Community discussions

Search found 37 matches

by CodeXploit
Mon Apr 18, 2016 3:49 pm
Forum: Beginner Basics
Topic: Forward to Proxy
Replies: 4
Views: 503

Re: Forward to Proxy

Hello,

What you need is a transparent proxy. take a look at this : http://wiki.mikrotik.com/wiki/Manual:IP ... on_example

Regards,

Lets say this is the proxy i would like to use that is located in France :

IP : 62.23.15.92
PORT : 3128
by CodeXploit
Mon Apr 18, 2016 3:33 pm
Forum: Beginner Basics
Topic: Forward to Proxy
Replies: 4
Views: 503

Re: Forward to Proxy

Hello, What you need is a transparent proxy. take a look at this : http://wiki.mikrotik.com/wiki/Manual:IP/Proxy#Transparent_proxy_configuration_example Regards, Thank you for your suggestion. But i need forward all traffic to exact IP address and port i dont see that setting in transparent proxy. ...
by CodeXploit
Mon Apr 18, 2016 2:11 pm
Forum: Beginner Basics
Topic: Forward to Proxy
Replies: 4
Views: 503

Forward to Proxy

I have a interesting request from a customer. So to understand what they want i will try to explain. They are using some goverment network and the goverment network requirement is to use proxy for computers to access internet. All the clients in the network have proxy settings set in Internet explor...
by CodeXploit
Tue Mar 15, 2016 11:06 pm
Forum: Beginner Basics
Topic: Access To MikroTik remote
Replies: 16
Views: 1561

Re: Access To MikroTik remote

Is there a way to log in to a remote MikroTik by vpn Is there any solution Because of my work in another province Thank you for your patience :) Why don't you just access it via winbox or SSH and limit the port to your IP. Or use port knocking. I want to enter from another province and I have no ip...
by CodeXploit
Tue Mar 15, 2016 10:18 pm
Forum: Beginner Basics
Topic: Access To MikroTik remote
Replies: 16
Views: 1561

Re: Access To MikroTik remote

Is there a way to log in to a remote MikroTik by vpn

Is there any solution Because of my work in another province

Thank you for your patience :)
You can look at my blog there are some tutorials in PPTP VPN and SSTP VPN.

Blog.codexploit.si
by CodeXploit
Tue Mar 15, 2016 10:13 pm
Forum: Beginner Basics
Topic: Access To MikroTik remote
Replies: 16
Views: 1561

Re: Access To MikroTik remote

Is there a way to log in to a remote MikroTik by vpn

Is there any solution Because of my work in another province

Thank you for your patience :)
Why don't you just access it via winbox or SSH and limit the port to your IP. Or use port knocking.
by CodeXploit
Fri Mar 04, 2016 6:44 pm
Forum: Beginner Basics
Topic: [SOLVED] Cant access RB952Ui-5ac2nD after hard reset
Replies: 4
Views: 1767

Re: Cant access RB952Ui-5ac2nD after hard reset

Thank you very much. You were exactly right. Now i finally can sink in 100 of hours to config it to my liking. ;) If you are new to mikrotik look at my blog I did post some usefully information for begginers, I'm no top notch expert but some info is very usefull. And let me know what u think. blog....
by CodeXploit
Thu Mar 03, 2016 12:33 pm
Forum: Beginner Basics
Topic: [SOLVED] Cant access RB952Ui-5ac2nD after hard reset
Replies: 4
Views: 1767

Re: Cant access RB952Ui-5ac2nD after hard reset

Thank you very much. You were exactly right. Now i finally can sink in 100 of hours to config it to my liking. ;) Haha... 100 he said :D Mikrotik is a neverending story, you will always come up with new ideas how to secure something, restrict something, oh... how about VPN, Transparen Proxy, Site 2...
by CodeXploit
Thu Mar 03, 2016 10:55 am
Forum: Beginner Basics
Topic: I cann't use ftp server on router from outside after change default ftp port
Replies: 15
Views: 1922

