Community discussions

MikroTik App

Search found 6133 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 21
by rextended
Sat Nov 20, 2021 11:15 am
Forum: Useful user articles
Topic: Hairpin NAT - Port Forwarding Not Working & More!!
Replies: 26
Views: 3342

Re: SEXY Hairpin NAT - The Right Way To Achieve O......

Writing seriously, I've really seen them here... ...and before you give me a few more jokes, I'm not talking about myself... Ohhh... Znevna, sorry, I take myself too seriously, you are right to take the piss, I deserve it. But who cares, I only took my wife home yesterday from the hospital, but who ...
by rextended
Sat Nov 20, 2021 11:02 am
Forum: Useful user articles
Topic: Hairpin NAT - Port Forwarding Not Working & More!!
Replies: 26
Views: 3342

Re: SEXY Hairpin NAT - The Right Way To Achieve O......

There we go, @rextended back on track with bold writing, huge fonts, screaming for attention. Bold writing? @Anav and @Sob posts are full of bold writing... And also @Sob use huge fonts. Strange that you have not noticed that, you were too busy trying to bother me. Is clear that for you is only a w...
by rextended
Sat Nov 20, 2021 10:25 am
Forum: Useful user articles
Topic: Hairpin NAT - Port Forwarding Not Working & More!!
Replies: 26
Views: 3342

Re: SEXY Hairpin NAT - The Right Way To Achieve O......


@Sob welcome back, @Anav it made me worry for you that you were gone, they thought the worst, given the period ...
by rextended
Sat Nov 20, 2021 10:20 am
Forum: Useful user articles
Topic: Hairpin NAT - Port Forwarding Not Working & More!!
Replies: 26
Views: 3342

Re: SEXY Hairpin NAT - The Right Way To Achieve O......

You cannot use "Hairpin" if you are bald. ( :roll: ) There are two quick work-arounds to avoid the necessity to deal with Hairpin NAT and they include: a. Move the LAN users OR Server to a different subnet, ALMOST ***** done! b. Allow the LAN users to use the LAN IP of the server for acce...
by rextended
Fri Nov 19, 2021 11:49 pm
Forum: Beginner Basics
Topic: Working around NAT hairpin [SOLVED]
Replies: 27
Views: 1881

Re: Working around NAT hairpin [SOLVED]

I always go with split-DNS solution recomended by @regextended
Ah, I understand why "regextended" instead of rextended...

RegExTended:
"Incline to use Regular Expression" :lol: :lol: :lol: :lol:
by rextended
Fri Nov 19, 2021 7:58 pm
Forum: Scripting
Topic: Script to keep a NAT rule at top [SOLVED]
Replies: 12
Views: 1688

Re: Script to keep a NAT rule at top [SOLVED]

thanks @msatter

/ip firewall nat

# msatter hint
print without-paging

:for x from=100 to=0 step=-1 do={
    :if ( ([find]->0) != ([find where comment="ONTOP$x"]->0) ) do={
        move [find where comment="ONTOP$x"] destination=*0
    }
}
by rextended
Fri Nov 19, 2021 7:53 pm
Forum: Beginner Basics
Topic: Working around NAT hairpin [SOLVED]
Replies: 27
Views: 1881

Re: Working around NAT hairpin [SOLVED]

(not for @Jotne)
All this effort for not to use the easy DNS solution I suggested?
by rextended
Fri Nov 19, 2021 6:36 pm
Forum: General
Topic: firewall time rule broken due to bootup clock
Replies: 2
Views: 438

Re: firewall time rule broken due to bootup clock

disable the rules with one schelurer run at startup,
and add one script that check every 1 min until ntp status is "syncronized" and then reactivate the rules
by rextended
Fri Nov 19, 2021 6:31 pm
Forum: Scripting
Topic: Add comment to DHCP rate limit queue
Replies: 2
Views: 1287

Re: Add comment to DHCP rate limit queue

DHCP Server Script set the right "parent" and set your wanted limits. :local nameQueue "Queue $leaseActMAC" /queue simple remove [find where name=$nameQueue] :if ($leaseBound = "1") do={ add name=$nameQueue parent=MainQueue target="$leaseActIP/32" disabled=no ...
by rextended
Fri Nov 19, 2021 6:18 pm
Forum: General
Topic: How to email when IP added to address list?
Replies: 7
Views: 3610

Re: How to email when IP added to address list?

Please do not resurrect post some years old...

because prefix=psd do not select "when prefix is psd", but add another "psd" as prefix

when you select "firewall" you get all firewall log, no one excluded
by rextended
Fri Nov 19, 2021 6:08 pm
Forum: General
Topic: reboot device over ssh
Replies: 4
Views: 11008

Re: reboot device over ssh

Is too hard follow and read already posted link and solution?
:execute {/system reboot}
by rextended
Fri Nov 19, 2021 6:05 pm
Forum: General
Topic: nothing
Replies: 7
Views: 642

Re: I want some answers for some questions

nothing?
by rextended
Fri Nov 19, 2021 5:50 pm
Forum: Scripting
Topic: how to handle y/n response in .rsc script
Replies: 12
Views: 7543

Re: how to handle y/n response in .rsc script

Another time with this idiocy? The Script (actually) does not require any form of prompting if run OUTSIDE the terminal / CLI / or as you call it. Any script TESTED or CALLED from the terminal / CLI / etc, ASKS for a prompt, because it runs interactively. UNDERSTAND OR NOT? this, removing all and th...
by rextended
Fri Nov 19, 2021 10:21 am
Forum: Beginner Basics
Topic: Working around NAT hairpin [SOLVED]
Replies: 27
Views: 1881

Re: Working around NAT hairpin [SOLVED]

However, I was under the impression moving the server to a different subnet would solve it as well, no tricks required!! If you want use that method, why move and probably create more problems on devices than still point the server, on the right way, with correct IP? Simple add another subnet just ...
by rextended
Fri Nov 19, 2021 10:15 am
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 138
Views: 22720

Re: v6.49.1 [stable] is released!

You have really readed something?
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
The question is if all possible cases are covered or not, securely not.
by rextended
Fri Nov 19, 2021 1:48 am
Forum: Beginner Basics
Topic: Working around NAT hairpin [SOLVED]
Replies: 27
Views: 1881

Re: Working around NAT hairpin [SOLVED]

Buuuut, I still cannot use testdomain.com from any computer on my internal network, for example a PC with IP 192.168.88.101, it still takes me to MT login page from any of those computers. If I type 192.168.90.200 instead, it will correctly open the website. As I wrote another dozen times already, ...
by rextended
Thu Nov 18, 2021 8:29 pm
Forum: General
Topic: Bypass the VPN for SMB access from outside [SOLVED]
Replies: 42
Views: 2046

Re: Bypass the VPN for SMB access from outside [SOLVED]

if both sides are using ips of that country isps are going to route the connection in something like intranet which is very fast.

I don't know from which IPs they are going to connect to the smb server.

Uhm...... :-?
by rextended
Thu Nov 18, 2021 8:10 pm
Forum: Scripting
Topic: Scripting - Asking user for input.
Replies: 14
Views: 5783

Re: Scripting - Asking user for input.

This is a 6.47.10 working example: (not tested on other versions)
{
:local readinput do={:return}
:put "\r\nInsert a string you want use as"
:local input [$readinput]
:put "\r\nYou have insert: $input"
:put "Which is a $[:typeof $input]\r\n"
}
by rextended
Thu Nov 18, 2021 8:02 pm
Forum: Scripting
Topic: Scripting - Asking user for input.
Replies: 14
Views: 5783

Re: Scripting - Asking user for input.

This do not work, the second put is not executed, the terminal print the result regardless the :put
by rextended
Thu Nov 18, 2021 7:48 pm
Forum: General
Topic: How to change Mikrotik's name on my LAN
Replies: 6
Views: 577

Re: How to change Mikrotik's name on my LAN

If you must ask that, probably for you can only go worst.
by rextended
Thu Nov 18, 2021 7:45 pm
Forum: General
Topic: Bypass the VPN for SMB access from outside [SOLVED]
Replies: 42
Views: 2046

Re: Bypass the VPN for SMB access from outside [SOLVED]

There are thousands of free file sharing services on the internet...
You have to share something truly illegal to not want to use them.
If you share them "zipped" with a 100-digit password, no one will decrypt them who does not know the password ...
by rextended
Thu Nov 18, 2021 7:38 pm
Forum: General
Topic: Botnet and bad actor filters
Replies: 22
Views: 2189

Re: Botnet and bad actor filters

I use honeypot, for discovery new "scanners", and lists for prevent probes from lists sources, and I forbid from internal user BOTH to spoof it's own real address (the accound is blocked undefinitely until I manually resume) and to contact remote IPs on lists (the accound is locked for 1 d...
by rextended
Thu Nov 18, 2021 7:30 pm
Forum: General
Topic: Bypass the VPN for SMB access from outside [SOLVED]
Replies: 42
Views: 2046

Re: Bypass the VPN for SMB access from outside [SOLVED]

Another host for the botnet...
by rextended
Thu Nov 18, 2021 7:20 pm
Forum: General
Topic: Botnet and bad actor filters
Replies: 22
Views: 2189

Re: Botnet and bad actor filters

Do not see the problem only on user level. The ISP can not apply the rule "drop all" at the end of forward chain.... The ISP can not block all port directed to user, because you drop near all services. (on the edge router NAT or connection tracking are not active, and every user have it's ...
by rextended
Thu Nov 18, 2021 1:49 am
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 138
Views: 22720

Re: v6.49.1 [stable] is released!

PLEASE ADD THE OPPORTUNITY TO DISABLE QUICKSET,
like the actual disabilitable container, fetch, scheduler, traffic-gen,
ipsec, pptp, smb, l2tp, proxy, sniffer, zerotier, bandwidth-test, email, hotspot, romon, socks!!!
by rextended
Thu Nov 18, 2021 1:27 am
Forum: Scripting
Topic: rebooting after successful update
Replies: 7
Views: 866

Re: rebooting after successful update

Ok, the point is: there is no software in the world secure enough to install it as soon as it is published.
by rextended
Wed Nov 17, 2021 1:15 pm
Forum: General
Topic: Thousand LOGIN messages after RouterOS upgrade
Replies: 3
Views: 613

Re: Thousand LOGIN messages after RouterOS upgrade

You use The Dude? Disable it and retry...
by rextended
Wed Nov 17, 2021 1:01 pm
Forum: General
Topic: Hide-sensitive shows serial number
Replies: 5
Views: 549

Re: Hide-sensitive shows serial number

RIGHT. lowercase_serial_number + .sn.mynetname.net and you are inside not-well-protected, or updated, router with cloud active... Also login information on exported scheduler or script section (for example dyndns, no-ip, api keys, ftp passwords, etc.)... also some tunnels ipsec password are exporte...
by rextended
Wed Nov 17, 2021 12:39 pm
Forum: Scripting
Topic: len return wrong length
Replies: 6
Views: 707

Re: len return wrong length

Hello, i will post the leases to a webserver and ich must encode the string but len return always 1 with the following command: :put [:len [/ip dhcp-server lease print as-value]] Maybe someone has a solution? best regards Heiko The ":len" return always 1 because you have only one entry on...
by rextended
Wed Nov 17, 2021 12:02 pm
Forum: Scripting
Topic: len return wrong length
Replies: 6
Views: 707

Re: len return wrong length

As @rextended pointed out some time back:
Thanks....


