Community discussions

MikroTik App

Search found 4803 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 17
by rextended
Fri Jul 30, 2021 11:11 am
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 70
Views: 5764

Re: Does quouting quotes of quotes in consecutive post make any sense?

Also this forum can do that, but I do not understand why quote heder and strikeout are striked out...
by rextended
Fri Jul 30, 2021 10:59 am
Forum: Wireless Networking
Topic: Chateau LTE12 antenna gain
Replies: 2
Views: 22

Re: Chateau LTE12 antenna gain

Max is 23dBm on your country. 23dBm / 2 chain = Max 20dBm for chain (yes 20, is logaritmic) You can not set antenna gain on values minors than the true gain hardcoded on software, or values can cause you can transmit at more allowed power for your country. If your country force the use of 6 on anten...
by rextended
Fri Jul 30, 2021 10:43 am
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 30
Views: 11669

Re: Torrent blocking working in y2020

It's a ovebooking problem for some ISP... Have a 50Mbps and try to sell 10Mbps to 100 users... When 5 of 100 users use torrents, the uplink is full and all users complain... Also, using NOT WELL CONFIGURED torrent, can cause more incoming packet on gateway than the client have the right to use and t...
by rextended
Fri Jul 30, 2021 10:30 am
Forum: General
Topic: Locked out due to vlan filtering
Replies: 6
Views: 241

Re: Locked out due to vlan filtering

Try on MGMT port winbox over MAC address, put directly the 1ST or the last MAC on the label under the router.
Can eighboor discovery turned off but MAC server still active...
by rextended
Fri Jul 30, 2021 10:16 am
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 70
Views: 5764

Re: Does quouting quotes of quotes in consecutive post make any sense?

Decreased nesting level, enabled smilies, have fun and stop arguing :D
Thank you for accepting my suggestion!

Good work.
by rextended
Thu Jul 29, 2021 10:14 pm
Forum: General
Topic: Block Ping request
Replies: 31
Views: 15365

Re: Block Ping request

But with all the seriousness... why people block ICMP? It is the same person who tries to limit torrents nowadays or insists on restricting sites on the internet with layer7... With the bandwidth available these days, compared to the past, only blocking malformed ICMPs makes sense (ehm... read the ...
by rextended
Thu Jul 29, 2021 10:09 pm
Forum: General
Topic: Block Ping request
Replies: 31
Views: 15365

Re: Block Ping request

It's not a photomanipulation...
Is TRUE....
by rextended
Thu Jul 29, 2021 8:16 pm
Forum: General
Topic: R11e-LTE6 Registration Status Denied
Replies: 7
Views: 174

Re: R11e-LTE6 Registration Status Denied

you set something fixed?
some provider do not like when the user can't be moved between radio and blacklist the device out...
Sorry for my poor english....
by rextended
Thu Jul 29, 2021 8:14 pm
Forum: Beginner Basics
Topic: Not keeping APN
Replies: 4
Views: 125

Re: Not keeping APN

Understand, but without connection you can not upgrade.
Probably on 6.43 newer products like LTE6 are unsupported.
Put back 4G and upgrade?
by rextended
Thu Jul 29, 2021 8:07 pm
Forum: Beginner Basics
Topic: memory 0 MiB
Replies: 2
Views: 82

Re: memory 0 MiB

Already @anav asked you in February what your provider is and you didn't answer him.
by rextended
Thu Jul 29, 2021 8:03 pm
Forum: General
Topic: R11e-LTE6 Registration Status Denied
Replies: 7
Views: 174

Re: R11e-LTE6 Registration Status Denied

registration status denied = SIM not working as expected or your provider do not permit the registration on the network
by rextended
Thu Jul 29, 2021 8:02 pm
Forum: Beginner Basics
Topic: Not keeping APN
Replies: 4
Views: 125

Re: Not keeping APN

Again: RouterOS and RouterBOOT version?
by rextended
Thu Jul 29, 2021 8:01 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 168
Views: 39380

Re: Advanced Routing Failover without Scripting

1b) If I'm not sure if coming back faulty gateway the disrupted connections works again...
by rextended
Thu Jul 29, 2021 7:56 pm
Forum: General
Topic: Block Ping request
Replies: 31
Views: 15365

Re: Block Ping request

I did not know that in Canada they are so sexist that the woman is pictured with shopping bags !!!!!!!!! And they put, in order of preference, Women, Wi-Fi, Money and Food... :))))))) https://c8.alamy.com/comp/2D8GP2C/halifax-seaport-information-direction-sign-at-the-farmers-market-and-cruise-ship-t...
by rextended
Thu Jul 29, 2021 7:50 pm
Forum: General
Topic: Block Ping request
Replies: 31
Views: 15365

Re: Block Ping request

Not only on France:

Image
by rextended
Thu Jul 29, 2021 7:45 pm
Forum: Scripting
Topic: Force Server Binding
Replies: 2
Views: 76

Re: Force Server Binding

Well done, thanks

It's the same thing I would have used as answer.
by rextended
Thu Jul 29, 2021 7:42 pm
Forum: Beginner Basics
Topic: Block or Limit Torrents
Replies: 10
Views: 240

Re: Block or Limit Torrents

Simply let the user use the line that pays you.
by rextended
Thu Jul 29, 2021 7:39 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 168
Views: 39380

Re: Advanced Routing Failover without Scripting

1) This is more clear: ALL IS BROKEN, and all (related to the inactive gateway) the connections memorized on connection-track are all invalid, but the system do not clear it until single timeout for each connection is reached. 2) NO, simply can't have a complete list on "when", but are not...
by rextended
Thu Jul 29, 2021 7:32 pm
Forum: Wireless Networking
Topic: Block gateway access from connected wifi clients,
Replies: 5
Views: 135

Re: Block gateway access from connected wifi clients,

on IP firewall RAW add prerouting rule: if src-address=192.168.88.0/24 and dst-address=192.168.1.1 protocol=tcp dst-port=20,21,22,23,80,443 on action select drop
by rextended
Thu Jul 29, 2021 7:27 pm
Forum: Beginner Basics
Topic: Block or Limit Torrents
Replies: 10
Views: 240

Re: Block or Limit Torrents

I stopped doing this several years ago.
The programs have adapted to the countermeasures
and now everything is encrypted and uses standard ports used from other services...
by rextended
Thu Jul 29, 2021 7:10 pm
Forum: The Dude
Topic: change passwords of the devices
Replies: 9
Views: 292

Re: change passwords of the devices

Can not be defined on device property, add more tools / WinBox Function for each port required call it WinBox, WinBox 48291, etc. Original: winbox.exe [Device.FirstAddress] [Device.UserName] [Device.Password] Modified for use port 48291: winbox.exe [Device.FirstAddress]:48291 [Device.UserName] [Devi...
by rextended
Thu Jul 29, 2021 7:05 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 168
Views: 39380

Re: Advanced Routing Failover without Scripting

1) All connection on connection-track and the others are broken, I made some script for clear all "EX" connections, useful for SIP and the others.
2) Yes and not, is not the only reason, like "ping" on external IP
3) 10 seconds
by rextended
Thu Jul 29, 2021 6:51 pm
Forum: Beginner Basics
Topic: Block or Limit Torrents
Replies: 10
Views: 240

Re: Block or Limit Torrents

You ask effective, with this assumption, the reply is NO
by rextended
Thu Jul 29, 2021 6:40 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 8
Views: 3682

Re: Hairpin NAT - the easy way

Add another hostname to your server and you need to change everything again. No... simply open, copy, modify, save, the single DNS static rule. Remove hostname from server, put it somewhere else and watch how everything in your LAN fails, because you forget to remove static entry from router and it...
by rextended
Thu Jul 29, 2021 6:23 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 70
Views: 5764

Re: Does quouting quotes of quotes in consecutive post make any sense?

3
2
1
Is this a trick? Line 4 is actually the same length as line 1 right??
You quote and the 5 disappear, I quote and the 4 disappar, set limit from 5 to 2 remove 99% of useless overquote....
by rextended
Thu Jul 29, 2021 6:08 pm
Forum: Beginner Basics
Topic: No connection after wrong backup file loaded [SOLVED]
Replies: 3
Views: 101

Re: No connection after wrong backup file loaded [SOLVED]

...ping...
@mkx Very Thanks!

Windows version defaults are "do not keep old configuration" and "do not set default values"
Linux appear to have set as default "keep old configuration" and "set default values if old configuration is not keeped"
by rextended
Thu Jul 29, 2021 5:50 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 8
Views: 3682

Re: Hairpin NAT - the easy way

For those examples please ignore grammar errors and any consideration about security or limitating access. Example 1) Internal webserver is reachable worldwide from www.vattelappesca.rex all the Public DNS resolve www.vattelappesca.rex to Public IP 123.45.67.89 That IP is not on RouterBOARD directly...
by rextended
Thu Jul 29, 2021 5:31 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 70
Views: 5764

Re: Does quouting quotes of quotes in consecutive post make any sense?

5
4
3
2
1

I Insist: Simply change on the phpbb administrator panel the limit of max nested quotes from 5 to 2...
by rextended
Thu Jul 29, 2021 5:20 pm
Forum: RouterOS v7 BETA
Topic: Bridge to Wireguard interface
Replies: 3
Views: 123

Re: Bridge to Wireguard interface

Reddit is the new "users forum" for MikroTik?
by rextended
Thu Jul 29, 2021 5:10 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 70
Views: 5764

Re: Does quouting quotes of quotes in consecutive post make any sense?

It's about :mrgreen: the unicode 🧔 works indipendenlty... :)
by rextended
Thu Jul 29, 2021 1:11 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 70
Views: 5764

Re: Does quouting quotes of quotes in consecutive post make any sense?

At this point why not use cleartext and remove HTML?
Also why strikeout is missing, and must be done manually?
by rextended
Thu Jul 29, 2021 12:44 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 70
Views: 5764

Re: Does quouting quotes of quotes in consecutive post make any sense?

If still necessary the 3rd, 4th and 5th layer of quotes, I have doubts about the intelligence of people who do not remember what they wrote before or the laziness of going to review the third layer... Also smile are disabled, but if is needed:    फ ¯\_(ツ)_/¯ For me limiting the max nested quote to 2...
by rextended
Thu Jul 29, 2021 12:38 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 70
Views: 5764

Re: Does quouting quotes of quotes in consecutive post make any sense?

