MikroTik

Next one

qqq1.PNG

It's not a matter of disk space etc. It is a matter of usability and understanding what you read and comment ... and respect for others. Sorry if anyone feels miffed but if you read a post and the next post quotes what you have read 1s ago and the next one quotes quoted posts read 2 s ago. It is not...

Perfect example of quotting ... additionaly it is the the example of reported discussion not related to the topic.

pinkq.PNG

Resize this window.

:local domainname "mydomain.local" :local dnsrecord [/ip dns static find where address=$leaseActIP ] :if ( $leaseBound = 0 ) do={ :if ( [ :len $dnsrecord ] > 0 ) do={ :log warning ("DNS release record for $[/ip dns static get $dnsrecord name] ( $leaseActIP )") /ip dns static rem...

To talk from the inside world to the outside world you don't need to do nothing special with default rules. To let strangers talk to your internal host read this https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Destination_NAT To let to talk to your internal hosts via external addresses from lo...

Fixes for 6.48 probably are tested with 6.49 ...

@jgerek ... could you be so kind and please do not quote whole posts? Use "Post reply" instead of "Quote"
See link in my footer.
That is why I am asking for ... look at the screenshot .. more than 50% of your post is not worth reading

post2021.PNG

So far so good ... long uptimes ... the one with 12d has shorter uptime due to power outgage in an external building.
CAPSMAN running.

648.PNG

Close tabs one by one and check which one causes CPU hogging.

BTW ... use "Post reply" button instead of "quote" ... se link in my footer.

OP post removed due to spam.
Topic clodes.

https://wiki.mikrotik.com/wiki/Hairpin_NAT

A. Do not quote preceding post ... no need ... follow the link in my signature B. You connect your computer to mAP lite not with USB but with LAN ... it is the only difference from your requirement C. There is "bigger" device https://mikrotik.com/product/RBmAP2nD#fndtn-gallery if you need ...

There are no lists of lists.

37.160.0.0/12 means circa 10^6 addresses so there is a chance that it is not your router infected :-)

What for?

Just assign them static IPs in DHCP and mark by address.

For CAPSMAN make access list which kicks off form 2.4GHz if signal is too low.

https://wiki.mikrotik.com/wiki/Hairpin_NAT

Use raw filters

Use Winbox to connect using MAC address not IP address.
If you see your router in the Neighbourhood then click on MAC address wich will be copied as an address to connect to.

The main problem/misuderstanding in this discussion is that sometimes you/we have to be flexible in terms of used vocabulary and accept slightly different meaning in different ROS' configuration areas. It is not a SOHO router and some network knowledge is expected. That is why MCNA course should be ...

As 192.168.88.48 is the first address covered by /28 subnet mask so it is the network address. Same way 192.168.88.0 is the network address for /24 mask You can't directly use the first and the last addresses from the defined range as they are reserved for network purposes. Another example: CIDR Ran...

@sindy & @mkx IMHO 192.168.88.1/24 is not equal to 192.168.88.0/24. 192.168.88.1/24 could be recalulated to 192.168.0/24 in some places for our convenience by ROS when we enter it but it is just an "input sugar". 192.168.88.1/24 is the short notation of the ONE address 192.168.88.1 loc...

Idea, Use iBGP for this. Install any computer which could expand ASNs of FB, Youtube etc. to current subnets. Put them into routing table and redirect to blackhole. Peer it to you router with BGP. PROS: could be done quite easy. CONS: YT and Google share resources so blocking YT could block search e...

Ask any of your prefferd/known distributors: https://mikrotik.com/buy/asia

Read this https://wiki.mikrotik.com/wiki/Manual:I ... all/Filter
and this https://help.mikrotik.com/docs/display/ ... t+Firewall

More details please. What is your condig?

Are you aware that ROS is currently > 6.47 ?
Have you checked https://mikrotik.com/download/changelogs ?

:for i from=0 to=254 do={ :set addr value=("10.100.$x." . $i) :if (0=[pick [/ip firewall mangle print count-only where src-address=($addr)] 0]) do={ You do a lot of scans with "pick" ... 10*255 of them Just an idea ... try to substitute it with foreach loop with proper where cla...