{
:local test 0
:foreach i in=[/ip dhcp-server lease find] do={
     :set $test ($test+1)
}
:put $test
}

can be... simplified:
:put [:len [/ip dhcp-server lease find]]
by rextended
Wed Nov 17, 2021 11:32 am
Forum: Scripting
Topic: len return wrong length
Replies: 6
Views: 707

Re: len return wrong length

Please consider using the correct syntax, otherwise bad habits will spread /ip dhcp-server lease { :local string "" :foreach item in=[print as-value] do={ :set $string "$string$($item->"mac-address")," } # snip that last trailing comma :set $string [:pick $string 0 ([:l...
by rextended
Mon Nov 15, 2021 11:07 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 64
Views: 34232

Re: WinBox v3.31 released!

If you notice winbox theme, this mean you do not really work with MikroTik devices...
Under the sun the fucking dark mode make near usable the laptop....
by rextended
Mon Nov 15, 2021 11:04 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

Easy way to build a tower???
The tower generate more money on that way than a standard tower... ahahahahah....... :lol:
by rextended
Mon Nov 15, 2021 6:07 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 64
Views: 34232

Re: WinBox v3.31 released!

"ribbon" menù?
Image
by rextended
Mon Nov 15, 2021 6:00 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

Easy way to remove protection: (solution by @r00t ) [...] Desold the SPI flash, change the bytes that in bootloader configuration block that lock the device and solder it back. At least it's just SPI chip that's not that hard to work with and can be programmed with cheap CH341A programmer (just make...
by rextended
Mon Nov 15, 2021 5:41 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

Is not possible downgrade RouterBOOT or RouterOS prior to factory version. This isn't always the case - it is actually sometimes possible to downgrade RouterOS below the factory version (my coworker did it before), but it is not true for RouterBOOT - it is always impossible to downgrade RouterBOOT ...
by rextended
Mon Nov 15, 2021 5:36 pm
Forum: Scripting
Topic: Hexadecimal_To_Decimal
Replies: 4
Views: 677

Re: Hexadecimal_To_Decimal

For me is impossible, I do not have that hardware to test
by rextended
Mon Nov 15, 2021 10:02 am
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

Such package already exist, I have already post that: [...] is why is released on the past for the first time the FACTORY RouterBOOT upgrade, because prior to 6.43.7, a "bug" make protected-routerboot useless... [...] https://forum.mikrotik.com/viewtopic.php?t=94303#p580430 Is not possible...
by rextended
Mon Nov 15, 2021 3:05 am
Forum: Scripting
Topic: rebooting after successful update
Replies: 7
Views: 866

Re: rebooting after successful update

Is the most stupid thing you can do: update routerboard just when new release go out...
by rextended
Mon Nov 15, 2021 2:59 am
Forum: Scripting
Topic: set pvid on interfaces
Replies: 2
Views: 620

Re: set pvid on interfaces

# correct way to complicate the things
/interface bridge port
set [find where interface=[/interface get [find where default-name=ether47] name] ] pvid=1300

# how must be doed
/interface bridge port
set [find where interface=ether47] pvid=1300
by rextended
Mon Nov 15, 2021 2:42 am
Forum: Scripting
Topic: Hexadecimal_To_Decimal
Replies: 4
Views: 677

Re: Hexadecimal_To_Decimal

# the octet is case insensitive
:global octet "f"
:put [:tonum "0x$octet"]
by rextended
Mon Nov 15, 2021 2:35 am
Forum: Scripting
Topic: Hexadecimal_To_Decimal
Replies: 2
Views: 501

Re: Hexadecimal_To_Decimal

This user post is 08 Nov 2021, 08:44, you reply to the 09 Nov 2021, 10:38 post...
by rextended
Sun Nov 14, 2021 11:07 am
Forum: General
Topic: Block torrent downloads
Replies: 10
Views: 1052

Re: Block torrent downloads

This approach fail: torrent can use with no problem port 53, 80, 443, etc. For esample also 5060 and the others for SIP, if you prioritize blindly the "5060"s for VoIP, the torrent use that ports unblocked and prioritized. I allow only knowed SIP servers (=user call me) and drop everything...
by rextended
Sat Nov 13, 2021 11:20 am
Forum: SwOS
Topic: DHCP failover to 192.168.88.1
Replies: 9
Views: 1390

Re: DHCP failover to 192.168.88.1

Best practice is not to use any of the MikroTik / TP-Link / Ubiquity / etc. default IP ranges used in the default settings.
(This does not mean the idiocy of deleting all configuration of the routerboard, including the firewall)
by rextended
Sat Nov 13, 2021 10:21 am
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

The v7 cannot enable (pressed the button or not) features not present on the RouterBOOT ... The reset button on startup are things of RouterBOOT, RouterOS may not be present. If FACTORY RouterBOOT are older than 6.43.7, the v7 can not do anything about successfully reuse, is why is released on the p...
by rextended
Sat Nov 13, 2021 10:13 am
Forum: Scripting
Topic: Script to convert dynamic to static for specfic address list. [SOLVED]
Replies: 9
Views: 1366

Re: Script to convert dynamic to static for specfic address list. [SOLVED]

Your approach is really interesting... easy to apply, goes faster than expected, thanks on RouterBOARD 3011UiAS, with 1500 records, it makes the difference .... /ip firewall address-list { :local targetList "Zoom" remove [find where list="temp-$targetList"] :local search [find wh...
by rextended
Sat Nov 13, 2021 10:07 am
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

@Znevna, remember: some user do not know the differencies between RouterOS and RouterBOOT, and update only RouterOS, leaving only "factory" RouterBOOT version....
by rextended
Sat Nov 13, 2021 10:03 am
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

Someone asks: Even with the new requirement for the protected bootloader to press a button, someone with bad intentions can still downgrade and .. you know? Like actually already is: RouterOS can be downgradable not after factory RouerOS, but RouterBOOT can't be downgradable after the factory Route...
by rextended
Sat Nov 13, 2021 10:00 am
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

Think twice:
RouterOS is full of discovered and undiscovered errors, if you need to downgrade for some reason not discovered before, how to downgrade devices 200km away?
by rextended
Fri Nov 12, 2021 8:47 pm
Forum: Scripting
Topic: Script to convert dynamic to static for specfic address list. [SOLVED]
Replies: 9
Views: 1366

Re: Script to convert dynamic to static for specfic address list. [SOLVED]

Why check again if the IP exist? Winbox do not add autonomusly the dynamic IP on the list, if the static IP is already present on list. If on first find the dynamic IP exist, is obvious than can be removed because for sure is present. { :local targetList "Zoom" /ip firewall address-list :f...
by rextended
Fri Nov 12, 2021 8:21 pm
Forum: Scripting
Topic: Using where to see if value is in an array
Replies: 3
Views: 588

Re: Using where to see if value is in an array

fixed some errors on example... :global matcher do={ :local string "ether11;ether2;ether21;ether22" :if ( $string~"$1(;|\$)" ) do={ :put "$1 is in string" } else={ :put "no match" } } untagged~("test;") match anything that contain "test;" u...
by rextended
Fri Nov 12, 2021 8:11 pm
Forum: Scripting
Topic: firewall configuration in Mikrotik
Replies: 3
Views: 564

Re: firewall configuration in Mikrotik

Right, but I prefer this syntax:
/ip firewall nat disable [find where comment~"abcdef"]
/ip firewall nat enable [find where comment~"123456"]

# or better

/ip firewall nat
disable [find where comment~"abcdef"]
enable [find where comment~"123456"]
by rextended
Fri Nov 12, 2021 7:34 pm
Forum: Scripting
Topic: dhcp-server lease lease-time can't be used in scripts? [SOLVED]
Replies: 2
Views: 669

Re: dhcp-server lease lease-time can't be used in scripts? [SOLVED]

you forget everytime to not put extra space x=1 rigt x =1, x= 1 or x = 1 wrong :put [/ip dhcp-server lease find where dynamic=no and lease-time=1h] :put [/ip dhcp-server lease find where dynamic=no and lease-time=60m] :put [/ip dhcp-server lease find where dynamic=no and lease-time=01:00:00] :put [/...
by rextended
Fri Nov 12, 2021 6:17 pm
Forum: General
Topic: How to change dest addr of egress packets and source addr of ingress packets?
Replies: 2
Views: 410

Re: How to change dest addr of egress packets and source addr of ingress packets?

And where is the problem? Is from 2007 than I force all the users to use my DNS instead of anyother. On Italy I'm forced by stupid laws to do that. DST-NAT is applied on prerouting, you can not alter the source IP of the incoming packet because that connection is already tracked with that IP source....
by rextended
Fri Nov 12, 2021 6:07 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

/system/reset-configuration does not alter routerboard settings, that includes protected routerboot.
Exactly this on 6.47.10 i used for tests
by rextended
Fri Nov 12, 2021 6:07 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

it will mean that you must hold the button 60 to 65 seconds, not less and not more, making guesses impossible

On 6.47.10 is impossible to set time differencies less than 10 seconds between reformat-hold-button and reformat-hold-button-max
warning_pr.png
by rextended
Fri Nov 12, 2021 5:59 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

On my tests on 6.47.10, when you use correct reset timing, all values are set to default, included all the various protected-routerboard settings.
by rextended
Fri Nov 12, 2021 5:40 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

For deactivation when you do /system reset-configuration must be not needed, but also if you use a user on a Router with full control, is useless press a button to disable protected-routerboard. For my opinion must be pressd the button only: for set protected-routerboard enabled, for change any timi...
by rextended
Fri Nov 12, 2021 5:28 pm
Forum: Beginner Basics
Topic: Bridge Firewall block subnet/ip4
Replies: 3
Views: 560

Re: Bridge Firewall block subnet/ip4

Or for block all except ipv6: mac-protocol = ! ipv6
by rextended
Fri Nov 12, 2021 5:21 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

The ransom is still possible, must be confirmed also the timing change...