But a reply to one-liner do not report again the 3rd nested long post if the one-liner reply to the reply...
by rextended
Thu Jul 29, 2021 12:24 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 70
Views: 5764

Re: Does quouting quotes of quotes in consecutive post make any sense?

...
Simply change on the phpbb administrator panel the limit of nested quotes from 5 to 2?
by rextended
Thu Jul 29, 2021 11:23 am
Forum: Wireless Networking
Topic: Block gateway access from connected wifi clients,
Replies: 5
Views: 135

Re: Block gateway access from connected wifi clients,

Is misunderstandable if your Router have 192.168.1.1 as address, or your Router have 192.168.1.x and another gateway have 192.168.1.1 as IP On 2nd case client do not comunicate directly to 192.168.1.1 but are NATted from router and he source IP address is not client address but Router address (192.1...
by rextended
Thu Jul 29, 2021 1:20 am
Forum: The Dude
Topic: change passwords of the devices
Replies: 9
Views: 292

Re: change passwords of the devices

On post # 4 I have already provided the instruction for do that, read and understand:

viewtopic.php?f=8&t=177166#p869620
by rextended
Thu Jul 29, 2021 1:17 am
Forum: Beginner Basics
Topic: Dual wan
Replies: 9
Views: 256

Re: Dual wan

4a) If is intended use VLAN for provide connection trough VLAN to the all device on LAN, is possible 4b) Other strange meanings: NO Thanks for your reply 1) failover will do fine, but how much time it will take to detect and change? 2) sorry about the typo. 3) what I meant is no data without VPN to...
by rextended
Thu Jul 29, 2021 12:15 am
Forum: General
Topic: How to covert int to hex type value and save it in a string?
Replies: 12
Views: 1339

Re: How to covert int to hex type value and save it in a string?

I hope you like those functions
by rextended
Wed Jul 28, 2021 8:58 pm
Forum: General
Topic: Two providers. Unstable behavior. [SOLVED]
Replies: 9
Views: 209

Re: Two providers. Unstable behavior. [SOLVED]

Ah, ok I misunderstand for labels ;)
by rextended
Wed Jul 28, 2021 8:56 pm
Forum: Beginner Basics
Topic: VPN not working on Passthrough Fixed-LTE connection
Replies: 6
Views: 165

Re: VPN not working on Passthrough Fixed-LTE connection

Sorry, but I do not do that.
If you want help ask on forum,
is full of users also with more knowledge than me.
by rextended
Wed Jul 28, 2021 8:52 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 124
Views: 13168

Re: v7 launch date

To be a moderator is not need to be a staff member
by rextended
Wed Jul 28, 2021 7:57 pm
Forum: The Dude
Topic: change passwords of the devices
Replies: 9
Views: 292

Re: change passwords of the devices

Your reply is vague...
Again:
You want change inside The Dude the saved username and/or password on displayed Devices
OR
you want change username and/or password on the remote devices displayed on The Dude?
by rextended
Wed Jul 28, 2021 7:50 pm
Forum: General
Topic: Auto Failover is not working Properly
Replies: 5
Views: 148

Re: Auto Failover is not working Properly

@feranmi
The OP never cite BGP...
by rextended
Wed Jul 28, 2021 7:07 pm
Forum: General
Topic: Two providers. Unstable behavior. [SOLVED]
Replies: 9
Views: 209

Re: Two providers. Unstable behavior. [SOLVED]

You can use this as start, removing all your actual routes, route rules and mangles /ip dns set servers=1.1.1.1,8.8.8.8 /ip route add comment="A - 1.1.1.1 must be reachable only from ISP1" distance=1 dst-address=1.1.1.1/32 gateway=85.XXX.XXX.1 scope=10 add comment="B - Recursive Routi...
by rextended
Wed Jul 28, 2021 6:51 pm
Forum: Beginner Basics
Topic: VPN not working on Passthrough Fixed-LTE connection
Replies: 6
Views: 165

Re: VPN not working on Passthrough Fixed-LTE connection

If your provider give private Ip than a public ip, you must ask the provider for open vpn,
is impossbile to open from remote to local if double nat is present, without ask the provider
by rextended
Wed Jul 28, 2021 6:34 pm
Forum: General
Topic: Is blocking websites by URL really impossible?
Replies: 12
Views: 262

Re: Is blocking websites by URL really impossible?

@mkx, please check if redacted version is better
Instead of writing...



IDP:
ZyWALL Intrusion Detection and Prevention (IDP)
by rextended
Wed Jul 28, 2021 6:24 pm
Forum: General
Topic: Is blocking websites by URL really impossible?
Replies: 12
Views: 262

Re: Is blocking websites by URL really impossible?

not everybody implemented that part.
Is the true, but for be short I do not want write that, because on future we can't count on that...

@anav IDP for Deep Packet Inspection (DPI)? :?

@NSimpraga IPS / IDS, stands for Intrusion Detection System & Intrusion Prevention System ???
by rextended
Wed Jul 28, 2021 6:22 pm
Forum: General
Topic: Is blocking websites by URL really impossible?
Replies: 12
Views: 262

Re: Is blocking websites by URL really impossible?

And about
  • Layer7 ...
  • Mangle ... using the Layer7 protocol inspector
  • Firewall ... drop the marked packets/connections
Is better to put directly on /firewall filter the "drop if layer7 contain"
by rextended
Wed Jul 28, 2021 6:14 pm
Forum: General
Topic: Is blocking websites by URL really impossible?
Replies: 12
Views: 262

Re: Is blocking websites by URL really impossible?

Why this provocatory question "really impossible?" Is already wroten dozen of time on dozeon of post. Fact for HTTP/HTTPS URL: Block only domain withouot know the full url: On HTTPS with TLS 1.2 or less: possilble with SNI On HTTPS with TLS 1.3 or higher: actually possible like 1.2, but on...
by rextended
Wed Jul 28, 2021 6:10 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 124
Views: 13168

Re: v7 launch date

...it was a scandal if even the site owner was able to change someone else's post...
I ask somethig to hide accidental revealed private data for security,
is not a scandal, is a need.
by rextended
Wed Jul 28, 2021 6:07 pm
Forum: General
Topic: NAT HAIRPIN
Replies: 8
Views: 218

Re: NAT HAIRPIN

Can't do that without bill... :))
by rextended
Wed Jul 28, 2021 5:50 pm
Forum: Beginner Basics
Topic: VPN not working on Passthrough Fixed-LTE connection
Replies: 6
Views: 165

Re: VPN not working on Passthrough Fixed-LTE connection

Ask NEOTEL / Liquid Telecom if block that services.
Also the provider page do not work as expected and have ssl certificate expired...
https://www.neotel.co.za
by rextended
Wed Jul 28, 2021 5:28 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 124
Views: 13168

Re: v7 launch date

Already this forum can be used:

Simply add buglist topic and a list of post for each error and linked separate topic to discuss every problem...
by rextended
Wed Jul 28, 2021 4:49 pm
Forum: General
Topic: NAT HAIRPIN
Replies: 8
Views: 218

Re: NAT HAIRPIN

>...<
by rextended
Wed Jul 28, 2021 4:10 pm
Forum: General
Topic: Changing Audience Led color to Red
Replies: 8
Views: 227

Re: Changing Audience Led color to Red

I have test on Audience RBD25G-5HPacQD2HPnD first revision (not /r2 or /r3) Tested also with 6.48.3, no user-led exist Coming back to point: NOTICE: Like you do not write RouterOS version, you do not write also the exact version of Audience you have... For example SXT family have more than 20 differ...
by rextended
Wed Jul 28, 2021 4:01 pm
Forum: General
Topic: Locked out due to vlan filtering
Replies: 6
Views: 241

Re: Locked out due to vlan filtering

Simply put a pc on MGMT port and use WinBox?
by rextended
Wed Jul 28, 2021 3:44 pm
Forum: General
Topic: Changing Audience Led color to Red
Replies: 8
Views: 227

Re: Changing Audience Led color to Red

by rextended
Wed Jul 28, 2021 3:32 pm
Forum: General
Topic: Enable control of "Audience" color LED via ROS
Replies: 4
Views: 2048

Re: Enable control of "Audience" color LED via ROS

You can already do that, example: /system leds add leds=user-led:red type=on add leds=user-led:blue type=off This makes the LED pure red color. Please, can provide more detail about "user-led:red" ? I have test on Audience RBD25G-5HPacQD2HPnD first revision (not /r2 or /r3 if any) I try A...
by rextended
Wed Jul 28, 2021 3:28 pm
Forum: General
Topic: Changing Audience Led color to Red
Replies: 8
Views: 227

Re: Changing Audience Led color to Red

But Audience (I have check, on disbelief, before made my previous post!!!..) do not have any configurable led... NOT on CLI and NOT on WinBox... Ah... My Audience have 6.47.10, but the topic opener forget to say the RouterOS version, as usual... (I try also 6.48.3, 6.49beta54 and 7.1beta7 upgrading ...
by rextended
Wed Jul 28, 2021 3:17 pm
Forum: General
Topic: Find hostname between vlan
Replies: 12
Views: 689

Re: Find hostname between vlan

A good configuration for that is documented here.
But ... just do "my" A-B-C, 3 route Failover, instead of filling the routerboard with useless rules.
For what?
If it's just failover (as written in the guide) what does everything else have to do with it?
by rextended
Wed Jul 28, 2021 3:00 pm
Forum: General
Topic: Find hostname between vlan
Replies: 12
Views: 689

Re: Find hostname between vlan

Hope can make different channel for each SSID (right now all SSID still used master wlan) This can not be maded (on same AP, same wlan). /ip route add check-gateway=ping distance=1 gateway=8.8.8.8 target-scope=30 add distance=1 gateway=192.168.1.1 add distance=2 gateway=192.168.2.1 add distance=1 d...
by rextended
Wed Jul 28, 2021 2:43 pm
Forum: General
Topic: Udp Packet Size Problem Mikrotik Forward
Replies: 2
Views: 97

Re: Udp Packet Size Problem Mikrotik Forward

what method you use to connect to your ISP?
by rextended
Wed Jul 28, 2021 2:28 pm
Forum: Beginner Basics
Topic: Dual wan
Replies: 9
Views: 256

Re: Dual wan

WARNING for other users: I reply without considering bonding or similar... As for the SMIPS devices, for me do not have any sufficient use power What I want is 1) to add second WAN to connect and simultaneously work with WAN 1 2) so if any of them goes down none of the packages packet dropped 3) Als...
by rextended
Wed Jul 28, 2021 2:11 pm
Forum: Wireless Networking
Topic: Chateau LTE12 setup to use external lte antenna
Replies: 2
Views: 84

Re: Chateau LTE12 setup to use external lte antenna

Chateau LTE12 factory and ONLY supported versions are 7.0beta6 or 7.0.2 or 7.0.3 as MikroTik staff says. If you see 7.1betaX something as put wrong beta firmware for that device. USE SEARCH FUNCTION FIRST instead of open useless duplicate topic Until your argument was not present, it was the first r...
by rextended
Wed Jul 28, 2021 2:03 pm
Forum: General
Topic: Changing Audience Led color to Red
Replies: 8
Views: 227

Re: Changing Audience Led color to Red

Who invented this code?

