Community discussions

MikroTik App

Search found 4913 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 17
by rextended
Wed Aug 04, 2021 10:42 am
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 11
Views: 278

Re: DHCP Offering Lease Without Success

Make sure in the MikroTik router the checkmark "always broadcast" in the DHCP server settings is NOT set.
[...]
Sorry, I cannot help people that cannot read!
You're right, he doesn't read
by rextended
Wed Aug 04, 2021 10:19 am
Forum: Scripting
Topic: SMS LTE Info
Replies: 2
Views: 89

Re: SMS LTE Info

@jotne ;) ************************************************************ @hogg101 "operator" do not exist, is "current-operator" Obtainable values can vary with modem models. For example, from this two model, only "R11e-LTE" support UICC (SIM serial number) and only R11e-...
by rextended
Wed Aug 04, 2021 10:11 am
Forum: Scripting
Topic: Script to turn off and turn on the router automatically
Replies: 11
Views: 2422

Re: Script to turn off and turn on the router automatically

Why write this thing? Once turned off you have to go and turn it on "manually", there is nothing automatic in the RouterBOARD that, once turned off, makes it turn on again, or must be find a UPS to which RouterOS can sends commands like "now turn me off and turn me back on when the po...
by rextended
Wed Aug 04, 2021 10:00 am
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 30
Views: 1522

Re: Dual WAN Failover Script Ping Command [SOLVED]

I need > 9 seconds of closing capability.
???

I do not insist further, I have already written you the script that does the right job,
based on the real traffic of equipment in production and not only theoretically simulated.
by rextended
Wed Aug 04, 2021 4:21 am
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 30
Views: 1522

Re: Dual WAN Failover Script Ping Command [SOLVED]

NO, leave it to 60 seconds, or at least 20 seconds (check gateway 10 ping off, 10 ping on) I do not write the things without reason. If just one connection on connection tracking is already closed for timeout (or other reasons) during the execution of the clean, the script stop with error because wh...
by rextended
Wed Aug 04, 2021 2:47 am
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 30
Views: 1522

Re: Dual WAN Failover Script Ping Command [SOLVED]

how do I know when to fire a script to do this? When the failover is active... and when go back online the main line, and the failover is not active :global something :if ([:len [/ip route find where comment="ISP2" and active=yes]] > 0) do={ :if ($something != true) do={ /ip fire conn :fo...
by rextended
Tue Aug 03, 2021 7:54 pm
Forum: Forwarding Protocols
Topic: Mikrotik Dual WAN Failover
Replies: 3
Views: 135

Re: Mikrotik Dual WAN Failover

The forum is full of examples... On both DHCP client remove "add default route" Remove all mangle and all routes you are set and paste this on terminal. /ip dns set servers=1.1.1.1,8.8.8.8 /ip route add comment="A - 1.1.1.1 must be reachable only from ISP1" distance=1 dst-address...
by rextended
Tue Aug 03, 2021 4:41 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 44
Views: 8578

Re: Feature request: Make Quickset to be separate package

I do, but whats the difference to this problem?
no no, it was in () because it had nothing to do with quickset,
was about "one user" ;)
by rextended
Tue Aug 03, 2021 4:19 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 44
Views: 8578

Re: Feature request: Make Quickset to be separate package

Ohh.... :o
Thanks! :D

(I hope you just after netinstall create another admin and delete "admin"...)
by rextended
Tue Aug 03, 2021 3:59 pm
Forum: Beginner Basics
Topic: dude,critical db failure: database disk image is malformed
Replies: 3
Views: 118

Re: dude,critical db failure: database disk image is malformed

The database is incompatible with new versions.

I try on the past to convert from 4 to 6, but after some time the "converted" database do everytime problem.

Starting from scratch on 6.x and no problem till now.
by rextended
Tue Aug 03, 2021 3:54 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 44
Views: 8578

Re: Feature request: Make Quickset to be separate package

Consider to do someting like
/system routerboard settings set nesquick-set=off

or better:

/user group
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,tikapp,!dude,!quickset" skin=default
by rextended
Tue Aug 03, 2021 3:49 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 11
Views: 278

Re: DHCP Offering Lease Without Success

1) in the half of the menu settings on the image, you try what I have wrote on my previous post?
by rextended
Tue Aug 03, 2021 3:30 pm
Forum: General
Topic: Classless-Routes not being added by dhcp-client
Replies: 22
Views: 1378

Re: Classless-Routes not being added by dhcp-client

2021/08/03 Update
by rextended
Tue Aug 03, 2021 3:13 pm
Forum: Beginner Basics
Topic: Multiple SSID's assign frequency [SOLVED]
Replies: 4
Views: 121

Re: Multiple SSID's assign frequency [SOLVED]

You already have the exact reply.
by rextended
Tue Aug 03, 2021 2:24 pm
Forum: Beginner Basics
Topic: WLAN &LAN config [SOLVED]
Replies: 8
Views: 222

Re: WLAN &LAN config [SOLVED]

If you've set multiple SSIDs, there must be a reason ...
It's not that easy to manage multiple VLANs to separate everything,

My suggestion was to put the "same" SSID of 2.4 and 5 on the same VLAN,
but all the rest of the configuration may vary, hope someone will help you.
by rextended
Tue Aug 03, 2021 2:18 pm
Forum: Beginner Basics
Topic: Multiple SSID's assign frequency [SOLVED]
Replies: 4
Views: 121

Re: Multiple SSID's assign frequency [SOLVED]

NO, with same physical wireless interface

YES, using more than one physical wireless interface (or using direcly another Acces Point)
by rextended
Tue Aug 03, 2021 1:09 pm
Forum: Beginner Basics
Topic: WLAN &LAN config [SOLVED]
Replies: 8
Views: 222

Re: WLAN &LAN config [SOLVED]

Simply put wlan2 on same bridge and set same VID on vlan-id
by rextended
Tue Aug 03, 2021 1:07 pm
Forum: General
Topic: CRS 2XX Management VLAN Question
Replies: 14
Views: 624

Re: CRS 2XX Management VLAN Question

Are for CRS226-24G-2S+, the only export I see
by rextended
Tue Aug 03, 2021 12:49 pm
Forum: General
Topic: Enable control of "Audience" color LED via ROS [SOLVED]
Replies: 10
Views: 2270

Re: Enable control of "Audience" color LED via ROS [SOLVED]

Sorry, no longer adjustable.
Not worry, just a cosmethic thing.

Very thanks.

Now I'm sure of what I see ;) :lol:
by rextended
Tue Aug 03, 2021 12:18 pm
Forum: General
Topic: Enable control of "Audience" color LED via ROS [SOLVED]
Replies: 10
Views: 2270

Re: Enable control of "Audience" color LED via ROS [SOLVED]

post your Audience serial number Two devices: # aug/03/2021 11:15:49 by RouterOS 6.47.9 # software id = T4TG-88JY # # model = RBD25G-5HPacQD2HPnD # serial number = BBQRXN59A5D4 i cant'read the /xxx on the box because is on remote location second device 6.48.3 with same "problem": serial n...
by rextended
Tue Aug 03, 2021 11:59 am
Forum: General
Topic: Enable control of "Audience" color LED via ROS [SOLVED]
Replies: 10
Views: 2270

Re: Enable control of "Audience" color LED via ROS [SOLVED]

/system leds add leds=
Normis, please, can you reply to my previous post?

Thanks.
by rextended
Tue Aug 03, 2021 11:52 am
Forum: General
Topic: CRS 2XX Management VLAN Question
Replies: 14
Views: 624

Re: CRS 2XX Management VLAN Question

for some... cleaning, put this on new terminal, without omit the { } : { /interface bridge set bridge protocol=none /interface bridge port remove [find where interface~"sfp"] /interface ethernet set [ find default-name~"ether" ] speed=1Gbps set [ find default-name~"sfp"...
by rextended
Tue Aug 03, 2021 11:18 am
Forum: General
Topic: Can VLAN traffic be excluded from routing?
Replies: 4
Views: 196

Re: Can VLAN traffic be excluded from routing?

Without any firewall rule, I give you a hint: on IP / Settings disable ip-forward, this stop auto-forwarding between subnets.
This cause a separation (only on Layer 3) between subnets (on VLAN or not)

Sorry if I do not have time to explain better at this moment.
by rextended
Tue Aug 03, 2021 11:07 am
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 11
Views: 278

Re: DHCP Offering Lease Without Success

Open WinBox, enable Safe Mode, Add DHCP client without "add default route" on the same interface you have the DHCP server active, do not be alarmed about it, self-provisioning can't happen, but if you obtain an IP address, somewhere on your network one rougue DHCP server is active, and the...
by rextended
Tue Aug 03, 2021 10:21 am
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 30
Views: 1522

Re: Dual WAN Failover Script Ping Command [SOLVED]

Clear connection-tracking is needed because remote address unreachable do not cause the clear of connection-tracking. What access method you use? For ppp user just put one script on on down /on up For dhcp client like the same For other metods can be finded a solution. For example on ppp profile or ...
by rextended
Tue Aug 03, 2021 12:08 am
Forum: Beginner Basics
Topic: Mark Routing to ISP2
Replies: 1
Views: 72

Re: Mark Routing to ISP2

You also mark too much, also DNS and NTP traffic are treated as VoIP traffic... Try to explain better or only from this picture nothing more can be extracted 1) What are the main ISP between Pedrosa and Villorejo? 2) What method are used to access Pedrosa and to accessVillorejo? DHCP? PPPoE?, etc. 3...
by rextended
Tue Aug 03, 2021 12:00 am
Forum: General
Topic: Feature Request: Add Connection_Routing_Mark
Replies: 6
Views: 197

Re: Feature Request: Add Connection_Routing_Mark

Actually I do not see anything, neither the "The article I wrote showing QoS setup for RingCentral services" on OP. Seriously, I do not see any link or something... About the use of routing rules, anything can be without see any rule... Not all can be "translated" but again, whit...
by rextended
Mon Aug 02, 2021 11:13 pm
Forum: General
Topic: Feature Request: Add Connection_Routing_Mark
Replies: 6
Views: 197

Re: Feature Request: Add Connection_Routing_Mark

Try to do routing on right point, on routing rules, instead to use mangle for routing, and the needs of mangle decrease...
by rextended
Mon Aug 02, 2021 10:39 pm
Forum: General
Topic: winBox Port Forward No Response-Plz Help [SOLVED]
Replies: 26
Views: 542

Re: winBox Port Forward No Response-Plz Help [SOLVED]

Enjoy with firewall security!