@Znevna,
please you can test if system-reset is used,
protected-routerboard settings are lost?
Thanks.
by rextended
Fri Nov 12, 2021 5:10 pm
Forum: Scripting
Topic: Unable to strip netmask from Ip address in script [SOLVED]
Replies: 6
Views: 786

Re: Unable to strip netmask from Ip address in script [SOLVED]

The forum is here for that,
have a nice day.
by rextended
Fri Nov 12, 2021 5:02 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

That's the most logical implementation... Everytime change timing must require button press, everytime enable this feature require button press. But must be always possible to read on plaintext and export / backup the time set. If someone have routerboard access, selecting "system reset" m...
by rextended
Fri Nov 12, 2021 3:51 pm
Forum: Scripting
Topic: Unable to strip netmask from Ip address in script [SOLVED]
Replies: 6
Views: 786

Re: Unable to strip netmask from Ip address in script [SOLVED]

Is like you do not know scripting, ":put" simply write on terminal some text, if you must "put" the result inside a variable, is obvious than you must use set. And also on CORRECT way (the $ before ipaddress after set command): :global ipaddress 10.1.101.1/24 :set $ipaddress [:pi...
by rextended
Fri Nov 12, 2021 3:44 pm
Forum: Scripting
Topic: elif statement
Replies: 9
Views: 5669

Re: elif statement

I guess your change there fixes the issue I had about if $n is equal to multiple cases at the same time. Both Yes, good deduction, and also No: It simply act on this way, like compared only one time, because the value can change for various reason somewhere else. something like this can help: [...]...
by rextended
Fri Nov 12, 2021 3:26 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

Please also consider: For be enabled, button must be pressed, for be disabled, NOT. From https://forum.mikrotik.com/viewtopic.php?p=890674#p890288 pressed undefinitely and never released = do not boot, uselessly blink @Znevna From the Cisco Documentation for the 1850 Series: If you keep the mode but...
by rextended
Fri Nov 12, 2021 3:13 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

in next v6 and v7 versions, protected bootloader function will have to be confirmed with press of a button. Nobody who has your password will be able to set it, if he has no physical access to the device. Too much rapid this response :roll: , probably MikroTik staff know thousand of ransom cases th...
by rextended
Fri Nov 12, 2021 3:03 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 175
Views: 46996

Re: v6.48.5 [long-term] is released!

Download on PC the 7.1rc6 based on right platform used on your routerboard, open routeros-7.1rc6-xxxxxx.npk with 7-ZIP (or similar), go to /etc/ and extract the xxxxx-7.1rc6.fwf based on firmware type that have your routerboard. put the file inside the root folder on winbox go to system / routerboar...
by rextended
Fri Nov 12, 2021 2:53 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 175
Views: 46996

Re: v6.48.5 [long-term] is released!

I suggest you to progress 6.44.6, 6.46.8, 6.47.10, 6.48.5
Upgrade at least on 6.47.10 also the BIOS (RouterBOOT), that is the problem on 6.48.5 (and 6.49).
Ignore 6.45.x (6.45.9)
6.49 is not a long-term release
by rextended
Fri Nov 12, 2021 2:47 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

+ 1
by rextended
Fri Nov 12, 2021 12:06 pm
Forum: Scripting
Topic: elif statement
Replies: 9
Views: 5669

Re: elif statement

The better is a @SiB variant, because you can change, or is changed, the tested value. Like "elseif" or switch are executed only one instance. (SiB errors fixed, is valid code) :global n 2 { :local MyFunc do={ :put $1; :set $n 0 } :local MyFuncU do={ :put "Out of range (1-3) values fo...
by rextended
Thu Nov 11, 2021 8:23 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

What is the solution?
Do not buy MikroTik products.
by rextended
Thu Nov 11, 2021 12:52 pm
Forum: Announcements
Topic: Securing your device is important
Replies: 50
Views: 28629

Re: Securing your device is important

Better if it is, for example, to enable this functionality only with serial port or on netinstall event...
Never from winbox / ssh / web.

As an ISP I use netinstall to prepare the devices before putting them in the users' house or roof.
by rextended
Thu Nov 11, 2021 10:56 am
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

But you wrote above: pressed over 600s = boot normally like nothing is done So? read: https://forum.mikrotik.com/viewtopic.php?p=890398#p890384 I think it was clear that every time the button was released... Added warning for never released button. Yesterday I went home and left the button pressed ...
by rextended
Thu Nov 11, 2021 10:51 am
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

[...] If the reset button gets damaged / shorted you'd end up with a brick, this way it does no harm.[...]
If reset button is damaged on "shorted" position, the routerboard never boot again...
Just if you unsoldering the broken "shorted" button, the routerboard start again.
by rextended
Thu Nov 11, 2021 10:33 am
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

I'll open a ticket that the manual is wrong, based on your findings. Dear Znevna, at this time is clear that misusing protected-routerboard brick the device, and is unrecuperable with Netinstall. On the past, before introducing the reformat-hold-button-max, if you use the correct timing, Netinstall...
by rextended
Thu Nov 11, 2021 10:07 am
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

Please someone than can speak/write english help me to correct this post:

viewtopic.php?t=179987#p890288

for not be ambiguos or not understandable.

Thanks.
by rextended
Thu Nov 11, 2021 3:42 am
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

reformat-hold-button-max (5s .. 600s; Default: 10m)
Try to hold down a small button for 10 minutes without loosing the press (start over) or kill your finger.....
I use this
Image
by rextended
Wed Nov 10, 2021 7:09 pm
Forum: General
Topic: Block torrent downloads
Replies: 10
Views: 1052

Re: Block torrent downloads

Block all "new" incoming UDP connection vs the user (the estabilished and related are passing because the request start from user side) Download torrent "dat" files from various source and block the IPs ranges of all servers. This make more hard to estabilish again the connection...
by rextended
Wed Nov 10, 2021 7:02 pm
Forum: RouterOS v7 BETA
Topic: Is the fetch tool working with HTTPS?
Replies: 5
Views: 757

Re: Is the fetch tool working with HTTPS?

"https://10.10.3.21/firehol_level1" without ".rsc" at the end?
Do not use "redirect" to download file. (do not generate content based on page requested "firehol_level1")
Put the correct non-redirected url.
by rextended
Wed Nov 10, 2021 6:46 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

I publish the other test results tomorrow (press reset and keep pressed after led on for use 6.47.10 BIOS boot code).
by rextended
Wed Nov 10, 2021 6:28 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

Tested with one RB911G-5HPnD that have RouterBOOT 6.43.7 as factory (backup), RouterBOOT 6.47.10 as current, and running RouterOS 6.47.10 # RouterOS 6.47.10 model: 911G-5HPnD firmware-type: ar9340 factory-firmware: 6.43.7 current-firmware: 6.47.10 upgrade-firmware: 6.47.10 /system routerboard settin...
by rextended
Wed Nov 10, 2021 5:38 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

I give you my word of honor that in this moment I am trying everything again, because you have put the doubt on me. From post #47: If you use correct time, you can use netinstall with "keep old configuration" you lose only the files, WRONG, ALSO IF YOU KNOW THE RIGHT TIME, ALL IS LOST. Thi...
by rextended
Wed Nov 10, 2021 5:32 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

If you use correct time, you can use netinstall with "keep old configuration" you lose only the files, EDIT: WRONG, ALSO IF YOU KNOW THE RIGHT TIME, ALL IS LOST. This clean also the BIOS settings and all protected routerboot settings. if you do not know the correct time, and the button is...
by rextended
Wed Nov 10, 2021 5:27 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

And I'm also the author of this guide, wroten some time ago...
viewtopic.php?t=94303#p580430
by rextended
Wed Nov 10, 2021 5:26 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

https://forum.mikrotik.com/viewtopic.php?t=94303#p513933 This feature is not to prevent something from being stolen This feature is not to prevent something from being stolen. It is to protect your data. The feature allows to block device from using network boot to access your data without password....
by rextended
Wed Nov 10, 2021 5:22 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

You do understand than you can hold more than 600s the button? https://forum.mikrotik.com/viewtopic.php?t=94303#p498657 >>> [...] But what exactly happens when someone holds reset button more then 5 minutes? [...] Normis : [...] Just like manual explains, it will erase the NAND in a secure way , and...
by rextended
Wed Nov 10, 2021 5:07 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

The procedure is for start etherbot / netinstall, Is still possible clear all and use again the router (obviously losing all inside) The protected routerboot do not prevent reset. EDIT: Please read post #51 https://forum.mikrotik.com/viewtopic.php?t=179987#p890288 Normis: https://forum.mikrotik.com...
by rextended
Wed Nov 10, 2021 4:54 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8830

Re: Mikrotik router Hacked!!!

The protected routerboot is only for not start the router on etherboot and steal the config / certificates / files inside. The protected routerboot do not prevent netinstall, because after at least 600s reset pressed, the BIOS format NAND/Flash and clean RouterBOOT settings at the end, after that s...
by rextended
Wed Nov 10, 2021 4:39 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 175
Views: 46996

Re: v6.48.5 [long-term] is released!

If the problem is really the RouterBOOT 6.41.4 or older (if someone do not know the differencies between RouterBOOT and RouterOS is better to shut up) negligence on MikroTik staff can be advised, BUT, is worst the negligence on the users, because the latest "bug free" BIOS is (actually) 6....
by rextended
Wed Nov 10, 2021 4:17 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 175
Views: 46996

Re: v6.48.5 [long-term] is released!

(duplicate)
by rextended
Mon Nov 08, 2021 1:29 pm
Forum: Scripting
Topic: CRS and PoE function
Replies: 2
Views: 855

Re: CRS and PoE function

Examples using address-list or log and firewall, just one idea: Knoking port 11111 from ip 192.168.0.55 enable port 1 poe, Knoking port 11112 from ip 192.168.0.55 enable port 2 poe, etc. Knoking port 10001 from ip 192.168.0.55 disable port 1 poe, Knoking port 10002 from ip 192.168.0.55 disable port ...
by rextended
Mon Nov 08, 2021 12:48 pm
Forum: General
Topic: Captive Portal API RCF8908
Replies: 11
Views: 1529

Re: Captive Portal API RCF8908

[...]
HotSpot,
for me is a dead market.
Any time spent on this do not have any proper revenue.
2,4GHz spectrum are dead and LTE/5G technologies on every device, make HotSpot useless.
[...]
by rextended
Sat Oct 30, 2021 1:34 pm
Forum: Scripting
Topic: Writing variables to a file in a script
Replies: 2
Views: 695

Re: Writing variables to a file in a script

On MikroTik, working with a file is limited to 64KB. You can create .csv for Excel, but you must keep one eye on file size, if 64KB is reached, the script no longer works. The file everytime have .txt at the end and you must rename it inside Windows removing .txt to open it with excel. Set WinSep wi...
by rextended
Sat Oct 30, 2021 1:00 pm
Forum: Scripting
Topic: Script to keep a NAT rule at top [SOLVED]
Replies: 12
Views: 1688

Re: Script to keep a NAT rule at top [SOLVED]

EDIT:
Added the missing description of what happen if multiple rules have ONTOP as comment on 1st case,
and another script with the ability to sort multiple rules at time.
by rextended
Fri Oct 29, 2021 4:17 pm
Forum: Scripting
Topic: Script to keep a NAT rule at top [SOLVED]
Replies: 12
Views: 1688

Re: Script to keep a NAT rule at top [SOLVED]

Add a comment to the NAT masquerade rule that be moved on top... like "ONTOP" Schedule this: /ip firewall nat :if ( ([find]->0) != ([find where comment="ONTOP"]->0) ) do={ move [find where comment="ONTOP"] destination=*0 } If "ONTOP" not exist, or NAT is empty...
by rextended
Thu Oct 28, 2021 8:15 pm
Forum: Scripting
Topic: Script to keep a NAT rule at top [SOLVED]
Replies: 12
Views: 1688

Re: Script to keep a NAT rule at top [SOLVED]

Wrong approach?