Do you like to invent random commands?

Sarcasm aside, Audience has no configurable LED.
by rextended
Wed Jul 28, 2021 1:55 pm
Forum: Scripting
Topic: /tool fetch url doest work
Replies: 1
Views: 109

Re: /tool fetch url doest work

§ You forget to not send.... directories and disks... Your remote sftp create directories when are not presents? :local filelist "" /file :foreach file in=[find where type!=disk and type!=directory] do={ /tool fetch url=("sftp://XXXXXXX/$file") upload=yes user=backupuser passwor...
by rextended
Wed Jul 28, 2021 1:37 pm
Forum: The Dude
Topic: change passwords of the devices
Replies: 9
Views: 292

Re: change passwords of the devices

The section is The Dude, but your question is too vague. You talk about The Dude Device Settings or the remote devices displayed on The Dude? If you ask that question, your knowledge can be valued and the reply can be: All manual or pasting something on CLI, but still device-by-device. But if your q...
by rextended
Wed Jul 28, 2021 10:23 am
Forum: Wireless Networking
Topic: How many concurrent wireless users can support?
Replies: 20
Views: 28633

Re: How many concurrent wireless users can support?

On the MikroTik forum you ask for suggestions about other vendors?
by rextended
Wed Jul 28, 2021 10:17 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 124
Views: 13168

Re: v7 launch date

Duplicate posts are a problem because there are lazy users who instead of doing a search first and going to the right section, till create a new topic for the same thing... One example is the hundreds of "dual WAN"... But for this reason the research has become dispersed and difficult to u...
by rextended
Wed Jul 28, 2021 10:11 am
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 452

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

Try to contact support@mikrotik.com for bugtrack, thanks
by rextended
Tue Jul 27, 2021 7:33 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 452

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

The rules on WinBox are drag&droppable
and on CLI are moveable...

after a print,
move 125 destination=20
move rule numer 125 just before rule 20
by rextended
Tue Jul 27, 2021 7:24 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 337

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

You remember well, only from 6.4something is posible to use FQDN on /ip firewall address list,
and that create dynamic resolved FQDN to IP, with the TTL set like what is wrote on DNS reply.
by rextended
Tue Jul 27, 2021 7:17 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 452

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

I quote myself.... The rules obviously are ordered, for each chain the order matter. dstnat and srcnat are two different chain of the NAT, like dstnat and srcnat on bridge, like prerouting and output on raw, like input, forward and output on filter, like prerouting, input, forward, output, postrouti...
by rextended
Tue Jul 27, 2021 6:40 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 452

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

Really I do not check in this case what do that's rules... Simply, I simplify on simple way what are simply simplifiable... Netmap is only for create a static 1:1 mapping of one set of IP addresses to another one. For example, can be used for distribute public IP addresses to hosts on private networ...
by rextended
Tue Jul 27, 2021 6:36 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 452

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

The rules obviously are ordered, for each chain the order matter. Did you try this, but you have noticed than not is a netmap but a dst-nat the 2nd rule? add action=src-nat chain=srcnat comment=srv1.domain.com log-prefix=srv1.domain.com out-interface=ether5 src-address=10.122.10.122 to-addresses=200...
by rextended
Tue Jul 27, 2021 4:20 pm
Forum: General
Topic: Private IP site through public IP site
Replies: 17
Views: 558

Re: Private IP site through public IP site

Yes
by rextended
Tue Jul 27, 2021 4:07 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 337

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

@Anav, I really know that, but I can make mistakes... /ip firewall nat add action=dst-nat chain=dstnat in-interface=pppoe-work dst-port=522 (for example Public IP on RouterBOARD is 4.4.4.4) to-addresses=192.168.x.x to-ports=22 (for example 192.168.2.2) packet->pppoe-work->prerouting->(hotspot-in)->r...
by rextended
Tue Jul 27, 2021 3:55 pm
Forum: General
Topic: Private IP site through public IP site
Replies: 17
Views: 558

Re: Private IP site through public IP site

On CA you can set key-usage to: key-cert-sign, crl-sign

On certificates set key-usage to: digital-signature, key-encipherment, tls-server

Like exactly what you write.
by rextended
Tue Jul 27, 2021 3:37 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 337

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

@Anav, on this case the rule influence both the input and the forward, because the NAT rule are also for redirect from RouterBOARD public IP:522 on pppoe-work, to internal 192.168.x.x:22 dst-nat ... in-interface=pppoe-work dst-port=522 ... to-addresses=192.168.x.x to-ports=22 But can be different i...
by rextended
Tue Jul 27, 2021 3:01 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 337

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

1 min reply...

In short, when one packet arrive to routerboard:
pppoe-work->raw->connection-tracking->filter

put the rule on "/firewall raw", chain prerouting
not on "/firewall filter" and clear the already connection tracked with src or dst with that address
by rextended
Tue Jul 27, 2021 2:54 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 8
Views: 3682

Re: Hairpin NAT - the easy way

I prefer to intercept all DNS request (or use for default the DNS on the Routerboard) for "www.mypublicinternalserver.net" and reply with directly the internal IP.
Also where direct public IP are used, are changed with private IP.
Done, no NAT problem.

My network, my rules...
by rextended
Tue Jul 27, 2021 1:32 pm
Forum: General
Topic: Private IP site through public IP site
Replies: 17
Views: 558

Re: Private IP site through public IP site

or it will not generate export private key for with it
by rextended
Tue Jul 27, 2021 11:04 am
Forum: Beginner Basics
Topic: ICMP Issue [SOLVED]
Replies: 8
Views: 263

Re: ICMP Issue [SOLVED]

move add action=accept chain=input comment="ACCEPT related,established" connection-state=established,related on top create (paste on terminal) and put this just under the first: /ip firewall filter add action=drop chain=input comment="defconf: DROP invalids" connection-state=inva...
by rextended
Tue Jul 27, 2021 10:50 am
Forum: Beginner Basics
Topic: ICMP Issue [SOLVED]
Replies: 8
Views: 263

Re: ICMP Issue [SOLVED]

do not exist "optimal packet size", must be a range (at least packet-size=0-1600) remove that settings.


WARNING:
add action=accept chain=input comment="ACCEPT DNS" in-interface="ether1 - WAN" protocol=udp src-port=53
expect self-destruction by DDoS
by rextended
Tue Jul 27, 2021 10:43 am
Forum: Beginner Basics
Topic: ICMP Issue [SOLVED]
Replies: 8
Views: 263

Re: ICMP Issue [SOLVED]

Screenshot say nothing... but the export talk: /ip firewall filter add action=accept chain=input comment="ACCEPT ICMP" packet-size=100 protocol=icmp Why packet size 100? Accept only ICMP with exactly that size . You also mix rules, usually est./relat. are on top, and is missing "drop ...
by rextended
Tue Jul 27, 2021 10:39 am
Forum: Beginner Basics
Topic: ICMP Issue [SOLVED]
Replies: 8
Views: 263

Re: ICMP Issue [SOLVED]

/ip firewall filter export
by rextended
Mon Jul 26, 2021 10:23 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 574

Re: Drop Invalid vs. Drop "all"

One explicit thing for be clear: I never say to remove the "invalid" filter on firewall.
by rextended
Mon Jul 26, 2021 8:26 pm
Forum: Beginner Basics
Topic: Looking up cloud.mikrotik.com every second
Replies: 23
Views: 8240

Re: Looking up cloud.mikrotik.com every second

and set all drop down menu to none,
then click on OK
by rextended
Mon Jul 26, 2021 8:21 pm
Forum: General
Topic: Different gateway for two PPPoE server instance
Replies: 12
Views: 701

Re: Different gateway for two PPPoE server instance

??? is the same line on the script on previous post... ???
by rextended
Mon Jul 26, 2021 8:20 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 574

Re: Drop Invalid vs. Drop "all"

You got "Greetigs form Italy"
by rextended
Mon Jul 26, 2021 7:56 pm
Forum: General
Topic: Dual wan with Load Balance| Fail over | Merge
Replies: 10
Views: 310

Re: Dual wan with Load Balance| Fail over | Merge

how can i do this? can you make a script for me?
hi, thanks for your response reply,
You already do it and is terribly wrong.