Have you checked block diagrams? https://i.mt.lv/cdn/product_files/CRS125-24G-1S-160620160458_160658.png https://i.mt.lv/cdn/product_files/RB951Ui-2HnD_180543.png Do you need only 100Mb ports? Do you need WiFi or not? Do you need SFP port? Do not compare cars checking just engine capacity and it's p...

Do you need 24 ports and a full rack size device?
Buy small hEX or hAP device if you have less than 5 devices to connect with Eth ports. hAp gives you WiFi as a bonus.
100 Mb they process without any troubles.

Have you tried this http://letmegooglethat.com/?q=mikrotik+guide ?

...although my navigation and latency values are definitely sufficient I am having some problems...

Hi,

A. What problems?
B. 4G as a medium is not the best one for gamers as a network chokes from time to time when there is a lot of traffic or 4G devices trying to get an access to BTS.

Just asking: do you deployed the US versions of hAPs?

A.My router, my castle. Logging into not your own router is a crime. Even if you see open doors, you are not allowed to go into the house. B. Do not overuse "answer with quote" ... see may signature C If you open port 3389 and NAT it to the internal host ... well ... you ask for trouble an...

Thanks for info but we all hold our breathes what next? :-)

A. Logging into someone elses's router is a crime.
B. You should report whole situation to your ISP before reporting it to the public.
C. Did you hardened your router to prevent hacking into?
D. Massive attacks are nothing special.

Could you PLEASE read this thread before your next round of quoting quotes viewtopic.php?f=2&t=168474

Perfect examples of unneeded quoting:
whole thread viewtopic.php?f=13&t=168391&p=827031#p827031

BartoszP, being corona-isolated too long and maybe feeling a bit cranky today? Kisses and hugs to you! :) I believe you get much better attention if promote what you love instead of bashing what you hate. It's hard to make a peace not war, isn't it? :-) Do you think that asking "do it better&q...

Yes,

I am a moderator who modaretes. Not a full time editor who corrects posts of senders who do not care about posts they post.
Do you teach your kids to keep their rooms tidy or you clean these rooms all the time as they do not care?

Being a moderator I have more buttons available on the screen but I also use the oldfashioned silver theme which is just shorter.
Big avatars multilines spacing, white on white, mobile ready behaviour ... it's not for me.

Some screenshots for those who do not believe how common it is ... I searched only today active topics:

q3.PNG

q5.PNG

q6.PNG

q7.PNG

Selfquoting

q4.PNG

And the best of the best viewtopic.php?p=821778#p821778

q8.PNG

Offtopic disscussion moved to: viewtopic.php?f=2&t=168474

Are you aware of viewtopic.php?f=1&t=165248

@Znevna: Do you want to disscuss? I'm nice. Just asking. It is only snippet of "invaluable" data as an example. Maybe a I've "zoomed" it to make a screenshot smaller? Consider that browser window frame/border "eats" many pixels, There is a OS tool bar on the screen. The...

Maybe I am too irritable but I CAN'T UNDERSTAND why quoting whole PRECEDING post is assumed to be a better answer than just sending a short comment? Why pushing "Post reply" is avoided by readers but "Reply with quote" is not? Do they think that others are unable to follow the st...

You are brave man ... huge jump ... from 5.x up to 6.47.
Did you upgrade to the latest 5.x version?
Did you read about changes of bridges circa 6.41 version?
Why Webfig? Try Winbox to access your device with MAC.

I recall this ... not perfect but it could help
viewtopic.php?f=23&t=148187&p=729368#p729368

You should prepare your list before import.
Read this topic: viewtopic.php?p=606832#p606832

You are asking right ... What is the problem to press "Post reply" instead of "Quote"? It is just a different button.

If I see a quote I wonder if poster has joined some replies or just quoted whole previous post so I have to check it.
Don't you think it is unneeded waste of time?

@mafiosa

Is it a problem to press "Post reply" button to comment preceeding post instead of quoting it as a whole just to write few words?
Do you think that people are unable to follow the thread?

Part of my Access List for CAPSMan.

caps1.PNG

Drop connections with signal up to -74 dB and let connect with better signals.

So the logic is reject all you conections want to disable according to interface name, signal strenth, MAC address and allow then all.