What regenerate the NAT rule?

Simply update the rule instead to delete and recreate...
by rextended
Thu Oct 28, 2021 8:08 pm
Forum: SwOS
Topic: feature request - https for webui
Replies: 17
Views: 4547

Re: feature request - https for webui

By this logic, you don't believe in putting locks on doors or windows because there are big enough tools in the world to defeat these common protections. So, I wonder: Does rextended lock his doors when he leaves home? Don't be a hypocrite, now...tell the truth. :lol: I'm well acquainted with the l...
by rextended
Thu Oct 28, 2021 6:04 pm
Forum: General
Topic: Fair priced security/firewall assistance needed
Replies: 3
Views: 385

Re: Fair priced security/firewall assistance needed

Default rules "concept" can protect any ISP
by rextended
Thu Oct 28, 2021 5:58 pm
Forum: SwOS
Topic: feature request - https for webui
Replies: 17
Views: 4547

Re: feature request - https for webui

You're just fooled by cryptography, look for Zuchongzhi 2.1 and Jiuzhang 2.0, nothing is secure now, devices 10 million times faster than traditional "supercomputers" can decrypt anyting on some minutes or seconds, or less...
by rextended
Fri Oct 22, 2021 3:06 am
Forum: Scripting
Topic: Mikrotik RouterOS automatic backup and update script
Replies: 18
Views: 11989

Re: Mikrotik RouterOS automatic backup and update script

Here is how to send this as a single command which is useful when upgrading devices in bulk in ISPApp: /system package update check-for-updates once; delay 3s; if ( [/system package update get status] = "New version is available") do={ /system package update install } This is one of the s...
by rextended
Mon Oct 18, 2021 7:51 pm
Forum: General
Topic: Help to Drop Download in mikrotik 6.X or 5.x
Replies: 7
Views: 745

Re: Help to Drop Download in mikrotik 6.X or 5.x

connection-bytes=1970000-0 i don't understand how 197000-0 = 10 Mb First of all is 1970000, with 4 zeros, not 3 then are bytes (as the name) and not bit. 1970000-0 is one interval, from 0 to 1970000 bytes passed inside that connection 1970000 bytes = 8 * 1970000 bits = 15760000 bit and on the wrong...
by rextended
Fri Oct 15, 2021 6:16 pm
Forum: Wireless Networking
Topic: How many clients on CAP XL AC?
Replies: 6
Views: 1304

Re: How many clients on CAP XL AC?

The question is really silly because it does not take into account, for example, that not all devices have 2 or more streams, ac radios, high gain antennas and high efficiency radios. On average they only have 2GHz and they all interfere with each other, plus they hurt if they move away due to the t...
by rextended
Fri Oct 15, 2021 1:38 pm
Forum: Wireless Networking
Topic: How many clients on CAP XL AC?
Replies: 6
Views: 1304

Re: How many clients on CAP XL AC?

2007
by rextended
Fri Oct 15, 2021 1:22 pm
Forum: General
Topic: 1:1 NATting of /29 subnet
Replies: 3
Views: 519

Re: 1:1 NATting of /29 subnet

Use netmap on Right Order against other rules
/ip firewall nat
[...]
add action=netmap chain=dstnat dst-address=1.1.1.3 to-addresses=10.0.0.7
add action=netmap chain=srcnat src-address=10.0.0.7 to-addresses=1.1.1.3
[...] 
add chain=srcnat action=masquerade [...]
[...]
by rextended
Fri Oct 15, 2021 1:03 pm
Forum: General
Topic: How can I change the default route for a packet (or put routes into multiple tables)?
Replies: 7
Views: 629

Re: How can I change the default route for a packet (or put routes into multiple tables)?

On future keep one eye on VRF...

Actually with all "manual" only, can be doed by scripting, copyng all, except 0.0.0.0/0 from main to alternate table
by rextended
Fri Oct 15, 2021 12:35 pm
Forum: General
Topic: rancid script stop collecting config after upgrade to 6.49
Replies: 11
Views: 1299

Re: rancid script stop collecting config after upgrade to 6.49

Like all software on the world, MikroTik can change something on his product, and are the other software producers than must align his own product. Your post is confusing, and I don't understand anything about it. It assumes someone uses Rancid and knows what you're talking about. You must ask the q...
by rextended
Fri Oct 15, 2021 12:29 pm
Forum: General
Topic: rancid script stop collecting config after upgrade to 6.49
Replies: 11
Views: 1299

Re: rancid script stop collecting config after upgrade to 6.49

Rancid is not a MikroTik product.

Ask the authors of Rancid.
by rextended
Fri Oct 15, 2021 11:59 am
Forum: General
Topic: How can I change the default route for a packet (or put routes into multiple tables)?
Replies: 7
Views: 629

Re: How can I change the default route for a packet (or put routes into multiple tables)?

I do not understand how you think, instead of mark all and have the need of duplicate "main" table, Simply mark only, checking source and destination, when the packet must follow another path... Or better do not use firewall for do routing , instead use... Routing for do routing... use Rou...
by rextended
Thu Oct 14, 2021 6:25 pm
Forum: The Dude
Topic: The Dude 6.40.8 - db failure: database disk image is malformed
Replies: 39
Views: 17564

Re: The Dude 6.40.8 - db failure: database disk image is malformed

do not forget VACUUM

type VACUUM;

between recover and quit ( ; must be typed!!! )
by rextended
Thu Oct 14, 2021 4:43 pm
Forum: General
Topic: [SOLVED] IP CLOUD, Google, YouTube ,mikrotik.com, Gmail not working!
Replies: 14
Views: 1123

Re: IP CLOUD, Google, YouTube ,mikrotik.com, Gmail not working!

you try this ??? MikroTik standard "ping" packet is usually 50k (NOT the "payload", but the FULL packet), is impossible that is a MTU problem, from "ping" point of view. Try to ping something, if work, ping with on advanced the Dont fragment flag set, starting from 1500...
by rextended
Thu Oct 14, 2021 4:17 pm
Forum: Scripting
Topic: Replace characters in string (url encode)
Replies: 16
Views: 17592

Re: Replace characters in string (url encode)

Yes is a bug, but for circumvent it and produce valid code, for not have error when sometime on the future is fixed: :local arr1 [:toarray ""]; :set ($arr1->"\$") "%24"; :put ($arr1->"\$") Must be also considerered ? and " and \ like $ Added also TAB and ...
by rextended
Thu Oct 14, 2021 3:56 pm
Forum: Scripting
Topic: Send SMS to mobile
Replies: 2
Views: 869

Re: Send SMS to mobile

The correct syntax for MikroTik modules onboard (not USB or others), for example RBwAPR-2nD + R11e-LTE /tool sms send lte1 phone-number=00000000 message="xxxxxxxxxxxxxx" The message must be on General GSM 7 encoding alphabet format, for example "ążźćęłóńÀÁÈÉÌÍÒÓÙÚ" etc. are unsup...
by rextended
Thu Oct 14, 2021 3:44 pm
Forum: General
Topic: [SOLVED] IP CLOUD, Google, YouTube ,mikrotik.com, Gmail not working!
Replies: 14
Views: 1123

Re: IP CLOUD, Google, YouTube ,mikrotik.com, Gmail not working!

Paste this on terminal /interface detect-internet set detect-interface-list=none /ip address set [find where address="192.168.1.1/24"] interface=bridge you have pppoe-client or dhcp client? if you have only pppoe-client paste also this: /ip dhcp-client remove [find] on nat you have 3 masqu...
by rextended
Wed Oct 13, 2021 6:55 pm
Forum: Scripting
Topic: How do I remove the space in the output to separate the digits?
Replies: 3
Views: 919

Re: How do I remove the space in the output to separate the digits?

Do not ask help for do things on wrong way...

If you use "print" on scripting, you do something on wrong way...

What you try to achieve?
by rextended
Wed Oct 13, 2021 3:44 am
Forum: Beginner Basics
Topic: VPN to connect home network to cottage
Replies: 107
Views: 5272

Re: VPN to connect home network to cottage

@hahnhell
The export is really Sympatic oh...
you forgot to Hide Something while Export...

Now you understand the first "hint" ??? :lol:
by rextended
Wed Oct 13, 2021 3:43 am
Forum: Beginner Basics
Topic: VPN to connect home network to cottage
Replies: 107
Views: 5272

Re: VPN to connect home network to cottage

ma..... :lol: :lol: :lol:
by rextended
Wed Oct 13, 2021 3:24 am
Forum: Beginner Basics
Topic: VPN to connect home network to cottage
Replies: 107
Views: 5272

Re: VPN to connect home network to cottage

[removed for not provide hint...]
by rextended
Wed Oct 13, 2021 3:13 am
Forum: Beginner Basics
Topic: VPN to connect home network to cottage
Replies: 107
Views: 5272

Re: VPN to connect home network to cottage

Sympatico HSE is Virgin?
by rextended
Wed Oct 13, 2021 2:41 am
Forum: Beginner Basics
Topic: VPN to connect home network to cottage
Replies: 107
Views: 5272

Re: VPN to connect home network to cottage

@hahnhell
The export is really Sympatic oh...
you forgot to Hide Something while Export...
by rextended
Wed Oct 13, 2021 1:52 am
Forum: General
Topic: Problem with failover and second wan connection
Replies: 15
Views: 954

Re: Problem with failover and second wan connection

Remove the export, it says more than you think... 240... with open WinBox and hackable RouterOS version...
by rextended
Tue Oct 12, 2021 8:17 pm
Forum: Scripting
Topic: Script Error
Replies: 23
Views: 2249

Re: Script Error

count=5] >= 5
ehm...
by rextended
Tue Oct 12, 2021 10:01 am
Forum: General
Topic: Best Way of Blocking System In mikrotik
Replies: 2
Views: 399

Re: Best Way of Blocking System In mikrotik

Please cooperate: read all thousand of posts about the same topic, instead to open again another topic for the same reason... On few words: You can not block anything until you do not have full control over devices used. Just blocking the IP is a valid solution, but you must continuosly update the &...
by rextended
Mon Oct 11, 2021 2:22 pm
Forum: Scripting
Topic: Remove Nat Sessions on a specific event
Replies: 19
Views: 3073

Re: Remove Nat Sessions on a specific event

create a netwatch for that IP and put on both on-down and on-up this: /ip fire conn :foreach idc in=[find where (timeout > 60) and (reply-dst-address ~ "10.254.251.254")] do={ remove [find where .id=$idc] } please do not alter the timeout https://forum.mikrotik.com/viewtopic.php?f=13&t...
by rextended
Fri Oct 08, 2021 2:54 pm
Forum: General
Topic: NTP client possible bug?!?!
Replies: 17
Views: 1007

Re: NTP client possible bug?!?!

