Community discussions

MikroTik App

Search found 5898 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 20
by rextended
Fri Sep 24, 2021 5:47 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 157
Views: 12209

Re: v7.1rc4 [development] is released!

and where is the cosmetic bug?
by rextended
Fri Sep 24, 2021 4:16 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 26
Views: 2122

Re: v6.49rc [testing] is released!

I hope you read also my reply than only his post....
by rextended
Fri Sep 24, 2021 3:10 pm
Forum: Scripting
Topic: RegEx help
Replies: 26
Views: 7474

Re: RegEx help

so how you tell reg exp to ignore case sensitive?
RegEx used on RouterOS do not have that flag (ignore case)
by rextended
Fri Sep 24, 2021 2:46 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 26
Views: 2122

Re: v6.49rc [testing] is released!

This is _OT_ and, everytime, the topic go _OT_ because someone instead to try to understand the problem, it suggests other things that have nothing to do with it. Does putting a backup line prevent the RouterBOARD from giving that error and stop working? (Not, obviously) I do not wrote about rings, ...
by rextended
Fri Sep 24, 2021 2:18 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 26
Views: 2122

Re: v6.49rc [testing] is released!

What about connecting to the router with console cable ? Have you tried that ?
Good question, same answer as other identical questions on similar problems:

I can't wait an hour to restore the service, driving 100Km away for test if serial cable work or not...
by rextended
Fri Sep 24, 2021 2:07 pm
Forum: General
Topic: Ip cloud behind "gray" IP
Replies: 3
Views: 176

Re: Ip cloud behind "gray" IP

For sure your customer do not know that all data pass to Hong Kong servers...
This is the "price" for use KeenDNS... alias "Keenetik Cloud Proxy"
by rextended
Fri Sep 24, 2021 1:04 pm
Forum: Beginner Basics
Topic: Super simple Q!, setting up 2x APs
Replies: 4
Views: 172

Re: Super simple Q!, setting up 2x APs

You can use the same SSID for all 4 without the minimal problem...
EXCEPT: must have same security configuration (same wpa2-psk only, aes-ccm only and wpa2 password)!!!
by rextended
Fri Sep 24, 2021 12:58 pm
Forum: Beginner Basics
Topic: cAP AC connects & disconnects continually with CAP
Replies: 6
Views: 175

Re: cAP AC connects & disconnects continually with CAP

Do not make screenshot, are completely useless for read all configuration items

The config is... the config, not one image.

OT: (and now I imagine someone in the forum reading this, out of "spite" takes a screenshot of the terminal or something similar...)
by rextended
Fri Sep 24, 2021 12:56 pm
Forum: Beginner Basics
Topic: cAP AC connects & disconnects continually with CAP
Replies: 6
Views: 175

Re: cAP AC connects & disconnects continually with CAP

Yes, my idea is: you mis/not configure something on some place on some point and on some way...

The riddle game again?

Where are the /export of the configurations of each device?
by rextended
Fri Sep 24, 2021 12:47 pm
Forum: Beginner Basics
Topic: Super simple Q!, setting up 2x APs
Replies: 4
Views: 172

Re: Super simple Q!, setting up 2x APs

Seeing everything as a single connection is impossible, if the smartphone has dual band working perfectly.

You can not use the same MAC for different interfaces on same LAN or WLAN.

You everytime obtain 4 different network (Identical SSID or not)

At most you can use CAPsMAN on hEX PoE.
by rextended
Fri Sep 24, 2021 12:05 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 26
Views: 2122

Re: v6.49rc [testing] is released!

On heavy load "30%"!!! on CCR1036-12G-4S (r2) (345 PPPoE sessions) again this error snmp,warning timeout while waiting for program 20 ONLY AND EXCLUSIVELY when monitored from The Dude 6.47.10 no other devices allowed to monitor SNMP SNMP version used: 2 (2c) On the dude the only 4 things m...
by rextended
Fri Sep 24, 2021 10:35 am
Forum: General
Topic: cap capsman factory reset
Replies: 4
Views: 180

Re: cap capsman factory reset

What if factory version is newer than 6.42.10?
If you want make this question, is implicit you already know the answer.
Why ask uselessly?
by rextended
Fri Sep 24, 2021 4:09 am
Forum: General
Topic: dst-nat support for shifted portmap ranges?
Replies: 34
Views: 4936

Re: dst-nat support for shifted portmap ranges?

Today I was configuring an ARRIS BGW210-700 at a client and stumbled accross this amazing feature. I really couldn't help but chuckle a bit at the irony of the fact that a simple SOHO router that offers the most "basic" NAT feature set, just so happens to support a simple feature that a c...
by rextended
Thu Sep 23, 2021 7:00 pm
Forum: RouterOS v7 BETA
Topic: ping routing-table=xxxxxx dont work
Replies: 3
Views: 313

Re: ping routing-table=xxxxxx dont work

Probably because the user is impressed from all reported "lost" configuration on reboot / upgrade / etc.
by rextended
Thu Sep 23, 2021 6:57 pm
Forum: Beginner Basics
Topic: Blocking incoming DNS
Replies: 4
Views: 183

Re: Blocking incoming DNS

Ahhh yesss... :lol:
by rextended
Thu Sep 23, 2021 6:51 pm
Forum: General
Topic: cap capsman factory reset
Replies: 4
Views: 180

Re: cap capsman factory reset

No phisical acces, No reset.

Hack:
Force downgrade to 6.42.10
On that version the new user database format are unreadable, you obtain admin with blank password,
then upgrade again to 6.47.10 and set new password.
by rextended
Thu Sep 23, 2021 6:49 pm
Forum: General
Topic: Outbound DDOS firewall rules
Replies: 3
Views: 212

Re: Outbound DDOS firewall rules

First of all place anti-spoofing rules: check if the firewall check that the source IP of incoming packet from your clients are your addresses and not spoofed.
by rextended
Thu Sep 23, 2021 6:39 pm
Forum: Beginner Basics
Topic: Blocking incoming DNS
Replies: 4
Views: 183

Re: Blocking incoming DNS

Your problem is caused by the fact that you have removed all the default firewall rules in your router.

Other users solve it like this: They don't remove the default firewall rules.
by rextended
Thu Sep 23, 2021 6:22 pm
Forum: Wireless Networking
Topic: Client can connect to 5GHz only after disabling 802.11ac
Replies: 8
Views: 428

Re: Client can connect to 5GHz only after disabling 802.11ac

From my point of view: 0: probably @bpwl is right and both SSID are the same 1st error, TP-Link MAC address on both wireless, probably the same: set wlan1 mac-address=EC:88:8F:xx:xx:xx set wlan2 mac-address=EC:88:8F:xx:xx:xx 2nd: enabled "b" set wlan1 band=2ghz-b/g/n 3rd: Random Ce/eC (XX)...
by rextended
Thu Sep 23, 2021 12:09 am
Forum: General
Topic: LoRa question
Replies: 3
Views: 167

Re: LoRa question

Is better you ask those question on Latvia working hours, when MikroTik staff is present, or ask directly to sales@mikrotik.com
by rextended
Thu Sep 23, 2021 12:07 am
Forum: General
Topic: LoRa question
Replies: 3
Views: 167

Re: LoRa question

I hope, I'm one of that buyers...
by rextended
Wed Sep 22, 2021 11:51 pm
Forum: General
Topic: Problems With 5060 Sip Wildixin
Replies: 3
Views: 321

Re: Problems With 5060 Sip Wildixin

@sindy , is like the other topic.. 1) Missing dst-address=<WAN_PUBLIC_IP> on all rules 2) I work with VoIP from 2010 and everytime SIP ALG IS ON, without using stun and proxy, never a problem. /ip firewall service-port set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h 3) Some ...
by rextended
Wed Sep 22, 2021 11:40 pm
Forum: General
Topic: dstnat in conflict with gre over IPsec tunnel [SOLVED]
Replies: 22
Views: 618

Re: dstnat in conflict with gre over IPsec tunnel [SOLVED]

@sindy, well done, nothing to add :)


@anav
when to use EoIP Ipsec (GRe) vs when to use wireguard??
Actually I do not use v7 :roll:
by rextended
Wed Sep 22, 2021 10:41 pm
Forum: RouterBOARD hardware
Topic: change from cisco to mikrotik
Replies: 6
Views: 368

Re: change from cisco to mikrotik

i cut off the power from cisco during update process and now it’s not working anymore this way

Have you tried with NetInstall? :lol:


Sorry... :roll:
by rextended
Wed Sep 22, 2021 10:34 pm
Forum: General
Topic: dstnat in conflict with gre over IPsec tunnel [SOLVED]
Replies: 22
Views: 618

Re: dstnat in conflict with gre over IPsec tunnel [SOLVED]

For VPN between mikrotik device usually I have 1 public IP on both side and I use EoIP with IPsec (GRE) The traffic is already encrypted before entering the MikroTik RouterBOARD. When I can not do directly a link, for example because I do not control the 2nd Router, I'm forced to use the VPN mode pr...
by rextended
Wed Sep 22, 2021 10:25 pm
Forum: General
Topic: dstnat in conflict with gre over IPsec tunnel [SOLVED]
Replies: 22
Views: 618

Re: dstnat in conflict with gre over IPsec tunnel [SOLVED]

The right question is: why not?
You simply say with that rule "hijacks all traffic directed to any destination, to port 80 and 443, to another IP"...

directed to any destination = not specify dst-nation :lol:
by rextended
Wed Sep 22, 2021 10:18 pm
Forum: General
Topic: dstnat in conflict with gre over IPsec tunnel [SOLVED]
Replies: 22
Views: 618

Re: dstnat in conflict with gre over IPsec tunnel [SOLVED]

@sindy , not really, yours is better because I didn't notice the detail on the in-interface... @wolfram paste this on terminal (replace the 10.7.125.134 with the correct ether1 IP!!!) and let us know the results, please... /ip firewall nat set [find where comment~"webserver"] dst-address=...
by rextended
Wed Sep 22, 2021 10:15 pm
Forum: General
Topic: dstnat in conflict with gre over IPsec tunnel [SOLVED]
Replies: 22
Views: 618

Re: dstnat in conflict with gre over IPsec tunnel [SOLVED]

Something like this?
# removed in-interface=ether1 added dst-address=10.7.125.134
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=192.168.121.40 to-ports=80 dst-address=10.7.125.134
by rextended
Wed Sep 22, 2021 10:05 pm
Forum: General
Topic: dstnat in conflict with gre over IPsec tunnel [SOLVED]
Replies: 22
Views: 618

Re: dstnat in conflict with gre over IPsec tunnel [SOLVED]

I I swear on my honor that what I am about to say is not a joke, nor sarcasm, nor a provocation, but only what I actually think without double entenders, maybe misspelled because I am not a native English speaker. Your configuration per-se is not complicated, but for follow all reasonong cause me a ...
by rextended
Wed Sep 22, 2021 7:47 pm
Forum: General
Topic: dstnat in conflict with gre over IPsec tunnel [SOLVED]
Replies: 22
Views: 618

Re: dstnat in conflict with gre over IPsec tunnel [SOLVED]

What magic do I need to aply to fix this?
Buy for yourself a Palantír,
you don't want us to use ours?