I know, I know ... very old topic but : RouterBOOT booter 6.46.5 CCR1036-12G-4S CPU frequency: 1200 MHz Memory size: 4096 MiB NAND size: 1024 MiB Press any key within 2 seconds to enter setup.. loading kernel..... OK setting up elf image... OK jumping to kernel code (0,0) hv_panic: corrupt hvfs: com...

A. You do DSTNAT to 192.168.10.8 not to 192.168.10.4.

B. To access server from LAN using WAN address you need to configure https://wiki.mikrotik.com/wiki/Hairpin_NAT

Watch the difference: Microsoft Windows [Version 10.0.18363.1082] (c) 2019 Microsoft Corporation. Wszelkie prawa zastrzeżone. d:\>nslookup Default Server: router.mypreciousdomain.pl Address: 10.254.254.254 > google.com <- no dot there Server: router.mypreciousdomain.pl Address: 10.254.254.254 Non-au...

Just multiply shown rule replacing change dst=????? parameter to the particular interface you want to limit ... that's all.

@alibalalo:

If you go to a doctor do you say only "I'm ill" and expect proper treatment?

Really?
I reported problem with ROS 6.44 + Winbox 3.25 therefore:

Winbox <3.25 is buggy and do not report errors but 3.25 does
or
3.25 has bugs and messes with configuration behind the scene
or
3.25 correctly reports ROS hidden problems

Topic for WinBox 3.25 ... do not multiply topics.

viewtopic.php?f=21&t=165525&p=814432#p814432

IMHO You shold fix WinBox not ROS ASAP as upgrade to ROS > 6.47 is not always possible

Observation.

WinBox 3.25 removed all CAPSMAN ACL rules following the one which held Polish diacritic letter in a comment.
This particular rule persists but is cleared.
Router was not rebooted.

I've noticed some CAPSMAN ACL rules removed when I used 3.25. Not all.
There is also autospout.rif file generated.

ROS 6.44.5 ... CAPSMA & WiFi killed with 3.25

In-interface in your rule means traffic from "outside" to "inside" but he wants to block/limit traffic in the opposite direction.

Make Philips'' addresses static, syslog their traffic and find common targets of it. They all should try to connect to same servers.

"Use your force ... and forum API keyword search for ... and you receive the result" :)
viewtopic.php?f=9&t=29073&hilit=API

Yes. I would say "convincing" a TV to believe that it connects to a server it wants to connect to.

Sa it's time to track what servers Philps's TV connects to to check if they have Internet connection and redirect all that traffic to you local resources. It's easy to make a rule which redirects NTP traffic headed to eg. ntp1.philips.com to you local resource. TV will even not know that is redirect...

Are you sure that TVs connect to proper NTP servers? Maybe they are set by default to access nonworking servers. How users decide if TV connected to NTP or not? Are they allowed to reconfigure TVs'? Maybe you should install your own local NTP server https://wiki.mikrotik.com/wiki/Setup_local_NTP_ser...

Any possible kind of DoS attack that use this port...

Do you want to limit flooding with NTP port but you do not care about flooding for DNS or SNMP or any other "well known" service?
What is the reason? Flooding is flooding no matter what target and how you flood.

@romas:

Do you REALLY need to quote such a long post? What for?

Please edit it.

What kind attack you are writing about? What do you want to limit?

As printer and computers communicate directly so they bypass router therefore you have no control over it but I do it this way.... change IP of a printer to the new one. The old one assign to the router and make DST NAT the old to the new IP. All printers will pass the traffic to the router which wi...

Please, rewrite your question to let us know what are you asking for.

... both put out current on the frame ground screw. It's the same voltage that's going in via the DC ports....

Kind question: what is the voltage of the mentioned current"?

Any Mikrotik device which manages WiFi traffic.
ROS offers API to control almost all aspects of it so it's up to you to "script it".

RB1100AHx4 serving circa 100 person at company branch = Internet + VPNs to main site for NAS access = 110 days uptime RB4011 circa 50 persons + VPN for homeoffice + VPN to branch + normal routing, firewoling etc = 36 days uptime as we have had to power down our company due to power maintenance. Prev...

Axe or chainsaw are wrong to cut a tree?