P.S.: UPnP games & devices on your network now works without open ports manually ;))
by rextended
Mon Aug 02, 2021 7:25 pm
Forum: Wireless Networking
Topic: registration status: DENIED
Replies: 5
Views: 209

Re: registration status: DENIED

You have LTE6 model, not the "wAP ac LTE kit"

Paste one at time, reboot after the LTE go back online with "denied":

/interface lte at-chat lte1 input="AT*Cell=0"

/interface lte at-chat lte1 input="AT+RSTSET"
by rextended
Mon Aug 02, 2021 6:56 pm
Forum: General
Topic: winBox Port Forward No Response-Plz Help [SOLVED]
Replies: 26
Views: 542

Re: winBox Port Forward No Response-Plz Help [SOLVED]

paste this and re-export for see if all goes ok : /int bridge set bridge1 protocol-mode=none admin-mac=[/int ether get ether2 mac-address] auto-mac=no Afther this, you have a router well protected and "tuned", but at this point must be checked the PC if open the post correctly. Website of ...
by rextended
Mon Aug 02, 2021 6:45 pm
Forum: General
Topic: Feature Request: Address List use Wildcard FQDN
Replies: 3
Views: 111

Re: Feature Request: Address List use Wildcard FQDN

@pe1chl let me explain why you are right and the OP request is real nonsense!!! If some wildcard are used, just one "dot" for example, RouterOS, for do what you want, must try all valid DNS characters like: 1.google.it, 2.google.it .... a.google.it, b.google.it ... y.google.it, z.google.it...
by rextended
Mon Aug 02, 2021 6:41 pm
Forum: General
Topic: Winbox: Error router does not support secure connection
Replies: 3
Views: 107

Re: Winbox: Error router does not support secure connection

RouterOS version of both devices?
WinBox version?
On WinBox menu click on "Tools" / "Legacy Mode".
by rextended
Mon Aug 02, 2021 6:36 pm
Forum: General
Topic: A discussion about UDP hole punching and how to prevent it.
Replies: 9
Views: 288

Re: A discussion about UDP hole punching and how to prevent it.

Didnt understand a word.
Now you understand why sometime after reading other posts I get confused...
by rextended
Mon Aug 02, 2021 6:23 pm
Forum: General
Topic: winBox Port Forward No Response-Plz Help [SOLVED]
Replies: 26
Views: 542

Re: winBox Port Forward No Response-Plz Help [SOLVED]

Ok, ok, I everytime forget dst-nat is coming just after prerouting, too much raw ehm..... :P :lol: this rule is already present on both my suggested config: add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN \ comment="defconf: drop all from WA...
by rextended
Mon Aug 02, 2021 6:08 pm
Forum: General
Topic: winBox Port Forward No Response-Plz Help [SOLVED]
Replies: 26
Views: 542

Re: winBox Port Forward No Response-Plz Help [SOLVED]

@anav sorry, doing all at memory because I do not have the machine directly controlled. Final fix and removed useless firewall rules, paste this on terminal wthout omit { } : { /interface bridge set bridge1 protocol=none /interface ethernet set [ find ] advertise=10M-half,10M-full,100M-half,100M-ful...
by rextended
Mon Aug 02, 2021 5:22 pm
Forum: General
Topic: DHCP option 66 for provision server not working
Replies: 13
Views: 267

Re: DHCP option 66 for provision server not working

ok, if is not httpS, but http:// etc. open on web browser the link works?
by rextended
Mon Aug 02, 2021 5:12 pm
Forum: General
Topic: DHCP option 66 for provision server not working
Replies: 13
Views: 267

Re: DHCP option 66 for provision server not working

The TFTP server work and the url is "provision/" or "provisioning/" ?
by rextended
Mon Aug 02, 2021 4:14 pm
Forum: General
Topic: DHCP option 66 for provision server not working
Replies: 13
Views: 267

Re: DHCP option 66 for provision server not working

option 66 has code 160 or.. 66???
code=160
by rextended
Mon Aug 02, 2021 4:01 pm
Forum: General
Topic: Creating a 2000 entry personal Blacklist
Replies: 11
Views: 387

Re: Creating a 2000 entry personal Blacklist

Darn, the personal Blacklist only works when I am logged in.
It's for me?
by rextended
Mon Aug 02, 2021 3:52 pm
Forum: General
Topic: DHCP option 66 for provision server not working
Replies: 13
Views: 267

Re: DHCP option 66 for provision server not working

/ip dhcp-server export
by rextended
Mon Aug 02, 2021 3:02 pm
Forum: General
Topic: winBox Port Forward No Response-Plz Help [SOLVED]
Replies: 26
Views: 542

Re: winBox Port Forward No Response-Plz Help [SOLVED]

It's time to upgrade to 6.47.10 you still use a old 6.42.10 full of bug and possibilites of hack, and you do not have firewall. After upgrade to 6.47.10 paste this on terminal without omit the { } !!! { /ip firewall filter remove [find] add chain=input action=accept connection-state=established,rela...
by rextended
Mon Aug 02, 2021 2:57 pm
Forum: General
Topic: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]
Replies: 17
Views: 678

Re: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]

The SMIPS series are the worst device on mikrotik market... Do not have any gigabit port, and if on export (compact) this is present: /interface ethernet set [ find default-name=XXXX ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mean that port work only on 100Mbps (and is u...
by rextended
Mon Aug 02, 2021 11:30 am
Forum: General
Topic: winBox Port Forward No Response-Plz Help [SOLVED]
Replies: 26
Views: 542

Re: winBox Port Forward No Response-Plz Help [SOLVED]

You pratically do not have any firewall rule... Paste this on terminal /interface wireless set [ find default-name=wlan1 ] band=2ghz-g/n /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk eap-methods=passthrough /ip dhcp-server network set [find] dns-server=...
by rextended
Mon Aug 02, 2021 11:14 am
Forum: General
Topic: NAT: Masquerade can leak private IP, why&how?
Replies: 24
Views: 859

Re: NAT: Masquerade can leak private IP, why&how?

WAN is a single Interface. WAN is an interface list and can contain n number of underlying interfaces. It's not a single interface. When the wiki was written, at the time do not exist WAN/LAN groups, the default-config inside RouterOS chage over time. this on the wiki /ip firewall nat add chain=src...
by rextended
Mon Aug 02, 2021 10:37 am
Forum: General
Topic: Creating a 2000 entry personal Blacklist
Replies: 11
Views: 387

Re: Creating a 2000 entry personal Blacklist

Almost good suggestion but it will stop if the entry is duplcated. viewtopic.php?t=91437#p555095
It does NOT stop if my method 5b) is followed, it just continue, not caring about the "duplicate".
by rextended
Mon Aug 02, 2021 10:30 am
Forum: Wireless Networking
Topic: Block gateway access from connected wifi clients,
Replies: 15
Views: 552

Re: Block gateway access from connected wifi clients,

I dont know why @rextended said you cant use the forward chain ...
Because, as I wrote before, this topic for me is not clear from the beginning,
I have a hard time reread everything from the beginning without getting confused...
by rextended
Mon Aug 02, 2021 10:18 am
Forum: Wireless Networking
Topic: registration status: DENIED
Replies: 5
Views: 209

Re: registration status: DENIED

(I must write on english) You have sent some AT commands to modem? You try to use cell lock? You try to reset routerboard configuration? The modem is "R11e-LTE"??? "MikroTik_CP_2.160.000_v018" Try to paste this on terminal: /interface lte apn remove [ find default=no ] set [ find...
by rextended
Mon Aug 02, 2021 9:53 am
Forum: General
Topic: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]
Replies: 17
Views: 678

Re: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]

Yes, you are rigth now.
by rextended
Sun Aug 01, 2021 3:19 pm
Forum: General
Topic: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]
Replies: 17
Views: 678

Re: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]

So what?
You can reach to have multiple strams (at same frequency) with one device that have only one antenna?
by rextended
Sun Aug 01, 2021 2:59 pm
Forum: General
Topic: Creating a 2000 entry personal Blacklist
Replies: 11
Views: 387

Re: Creating a 2000 entry personal Blacklist

Ok, for reply correctly to OP question: "import 2000 IP address list inside MikroTik firewall" 1) Paste the list in one address aggregator: https://tehnoblog.org/ip-tools/ip-address-aggregator/ 2) put the result on some decent text editor than permit the replace the "enter" (new ...
by rextended
Sun Aug 01, 2021 2:49 pm
Forum: General
Topic: BUG or not BUG? /ip firewall nat add chain=[dstnat|srcnat]
Replies: 13
Views: 477

Re: BUG or not BUG? /ip firewall nat add chain=[dstnat|srcnat]

...I would probably consider this an export bug....
Thanks, I do not have think about that, and is more plausible...
by rextended
Sun Aug 01, 2021 2:41 pm
Forum: General
Topic: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]
Replies: 17
Views: 678

Re: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]

From what I deduce from your config, upgrade the device, reset the config to default, and reconfigure from start. /interface bridge add fast-forward=no name=bridge1 /interface ethernet set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full ,1000M-half,1000M-full set [ find ...
by rextended
Sun Aug 01, 2021 2:37 pm
Forum: Wireless Networking
Topic: wmm in capsman
Replies: 5
Views: 234

Re: wmm in capsman

This information is missing on documentation, must be searched on a 2017 post to know it?
by rextended
Sun Aug 01, 2021 5:43 am
Forum: Beginner Basics
Topic: 2 Wan Failover [SOLVED]
Replies: 10
Views: 338

Re: 2 Wan Failover [SOLVED]

Yoiu provide too much detail, why WAN failover can be influenced from VLANs? Are the 2nd gateway simple a failover or not? /ip dns set servers=1.1.1.1,8.8.8.8 /ip route add comment="A - 1.1.1.1 must be reachable only from ISP1" distance=1 dst-address=1.1.1.1/32 gateway=192.168.200.113 scop...
by rextended
Sun Aug 01, 2021 5:40 am
Forum: General
Topic: Cannot change System packages from version 7.1beta6
Replies: 2
Views: 216

Re: Cannot change System packages from version 7.1beta6

Find the way to use netinstall on your PC.
by rextended
Sun Aug 01, 2021 5:34 am
Forum: Scripting
Topic: Script of automatically updating gateway address at routes
Replies: 8
Views: 7168

Re: Script of automatically updating gateway address at routes

:if ($newgw1 != $routegw1),($newgw2 != $routegw2) do={ https://wiki.mikrotik.com/wiki/Manual:Scripting#Logical_Operators :if ($newgw1 != $routegw1) or ($newgw2 != $routegw2) do={ Ignoring the other things... And where do the brackets go? :if (($newgw1 != $routegw1) or ($newgw2 != $routegw2)) do={
by rextended
Sun Aug 01, 2021 5:27 am
Forum: General
Topic: ether 2 dhcp client no gateway?
Replies: 6
Views: 241

Re: ether 2 dhcp client no gateway?

ask the other side, not your config....
by rextended
Sun Aug 01, 2021 4:35 am
Forum: Scripting
Topic: Add current dynamic IP address to a list
Replies: 10
Views: 5763

Re: Add current dynamic IP address to a list

You resurrect a 2007 topic with this script, but what is one useful way to use this script?, considering that now in the firewall it is already possible to specify the WAN list of the interfaces, without using the IPs? the correct syntax want = betwen in and the variable in $ => in=$ why ckeck if th...
by rextended
Sun Aug 01, 2021 4:27 am
Forum: General
Topic: Best Practice to keep TCP session on CCR
Replies: 4
Views: 212

Re: Best Practice to keep TCP session on CCR

How should keep TCP session (ip>firewall>connection) for best practice? Last than one day or 8hr or something. If you explain your needs is better... For my standard users with CPE: 1 day (and with lease time on DHCP server 7 days) For hotspot users I set the limit to 1 hour (and with lease time on...
by rextended
Sun Aug 01, 2021 4:22 am
Forum: RouterBOARD hardware
Topic: Ethernet Not working on netmetal 5
Replies: 1
Views: 148

Re: Ethernet Not working on netmetal 5

the ethernet is gone....
by rextended
Sun Aug 01, 2021 4:14 am
Forum: General
Topic: ether 2 dhcp client no gateway?
Replies: 6
Views: 241

Re: ether 2 dhcp client no gateway?