I can provide /export, but I don´t think its needed
I can provide help, but I do not think it is wanted
by rextended
Wed Sep 22, 2021 7:44 pm
Forum: General
Topic: dstnat in conflict with gre over IPsec tunnel [SOLVED]
Replies: 22
Views: 618

Re: dstnat in conflict with gre over IPsec tunnel [SOLVED]

I can provide /export help, but I don´t think its needed wanted
by rextended
Wed Sep 22, 2021 6:28 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 157
Views: 12209

Re: v7.1rc4 [development] is released!

dst-len in 24-24 can be simply written as dst-len == 24

Please ignore @vaka wrong example, consider this:

@eworm
dst-len in 20-22
by rextended
Wed Sep 22, 2021 6:26 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 157
Views: 12209

Re: v7.1rc4 [development] is released!

Please at this point put "all" not under or lower part [num prop readable] dst-len [prfx prop readable] dst [num prop readable] in {int..int}|{int-int} ==|!=|<=|>=|<|> {int} [num prop readable] [prfx prop readable] !=|==|in {address 46/}
by rextended
Wed Sep 22, 2021 6:22 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 157
Views: 12209

Re: v7.1rc4 [development] is released!

Your example is covered by prefix property. Have another look at the documentation, my example is covered by num property.
what I copy & paste from help is the fact that the "in" can be applied only to prefix...
by rextended
Wed Sep 22, 2021 6:18 pm
Forum: General
Topic: Winbox2 and Winbox3 Differences pertinent to Windows10
Replies: 7
Views: 936

Re: Winbox2 and Winbox3 Differences pertinent to Windows10

I have Windows 10 and (ignoring that version 2 is more than outdated) on my pc WinBox 2.2.18 work flawlessly on both IP or MAC mode...
by rextended
Wed Sep 22, 2021 6:02 pm
Forum: General
Topic: Has the DoH memory leak been fixed?
Replies: 4
Views: 244

Re: Has the DoH memory leak been fixed?

Synthesys: 6.47/48/49 have been (temporarly?) abandoned in favor of increasing the "rc" number of 7.1
by rextended
Wed Sep 22, 2021 5:48 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 157
Views: 12209

Re: v7.1rc4 [development] is released!

Because "in" work for check if an IP are inside one range, not for check if a number is inside an interval... [prfx prop readable] !=|==| in {address 46/} like 1.1.1.1/32 in 1.0.0.0/8 probably this is the right way /routing filter rule add chain=ospf_out disabled=yes \ rule="if ( (dst...
by rextended
Wed Sep 22, 2021 5:44 pm
Forum: Wireless Networking
Topic: BaseBox 2 vs OmniTik 5
Replies: 4
Views: 216

Re: BaseBox 2 vs OmniTik 5

1) Like TV, fridge, etc. if the tenant broken something, then he repay that, and MikroTik device is not resettable like almost all other vendors... 2) Yes, but if one apartment are not serviced, the other 2 still active, just if omnitik 5 or your ISP router is broken stop all 3 apartments, and if wo...
by rextended
Wed Sep 22, 2021 5:36 pm
Forum: General
Topic: Has the DoH memory leak been fixed?
Replies: 4
Views: 244

Re: Has the DoH memory leak been fixed?

Try yourself and report on forum.
by rextended
Wed Sep 22, 2021 2:25 pm
Forum: RouterBOARD hardware
Topic: NetPower 16p.... Rubbish PoE design. Workarounds?
Replies: 9
Views: 736

Re: NetPower 16p.... Rubbish PoE design. Workarounds?

70% of what @olivier2831 have wroted is logically uncomphrensible...
by rextended
Wed Sep 22, 2021 1:47 pm
Forum: Wireless Networking
Topic: BaseBox 2 vs OmniTik 5
Replies: 4
Views: 216

Re: BaseBox 2 vs OmniTik 5

Use external omni 5 and 3 hapac^3, one for each apartment, using the 3rd 5GHz to connect to the omnitik 5. Done.
by rextended
Wed Sep 22, 2021 1:42 pm
Forum: RouterBOARD hardware
Topic: NetPower 16p.... Rubbish PoE design. Workarounds?
Replies: 9
Views: 736

Re: NetPower 16p.... Rubbish PoE design. Workarounds?

Simply read specification on the product page???
https://mikrotik.com/product/netpower_16p

4th phrase:
Device itself does not have an onboard voltage converter. You need 24V PSU to have 24V PoE out and/or 48V PSU to have 48V PoE out (IEEE 802.3 at/af).
by rextended
Wed Sep 22, 2021 1:38 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 25
Views: 5099

Re: WinBox v3.31 released!

Stop quoting on useless way.
Why you not try yourself... Inverted already on 3.30
by rextended
Wed Sep 22, 2021 1:29 am
Forum: General
Topic: unknown RouterBOOT option on RB4011
Replies: 8
Views: 356

Re: unknown RouterBOOT option on RB4011

But going back to "ethernet", only the latest RouterBOOT 6.45.x and up on selected device models can have the possibility to select ethernet,
instead RouterOS really do not count, just must have the internal support to set that option.
by rextended
Wed Sep 22, 2021 1:25 am
Forum: General
Topic: unknown RouterBOOT option on RB4011
Replies: 8
Views: 356

Re: unknown RouterBOOT option on RB4011

HIding the MAC address it's useless, it's silly, just a machine directly connected to the router "might" be a problem, but with serial number can be deducible the address of the cloud lowercaseserialnumber.sn.mynetname.net and if the routeros use the cloud, everyone in the world can have y...
by rextended
Wed Sep 22, 2021 1:22 am
Forum: General
Topic: unknown RouterBOOT option on RB4011
Replies: 8
Views: 356

Re: unknown RouterBOOT option on RB4011

edited above picture...off topic but why is it necessary to hide the serial?
You do not read completly my previous post????
by rextended
Wed Sep 22, 2021 1:17 am
Forum: General
Topic: unknown RouterBOOT option on RB4011
Replies: 8
Views: 356

Re: unknown RouterBOOT option on RB4011

Remove the picture with serial number...
I hope you do not use the cloud serialnumber.sn.mynetname.net

Once the device is "remotely" booted, you can change without problem also the BIOS settings...
by rextended
Wed Sep 22, 2021 1:05 am
Forum: Wireless Networking
Topic: Client can connect to 5GHz only after disabling 802.11ac
Replies: 8
Views: 428

Re: Client can connect to 5GHz only after disabling 802.11ac

Stop writing novels and post the config.
/export hide-sensitive file=hapac3
censore sensible part inside (true public IP, email, etc.) before put on forum.
do not delete anything, only censore when needed.
by rextended
Wed Sep 22, 2021 1:03 am
Forum: General
Topic: unknown RouterBOOT option on RB4011
Replies: 8
Views: 356

Re: unknown RouterBOOT option on RB4011

some users ask this feature for remote netinstall, if the normal nand boot fail (try continuosly instead "only once")
by rextended
Tue Sep 21, 2021 10:13 pm
Forum: Virtualization
Topic: CHR Total Memory
Replies: 4
Views: 840

Re: CHR Total Memory

On download page are present 4 version of CHR OVA... Is nice than the OP have not specified what version have used for test... If you want 128MB of virtual memory, set the total memory to 132MB On VMware you can set the memory with 4MB step, but on that MikroTik Linux Kernel (3.x) the memory must be...
by rextended
Tue Sep 21, 2021 10:04 pm
Forum: General
Topic: Tiktok Live Problems
Replies: 24
Views: 1448

Re: Tiktok Live Problems

This reply, and also prevous post of this user... SPAM BOT...
by rextended
Tue Sep 21, 2021 9:59 pm
Forum: General
Topic: someone hack my routrs - can someone help?
Replies: 16
Views: 3342

Re: someone hack my routrs - can someone help?

The Italian Mafia... Pay who can make disaster for do not make disaster....
by rextended
Tue Sep 21, 2021 9:16 pm
Forum: General
Topic: Anonymous user tried to log in
Replies: 7
Views: 397

Re: Anonymous user tried to log in

It is a product that is sold only in Yemen,
also the "QuestionPro for Dummies" guide, but he hasn't read it yet ...

Image
by rextended
Tue Sep 21, 2021 7:26 pm
Forum: General
Topic: Route date/timestamps
Replies: 1
Views: 165

Re: Route date/timestamps

you can not have more detail than
/ip route print detail terse
by rextended
Tue Sep 21, 2021 7:15 pm
Forum: Scripting
Topic: Remove Nat Sessions on a specific event
Replies: 16
Views: 1941

Re: Remove Nat Sessions on a specific event



...NO COMMENT...
Like you have never done that... ^^' :D
Oh... how long, last time you were writing and driving at the same time... Did you just get out of the hospital? :lol: :lol: :lol:
by rextended
Tue Sep 21, 2021 6:36 pm
Forum: General
Topic: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?
Replies: 12
Views: 442

Re: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?

From @ZeroByte post_id 542346 This is because the packet is below the inner MTU, thus it is neither discarded nor dropped. The resulting encrypted tunnel packet may exceed the physical interface's MTU, and since the IPSec session is technically not the inner traffic, it is eligible for fragmentation...
by rextended
Tue Sep 21, 2021 6:35 pm
Forum: General
Topic: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?
Replies: 12
Views: 442

Re: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?

rextender
Noob, don't mess up my threads with your bullshit. First, learn how mturoute works.
really rude and with little memory, you don't even remember that you already asked
by rextended
Tue Sep 21, 2021 4:28 pm
Forum: General
Topic: Magic troubles button "Reset all counters" from MikroTik [SOLVED]
Replies: 8
Views: 642

Re: Magic troubles button "Reset all counters" from MikroTik [SOLVED]

home: power outages = UPS, no more worries.
Business: power outages = better UPS no more worries.
Business: Longer term power outages = better UPS + generator
Long term Business: avoid to have all on unique place, and have backup data lines and servers... :lol:
by rextended
Tue Sep 21, 2021 4:24 pm
Forum: General
Topic: Magic troubles button "Reset all counters" from MikroTik [SOLVED]
Replies: 8
Views: 642

Re: Magic troubles button "Reset all counters" from MikroTik [SOLVED]

User Manager problem is database corruption all the time,
From 2007 till now, no one user-manager on production corrupted (and all under UPS)...
Ah... and if you do not know, you can backup, on other machine, the database...
by rextended
Tue Sep 21, 2021 2:43 pm
Forum: General
Topic: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?
Replies: 12
Views: 442

Re: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?