Re: I cann't use ftp server on router from outside after change default ftp port

Does it put the Android IP on a port scanning list ? What rule blocks it ? This one: chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=ftp_blacklist address-list-timeout=0s log=no log-prefix="" I have wrote a python program to scan all audio files in ftp server. The...
by CodeXploit
Tue Mar 01, 2016 7:31 pm
Forum: Beginner Basics
Topic: allow websites
Replies: 4
Views: 692

Re: allow websites

hi, I want to buy a new firewall. But i have some questions. In the office we have only one pc and we want to block all web sites and allow to just (exp) http://forum.mikrotik.com/ and http://www.accuweather.com/ i found it this model RB951Ui-2HnD and this model RB951G-2HnD which one is suitable fo...
by CodeXploit
Tue Mar 01, 2016 6:10 pm
Forum: Beginner Basics
Topic: extending network range
Replies: 31
Views: 6182

Re: extending network range

thanks guys. and hardware wise what do you think, go with another hap ac lite, or get something better to replace it as the first device, or maybe with one of the hot spot/access point offerings like cAP-2n, or maybe a RB951G-2HnD ... so many choices.... If this was my network I would definitely go...
by CodeXploit
Mon Feb 29, 2016 7:47 pm
Forum: Beginner Basics
Topic: [SOLVED] Cant access RB952Ui-5ac2nD after hard reset
Replies: 4
Views: 1767

Re: Cant access RB952Ui-5ac2nD after hard reset

Hi, i have the RB952Ui-5ac2nD. Played around a little bit and all worked well. Then i tried to reset via the reset button. All the leds flash like in the manual but i cannot access the router anymore. Not via wlan or via ethernet link. I can access it with netinstall so i flashed latest 6.34.2 (Cur...
by CodeXploit
Mon Feb 29, 2016 10:16 am
Forum: Beginner Basics
Topic: Newbee RB2011UiAS-IN
Replies: 34
Views: 2251

Re: Newbee RB2011UiAS-IN

If I connect the server directly on the mikrotik router port and after I connect the router to the switch, it is possible to isolate my 20 machines for accessing the server on mikrotik port? And the other machine no? That I think you can. Just add rule in forward chain for the traffic coming from a...
by CodeXploit
Sun Feb 28, 2016 11:24 pm
Forum: Beginner Basics
Topic: Newbee RB2011UiAS-IN
Replies: 34
Views: 2251

Re: Newbee RB2011UiAS-IN

I have a 24 ports switch, 20 users on invoice software and others 20 users on internet. And I dont want the invoice' users see other users on internet or vice versa. Thanks for help. The other option is to create another subnet on a Mikrotik and phisicaly separate the machines with a secondary swit...
by CodeXploit
Sun Feb 28, 2016 10:44 pm
Forum: Beginner Basics
Topic: Newbee RB2011UiAS-IN
Replies: 34
Views: 2251

I think you mean intranet a.k.a network. You can't solve this problem with router rules you need a switch that can configure vlans. Since all tragic between machines is managed by the switch.
by CodeXploit
Sun Feb 28, 2016 12:17 pm
Forum: Beginner Basics
Topic: Newbee RB2011UiAS-IN
Replies: 34
Views: 2251

Re: Newbee RB2011UiAS-IN

Last question, I dont want to block internet access, my internet have a fixed ip and dns, it is easy for me to block access to the internet. I only want users of the IP addresses list see them and not others users on the rest of the networks. Thanks again. I think for you to accomplish that you wil...
by CodeXploit
Sun Feb 28, 2016 11:56 am
Forum: Beginner Basics
Topic: Problems with Mikrotik VPN Client features
Replies: 1
Views: 823

How about SSTP with certificate? That works great for me. And is easy to setup from any windows OS.
It works over 443 port so it will work on basically all networks since even the most restrictive networks must allow https traffic for internet to work properly.
by CodeXploit
Fri Feb 26, 2016 5:18 pm
Forum: Beginner Basics
Topic: Newbee RB2011UiAS-IN
Replies: 34
Views: 2251