/0 as IP address?
The network parameters from that DHCP server are absurd....
by rextended
Sun Aug 01, 2021 3:31 am
Forum: General
Topic: Term/technique for local network lookup of CNAME/A record pointing to local network?
Replies: 5
Views: 162

Re: Term/technique for local network lookup of CNAME/A record pointing to local network?

On image the IP address of local server go to.... address field and the work.domain.name go on... name. or skip name and add a regexp like (^|www\.)work\.domain\.name$ Static DNS have precedence above any settings on DNS. If the workstation on office have main server used as main DNS, simply put her...
by rextended
Sun Aug 01, 2021 3:03 am
Forum: Scripting
Topic: Script eanble/disable ppp
Replies: 1
Views: 109

Re: Script eanble/disable ppp

Yes, it does not work because without good layout you do not understand a star about what is written inside. cleaning from useless, superfluous and errors: /interface :if ([get "VPN1" running]) do={ :log warning "SSTP VPN1 running again, L2TP VPN2 is disactivating" disable "...
by rextended
Sun Aug 01, 2021 3:00 am
Forum: General
Topic: Term/technique for local network lookup of CNAME/A record pointing to local network?
Replies: 5
Views: 162

Re: Term/technique for local network lookup of CNAME/A record pointing to local network?

If on your office the mikrotik routerboard act as dns, simply put on /ip dns static the work.domain.name resolved as internal server IP.
Done.
by rextended
Sun Aug 01, 2021 2:55 am
Forum: Wireless Networking
Topic: wmm in capsman
Replies: 5
Views: 234

Re: wmm in capsman

6.47.10: Default value for wmm-support is everytime disabled and CAPsMAN can't manage that parameter.
by rextended
Sun Aug 01, 2021 2:49 am
Forum: General
Topic: Flood Protect UDP/TCP and SYN
Replies: 8
Views: 4477

Re: Flood Protect UDP/TCP and SYN

To increase the number of posts for sure ...

@dakong seems to be writing without realizing what year it is
@johnson73 seems to be writing at random

@anav seems to have fallen into the trap ...
by rextended
Sun Aug 01, 2021 2:43 am
Forum: Wireless Networking
Topic: registration status: DENIED
Replies: 5
Views: 209

Re: registration status: DENIED

Aggiorna il software alla 6.47.10 se già non ce l'hai,
poi da terminale dai questo comando:
/interface lte firmware-upgrade lte1 upgrade=yes
by rextended
Sun Aug 01, 2021 2:27 am
Forum: General
Topic: BUG or not BUG? /ip firewall nat add chain=[dstnat|srcnat]
Replies: 13
Views: 477

Re: BUG or not BUG? /ip firewall nat add chain=[dstnat|srcnat]

C'mon! You are playing on words, aren't you? Nono, I do not joke, please consider the fact can I not explain well for language... paste this on terminal /ip firewall nat add chain=dstnat add chain=srcnat and when "/ip fire nat export verbose " /ip firewall nat add chain=dstnat add chain=s...
by rextended
Sun Aug 01, 2021 2:16 am
Forum: Wireless Networking
Topic: Block gateway access from connected wifi clients,
Replies: 15
Views: 552

Re: Block gateway access from connected wifi clients,

Ok, I try to remember, the solution is on raw because when the packets go trough filter already are NATted from AP, do not longer are from 192.168.88.x but from IP of the AP and on forward 192.168.88.x -> 192.168.1.1 can't be blocked... But this topic is not clear from the start, please make a more ...
by rextended
Sat Jul 31, 2021 7:24 pm
Forum: Wireless Networking
Topic: Block gateway access from connected wifi clients,
Replies: 15
Views: 552

Re: Block gateway access from connected wifi clients,

@anav, have the same dangerousity as you active for error drop all on top of firewall, or for error disable accept before drop all...
by rextended
Sat Jul 31, 2021 7:20 pm
Forum: Beginner Basics
Topic: what is the shortest masquerade rule possible?
Replies: 7
Views: 372

Re: what is the shortest masquerade rule possible?

Ah, I now see where the rextended's question on "useless NAT rules" came from!
Very thanks for notice it! :lol:
by rextended
Sat Jul 31, 2021 7:19 pm
Forum: General
Topic: DNS request coming from gateway IP
Replies: 8
Views: 365

Re: DNS request coming from gateway IP

For spoofing reason... must be use the shortest interval possbile, or at least more than one rule for each net User use (only?) 10.10.10.x and 10.10.9.x for both 10.10.0.0/16 if 9 and 10 is used, probably also 1,2,3,4 etc. 10.0.0.0/8 is too big and "fast" unique subnet for both are 10.10.0...
by rextended
Sat Jul 31, 2021 6:58 pm
Forum: General
Topic: BUG or not BUG? /ip firewall nat add chain=[dstnat|srcnat]
Replies: 13
Views: 477

Re: BUG or not BUG? /ip firewall nat add chain=[dstnat|srcnat]

The default action is " accept " (here's a documentation link ), so those rules are not useless at all. Correct, the default action is the same whether using CLI or Winbox... As usual, the answers are given without reading what one has written, or at least they give the impression that on...
by rextended
Fri Jul 30, 2021 7:43 pm
Forum: General
Topic: WinBox check for device after disconnect
Replies: 2
Views: 156

Re: WinBox check for device after disconnect

You really impatient :) , wait 2 min and retry...
by rextended
Fri Jul 30, 2021 7:21 pm
Forum: General
Topic: MikroTik download servers IPs
Replies: 5
Views: 261

Re: MikroTik download servers IPs

2min reply:

AS51894
159.148.147.0/24
159.148.150.0/24
159.148.172.0/24
2a02:610:7501::/48

upgrade.mikrotik.com
by rextended
Fri Jul 30, 2021 7:12 pm
Forum: Forwarding Protocols
Topic: Can someone explain the point of VRF to me?
Replies: 5
Views: 541

Re: Can someone explain the point of VRF to me?

Thanks, but this description is too simplistic, even those who have more than one WAN and don't use VRF can have more than one routing table inside the router...
by rextended
Fri Jul 30, 2021 7:00 pm
Forum: General
Topic: BUG or not BUG? /ip firewall nat add chain=[dstnat|srcnat]
Replies: 13
Views: 477

Re: BUG or not BUG? /ip firewall nat add chain=[dstnat|srcnat]

Ok... this is my keyboard... Is full of snipplets / password / username... Has 12 key x 3 bank of memory... logitech-g110-4.jpg With that keyboard is really easy open dozen of CLI and paste commands without API, SSL, etc..... The snipplets, username, paswords, etc. are saved on PC memory, if someone...
by rextended
Fri Jul 30, 2021 6:08 pm
Forum: General
Topic: NAT: Masquerade can leak private IP, why&how?
Replies: 24
Views: 859

Re: NAT: Masquerade can leak private IP, why&how?

I do not know why you insist, insisting can't change things. About that is my last reply. Connections are going to reconnected through the backup GW afterwards. NO, the previous connections are invalid and are not used again, only new connections are estabilished, and are not "reused" or r...
by rextended
Fri Jul 30, 2021 5:50 pm
Forum: General
Topic: BUG or not BUG? /ip firewall nat add chain=[dstnat|srcnat]
Replies: 13
Views: 477

BUG or not BUG? /ip firewall nat add chain=[dstnat|srcnat]

Is it a BUG that a (useless?) NAT rule can be created with /ip firewall nat add chain=dstnat # OR /ip firewall nat add chain=srcnat Why doesn't the CLI ask for at least one action? On WinBox can't happen because for default the action is declared. If anyone knows why and what it is for, please expla...
by rextended
Fri Jul 30, 2021 5:48 pm
Forum: Scripting
Topic: Multi gateway pppoe and static [SOLVED]
Replies: 6
Views: 321

Re: Multi gateway pppoe and static [SOLVED]

Explain better and probably someother help you
by rextended
Fri Jul 30, 2021 5:42 pm
Forum: General
Topic: NAT: Masquerade can leak private IP, why&how?
Replies: 24
Views: 859

Re: NAT: Masquerade can leak private IP, how? & shortest masquerade rule possible?

The only thing still being 100% unclear, why the connection is switched back from backup to primary and the connection is kept alive. If for some reason the main gateway go down and some connection-tracking connections are still presents, untill main gateway is down are all invalid and useless, and...
by rextended
Fri Jul 30, 2021 5:29 pm
Forum: Beginner Basics
Topic: what is the shortest masquerade rule possible?
Replies: 7
Views: 372

Re: what is the shortest masquerade rule possible?

This rule pasted on the terminal /ip firewall nat add chain=srcnat add a useless NAT rule. It has no effect on the packets, because what you want to do with this packets is omitted/missing (action parameter) then pass the packets to the next rule on srcnat chain On CLI is visible this detail because...
by rextended
Fri Jul 30, 2021 5:22 pm
Forum: Beginner Basics
Topic: Export Scripts and Schedules [SOLVED]
Replies: 3
Views: 158

Re: Export Scripts and Schedules [SOLVED]

Yes!
by rextended
Fri Jul 30, 2021 5:19 pm
Forum: Beginner Basics
Topic: Unable to access router settings (Webfig or WinBox) [SOLVED]
Replies: 7
Views: 328

Re: Unable to access router settings (Webfig or WinBox) [SOLVED]

Ah, misteriously you omit than the device is configured (or property of) your ISP...
If your ISP has configured (it's own) router probably also has set the protected-routerboot,
and if you do not know the timing value of that parameter,
yon can not easily netinstall it...
by rextended
Fri Jul 30, 2021 4:17 pm
Forum: General
Topic: Empty SMB share when connected from Mac
Replies: 2
Views: 173

Re: Empty SMB share when connected from Mac

First of all you have a very old software (2018-09-10), upgrade to long-term 6.47.10,
probably after some year, if is a bug the problem, is already solved,
and you lost only time for not have upgraded the RouterBOARD.
by rextended
Fri Jul 30, 2021 4:12 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 6326

Re: Does quouting quotes of quotes in consecutive post make any sense?