Is impossible to merge all bandwidth speed together from more different ISP.
by rextended
Mon Jul 26, 2021 7:49 pm
Forum: General
Topic: Different gateway for two PPPoE server instance
Replies: 12
Views: 701

Re: Different gateway for two PPPoE server instance

The routing is routing and the mangling is mangling. The "mangling" is moved on proper place, the routes rules /ip route add check-gateway=ping distance=10 gateway=172.16.4.1 add check-gateway=ping distance=10 gateway=172.16.4.1 routing-mark=PPPoE1 add check-gateway=ping distance=10 gatewa...
by rextended
Mon Jul 26, 2021 7:33 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 574

Re: Drop Invalid vs. Drop "all"

Uhm...
by rextended
Mon Jul 26, 2021 7:28 pm
Forum: General
Topic: Dual wan with Load Balance| Fail over | Merge
Replies: 10
Views: 310

Re: Dual wan with Load Balance| Fail over | Merge

no firewall and /ip dns set allow-remote-requests=yes
=
all world is not enough...
by rextended
Mon Jul 26, 2021 7:12 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 574

Re: Drop Invalid vs. Drop "all"

If I do not remember wrong, the last packet on TCP connection is not a FIN (server->client) but consecutive "last ACK" (client->server) Server: FINished! Client: ACKnowledged. And if the server do not receive ACK, close the connection after some time, depend on settings, on meantime the co...
by rextended
Mon Jul 26, 2021 7:00 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 452

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

You can reduce for example all that to: add action=src-nat chain=srcnat comment=srv1.domain.com log-prefix=srv1.domain.com out-interface=ether5 src-address=10.122.10.122 to-addresses=200.200.9.9 add action=dst-nat chain=dstnat comment="srv1.domain.com" dst-address=200.200.9.9 dst-port=20,2...
by rextended
Mon Jul 26, 2021 6:46 pm
Forum: Scripting
Topic: Command "/ip address get " not working anymore
Replies: 3
Views: 338

Re: Command "/ip address get " not working anymore

Ok, I know how clear your last doubt, if the interface can have only one IP, the result are one string and that works: :put [/ip address get [find where interface=<pppoe-xxxxxxx>] address] [rextended@MATRIX] > :put [:len [/ip address find where interface=ether1]] 1 [rextended@MATRIX] > :put [:len [/...
by rextended
Mon Jul 26, 2021 6:40 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 604

Re: Hex vs Hex S [SOLVED]

IT... ITaly country code? ;)))
by rextended
Mon Jul 26, 2021 6:27 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 452

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

About /ip settings set the rp-filter to loose. They do not influence NAT, but do not use strict if you use routing tables or complex routing. I have never had so many NAT rules on one device, and if I think that if I sum the NAT rules of all my network devices (excluding NAT on CPE), I do not reach ...
by rextended
Mon Jul 26, 2021 6:17 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 604

Re: Hex vs Hex S [SOLVED]

Here, since I know You won't listen to reason. This test was made pointing to a server hosted by another ISP, in another city. Happy now? https://www.speedtest.net/result/11785100650 @Paternot, a self-test using "Predialnet" to "PredialNet" with 0ms is really not indicative of a...
by rextended
Mon Jul 26, 2021 5:53 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 574

Re: Drop Invalid vs. Drop "all"

Yes, sorry for all for poor traduction... I try to extremely summarize without write too much why: IF some services on LAN side are opened for WAN (NATted or using directly a Public IP) Try to not drop TCP packet than appear to be with source "bogon-used-on-lan" coming from WAN directed to...
by rextended
Mon Jul 26, 2021 5:37 pm
Forum: General
Topic: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]
Replies: 8
Views: 270

Re: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]

Next step is smartphone, if have only 1 stream (1S), you can not do anything, and using "g" or "n" really do not change anything... The 72.2Mbps-20Mhz/1S/SGI probably is the max for your smartphone If you can use a smartphone with 2 strams (2 antennas inside) you can reach 100Mbi...
by rextended
Mon Jul 26, 2021 5:19 pm
Forum: General
Topic: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]
Replies: 8
Views: 270

Re: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]

do not expect so much on 2,4GHz wifi... if the datarate is, for example 54Mbps, you really can obtain a speed from 18 to 24Mbps for channel (if no interferences present) 36 to 48Mbps if you use two channel 20+20 If you want more, you need to use a 5GHz AP, but have shorter range because 5GHz are wel...
by rextended
Mon Jul 26, 2021 5:11 pm
Forum: General
Topic: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]
Replies: 8
Views: 270

Re: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]

Exactly what I wrote: You have randomly set parameters and activated eap and tkip For default are not set on that way. paste this on terminal without omit { } : { /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik set OfficePassword disable-pmkid=yes authenti...
by rextended
Mon Jul 26, 2021 5:05 pm
Forum: General
Topic: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]
Replies: 8
Views: 270

Re: Unable to connect wireless device to Mikrotik RB912UAG-2HPnD On band "Only N" [SOLVED]

You have randomly set parameters and activated eap and tkip
by rextended
Mon Jul 26, 2021 4:54 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 604

Re: Hex vs Hex S [SOLVED]

I have an hEX (not hEX S), and it is quite impressive what it does. Using PPPoE and a lot of fast path, this is what i get:

https://www.speedtest.net/result/11784560893
0ms ping? self hosted speedtest...

Do realistic speedtest..
https://www.speedtest.net/result/11784773999
by rextended
Mon Jul 26, 2021 3:02 pm
Forum: Beginner Basics
Topic: simple client setup
Replies: 15
Views: 690

Re: simple client setup

If I, @tangent and @normis has not understand what you want is because you can't explain yourself at all. Non fare il Pollo, this is user forum, who say than this is support forum? Is written everywhere, for support contact support@mikrotik.com If you buy one MikroTik device (or another brand device...
by rextended
Mon Jul 26, 2021 2:36 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 574

Re: Drop Invalid vs. Drop "all"

>retry later to explain<
by rextended
Mon Jul 26, 2021 2:14 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 604

Re: Hex vs Hex S [SOLVED]

On my home I have hEX S for routing, CRS112-8P-4S for switching, and one Audience as... AP , and two CPE, one SXTsq 5 ac as main and one DynaDish 5 for failover On hEX S i have dozen of firewall rules, http and https ad blocking, site blocking, etc. etc. etc. hEX S work really smooth, but I do not l...
by rextended
Mon Jul 26, 2021 1:43 pm
Forum: General
Topic: How to install CloudFlare origin SSL certificate on mikrotik
Replies: 4
Views: 182

Re: How to install CloudFlare origin SSL certificate on mikrotik

you can copy the rule for the port 443, but all the work is inside the server
by rextended
Mon Jul 26, 2021 1:05 pm
Forum: Scripting
Topic: Command "/ip address get " not working anymore
Replies: 3
Views: 338

Re: Command "/ip address get " not working anymore

Your command is not a workaround, simply also :pick can do what described here. [:pick array 0] = get element 0 of array (the array start with first element numbered 0) The command "get interface address" return everytime (if interface exist) one array because a single interface can have o...
by rextended
Mon Jul 26, 2021 10:14 am
Forum: General
Topic: Feature Request: RouterOS Nightly
Replies: 4
Views: 385

Re: Feature Request: RouterOS Nightly

Closed "Nightly", open only for selected persons?
by rextended
Sun Jul 25, 2021 6:56 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 13
Views: 327

Re: Network cannot be accessed after L2TP address pool change

Sincerely I have no idea, just you try to reboot the device? You can do two things at the same time, full backup first, save to pc and Upgrade to 6.47.10 last long-term, the upgrade cause RouterBOARD reboot. I ask you a courtesy, if possible, when you found the cause, write back here on forum to hel...
by rextended
Sun Jul 25, 2021 6:34 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 13
Views: 327

Re: Network cannot be accessed after L2TP address pool change

One question, you use radius also for access winbox and CLI on this device? Is set as I describe it. Sorry, on first read I miss those, paste on terminal: { /ip dhcp-server set [find] authoritative=yes /interface bridge port set [find] hw=yes } But at this point for me the RouterBOARD (ignoring old ...
by rextended
Sun Jul 25, 2021 6:25 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 13
Views: 327

Re: Network cannot be accessed after L2TP address pool change

Try to temporarly stop all drop firewall filter rules,
you sure no fixed parameters are set on remote devices?
on radius server, the profiles use the right pool name? from VPN to VPN230?
by rextended
Sun Jul 25, 2021 5:31 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 13
Views: 327

Re: Network cannot be accessed after L2TP address pool change

Paste this on terminal, without omit the { } : { /interface bridge fast-forward=yes /interface ethernet set [ find default-name=ether1 ] speed=1Gbps set [ find default-name=ether2 ] speed=1Gbps set [ find default-name=ether3 ] speed=1Gbps set [ find default-name=ether4 ] speed=1Gbps set [ find defau...
by rextended
Sun Jul 25, 2021 5:15 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 13
Views: 327

Re: Network cannot be accessed after L2TP address pool change

Apart of this problem,
I suggest first to upgrade to 6.47.10, 6.43 is too old and some hack are well know.

Now I read the export and write adout it
by rextended
Sun Jul 25, 2021 4:17 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 13
Views: 327

Re: Network cannot be accessed after L2TP address pool change

If the address are real private address and not "censored" for the forum:

Make one /export and find all the occurrencies of "250", probably you miss something.

If do not work, the problem can be one fixed settings on remote machines
by rextended
Sun Jul 25, 2021 4:13 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 874

Re: Input firewall filter prioritization [SOLVED]

Sometime I use this hack when I do not have time to VPN or others...
If Gogole is not blocked...
https://translate.google.com/translate? ... krotik.com
by rextended
Sun Jul 25, 2021 4:09 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 874

Re: Input firewall filter prioritization [SOLVED]

Can I ask you where you live?
by rextended
Sun Jul 25, 2021 4:08 pm
Forum: Useful user articles
Topic: How to: Edge router and BNG optimization for ISPs Topic is solved
Replies: 10
Views: 1550

Re: How to: Edge router and BNG optimization for ISPs Topic is solved

Well, thanks moderatos/staff to pin this topic.
by rextended
Sun Jul 25, 2021 4:01 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5597

Re: Dude connects to ROS devices every minute and then disconnects

Probably as @mkx explain on another topic my english is not so well...