Re: Newbee RB2011UiAS-IN

Just a headsup.. your firewall has no Input chain firewall rules meaning router itself is wide open. As far as your other question goes i think you can solve your problem just by editing your rule 5, and add your ALLOW list to advanced Tab / Src. Address list and click Apply. Let us know if any of ...
by CodeXploit
Fri Feb 26, 2016 3:40 pm
Forum: Beginner Basics
Topic: Newbee RB2011UiAS-IN
Replies: 34
Views: 2251

Re: Newbee RB2011UiAS-IN

Just a headsup.. your firewall has no Input chain firewall rules meaning router itself is wide open. As far as your other question goes i think you can solve your problem just by editing your rule 5, and add your ALLOW list to advanced Tab / Src. Address list and click Apply. Let us know if any of o...
by CodeXploit
Thu Feb 25, 2016 11:16 am
Forum: Beginner Basics
Topic: Newbee RB2011UiAS-IN
Replies: 34
Views: 2251

Re: Newbee RB2011UiAS-IN

Ok i had time to play with one router so i did your config. What i don't know here is if you would like to just block internet access for all other IP adresses other then 192.168.88.10-192.168.88.20 or would you like to disable all cumunication on the network except the 192.168.88.10-192.168.88.20. ...
by CodeXploit
Wed Feb 24, 2016 11:55 pm
Forum: Beginner Basics
Topic: 100/4 MB internet + Mikrotik model
Replies: 5
Views: 574

Re:

Your actual router can manage that with fasttrack depending on how it is set and what functionality do you need to use. Maybe you don't need to buy anything else. I have aprox 20 firewall rules like port scan detection, limited access to open ports, etc. Can those rules be used with fastrack. I did...
by CodeXploit
Wed Feb 24, 2016 8:19 pm
Forum: Beginner Basics
Topic: Newbee RB2011UiAS-IN
Replies: 34
Views: 2251

Ampm57 - please visit my blog at blog.codexploit.si there reead some basics. I was new to mikrotik and it was confusing even with my background. Load Winbox for config. Im a bit busy now so i will come back to help as soon as i can.

Sent from my LG-H960 using Tapatalk
by CodeXploit
Wed Feb 24, 2016 7:30 pm
Forum: Beginner Basics
Topic: Newbee RB2011UiAS-IN
Replies: 34
Views: 2251

Re: Newbee RB2011UiAS-IN

For an address list, I'd say add them one by one - I don't think Mikrotik's implementation supports ranges. If you really want to keep things tight, you could define your range as a CIDR range - e.g. 192.168.88.32/28 This means 192.168.88.32-47 (remember that round numbers to humans and round numbe...
by CodeXploit
Wed Feb 24, 2016 12:56 pm
Forum: Beginner Basics
Topic: I cann't use ftp server on router from outside after change default ftp port
Replies: 15
Views: 1922

Re: I cann't use ftp server on router from outside after change default ftp port

I added the rules, but scanning from the web site doesn't block. :? And another note: I am looking for android audio player which can plays files from ftp server. I am testing Neutron (Eval) and when I start playing the router blocks the android device IP Does it put the Android IP on a port scanni...
by CodeXploit
Wed Feb 24, 2016 12:48 pm
Forum: Beginner Basics
Topic: I cann't use ftp server on router from outside after change default ftp port
Replies: 15
Views: 1922

Re: I cann't use ftp server on router from outside after change default ftp port

I added the rules, but scanning from the web site doesn't block. :? And another note: I am looking for android audio player which can plays files from ftp server. I am testing Neutron (Eval) and when I start playing the router blocks the android device IP Set them up like this http://blog.codexploi...
by CodeXploit
Wed Feb 24, 2016 12:11 pm
Forum: Beginner Basics
Topic: 100/4 MB internet + Mikrotik model
Replies: 5
Views: 574