Now I understand why the smileys were turned off.
For now, if there is no abuse, it is better to ignore it, right? :D
by rextended
Fri Jul 30, 2021 3:52 pm
Forum: Beginner Basics
Topic: Export Scripts and Schedules [SOLVED]
Replies: 3
Views: 158

Re: Export Scripts and Schedules [SOLVED]

export all (as text file) and restore later only the parts you wants

Paste on terminal/CLI and save file on PC with winbox/webfig etc.
/export file=cleartextbackup
by rextended
Fri Jul 30, 2021 3:48 pm
Forum: General
Topic: NAT: Masquerade can leak private IP, why&how?
Replies: 24
Views: 859

Re: NAT: Masquerade can leak private IP, how? & shortest masquerade rule possible?

If it was up to me, I haved already revoked the license of all ISP that do not block IP spoofing.

It is extremely simple to block the sending of packets over the Internet
that have either a Private IP or a Public IP other than those that may exist in your internal network.
by rextended
Fri Jul 30, 2021 3:40 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 6326

Re: Does quouting quotes of quotes in consecutive post make any sense?

Ops...
because the phpbb change unicode to:
<img alt="$$$unichar$$$" class="emoji smilies" draggable="false" src="//twemoji.maxcdn.com/2/svg/$$$hexunicharvalue$$$.svg">
by rextended
Fri Jul 30, 2021 3:33 pm
Forum: Wireless Networking
Topic: Chateau LTE12 antenna gain [SOLVED]
Replies: 21
Views: 581

Re: Chateau LTE12 antenna gain [SOLVED]

Usually inside the software are set the correct things,
on webpage and brochure, copy-and-paste, from other products, can happen....
by rextended
Fri Jul 30, 2021 3:23 pm
Forum: Wireless Networking
Topic: Chateau LTE12 antenna gain [SOLVED]
Replies: 21
Views: 581

Re: Chateau LTE12 antenna gain [SOLVED]

Correct, and also this: I do not have one Chateau for test, but this are my Audience. I can change antenna gain with lower value (or higher, not matter). [rextended@AP Matrix] > /sys rou pri routerboard: yes board-name: Audience model: RBD25G-5HPacQD2HPnD serial-number: BBQCRX59A5D4 firmware-type: i...
by rextended
Fri Jul 30, 2021 2:27 pm
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 34
Views: 12079

Re: Torrent blocking working in y2020

Why wait for the update? Better service (for everyone) is good publicity and drives more customers ...
by rextended
Fri Jul 30, 2021 2:25 pm
Forum: Wireless Networking
Topic: Chateau LTE12 antenna gain [SOLVED]
Replies: 21
Views: 581

Re: Chateau LTE12 antenna gain [SOLVED]

Strange that, instead of being happy that I accept your advice, you complain.
:cry:
by rextended
Fri Jul 30, 2021 2:10 pm
Forum: Wireless Networking
Topic: Chateau LTE12 antenna gain [SOLVED]
Replies: 21
Views: 581

Re: Chateau LTE12 antenna gain [SOLVED]

And, please, tell me which part of my post #9 above is not correct. [...] It's about MikroTik error on write somethihg on website, (than is readed first than brochure) and other on brochure You simply haven't checked what OP's link says first, but you think the only document that was read was the b...
by rextended
Fri Jul 30, 2021 2:08 pm
Forum: Wireless Networking
Topic: Chateau LTE12 antenna gain [SOLVED]
Replies: 21
Views: 581

Re: Chateau LTE12 antenna gain [SOLVED]

But if something is written wrong, I have to change it,
so as not to mislead those who read it later,
especially where it is marked as solved...

Strange that, instead of being happy that I accept your advice, you complain.
by rextended
Fri Jul 30, 2021 1:59 pm
Forum: Wireless Networking
Topic: Chateau LTE12 antenna gain [SOLVED]
Replies: 21
Views: 581

Re: Chateau LTE12 antenna gain [SOLVED]

... Your answer "Because on your country is set that max TX power." ... I hope not misunderstand what you consider wrong, I modified the post: Because a maximum TX power is set for your country, if is leaved possible decrease the antenna gain with a false value, you can transmit more powe...
by rextended
Fri Jul 30, 2021 1:50 pm
Forum: Wireless Networking
Topic: Chateau LTE12 antenna gain [SOLVED]
Replies: 21
Views: 581

Re: Chateau LTE12 antenna gain [SOLVED]

Your post above is not correct. :D Instead to say that, explain where and why, so I correct myself. Only idiots think they have nothing more to learn. The user read the official website here: https://mikrotik.com/product/chateau_lte12 and not the brochure. Is a MikroTik error. I too was convinced th...
by rextended
Fri Jul 30, 2021 1:37 pm
Forum: General
Topic: DNS request coming from gateway IP
Replies: 8
Views: 365

Re: DNS request coming from gateway IP

add action=masquerade chain=src-nat in-interface=wanconnectionport
ehm...

/ip fire nat
add action=masquerade chain=srcnat out-interface=<WAN-interface> src-address=10.10.0.0/16
by rextended
Fri Jul 30, 2021 1:30 pm
Forum: Beginner Basics
Topic: Unable to access router settings (Webfig or WinBox) [SOLVED]
Replies: 7
Views: 328

Re: Unable to access router settings (Webfig or WinBox) [SOLVED]

you have to connect your management PC to WAN port
Out of the box has to plug the PC into any port except the WAN
by rextended
Fri Jul 30, 2021 11:50 am
Forum: General
Topic: NAT: Masquerade can leak private IP, why&how?
Replies: 24
Views: 859

Re: NAT: Masquerade can leak private IP, how? & shortest masquerade rule possible?

Oh, thanks, I do not have noticed UDP do that...
You already have some example of case when that happen?
I investigate further...
by rextended
Fri Jul 30, 2021 11:48 am
Forum: Wireless Networking
Topic: Chateau LTE12 antenna gain [SOLVED]
Replies: 21
Views: 581

Re: Chateau LTE12 antenna gain [SOLVED]

Because a maximum TX power is set for your country,
if is leaved possible decrease the antenna gain with a false value,
you can transmit more power than allowed,
but the antenna still has the real gain.
by rextended
Fri Jul 30, 2021 11:40 am
Forum: General
Topic: NAT: Masquerade can leak private IP, why&how?
Replies: 24
Views: 859

Re: NAT: Masquerade can leak private IP, how? & shortest masquerade rule possible?

As I already wrote on another post: [...] "last ACK from Client" (TCP/ACK) or RST packet (TCP/RST) [...] some router [RouterOS included] do not translate on NAT the source IP of the last packet used for close the connection, [causing a Private IP leak] and the packet, instead coming with P...
by rextended
Fri Jul 30, 2021 11:31 am
Forum: Wireless Networking
Topic: Chateau LTE12 antenna gain [SOLVED]
Replies: 21
Views: 581

Re: Chateau LTE12 antenna gain [SOLVED]

20 / 2 chain = 17dBm for chain (as reported) = 14dBm TX power + 3dBi antenna gain (for each chain)

On 2,4GHz ATPC rule are not applied
(Automatic Transmit Power Control)
by rextended
Fri Jul 30, 2021 11:19 am
Forum: Wireless Networking
Topic: Chateau LTE12 antenna gain [SOLVED]
Replies: 21
Views: 581

Re: Chateau LTE12 antenna gain [SOLVED]

If both antenna (if gain is 0) transmit at 23, the sum is 26... Do not mix total with single chain.... you have two antennas with two time the gain of 6 When ATPC on the device is unavailable, must transmit less than 3dB from the max allowed (only valid for 5GHz) Also on Austria I can't use my CB be...
by rextended
Fri Jul 30, 2021 11:11 am
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 6326

Re: Does quouting quotes of quotes in consecutive post make any sense?

Also this forum can do that, but I do not understand why quote heder and strikeout are striked out...
by rextended
Fri Jul 30, 2021 10:59 am
Forum: Wireless Networking
Topic: Chateau LTE12 antenna gain [SOLVED]
Replies: 21
Views: 581

Re: Chateau LTE12 antenna gain [SOLVED]

Max is 23dBm on your country. 23dBm / 2 chain = Max 20dBm for chain (yes 20, is logaritmic) You can not set antenna gain on values minors than the true gain hardcoded on software, or values can cause you can transmit at more allowed power for your country. On site are 4, but on brochure 5,5 , if sof...
by rextended
Fri Jul 30, 2021 10:43 am
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 34
Views: 12079

Re: Torrent blocking working in y2020

It's a ovebooking problem for some ISP... Have a 50Mbps and try to sell 10Mbps to 100 users... When 5 of 100 users use torrents, the uplink is full and all users complain... Also, using NOT WELL CONFIGURED torrent, can cause more incoming packet on gateway than the client have the right to use and t...
by rextended
Fri Jul 30, 2021 10:30 am
Forum: General
Topic: Locked out due to vlan filtering
Replies: 6
Views: 426

Re: Locked out due to vlan filtering

Try on MGMT port winbox over MAC address, put directly the 1ST or the last MAC on the label under the router.
Can eighboor discovery turned off but MAC server still active...
by rextended
Fri Jul 30, 2021 10:16 am
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 6326

Re: Does quouting quotes of quotes in consecutive post make any sense?

Decreased nesting level, enabled smilies, have fun and stop arguing :D
Thank you for accepting my suggestion!

