 pm
Forum: RouterBOARD hardware
Topic: rb435g serial console isn't react on input from PC keybord
Replies: 3
Views: 921

rb435g serial console isn't react on input from PC keybord

Hi, My rb435g has stopped respond on key pressing in serial console session. I am using null-modem cable and "baud-rate=115200 data-bits=8 parity=none stop-bits=1 flow-control=none" port settings on RB and PC sides. Serial connection was working normally for ~1year using described settings. Currentl...
by baks
Fri Jul 19, 2013 9:28 pm
Forum: Beginner Basics
Topic: [RouterOS 5.19] block 1723/tcp port(opened by default)
Replies: 0
Views: 1037

[RouterOS 5.19] block 1723/tcp port(opened by default)

Hi All, I have noticed that my RB435G(RouterOS 5.19) has 1723/ tcp port is opened by default. I am not using any pptp features now, and want to close it. ===== [$]> sudo nmap -P0 XXX.XXX.XXX.XXX Starting Nmap 6.00 ( http://nmap.org ) at 2013-07-18 21:34 EEST Nmap scan report for XXX.XXX.XXX.XXX Host...