Because this:
I'm using ntp1.neology.co.za everywhere

Both neology servers behave as if they are down.

These work:
ntp.is.co.za (Johannesburg)
ntp2.is.co.za (Cape Town)

Very bad idea "hardcode" DNS or IP not under own control...
by rextended
Fri Oct 08, 2021 2:49 pm
Forum: General
Topic: NTP client possible bug?!?!
Replies: 17
Views: 1007

Re: NTP client possible bug?!?!

If status is started the NTP server do not provide sync.
Only when NTP Client is status: synchronized NTP Server provide the right time.
by rextended
Fri Oct 08, 2021 2:42 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 175
Views: 46996

Re: v6.48.5 [long-term] is released!

What is the last version where IPv6 on IP Cloud work?
by rextended
Fri Oct 08, 2021 2:39 pm
Forum: General
Topic: NTP client possible bug?!?!
Replies: 17
Views: 1007

Re: NTP client possible bug?!?!

Have you read my post?
by rextended
Fri Oct 08, 2021 2:31 pm
Forum: RouterOS v7 BETA
Topic: Can't import config on some routers
Replies: 11
Views: 1420

Re: Can't import config on some routers

@Charg /interface bridge # REPLACE add comment=defconf name=bridge1 # WITH add comment=defconf name=bridge1 protocol-mode=none admin-mac=[/int ethernet get ether2 mac-address] auto-mac=no /interface bridge port # REMOVE THIS LINE --->>> add bridge=bridge1 comment=defconf disabled=yes interface=ether...
by rextended
Fri Oct 08, 2021 2:26 pm
Forum: General
Topic: NTP client possible bug?!?!
Replies: 17
Views: 1007

Re: NTP client possible bug?!?!

Where you read the clock? On the video?
Some seconds of differencies can be possible, because the image is processed before you can seee it on video...
by rextended
Thu Oct 07, 2021 2:49 pm
Forum: General
Topic: Get version number in variable
Replies: 3
Views: 709

Re: Get version number in variable

Do not use print on scripts, until command already exist for do the same on simpler way.

What exactly you want?

RouterOS version
:global rosver [/system resource get version] 

or RouterBOOT version?
:global rbootver [/system routerboard get current-firmware]
by rextended
Thu Oct 07, 2021 1:59 am
Forum: Scripting
Topic: get within a nested if
Replies: 1
Views: 869

Re: get within a nested if

your script is not indented, and have some syntax errors get [find address="172.16.2.2/32"] enabled this is impossible because "get enabled" do not exist, exist only "get disabled" disabling what already is disabled do nothing, enabling what already is enabled, only on ...
by rextended
Thu Oct 07, 2021 1:44 am
Forum: Scripting
Topic: Scheduler add on-event={multi-line script} ? [SOLVED]
Replies: 1
Views: 1206

Re: Scheduler add on-event={multi-line script} ? [SOLVED]

{ } just for test on terminal { :local test 5 /system scheduler add name=Every10s on-event=":log warning \"$test\"" interval=00:00:10 } { :local line1 ":log warning Line1" :local line2 ":log warning Line2" :local line3 ":log warning Line3" /system sc...
by rextended
Wed Oct 06, 2021 7:42 pm
Forum: Scripting
Topic: Script Error
Replies: 23
Views: 2249

Re: Script Error

Too much strict, someting can fill the connection and reboot the device without reason...
by rextended
Wed Oct 06, 2021 7:37 pm
Forum: General
Topic: sysObjectID
Replies: 11
Views: 818

Re: sysObjectID

The OP say that the model are reported on sysObjectID, instead is on sysDescr
by rextended
Wed Oct 06, 2021 7:32 pm
Forum: General
Topic: sysObjectID
Replies: 11
Views: 818

Re: sysObjectID

I see on all device sysObjectID is a pointer to specific vendor system object, and is used sysDescr for model. Something on your assumption is wrong. Ubiquity sysObjectID iso.org.dod.internet.private.enterprises.netSnmp.netSnmpEnumerations.netSnmpAgentOIDs.linux sysDescr Linux ***censored*** AF5XHD ...
by rextended
Wed Oct 06, 2021 7:23 pm
Forum: Scripting
Topic: Script Error
Replies: 23
Views: 2249

Re: Script Error

at least 3 fail?
10 - 3 = 7 (at least 7 good)
< 8 (worst than 8, because 8 are good, only 2 fail)
by rextended
Wed Oct 06, 2021 7:17 pm
Forum: RouterOS v7 BETA
Topic: bug? - graphs 404 error in https mode
Replies: 4
Views: 1215

Re: bug? - graphs 404 error in https mode

certificate=none

notice something?
by rextended
Wed Oct 06, 2021 6:46 pm
Forum: Scripting
Topic: Script Error
Replies: 23
Views: 2249

Re: Script Error

Is there a way to alter this script so if the ping response fails three times it will reboot the router rather than disable / enable the LTE interface. Yes... :global ltestatus :if ([:typeof $ltestatus] = "nothing") do={:set ltestatus "offline"} /interface lte :if ([:len [find]]...
by rextended
Wed Oct 06, 2021 6:39 pm
Forum: General
Topic: sysObjectID
Replies: 11
Views: 818

Re: sysObjectID

You must adapt your software, not MikroTik adapt RouterOS to your wish...

sysDescr already exist
by rextended
Wed Oct 06, 2021 11:46 am
Forum: General
Topic: sysObjectID
Replies: 11
Views: 818

Re: sysObjectID

Return everytime the same value because is the same RouterOS for all devices. Use sysDescr instead. iso.org.dod.internet.mgmt.mib-2.system.sysObjectID.0 = iso.org.dod.internet.private.enterprises.mikrotik.mikrotikExperimentalModule iso.org.dod.internet.mgmt.mib-2.system.sysDescr.0 = RouterOS RB SXT ...
by rextended
Wed Oct 06, 2021 11:31 am
Forum: The Dude
Topic: Get current firmware version using SNMP?
Replies: 9
Views: 11214

Re: Get current firmware version using SNMP?

Current BIOS (RouterBOOT / Firmware)
1.3.6.1.4.1.14988.1.1.7.4.0
=
iso.org.dod.internet.private.enterprises.mikrotik.mikrotikExperimentalModule.mtXRouterOs.mtxrSystem.mtxrFirmwareVersion.0
by rextended
Wed Oct 06, 2021 11:21 am
Forum: General
Topic: The Dude
Replies: 4
Views: 506

Re: The Dude

That's not true, there are already too many arguments about it, I don't want to re-explain it all over again. An example over everything, I have a user manager on RB1100AHx2 (not the newest, but the 2009 model) that still works perfectly and probably the user manager writes more data to disk than Th...
by rextended
Wed Oct 06, 2021 10:14 am
Forum: General
Topic: The Dude
Replies: 4
Views: 506

Re: The Dude

Nice and clear title, we quickly understand what the problem is... and put it in the right section of the forum as well.

If you can't figure out how to create a topic on the right way...
do you understand the differences between Memory and "Disk"?
by rextended
Wed Oct 06, 2021 10:09 am
Forum: General
Topic: sysObjectID
Replies: 11
Views: 818

Re: sysObjectID

Is not already on this way?
by rextended
Wed Oct 06, 2021 2:14 am
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 486
Views: 209467

Re: MikroTik smartphone app (ex Tik-App)

Simply: on default settings, RouterOS "phone home"
by rextended
Tue Oct 05, 2021 6:35 pm
Forum: Scripting
Topic: Copy Dynamic ip pptp-out1 to nat address
Replies: 4
Views: 991

Re: Copy Dynamic ip pptp-out1 to nat address

Better on this way: :global status [/interface get pptp-out1 running] :if ($status) do={ :global old [/ip firewall nat get [find where comment="Loopback"] to-addresses] :global new [/ip address get [find where dynamic=yes and interface="pptp-out1"] address] :set new [:pick $new 0...
by rextended
Tue Oct 05, 2021 6:19 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 486
Views: 209467

Re: MikroTik smartphone app (ex Tik-App)

@jbl42 RouterOS "phone home", on default settings, you do not notice that on your tightly monitored network???
by rextended
Tue Oct 05, 2021 4:41 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 486
Views: 209467

Re: MikroTik smartphone app (ex Tik-App)

No, on XNU "Xnu is Not Unix" / Darwin
by rextended
Tue Oct 05, 2021 4:26 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 486
Views: 209467

Re: MikroTik smartphone app (ex Tik-App)

Don't ask me, I didn't say it, and I don't have those conditioning tools.
by rextended
Tue Oct 05, 2021 4:19 pm
Forum: Beginner Basics
Topic: How to properly manage multiple mikrotik routers?
Replies: 6
Views: 1130

Re: How to properly manage multiple mikrotik routers?

The Dude work perfectly also on remote devices, also by VPN... If you have at least one public IP, you can make VPN between all remote devices and the Router with public IP. If that link is for administrative purpose only (not for link the shops) you can, with proper config, "see" all remo...
by rextended
Tue Oct 05, 2021 3:28 pm
Forum: General
Topic: winbox can't work correctly if "users" folder moved from disk C:
Replies: 16
Views: 1255

Re: winbox can't work correctly if "users" folder moved from disk C:

any existing icon properties
link, not icon???
by rextended
Tue Oct 05, 2021 3:27 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 486
Views: 209467

Re: MikroTik smartphone app (ex Tik-App)

I'm using a lot of scripts on my MT devices, scripts are ran through Terminal which is not available on IOS.
Not sure why IOS bans use of Terminal in MT app.
Because Apple has decided, for you, that you don't need the terminal, Apple informs you that you have to comply.
by rextended
Mon Oct 04, 2021 9:25 pm
Forum: RouterOS v7 BETA
Topic: [Feature Request] openvpn push route
Replies: 10
Views: 4727

Re: [Feature Request] openvpn push route

-1
Wireguard and the others still exist.
by rextended
Mon Oct 04, 2021 9:21 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: Access List SRC List for Users and IP Services
Replies: 3
Views: 1090

Re: Feature Request: Access List SRC List for Users and IP Services

What's the problem with adding addresses directly into those fields, instead of using an address list?

Is better not mix users, services and firewall...
by rextended
Mon Oct 04, 2021 9:17 pm
Forum: Wireless Networking
Topic: Missing Country and 5GHz Frequencies on hAP ac lite [Solved]
Replies: 3
Views: 1034

Re: Missing Country and 5GHz Frequencies on hAP ac lite

The US models are locked as imposed from FCC if MikroTik want sale his product on USA (like all other vendors).
Are not unlockable.