L2TP add 40Bytes to the standard 1500 and MTU must be reduced to 1460 to avoid fragmentation, but adding also IPsec add more Bytes to the packet, and depend by what encryption method are used, but for be sure, 60Bytes and the final MTU of 1400 can be a reasonable value to set. But obviously anything...
by rextended
Tue Sep 21, 2021 2:29 pm
Forum: General
Topic: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?
Replies: 12
Views: 442

Re: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?

Another valid program I use on Windows is this, work for both IPv4 and IPv6 addresses
https://www.iea-software.com/products/mtupath/
by rextended
Tue Sep 21, 2021 2:24 pm
Forum: General
Topic: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?
Replies: 12
Views: 442

Re: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?

rextender
Noob, don't mess up my threads with your bullshit. First, learn how mturoute works.
From the question you ask, I think you are the first who does not know how it works,
and then you are a great rude, no doubt, just the vulgar answers that express how much you do not understand anything.
by rextended
Tue Sep 21, 2021 2:12 pm
Forum: General
Topic: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?
Replies: 12
Views: 442

Re: How to determine the real (actual) MTU of the L2TP+IPsec tunnel?

just use ping with the non-fragment flag set and the size 1500, then decrease the size by one until the ping passes
by rextended
Tue Sep 21, 2021 1:58 pm
Forum: Scripting
Topic: The Routerboards Test Results
Replies: 2
Views: 197

Re: The Routerboards Test Results

Why you post this on scripting section?

Already exist one topic about how the routerboard are tested, search it.
by rextended
Tue Sep 21, 2021 10:37 am
Forum: General
Topic: Mikrotik Rack-mounted Devices Visio Stencils
Replies: 47
Views: 47905

Re: Mikrotik Rack-mounted Devices Visio Stencils

The user has disappeared and the github isn't updated from 2 years...
I hope he is alive...
by rextended
Tue Sep 21, 2021 10:33 am
Forum: RouterOS v7 BETA
Topic: Feature Request: Logging Action to run a script
Replies: 2
Views: 295

Re: Feature Request: Logging Action to run a script

ahh I love when they suggest ways to block the router even more in the event of a DDoS attack... and even if it is misconfigured...
by rextended
Tue Sep 21, 2021 10:27 am
Forum: General
Topic: resetall counters [SOLVED]
Replies: 1
Views: 203

Re: resetall counters [SOLVED]

You have the same problems of other uninstructed managers: You do not use a necessary RADIUS server, instead you use the poor hotspot / users database, that are used only when 2-3 users are pressent. It will be a good step for administrators who control the hotspot network to use, for example, the u...
by rextended
Tue Sep 21, 2021 10:23 am
Forum: General
Topic: Magic troubles button "Reset all counters" from MikroTik [SOLVED]
Replies: 8
Views: 642

Re: Magic troubles button "Reset all counters" from MikroTik [SOLVED]

The problem is not the button, (or the position of the button) the problem is the use:
use user-manager or other RADIUS service, and this can't happen.

Use the hotspot / users only if the users are really a few...
by rextended
Tue Sep 21, 2021 10:19 am
Forum: General
Topic: Problem with delivery / looking for alternative [SOLVED]
Replies: 9
Views: 483

Re: Problem with delivery / looking for alternative [SOLVED]

My advice: do not use only "one" PoE switch, but distribute the load over several points, and not in the same "room".
by rextended
Mon Sep 20, 2021 8:50 pm
Forum: Scripting
Topic: Fetch json
Replies: 7
Views: 390

Re: Fetch json

I know that the command in terminal should produce output. You do not have understand, do not use output=something for now... The Router what IP have? Is in the same lan? have more than one ip? get the ip from dhcp server on the DSL router or have fixed IP? the DSL router reply only to device that ...
by rextended
Mon Sep 20, 2021 8:38 pm
Forum: Scripting
Topic: Packet loss Script to GRE Tunnels
Replies: 1
Views: 190

Re: Packet loss Script to GRE Tunnels

Not tested, only fixed syntax and logic errors # VARIABLES :local interface <interface-name> :local interface2 <interface2-name> :local totalpings 25 :local ipdest [/interface pptp-client get $interface connect-to] # IF GRE TUNNEL 2 IS WORKING - RUN SCRIPT :if ([/interface pptp-client get $interface...
by rextended
Mon Sep 20, 2021 8:27 pm
Forum: Scripting
Topic: Fetch json
Replies: 7
Views: 390

Re: Fetch json

But you must be authenticated on browser to read that file??? Is strange the router leak something without access... and try the command without "output...." etc. Simply this: /tool fetch url="http://192.168.0.1/data/Status.json" When this work on routeros you can proceed with th...
by rextended
Mon Sep 20, 2021 6:38 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 157
Views: 12209

Re: v7.1rc4 [development] is released!

export not work

routing-mark=*4000 instead of mytable
/routing table
add disabled=no name=mytable

/ip firewall nat
add action=log chain=srcnat routing-mark=*4000
by rextended
Mon Sep 20, 2021 6:28 pm
Forum: Scripting
Topic: 7.1rc3, set $variable or set variable in system/script
Replies: 7
Views: 366

Re: 7.1rc3, set $variable or set variable in system/script

No problem, but in my post I also put in the explanations :-P About @eworm soluction: is pretty the same: I check if is it a number, because MUST be a number, if is it I add one, else I set to 1 the variable instead @eworm check if is "nothing", and if is it set to 1 the variable, else add...
by rextended
Mon Sep 20, 2021 6:19 pm
Forum: Scripting
Topic: 7.1rc3, set $variable or set variable in system/script
Replies: 7
Views: 366

Re: 7.1rc3, set $variable or set variable in system/script

Ok, little "tutorial" 1) please proper indent, and use the : and / everityme! :if ([:len [/system/script/environment/find where name=WAN1DownCounter]] = 0) do={ :global WAN1DownCounter 1 } else={ :set WAN1DownCounter ([/system/script/environment/get WAN1DownCounter value] + 1) } 2) the rig...
by rextended
Mon Sep 20, 2021 6:05 pm
Forum: Scripting
Topic: 7.1rc3, set $variable or set variable in system/script
Replies: 7
Views: 366

Re: 7.1rc3, set $variable or set variable in system/script

@rextended Please help :)
Ohhh... call me on topic where already I have wroted :)

NOw I read and reply to your post
by rextended
Mon Sep 20, 2021 5:49 pm
Forum: Scripting
Topic: Changed scripting coding between V6 and v7
Replies: 2
Views: 315

Re: Changed scripting coding between V6 and v7

What changes between 6.47.10 and 7.1rc4: On 6.x we can define "routing-mark" at any point where it can be set, as well as NAT. On 7.1rc4 first of all the routing table must be defined before it can be used on other sections, such as NAT. Synthesis # 6.47.10 :put [:len [/ip firewall nat fin...
by rextended
Mon Sep 20, 2021 1:36 pm
Forum: General
Topic: HELP! Mikrotik router is accessible from outside
Replies: 4
Views: 305

Re: HELP! Mikrotik router is accessible from outside

You have tested the public IP inside your LAN, or you have used another connection to test it?
by rextended
Mon Sep 20, 2021 10:28 am
Forum: Scripting
Topic: Script fails
Replies: 2
Views: 302

Re: Script fails

If SSEbb interface exist, and have at least one IP: { :local password "thesecretkey1234" :local subdomain "@" :local domainn "mydomain.com" /ip address :local arrayofID [find where interface="SSEbb"] :local firstID [:pick $arrayofID 0] :local fulladdr [get $fi...
by rextended
Mon Sep 20, 2021 10:11 am
Forum: Wireless Networking
Topic: Band steering - "priority" to 5Ghz
Replies: 10
Views: 495

Re: Band steering - "priority" to 5Ghz

If you have already read all other topic, why open anoter one?

Except what you already have read, there is not a solution (for now, until mikrotik does something)
by rextended
Sat Sep 18, 2021 4:07 pm
Forum: General
Topic: Randomly resets and can't open some webpages
Replies: 6
Views: 392

Re: Randomly resets and can't open some webpages

/ip pool
add name=dhcp ranges=192.168.0.12-192.168.0.254
add name=vpn ranges=192.168.89.2-192.168.89.255
by rextended
Sat Sep 18, 2021 2:20 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 25
Views: 5099

Re: WinBox v3.31 released!

after updating winbox the log does not work on one router
rb750gr3 ros 6.48.4
You have applied to the user profile the default skin from webfig...
by rextended
Sat Sep 18, 2021 4:00 am
Forum: RouterBOARD hardware
Topic: Another Hardware Idea..
Replies: 5
Views: 461

Re: Another Hardware Idea..

Is possible to install RouterOS x86_64 inside,
netinstall MkroSD with windows / linux and put inside the bay.

Probably also CHR because "probably" support also ESXi or similar...


I hope one day update that with also 5GHz,
Image
by rextended
Sat Sep 18, 2021 2:36 am
Forum: Scripting
Topic: How to get SNMP interface index in a script.
Replies: 6
Views: 1921

Re: How to get SNMP interface index in a script.