Most of users who need torrent client will not pass further than logging to a router. The next requests will be - do nicer GUI for torrent client as we are not able to use WinBox and WWW GUI is awkward to us as we like .... cklient. - what about browsing files on the router and downloading them to m...

Have you read this topic? What is torrent client needed in router for?

do not respam spam

RB1100AHx4 does not upgrade.

RB1100AHx4b7.1.PNG

What could I say ...CISCO has 100Gb cards for their Nexus line ... price @ 55k$ ...
Who expects that MKT will do it for 55$ or 550$ or even 5500$ to make users happy?

If you have 2 servers which both serve web services on the same port then there is no way for router to decide what server send incoming connection traffic to. Harpin just lets to access local resource via external IP from LAN but the problem is the same: which server should receive packets send to ...

...
I changed the Ports with a few clicks and presto no more attacks on the Mikrotik Router.
..

Do not forget that your router is still under attack but packets are dropped or not accepted.
Your line is still full of unwanted traffic scanning for open ports or services.

What is the problem with Ctrl+C and Ctrl+V in CLI?
It is not just a checkbox ... you can tailor linked solution according your configuration, ports, filters etc.
Simple checkbox with noncustimizable rules is not a good solution.

Could rules' icons be grayed out when rules are disabled to be consistent with grayed out text?
When you look at them you are fooled that they are active even rules are not,

https://wiki.mikrotik.com/wiki/Manual:C ... Management

@mozerd ... what is the need to quote "previous post" just write "nice post"?
Do you know the funcionality of "post reply" button?

I do services for car service company. They have two walls full of fancy "must have" series professional tools bought from the Corpo. Some of them look like torture machines from the Middle Ages. No discussion about buying as the Corpo knows better. Always. Servicemen use circa 10% of them...

Could you please use "Post reply" button instead of quoting whole posts?
Is it so hard?
Do you think that such "quote escalation" helps to understand flow of discussion when you can just scroll one sentence back?

The proper word coming to my mind is: IMPRESSIVE

list of changes.

Could you please use "Post replay" instead of quoting hole previous posts.

We are able to follow the thread ... no need to quote it all the time.

Export configuration to a file and then import to the new device.
You have to tailor configuration according to interface names, MAC's etc.
Search the forum for "restore configuration"

Anav:

Rules should be obeyed.

Do you volunteer to translate posts instead of all lazy OP?

IMHO you should set "distance" for ISP interfaces in your local routing tables to number higher than expected "distance" of default router received from OSPF. With no OSPF information the only one route will be ISP interface and when OSPF is connected the default route will be sw...

Upgrade, reset to the default configuration and then compare.
Or reset to "no-default-configuration" and start configuring from scratch.

I think more people would want a couple 40G ports at home than 12x 10G.

vortex ... please do not treat us as fools and please do not lie ... once more i see such a comment and you will be banned

vortex.

Last call ... PLEASE DO STOP throwing everywhere comments that 10+ Gb ports are a common need at homes ....

Please DO STOP.

CRS305 IS an ALMOST perfect fit for OP needs ... so once more PLEASE DO STOP throwing your comments about "a must have device" for all.

@vortex

PLEASE STOP sharing your thoughts what people need or what you think people dream of.

The OP asked a question about simple device with small amount of fast ports to use them as converters. Nothing more.

CCR2004-1G-12S+2XS is our router with the most powerful single-core performance so far. It provides incredible results in single tunnel (up to 3.4 Gbps) and BGP feed processing.

Maybe it is the answer.

And what is the implication of that? What does it mean for Mac's networking?

40G is the new 10G. When I was asking for home routers capable of 10G switching some years ago, it was professional level. Now not only is 10G cheap, some people even have 10G WAN at home. Why would you buy a couple of 25G cards when they are not much cheaper than 40G? Workstations and NAS that can...

A. Use "Post reply" instead of quoting whole previous post. No need to cite it. B. If an interface is part of any bridge then it "losts" it's MAC. It becomes "dumb" connector of a bridge and a bridge takes over its MAC and presents itself with the lowest MAC of all inte...

Printed MAC is the MAC of interface usually described as Internet and the second MAC is the lowest MAC of interfaces designated to be LAN interfaces. If you configure bridge for a group of interfaces then it receives administrative MAC as the lowest MAC of all included interfaces until you set it ma...