Smply: Sorry.
by rextended
Sun Jul 25, 2021 3:58 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 874

Re: Input firewall filter prioritization [SOLVED]

Thanks @mkx for the courtesy of explaining ;)



@anav, but how do they come to your mind? :)))
by rextended
Sun Jul 25, 2021 2:36 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5597

Re: Dude connects to ROS devices every minute and then disconnects

If you call someone you are a juvenile jerk. I don't understand this sentence, who should I call? This is a user forum , and you keep to not understand, if you do not want opinons, do not write, You still keep this behavior because you do not understand simply this two sentences: It's perfectly nor...
by rextended
Sun Jul 25, 2021 2:25 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5597

Re: Dude connects to ROS devices every minute and then disconnects

Go ahead and write direct posts to the developers, who can't wait to come here on this topic to see what you write, but don't quote others when you do , or it seems that you write to the quoted... I doubt that they will give you the slightest listen if you have not even understood the two bold lines...
by rextended
Sun Jul 25, 2021 2:15 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5597

Re: Dude connects to ROS devices every minute and then disconnects

Everything I wrote does not apply to you Sorry, but I misunderstand, you wroted continuosly without break... Here, look at this beauty. No wonder the dude is going crazy. And now imagine if the dude has a 3000 routerboard. That is the Log of ONE RouterBOARD, not the Log of The Dude, or at most it i...
by rextended
Sun Jul 25, 2021 2:08 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5597

Re: Dude connects to ROS devices every minute and then disconnects

Also, how can you write this lie that can't repeat the problem. Who write "can't repeat the problem"??? Are you holding us fools ??? For you there is no need, you already are if you read things that I have not written ... This is a question for developers. And this is a user forum, not a ...
by rextended
Sun Jul 25, 2021 1:54 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 874

Re: Input firewall filter prioritization [SOLVED]

what are you writing? [...] I try to explain better: is for the "troll part", I want to notice to you I already have write possibly helping solution, not one "troll post". also @msatter say "It is really strange and your ISP is keeping an eye on that port because of DDos at...
by rextended
Sun Jul 25, 2021 10:26 am
Forum: Scripting
Topic: Script Not Working
Replies: 1
Views: 216

Re: Script Not Working

why [10.0.0.2] ? Simply write the IP using url "mode" and "http-method" are useless (https url = https mode, ? on ulr = get mode, post is unnecessary) This is based on another script I have revised, send only one messages when status change. :local host 10.0.0.2 :global hoststatu...
by rextended
Sun Jul 25, 2021 10:21 am
Forum: General
Topic: Static Public IP for Private Network
Replies: 4
Views: 287

Re: Static Public IP for Private Network

I do not understan what you ask, Sorry.

If all outbound go to router1 why you need to modify something on route2?
Simply let router1 to do the.. router...
by rextended
Sun Jul 25, 2021 10:05 am
Forum: General
Topic: Different gateway for two PPPoE server instance
Replies: 12
Views: 701

Re: Different gateway for two PPPoE server instance

Paste this on terminal and use this as start point. I hope I've wroted it correctly. Each line is a failover for the other, if for some reason one of the two ISP go down. /ip route add check-gateway=ping distance=10 gateway=172.16.4.1 routing-mark=PPPoE1 add check-gateway=ping distance=20 gateway=17...
by rextended
Sun Jul 25, 2021 9:43 am
Forum: General
Topic: IPv4 only network DNS issues with mobile devices [SOLVED]
Replies: 11
Views: 473

Re: IPv4 only network DNS issues with mobile devices [SOLVED]

I mean this, not on NAT but on fiilters: 6.6.6.6 is the smartphone IP just for do the test /ip fire filter add action=drop chain=forward dst-address=8.8.8.8 dst-port=53 protocol=tcp src-address=6.6.6.6 add action=drop chain=forward dst-address=8.8.8.8 dst-port=53 protocol=udp src-address=6.6.6.6 add...
by rextended
Sun Jul 25, 2021 2:40 am
Forum: General
Topic: IPv4 only network DNS issues with mobile devices [SOLVED]
Replies: 11
Views: 473

Re: IPv4 only network DNS issues with mobile devices [SOLVED]

Try to instead of redirect,
drop on firewall filter forward the direct connections from "pool of smartphone ip" to the IP 8.8.8.8 and 8.8.4.4
On this way probably the device must be forced to use internal provided IP from DHCP Server
by rextended
Sun Jul 25, 2021 1:52 am
Forum: Useful user articles
Topic: How to: Edge router and BNG optimization for ISPs Topic is solved
Replies: 10
Views: 1550

Re: How to: Edge router and BNG optimization for ISPs Topic is solved

You right, but i do not understand why some basic settings are not set as default like rp-filter=loose instead of no, permit blank/not strong password, still use "admin", just for example.
I hope 7 on new kernel work faster and stronger.
by rextended
Sun Jul 25, 2021 1:28 am
Forum: General
Topic: Route for traffic coming from pptp
Replies: 3
Views: 274

Re: Route for traffic coming from pptp

Is hard if you do not:
draw a schema with necessary data on it,
provide the relevant sections of the /export hide-sensitive from the 3 devices.
by rextended
Sun Jul 25, 2021 1:14 am
Forum: Useful user articles
Topic: How to: Edge router and BNG optimization for ISPs Topic is solved
Replies: 10
Views: 1550

Re: How to: Edge router and BNG optimization for ISPs Topic is solved

Yes, is ancient with no doubt.

6.x use the 3.3.5 May 2012

7.1beta6 use the 5.6.3 Jun 2020

8 years are one abyss on technology...


Ask moderators/staff to pin this topic
by rextended
Sun Jul 25, 2021 1:11 am
Forum: General
Topic: recover a Mikrotik over another Mikrotik (same LAN) [SOLVED]
Replies: 8
Views: 441

Re: recover a Mikrotik over another Mikrotik (same LAN) [SOLVED]

IF you do not have rebooted the router do /undo , and wait some seconds, sometimes, on router terminal until go back online as before...
by rextended
Sun Jul 25, 2021 1:07 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 874

Re: Input firewall filter prioritization [SOLVED]

Okay, I wasn't clear, I was asking you if I bothered you, like mkx want say...
by rextended
Sun Jul 25, 2021 12:50 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 874

Re: Input firewall filter prioritization [SOLVED]

what are you writing? I already suggested the same thing you suggested 13 minutes before...

I have already helped other times @Cablenut9, if I don't remember correctly he can tell you too, I don't seem to have ever bothered him,

@Cablenut9 you make it clear, please...
by rextended
Sun Jul 25, 2021 12:46 am
Forum: General
Topic: How to covert int to hex type value and save it in a string?
Replies: 12
Views: 1339

Re: How to covert int to hex type value and save it in a string?

I really appreciate this:
:local Hex "0123456789abcdef_eworm.de_ABCDEF"
[:find $Hex ... ] % 16

I was very impressed with the simplicity of the solution ....
by rextended
Sun Jul 25, 2021 12:45 am
Forum: General
Topic: How to covert int to hex type value and save it in a string?
Replies: 12
Views: 1339

Re: How to covert int to hex type value and save it in a string?

Now the forum is more rich on functions ;))
by rextended
Sun Jul 25, 2021 12:39 am
Forum: General
Topic: How to covert int to hex type value and save it in a string?
Replies: 12
Views: 1339

Re: How to covert int to hex type value and save it in a string?

You do not notice the request from @rrwakc on previous post? :))
viewtopic.php?f=2&t=57665&p=869033#p868885

I do not know why need that, but is for convert single word signed hex to integer

0xFF85 to -123
by rextended
Sun Jul 25, 2021 12:31 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 874

Re: Input firewall filter prioritization [SOLVED]

Move local wireguard on another port and change on dst-nat the incoming port 53 udp from wan to local wireguard port dst-nat is applied before routing, and routing is applied before input chain, the packet change destination port and can reach internal service on another port. https://help.mikrotik....
by rextended
Sun Jul 25, 2021 12:30 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 874

Re: Input firewall filter prioritization [SOLVED]

Ah, now with some other details I understand.
by rextended
Sun Jul 25, 2021 12:24 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 874

Re: Input firewall filter prioritization [SOLVED]

Not now, not today, but sooner or later ISP notices...


Your provider lock all UDP??? (also UDP on 53...)
by rextended
Sun Jul 25, 2021 12:20 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 874

Re: Input firewall filter prioritization [SOLVED]

Sincerely, is a very bad idea to use wireguard on port 53. As WISP I block all "53" traffic from my clients if is not directed directly to the CPE All Italian ISP are forced to do this for idiot laws wrotten from someone then totally ignore of how internet works. We do not inject or interc...
by rextended
Sun Jul 25, 2021 12:07 am
Forum: Beginner Basics
Topic: Which FW rule permits 'services'
Replies: 9
Views: 417

Re: Which FW rule permits 'services'

Really.... not..., if MAC access (winbox/telnet) is keeped active on LAN side (better if one port is leaved as MGMT ethernet) [or using CLI on console/serial port] Firewall work on layer 3, MAC on layer 2, only misconfigured layer 2 bridge/vlan/ethernet/802.1x etc. can lock the device (console/seria...
by rextended
Sat Jul 24, 2021 8:21 pm
Forum: Beginner Basics
Topic: Which FW rule permits 'services'
Replies: 9
Views: 417

Re: Which FW rule permits 'services'

The question is missing where services should be reachable, on WAN or on LAN, That rule can't be the answer because do not permit services from WAN and do not block services from LAN (ignoring other rules) I do not wrote accept from LAN , I wrote do not block services from LAN . Very big difference....
by rextended
Sat Jul 24, 2021 8:15 pm
Forum: General
Topic: Feature requests
Replies: 1374
Views: 342886

Re: Feature requests

Right!

+10
by rextended
Sat Jul 24, 2021 2:49 pm
Forum: General
Topic: Static Public IP for Private Network
Replies: 4
Views: 287

Re: Static Public IP for Private Network

If your new ISP provide only Private IP, probbly you are uable to do nothing for accept incoming connections
because you not control the (CG?)NAT of your new provider and ont hat way you are unable to open ports or services for incoming requests.
by rextended
Sat Jul 24, 2021 12:20 pm
Forum: RouterBOARD hardware
Topic: 48-Volt POE-Out switches
Replies: 19
Views: 2113

Re: 48-Volt POE-Out switches

Is for sure a typo of the translator...
by rextended
Sat Jul 24, 2021 4:22 am
Forum: Virtualization
Topic: Is there a guide on how to size the VM for CHR?
Replies: 4
Views: 343

Re: Is there a guide on how to size the VM for CHR?

Well done, nice hint!
by rextended
Sat Jul 24, 2021 4:02 am
Forum: General
Topic: time of last config change
Replies: 4
Views: 314

Re: time of last config change

No, time of last change is not available. Is not true for my point of view, because I know better some aspects of RouterOS... And for sure you know better some others aspects than me. Simply check the history action on memory, if the time of last changed config is different, than something is chang...
by rextended
Sat Jul 24, 2021 3:56 am
Forum: General
Topic: Feature Request: RouterOS Nightly
Replies: 4
Views: 385

Re: Feature Request: RouterOS Nightly

+100000000
by rextended
Sat Jul 24, 2021 3:34 am
Forum: General
Topic: How to covert int to hex type value and save it in a string?
Replies: 12
Views: 1339

Re: How to covert int to hex type value and save it in a string?

search tag # rextended int2hex num2hex integer number hexadecimal convert function Function to convert integer to hex (only positive numbers) :global num2hex do={ :local number [:tonum $1] :local hexadec "0" :local remainder 0 :local hexChars "0123456789ABCDEF" :if ($number > 0) ...
by rextended
Sat Jul 24, 2021 1:19 am
Forum: General
Topic: How to covert int to hex type value and save it in a string?
Replies: 12
Views: 1339

Re: How to covert int to hex type value and save it in a string?