The script used as-is do error on ":local intName [get $i name]" because "get from where"? Rewrited Script: /interface :foreach item in=[find] do={ :local intName [get $item name] :local intOID ([print oid as-value where name=$intName]->0->"name") :local intIdx [:pick $...
by rextended
Fri Sep 17, 2021 3:50 pm
Forum: Beginner Basics
Topic: Real DMZ on second IP range
Replies: 15
Views: 887

Re: Real DMZ on second IP range

Someone needs a script for guessing???
:lol: :lol: :lol:
by rextended
Fri Sep 17, 2021 3:35 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1116

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

Putting all togheter: Paste this on terminal ( after set the right gateway address ) /ip route add distance=1 gateway=<put-lte-gateway-IP-address-here> routing-mark=ntp /ip firewall raw add action=add-dst-to-address-list address-list=ntp_pool address-list-timeout=none-dynamic chain=prerouting dst-ad...
by rextended
Fri Sep 17, 2021 3:29 pm
Forum: General
Topic: Scheduler stops executing script
Replies: 22
Views: 1192

Re: Scheduler stops executing script

No problem
by rextended
Fri Sep 17, 2021 3:24 pm
Forum: General
Topic: Scheduler stops executing script
Replies: 22
Views: 1192

Re: Scheduler stops executing script

fetch can cause a infinite DELAY, not infinite loop, all is freezed, waiting fetch to finish, is not a cycle than can be autochecked if executed too much time and autoexit... Try my script, if fail we add asyncronous fetch execution Something like that, you can see my Snippets, on my signature the l...
by rextended
Fri Sep 17, 2021 3:19 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1116

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

for obtain the list of all IPs used as NTP server

(NTP is one of the protocol than for be full compliant want also the src port 123)

added automation method
viewtopic.php?f=2&t=178602&p=880497#p880497
by rextended
Fri Sep 17, 2021 2:55 pm
Forum: General
Topic: Scheduler stops executing script
Replies: 22
Views: 1192

Re: Scheduler stops executing script

Rewrited script, without change logic :log info "Start Sending Report" /ip firewall address-list :foreach tmpAddress in=[find where list="HONEYPOT"] do={ :local attackip [get $tmpAddress address] :log info "BEGIN $attackip Report to AbuseIPDB" :do { /tool fetch keep-res...
by rextended
Fri Sep 17, 2021 2:44 pm
Forum: General
Topic: Scheduler stops executing script
Replies: 22
Views: 1192

Re: Scheduler stops executing script

Sometime "fetch" freeze for answer from remote site and lock the script (and the scheduler) on-error can not catch indefinite waiting.... also ":set $attackip value=" where is defined "attackip"? and :set must be used without the $ only 6 seconds between fetch notificat...
by rextended
Fri Sep 17, 2021 1:13 pm
Forum: General
Topic: Scheduler stops executing script
Replies: 22
Views: 1192

Re: Scheduler stops executing script

@SiB, next time the scheduler start must check if previous is finished, if not warn user on some way. pseudocode scheduler set global varialble randomnameJhdsfg to "endscript" if the variable do not already exist check global variable randomnameJhdsfg if it is set to "endscript",...
by rextended
Fri Sep 17, 2021 12:55 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 25
Views: 5099

Re: WinBox v3.31 released!

Already replied and is "Check For Updates" not upgrade
by rextended
Fri Sep 17, 2021 12:04 pm
Forum: Scripting
Topic: Script Error
Replies: 8
Views: 477

Re: Script Error

Di niente :lol:
by rextended
Fri Sep 17, 2021 11:55 am
Forum: General
Topic: Scheduler stops executing script
Replies: 22
Views: 1192

Re: Scheduler stops executing script

@Stril I asked you to post the script here for further analysis,
but your assumption that the executed script is perfect and does not block the scheduler, makes me make this decision:

End of help from my side.
by rextended
Fri Sep 17, 2021 11:50 am
Forum: Scripting
Topic: ✂ Rextended Fragments of Snippets
Replies: 3
Views: 1800

Re: ✂ Rextended Fragments of Snippets

DHCPv6 option 39 fqdn2encdns FQDN to DNS encoding DNS encoder

viewtopic.php?f=1&t=178607&p=880429#p880424
by rextended
Fri Sep 17, 2021 11:48 am
Forum: RouterOS v7 BETA
Topic: Option39 DHCPv6 Client [SOLVED]
Replies: 8
Views: 576

Re: Option39 DHCPv6 Client [SOLVED]

Bugfix:

Wrong
0x010x03'www'0x12'thisismydomainname'0x03'net'0x00

Correct:
0x01''0x03'www'0x12'thisismydomainname'0x03'net'0x00

Script fixed
by rextended
Fri Sep 17, 2021 11:42 am
Forum: RouterOS v7 BETA
Topic: Option39 DHCPv6 Client [SOLVED]
Replies: 8
Views: 576

Re: Option39 DHCPv6 Client [SOLVED]

Yes, I hope you like my script....
by rextended
Fri Sep 17, 2021 11:32 am
Forum: RouterOS v7 BETA
Topic: Option39 DHCPv6 Client [SOLVED]
Replies: 8
Views: 576

Re: Option39 DHCPv6 Client [SOLVED]

search tag # rextended DHCPv6 option 39 fqdn2encdns FQDN to DNS encoding DNS encoder I just finished to write this to directly encode the string: :global tmpChar "\00" :global hexChars "0123456789ABCDEF" :global charsString "" :for x from=0 to=15 step=1 do={ :for y from...
by rextended
Fri Sep 17, 2021 11:30 am
Forum: RouterOS v7 BETA
Topic: Option39 DHCPv6 Client [SOLVED]
Replies: 8
Views: 576

Re: Option39 DHCPv6 Client [SOLVED]

9 or 15, is limited, this not change the point
The max length for label and domain is 63 characters
by rextended
Fri Sep 17, 2021 10:41 am
Forum: General
Topic: Scheduler stops executing script
Replies: 22
Views: 1192

Re: Scheduler stops executing script

This is not diagnosticable, the scheduler is ok,
you must also post the script you try to run...
by rextended
Fri Sep 17, 2021 10:14 am
Forum: RouterOS v7 BETA
Topic: Option39 DHCPv6 Client [SOLVED]
Replies: 8
Views: 576

Re: Option39 DHCPv6 Client [SOLVED]

The script not work if the fqdn have one part with more than 9 characters, like www.thisismydomain.com because the length on encoded dns when is bigger than 9 must be converted to hexadecimal, not "0" + ":len" as string Why not simply: /ipv6 dhcp-client option add code=39 name=op...
by rextended
Fri Sep 17, 2021 2:08 am
Forum: Scripting
Topic: Return IP Octet Function
Replies: 14
Views: 5500

Re: Return IP Octet Function

search tag # rextended ip2array ip split octet Uhm... I forgot that script.... Actualized version, always return one array with: 0: IP passed as parameter 1: 1st octet 2: 2nd octet 3: 3rd octet 4: 4th octet :global ip2array do={ :local ip [:toip $1] :local array [:toarray ""] :if ([:typeof...
by rextended
Thu Sep 16, 2021 11:40 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1116

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

Ok, now we waiting @ishanjain if this solution is good for him...
by rextended
Thu Sep 16, 2021 11:35 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 25
Views: 5099

Re: WinBox v3.31 released!

Without open any device from "Tool / Check For Updates" ?
by rextended
Thu Sep 16, 2021 11:25 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1116

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

Is possible to find updated list for facebook, twitter, etc here: Facebook and Instagram, 3 ASN https://bgp.he.net/AS32934#_prefixes https://bgp.he.net/AS54115#_prefixes https://bgp.he.net/AS63293#_prefixes Blocking Facebook also block part of WhatsApp, but WhatsApp have also his own pool. WhatsApp ...
by rextended
Thu Sep 16, 2021 11:20 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1116

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

a mere route in routing table main is sufficient
Not...
Sorry, but my rules are structured on that way for change all gateway with one click, just on one position,
instead of open one-by-one single route to change each gateway for each IP...
by rextended
Thu Sep 16, 2021 11:14 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1116

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

Are not required any rules or setting. simply: FACEBOOK /ip route rule add action=drop dst-address=102.132.112.0/24 add action=drop dst-address=102.132.113.0/24 add action=drop dst-address=102.132.114.0/24 add action=drop dst-address=102.132.115.0/24 add action=drop dst-address=102.132.116.0/24 add ...
by rextended
Thu Sep 16, 2021 11:05 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1116

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

like this:
/ip route rule
add action=drop dst-address=157.240.210.0/24


Until the service do not use CDN that have same IP for multile services, block ASN IPs drop all.
by rextended
Thu Sep 16, 2021 11:02 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1116

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

I use at my home the /ip route rule to drop all ASN like Facebook / WhatsApp, Twitter, Instagram and some Google parts like Doubleclick and googleadservices.com
(but do not say that to @msatter :lol: )
by rextended
Thu Sep 16, 2021 10:55 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1116

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

also him have freetime :lol:
by rextended
Thu Sep 16, 2021 10:50 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1116

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

The rule I wrote working also for RouterOS itself (if IP set on NTP client are put obviously on route rule dst-address) without change nothing. If the output is generated from RouterOS, still go at the end on routing. My rule are easy because nothing other count. Simply I want that IP reachable by a...
by rextended
Thu Sep 16, 2021 10:39 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1116

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

The source IP that need the NTP info do not count, if the ISP on WAN1 block NTP,
the NTP servers defined on list (that are the dst-nation of the request started from PCs)
are forced to be reachable from lte-vlan gateway
by rextended
Thu Sep 16, 2021 10:32 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1116

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

Modify that accordingly your needs and paste it on terminal. Legend: 3.3.3.3 / 6.6.6.6 / 7.7.7.7 NTP servers used from computers /ip route rule add dst-address=3.3.3.3/32 table=ntp add dst-address=6.6.6.6/32 table=ntp add dst-address=7.7.7.7/32 table=ntp /ip route add distance=1 gateway=<put-lte-gat...
by rextended
Thu Sep 16, 2021 10:22 pm
Forum: SwOS
Topic: Configuration needed to pass iSCSI? Windows says 'connection failed'
Replies: 16
Views: 888

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

I do not understand if you have understanded or not that you can not log iSCSI traffic passing through RouterBOARD,
but this is only for log iSCSI traffic on RouterOS installed on x86 (also x86_64) machine than phisically have iSCSI...
by rextended
Thu Sep 16, 2021 9:55 pm
Forum: Scripting
Topic: Script Error
Replies: 8
Views: 477

Re: Script Error

Remember on /system logging to save the warning/error logs on DISK file, or you lost that info on reboot (you can not send e-mail or sms if lte1 not work) ltestatus added for warn only one time when status change :global ltestatus :if ([:typeof $ltestatus] = "nothing") do={:set ltestatus &...
by rextended
Thu Sep 16, 2021 9:47 pm
Forum: Scripting
Topic: Script Error
Replies: 8
Views: 477

Re: Script Error

Missing lte interface cause previous script to fail... give me 10 minutes... this is wrong: /interface list print count-only where name= LTE at least /interface print count-only where type="lte" (or /interface print count-only where name="lte1") or /interface lte print count-only...
by rextended
Thu Sep 16, 2021 9:41 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 25
Views: 5099

Re: WinBox v3.31 released!