Good work.
by rextended
Thu Jul 29, 2021 10:14 pm
Forum: General
Topic: Block Ping request
Replies: 31
Views: 15619

Re: Block Ping request

But with all the seriousness... why people block ICMP? It is the same person who tries to limit torrents nowadays or insists on restricting sites on the internet with layer7... With the bandwidth available these days, compared to the past, only blocking malformed ICMPs makes sense (ehm... read the ...
by rextended
Thu Jul 29, 2021 10:09 pm
Forum: General
Topic: Block Ping request
Replies: 31
Views: 15619

Re: Block Ping request

It's not a photomanipulation...
Is TRUE....
by rextended
Thu Jul 29, 2021 8:16 pm
Forum: General
Topic: R11e-LTE6 Registration Status Denied
Replies: 7
Views: 297

Re: R11e-LTE6 Registration Status Denied

you set something fixed?
some provider do not like when the user can't be moved between radio and blacklist the device out...
Sorry for my poor english....
by rextended
Thu Jul 29, 2021 8:14 pm
Forum: Beginner Basics
Topic: Not keeping APN
Replies: 4
Views: 238

Re: Not keeping APN

Understand, but without connection you can not upgrade.
Probably on 6.43 newer products like LTE6 are unsupported.
Put back 4G and upgrade?
by rextended
Thu Jul 29, 2021 8:07 pm
Forum: Beginner Basics
Topic: memory 0 MiB
Replies: 2
Views: 187

Re: memory 0 MiB

Already @anav asked you in February what your provider is and you didn't answer him.
by rextended
Thu Jul 29, 2021 8:03 pm
Forum: General
Topic: R11e-LTE6 Registration Status Denied
Replies: 7
Views: 297

Re: R11e-LTE6 Registration Status Denied

registration status denied = SIM not working as expected or your provider do not permit the registration on the network
by rextended
Thu Jul 29, 2021 8:02 pm
Forum: Beginner Basics
Topic: Not keeping APN
Replies: 4
Views: 238

Re: Not keeping APN

Again: RouterOS and RouterBOOT version?
by rextended
Thu Jul 29, 2021 8:01 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 168
Views: 39876

Re: Advanced Routing Failover without Scripting

1b) If I'm not sure if coming back faulty gateway the disrupted connections works again...
by rextended
Thu Jul 29, 2021 7:56 pm
Forum: General
Topic: Block Ping request
Replies: 31
Views: 15619

Re: Block Ping request

I did not know that in Canada they are so sexist that the woman is pictured with shopping bags !!!!!!!!! And they put, in order of preference, Women, Wi-Fi, Money and Food... :))))))) https://c8.alamy.com/comp/2D8GP2C/halifax-seaport-information-direction-sign-at-the-farmers-market-and-cruise-ship-t...
by rextended
Thu Jul 29, 2021 7:50 pm
Forum: General
Topic: Block Ping request
Replies: 31
Views: 15619

Re: Block Ping request

Not only on France:

Image
by rextended
Thu Jul 29, 2021 7:45 pm
Forum: Scripting
Topic: Force Server Binding [SOLVED]
Replies: 2
Views: 228

Re: Force Server Binding [SOLVED]

Well done, thanks

It's the same thing I would have used as answer.
by rextended
Thu Jul 29, 2021 7:42 pm
Forum: Beginner Basics
Topic: Block or Limit Torrents
Replies: 10
Views: 374

Re: Block or Limit Torrents

Simply let the user use the line that pays you.
by rextended
Thu Jul 29, 2021 7:39 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 168
Views: 39876

Re: Advanced Routing Failover without Scripting

1) This is more clear: ALL IS BROKEN, and all (related to the inactive gateway) the connections memorized on connection-track are all invalid, but the system do not clear it until single timeout for each connection is reached. 2) NO, simply can't have a complete list on "when", but are not...
by rextended
Thu Jul 29, 2021 7:32 pm
Forum: Wireless Networking
Topic: Block gateway access from connected wifi clients,
Replies: 15
Views: 552

Re: Block gateway access from connected wifi clients,

on IP firewall RAW add prerouting rule: if src-address=192.168.88.0/24 and dst-address=192.168.1.1 protocol=tcp dst-port=20,21,22,23,80,443 on action select drop
by rextended
Thu Jul 29, 2021 7:27 pm
Forum: Beginner Basics
Topic: Block or Limit Torrents
Replies: 10
Views: 374

Re: Block or Limit Torrents

I stopped doing this several years ago.
The programs have adapted to the countermeasures
and now everything is encrypted and uses standard ports used from other services...
by rextended
Thu Jul 29, 2021 7:10 pm
Forum: The Dude
Topic: change passwords of the devices
Replies: 10
Views: 587

Re: change passwords of the devices

Can not be defined on device property, add more tools / WinBox Function for each port required call it WinBox, WinBox 48291, etc. Original: winbox.exe [Device.FirstAddress] [Device.UserName] [Device.Password] Modified for use port 48291: winbox.exe [Device.FirstAddress]:48291 [Device.UserName] [Devi...
by rextended
Thu Jul 29, 2021 7:05 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 168
Views: 39876

Re: Advanced Routing Failover without Scripting

1) All connection on connection-track and the others are broken, I made some script for clear all "EX" connections, useful for SIP and the others.
2) Yes and not, is not the only reason, like "ping" on external IP
3) 10 seconds
by rextended
Thu Jul 29, 2021 6:51 pm
Forum: Beginner Basics
Topic: Block or Limit Torrents
Replies: 10
Views: 374

Re: Block or Limit Torrents

You ask effective, with this assumption, the reply is NO
by rextended
Thu Jul 29, 2021 6:40 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 8
Views: 4098

Re: Hairpin NAT - the easy way

Add another hostname to your server and you need to change everything again. No... simply open, copy, modify, save, the single DNS static rule. Remove hostname from server, put it somewhere else and watch how everything in your LAN fails, because you forget to remove static entry from router and it...
by rextended
Thu Jul 29, 2021 6:23 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 6326

Re: Does quouting quotes of quotes in consecutive post make any sense?

3
2
1
Is this a trick? Line 4 is actually the same length as line 1 right??
You quote and the 5 disappear, I quote and the 4 disappar, set limit from 5 to 2 remove 99% of useless overquote....
by rextended
Thu Jul 29, 2021 6:08 pm
Forum: Beginner Basics
Topic: No connection after wrong backup file loaded [SOLVED]
Replies: 3
Views: 275

Re: No connection after wrong backup file loaded [SOLVED]

...ping...
@mkx Very Thanks!

Windows version defaults are "do not keep old configuration" and "do not set default values"
Linux appear to have set as default "keep old configuration" and "set default values if old configuration is not keeped"
by rextended
Thu Jul 29, 2021 5:50 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 8
Views: 4098

Re: Hairpin NAT - the easy way

For those examples please ignore grammar errors and any consideration about security or limitating access. Example 1) Internal webserver is reachable worldwide from www.vattelappesca.rex all the Public DNS resolve www.vattelappesca.rex to Public IP 123.45.67.89 That IP is not on RouterBOARD directly...
by rextended
Thu Jul 29, 2021 5:31 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 6326

Re: Does quouting quotes of quotes in consecutive post make any sense?

5
4
3
2
1

I Insist: Simply change on the phpbb administrator panel the limit of max nested quotes from 5 to 2...
by rextended
Thu Jul 29, 2021 5:20 pm
Forum: RouterOS v7 BETA
Topic: Bridge to Wireguard interface [SOLVED]
Replies: 14
Views: 713

Re: Bridge to Wireguard interface [SOLVED]

Reddit is the new "users forum" for MikroTik?
by rextended
Thu Jul 29, 2021 5:10 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 6326

Re: Does quouting quotes of quotes in consecutive post make any sense?

It's about :mrgreen: the unicode 🧔 works indipendenlty... :)
by rextended
Thu Jul 29, 2021 1:11 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 6326

Re: Does quouting quotes of quotes in consecutive post make any sense?

At this point why not use cleartext and remove HTML?
Also why strikeout is missing, and must be done manually?
by rextended
Thu Jul 29, 2021 12:44 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 6326

Re: Does quouting quotes of quotes in consecutive post make any sense?

If still necessary the 3rd, 4th and 5th layer of quotes, I have doubts about the intelligence of people who do not remember what they wrote before or the laziness of going to review the third layer... Also smile are disabled, but if is needed:    फ ¯\_(ツ)_/¯ For me limiting the max nested quote to 2...
by rextended
Thu Jul 29, 2021 12:38 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 6326

Re: Does quouting quotes of quotes in consecutive post make any sense?

But a reply to one-liner do not report again the 3rd nested long post if the one-liner reply to the reply...
by rextended
Thu Jul 29, 2021 12:24 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 6326

Re: Does quouting quotes of quotes in consecutive post make any sense?

...
Simply change on the phpbb administrator panel the limit of nested quotes from 5 to 2?
by rextended
Thu Jul 29, 2021 11:23 am
Forum: Wireless Networking
Topic: Block gateway access from connected wifi clients,
Replies: 15
Views: 552

Re: Block gateway access from connected wifi clients,

Is misunderstandable if your Router have 192.168.1.1 as address, or your Router have 192.168.1.x and another gateway have 192.168.1.1 as IP On 2nd case client do not comunicate directly to 192.168.1.1 but are NATted from router and he source IP address is not client address but Router address (192.1...
by rextended
Thu Jul 29, 2021 1:20 am
Forum: The Dude
Topic: change passwords of the devices
Replies: 10
Views: 587

Re: change passwords of the devices

On post # 4 I have already provided the instruction for do that, read and understand:

viewtopic.php?f=8&t=177166#p869620
by rextended
Thu Jul 29, 2021 1:17 am
Forum: Beginner Basics
Topic: Dual wan
Replies: 10
Views: 487

Re: Dual wan

4a) If is intended use VLAN for provide connection trough VLAN to the all device on LAN, is possible 4b) Other strange meanings: NO Thanks for your reply 1) failover will do fine, but how much time it will take to detect and change? 2) sorry about the typo. 3) what I meant is no data without VPN to...
by rextended
Thu Jul 29, 2021 12:15 am
Forum: General
Topic: How to covert int to hex type value and save it in a string?
Replies: 12
Views: 1494

Re: How to covert int to hex type value and save it in a string?

I hope you like those functions
by rextended
Wed Jul 28, 2021 8:58 pm
Forum: General
Topic: Two providers. Unstable behavior. [SOLVED]
Replies: 9
Views: 381

Re: Two providers. Unstable behavior. [SOLVED]

Ah, ok I misunderstand for labels ;)
by rextended
Wed Jul 28, 2021 8:56 pm
Forum: Beginner Basics
Topic: VPN not working on Passthrough Fixed-LTE connection
Replies: 6
Views: 307

Re: VPN not working on Passthrough Fixed-LTE connection

Sorry, but I do not do that.
If you want help ask on forum,
is full of users also with more knowledge than me.
by rextended
Wed Jul 28, 2021 8:52 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 124
Views: 14001

Re: v7 launch date

To be a moderator is not need to be a staff member
by rextended
Wed Jul 28, 2021 7:57 pm
Forum: The Dude
Topic: change passwords of the devices
Replies: 10
Views: 587

Re: change passwords of the devices

Your reply is vague...
Again:
You want change inside The Dude the saved username and/or password on displayed Devices
OR
you want change username and/or password on the remote devices displayed on The Dude?
by rextended
Wed Jul 28, 2021 7:50 pm
Forum: General
Topic: Auto Failover is not working Properly
Replies: 5
Views: 278

Re: Auto Failover is not working Properly

@feranmi
The OP never cite BGP...
by rextended
Wed Jul 28, 2021 7:07 pm
Forum: General
Topic: Two providers. Unstable behavior. [SOLVED]
Replies: 9
Views: 381

Re: Two providers. Unstable behavior. [SOLVED]

You can use this as start, removing all your actual routes, route rules and mangles /ip dns set servers=1.1.1.1,8.8.8.8 /ip route add comment="A - 1.1.1.1 must be reachable only from ISP1" distance=1 dst-address=1.1.1.1/32 gateway=85.XXX.XXX.1 scope=10 add comment="B - Recursive Routi...
by rextended
Wed Jul 28, 2021 6:51 pm
Forum: Beginner Basics
Topic: VPN not working on Passthrough Fixed-LTE connection
Replies: 6
Views: 307

Re: VPN not working on Passthrough Fixed-LTE connection

If your provider give private Ip than a public ip, you must ask the provider for open vpn,
is impossbile to open from remote to local if double nat is present, without ask the provider
by rextended
Wed Jul 28, 2021 6:34 pm
Forum: General
Topic: Is blocking websites by URL really impossible?
Replies: 12
Views: 410

Re: Is blocking websites by URL really impossible?