Some reasoning on this... this function already exist on RouterOS, but I don't want to belittle anyone's work, it was just to let find out . using this example, the second line is for simulating one string readed from other variables. :put 0xFF85 :put [:tonum ("0x"."FF85")] The e...
by rextended
Sat Jul 24, 2021 12:49 am
Forum: RouterBOARD hardware
Topic: 48-Volt POE-Out switches
Replies: 19
Views: 2113

Re: 48-Volt POE-Out switches

For MikroTik we use MicroSet... :P This make some CCR devices compatibles with -48V: https://mikrotik.com/product/pw48v_12v85w I use it without problem on my CCR1036-12G-4S I solve the problem of -48V or using fiber or using (sorry I can not translate better) one Galvanic Insulator, it recreate anot...
by rextended
Fri Jul 23, 2021 11:02 pm
Forum: Wireless Networking
Topic: Mikrotik - Early Access beta hardware?
Replies: 13
Views: 729

Re: Mikrotik - Early Access beta hardware?

Ok, just a joke for be clear: to sign up for a) early access hardware or b) beta testing? or is or false or true = true if can not "sign up for early access hardware" still can use beta software on any all actual routerboad, new and not new (for sure not on abandoned mipsle architecture fr...
by rextended
Fri Jul 23, 2021 5:00 pm
Forum: Wireless Networking
Topic: wireless redirection
Replies: 4
Views: 358

Re: wireless redirection

Buy some ultra-cheaper tablet.....
Just one example
1024x600 50€

Or put the menu on public server and provide QR code to guests
by rextended
Fri Jul 23, 2021 4:55 pm
Forum: Wireless Networking
Topic: Mikrotik - Early Access beta hardware?
Replies: 13
Views: 729

Re: Mikrotik - Early Access beta hardware?

Just one... correction...

Yup ... buy new model any devices from your local MT distributor and you're hooked up for beta testing. Or so it seems ...
by rextended
Fri Jul 23, 2021 4:50 pm
Forum: General
Topic: Auto Run script on reset
Replies: 4
Views: 277

Re: Auto Run script on reset

@mkx described the right way to do this.

But this only works if "No Default Configuration" is not selected during the reset-configuration
by rextended
Fri Jul 23, 2021 4:39 pm
Forum: Beginner Basics
Topic: Allow Remote DNS Requests
Replies: 6
Views: 494

Re: Allow Remote DNS Requests

Would including the dynamic list which I think contains all PPPoE clients in LAN solve this issue? or create the Allow 53/udp for dynamic list and add it before the drop-all-rule be the best option? Simply add before "defconf: drop all not coming from LAN" two rule with chain input (not f...
by rextended
Fri Jul 23, 2021 4:30 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 69
Views: 74113

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

Better if you make an export and share here

do:
/export file=export
and after open it with notepad,
and after censore your identifiable data with *** (not remove anything, just censore),
share the export.rsc
by rextended
Fri Jul 23, 2021 12:01 am
Forum: Wireless Networking
Topic: Weird speed problem, bridged network
Replies: 7
Views: 430

Re: Weird speed problem, bridged network

Well done, thanks.

But really all the credit goes to you,
without your precise description of the problem, I would never have had that intuition.
by rextended
Thu Jul 22, 2021 11:39 pm
Forum: General
Topic: export admin password
Replies: 6
Views: 448

Re: export admin password

Till now you do not answer to me: what you want to do with that password, if you have already full access to the device. If you paid the device, is what you say previously, why the isp company turn off your entire network of towers which is providing internet for 600 houses??? Something smells rotte...
by rextended
Thu Jul 22, 2021 11:28 pm
Forum: Wireless Networking
Topic: Weird speed problem, bridged network
Replies: 7
Views: 430

Re: Weird speed problem, bridged network

I read all posts. What RouterOS version is used? All the same? The bridge are on WDS on on bridge mode or others? (see point 1) I can think two tings: 1) better see the exports of all 5 devices 2) when tested with only one wifi at time, no problem, when tested involving both wifi at same time, both ...
by rextended
Thu Jul 22, 2021 10:54 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 791

Re: RouterOS Rule tester?

No, infected PC (or DVR, or any IoT device, etc.) than send out packet to Internet, like fake ping from 8.8.8.8 to ip like 1.1.1.1... the simply rule "LAN to WAN allowed" if not integrated with some other settings or rules, accept that packet and send it out on internet (if rp-filter= no )...
by rextended
Thu Jul 22, 2021 10:33 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 791

Re: RouterOS Rule tester?

At least all user must enable IP Spoofing block, near all DDoS attack use that vulnerability. Today I discover that what I took for sure (set loose), for my disbelief for default are disabled... /ip settings rp-filter default is no Must be set at least to loose https://forum.mikrotik.com/viewtopic.p...
by rextended
Thu Jul 22, 2021 10:28 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 791

Re: RouterOS Rule tester?

My sense is its the responsibility and possibly within the capabilities of the ISP provider.............. You right, but not all ISP care about this... I think this has a more likely chance, in general, of stopping issues for the homeower....... https://itexpertoncall.com/additional_info/moabpre.ht...
by rextended
Thu Jul 22, 2021 10:24 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 791

Re: RouterOS Rule tester?

And the same is for mark route on mangle, when is not evitable better use routes rules When you make vlan you create more vlan interface in /interface vlan and put all together on bridge, or you directly use bridge/vlan settings (or orther function depending on hardware) ??? Is the same with firewal...
by rextended
Thu Jul 22, 2021 10:19 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 791

Re: RouterOS Rule tester?

One example over all for raw: all incoming IPs presents on blacklist or from DDoS attack.
Why bother with those? In case of attack it also consumes less CPU ...
by rextended
Thu Jul 22, 2021 9:44 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 791

Re: RouterOS Rule tester?

Do not forget "firewall raw" and move more rules as possible on that sections,

and when is possible, do not use mangle for routing, but routing rules.
by rextended
Thu Jul 22, 2021 7:11 pm
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 962

Re: Automatic backup for 100 MKT

Is not possible directly, send the previous and the actual backup and the export to a server, inside the server with some script compare both old and new export, if export are different, except first line containig time and date, send the backup Why export and not directly the backup? Because two co...
by rextended
Thu Jul 22, 2021 6:42 pm
Forum: General
Topic: No skin selectable in Winbox
Replies: 9
Views: 1237

Re: No skin selectable in Winbox

try to create /flash/skins folder and put the skin inside that folder
probably something do not correctly detect how must be called the skins folder (/skins or /flash/skins)?
by rextended
Thu Jul 22, 2021 6:21 pm
Forum: General
Topic: export admin password
Replies: 6
Views: 448

Re: export admin password

Your friend probably doesn't want to be fired... What you write is a perfect try to steal password. As full admin you can change any password. If you not want steal the password to gain fraudolent access to other devices of the same company, why is it a problem not to know or change another user's p...
by rextended
Thu Jul 22, 2021 5:18 pm
Forum: Scripting
Topic: Incomprehensible behavior of Netwatch and a script that imitates it.
Replies: 10
Views: 426

Re: Incomprehensible behavior of Netwatch and a script that imitates it.

You use same global variable name vdsdown on two script or inside another active netwatch???
by rextended
Thu Jul 22, 2021 5:10 pm
Forum: General
Topic: Need to hire consultant, online/remote, to create a configuration asap.
Replies: 7
Views: 395

Re: Need to hire consultant, online/remote, to create a configuration asap.

Warning: that guy use and suggest "TCP flag filter" and "drop port 0" taken from the link on my signature, https://www.daryllswer.com/edge-router-bng-optimisation-guide-for-isps/ can "Breaks the web" as DarkNate say!!! they come to forum posts etc, see some bad config w...
by rextended
Thu Jul 22, 2021 5:05 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52544

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

Maybe you can see it as a hint that you need to adjust your behavior?
You're right,
it can serve me as a lesson,
but without exaggerating ...
by rextended
Thu Jul 22, 2021 4:46 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 335
Views: 45233

Re: v7.1beta6 [development] is released!

Thanks for reply.

Replace 6 with 4 or 5 on beta6 download link
by rextended
Thu Jul 22, 2021 4:31 pm
Forum: Scripting
Topic: Incomprehensible behavior of Netwatch and a script that imitates it.
Replies: 10
Views: 426

Re: Incomprehensible behavior of Netwatch and a script that imitates it.

RouterOS version? I try on 6.47.10 and my version work as expected, the script do not create useless log. 10 seconds are too close, can overlap the executin. Use 20 seconds at least. Try to paste it directly on scheduler but... the $ after :set is still present!!! :global vdsdown :local host 192.168...
by rextended
Thu Jul 22, 2021 3:53 pm
Forum: Scripting
Topic: Incomprehensible behavior of Netwatch and a script that imitates it.
Replies: 10
Views: 426

Re: Incomprehensible behavior of Netwatch and a script that imitates it.

what's exactly is wroted inside script and scheduler?

/sys script export

/sys scheduler export
by rextended
Thu Jul 22, 2021 3:38 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 826

Re: Can't reach Winbox if Dual WAN in failover mode

@gotsprings do not worry, the forum is frequented by users who are so insolent and know-it-all, who, instead of helping, offend and compete with "who has it bigger", not caring if they go off topic, obviously those who are offended respond in turn and this full the topic with garbage that ...
by rextended
Thu Jul 22, 2021 3:24 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 335
Views: 45233

Re: v7.1beta6 [development] is released!

What device you use?
by rextended
Thu Jul 22, 2021 2:35 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52544

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

To do this, there is no need to offend or be rude.

I don't want another friend, I just want you to stop offending and be more polite.

It is against the rules of any forum to offend.