Complain the FCC.
by rextended
Mon Oct 04, 2021 9:11 pm
Forum: General
Topic: SSTP-Server with LetsEncrypt certificate
Replies: 2
Views: 540

Re: SSTP-Server with LetsEncrypt certificate

Remember: all certificates are registered on public registry , simply searching other certificate fields can be finded the fqdn....
by rextended
Mon Oct 04, 2021 8:59 pm
Forum: Beginner Basics
Topic: gratuitous arp issue
Replies: 16
Views: 1761

Re: gratuitous arp issue

Remove the config, you leave the no-ip script with password...

The points are 3:
1) is extermely hard give help without the config...
2) is extemely easy forget to remove something that must do not go public on the config...
3) do not use same password for no-ip and for winbox...
by rextended
Mon Oct 04, 2021 7:38 pm
Forum: Beginner Basics
Topic: gratuitous arp issue
Replies: 16
Views: 1761

Re: gratuitous arp issue

I see your public IP address correctly, also the username, because you are so kind to censor it within the image, but you forget to censor the title...

You must use a VPN to access your router instead to leave it open to the world with default port...

Mi sa che non sei poi stato così Fortunato...
by rextended
Mon Oct 04, 2021 7:20 pm
Forum: General
Topic: winbox can't work correctly if "users" folder moved from disk C:
Replies: 16
Views: 1255

Re: winbox can't work correctly if "users" folder moved from disk C:

@kirost
instead to ask on forum or search one file, you have Simply used the function for do that?

on WinBox / Tools / Move Session Folder...
by rextended
Mon Oct 04, 2021 1:03 am
Forum: Beginner Basics
Topic: Disable all unused interfaces with one command.
Replies: 5
Views: 686

Re: Disable all unused interfaces with one command.

Why all that code for one simple thing? Is better: for each item finded not running on interfaces go on interface ethernet and set on that interface ID the attribute disabled equal to yes ( this give error for each non-ethernet interface finded not running that give a non-ethernet ID to ethernet-set...
by rextended
Mon Oct 04, 2021 12:59 am
Forum: Beginner Basics
Topic: Firewall Rules Factory Setting [SOLVED]
Replies: 7
Views: 1110

Re: Firewall Rules Factory Setting [SOLVED]

Another zombie machine is coming out...
by rextended
Sun Oct 03, 2021 9:36 pm
Forum: General
Topic: Blocking Routers
Replies: 11
Views: 855

Re: Blocking Routers

I suggest HotSpot from the start....
by rextended
Sun Oct 03, 2021 5:13 pm
Forum: Beginner Basics
Topic: i need an solution
Replies: 9
Views: 1112

Re: i need an solution

I think he mean: I do not have one public IP (only NAT or double-NAT) for use with cloud wher is the camera...
by rextended
Sun Oct 03, 2021 4:31 pm
Forum: Beginner Basics
Topic: i need an solution
Replies: 9
Views: 1112

Re: i need an solution

Yes, is perfectly possible, and you have described the soluction for yourself.
by rextended
Sun Oct 03, 2021 4:30 pm
Forum: General
Topic: vlan translation help
Replies: 20
Views: 1201

Re: vlan translation help

You have try Google Translation?
by rextended
Sun Oct 03, 2021 4:29 pm
Forum: General
Topic: Blocking Routers
Replies: 11
Views: 855

Re: Blocking Routers

Simply one SSTP VPN, one connection, "infinite" uses.
by rextended
Sun Oct 03, 2021 3:55 pm
Forum: Scripting
Topic: DHCP automatic dynamic to static
Replies: 14
Views: 8986

Re: DHCP automatic dynamic to static

nahradit <dhcp-server-name> název serveru DHCP, ze kterého nechcete, aby byl odstraněn: # Remove all static DHCP and corenspondig DNS leases more than 100 week old :local counter 0 /ip dhcp-server lease :foreach id in=[find where server!="<dhcp-server-name>" and dynamic=no and last-seen~&q...
by rextended
Sun Oct 03, 2021 3:38 pm
Forum: The Dude
Topic: Dude Client unable to connect, stuck on "getting stuff"
Replies: 16
Views: 3534

Re: Dude Client unable to connect, stuck on "getting stuff"

The Dude internal database and the Image and tne MIBs etc. are transferred at ridiculous speed from The Dude to PC before it open. it is probably why you must wait so much time to open The Dude on PC... Is the same on my, if I clean, for test, all the history / log /errors from the database with sql...
by rextended
Sun Oct 03, 2021 3:27 am
Forum: Scripting
Topic: Persistent Environment Variables
Replies: 8
Views: 2280

Re: Persistent Environment Variables

Sorry, but I think this is out of interest from MikroTik until the release of RouterOS 7.7.7 (stable)
by rextended
Sat Oct 02, 2021 5:50 pm
Forum: Beginner Basics
Topic: Firewall question.
Replies: 5
Views: 696

Re: Firewall question.

Let's not waste time with commas,
there can be no destination-free packages.

The very fact that the packet reaches the router means that there was at least one destination for it: the router.
by rextended
Sat Oct 02, 2021 4:20 pm
Forum: General
Topic: [resolved] right led on ether1 is always on
Replies: 2
Views: 358

Re: right led on ether1 is always on

Fastly, return on warranty
by rextended
Sat Oct 02, 2021 4:17 pm
Forum: Beginner Basics
Topic: DHCP / Weird range given?
Replies: 2
Views: 460

Re: DHCP / Weird range given?

export, not novels

and the address on network must be 10.10.10.0/24
by rextended
Sat Oct 02, 2021 4:05 pm
Forum: Scripting
Topic: Useful scripts
Replies: 95
Views: 157750

Re: Useful scripts

Ok, I write "someone reinvented the wheel", but I do not say that your work (among the other dozen of scripts libraries like your) is useless. Remembert than I'm everytime ready to help and learn from others, you included. About: :if ([/system package get [find name=wireless] disabled] = f...
by rextended
Sat Oct 02, 2021 3:52 pm
Forum: Scripting
Topic: Built in function library
Replies: 98
Views: 46779

Re: Built in function library

Miao? (Italian Meow)

P.S.: The forum is continuosly scanned from Google, Bing and others, every link is followed from the spider bots...
Is probable that all latest user (for sure except one) are bots....
Baidu [Spider]
Bing [Bot]
Google [Bot]
Google Feedfetcher
etc.
by rextended
Sat Oct 02, 2021 3:49 pm
Forum: Scripting
Topic: Script MD5 Hash Generator
Replies: 11
Views: 12362

Re: Script MD5 Hash Generator

I must admit than you are really polite, because not often I see someone that ask permission, when the others neither thanks for the use...

Thanks.
by rextended
Sat Oct 02, 2021 3:42 pm
Forum: Scripting
Topic: Useful scripts
Replies: 95
Views: 157750

Re: Useful scripts

If MikroTik make a change, like syntax on v7, you have the probability that all your "system" stop working because interdipendance exist, instead with my methods of scripting, are blocked only the script that have inside the change involved. And are easily debuggable and fixable, because a...
by rextended
Sat Oct 02, 2021 3:16 pm
Forum: Scripting
Topic: Built in function library
Replies: 98
Views: 46779

Re: Built in function library

@SiB is another one that reinvent the wheel... Is an hell to follo all dependencies, also for debug, and if something is changed probably that breake some recurring dependance. Each script must have all the functions writed inside, and all must be clear. I prefer to provide Snippets, like on my sign...
by rextended
Sat Oct 02, 2021 3:01 pm
Forum: Scripting
Topic: Useful scripts
Replies: 95
Views: 157750

Re: Useful scripts

Another one reinvented the wheel...

Is better what I do on my Snippets: one simply clear action without interdipendency than can broke someting (or all) if something is changed on "shared" functions...
by rextended
Sat Oct 02, 2021 1:53 pm
Forum: Scripting
Topic: ✂ Rextended Fragments of Snippets
Replies: 4
Views: 3174

Re: ✂ Rextended Fragments of Snippets

Save and Restore global variables on reboot

viewtopic.php?f=9&t=170591&p=883422#p883422
by rextended
Sat Oct 02, 2021 1:30 pm
Forum: Scripting
Topic: Persistent Environment Variables
Replies: 8
Views: 2280

Re: Persistent Environment Variables

search tag # rextended save and restore global variables on reboot This is for save and restore variables with keeping the right data type on restore : Scheduled script do that every x minutes, on purpose store only variables, but do not store functions because regex values with too many "(&quo...
by rextended
Sat Oct 02, 2021 1:17 pm
Forum: Scripting
Topic: How to use the output of print in scripts?
Replies: 6
Views: 1152

Re: How to use the output of print in scripts?

Ok.... if you insist too much, I'm forced to give you the soluction, but I repeat: I hate the use of print commands on script... Do not remove the delays. :execute file=sysroupri.txt script="/system routerboard print" :delay 1s :put [/file get sysroupri.txt contents] :execute file=ipaddrpr...
by rextended
Sat Oct 02, 2021 12:00 pm
Forum: Scripting
Topic: tx-bytes rx-bytes have spaces and are unusable. Please help (edited and added more info)
Replies: 6
Views: 2728

Re: tx-bytes rx-bytes have spaces and are unusable. Please help (edited and added more info)

And... why API? I do not see on any post on this thread something about API...


Simply I see a wrong approach...

This is the solution.....
:put [/interface ethernet get ether1 rx-bytes]
2 778 266 326

:put ([/interface get ether1]->"rx-byte")
2739389845
by rextended
Sat Oct 02, 2021 11:39 am
Forum: Wireless Networking
Topic: LHG 60 does not connect at 2150m with los and perfect weather :(
Replies: 47
Views: 4558

Re: LHG 60 does not connect at 2150m with los and perfect weather :(

I have seen a few reports of the airfiber60lr locking up not sending data at random time, unlike the Nray which just works.
It's true, but after download newest 2.5.0 stop do that.
by rextended
Sat Oct 02, 2021 11:25 am
Forum: Beginner Basics
Topic: Firewall question.
Replies: 5
Views: 696

Re: Firewall question.

Is impossible than a packet do not have any destination. A new connection is not equal as invalid connection. What does not yet exist, cannot be invalid The packets are "invalid" when connection-tracking is broken because, for example, ISP assign another IP on WAN interface, etc. If you d...
by rextended
Sat Oct 02, 2021 11:20 am
Forum: Wireless Networking
Topic: nRAY vs LHG 60G
Replies: 28
Views: 3679

Re: nRAY vs LHG 60G

I got more than what was described.
Something is wrong with the configuration or other non-evaluable things from the forum,
because I'm not there on the field to see.
by rextended
Sat Oct 02, 2021 11:10 am
Forum: Scripting
Topic: How to use the output of print in scripts?
Replies: 6
Views: 1152

Re: How to use the output of print in scripts?