Re: 100/4 MB internet + Mikrotik model

Would RB952Ui-5ac2nD be sufficient ?
by CodeXploit
Wed Feb 24, 2016 11:00 am
Forum: Beginner Basics
Topic: 100/4 MB internet + Mikrotik model
Replies: 5
Views: 574

100/4 MB internet + Mikrotik model

Hello i need your opinion guys. I am upgrading my internet connection to 100/4Mb from 15/1Mb. I used to have RB751U-2HnD but that router didnt work that well, i had to reboot him regulary so i just swaped him for hEX Lite. And its working great. But i could do new netinstall on RB751U-2HnD and see i...
by CodeXploit
Wed Feb 17, 2016 11:59 pm
Forum: Beginner Basics
Topic: hAP lite Mikrotik VPN
Replies: 2
Views: 860

Did you enable proxy-arp on the bridge?

Sent from my LG-H960 using Tapatalk
by CodeXploit
Wed Feb 17, 2016 11:36 pm
Forum: Beginner Basics
Topic: Different DNS Servers for Different Ports
Replies: 12
Views: 3539

Do all need access to same subnet, or is this a guest wlan configuration? Can u use 2 DHCP servers on 2 separate subnets? Why such a demand...

Sent from my LG-H960 using Tapatalk
by CodeXploit
Wed Feb 17, 2016 11:24 pm
Forum: Beginner Basics
Topic: I cann't use ftp server on router from outside after change default ftp port
Replies: 15
Views: 1922

Re: I cann't use ftp server on router from outside after change default ftp port

It is working http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention It was problem with rules order. But why created address list is deleted after reboot the router Well that is just the way MT works. I have a bunch of such rules for every open port or portscan attempt. One solution would be to...
by CodeXploit
Wed Feb 17, 2016 12:12 am
Forum: Beginner Basics
Topic: I cann't use ftp server on router from outside after change default ftp port
Replies: 15
Views: 1922

You should rethink your approach. Changing port will not stop bruteforcing. Someone will rescan your external IP and start bruteforcing that new port. You need to set up a firewall rule that blocks traffic from that ip if such bruteforce attempt is made.

Sent from my LG-H960 using Tapatalk
by CodeXploit
Wed Feb 17, 2016 12:06 am
Forum: Beginner Basics
Topic: TikTool for MikroTik
Replies: 10
Views: 1742

You need to enable api under IP\Service

Sent from my LG-H960 using Tapatalk
by CodeXploit
Wed Feb 03, 2016 10:17 am
Forum: Beginner Basics
Topic: Sending E-mail when IP is added to address list
Replies: 3
Views: 1020

Re: Sending E-mail when IP is added to address list

Use the log function in the firewall rule and have the action specified as an e-mail. /ip firewall filter add action=add-src-to-address-list address-list=PSD (insert matchers here) chain=forward log=yes log-prefix=PSD /system logging action add email-to=myaddress@somewhere.com name=emailPSD target=...
by CodeXploit
Tue Jan 26, 2016 10:22 am
Forum: Beginner Basics
Topic: PPTP server internet problem
Replies: 5
Views: 891

Re: PPTP server internet problem

I don't have a solution for your problem, just a recomendation. Rather then using PPTP use SSTP with certificate. Its simpler, safer and because it works over port 443 it will work everywhere, while PPTP may not work on some more restrictive networks, that only allow port 80 and 443, like some free ...
by CodeXploit
Mon Jan 25, 2016 12:10 pm
Forum: Beginner Basics
Topic: Sending E-mail when IP is added to address list
Replies: 3
Views: 1020

Sending E-mail when IP is added to address list

Hi, I am trying to make this simple thing (i guess) and have no succes with it. I have firewall rule that detects port scanning. I would like that when another IP is added to dinamic Address list to trigger the Script that notifies me about that activity. I have this working script allready in but i...