Am I asking too much?
by rextended
Thu Jul 22, 2021 2:31 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52544

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

I do not want defend my rules,
I want you to stop offend and be more polite.
by rextended
Thu Jul 22, 2021 2:25 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52544

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

@ pe1chl expressed his thoughts in a non-offensive manner. The forum is full of worst things, like you, for example, why don't you ask the staff to delete them all? Instead of being here to offend on the forum, why can't you find a job with your very high knowledge, perhaps as a teacher of the "...
by rextended
Thu Jul 22, 2021 2:15 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52544

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

You are still rude and offensive, you have to be really frustrated in your private life to offend in such a free way here on the forum. Maybe there is someone who commands you and you can't do anything about it, then try to do the same here on the forum. This does not justify offenses and bad words....
by rextended
Thu Jul 22, 2021 2:02 pm
Forum: General
Topic: Mikrotik Chateau LTE12 External Antenna problems
Replies: 15
Views: 884

Re: Mikrotik Chateau LTE12 External Antenna problems

Ok,
so it means that instead of using quickset, with the risk of accidentally changing configuration,

just simply paste this on the terminal:
/interface lte settings
set external-antenna=auto
by rextended
Thu Jul 22, 2021 1:14 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52544

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

6. Thousands of ISPs especially in Asia-Pacific, South America, South Africa etc lack knowledge and technically competent network engineers, they come to forum posts etc, see some bad config with a beautiful headline, copy/paste it and viola! Breaks the web. Why you do not ask Juniper to remove tha...
by rextended
Thu Jul 22, 2021 12:17 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52544

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

The topic is work in progress AND I accept your criticism AND I understand exactly PMTUD, your observation are considered. from RFC 8900 for example: 6. Recommendations 6.1. For Application and Protocol Developers Developers SHOULD NOT develop new protocols or applications that rely on IP fragmentat...
by rextended
Thu Jul 22, 2021 11:52 am
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52544

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

@DarkNate Where is the page on the forum where you teach to change the default "no" in the rp-filter and set it to "strict"? I asked everyone for constructive criticism, not unnecessary controversy. And about ICMP, all is start for a request about this Juniper feature https://www...
by rextended
Thu Jul 22, 2021 11:05 am
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 826

Re: Can't reach Winbox if Dual WAN in failover mode

(Please, let's not begin to see who has it longer) From the link on my signature: IP Spoofing (...) All ISPs should do this and 95% of DDoS attacks wouldn't exist ... Not all know this setting on "/ip settings" Incredibly, the default settings is rp-filter= no (probably because can't be ch...
by rextended
Thu Jul 22, 2021 10:53 am
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 962

Re: Automatic backup for 100 MKT

Actually this option on export do not exist :((
Is better if RouterOS permit to export internal users.db and cert.db for perfect backup and export to other devices...

Also why not include the internal user export when /export are done instead to
do /user export, not all users know this...
by rextended
Thu Jul 22, 2021 10:47 am
Forum: General
Topic: Need to find older swOS
Replies: 11
Views: 557

Re: Need to find older swOS

Sorry, but why you not try to use "iexplore" from start / run or on command prompt, if is windows,
or download firefox?
by rextended
Thu Jul 22, 2021 1:00 am
Forum: RouterBOARD hardware
Topic: recommendation to x86 hardware?
Replies: 6
Views: 1157

Re: recommendation to x86 hardware?

If he work with that device, he do not have time to lost with beta software
by rextended
Thu Jul 22, 2021 12:53 am
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 826

Re: Can't reach Winbox if Dual WAN in failover mode

...until i hear professionals I trust, with deep experience in MT, like MKX or sindy for example...
sindy: 2017 user #110.692
mkx: 2016 user #87.277




rextended: 2014 user #68.609
😢
by rextended
Thu Jul 22, 2021 12:45 am
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 962

Re: Automatic backup for 100 MKT

Last update: 5 years ago, really recent...
by rextended
Wed Jul 21, 2021 10:54 pm
Forum: General
Topic: Feature Request: Add Port Knocking on MikroTik App and WinBox
Replies: 5
Views: 361

Re: Feature Request: Add Port Knocking on MikroTik App and WinBox

...into the MT app... (and WinBox) Simply because is all in one place, instead use multiple apps, is possible to export simply the database from pc to app on more device, instead to configure two apps for device, for say just two reason. Simpler than that... Is not like some other demanding request...
by rextended
Wed Jul 21, 2021 10:43 pm
Forum: Wireless Networking
Topic: Nv2 AP Synchronization
Replies: 1
Views: 236

Re: Nv2 AP Synchronization

YES
by rextended
Wed Jul 21, 2021 10:37 pm
Forum: General
Topic: Feature Request: Add Port Knocking on MikroTik App and WinBox
Replies: 5
Views: 361

Re: Feature Request: Add Port Knocking on MikroTik App and WinBox

If someone ask you one beer can, and begs you not to give him H₂O, you give it a glass of water because is easier?

I have update the OP at the end, adding the Wireguard word.
by rextended
Wed Jul 21, 2021 10:21 pm
Forum: General
Topic: Feature Request: Add Port Knocking on MikroTik App and WinBox
Replies: 5
Views: 361

Feature Request: Add Port Knocking on MikroTik App and WinBox

Feature Request: Add Port Knocking on MikroTik App and WinBox https://en.wikipedia.org/wiki/Port_knocking DOES NOT MATTER IF ROUTEROS SUPPORT IT OR NOT leave us to do our rules on firewall , if possible, add it LATER direct support, for that. Example: add one field on login page for set some port co...
by rextended
Wed Jul 21, 2021 10:09 pm
Forum: General
Topic: Need to find older swOS
Replies: 11
Views: 557

Re: Need to find older swOS

Now users can use (for free!) our hAP ac² provided as a basic router,
or if they don't want to use our router (for free!), but want buy one,
they have as a requirement that it be a MikroTik RouterBOARD!!! (not SMPIS and recent) :)))
by rextended
Wed Jul 21, 2021 10:01 pm
Forum: General
Topic: Need to find older swOS
Replies: 11
Views: 557

Re: Need to find older swOS

Oh, now I understand perfectly your situation...

When we start to be WISP we don't want control over what users buy,
to try to please them as much as possible, because we have to increase the "user base"...

Now with a some thousand users, we can afford to choose and ban any sh!t... :P
by rextended
Wed Jul 21, 2021 9:33 pm
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 962

Re: Automatic backup for 100 MKT

Must clearly specified: backup = ...backup! but for a) same device, b) same software version and c) same packages active, export certificates, ssh host key, login users internal database , but not the dude database , export partially the user-manager (do not exports assigned profiles and other user-...
by rextended
Wed Jul 21, 2021 9:24 pm
Forum: Wireless Networking
Topic: nRAY vs LHG 60G
Replies: 12
Views: 1110

Re: nRAY vs LHG 60G

Why you use beta software on things than be act to simply as ethernet cable?
by rextended
Wed Jul 21, 2021 9:15 pm
Forum: General
Topic: Need to find older swOS
Replies: 11
Views: 557

Re: Need to find older swOS

MT update procedure failed with so many basic manufacturers' browsers 2.4 has some years... came out in 2016... and in 2016 "modern" browsers do not exist... all another era... The true question is, why on 6 years you try to update the device only now... (reading the changelog) For exampl...
by rextended
Wed Jul 21, 2021 8:32 pm
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 962

Re: Automatic backup for 100 MKT

Better put one scheduled script on each routerboard than send you every night at random time the email with EXPORT, not backup, or upload the export on one ftp.
by rextended
Wed Jul 21, 2021 7:52 pm
Forum: Scripting
Topic: Incomprehensible behavior of Netwatch and a script that imitates it.
Replies: 10
Views: 426

Re: Incomprehensible behavior of Netwatch and a script that imitates it.

search tag # rextended check host status evidenced errors on your script: :global vdsdown :local host 192.168.1.252 # better put the editable things up :local checkvds [/ping $host count=3] :if ( $ checkvds = 0) do={ # $ must used for call variables :if ($vdsdown != true) do={ /log warning "Hos...
by rextended
Wed Jul 21, 2021 7:09 pm
Forum: Beginner Basics
Topic: [hap ac2] - After enabling VPN client Internet goes down [SOLVED]
Replies: 2
Views: 320

Re: [hap ac2] - After enabling VPN client Internet goes down [SOLVED]

Set "Default Route Distance" to 20 on L2TP Client or disable "Add Default Route" on L2TP Client.

From screenshot:
https://www.abuseipdb.com/check/82.202.167.182
by rextended
Wed Jul 21, 2021 7:02 pm
Forum: Wireless Networking
Topic: Compatibility of mini-PCI interface wireless network card
Replies: 2
Views: 225

Re: Compatibility of mini-PCI interface wireless network card

...in our country...
...Atheros manufacturer chips...
...chip Atheros 9220...
...made in our country...
...chip also is Atheros 9220...
But all the chips are maded on China, your country....
by rextended
Wed Jul 21, 2021 6:52 pm
Forum: Wireless Networking
Topic: WiFi apple problems
Replies: 2
Views: 335

Re: WiFi apple problems

Yes, if from my android device i can access internet pages and can also load internal corporate site and this operation from windows laptop - also all works fine and from apple device (i try two different iPad and mac Mini) do not work as expected then WiFi apple problems must be solved from Apple s...
by rextended
Wed Jul 21, 2021 6:47 pm
Forum: RouterBOARD hardware
Topic: old WAP AC extreme temperatur
Replies: 3
Views: 340

Re: old WAP AC extreme temperatur

Is not the only two pieces missing... see at N-E of -42 (on picture)

Also -23 and -24 do not looking good....
by rextended
Wed Jul 21, 2021 6:19 pm
Forum: The Dude
Topic: Dude crashed, having trouble restoring data base
Replies: 10
Views: 1380

Re: Dude crashed, having trouble restoring data base

try this on file from DOS command line: C:\Users\Rextended\Desktop\BACKUP\dude>sqlite3 dude.db VACUUM C:\Users\Rextended\Desktop\BACKUP\dude>sqlite3 dude.db SQLite version 3.33.0 2020-08-14 13:23:32 Enter ".help" for usage hints. sqlite> delete from outages; sqlite> delete from chart_value...
by rextended
Wed Jul 21, 2021 6:13 pm
Forum: Scripting
Topic: hotspot add [SOLVED]
Replies: 6
Views: 351

Re: hotspot add [SOLVED]

Sorry Sir, but I can not help you.
What I have writed is only for advise you than with this few detail you hardly find someone to help you.
I'm not English and I struggle to understand...