Have you considered that it is a bug and needs to be fixed? I can not post on the forum what is really needed for such a long "paste" and I have to provide an example to replicate the bug. Whereas the first thing the script does is delete everything in the router, including the "file&...
by rextended
Thu Sep 16, 2021 7:45 pm
Forum: Scripting
Topic: Script Error
Replies: 8
Views: 477

Re: Script Error

Is not a "type", is a submenu / section, like on /interface wireless you find the dedicated section for... wireless /interface show all type of interfaces, usually the menu is less rich than the dedicated section for each type of interfaces. This script work on both way: disable and enable...
by rextended
Thu Sep 16, 2021 7:41 pm
Forum: General
Topic: Audit my input firewall
Replies: 44
Views: 1634

Re: Audit my input firewall

Really output rules are hard to see on some place...
Output are connection initiated from Router CPU (like resolve DNS name) and is hard to think something that Router generate for bad purpose...
by rextended
Thu Sep 16, 2021 7:26 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 25
Views: 5099

Re: WinBox v3.31 released!

Ok, but if I write on topic opened from MikroTik staff, at least I expect someone read it. No need to send mail because the bug is well explained and reproducible. ********************** This is scream? >>> What's new in v3.31: You do not only remove "big font" (110%) of 3rd line but also ...
by rextended
Thu Sep 16, 2021 6:43 pm
Forum: General
Topic: Why firewall rules are so important...
Replies: 12
Views: 1341

Re: Why firewall rules are so important...

You apparently haven't tried Shodan. Yes, because I usually try to help than abuse... :) My opinion about showing or not (ignoring the fact that, exposed the version or not, on 2 seconds all hack method can be tested)... This question is really useless, like the debate about what color a van should...
by rextended
Thu Sep 16, 2021 6:11 pm
Forum: General
Topic: Why firewall rules are so important...
Replies: 12
Views: 1341

Re: Why firewall rules are so important...

@Joni... I WOULD NEVER THINK IT WAS SO EASY... :shock: :shock: :shock: :shock: :shock: :shock: :shock: Google will take care of them looking for you... Easy life for hacker... About display version or not : WHAT IS THE PROBLEM? Simply try all the hack, who stops you? I open just for joke one link: \...
by rextended
Thu Sep 16, 2021 6:00 pm
Forum: RouterOS v7 BETA
Topic: PLEASE MikroTik made NetInstall version for Docker....
Replies: 41
Views: 2424

Re: PLEASE MikroTik made NetInstall version for Docker....

Is like other dozen of requested feature: nothing.
Better do something active than waiting for nothing...
by rextended
Thu Sep 16, 2021 5:56 pm
Forum: SwOS
Topic: feature request - https for webui
Replies: 11
Views: 2634

Re: feature request - https for webui

@Paternot is not the OP, and the op do not have one CSS but one CRS317-1G-16S+RM
by rextended
Thu Sep 16, 2021 5:53 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 25
Views: 5099

Re: WinBox v3.31 released!

from 3.28 changelog
*) fixed WinBox disconnect when large text was pasted into terminal window;
This bug introduced on 3.28 is still present:
viewtopic.php?f=21&t=175783#p862289

Reported also for 3.29 and 3.30 but nothing change.
by rextended
Wed Sep 15, 2021 11:59 pm
Forum: General
Topic: Audit my input firewall
Replies: 44
Views: 1634

Re: Audit my input firewall

Don't worry about Containers for Docker, I asked a colleague to study how it works :lol:
by rextended
Wed Sep 15, 2021 9:48 pm
Forum: General
Topic: Audit my input firewall
Replies: 44
Views: 1634

Re: Audit my input firewall

Yes, like capsman, are not required if you do not use that service.

Really I not see any hole on your config, only some redundant rules.

This is why you can say "for many years no problem"

I hope @anav find something, if I haven't seen it
by rextended
Wed Sep 15, 2021 9:42 pm
Forum: General
Topic: Audit my input firewall
Replies: 44
Views: 1634

Re: Audit my input firewall

L2TP.....
# those rules are for WAN or LAN?
this applies to the WAN
Yes, "I think is wanted behaviour" :)
by rextended
Wed Sep 15, 2021 9:40 pm
Forum: General
Topic: Audit my input firewall
Replies: 44
Views: 1634

Re: Audit my input firewall

About forward rules: # on top of forward chain I do not see this default rules add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy" add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy" # this ...
by rextended
Wed Sep 15, 2021 9:33 pm
Forum: General
Topic: Audit my input firewall
Replies: 44
Views: 1634

Re: Audit my input firewall

About input rules: # missing this, but if you not use capsman, no problem: add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)" # those are useless, or are needed only if the Allowed-IP are not on interface that not are on LAN group:...
by rextended
Wed Sep 15, 2021 9:24 pm
Forum: General
Topic: Audit my input firewall
Replies: 44
Views: 1634

Re: Audit my input firewall

The !LAN is a VERY POWERFULL CHOICE!!!

Ah... POWERFULL... :lol: I need some grammar corrector on browser...
This is not Poker.... or not? :lol: :lol: :lol:
by rextended
Wed Sep 15, 2021 9:17 pm
Forum: General
Topic: Audit my input firewall
Replies: 44
Views: 1634

Re: Audit my input firewall

To make it more obvious why dont they have a default rule after this rule which states. add action= accept chain=input comment="defconf: allow all else coming from LAN" in-interface-list=LAN because the LAN traffic has already been matched by the previous rule. ALL LAN Traffic has already...
by rextended
Wed Sep 15, 2021 9:16 pm
Forum: General
Topic: Audit my input firewall
Replies: 44
Views: 1634

Re: Audit my input firewall

@anav 8)

Now can I have a docker containainer that automatically selects the right IP subnet mask please. :-)
but... i do not understand... really....
by rextended
Wed Sep 15, 2021 8:54 pm
Forum: General
Topic: Audit my input firewall
Replies: 44
Views: 1634

Re: Audit my input firewall

I also suggest @Greenfun2 to put the default rules on the same initial place, for example, if is invalid, can't be "established,related,untracked" Moving invalid drop before "established,related,untracked" you only slow traffic, no one type of advantage (except if 51% of your tra...
by rextended
Wed Sep 15, 2021 8:54 pm
Forum: General
Topic: Audit my input firewall
Replies: 44
Views: 1634

Re: Audit my input firewall

I hope you read after "On the OP "export": on previous topic
by rextended
Wed Sep 15, 2021 8:38 pm
Forum: General
Topic: Audit my input firewall
Replies: 44
Views: 1634

Re: Audit my input firewall

@johnson73 Someone please explain me where is the point on default configuration that permit DNS from WAN, or why on default configuration is needed to drop incoming DNS request from WAN on input chain... https://forum.mikrotik.com/viewtopic.php?f=13&t=175129&p=856824#p856824 /ip firewall f...
by rextended
Wed Sep 15, 2021 8:31 pm
Forum: RouterOS v7 BETA
Topic: fastpath support on x86 or CHR
Replies: 1
Views: 326

Re: fastpath support on x86 or CHR

https://wiki.mikrotik.com/wiki/Manual:Fast_Path

Fast path allows to forward packets without additional processing in the Linux kernel. It improves forwarding speeds significantly.

For fast path to work, interface support and specific configuration conditions are required.
by rextended
Wed Sep 15, 2021 7:39 pm
Forum: SwOS
Topic: feature request - https for webui
Replies: 11
Views: 2634

Re: feature request - https for webui

The switch support already SSH, HTTPS on RouterOS, simply use already included RouterOS instead of SwOS...
by rextended
Wed Sep 15, 2021 6:54 pm
Forum: General
Topic: 2 separate networks - no internet access
Replies: 6
Views: 464

Re: 2 separate networks - no internet access

Something makes me coin a new term: two-duplicate-posts-and-go user
by rextended
Wed Sep 15, 2021 6:42 pm
Forum: Scripting
Topic: remove pppoe user with matched realm.
Replies: 4
Views: 355

Re: remove pppoe user with matched realm.

Ok... well explained.... :lol:

/ppp active remove [find where name~"@admin.com"]
by rextended
Wed Sep 15, 2021 6:22 pm
Forum: General
Topic: Block internet traffic except some URLs
Replies: 14
Views: 652

Re: Block internet traffic except some URLs

Please don't make the language an obstacle to understanding, I'm not English. I understood both times what you wrote, but that doesn't change what I wrote: 1) No post within the topic was created by a support user, 2) It is useless because it considers the remote site as the source of a new connecti...
by rextended
Wed Sep 15, 2021 5:59 pm
Forum: Scripting
Topic: remove pppoe user with matched realm.
Replies: 4
Views: 355

Re: remove pppoe user with matched realm.

please explain better, what you mean for realm? @xxx.xx after the username?

the user must be disconnected or
removed from where? user-manager? internal ppp secret?

explain better
by rextended
Wed Sep 15, 2021 5:52 pm
Forum: General
Topic: Block internet traffic except some URLs
Replies: 14
Views: 652

Re: Block internet traffic except some URLs

Besides the petty squabbling, I dont see how the firewall rule would block https: (external) IP on blocked list or IP not on allowed list Can firewall rules see inside https URLs ?? @anav , if done correctly, it can block all traffic to the destination IP, it can block everything, https, ping, ftp,...
by rextended
Wed Sep 15, 2021 5:39 pm
Forum: General
Topic: Block internet traffic except some URLs
Replies: 14
Views: 652

Re: Block internet traffic except some URLs

How is it useless? I provided an alternate firewall rule that blocks all forwarded from a single IP that is not in the the address list. This would include any forwarded DNS requests. So folks just live to be arrogant and rude I suppose... Apparently, you first... @2frog , you are arrogant and you ...
by rextended
Wed Sep 15, 2021 5:27 pm
Forum: General
Topic: Block internet traffic except some URLs
Replies: 14
Views: 652

Re: Block internet traffic except some URLs

In the thread send by the Mikrotik Support https://forum.mikrotik.com/viewtopic.php?t=161562 the solved answer are "src-port" and "src-address-list"....¿why?...we don't know) Send by the Mikrotik Support??? I do not see anyone inside that topic from mikrotik support, and also th...
by rextended
Wed Sep 15, 2021 5:20 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 6411

Re: WinBox v3.30 released!