@Mikhalich

Could you use "Post reply" button instead of quotting previous posts all the time? Most readers are able to read them if they need it and there is no need to quote.

You start traffic via WAN2, receive answer and then rest of connection goes via WAN1.
Result: Netflix see traffic from different addresses and "complains".

Quoting news: "Juniper Networks warned customers Thursday of a high-risk vulnerability in the GD graphics library that could allow a remote attacker to take control of systems running certain versions of the Junos OS." "The denial of service vulnerability, CVE-2020-3120, affects separ...

Inside? Just kidding ...

What address are you asking about? Are you connected to your router via WWW or Winbox?

"9pfs is a network filesystem protocol developed for Plan 9"

Is HA coming with shared resources?

I'm not Mikrotik's empleyee so do not ask me questions what is "ordinary and affordable" and if Mikrotik is "hopeless". Mikrotik does not manufacture "DUMB" switches. DUMB and CHEAP. Maybe their not so cheap devices have their flaws but it's a different story. If you wa...

Once more. What is the sense of doing less usable device_ You have to prepare casting molds for cases. design PCB or redesign current one to be able not to mount some parts. YOU HAVE TO CERTIFY such device for CE/FCC etc. It's not free. You have to have a stock of it, you have to service it. Do you ...

And what's the point of buying a switch with an SFP port that will never be used What is the sense of removing connectors which make cost of a device a little higher and let serve more users? Are you still joking? You consider providing cable to each desk if only a ceiling would be placed lower. Wh...

Are you joking? Designing new device just beacuse your client cannot afford 10$ difference on a switch with additional USB and SD ports? If look and feel is the most important factor then price shouldn't be a problem. BTW: hide device of any size behind the first desk and there should be no visual/e...

@allencesar and @bda

Is it a problem for you to press "Post replay" instead of quoting quotes of quotes ? Do you think it makes reading your discussion more readable?

I use hAP ac2 to do PPPoE connection to ISP on 600/60 line and this router serves/shares pool of public IPs to "second level" routers at my place.
No problem with CPU and traffic. I installed it in the place of my 1100AHx2 which had decided to end it's life

More details please. What is your big problem?

Your report is like: I'm ill. What can I do to cure myself.

https://wiki.mikrotik.com/wiki/Hairpin_NAT

Make a drawing and post it. One picture tells sometime more than thousends of words.

Buy two hAP ac2 listed @ 65$

Such device behaves quite well for me serving 600/60 line so think that it will be enough for you and you will have two routers.

Make src masquarade changing src ip to router's ip for all connected via VPN.

@vortex

Once again:
Could you be so kind and stop filling forum with such consecutive selfanswering "comments".
You just make huge amount of "posts" with no clearly visible sense.

You THE MAN!
or even
You THE MEN!

vortex:

Please DO STOP answering yourself and sending post under post ... this is my last "suggestion"

vortex:

Please DO STOP. It is not funny.

B. Moderator's duties. It's not your duty to police a thread that needs none, he isn't posting spam or any such thing. You simply don't like it and that's not enough. *edit* It's not my job to defend so I will just stay out of it. I'm a moderator of a large forum and an admin for another and we fol...

Why do you care? He started this thread.

A. I just care. Why not?
B. Moderator's duties.

vortex,

IIMHO i's time to stop increasing your post counter. You ask questions, answer them and comment own answers at once. Maybe you should set up your own blog?

Too many quotes and post to justify that 10Gb router + 40Gb switching is a "must have" for home users.

I did not ask for 10Gbps routing. Some people will eventually need 10Gbps routing. Really? English is not my native language but I try to understand what I read and answer to I am not saying 10G routing is budget. 10G switching is. But when you see the 4011 would be capable of asymmetric 6Gbps it i...

You freely mix differents things. You ask for 10Gb switching, for 40Gb switching to connect "proper" 40Gb NAS, for 6 or 10GB router based on 4011,.... Adding 10Gb switch just for pure switching with no rules/filtering at bridge level is not even close to providing enough resources to do 10...

Did I ?

Just saying that there is no sense to push the limits just for show off.
It is like buying the Bugatti Veyron just for it's 1300 Hp and then cruising your urban area @ 30Mph.

