Community discussions

Search found 43 matches

by silversword
Mon Jul 01, 2019 7:05 pm
Forum: General
Topic: problem with dhcp options on a APC ups
Replies: 2
Views: 2947

Re: problem with dhcp options on a APC ups

...and if you had already created a static entry before adding that option to the server you'll need to modify the static lease reservation to include the option as well :)
by silversword
Tue Jun 25, 2019 11:49 pm
Forum: The Dude
Topic: Feature request - Full featured Web access
Replies: 3
Views: 1672

Re: Feature request - Full featured Web access

It's working here in v6.44.3. Just use webfig
http://IPofDudeServer/webfig
or enable and configure the https services with certs

If it doesn't come up make sure you have IP | services | www enabled for where you're coming from (and restrict it to just your locations for security)
by silversword
Fri Apr 26, 2019 2:49 pm
Forum: General
Topic: RB1100AHx4 Dude Edition insecure by default
Replies: 11
Views: 715

Re: RB1100AHx4 Dude Edition insecure by default

No router should be exposed to the internet without proper configuration. No device calling itself a router should have this as it's fully patched, default configuration out of the box be this: # jan/02/1970 00:03:18 by RouterOS 6.44.2 # software id = 20C3-04CF # # model = RB1100Dx4 # serial number...
by silversword
Fri Apr 26, 2019 12:00 am
Forum: General
Topic: RB1100AHx4 Dude Edition insecure by default
Replies: 11
Views: 715

Re: RB1100AHx4 Dude Edition insecure by default

doubt this was on default config. As I said, tested again after compromised and manual button reset the default config with ver 6.44.2 firmware does it. The bigger routers (the ones made to small business and up) don't have a "WAN port". Take a look: they are just numbered ports (eth1, eth2 and so ...
by silversword
Thu Apr 25, 2019 11:26 pm
Forum: General
Topic: RB1100AHx4 Dude Edition insecure by default
Replies: 11
Views: 715

RB1100AHx4 Dude Edition insecure by default

I plugged WAN into internet, and within 60 seconds of initializing the internet connection with DHCP the firewall was bot compromised. Disabled ID: admin rights, and new ID of router was created with full control. Had to Factory reset with button, disconnect internet cable lookup and manually create...
by silversword
Thu Mar 21, 2019 9:14 pm
Forum: General
Topic: DNS Settings question - dns forwarders
Replies: 4
Views: 1548

Re: DNS Settings question - dns forwarders

The way i solve this (i have some serious knowlegde about Microsft server implementations, is setting the AD controllers DNS adress as primairy DNS server and the secondary DNS as the providers DNS. You can then configure the AD controllers DNS forwarder to catch up with the DNS servers on the inte...
by silversword
Wed Jul 04, 2018 7:46 pm
Forum: General
Topic: Windows Port Knock Application
Replies: 24
Views: 7271

Re: Windows Port Knock Application

I want to use this application over openvpn client, is it possible?
A VPN will forward all your source traffic thru the tunnel, so yes if the tunnel is up your knock will go thru it.
by silversword
Fri Apr 27, 2018 3:31 pm
Forum: General
Topic: Windows Port Knock Application
Replies: 24
Views: 7271

Re: Windows Port Knock Application

Yeah, lots of AV's have it listed (and that's before even running the app to get it to extract tcp.exe): https://www.virustotal.com/#/file/148f082f18ded2bceea7316cf950d3f6faf124e66da023f5e8d3e1887083aaa0/detection I'm sure any kind of util that is built for hitting network ports will get caught up i...
by silversword
Fri Dec 01, 2017 8:58 pm
Forum: Scripting
Topic: Management software for Mikrotik Routers switches and AP's
Replies: 0
Views: 907

Management software for Mikrotik Routers switches and AP's

Always looking for some good management software to handle lots of systems. Open Source NMS integration is definitely a plus :) Some useful search terms for finding software like this: isp billing software open source mikrotik wisp Trying to put together a resource in a google sheet. Please add if y...
by silversword
Fri Dec 01, 2017 2:57 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29857

Re: Why people pair UBNT APs with MikroTik routers?