Let me explain better, for my point of view: I hate print in a script. MikroTik send e-mail on text format, and for do nice table, is unadequate. On the example is missing to-string, because the as-value return an array, I have fixed the previious post with this: :put "blah blah blah $[:tostr [...
by rextended
Sat Oct 02, 2021 10:54 am
Forum: General
Topic: Blocking Routers
Replies: 11
Views: 855

Re: Blocking Routers

Dear @sysadmbonn , every suggestion you can have on public forum, can be read & circumvented from your user, because have mikrotik device and can search on mikrotik forum... @sindy do a perfect relation about that. And about identify how many user... I can do that but I'm not so stupid to reveal...
by rextended
Sat Oct 02, 2021 10:11 am
Forum: General
Topic: pppoe clients with multiple ISP links
Replies: 7
Views: 818

Re: pppoe clients with multiple ISP links

if it is a 5-port model, its total throughput will most likely be insufficient to handle the full 2 Gbit/s in each direction with PPPoE and bandwidth policing.
Ah... nice observation....
by rextended
Sat Oct 02, 2021 1:24 am
Forum: Scripting
Topic: How to use the output of print in scripts?
Replies: 6
Views: 1152

Re: How to use the output of print in scripts?

The "print" should only be used in exceptional cases. Mainly it is to print the text on the terminal, instead of using it on the script. :put "blah blah blah $[:tostr [/system routerboard print as-value]] blah blah blah" :put "blah blah blah $[:tostr [/ip address print as-va...
by rextended
Sat Oct 02, 2021 1:15 am
Forum: General
Topic: pppoe clients with multiple ISP links
Replies: 7
Views: 818

Re: pppoe clients with multiple ISP links

You do not have specified what rules apply to "split" the users on the 3 lines...
by rextended
Sat Oct 02, 2021 12:08 am
Forum: The Dude
Topic: Host Dude RB1100Dx4 for diffrent users
Replies: 4
Views: 2214

Re: Host Dude RB1100Dx4 for diffrent users

Is a fake user, just registered to write that and disappear....

You can not have multiple instances or separate maps for different users.
Use more than one device with the dude or a free CHR instances for each user on virtual machine.
by rextended
Fri Oct 01, 2021 3:09 pm
Forum: Beginner Basics
Topic: NAT rule, parameter: "to-address" in Winbox ... where ?
Replies: 26
Views: 1625

Re: NAT rule, parameter: "to-address" in Winbox ... where ?

Ahhh.. well... then it is also my merit when I make you puzzled to understand when I write and do not explain... :lol:
(because not everytime I have time... :P )
by rextended
Fri Oct 01, 2021 2:54 pm
Forum: General
Topic: WAN Failover questions
Replies: 3
Views: 550

Re: WAN Failover questions

1) are perfectly useless if you want only failover 2) Nevermind 3) Yes 0) @anav has provided the simplest configuration needed But if you use NAT, the "connection-tracked" still valid until not dropped by timeout. Everytime gateway change, if using NAT, the connection-tracking table must b...
by rextended
Fri Oct 01, 2021 2:43 pm
Forum: General
Topic: How to get rid of that "Cancel" button
Replies: 1
Views: 390

Re: How to get rid of that "Cancel" button

Ask Mikhmon, this is not a MikroTik product or problem.
by rextended
Fri Oct 01, 2021 2:36 pm
Forum: Beginner Basics
Topic: NAT rule, parameter: "to-address" in Winbox ... where ?
Replies: 26
Views: 1625

Re: NAT rule, parameter: "to-address" in Winbox ... where ?

my incompetence!!
What do you write... 90% of forum users (or more...) don't even know 1% of what you know...

You have often provided advice and solutions to those who also had a certification ...
by rextended
Fri Oct 01, 2021 2:35 pm
Forum: Beginner Basics
Topic: NAT rule, parameter: "to-address" in Winbox ... where ?
Replies: 26
Views: 1625

Re: NAT rule, parameter: "to-address" in Winbox ... where ?

Okay 3 errors ;-)) But you still know more almost infinity than I do, ref Networking and MT configurations, so not to worry!! Best if we drink some good Italian wine and joke about my incompetence!! I have proved you than the rules suggested to that user drop some DHCP traffic from client, and I pr...
by rextended
Fri Oct 01, 2021 2:31 pm
Forum: Beginner Basics
Topic: NAT rule, parameter: "to-address" in Winbox ... where ?
Replies: 26
Views: 1625

Re: NAT rule, parameter: "to-address" in Winbox ... where ?

No, wait, you are true, I made two mistake: 1) I tried to provide a solution to the OP without first asking to be more specific about what he wanted to do. 2) dangerous self-redirect : do not apply on this case because the output DNS requests from RouterBOARD go directly trought src-nat, do not pass...
by rextended
Fri Oct 01, 2021 2:22 pm
Forum: Beginner Basics
Topic: NAT rule, parameter: "to-address" in Winbox ... where ?
Replies: 26
Views: 1625

Re: NAT rule, parameter: "to-address" in Winbox ... where ?

...thats two errors in a row...
Where are the errors?

The rule redirect without specify dst-address=!192.168.55.1 manage uslessly the packets already directed to 192.168.55.1...
by rextended
Fri Oct 01, 2021 2:13 pm
Forum: Beginner Basics
Topic: NAT rule, parameter: "to-address" in Winbox ... where ?
Replies: 26
Views: 1625

Re: NAT rule, parameter: "to-address" in Winbox ... where ?

@roe1974 "my" rules are more clear what are doing and prevent useless redirect or dangerous self-redirect (see next post) because are checking if the packet is already directed to right destination. But going back to topic : you do not see to-address if is selected one action that not use ...
by rextended
Fri Oct 01, 2021 11:27 am
Forum: Beginner Basics
Topic: NAT rule, parameter: "to-address" in Winbox ... where ?
Replies: 26
Views: 1625

Re: NAT rule, parameter: "to-address" in Winbox ... where ?

"redirect" action do not use to-address, probably you need "dst-nat" instead.... redirect - replaces destination port of an IP packet to one specified by to-ports parameter and destination address to one of the router's local addresses dst-nat - replaces destination address and/o...
by rextended
Fri Oct 01, 2021 10:55 am
Forum: Beginner Basics
Topic: NAT rule, parameter: "to-address" in Winbox ... where ?
Replies: 26
Views: 1625

Re: NAT rule, parameter: "to-address" in Winbox ... where ?

Yes, is displayed on "action" section when you open the rule.
by rextended
Fri Oct 01, 2021 10:27 am
Forum: Beginner Basics
Topic: How to Completely Wipe Compromized Router?
Replies: 5
Views: 1839

Re: How to Completely Wipe Compromized Router?

Yes, is normal to do not have any config after netinstall.

For have the default values after netinstall must be checked "Apply default config"

For keep previous config select "Keep old configuration",
but NO, do not do it, on your case if the router is compromised...
by rextended
Fri Oct 01, 2021 2:36 am
Forum: Beginner Basics
Topic: url filtering on ssl traffic through Web Proxy Configuration
Replies: 15
Views: 1732

Re: url filtering on ssl traffic through Web Proxy Configuration

@rextended There is no way, and the vendor do not have any importance. This is definitely not correct. Or, in your words, "idiotic". You look like an "idiotic" to me. Next time, quote only a word instead of the full post. So maybe you will be right for sure. Full original quote:...
by rextended
Thu Sep 30, 2021 8:35 pm
Forum: Beginner Basics
Topic: url filtering on ssl traffic through Web Proxy Configuration
Replies: 15
Views: 1732

Re: url filtering on ssl traffic through Web Proxy Configuration

@rextended There is no way, and the vendor do not have any importance. You must hack the devices to see inside https url requests. @reinerotto This is not absolutely correct. [...] Ah, no? @reinerotto [....] However, this needs installation of certs on the client devices, which is possible only on ...
by rextended
Wed Sep 29, 2021 11:58 pm
Forum: Beginner Basics
Topic: Create Interface list via WinBox?
Replies: 3
Views: 617

Re: Create Interface list via WinBox?

The button with the text "Lists", on "Interface" / "Interface List", on the right of "filter" button, do not say nothing to you?
by rextended
Wed Sep 29, 2021 11:54 pm
Forum: Scripting
Topic: Help with where statement
Replies: 3
Views: 1101

Re: Help with where statement

You sure? Did you notice that I have changed very few things? Your script was almost all written correctly... Often other scripts that I correct are monstrous... You are on your way. I didn't take any courses, I learned easily because I had already programmed in the past on other languages​... Unfor...
by rextended
Wed Sep 29, 2021 11:32 pm
Forum: Beginner Basics
Topic: Block SSH and WINBOX from WAN Only
Replies: 10
Views: 1130

Re: Block SSH and WINBOX from WAN Only

My DHCP service for the LANS works great. MY CLIENT DHCP service for the WANS works great. SO I have to ask which DHCP service are you talking about??? I do not think is so hard to explain/understand.... :?: One thing is the DHCP Server service another is DHCP Client service If you block port 67 an...
by rextended
Wed Sep 29, 2021 8:06 pm
Forum: Beginner Basics
Topic: Block SSH and WINBOX from WAN Only
Replies: 10
Views: 1130

Re: Block SSH and WINBOX from WAN Only

Not sure what you mean by DHCP, not required on input chain rule?? Otherwise none of my configs would work LOL. I hope to explain better: With the changes you have proposed, the DHCP Server stops working as well, except for the administrative addresses. The DHCP Server is a service inside RouterBOA...
by rextended
Wed Sep 29, 2021 7:55 pm
Forum: Scripting
Topic: Help with where statement
Replies: 3
Views: 1101

Re: Help with where statement

I would like to put where statement on this script to not run when it detects the agent-remote-id is not Null -> I would like to put where statement on this script to not run when it detects the agent-remote-id is not Null. /ip dhcp-server lease :foreach dhcplease in=[find] do={ :local dhcpip [get $...
by rextended
Wed Sep 29, 2021 7:30 pm
Forum: Scripting
Topic: Regex for Numeric Range [SOLVED]
Replies: 5
Views: 1643

Re: Regex for Numeric Range [SOLVED]

I want to get the addresses between 192.168.0.0 and 192.168.63.0 through the regex. My regex expression is: "192\\.168\\.\b([0-9]|[1-5][0-9]|6[0-3])\b" From what I researched the mikrotik does not support "\b". So how can I apply the regex? MikroTik support POSIX syntax without ...
by rextended
Wed Sep 29, 2021 7:20 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 486
Views: 209467

Re: MikroTik smartphone app (ex Tik-App)

Someone at Apple decided that he no longer need the app...
by rextended
Wed Sep 29, 2021 7:02 pm
Forum: Beginner Basics
Topic: Block SSH and WINBOX from WAN Only
Replies: 10
Views: 1130

Re: Block SSH and WINBOX from WAN Only

@anav , if you do that (ignoring forward, address lists etc.) /ip firewall filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked" add chain=input action=drop connection-state=invalid comment="defconf...
by rextended
Wed Sep 29, 2021 6:22 pm
Forum: Beginner Basics
Topic: Block SSH and WINBOX from WAN Only
Replies: 10
Views: 1130

Re: Block SSH and WINBOX from WAN Only

Why waste time writing all this? Simply the DEFAULT firewall rules already protect everything from the WAN, not just SSH and WINBOX (e.g. DNS, telnet, NTP server, etc.), and are allowed from LAN what are leaved enabled. But must be the true DEFAULT rules, not something "see on youtube", fo...
by rextended
Wed Sep 29, 2021 6:17 pm
Forum: Beginner Basics
Topic: Block local IP's fails [SOLVED]
Replies: 11
Views: 1281

Re: Block local IP's fails [SOLVED]

PS: Basically forbid some ports to talk to other ether ports would be ideal. For be clear, you wanted every device completly isolated from eachother? If you have only one single device per port is doable, but as already wrote from @anav , is impossible to understand how is your network maded, witho...
by rextended
Wed Sep 29, 2021 6:12 pm
Forum: Beginner Basics
Topic: Block local IP's fails [SOLVED]
Replies: 11
Views: 1281

Re: Block local IP's fails [SOLVED]

Paste this on terminal for fix some errors: /interface bridge set bridge protocol-mode=none /ip address set [find where address="192.168.88.1/24"] interface=bridge /ip firewall nat set [find where src-port=""] !src-port /interface ethernet switch port set [find] default-vlan-id=a...
by rextended
Wed Sep 29, 2021 5:55 pm
Forum: Scripting
Topic: How to switch command directory dynamically?
Replies: 2
Views: 1050

Re: How to switch command directory dynamically?