@mkx, please check if redacted version is better
Instead of writing...



IDP:
ZyWALL Intrusion Detection and Prevention (IDP)
by rextended
Wed Jul 28, 2021 6:24 pm
Forum: General
Topic: Is blocking websites by URL really impossible?
Replies: 12
Views: 410

Re: Is blocking websites by URL really impossible?

not everybody implemented that part.
Is the true, but for be short I do not want write that, because on future we can't count on that...

@anav IDP for Deep Packet Inspection (DPI)? :?

@NSimpraga IPS / IDS, stands for Intrusion Detection System & Intrusion Prevention System ???
by rextended
Wed Jul 28, 2021 6:22 pm
Forum: General
Topic: Is blocking websites by URL really impossible?
Replies: 12
Views: 410

Re: Is blocking websites by URL really impossible?

And about
  • Layer7 ...
  • Mangle ... using the Layer7 protocol inspector
  • Firewall ... drop the marked packets/connections
Is better to put directly on /firewall filter the "drop if layer7 contain"
by rextended
Wed Jul 28, 2021 6:14 pm
Forum: General
Topic: Is blocking websites by URL really impossible?
Replies: 12
Views: 410

Re: Is blocking websites by URL really impossible?

Why this provocatory question "really impossible?" Is already wroten dozen of time on dozeon of post. Fact for HTTP/HTTPS URL: Block only domain withouot know the full url: On HTTPS with TLS 1.2 or less: possilble with SNI On HTTPS with TLS 1.3 or higher: actually possible like 1.2, but on...
by rextended
Wed Jul 28, 2021 6:10 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 124
Views: 14001

Re: v7 launch date

...it was a scandal if even the site owner was able to change someone else's post...
I ask somethig to hide accidental revealed private data for security,
is not a scandal, is a need.
by rextended
Wed Jul 28, 2021 6:07 pm
Forum: General
Topic: NAT HAIRPIN
Replies: 8
Views: 322

Re: NAT HAIRPIN

Can't do that without bill... :))
by rextended
Wed Jul 28, 2021 5:50 pm
Forum: Beginner Basics
Topic: VPN not working on Passthrough Fixed-LTE connection
Replies: 6
Views: 307

Re: VPN not working on Passthrough Fixed-LTE connection

Ask NEOTEL / Liquid Telecom if block that services.
Also the provider page do not work as expected and have ssl certificate expired...
https://www.neotel.co.za
by rextended
Wed Jul 28, 2021 5:28 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 124
Views: 14001

Re: v7 launch date

Already this forum can be used:

Simply add buglist topic and a list of post for each error and linked separate topic to discuss every problem...
by rextended
Wed Jul 28, 2021 4:49 pm
Forum: General
Topic: NAT HAIRPIN
Replies: 8
Views: 322

Re: NAT HAIRPIN

>...<
by rextended
Wed Jul 28, 2021 4:10 pm
Forum: General
Topic: Changing Audience Led color to Red
Replies: 8
Views: 344

Re: Changing Audience Led color to Red

I have test on Audience RBD25G-5HPacQD2HPnD first revision (not /r2 or /r3) Tested also with 6.48.3, no user-led exist Coming back to point: NOTICE: Like you do not write RouterOS version, you do not write also the exact version of Audience you have... For example SXT family have more than 20 differ...
by rextended
Wed Jul 28, 2021 4:01 pm
Forum: General
Topic: Locked out due to vlan filtering
Replies: 6
Views: 426

Re: Locked out due to vlan filtering

Simply put a pc on MGMT port and use WinBox?
by rextended
Wed Jul 28, 2021 3:44 pm
Forum: General
Topic: Changing Audience Led color to Red
Replies: 8
Views: 344

Re: Changing Audience Led color to Red

by rextended
Wed Jul 28, 2021 3:32 pm
Forum: General
Topic: Enable control of "Audience" color LED via ROS [SOLVED]
Replies: 10
Views: 2270

Re: Enable control of "Audience" color LED via ROS [SOLVED]

You can already do that, example: /system leds add leds=user-led:red type=on add leds=user-led:blue type=off This makes the LED pure red color. Please, can provide more detail about "user-led:red" ? I have test on Audience RBD25G-5HPacQD2HPnD first revision (not /r2 or /r3 if any) I try A...
by rextended
Wed Jul 28, 2021 3:28 pm
Forum: General
Topic: Changing Audience Led color to Red
Replies: 8
Views: 344

Re: Changing Audience Led color to Red

But Audience (I have check, on disbelief, before made my previous post!!!..) do not have any configurable led... NOT on CLI and NOT on WinBox... Ah... My Audience have 6.47.10, but the topic opener forget to say the RouterOS version, as usual... (I try also 6.48.3, 6.49beta54 and 7.1beta7 upgrading ...
by rextended
Wed Jul 28, 2021 3:17 pm
Forum: General
Topic: Find hostname between vlan
Replies: 12
Views: 808

Re: Find hostname between vlan

A good configuration for that is documented here.
But ... just do "my" A-B-C, 3 route Failover, instead of filling the routerboard with useless rules.
For what?
If it's just failover (as written in the guide) what does everything else have to do with it?
by rextended
Wed Jul 28, 2021 3:00 pm
Forum: General
Topic: Find hostname between vlan
Replies: 12
Views: 808

Re: Find hostname between vlan

Hope can make different channel for each SSID (right now all SSID still used master wlan) This can not be maded (on same AP, same wlan). /ip route add check-gateway=ping distance=1 gateway=8.8.8.8 target-scope=30 add distance=1 gateway=192.168.1.1 add distance=2 gateway=192.168.2.1 add distance=1 d...
by rextended
Wed Jul 28, 2021 2:43 pm
Forum: General
Topic: Udp Packet Size Problem Mikrotik Forward
Replies: 2
Views: 189

Re: Udp Packet Size Problem Mikrotik Forward

what method you use to connect to your ISP?
by rextended
Wed Jul 28, 2021 2:28 pm
Forum: Beginner Basics
Topic: Dual wan
Replies: 10
Views: 487

Re: Dual wan

WARNING for other users: I reply without considering bonding or similar... As for the SMIPS devices, for me do not have any sufficient use power What I want is 1) to add second WAN to connect and simultaneously work with WAN 1 2) so if any of them goes down none of the packages packet dropped 3) Als...
by rextended
Wed Jul 28, 2021 2:11 pm
Forum: Wireless Networking
Topic: Chateau LTE12 setup to use external lte antenna
Replies: 2
Views: 181

Re: Chateau LTE12 setup to use external lte antenna

Chateau LTE12 factory and ONLY supported versions are 7.0beta6 or 7.0.2 or 7.0.3 as MikroTik staff says. If you see 7.1betaX something as put wrong beta firmware for that device. USE SEARCH FUNCTION FIRST instead of open useless duplicate topic Until your argument was not present, it was the first r...
by rextended
Wed Jul 28, 2021 2:03 pm
Forum: General
Topic: Changing Audience Led color to Red
Replies: 8
Views: 344

Re: Changing Audience Led color to Red

Who invented this code?

Do you like to invent random commands?

Sarcasm aside, Audience has no configurable LED.
by rextended
Wed Jul 28, 2021 1:55 pm
Forum: Scripting
Topic: /tool fetch url doest work
Replies: 1
Views: 238

Re: /tool fetch url doest work

§ You forget to not send.... directories and disks... Your remote sftp create directories when are not presents? :local filelist "" /file :foreach file in=[find where type!=disk and type!=directory] do={ /tool fetch url=("sftp://XXXXXXX/$file") upload=yes user=backupuser passwor...
by rextended
Wed Jul 28, 2021 1:37 pm
Forum: The Dude
Topic: change passwords of the devices
Replies: 10
Views: 587

Re: change passwords of the devices

The section is The Dude, but your question is too vague. You talk about The Dude Device Settings or the remote devices displayed on The Dude? If you ask that question, your knowledge can be valued and the reply can be: All manual or pasting something on CLI, but still device-by-device. But if your q...
by rextended
Wed Jul 28, 2021 10:23 am
Forum: Wireless Networking
Topic: How many concurrent wireless users can support?
Replies: 22
Views: 28923

Re: How many concurrent wireless users can support?

On the MikroTik forum you ask for suggestions about other vendors?
by rextended
Wed Jul 28, 2021 10:17 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 124
Views: 14001

Re: v7 launch date

Duplicate posts are a problem because there are lazy users who instead of doing a search first and going to the right section, till create a new topic for the same thing... One example is the hundreds of "dual WAN"... But for this reason the research has become dispersed and difficult to u...
by rextended
Wed Jul 28, 2021 10:11 am
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 668

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

Try to contact support@mikrotik.com for bugtrack, thanks
by rextended
Tue Jul 27, 2021 7:33 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 668

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

The rules on WinBox are drag&droppable
and on CLI are moveable...

after a print,
move 125 destination=20
move rule numer 125 just before rule 20
by rextended
Tue Jul 27, 2021 7:24 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 538

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

You remember well, only from 6.4something is posible to use FQDN on /ip firewall address list,
and that create dynamic resolved FQDN to IP, with the TTL set like what is wrote on DNS reply.
by rextended
Tue Jul 27, 2021 7:17 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 668

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

I quote myself.... The rules obviously are ordered, for each chain the order matter. dstnat and srcnat are two different chain of the NAT, like dstnat and srcnat on bridge, like prerouting and output on raw, like input, forward and output on filter, like prerouting, input, forward, output, postrouti...
by rextended
Tue Jul 27, 2021 6:40 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 668

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

Really I do not check in this case what do that's rules... Simply, I simplify on simple way what are simply simplifiable... Netmap is only for create a static 1:1 mapping of one set of IP addresses to another one. For example, can be used for distribute public IP addresses to hosts on private networ...
by rextended
Tue Jul 27, 2021 6:36 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 668

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

The rules obviously are ordered, for each chain the order matter. Did you try this, but you have noticed than not is a netmap but a dst-nat the 2nd rule? add action=src-nat chain=srcnat comment=srv1.domain.com log-prefix=srv1.domain.com out-interface=ether5 src-address=10.122.10.122 to-addresses=200...
by rextended
Tue Jul 27, 2021 4:07 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 538

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

@Anav, I really know that, but I can make mistakes... /ip firewall nat add action=dst-nat chain=dstnat in-interface=pppoe-work dst-port=522 (for example Public IP on RouterBOARD is 4.4.4.4) to-addresses=192.168.x.x to-ports=22 (for example 192.168.2.2) packet->pppoe-work->prerouting->(hotspot-in)->r...
by rextended
Tue Jul 27, 2021 3:55 pm
Forum: General
Topic: Private IP site through public IP site [SOLVED]
Replies: 17
Views: 706

Re: Private IP site through public IP site [SOLVED]

On CA you can set key-usage to: key-cert-sign, crl-sign

On certificates set key-usage to: digital-signature, key-encipherment, tls-server

Like exactly what you write.
by rextended
Tue Jul 27, 2021 3:37 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 538

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

@Anav, on this case the rule influence both the input and the forward, because the NAT rule are also for redirect from RouterBOARD public IP:522 on pppoe-work, to internal 192.168.x.x:22 dst-nat ... in-interface=pppoe-work dst-port=522 ... to-addresses=192.168.x.x to-ports=22 But can be different i...
by rextended
Tue Jul 27, 2021 3:01 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 538

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

1 min reply...

