6.38 = Bugfix, proven to be stableOr I'm very silly and I do not understand anything.
We are with version 6.39.2 and get bugfix of 6.38.7
How does it apply to 6.39.2?
Normis has pointed out which area of forum I'm in.. apologiesI think it's assumed that if you've got the skills to use Linux you can figure out the CLI
Please can you post a proper .pcap packet capture?
Run it line by line and see where it fails, or add some lines to indicate where if fails, e.g -I have try this script and indeed it don't work.
Who can help us?
:put "The script has made it this far " :put "The script has made it this far "
/ ip ssh print
/ ip firewall filter add action=accept connection-state=established
You can set the channel rather than the frequencyHave the frequencies pretyped like when setting a plain AP without capsman instead of a text box.
Sent from my Nexus 4 using Tapatalk
Port Knocking is not the right approach. It's a nasty hacky bodge.Drop everything except whitelist is the right approach. If you need dynamic whitelist you would need to implement port knocking.
But UDP connections don't 'die' as such?Setup your masq rules separately, one for each out-interface? Then only NAT new connections? that way 'invalid' connections will die off on their own and start new ones?
/ip firewall connection remove [/ ip firewall connection find dst-address=111.222.333.444:5060]
Fail2Ban won't catch everything. Be carefulI only have these 2 rules in place for outside access + I have Faill2Ban configured on freepbx to protect against authentication attacks.
These rules should be in the forward chain.add chain=input dst-port=5060 log=yes protocol=udp
add chain=input dst-port=10000-20000 log=yes protocol=udp
Complete bullshit. It can be a problem, but 9 out of 10 times it can be made to work.voip + nat = problem
If this happens unintentionally, you've made a mistake I'm your config.you can easily create an issue where trafic comes in the one interface and leaves the other.
I dont understand what you're saying, sorryIf that option existed you would very easily force cyclic data, Its better for the Tik to communicate back out the interface it receives the data especially for secure data.
Wow, I didn't know this. Is there a source / link ?Only on old Firmware Versions.
On newer Firmware only with verbose the Mac Address will be copied.
The IPSEC server could generate a dynamic policy.basically you have a DynDNS style service for your remote site... run a script on your main site to grab the new IP and then update the IPSec policy, proposal, etc
What issues are you having with scripting this?There are times when you want to flush/clear all connections and it is hard to do it, even with scripts.
Yes it can. I'm using it in both KVM and QEMU.Dear,
Can the Cloud Hosted Router itself be a Virtual Router with KVM?
I suppose this will depend in the future on the hosted provider.
Looks wise, the cAP would look a little nicer on the ceiling.It looks like the wAP can replace the cAP entirely? Dual chain instead of single, 802.3af/at instead of passive, and we can install outdoors. Are there any advantages to the cAP?
/ip firewall service-port set sip disabled=yes
I couldn't find it either. I downloaded the RC, upgraded it, reset the configuration to completely blank, and made a new copy of the img.Is 6.31 Img going to be available through the download page ?
Err, this is why they released a 'stable, bug-fix branch' and then the 'updates' branch.This is not acceptable, even at home I could not run a Mikrotik setup without redundancy preferably with different models.
You need to help us, help you.How is the PPPoE terminated to the customer? How does it get back to the router?