The assumption of your disccusion is that faster is better than stable.

10G would be a budget router. A proper home NAS should be 40G now. It depends who you are. Most people could live with 100mb just for Netlix, YouTube or Spotify. If you are a gamer ar IT nerd then yes ... more than 1Gb could fit your needs but is not a "must have". Your theory is that eac...

A. Edit the first post end delete this 2 meters long quote

B. You need a better router. My 2011 also gives no more than your one with 600 Mb FTTH

@vortex:

Never ending story .... why do you quote the WHOLE previous post? What for? Deas it emphasise your answer more?
Do you know what "post reply" button is for?
Seems that most of us could follow the discussion flow without such quotes. We are able to read provious posts.

@rooted:

Never ending story .... why do you quote the WHOLE previous post? What for? Deas it emphasise your answer more?
Do you know what "post reply" button is for?

@PTPStudio:
Why do you quote whole previous post? Does it makes your answer more valuable? Do you see "Post replay" button?

.... Not when you are downloading 50GB games. A. Are you sure that source is able to deliver data with 10Gbs? B. ISPs always oversell bandwith so I'm not shure if they are able to deliver constant multi 10GB traffic to users. Edge routers will limit their throughput. C. 5 sec vs 50 sec for 50GB dow...

@Sib:

"It allows ..." does not mean that it should be full ASCII editor.
Is it possible now to make such a piece of art? Yes or no?
As I wrote ... use any editor to prepare your logo and just paste it into a note.

3,4) RouterOS is known to not support everything. If you want to be sure, download CD image and try to install it. It will run without any limits for 24 hours. Or there's free L1 license, it works forever, but has some stuff limited.

Just test CHR https://wiki.mikrotik.com/wiki/Manual:CHR

What about designing your logo in notepad or any other text editor and copy+paste into Note?
No one except admin is able to contemplate this logo as a Note

@Bartoz - Why would you infer that the issue only refers to 6.43 unless you can prove that the issue raised in the CVE was covered in the firmware upgrade notes of subsequent Versions. In other words, you know it has been and thus a link or quote or post referring to that would be helpful. Or, you ...

What are the current versions of ROS?
This CPE is about versions 6.42 which are obsolete since 2018 ...

Read this: https://wiki.mikrotik.com/wiki/Hairpin_NAT

....
And of course you must be able to reach internet from the device. So in Tools->Ping try to ping 8.8.8.8. That must work. When not, fix it first.
(check IP->Routes etc)

It is much better to check ping mikrotik.com as it checks not only Internet access but also a DNS resolver.

Vectra is the Polish CableTV operator. From log we can see that something behind this static address tries to connect to address 155.x.y.x port 52676 For me it is not Qnap the source as it is just accessible with the redirection at the same address from the "attack" comes from. I suspect t...

https://wiki.mikrotik.com/wiki/Manual:Scripting

look for global variables

Use Scheduler to schedule when your script runs.

https://lmgtfy.com/?q=mikrotik+script+schedule

@irqhost: why do you quoute whole post? Isn't it enough just to ask a question in this thread?

If you disabled port then nothing could help.
If other ports are not disabled then use WinBox in MAC mode and try to access your router.

viewtopic.php?t=147994

A. "RAW" part of firewal inspects packets which enter firewall or leave it but are originated by router: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Raw B. NAT is done before routing and firewal so you have inspect proper addresses in firewall rules e.g if you DST-NATted packet to in...

I doubt that it is a bug. I use GRE-IPSec and IPIP-IPSec ..

Have you specified local and remote addresses of GRE on both routers?
Do you allow proper protocols to pass firewall?

I doubt.

Look for 3011 or 4011 instead.

Simply ... you ask a question: Will my planned restaurant 100 sqm size be big enough to serve all clients? No info of of place where this restaurant is planned? What food do you want to sell? When it will be open? How many tables do you plan? How many chairs or benches do you plan? Will you offer ta...

The answer is easy ... as many as you wish if only they do not use functions which are limited by license:
Read this: https://wiki.mikrotik.com/wiki/Manual:License

The question is ... does this router is powerfull enough to serve all connected clients?