Some other unsuccessful try: Define a function to call later after changing "directory": NO, the function when created remains on "root" Create a script and call it later after changing "directory": NO, the script everytime start on "root" The "change dir...
by rextended
Wed Sep 29, 2021 5:52 pm
Forum: Beginner Basics
Topic: Block local IP's fails [SOLVED]
Replies: 11
Views: 1281

Re: Block local IP's fails [SOLVED]

Go on one of the two device settings and block the other device on firewall, without make all traffic go trough CPU for apply some rules...
by rextended
Wed Sep 29, 2021 11:55 am
Forum: Scripting
Topic: Script to improve netwatch, dynamic variable solution? [SOLVED]
Replies: 7
Views: 1857

Re: Script to improve netwatch, dynamic variable solution? [SOLVED]

P.P.S: about the "!=" and ":"... the suggestions are for the syntax, not for fix the broken 7.1rc4 :(


I do not want omit that the "original" question/idea is from @MrBonding
I just added my way to save "declared-later" variables...
by rextended
Wed Sep 29, 2021 11:06 am
Forum: Scripting
Topic: Script to improve netwatch, dynamic variable solution? [SOLVED]
Replies: 7
Views: 1857

Re: Script to improve netwatch, dynamic variable solution? [SOLVED]

I accept the hint, RouterOS 7 or not, without move too much things, simply from "] = 0 )" to "] != 1 )" :lol: PS: don't get into the bad habit of omitting ":" before all the items where it should be put... put [typeof [ping 192.168.1.1 count=1]] # --->> :put [:typeof [:...
by rextended
Wed Sep 29, 2021 10:58 am
Forum: General
Topic: No skin selectable in Winbox
Replies: 15
Views: 2264

Re: No skin selectable in Winbox

Use one UPS.
by rextended
Tue Sep 28, 2021 8:36 pm
Forum: General
Topic: Failover Single PPPoE
Replies: 3
Views: 496

Re: Failover Single PPPoE

if the 2nd is only for backup and you use dhcp client for backup,
simply leave/set default route distance to 1 on pppoe-client pppoe-out
and
set default routing distance to 2 on DHCP client
done.
by rextended
Tue Sep 28, 2021 7:56 pm
Forum: Beginner Basics
Topic: url filtering on ssl traffic through Web Proxy Configuration
Replies: 15
Views: 1732

Re: url filtering on ssl traffic through Web Proxy Configuration

There is no way, and the vendor do not have any importance.

You must hack the devices to see inside https url requests.
by rextended
Tue Sep 28, 2021 7:47 pm
Forum: Scripting
Topic: Script to improve netwatch, dynamic variable solution? [SOLVED]
Replies: 7
Views: 1857

Re: Script to improve netwatch, dynamic variable solution? [SOLVED]

Just ask on MikroTik Forum... :global arrayofvalues :if ([:typeof $arrayofvalues] = "nothing") do={:set arrayofvalues [:toarray ""]} /ppp secret :foreach item in=[find where profile="SIMRouters"] do={ :local pname [get $item name] :local premip [get $item remote-address...
by rextended
Tue Sep 28, 2021 7:22 pm
Forum: Beginner Basics
Topic: url filtering on ssl traffic through Web Proxy Configuration
Replies: 15
Views: 1732

Re: url filtering on ssl traffic through Web Proxy Configuration

In these cases, a proxy is used that decrypts the SSL traffic and then analyzes it with the url filtering rules set. Where you have read this idiocy? The only way to decrypt "ssl" is to "hack" the web browser and/or the OS... For example, simply add a "proxy" to open h...
by rextended
Tue Sep 28, 2021 6:59 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 46775

Re: v7.1rc4 [development] is released!

...or simply the user disable the button on skin?...
by rextended
Tue Sep 28, 2021 3:51 pm
Forum: General
Topic: [Feature Request] DHCP(v4/v6) client: Make arbitrary option codes requestable and provide their values to the script
Replies: 7
Views: 3144

Re: [Feature Request] DHCP(v4/v6) client: Make arbitrary option codes requestable and provide their values to the script

The default options request on 6.47.10 is 0x010306212A2B333536798A corresponding to options: 1,3,6,33,42,43,51,53,54,121,138 Subnet Mask, Gateway, DNS Servers, Static Routes, NTP Servers, Vendor Specific, Lease Time, DHCP Message Type, DHCP Server ID, Classless Static Routes, CAP Access Controller I...
by rextended
Fri Sep 24, 2021 5:47 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 46775

Re: v7.1rc4 [development] is released!

and where is the cosmetic bug?
by rextended
Fri Sep 24, 2021 4:16 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 37
Views: 9269

Re: v6.49rc [testing] is released!

I hope you read also my reply than only his post....
by rextended
Fri Sep 24, 2021 3:10 pm
Forum: Scripting
Topic: RegEx help
Replies: 26
Views: 8358

Re: RegEx help

so how you tell reg exp to ignore case sensitive?
RegEx used on RouterOS do not have that flag (ignore case)
by rextended
Fri Sep 24, 2021 2:46 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 37
Views: 9269

Re: v6.49rc [testing] is released!

This is _OT_ and, everytime, the topic go _OT_ because someone instead to try to understand the problem, it suggests other things that have nothing to do with it. Does putting a backup line prevent the RouterBOARD from giving that error and stop working? (Not, obviously) I do not wrote about rings, ...
by rextended
Fri Sep 24, 2021 2:18 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 37
Views: 9269

Re: v6.49rc [testing] is released!

What about connecting to the router with console cable ? Have you tried that ?
Good question, same answer as other identical questions on similar problems:

I can't wait an hour to restore the service, driving 100Km away for test if serial cable work or not...
by rextended
Fri Sep 24, 2021 2:07 pm
Forum: General
Topic: Ip cloud behind "gray" IP
Replies: 3
Views: 507

Re: Ip cloud behind "gray" IP

For sure your customer do not know that all data pass to Hong Kong servers...
This is the "price" for use KeenDNS... alias "Keenetik Cloud Proxy"
by rextended
Fri Sep 24, 2021 1:04 pm
Forum: Beginner Basics
Topic: Super simple Q!, setting up 2x APs
Replies: 5
Views: 672

Re: Super simple Q!, setting up 2x APs

You can use the same SSID for all 4 without the minimal problem...
EXCEPT: must have same security configuration (same wpa2-psk only, aes-ccm only and wpa2 password)!!!
by rextended
Fri Sep 24, 2021 12:58 pm
Forum: Beginner Basics
Topic: cAP AC connects & disconnects continually with CAP
Replies: 12
Views: 1119

Re: cAP AC connects & disconnects continually with CAP

Do not make screenshot, are completely useless for read all configuration items

The config is... the config, not one image.

OT: (and now I imagine someone in the forum reading this, out of "spite" takes a screenshot of the terminal or something similar...)
by rextended
Fri Sep 24, 2021 12:56 pm
Forum: Beginner Basics
Topic: cAP AC connects & disconnects continually with CAP
Replies: 12
Views: 1119

Re: cAP AC connects & disconnects continually with CAP

Yes, my idea is: you mis/not configure something on some place on some point and on some way...

The riddle game again?

Where are the /export of the configurations of each device?
by rextended
Fri Sep 24, 2021 12:53 pm
Forum: Beginner Basics
Topic: cAP AC connects & disconnects continually with CAP
Replies: 12
Views: 1119

Re: cAP AC connects & disconnects continually with CAP

... again youtube ...
by rextended
Fri Sep 24, 2021 12:47 pm
Forum: Beginner Basics
Topic: Super simple Q!, setting up 2x APs
Replies: 5
Views: 672

Re: Super simple Q!, setting up 2x APs

Seeing everything as a single connection is impossible, if the smartphone has dual band working perfectly.

You can not use the same MAC for different interfaces on same LAN or WLAN.

You everytime obtain 4 different network (Identical SSID or not)

At most you can use CAPsMAN on hEX PoE.
by rextended
Fri Sep 24, 2021 12:05 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 37
Views: 9269

Re: v6.49rc [testing] is released!

On heavy load "30%"!!! on CCR1036-12G-4S (r2) (345 PPPoE sessions) again this error snmp,warning timeout while waiting for program 20 ONLY AND EXCLUSIVELY when monitored from The Dude 6.47.10 no other devices allowed to monitor SNMP SNMP version used: 2 (2c) On the dude the only 4 things m...
by rextended
Fri Sep 24, 2021 10:35 am
Forum: General
Topic: cap capsman factory reset
Replies: 4
Views: 540

Re: cap capsman factory reset

What if factory version is newer than 6.42.10?
If you want make this question, is implicit you already know the answer.
Why ask uselessly?
by rextended
Fri Sep 24, 2021 4:09 am
Forum: General
Topic: dst-nat support for shifted portmap ranges?
Replies: 34
Views: 5541

Re: dst-nat support for shifted portmap ranges?

Today I was configuring an ARRIS BGW210-700 at a client and stumbled accross this amazing feature. I really couldn't help but chuckle a bit at the irony of the fact that a simple SOHO router that offers the most "basic" NAT feature set, just so happens to support a simple feature that a c...
by rextended
Thu Sep 23, 2021 7:00 pm
Forum: RouterOS v7 BETA
Topic: ping routing-table=xxxxxx dont work
Replies: 6
Views: 1581

Re: ping routing-table=xxxxxx dont work

Probably because the user is impressed from all reported "lost" configuration on reboot / upgrade / etc.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 21