My $0.02 is simple: Mikrotik is cheap, powerful, and infinitely flexible network equipment. Mikrotik CAPsMAN is a beast to setup initially, and pushing configurations/using it is bleh. Once you have a Unifi controller setup once, it's pretty, functional, powerful and so easy to manage all your AP's ...
by silversword
Wed Nov 01, 2017 5:42 am
Forum: General
Topic: IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices
Replies: 5
Views: 1030

Re: IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices

I think I found my answer on a public list of vulnerabilities, though it might not be complete:
https://www.cvedetails.com/vendor/12508/Mikrotik.html
by silversword
Wed Oct 25, 2017 5:19 pm
Forum: General
Topic: IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices
Replies: 5
Views: 1030

Re: IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices

Well I was just doing my due diligence on security patches, and wanted to make sure I wasn't missing anything (was surprising me to see 5.x was the latest one too). I had to search for the CVE's using the listed descriptions as there was no official numbers listed. I'm sure there are a couple old de...
by silversword
Wed Oct 25, 2017 3:40 pm
Forum: General
Topic: IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices
Replies: 5
Views: 1030

IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices

See: https://research.checkpoint.com/new-iot-botnet-storm-coming/ Can someone check my proverbial math below MikroTik RouterOS SNMP Security Bypass Vulnerability 3.13 or earlier vulnerable MikroTik RouterOS Admin Password Change 4.x or earlier vulnerable MikroTik Router Remote Denial Of Service 5.15...
by silversword
Thu Mar 23, 2017 5:06 am
Forum: General
Topic: Intermittent idrive backups failing after firmware upgrade to 6.38.5
Replies: 0
Views: 310

Intermittent idrive backups failing after firmware upgrade to 6.38.5

I'm having weird idrive backup failures from only some PC's behind upgraded Microtik routers. Downgrading to 6.37.5 and backups will start working again. I've opened a ticket with the idrive tech, but I have no idea where to start with troubleshooting this issue. Here's example of one network: Route...
by silversword
Tue Nov 01, 2016 12:10 am
Forum: Beginner Basics
Topic: Port forwarding
Replies: 19
Views: 2141

Re: Port forwarding

Thanks to all of you! I think i'm nailed down the issue to my Ubuntu server not responding to SYN tcp packets... Not a Mikrotik related issue... just bad network configuration on my Ubuntu server... Thank you again! Can you elaborate, and post what you did to fix? I have also been troubleshooting i...
by silversword
Fri Oct 21, 2016 4:16 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 574
Views: 417674

Re: 3.6 GIG - Public-Mikrotik-Bandwidth-Test-Server

Based on your last traceroute - I just noticed you are coming from an RFC-1918 NAT network (10.x.x.x). This implies you have a firewall/NAT device between your Mikrotik and the Internet. The firewall/NAT device may need a port-forward so that Mikrotik UDP packets from the Internet are forwarded to ...
by silversword
Thu Oct 20, 2016 5:59 am
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 574
Views: 417674

Re: 3.6 GIG - Public-Mikrotik-Bandwidth-Test-Server

What do you get when you do the same traceroute again but this time using UDP instead of icmp ? ....you can traceroute with UDP. My "learned something new" for the day! Makes sense if you think about it though. :) https://i.imgur.com/LONL5hM.png Re-testing apparently it's only the receive part I'm ...
by silversword
Thu Oct 20, 2016 1:13 am
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 574
Views: 417674

Re: 3.6 GIG - Public-Mikrotik-Bandwidth-Test-Server

silversword - re: Can't connect via UDP, only TCP Interesting ... Are you behind a firewall ? Is your test device on a live IP address ? No firewall, live public IP from AT&T Uverse, the Gigapower division. It's consumer 1Gbit, so I'm sure they have protection mechanisms for large quantities of UDP...
by silversword
Wed Oct 19, 2016 7:50 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 574
Views: 417674