In short, when one packet arrive to routerboard:
pppoe-work->raw->connection-tracking->filter

put the rule on "/firewall raw", chain prerouting
not on "/firewall filter" and clear the already connection tracked with src or dst with that address
by rextended
Tue Jul 27, 2021 2:54 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 8
Views: 4098

Re: Hairpin NAT - the easy way

I prefer to intercept all DNS request (or use for default the DNS on the Routerboard) for "www.mypublicinternalserver.net" and reply with directly the internal IP.
Also where direct public IP are used, are changed with private IP.
Done, no NAT problem.

My network, my rules...
by rextended
Tue Jul 27, 2021 1:32 pm
Forum: General
Topic: Private IP site through public IP site [SOLVED]
Replies: 17
Views: 706

Re: Private IP site through public IP site [SOLVED]

or it will not generate export private key for with it
by rextended
Tue Jul 27, 2021 11:04 am
Forum: Beginner Basics
Topic: ICMP Issue [SOLVED]
Replies: 8
Views: 439

Re: ICMP Issue [SOLVED]

move add action=accept chain=input comment="ACCEPT related,established" connection-state=established,related on top create (paste on terminal) and put this just under the first: /ip firewall filter add action=drop chain=input comment="defconf: DROP invalids" connection-state=inva...
by rextended
Tue Jul 27, 2021 10:50 am
Forum: Beginner Basics
Topic: ICMP Issue [SOLVED]
Replies: 8
Views: 439

Re: ICMP Issue [SOLVED]

do not exist "optimal packet size", must be a range (at least packet-size=0-1600) remove that settings.


WARNING:
add action=accept chain=input comment="ACCEPT DNS" in-interface="ether1 - WAN" protocol=udp src-port=53
expect self-destruction by DDoS
by rextended
Tue Jul 27, 2021 10:43 am
Forum: Beginner Basics
Topic: ICMP Issue [SOLVED]
Replies: 8
Views: 439

Re: ICMP Issue [SOLVED]

Screenshot say nothing... but the export talk: /ip firewall filter add action=accept chain=input comment="ACCEPT ICMP" packet-size=100 protocol=icmp Why packet size 100? Accept only ICMP with exactly that size . You also mix rules, usually est./relat. are on top, and is missing "drop ...
by rextended
Tue Jul 27, 2021 10:39 am
Forum: Beginner Basics
Topic: ICMP Issue [SOLVED]
Replies: 8
Views: 439

Re: ICMP Issue [SOLVED]

/ip firewall filter export
by rextended
Mon Jul 26, 2021 10:23 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 766

Re: Drop Invalid vs. Drop "all"

One explicit thing for be clear: I never say to remove the "invalid" filter on firewall.
by rextended
Mon Jul 26, 2021 8:26 pm
Forum: Beginner Basics
Topic: Looking up cloud.mikrotik.com every second
Replies: 23
Views: 8389

Re: Looking up cloud.mikrotik.com every second

and set all drop down menu to none,
then click on OK
by rextended
Mon Jul 26, 2021 8:21 pm
Forum: General
Topic: Different gateway for two PPPoE server instance
Replies: 12
Views: 816

Re: Different gateway for two PPPoE server instance

??? is the same line on the script on previous post... ???
by rextended
Mon Jul 26, 2021 8:20 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 766

Re: Drop Invalid vs. Drop "all"

You got "Greetigs form Italy"
by rextended
Mon Jul 26, 2021 7:56 pm
Forum: General
Topic: Dual wan with Load Balance| Fail over | Merge
Replies: 10
Views: 473

Re: Dual wan with Load Balance| Fail over | Merge

how can i do this? can you make a script for me?
hi, thanks for your response reply,
You already do it and is terribly wrong.

Is impossible to merge all bandwidth speed together from more different ISP.
by rextended
Mon Jul 26, 2021 7:49 pm
Forum: General
Topic: Different gateway for two PPPoE server instance
Replies: 12
Views: 816

Re: Different gateway for two PPPoE server instance

The routing is routing and the mangling is mangling. The "mangling" is moved on proper place, the routes rules /ip route add check-gateway=ping distance=10 gateway=172.16.4.1 add check-gateway=ping distance=10 gateway=172.16.4.1 routing-mark=PPPoE1 add check-gateway=ping distance=10 gatewa...
by rextended
Mon Jul 26, 2021 7:33 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 766

Re: Drop Invalid vs. Drop "all"

Uhm...
by rextended
Mon Jul 26, 2021 7:28 pm
Forum: General
Topic: Dual wan with Load Balance| Fail over | Merge
Replies: 10
Views: 473

Re: Dual wan with Load Balance| Fail over | Merge

no firewall and /ip dns set allow-remote-requests=yes
=
all world is not enough...
by rextended
Mon Jul 26, 2021 7:12 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 766

Re: Drop Invalid vs. Drop "all"

If I do not remember wrong, the last packet on TCP connection is not a FIN (server->client) but consecutive "last ACK" (client->server) Server: FINished! Client: ACKnowledged. And if the server do not receive ACK, close the connection after some time, depend on settings, on meantime the co...
by rextended
Mon Jul 26, 2021 7:00 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 668

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

You can reduce for example all that to: add action=src-nat chain=srcnat comment=srv1.domain.com log-prefix=srv1.domain.com out-interface=ether5 src-address=10.122.10.122 to-addresses=200.200.9.9 add action=dst-nat chain=dstnat comment="srv1.domain.com" dst-address=200.200.9.9 dst-port=20,2...
by rextended
Mon Jul 26, 2021 6:46 pm
Forum: Scripting
Topic: Command "/ip address get " not working anymore
Replies: 3
Views: 439

Re: Command "/ip address get " not working anymore

Ok, I know how clear your last doubt, if the interface can have only one IP, the result are one string and that works: :put [/ip address get [find where interface=<pppoe-xxxxxxx>] address] [rextended@MATRIX] > :put [:len [/ip address find where interface=ether1]] 1 [rextended@MATRIX] > :put [:len [/...
by rextended
Mon Jul 26, 2021 6:40 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 810

Re: Hex vs Hex S [SOLVED]

IT... ITaly country code? ;)))
by rextended
Mon Jul 26, 2021 6:27 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 668

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

About /ip settings set the rp-filter to loose. They do not influence NAT, but do not use strict if you use routing tables or complex routing. I have never had so many NAT rules on one device, and if I think that if I sum the NAT rules of all my network devices (excluding NAT on CPE), I do not reach ...
by rextended
Mon Jul 26, 2021 6:17 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 810

Re: Hex vs Hex S [SOLVED]

Here, since I know You won't listen to reason. This test was made pointing to a server hosted by another ISP, in another city. Happy now? https://www.speedtest.net/result/11785100650 @Paternot, a self-test using "Predialnet" to "PredialNet" with 0ms is really not indicative of a...
by rextended
Mon Jul 26, 2021 5:53 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 766

Re: Drop Invalid vs. Drop "all"

Yes, sorry for all for poor traduction... I try to extremely summarize without write too much why: IF some services on LAN side are opened for WAN (NATted or using directly a Public IP) Try to not drop TCP packet than appear to be with source "bogon-used-on-lan" coming from WAN directed to...
by rextended
Mon Jul 26, 2021 5:37 pm
Forum: General
Topic: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]
Replies: 17
Views: 678

Re: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]

Next step is smartphone, if have only 1 stream (1S), you can not do anything, and using "g" or "n" really do not change anything... The 72.2Mbps-20Mhz/1S/SGI probably is the max for your smartphone If you can use a smartphone with 2 strams (2 antennas inside) you can reach 100Mbi...
by rextended
Mon Jul 26, 2021 5:19 pm
Forum: General
Topic: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]
Replies: 17
Views: 678

Re: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]

do not expect so much on 2,4GHz wifi... if the datarate is, for example 54Mbps, you really can obtain a speed from 18 to 24Mbps for channel (if no interferences present) 36 to 48Mbps if you use two channel 20+20 If you want more, you need to use a 5GHz AP, but have shorter range because 5GHz are wel...
by rextended
Mon Jul 26, 2021 5:11 pm
Forum: General
Topic: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]
Replies: 17
Views: 678

Re: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]

Exactly what I wrote: You have randomly set parameters and activated eap and tkip For default are not set on that way. paste this on terminal without omit { } : { /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik set OfficePassword disable-pmkid=yes authenti...
by rextended
Mon Jul 26, 2021 5:05 pm
Forum: General
Topic: Slow wireless speed on Mikrotik RB912UAG-2HPnD [SOLVED]
Replies: 17
Views: 678

Re: Unable to connect wireless device to Mikrotik RB912UAG-2HPnD On band "Only N" [SOLVED]

You have randomly set parameters and activated eap and tkip
by rextended
Mon Jul 26, 2021 4:54 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 810

Re: Hex vs Hex S [SOLVED]

I have an hEX (not hEX S), and it is quite impressive what it does. Using PPPoE and a lot of fast path, this is what i get:

https://www.speedtest.net/result/11784560893
0ms ping? self hosted speedtest...