Before post, read what already posted if some problem is already noticed, and the download link... read what already posted
by rextended
Wed Sep 15, 2021 3:54 pm
Forum: General
Topic: Block internet traffic except some URLs
Replies: 14
Views: 652

Re: Block internet traffic except some URLs

@2frogs is useless, as on OP: ... action=drop chain=forward ... protocol=tcp ... src-port=443 this do NOT BLOCK DNS instead the OP treath outocoming traffic like is incoming: /ip firewall filter ... drop ... forward ... src -address-list=!WebsPermitidas src -port=443 must be dst , destination addres...
by rextended
Wed Sep 15, 2021 1:19 pm
Forum: Scripting
Topic: channel-width and wireless-protocol from SNMP
Replies: 4
Views: 362

Re: channel-width and wireless-protocol from SNMP

At least you can read something like 5180/20/ac using: band=.1.3.6.1.4.1.14988.1.1.1.3.1.8. <wlan interface index> iso.org.dod.internet.private.enterprises.mikrotik.mikrotikExperimentalModule.mtXRouterOs.mtxrWireless.mtxrWlApTable.mtxrWlApEntry.mtxrWlApBand. <wlan interface index> You can get it by ...
by rextended
Wed Sep 15, 2021 1:05 pm
Forum: Scripting
Topic: channel-width and wireless-protocol from SNMP
Replies: 4
Views: 362

Re: channel-width and wireless-protocol from SNMP

The last .1 is the <wlan interface index> You can not read by SNMP what is not present here. /interface wireless print oid tx-rate=.1.3.6.1.4.1.14988.1.1.1.3.1.2.1 rx-rate=.1.3.6.1.4.1.14988.1.1.1.3.1.3.1 ssid=.1.3.6.1.4.1.14988.1.1.1.3.1.4.1 bssid=.1.3.6.1.4.1.14988.1.1.1.3.1.5.1 client-count=.1.3....
by rextended
Wed Sep 15, 2021 12:56 pm
Forum: Scripting
Topic: Sorted array of files [SOLVED]
Replies: 11
Views: 709

Re: Sorted array of files [SOLVED]

Ah, Ok, for coincidence the "7" is a part of serial number censored??? :lol:
by rextended
Wed Sep 15, 2021 12:51 pm
Forum: Scripting
Topic: Sorted array of files [SOLVED]
Replies: 11
Views: 709

Re: Sorted array of files [SOLVED]

I made this for you, just call $dobackup :global dobackup do={ /system clock :local strDate [get date]; :local strTime [get time] :local arrMonths {jan="01";feb="02";mar="03";apr="04";may="05";jun="06";jul="07";aug="08";...
by rextended
Wed Sep 15, 2021 12:42 pm
Forum: Scripting
Topic: Sorted array of files [SOLVED]
Replies: 11
Views: 709

Re: Sorted array of files [SOLVED]

Is MikroTik7 because you use it on 7.x version? You can use the function date2ymd also when you do the backup, if the function is shorter than your methods to obtain YYYY-MM-DD also on backup, if you want automatize name, you can also use $[/sys id get itentity] instead of hardcoded mikrotik7-test n...
by rextended
Wed Sep 15, 2021 12:33 pm
Forum: Scripting
Topic: Sorted array of files [SOLVED]
Replies: 11
Views: 709

Re: Sorted array of files [SOLVED]

Yes, but speaking about "files" the correct order for determine what is older is the date ;)
The backup can have any name.
by rextended
Wed Sep 15, 2021 11:25 am
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 20741

Re: Mēris botnet information

If I wrote a malware, it would be the first thing I would do to take away the passwords stored in "Windows Vault" / WinBox / Dude / Firefox, Google, Edge passwords saved on the browser, e-mail passwords saved on thunderbird, outlook, etc.
by rextended
Wed Sep 15, 2021 10:29 am
Forum: Scripting
Topic: ✂ Rextended Fragments of Snippets
Replies: 3
Views: 1800

Re: ✂ Rextended Fragments of Snippets

wireless on off with mode button https://forum.mikrotik.com/viewtopic.php?f=7&t=115078&p=857648#p857648 create directory and subdirectory https://forum.mikrotik.com/viewtopic.php?f=9&t=151644&p=878316#p878368 mac ping results saved on variable https://forum.mikrotik.com/viewtopic.php...
by rextended
Wed Sep 15, 2021 10:25 am
Forum: General
Topic: Block internet traffic except some URLs
Replies: 14
Views: 652

Re: Block internet traffic except some URLs

Configure your internal network as hotspot, and use walled-garden
by rextended
Wed Sep 15, 2021 10:17 am
Forum: Scripting
Topic: Sorted array of files [SOLVED]
Replies: 11
Views: 709

Re: Sorted array of files [SOLVED]

Thanks, you let me discovery an hack to sort the array on just 2/3 lines of code :)
by rextended
Wed Sep 15, 2021 2:29 am
Forum: SwOS
Topic: Configuration needed to pass iSCSI? Windows says 'connection failed'
Replies: 16
Views: 888

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Too complex,
I just notice this:

is wanted this .99.x without provide a gateway?
/ip dhcp-server network
add address=192.168.99.0/24 dns-server=192.168.99.1

paste this on terminal
/system logging
remove [find where topics=iscsi]
by rextended
Wed Sep 15, 2021 2:20 am
Forum: Scripting
Topic: Sorted array of files [SOLVED]
Replies: 11
Views: 709

Re: Sorted array of files [SOLVED]

search tag # rextended hack sort file by date date2ymd Based on my scripts: https://forum.mikrotik.com/viewtopic.php?f=9&t=75555#p876568 Step 1 [DONE] : convert all backup filenames and date to a 2D array and convert the date from mmm-DD-YYYY to YYYY-MM-DD: Step 2 [DONE] : sort the array by YYYY...
by rextended
Tue Sep 14, 2021 7:49 pm
Forum: General
Topic: DoH overrides DNS Static RegEx
Replies: 8
Views: 889

Re: DoH overrides DNS Static RegEx

The problem is the FWD itself...
If DoH is used, is a nonsense use unsigned FWD replies...

Is why on help page is clearly indicated...
by rextended
Tue Sep 14, 2021 7:40 pm
Forum: General
Topic: Need help creating a package
Replies: 2
Views: 388

Re: Need help creating a package

The forum is not a correct way to start and manage one new ISP.
Hire a consulent for that or do some courses.
by rextended
Tue Sep 14, 2021 7:39 pm
Forum: Beginner Basics
Topic: How do I create a package?
Replies: 2
Views: 334

Re: How do I create a package?

You start every day a new topic for the same?
viewtopic.php?f=2&t=178502

The forum is not a correct way to start and manage one new ISP.
Hire a consulent for that or do some courses.
by rextended
Tue Sep 14, 2021 4:20 pm
Forum: Wireless Networking
Topic: Motel internet infrastructure
Replies: 12
Views: 819

Re: Motel internet infrastructure

really I just say use one CCR (Cloud Core Router) just after ISP router (if replaces ISP router is better) and about the switch, is right, only CRS (Cloud Router Switch)...
But about the AP and the right number, must be see on place with tests.
by rextended
Tue Sep 14, 2021 3:41 pm
Forum: Wireless Networking
Topic: Motel internet infrastructure
Replies: 12
Views: 819

Re: Motel internet infrastructure

What you expect?
Someone than works free for you?

One-thing-over-all:
One AP for floor? Without physical test is impossible to say if are working "as expected"...
by rextended
Tue Sep 14, 2021 3:29 pm
Forum: General
Topic: Feature Request: Firewall Rules visual grouping
Replies: 3
Views: 376

Re: Feature Request: Firewall Rules visual grouping

But is already present, use filter...
Select what is the only chain you want see... done.
by rextended
Tue Sep 14, 2021 3:21 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 1623

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Another user talk about GRE attack started from some days, also Mēris,
probably are that?
by rextended
Tue Sep 14, 2021 10:29 am
Forum: RouterOS v7 BETA
Topic: comment in export for broken reference
Replies: 4
Views: 387

Re: comment in export for broken reference

Is not a 7 prerogative, also on 6 the same: pri Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 I 6.6.6.6/24 6.6.6.0 *B export /ip address add address=6.6.6.6/24 network=6.6.6.0
by rextended
Tue Sep 14, 2021 10:21 am
Forum: RouterOS v7 BETA
Topic: PLEASE MikroTik made NetInstall version for Docker....
Replies: 41
Views: 2424

Re: PLEASE MikroTik made NetInstall version for Docker....

@mducharme
You're writing what I think
by rextended
Tue Sep 14, 2021 10:19 am
Forum: RouterOS v7 BETA
Topic: PLEASE MikroTik made NetInstall version for Docker....
Replies: 41
Views: 2424

Re: PLEASE MikroTik made NetInstall version for Docker....

The fast way to launch netinstall remotely is to make one EoIP tunnel between my office and the remote switch where the device must be netinstalled...
Slower? Ahhh.....
by rextended
Tue Sep 14, 2021 10:14 am
Forum: RouterOS v7 BETA
Topic: PLEASE MikroTik made NetInstall version for Docker....
Replies: 41
Views: 2424

Re: PLEASE MikroTik made NetInstall version for Docker....

Is logical that is not the only device present on-site...

Is obvious than the netinstall on a container is used to install another machine.

About power failure, is obvious that is it not a domestic case...
by rextended
Tue Sep 14, 2021 10:03 am
Forum: General
Topic: Constant Reboots
Replies: 3
Views: 377

Re: Constant Reboots

RouterOS version? (software)
RouterBOOT version? (BIOS)
by rextended
Tue Sep 14, 2021 9:58 am
Forum: RouterOS v7 BETA
Topic: PLEASE MikroTik made NetInstall version for Docker....
Replies: 41
Views: 2424

Re: PLEASE MikroTik made NetInstall version for Docker....

I have all device powered from 8P, 16P or 24P RouterBOARDs, on default I set all device /partitions set [find] fallback-to=etherboot # this is RouterOS default /sys routerboard settings set boot-device=nand-if-fail-then-ethernet But the point is not only to netinstall devices with problems, but neti...
by rextended
Tue Sep 14, 2021 9:52 am
Forum: RouterOS v7 BETA
Topic: PLEASE MikroTik made NetInstall version for Docker....
Replies: 41
Views: 2424

Re: PLEASE MikroTik made NetInstall version for Docker....