Re: 3.6 GIG - Public-Mikrotik-Bandwidth-Test-Server

Thx Tom! FYI testing from Atlanta, GA on AT&T Gigapower. btest from mikrotik hardware (CPU throttled) DSL reports and speedtest.net for comparison (fastpath enabled only way to get high speeds without CPU bottleneck) Can't connect via UDP, only TCP. Wouldn't be surprised if AT&T is filtering UDP out...
by silversword
Wed Oct 19, 2016 6:14 pm
Forum: General
Topic: Intermittent connectivity from Inside network using Hairpin with Dynamic WAN address
Replies: 0
Views: 288

Intermittent connectivity from Inside network using Hairpin with Dynamic WAN address

WAN: Dynamic Public IP LAN Subnet: 10.0.8.0/24 LAN http server IP: 10.0.8.184 port: 8085 /ip firewall nat add action=dst-nat chain=dstnat dst-address-type=local dst-port=8085 protocol=tcp to-addresses=10.0.8.184 to-ports=8085 add action=masquerade dst-address=10.0.8.184 dst-port=8085 out-interface=b...
by silversword
Wed Sep 14, 2016 10:02 am
Forum: General
Topic: Simple Queue not working when Fasttrack enabled
Replies: 28
Views: 19587

Re: Simple Queue not working when Fasttrack enabled

I think I was able to get this working: /ip firewall filter add action=accept chain=forward comment=\ "Guest wifi IP excluded from fasttrack for simple queue processing" connection-state=\ established,related src-address=192.168.20.0/24 add action=accept chain=forward comment=\ "Guest wifi IP exclud...
by silversword
Wed Jul 27, 2016 6:22 pm
Forum: General
Topic: Simple Queue not working when Fasttrack enabled
Replies: 28
Views: 19587

Re: Simple Queue not working when Fasttrack enabled

Jarda, considering this (almost default config for CRS125) https://i.imgur.com/a4ZVqza.png I believe you're saying there needs to be another firewall rule between 3 and 4 applying to the IP's assigned to the wifi guest network (192.168.20.0/24) so that it triggers before the defconf: fasttrack rule ...
by silversword
Mon Jul 18, 2016 8:19 pm
Forum: General
Topic: Simple Queue not working when Fasttrack enabled
Replies: 28
Views: 19587

Re: Simple Queue not working when Fasttrack enabled

I came across this thread when trying to limit guest wifi with simple queues, while fasttrack is enabled (on CRS125-24G). Have to have fasttrack enabled, on a 1Gbps fiber internet connection. If fasttrack isn't enabled, System | Profile shows that firewall hits 100% CPU, and limits my wired connecti...
by silversword
Wed May 11, 2016 9:00 pm
Forum: Virtualization
Topic: How to expand virtualized x86 ROS system partition
Replies: 11
Views: 6623

Re: How to expand virtualized x86 ROS system partition

Good points (I'll edit original post with warning about licenses), so far this was all free license stuff. I think the below summarizes accurately? If it was regular RouterOS with a paid license I'd have lost my license and had to repurchase. With CHR version it always has a free license so no probl...
by silversword
Wed May 11, 2016 4:36 pm
Forum: Virtualization
Topic: How to expand virtualized x86 ROS system partition
Replies: 11
Views: 6623

Re: How to expand virtualized x86 ROS system partition

Just had this issue. Had just kept the original CHR image size and my dude database filled up all the space. Tried Partition Wizard, couldn't resize ext3 partition. !!!WARNING: Paid Licensing can be affected. See subsequent posts before proceeding. Here's the steps I took (running under Hyper-v on W...
by silversword
Wed May 04, 2016 7:39 pm
Forum: The Dude
Topic: Dude 6.x or RoS TimeZone
Replies: 3
Views: 1176

Re: Dude 6.x or RoS TimeZone

I was looking for this same answer.