Anyway, I wish you the best of luck, Sir.
by rextended
Wed Jul 21, 2021 6:08 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 826

Re: Can't reach Winbox if Dual WAN in failover mode

Is about "Good luck hacking that.", not for the WAN ;)
by rextended
Wed Jul 21, 2021 5:52 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 826

Re: Can't reach Winbox if Dual WAN in failover mode

@DarkNate... It's too easy for you to say that... you're not the OP...
by rextended
Wed Jul 21, 2021 5:43 pm
Forum: Beginner Basics
Topic: MikroTik Groove 52 ac not able to reset [SOLVED]
Replies: 6
Views: 314

Re: MikroTik Groove 52 ac not able to reset [SOLVED]

Sorry, but for me is broken :(
by rextended
Wed Jul 21, 2021 5:18 pm
Forum: Beginner Basics
Topic: MikroTik Groove 52 ac not able to reset [SOLVED]
Replies: 6
Views: 314

Re: MikroTik Groove 52 ac not able to reset [SOLVED]

If you "simply" power up the device, something blink?
by rextended
Wed Jul 21, 2021 5:15 pm
Forum: Beginner Basics
Topic: MikroTik Groove 52 ac not able to reset [SOLVED]
Replies: 6
Views: 314

Re: MikroTik Groove 52 ac not able to reset [SOLVED]

Answer
From what you describe, your device appear broken...
by rextended
Wed Jul 21, 2021 4:48 pm
Forum: General
Topic: Need to find older swOS
Replies: 11
Views: 557

Re: Need to find older swOS

This doesn't appear to be a helpful suggestion. Thanks, very kind, this is just an asshole answer for anyone trying to help you. But, no problem, I still try to help you. More to the point, if 2.9 and up fail to upgrade from a local file, and also fail to upgrade from over the web, it's logical to ...
by rextended
Wed Jul 21, 2021 4:39 pm
Forum: General
Topic: export admin password
Replies: 6
Views: 448

Re: export admin password

Who are you trying to fool?

Do you try to steal someone else's password to try to rip him off,
if he used the same password for his bank account, e-mail or whatever?

Nobody will help you steal this information.

A password is secret and must remain so.

At the most, if you have lost it, change it.
by rextended
Wed Jul 21, 2021 3:29 pm
Forum: Scripting
Topic: hotspot add [SOLVED]
Replies: 6
Views: 351

Re: hotspot add [SOLVED]

He was sarcastic,
I didn't understand anything.
by rextended
Wed Jul 21, 2021 3:12 pm
Forum: Scripting
Topic: hotspot add [SOLVED]
Replies: 6
Views: 351

Re: hotspot add [SOLVED]

All clear, surely...
by rextended
Wed Jul 21, 2021 3:05 pm
Forum: Beginner Basics
Topic: CHATEAU LTE12 MIMO1 and MIMO2
Replies: 32
Views: 8403

Re: CHATEAU LTE12 MIMO1 and MIMO2

@BillyVan

PLEASE
you can make two /export:

disable (on quickset) the ext antenna,
on terminal:
/export file=before

after that enable (on quickset) the ext antenna,
on terminal do again:
/export file=after

compare the two files and put the differencies on forum, please?
by rextended
Wed Jul 21, 2021 3:02 pm
Forum: General
Topic: Mikrotik Chateau LTE12 External Antenna problems
Replies: 15
Views: 884

Re: Mikrotik Chateau LTE12 External Antenna problems

Even with stable version same results (no ext ant)
What you mean for "stable version"?
You use exactly the 7.0.3 "non-beta" and the only firmware supported for that device?
by rextended
Wed Jul 21, 2021 2:40 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1178

Re: stopping login attempt to user admin [SOLVED]

For example this: # Strip the net mask off the IP address :for i from=( [:len $currentIP] - 1) to=0 do={ :if ( [:pick $currentIP $i] = "/") do={ :set currentIP [:pick $currentIP 0 $i] } } Errors: Why complicate an easy thing? It doesn't stop at the first occurrence of "/" current...
by rextended
Wed Jul 21, 2021 2:32 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1178

Re: stopping login attempt to user admin [SOLVED]

:local inetinterface $[/int eth get [find default-name=ether1] name] this is automatic? so it will search ether1 for the inetinterface or if the modem uses ether2 it will change to ether2 also ? No, is still manual the change for ether1 / 2 / 3 etc., but it works regardless the name you use for eth...
by rextended
Wed Jul 21, 2021 1:56 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1178

Re: stopping login attempt to user admin [SOLVED]

One question: you are forced to use 74:DA:DA:83:AB:FE as MAC address??? Duplicate logging, the prefix do not "choice" anything, you simply log two time the same thing. Better remove prefix and set the prefix only on firewall rules: /system logging add prefix=PortForwardedTraffic topics=fir...
by rextended
Wed Jul 21, 2021 10:36 am
Forum: General
Topic: Mikrotik Chateau LTE12 External Antenna problems
Replies: 15
Views: 884

Re: Mikrotik Chateau LTE12 External Antenna problems

same problem here
RouterOS version?
You use the 7.0.3?
by rextended
Wed Jul 21, 2021 10:30 am
Forum: General
Topic: Need to find older swOS
Replies: 11
Views: 557

Re: Need to find older swOS

you can use tftp procedure to upgrade the device

https://wiki.mikrotik.com/wiki/SwOS/RB2 ... S_firmware
by rextended
Wed Jul 21, 2021 10:26 am
Forum: The Dude
Topic: Dude crashed, having trouble restoring data base
Replies: 10
Views: 1380

Re: Dude crashed, having trouble restoring data base

The db contain IP, username and password of all devices, is a security risk share it on forum.
And find a MikroTik consultant do not guarantee his knowledge is sufficent for recovery a SQLite database.

Sono in difficoltà, non so come consigliarvi...
by rextended
Tue Jul 20, 2021 9:13 pm
Forum: Scripting
Topic: Export and Import on backup and clone device problem !
Replies: 4
Views: 372

Re: Export and Import on backup and clone device problem !

READ THIS: I want help you, but you must post the "the WORKING config from the router" instead, only censored, not with deleted parts. ************************************** you can only write "DOESN'T work"? PLEASE READ THE POST COMPLETELY and UNDERSTAND IT before replying to it...
by rextended
Tue Jul 20, 2021 8:34 pm
Forum: Wireless Networking
Topic: Feature Request - Zigbee
Replies: 8
Views: 1353

Re: Feature Request - Zigbee

Echo Plus has one integrated ZigBee hub inside
by rextended
Tue Jul 20, 2021 8:32 pm
Forum: Virtualization
Topic: Metarouter images
Replies: 376
Views: 292115

Re: Metarouter images

Did anyone managed to make a stable minimal metarouter with mqtt broker (OpenWrt or other).
Use CHR or x86 to.... ops, but at that point you can directly virtualize OpenWRT...
by rextended
Tue Jul 20, 2021 8:19 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1178

Re: stopping login attempt to user admin [SOLVED]

oh well, have to change user name...... :(
it was a veiled suggestion ... correct your post by removing it from the writings and the various exports...

/system script
owner=dermawas
by rextended
Tue Jul 20, 2021 8:18 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1178

Re: stopping login attempt to user admin [SOLVED]

this is useless ---->add action=drop chain=input comment="Drop Winbox on WAN" dst-port=8291 in-interface=1modem protocol=tcp because this exist: add action=drop chain=input you do not need to specify nothig less general before that rule, drop "all"! There is a typo! must be set t...
by rextended
Tue Jul 20, 2021 8:09 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 117
Views: 24826

Re: v6.48.3 [stable] is released!

True, I lost to think that, thanks!!!
by rextended
Tue Jul 20, 2021 7:58 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 117
Views: 24826

Re: v6.48.3 [stable] is released!

Seriously, It's a joke :P
by rextended
Tue Jul 20, 2021 7:47 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1178

Re: stopping login attempt to user admin [SOLVED]

dermawas , one hint: /interface detect-internet set detect-interface-list= none without checking if they are right or not, or something is missing, this is the correct order of the one already written: /ip firewall filter add action=accept chain=input comment="default configuration - Establish...
by rextended
Tue Jul 20, 2021 7:41 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 117
Views: 24826

Re: v6.48.3 [stable] is released!

@eworm you are an authenticated remote user? :P
by rextended
Tue Jul 20, 2021 7:41 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 117
Views: 24826

Re: v6.48.3 [stable] is released!

Is a "an authenticated remote user" problem, do not give remote acces to everyone...
by rextended
Tue Jul 20, 2021 6:05 pm
Forum: Scripting
Topic: Export and Import on backup and clone device problem !
Replies: 4
Views: 372

Re: Export and Import on backup and clone device problem !

IT: E adesso che fai, ti rifai vivo tra qualche anno come il solito? EN: And now what are you doing, will you come back in a few years as usual? ************************************ Everything you've written is just nonsense. the "bug with dhcp-client on reset-config" it has nothing to do ...
by rextended
Tue Jul 20, 2021 5:51 pm
Forum: General
Topic: Different gateway for two PPPoE server instance
Replies: 12
Views: 701

Re: Different gateway for two PPPoE server instance

You practically did not provide any detailed description, data, or export of the configuration, just for example

Nobody is interested in being a detective, with dozens of questions before being told anything useful.

No answer to your question? How to write posts
by rextended
Tue Jul 20, 2021 4:02 pm
Forum: RouterBOARD hardware
Topic: R11 LTE/5G
Replies: 1
Views: 310

Re: R11 LTE/5G

Just look on the MikroTik site, right?
https://mikrotik.com/product/chateau_5g

Chateau 5G = Chateau + 5G = D53G-5HacD2HnD-TC + RG502Q-EA

maximum data rates up to 5.0 Gbps downlink and 900 Mbps uplink

Quectel RG502Q-EA
by rextended
Tue Jul 20, 2021 3:53 pm
Forum: General
Topic: Mikrotik generate CRL for revoked certs
Replies: 3
Views: 307

Re: Mikrotik generate CRL for revoked certs

For get internal ID (.id) /certificate :put [pri as-value] .id=*1;common-name=CAPsMAN-CA-.........................;.id=*2;common-name=CAPsMAN-......................... the value is hexadecimal, must converted to decimal, for example obviously the crl list file (as already wroted from @jprietove ) is...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 17