Do realistic speedtest..
https://www.speedtest.net/result/11784773999
by rextended
Mon Jul 26, 2021 3:02 pm
Forum: Beginner Basics
Topic: simple client setup
Replies: 15
Views: 802

Re: simple client setup

If I, @tangent and @normis has not understand what you want is because you can't explain yourself at all. Non fare il Pollo, this is user forum, who say than this is support forum? Is written everywhere, for support contact support@mikrotik.com If you buy one MikroTik device (or another brand device...
by rextended
Mon Jul 26, 2021 2:36 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 766

Re: Drop Invalid vs. Drop "all"

>retry later to explain<
by rextended
Mon Jul 26, 2021 2:14 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 810

Re: Hex vs Hex S [SOLVED]

On my home I have hEX S for routing, CRS112-8P-4S for switching, and one Audience as... AP , and two CPE, one SXTsq 5 ac as main and one DynaDish 5 for failover On hEX S i have dozen of firewall rules, http and https ad blocking, site blocking, etc. etc. etc. hEX S work really smooth, but I do not l...
by rextended
Mon Jul 26, 2021 1:43 pm
Forum: General
Topic: How to install CloudFlare origin SSL certificate on mikrotik
Replies: 4
Views: 300

Re: How to install CloudFlare origin SSL certificate on mikrotik

you can copy the rule for the port 443, but all the work is inside the server
by rextended
Mon Jul 26, 2021 1:05 pm
Forum: Scripting
Topic: Command "/ip address get " not working anymore
Replies: 3
Views: 439

Re: Command "/ip address get " not working anymore

Your command is not a workaround, simply also :pick can do what described here. [:pick array 0] = get element 0 of array (the array start with first element numbered 0) The command "get interface address" return everytime (if interface exist) one array because a single interface can have o...
by rextended
Mon Jul 26, 2021 10:14 am
Forum: General
Topic: Feature Request: RouterOS Nightly
Replies: 4
Views: 471

Re: Feature Request: RouterOS Nightly

Closed "Nightly", open only for selected persons?
by rextended
Sun Jul 25, 2021 6:56 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 13
Views: 412

Re: Network cannot be accessed after L2TP address pool change

Sincerely I have no idea, just you try to reboot the device? You can do two things at the same time, full backup first, save to pc and Upgrade to 6.47.10 last long-term, the upgrade cause RouterBOARD reboot. I ask you a courtesy, if possible, when you found the cause, write back here on forum to hel...
by rextended
Sun Jul 25, 2021 6:34 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 13
Views: 412

Re: Network cannot be accessed after L2TP address pool change

One question, you use radius also for access winbox and CLI on this device? Is set as I describe it. Sorry, on first read I miss those, paste on terminal: { /ip dhcp-server set [find] authoritative=yes /interface bridge port set [find] hw=yes } But at this point for me the RouterBOARD (ignoring old ...
by rextended
Sun Jul 25, 2021 6:25 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 13
Views: 412

Re: Network cannot be accessed after L2TP address pool change

Try to temporarly stop all drop firewall filter rules,
you sure no fixed parameters are set on remote devices?
on radius server, the profiles use the right pool name? from VPN to VPN230?
by rextended
Sun Jul 25, 2021 5:31 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 13
Views: 412

Re: Network cannot be accessed after L2TP address pool change

Paste this on terminal, without omit the { } : { /interface bridge fast-forward=yes /interface ethernet set [ find default-name=ether1 ] speed=1Gbps set [ find default-name=ether2 ] speed=1Gbps set [ find default-name=ether3 ] speed=1Gbps set [ find default-name=ether4 ] speed=1Gbps set [ find defau...
by rextended
Sun Jul 25, 2021 5:15 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 13
Views: 412

Re: Network cannot be accessed after L2TP address pool change

Apart of this problem,
I suggest first to upgrade to 6.47.10, 6.43 is too old and some hack are well know.

Now I read the export and write adout it
by rextended
Sun Jul 25, 2021 4:17 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 13
Views: 412

Re: Network cannot be accessed after L2TP address pool change

If the address are real private address and not "censored" for the forum:

Make one /export and find all the occurrencies of "250", probably you miss something.

If do not work, the problem can be one fixed settings on remote machines
by rextended
Sun Jul 25, 2021 4:13 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 1051

Re: Input firewall filter prioritization [SOLVED]

Sometime I use this hack when I do not have time to VPN or others...
If Gogole is not blocked...
https://translate.google.com/translate? ... krotik.com
by rextended
Sun Jul 25, 2021 4:09 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 1051

Re: Input firewall filter prioritization [SOLVED]

Can I ask you where you live?
by rextended
Sun Jul 25, 2021 4:08 pm
Forum: Useful user articles
Topic: How to: Edge router and BNG optimization for ISPs Topic is solved
Replies: 10
Views: 1786

Re: How to: Edge router and BNG optimization for ISPs Topic is solved

Well, thanks moderatos/staff to pin this topic.
by rextended
Sun Jul 25, 2021 4:01 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5730

Re: Dude connects to ROS devices every minute and then disconnects

Probably as @mkx explain on another topic my english is not so well...

Smply: Sorry.
by rextended
Sun Jul 25, 2021 3:58 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 1051

Re: Input firewall filter prioritization [SOLVED]

Thanks @mkx for the courtesy of explaining ;)



@anav, but how do they come to your mind? :)))
by rextended
Sun Jul 25, 2021 2:36 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5730

Re: Dude connects to ROS devices every minute and then disconnects

If you call someone you are a juvenile jerk. I don't understand this sentence, who should I call? This is a user forum , and you keep to not understand, if you do not want opinons, do not write, You still keep this behavior because you do not understand simply this two sentences: It's perfectly nor...
by rextended
Sun Jul 25, 2021 2:25 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5730

Re: Dude connects to ROS devices every minute and then disconnects

Go ahead and write direct posts to the developers, who can't wait to come here on this topic to see what you write, but don't quote others when you do , or it seems that you write to the quoted... I doubt that they will give you the slightest listen if you have not even understood the two bold lines...
by rextended
Sun Jul 25, 2021 2:15 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5730

Re: Dude connects to ROS devices every minute and then disconnects

Everything I wrote does not apply to you Sorry, but I misunderstand, you wroted continuosly without break... Here, look at this beauty. No wonder the dude is going crazy. And now imagine if the dude has a 3000 routerboard. That is the Log of ONE RouterBOARD, not the Log of The Dude, or at most it i...
by rextended
Sun Jul 25, 2021 2:08 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5730

Re: Dude connects to ROS devices every minute and then disconnects

Also, how can you write this lie that can't repeat the problem. Who write "can't repeat the problem"??? Are you holding us fools ??? For you there is no need, you already are if you read things that I have not written ... This is a question for developers. And this is a user forum, not a ...
by rextended
Sun Jul 25, 2021 1:54 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 1051

Re: Input firewall filter prioritization [SOLVED]

what are you writing? [...] I try to explain better: is for the "troll part", I want to notice to you I already have write possibly helping solution, not one "troll post". also @msatter say "It is really strange and your ISP is keeping an eye on that port because of DDos at...
by rextended
Sun Jul 25, 2021 10:26 am
Forum: Scripting
Topic: Script Not Working
Replies: 1
Views: 288

Re: Script Not Working

why [10.0.0.2] ? Simply write the IP using url "mode" and "http-method" are useless (https url = https mode, ? on ulr = get mode, post is unnecessary) This is based on another script I have revised, send only one messages when status change. :local host 10.0.0.2 :global hoststatu...
by rextended
Sun Jul 25, 2021 10:21 am
Forum: General
Topic: Static Public IP for Private Network
Replies: 4
Views: 412

Re: Static Public IP for Private Network

I do not understan what you ask, Sorry.

If all outbound go to router1 why you need to modify something on route2?
Simply let router1 to do the.. router...
by rextended
Sun Jul 25, 2021 10:05 am
Forum: General
Topic: Different gateway for two PPPoE server instance
Replies: 12
Views: 816

Re: Different gateway for two PPPoE server instance

Paste this on terminal and use this as start point. I hope I've wroted it correctly. Each line is a failover for the other, if for some reason one of the two ISP go down. /ip route add check-gateway=ping distance=10 gateway=172.16.4.1 routing-mark=PPPoE1 add check-gateway=ping distance=20 gateway=17...
by rextended
Sun Jul 25, 2021 9:43 am
Forum: General
Topic: IPv4 only network DNS issues with mobile devices [SOLVED]
Replies: 11
Views: 575

Re: IPv4 only network DNS issues with mobile devices [SOLVED]

I mean this, not on NAT but on fiilters: 6.6.6.6 is the smartphone IP just for do the test /ip fire filter add action=drop chain=forward dst-address=8.8.8.8 dst-port=53 protocol=tcp src-address=6.6.6.6 add action=drop chain=forward dst-address=8.8.8.8 dst-port=53 protocol=udp src-address=6.6.6.6 add...
by rextended
Sun Jul 25, 2021 2:40 am
Forum: General
Topic: IPv4 only network DNS issues with mobile devices [SOLVED]
Replies: 11
Views: 575

Re: IPv4 only network DNS issues with mobile devices [SOLVED]

Try to instead of redirect,
drop on firewall filter forward the direct connections from "pool of smartphone ip" to the IP 8.8.8.8 and 8.8.4.4
On this way probably the device must be forced to use internal provided IP from DHCP Server
by rextended
Sun Jul 25, 2021 1:52 am
Forum: Useful user articles
Topic: How to: Edge router and BNG optimization for ISPs Topic is solved
Replies: 10
Views: 1786

Re: How to: Edge router and BNG optimization for ISPs Topic is solved

You right, but i do not understand why some basic settings are not set as default like rp-filter=loose instead of no, permit blank/not strong password, still use "admin", just for example.
I hope 7 on new kernel work faster and stronger.
by rextended
Sun Jul 25, 2021 1:28 am
Forum: General
Topic: Route for traffic coming from pptp
Replies: 3
Views: 366

Re: Route for traffic coming from pptp

Is hard if you do not:
draw a schema with necessary data on it,
provide the relevant sections of the /export hide-sensitive from the 3 devices.
by rextended
Sun Jul 25, 2021 1:14 am
Forum: Useful user articles
Topic: How to: Edge router and BNG optimization for ISPs Topic is solved
Replies: 10
Views: 1786

Re: How to: Edge router and BNG optimization for ISPs Topic is solved

Yes, is ancient with no doubt.

6.x use the 3.3.5 May 2012

7.1beta6 use the 5.6.3 Jun 2020

8 years are one abyss on technology...


Ask moderators/staff to pin this topic
by rextended
Sun Jul 25, 2021 1:11 am
Forum: General
Topic: recover a Mikrotik over another Mikrotik (same LAN) [SOLVED]
Replies: 8
Views: 524

Re: recover a Mikrotik over another Mikrotik (same LAN) [SOLVED]

IF you do not have rebooted the router do /undo , and wait some seconds, sometimes, on router terminal until go back online as before...
by rextended
Sun Jul 25, 2021 1:07 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 1051

Re: Input firewall filter prioritization [SOLVED]

Okay, I wasn't clear, I was asking you if I bothered you, like mkx want say...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 17