Login to the CHR with winbox
System | Clock | Set Time Zone.
by silversword
Tue May 03, 2016 11:36 pm
Forum: The Dude
Topic: Lookup "Name to address" doesn't work
Replies: 7
Views: 6520

Re: Lookup "Name to address" doesn't work

The Dude uses the DNS servers specified in the 'settings' page, and this server must support recursive dns queries.
Does anyone know where these settings are in the newer Dude v6.x+? I see it in the 4.x version, but not the newest one that interfaces with the CHR dude.
by silversword
Fri Nov 06, 2015 8:53 pm
Forum: General
Topic: Reset Counters function
Replies: 2
Views: 1409

Re: Reset Counters function

Same problem here, trying to find out how to reset the stats in the Traffic tab of an interface.

The Reset Counters button resets: Overall Stats, Rx Stats, Tx Stats but not Traffic.

So far only solution is remove interface (Yuck), or reboot device.
by silversword
Mon Nov 02, 2015 4:51 pm
Forum: Beginner Basics
Topic: What does Local ip address in Quick Set means?
Replies: 7
Views: 3615

Re: What does Local ip address in Quick Set means?

I'm using a RB1100AHx2, for example when i set ip address in eth11 10.128.4.1/22, network 10.128.4.0 automatically when i apply this setting it changes my IP local address in quick set from 192.168.32.1 to 10.128.4.1 and i lost Internet connection. Automatically changes can someone tell me why?. Al...
by silversword
Tue Oct 27, 2015 4:19 am
Forum: Beginner Basics
Topic: What does Local ip address in Quick Set means?
Replies: 7
Views: 3615

Re: What does Local ip address in Quick Set means?

Thanks in advance. But suppose we have eth1 with ip address 10.128.0.1/24 with DHCP server and eth2 with ip address 10.128.4.1/24 also with DHCP server. If you have two different subnets connected to different ports you're beyond the scope of what Quick Set is for. With that config you'll have to u...
by silversword
Mon Oct 26, 2015 11:28 pm
Forum: General
Topic: Fixing Bufferbloat with Mikrotik router and Cable or DSL modems as ISP using simple queue
Replies: 1
Views: 4259

Fixing Bufferbloat with Mikrotik router and Cable or DSL modems as ISP using simple queue

Been looking for a solution to this for a while now, think I've finally found the fix: Using DSL Reports Speed test: http://www.dslreports.com/speedtest After adding: /queue simple add max-limit=80M/10M name=queue1 target=ether1-gateway Adjust the max-limit=80M/10M so that: First number is just unde...
by silversword
Fri Jul 10, 2015 4:55 pm
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 123798

Re: Winbox 3 RC

WinBox v3.0rc12 New GrooveA out of the box plugged into the same network PC IP: 10.0.0.100 GrooveA Default IP: 192.168.88.1 Not sure when it broke but under neighbors tab clicking Refresh button would previously show all Mikrotik devices quickly (for connecting via MAC address for initial configurat...
by silversword
Fri Jul 10, 2015 3:00 pm
Forum: Announcements
Topic: Manual Improvements
Replies: 94
Views: 19093

Re: Manual Improvements

This will probably need RouterOS work before you can fix the manual but it would sure be nice to have this: http://wiki.mikrotik.com/wiki/Manual:Quickset First need a consistent list of what's in that dropdown for all devices is first step (different devices have different sets of dropdowns). Then d...
by silversword
Thu Jul 09, 2015 8:37 pm
Forum: Announcements
Topic: Manual Improvements
Replies: 94
Views: 19093

Re: Manual Improvements

When you download this: http://download2.mikrotik.com/routeros/ ... e-6.30.zip

There's 20 packages that don't match this list: http://wiki.mikrotik.com/wiki/Manual:System/Packages

Trying to determine what the difference between all the wireless____ ones are.
by silversword
Fri Feb 27, 2015 3:58 pm
Forum: Beginner Basics
Topic: Wireless Client-isolation rb 433Ah
Replies: 3
Views: 1894

Re: Wireless Client-isolation rb 433Ah

try to set this
 /interface wireless set wlan1 default-forwarding=no 
[/quote]

Or uncheck
https://drive.google.com/file/d/0B8Ypcz ... sp=sharing
by silversword
Sat Oct 04, 2014 12:53 am
Forum: General
Topic: New CRS125-24G-1S-2HnD running v6.6 out of the box?
Replies: 3
Views: 689

Re: New CRS125-24G-1S-2HnD running v6.6 out of the box?