I think they wish to run the Linux netinstall binary in a docker container.
E-X-A-C-T-L-Y

NetInstall is more sicure than upgrade, and can clean all what must not be present, if something has happen on "remote" past...
by rextended
Tue Sep 14, 2021 1:44 am
Forum: Scripting
Topic: Feature Request: Please add on-up and on-down scripts events to all interfaces
Replies: 4
Views: 478

Re: Feature Request: Please add on-up and on-down scripts events to all interfaces

for example:

you ever try to ping a layer 2 link with netwatch?

or try to ping an internal devices than you not know the IP previously?
by rextended
Mon Sep 13, 2021 10:17 pm
Forum: General
Topic: Crticial: Mikrotik Not Log all Parameters Changes - Do you need How is Possible
Replies: 1
Views: 321

Re: Crticial: Mikrotik Not Log all Parameters Changes - Do you need How is Possible

Be patient and wait, on V7 is also reported what is changed, (I doubt is backported on 6.4x) on meantime use my method: every device export config to a sftp server each hour, a scheduler inside linux machine compare export saved as master with latest version, except first line (that contain date &am...
by rextended
Mon Sep 13, 2021 7:27 pm
Forum: Forwarding Protocols
Topic: RP Filter - Strict and Loose
Replies: 1
Views: 287

Re: RP Filter - Strict and Loose

The packet are blocked if, coming from WAN, have one of the internal IP, like is impossible to be real a packet coming from wan side with a source 192.168.10.22, if you have 192.168.10.0/24 used on internal LAN, and is blocked. Any other type of source IP are not blocked. (This is valid also on publ...
by rextended
Mon Sep 13, 2021 6:50 pm
Forum: Wireless Networking
Topic: Find specific SSID using Scan function [SOLVED]
Replies: 6
Views: 1080

Re: Find specific SSID using Scan function [SOLVED]

Is not casual I say "No." on #2 post On 6.47.10, and up, you can save scan to file and read results for furter analisys, the as-value is added from 7.? { /interface wireless scan wlan1 duration=5 save-file=tempscan.txt :local filecontent [/file get [/file find where name="tempscan.txt...
by rextended
Mon Sep 13, 2021 6:48 pm
Forum: RouterOS v7 BETA
Topic: PLEASE MikroTik made NetInstall version for Docker....
Replies: 41
Views: 2424

Re: PLEASE MikroTik made NetInstall version for Docker....

I do not have any experience on Docker... sorry :)
by rextended
Mon Sep 13, 2021 5:20 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 6411

Re: WinBox v3.30 released!

I have described on another topic how to schedule a auto-reload backup when starting critical procedures than inevitably disconnect winbox and safe mode clear all work done.
by rextended
Mon Sep 13, 2021 5:16 pm
Forum: Beginner Basics
Topic: Cannot SSH from LAN to outside devices - strange [SOLVED]
Replies: 8
Views: 567

Re: Cannot SSH from LAN to outside devices - strange [SOLVED]

Yes, more you think the connection is secure (and open to entire world),
more is probable the connection is hacked on 1st vulnerabilty finded and not revealed to the world...
by rextended
Mon Sep 13, 2021 3:11 pm
Forum: SwOS
Topic: Configuration needed to pass iSCSI? Windows says 'connection failed'
Replies: 16
Views: 888

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

I ask a moderator to move the topic, better than start new, not?
by rextended
Mon Sep 13, 2021 3:10 pm
Forum: SwOS
Topic: Configuration needed to pass iSCSI? Windows says 'connection failed'
Replies: 16
Views: 888

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

eheh... true... but every time the exports always have some surprises, like a script that sends e-mails with mail, password and server written inside...
by rextended
Mon Sep 13, 2021 3:06 pm
Forum: Beginner Basics
Topic: Cannot SSH from LAN to outside devices - strange [SOLVED]
Replies: 8
Views: 567

Re: Cannot SSH from LAN to outside devices - strange [SOLVED]

Do not leave SSH open to the whole world, specify the source address, or at least one address list of trusted source IPs,
or better use SSH after you are Wireguarded inside... :lol:
by rextended
Mon Sep 13, 2021 3:02 pm
Forum: SwOS
Topic: Configuration needed to pass iSCSI? Windows says 'connection failed'
Replies: 16
Views: 888

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

@mkx, I suggest you to add also:
NEVER POST ON FORUM until you have open the file and censored (not deleted) all sensible parts.

Because hide-sensitive do not hide all the sensitive data...
Public IP, e-mail, IPsec passwords, for example, are not removed...
by rextended
Mon Sep 13, 2021 2:58 pm
Forum: Beginner Basics
Topic: Cannot SSH from LAN to outside devices - strange [SOLVED]
Replies: 8
Views: 567

Re: Cannot SSH from LAN to outside devices - strange [SOLVED]

You destroy all outgoing traffic with this rule:
/ip firewall nat
add action=dst-nat chain=dstnat comment=SSH dst-port=22 protocol=tcp to-addresses=192.168.2.10 to-ports=22
Every SSH connection than transit on the router are redirected to 192.168.2.10
by rextended
Mon Sep 13, 2021 2:51 pm
Forum: SwOS
Topic: Configuration needed to pass iSCSI? Windows says 'connection failed'
Replies: 16
Views: 888

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Is the same, you can not log iSCSI traffic on RouterOS log facility.
by rextended
Mon Sep 13, 2021 2:08 pm
Forum: SwOS
Topic: Configuration needed to pass iSCSI? Windows says 'connection failed'
Replies: 16
Views: 888

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

My SwOS is a CRS326 and I have enabled the iSCSI topic in System->Log, set to 'memory'. So far haven't seen any log come up in it though. SwOS do not have any firewall inside, or I'm wrong? ONE MOMENT... iscsi log INSIDE SwOS??? SwOS do not log any iSCSI traffic... The log facility is generic for a...
by rextended
Mon Sep 13, 2021 1:57 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 1623

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Ah, the problem is on the "default" style Canvas, happen when a [ code ] block is near another block of any type, like [ b ] bold.

>fixed, thanks!<
by rextended
Mon Sep 13, 2021 1:46 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 1623

Re: 📌 Configuration to block users that tries to access router on non open port(s)

PS I can not use prerouting in standard firwall, only raw, and in raw, I can not use trapit.
Is why on raw I put "!tcp" :)
by rextended
Mon Sep 13, 2021 1:44 pm
Forum: Wireless Networking
Topic: Is there a way to force/encourage clients to use 5GHz if 2.5GHz gets crowded?
Replies: 10
Views: 640

Re: Is there a way to force/encourage clients to use 5GHz if 2.5GHz gets crowded?

Decrease TX power of 2,4GHz, and cross the fingers because all are depending on software used on smartphone.
by rextended
Mon Sep 13, 2021 1:38 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 1623

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Also another suggestion can be, if you have some spare unused Public IP, use it as Honeypot. Every IP try to contact the Honeypot, is a scan o something wrong for sure... (also define a whitelist of own addresses) /ip firewall raw add action=add-src-to-address-list address-list=FW_BLOCK_HONEYPOT add...
by rextended
Mon Sep 13, 2021 1:23 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 1623

Re: 📌 Configuration to block users that tries to access router on non open port(s)

If I do not remember wrong, tarpit do not consume anything on local router, simply leave each tarpitted connection in waiting state on the remote router, consuming remote router resources... I suggest to other users that read this post, to never reply with "reject" when drop something, exc...
by rextended
Mon Sep 13, 2021 10:15 am
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 20741

Re: Mēris botnet information

(I'm curious to know from now how many people will use the password "#My sUp3R(!) Secr37 P@ssword" :) )
by rextended
Sun Sep 12, 2021 9:25 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 20741

Re: Mēris botnet information

Nothing to add, is true, thanks.
by rextended
Sun Sep 12, 2021 6:23 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 20741

Re: Mēris botnet information

@mozerd, I invented "How to download only one piece of file at a time with /tool fetch and put it inside a variable" https://forum.mikrotik.com/viewtopic.php?f=9&t=177530 If I didn't, @msatter would have nothing to work with... I made the code available to everyone, but it's not really...
by rextended
Sun Sep 12, 2021 6:15 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 28
Views: 9194

Re: Hairpin NAT - the easy way

1) I do not use hairpin nat and what I do is not any form of hairpin nat, and not have nothing to do about hairpin nat. 2) Is like I must rewrite again what already I wrote on this topic... https://forum.mikrotik.com/viewtopic.php?f=23&t=172380#p869441 https://forum.mikrotik.com/viewtopic.php?f=...
by rextended
Sun Sep 12, 2021 3:51 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 28
Views: 9194

Re: Hairpin NAT - the easy way

I never say open the internal DNS to WAN side, simply force all LAN side to use RouterBOAD internal DNS.
by rextended
Sun Sep 12, 2021 4:32 am
Forum: The Dude
Topic: Dude images
Replies: 3
Views: 572

Re: Dude images

I do not know, use the default images present as models
by rextended
Sat Sep 11, 2021 11:56 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 20741

Re: Mēris botnet information

I know when the blacklists I use are updated, simly do not update at same time, nothing particularly difficult...

That's arguing semantics.
You're starting to write like a troll.
Have you just registered to disturb?
Nobody forces you to use published scripts.
by rextended
Sat Sep 11, 2021 11:51 pm
Forum: General
Topic: Backup
Replies: 2
Views: 342

Re: Backup

You already write it: it does not encrypt if the password is not set...

If anyone thinks it's encrypted, they think wrong.
by rextended
Sat Sep 11, 2021 11:49 pm
Forum: General
Topic: Renaming the comment in pppoe client simply the connection is closed
Replies: 3
Views: 350

Re: Renaming the comment in pppoe client simply the connection is closed

also on wireless...

if you change comments, SOME type of interface are disabled and re-enabled
by rextended
Sat Sep 11, 2021 11:47 pm
Forum: Scripting
Topic: Feature Request: Please add on-up and on-down scripts events to all interfaces
Replies: 4
Views: 478

Feature Request: Please add on-up and on-down scripts events to all interfaces

Please add on-up and on-down scripts events to all interfaces,
like
ether1
wlan1
lte1
etc.

Thanks.
by rextended
Sat Sep 11, 2021 11:45 pm
Forum: General
Topic: is connection-tracking full ?
Replies: 5
Views: 515

Re: is connection-tracking full ?

@Znevna
i do not notice that...