Possibly ISP side was not configured properly on time and that's why it works now.

Last week 2011L tested as PPoE client to ISP. 600/60 bandwith.

Maximum throughput received with fasttrack on and one NAT for PPoE was circa 200Mb / 60Mb

VLANS?

Make firewall rule which accepts access to webfig only for particular address.

MAC list ...

Is it a problem for you to download it to your computer or any RPi device ... the cheapest one you can find? Should it be done by a router? Printer Services, SMB, Torrent ... lets add full SMTP server, Backup server, WordPress, Spotify ,Netflix Player ... Do we really need a monster like this? https...

English please. Use any translator you want. It is English based forum.

https://blog.mikrotik.com/

The question is if you are able to make PPPoE connection from "internal" router to receive public address if there is no Mikrotik "in the middle"?
What do Mikrotik should do in your opinion?

https://wiki.mikrotik.com/wiki/Hairpin_NAT

@upower3

Is it a problem to pin https://mikrotik.com/download url to the tab in your favourite browser and open it with one click?

Checito

You should assume that most readers are skilled enough to stick with the flow of consecuitive posts.
If you want to comment something what was mentioned a few posts earlier then quote only the crucial part of that post.

Why not to use Winbox with MAC address?

Chechito,
Could you please do not quote full previous posts in your answers if there is no need for that.
Just use big button "Post replay"

Zacharias,

Could you please do not quote full previous posts in your answers if there is no need for that.
Just use big button "Post replay"

It may help you:

search.php?keywords=stp++iphone

MikroTik
Certified
Network
Anesthesiologist

will bring your router back to life

Run such script when rebooted # :local loctoemail "destination@address.com" # :local locident [/system identity get name] :local locmachine [/system resource get architecture-name] :local locversion [/system resource get version] :local loctime [/system clock get time] :local locdate [/sys...

It's more like coma after surgery as router is still alive

Version 6.46beta38 has been released.
......
*) console - fixed IP conversation to "num" data type;
....

Shouldn't it be "conversion"?

Show configuration of your router.
I suspect that you have assigned 8.8.8.8 address to interface in your router.

How to educate other users if you do not set a good example? Laziness is not a good excuse.

!ste:

Is it necessary to quote FULL previous post?

Yes,

"Bigger" devices usually have "higher" licenses what is described there: https://wiki.mikrotik.com/wiki/Manual:L ... nse_Levels

Why do you think that Mikrtik's forum is proper place to ask about problems with Tenda router?

Was it "Upgrading on the edge" by Aerosmith?

Jump from 6.40 directly to 6.45 .... you are brave man. Have you read changelogs in the 6.41?

anav: maybe my toilet paper has just more layers than your? BTW.... If you want to protect computers on one bridge at L3 from another L3 layer then you need to block bridge A pool (name it poolA) from poolB, poolC, poolD ... poolC protect form poolD but not from poolE .... poolF from poolA, poolB bu...

@anav:

Nets at L2 may be separated but routing at L3 works and OP asks how to prevent IP access.

@OP:
what about using filters at bridge level? Antything what is forwarded to other interface than WAN should be dropped.

How you add Port1 to four different bridges?

Do you connect any interfaces to this bridge?

My simple solution: /ip service set winbox port=18291 /interface list add name=WAN_LIST /interface list member add interface=ETH1-WAN list=WAN_LIST /ip firewall raw # # accept packets to nonstandard WinBox port ... could be tailored for access from particular subnets etc. # add action=accept chain=p...

My old 0.02$ to this topic: viewtopic.php?f=1&t=93307&p=490460#p490402

http://bfy.tw/NuAw

viewtopic.php?f=21&t=146087&p=727601#p727601

Directly from power socket if you use 24V PSU?

Thank you for the report.
It is example of situation when one subnet is fully included in another. I do not look for such optimization ... yet

IMHO it is not "a bug" .. output is fully valid however not optimized to "deep roots".

I was thinking how to optimize big IP lists before importing them to Mikrotik. It ended as this program. Feel free to use it. Comments welcome. Written with GNU Linux and gcc. Standard usage ... takes data from stdin and outputs to stdout Program tries to merge consecutive IP addresses or IP ranges....

@tayroborges:

English please !

Search found 1847 matches