I'm apparently having a senior moment....brain was translating 6.20 to 6.2.0.....6.2<6.6.

Doh! Thanks for the reply though :)
by silversword
Fri Oct 03, 2014 10:26 pm
Forum: General
Topic: New CRS125-24G-1S-2HnD running v6.6 out of the box?
Replies: 3
Views: 689

New CRS125-24G-1S-2HnD running v6.6 out of the box?

Just bought it for testing, and I don't understand why it's running 6.6. When I do a check for updates it downloads and will upgrade to 6.20?
by silversword
Fri Feb 14, 2014 5:08 pm
Forum: General
Topic: Tool: Realtime per IP traffic monitor for home/office
Replies: 289
Views: 304958

Re: Tool: Realtime per IP traffic monitor for home/office

Of course if you have a MikroTik...the easiest way to view live data is:
Tools | Torch
LAN traffic use bridge-local interface
Internet traffic use ether1-gateway

:)
by silversword
Sat Oct 26, 2013 2:28 pm
Forum: The Dude
Topic: The Dude on RB2011UAS-RM & RB751U-2HD
Replies: 5
Views: 3657

Re: The Dude on RB2011UAS-RM & RB751U-2HD

Did you test export configuration on RB's? I bet it will lock up.

I was just testing an empty the dude configuration.
Creating a single ping item manually.

For troubleshooting I wanted to eliminate the possibility of it locking from a complex config.
by silversword
Fri Oct 25, 2013 9:17 pm
Forum: The Dude
Topic: The Dude on RB2011UAS-RM & RB751U-2HD
Replies: 5
Views: 3657

Re: The Dude on RB2011UAS-RM & RB751U-2HD

I've tested on RD2011UAS-2HnD both
Dude 3.6
Dude 4.0 beta 3

From clean config (version 6.5)
Install Dude on routeros
Reboot - no lockups
Connect to dude on routeros
Add single item: ping google.com
Reboot - Boot loop

------------------

Not sure why they have routeros packages if they don't work :/
by silversword
Fri Oct 25, 2013 8:18 pm
Forum: Forwarding Protocols
Topic: Can't Traceroute to extern /27 network OSPF but can connect
Replies: 5
Views: 2620

Re: Can't Traceroute to extern /27 network OSPF but can conn

Did you ever get this resolved? Having the same issue. I'm getting different results based on source. Config: Internet | Nat device 192.168.0.2 | Microtik router 10.0.0.1 (with dude agent installed) | Computer on 10.0.0.x subnet (with dude windows client running) Depending what source is listed havi...
by silversword
Tue Oct 22, 2013 8:11 pm
Forum: Beginner Basics
Topic: Lan IP and DHCP scope change doesn't work w/out reboot
Replies: 1
Views: 674

Lan IP and DHCP scope change doesn't work w/out reboot

I wanted to change local IP from the 192.168.88.x to the 10.0.0.x Setup Latest firmware 6.5 RB2011UAS-2HnD From default config setup Setup wireless Test LAN clients and Wireless, everything ok. change all the IP's for addresses and DHCP from 192.168.88.x to 10.0.0.x ------------------- Results Wirel...
by silversword
Tue Oct 22, 2013 5:48 pm
Forum: Beginner Basics
Topic: quickset
Replies: 5
Views: 994

Re: quickset

Had same issue with wireless not showing up had to enable. V6.5 Issue with quick Set. New RB2011UAS-2HnD out of the box. Upgraded 6.1 to 6.5 RouterOS. Quickset in AP mode Under LAN/WLAN section says DHCP Server is unchecked however from a default config DHCP is enabled Quickset doesn't show correct ...