I hope the user upgrade at least to 6.47.10...
by rextended
Sat Sep 11, 2021 11:31 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 20741

Re: Mēris botnet information

I have invented that method, and is not a hack, is just how http protocol work... How to download only one piece of file at a time with /tool fetch and put it inside a variable https://forum.mikrotik.com/viewtopic.php?f=9&t=177530 "fetch" is already planned to be managed in the future ...
by rextended
Sat Sep 11, 2021 5:04 pm
Forum: General
Topic: ?? How to renew SIP registration / connection from PBX after WAN failover ??
Replies: 5
Views: 432

Re: ?? How to renew SIP registration / connection from PBX after WAN failover ??

This close all tracked connection to previous WAN on connection-tracking, because often SIP use only UDP and until the connection is tracked to old WAN IP, do not work. This is wrong: /ip firewall connection remove [find] This is correct because prevent errors for tracking already closed during run ...
by rextended
Sat Sep 11, 2021 3:49 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 28
Views: 9194

Re: Hairpin NAT - the easy way

For FORCE all DNS passing trough the Router to be solved from the RouterBOARD internal DNS except (!) all the traffic already from/to Ruoterboard itself...
by rextended
Sat Sep 11, 2021 3:42 pm
Forum: General
Topic: Trigger Script when LTE receives IP address
Replies: 8
Views: 583

Re: Trigger Script when LTE receives IP address

The "easy" soluction is: MikroTik must add on-up and on-down on all interface (also ethernet, wlan, etc.)
by rextended
Sat Sep 11, 2021 3:30 pm
Forum: General
Topic: is connection-tracking full ?
Replies: 5
Views: 515

Re: is connection-tracking full ?

the timeout are reset each time a packet travel on connection

some timeout for me are excessive

set timeout like what is suggested here, but set TCP estabilished timeout to 1h instead of 1 day:
Image
https://blog.apnic.net/2021/06/24/how-t ... imization/
by rextended
Sat Sep 11, 2021 3:23 pm
Forum: General
Topic: ?? How to renew SIP registration / connection from PBX after WAN failover ??
Replies: 5
Views: 432

Re: ?? How to renew SIP registration / connection from PBX after WAN failover ??

Each time the WAN change, you must delete all expired connection tracking:
/ip fire conn
:foreach idc in=[find where timeout>60] do={
 remove [find where .id=$idc]
}
by rextended
Sat Sep 11, 2021 3:20 pm
Forum: RouterOS v7 BETA
Topic: PLEASE MikroTik made NetInstall version for Docker....
Replies: 41
Views: 2424

PLEASE MikroTik made NetInstall version for Docker....

PLEASE MikroTik made NetInstall version for Docker....
by rextended
Sat Sep 11, 2021 3:16 pm
Forum: The Dude
Topic: Dude images
Replies: 3
Views: 572

Re: Dude images

on winbox on dude/files directory create a folder "images" and then put the images on (disk1)/dude/files/images do not use dude/files/default because is deleted and renewed for each dude start for create the folders on winbox create the images/image.png structure on windows, then drag &...
by rextended
Sat Sep 11, 2021 3:11 pm
Forum: General
Topic: Hairpin Nat
Replies: 2
Views: 407

Re: Hairpin Nat

if the internal network is on your control, use on dhcp the router as DNS and put a static DNS that resolve mynames.dns to internal IP instead the external,
and you do not need the hairpin (and no NAT rules at all for this)
by rextended
Sat Sep 11, 2021 3:07 pm
Forum: General
Topic: How to find the origin of a Packet marks ? [SOLVED]
Replies: 6
Views: 601

Re: How to find the origin of a Packet marks ? [SOLVED]

if you use it on some rule, when you deselect the field mark, that value still on internal memory database.
if you do not find it on export, delete all mangle all re-import it from export
by rextended
Sat Sep 11, 2021 2:59 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 20741

Re: Mēris botnet information

Netinstall work also remotely...
If you have at least on control one device, you can netinstall remotely the others...
Obviously exceptions apply.
by rextended
Sat Sep 11, 2021 2:52 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 118
Views: 29020

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

I slow my version because I want also manage fetch errors (thanks for msatter for the idea of identify inside the type of list) (I never see a msatter thanks to me for the method for download a file only one piece at time) https://forum.mikrotik.com/viewtopic.php?f=2&t=178355&p=878643#p87864...
by rextended
Sat Sep 11, 2021 3:29 am
Forum: Scripting
Topic: Identity by [Part] IP-Address [SOLVED]
Replies: 8
Views: 965

Re: Identity by [Part] IP-Address [SOLVED]

Not so much :-P , you only forget to convert the interface from label to ID because get do not support the direct use of name

[find where interface=$interfaceName]

the rest is only preference on how I coding. :D
by rextended
Sat Sep 11, 2021 2:41 am
Forum: Scripting
Topic: concatenate values to create variable name
Replies: 1
Views: 320

Re: concatenate values to create variable name

search tag # rextended dynamic variables This: :global $wan1 1; :put ("wanSta" . $wan1); give two errors: first one because the $ on front of wan1 is forbiden when declaring a global or local variable (I use 6.47.10) second because the wan1 is undefined on second line for the reason writed...
by rextended
Sat Sep 11, 2021 2:29 am
Forum: Scripting
Topic: Identity by [Part] IP-Address [SOLVED]
Replies: 8
Views: 965

Re: Identity by [Part] IP-Address [SOLVED]

I kept it short and simple... I hope it helps ! :local InterfaceID "bridge1" :if ([/ip dhcp-client get $InterfaceID address] != nil) do={ } The script can not work. Fixed script: #----------------------------------------- :local interfaceName "ether1" :local prefix "MT-&quo...
by rextended
Sat Sep 11, 2021 2:20 am
Forum: Scripting
Topic: Identity by [Part] IP-Address [SOLVED]
Replies: 8
Views: 965

Re: Identity by [Part] IP-Address [SOLVED]

You can put on "dhcp-client / advanced / script" this, it also update the identity everytime you changed the assigned IP to that device: :if ($bound = 1) do={ :local part ($"lease-address" << 24) :local part [:pick $part 0 [:find $part "." -1]] /system identity set name...
by rextended
Sat Sep 11, 2021 12:30 am
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 6411

Re: WinBox v3.30 released!

Disabling all execpt one, I obtain muiltiple random selections...
(on IP Firewall NAT)
by rextended
Sat Sep 11, 2021 12:23 am
Forum: General
Topic: Trigger Script when LTE receives IP address
Replies: 8
Views: 583

Re: Trigger Script when LTE receives IP address

The DHCP client can run a script, see https://help.mikrotik.com/docs/display/ROS/DHCP#DHCP-DHCPClient Assuming than the user use a standard MikroTik device like SXT-R with R11e-LTE, the lte1 (on default configuration) do not need any DHCP client... If the user refer to other models not specified is...
by rextended
Sat Sep 11, 2021 12:21 am
Forum: General
Topic: Trigger Script when LTE receives IP address
Replies: 8
Views: 583

Re: Trigger Script when LTE receives IP address

Is not possible to add a script to lte1 interface like other ppp connections. You can check on scheduled script if the interface are obtained the IP or not: :if ([:len [/ip add find where interface=lte1]] > 0) do={ :put "IP obtained" } else={ :put "waiting for IP" }
by rextended
Fri Sep 10, 2021 11:41 pm
Forum: General
Topic: Reject the connection to a local machine from outside.
Replies: 28
Views: 1120

Re: Reject the connection to a local machine from outside.

Domodial... Paste this on terminal (use 1.1.1.1 is faster, 8.8.8.8 for failover; 1.1.1.1 is not valid for NTP; Your logging section have all disabled): /ip dns set servers=1.1.1.1,8.8.8.8 /system logging set [find] disabled=no /system ntp client set primary-ntp=51.68.44.27 secondary-ntp=162.159.200....
by rextended
Fri Sep 10, 2021 11:32 pm
Forum: General
Topic: Reject the connection to a local machine from outside.
Replies: 28
Views: 1120

Re: Reject the connection to a local machine from outside.

Domodial. I edited your last post as you used <<quote>> instead of <<code>> tag and therefore your config was 1 meter long on my screen. for a forum bug the [ code ] sections must be placed at least 3 new line away. I use "board style: Canvas" example no new line between (or 1 or 2 lines)...
by rextended
Fri Sep 10, 2021 11:29 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 20741

Re: Mēris botnet information

On GRE you can omit only the local source, but you must specify the remote address...
The source can be spoofed, but I hope no one extabilish GRE link on Internet without at least IPsec...
by rextended
Fri Sep 10, 2021 7:01 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 20741

Re: Mēris botnet information

The most entry point is the same username and password on all devices after 4 years...
by rextended
Fri Sep 10, 2021 6:30 pm
Forum: General
Topic: How is default config allowing Winbox access?
Replies: 8
Views: 673

Re: How is default config allowing Winbox access?

When you remove the interface from bridge (LAN group),
for be used as another LAN access,
you may also add ether on interface group LAN
or is correctly dropped al traffic because is not WAN and is not LAN.
by rextended
Fri Sep 10, 2021 4:12 pm
Forum: General
Topic: hEX en ports all slaves but en1 & 2, how to send to freedom? [SOLVED]
Replies: 10
Views: 646

Re: hEX en ports all slaves but en1 & 2, how to send to freedom? [SOLVED]

Reading #8
viewtopic.php?f=2&t=178366#p878949
is like he solved, but do not have signed the topic as solved???
by rextended
Fri Sep 10, 2021 3:39 pm
Forum: General
Topic: Do I need to contact support@mikrotik.com directly to get answers about the forum itself? [SOLVED]
Replies: 17
Views: 1301

Re: Do I need to contact support@mikrotik.com directly to get answers about the forum itself? [SOLVED]

I don't have a warning score displayed there. Is that good or not?
Clearly Good ;)
by rextended
Fri Sep 10, 2021 3:37 pm
Forum: General
Topic: Do I need to contact support@mikrotik.com directly to get answers about the forum itself? [SOLVED]
Replies: 17
Views: 1301

Re: Do I need to contact support@mikrotik.com directly to get answers about the forum itself? [SOLVED]

The moderator do not think that the reply of the 18 (not 30) open topics for the same identical thing do not deserve same reply? :lol: :lol: :lol:
viewtopic.php?f=2&t=178304#p877936
by rextended
Fri Sep 10, 2021 2:31 pm
Forum: Scripting
Topic: Add static Dns console
Replies: 3
Views: 512

Re: Add static Dns console

/ip dns set servers=([/ip dns get servers],1.1.1.1)
  • 1
  • 2
  • 3
  • 4
  • 5
  • 20