MikroTik

.... in Poland ....
You mean Roland or PPoland ...

Anav ... problems with reading? What do you want to be explained more?

P like Planet
O like On Networks
L like Lucent
A like Alcatel
N like Nokia
D like D-Link

.....Found this IT News Article today saying Mikrotik devices are in the list for being at risk to being Hacked. .... Isn't strange that all these news inform that many devices are volunerable but CISCO ones are free from the problem? investigating the malware, which targets devices from Linksys, M...

I am a WISP and I have been kidnapped by a ccd, and they ask me for a ransom. Currently the ccr has version 6.40 ..

If you are kidnapped how it is possible that you have access to this forum? Could you explain this?

Have you asked Uncle Goole about your problem?
viewtopic.php?f=3&t=104109
viewtopic.php?t=108253
https://www.geekzone.co.nz/forums.asp?f ... cid=236125

CAPs 952Ui-5ac2nD, 751U-2HnD, 951Ui-2HnD + CAPSMAN M33G ... 6.40.8 -> 6.42.2 with no problems

DIY is not bad but you should be at least aware what LAN, VLAN, DMZ means and what are they used for.

Hi,
What is best solution to separate one public PC from all other PC and servers on same LAN? Should I use VLANs, DMZ or something else?
Thank you.

Are you going to have Internet Cyber Caffe without any deeper knowledge of networking?

Isn't it wiser to buy any NAS device for SMB instead of "torturing" switch?

....
*) bridge - do not allow to add same interface list to bridge more than once;
....

Asking without checking ... is it possible to add interface to the bridge and a list containing this interface? What then if it is possible?

SImple way is: A. Configure WiFi interface of 433 as WAN port !!!! and connect it to hotel WiFi. B. Connect laptop to LAN port with cable or with WiFi if you have second WiFi card configured for your AP. C. Try to connect to any Internet page. D. "This hotel's login page" will ask you for the login ...

These ... ther are standarized addresses for multicast so you can track what traffic is in your LAN.

Apply these rules to see what multicast traffic you have
viewtopic.php?f=2&t=134205&p=660347#p660347

WiFi is not easy. Especially for 1km long link in crowded area. For 110% there are interferences from other WiFi networks so you have to find yourself the best mix of TX-power, channel and channel width. And be prepared to calibrate these settings from time to time ... not to say: often or permanent...

Nice.
But you can't switch on/off or count particular protocols hitting your router.

I'm starting this thread to share some settings/rules I've made in my routers. For the beggining non-routable Multicast definitions: add action=accept chain=forward comment="MCAST: All hosts" dst-address=224.0.0.1 add action=accept chain=forward comment="MCAST: All Routers" dst-address=224.0.0.2 add...

Bridge is used in Mikrotik's world as substitute name for "logical/virtual switch".
You can "glue " with it different interfaces as they are all part of a logical switch even if you mix PPoE, VLAN, WIFI, bond and any other kind of interface in Mikrotik.

Try to use one of NTP servers ... you can specify all of them:

ru.pool.ntp.org
1.ru.pool.ntp.org
2.ru..pool.ntp.org
pl.pool.ntp.org
1.pl.pool.ntp.org
2.pl.pool.ntp.org

EDIT:

Why NTP client is not enabled?

/system ntp client print
enabled: no

https://wiki.mikrotik.com/wiki/Manual:S ... Offloading

A. You can always use older Winbox to connect to the router.
B. If you have access to router with older Winbox then choose: System/Packages and ... voila ... you can upgrade.
C. Are you sure that you can upgrade router yourself without destroing configuration?

Have you checked changelog before upgrading your device? https://mikrotik.com/download/changelogs What's new in 6.41 (2017-Dec-22 11:55): Important note!!! Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload)...

So what do you expect from Mikrotik? Antivirus patterns are dynamic ... today Winbox is "suspected" and tommorow will be "good".

CRSnnnnnnn devices are switches which could do light routing ... do not consider them to be used as router + firewall.

Which device is VPN server? What Mikrotik does = what is used for? Which LAN are servers connected to?
More details please ... a small picture is sometimes worth more than thousands words.

Maybe there is perfect visibilty? Maybe it's easy to install them with short cables? We do not know what the situation is and it could be (!!!) the answer for the problem.

.....
Do not worry if you can't answer, maybe someone else could.

It always worries me if someone is not able to make simple query and waits to be helped out.

http://bfy.tw/HvbP

What about this? https://mikrotik.com/product/wireless_wire

Have you changed anything in your configuration? Security changed from WPA PSK to none? And all clients have "remembered" settings for the old configuration and computers tries to connect with password?

Someone is attacking your WiFi?
https://null-byte.wonderhowto.com/how-t ... a-0147919/
Step 5

https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

10 years old thread reincarnation? ROS 2.xx? Get a life ....

Calling Rio de Janeiro

Is he asking for subnets masks or for advice if particular model of Mikrotik is sufficient?

What APs? What Mikrotik? Configured as CAPSMAN and CAPS or simple APs ...

Please share more info.

M33 (mmips) as CAPSMAN, mix of mipsbe devices as CAPS. Upgrade of M33 from 6.40.7 to 6.40.8 with no problems but CAPS have not connected to CAPSMAN. They have not been upgraded automatically to "current" version as CAPSMAN configuration is set to. After manual upgrade and restart they have connected...

I know ... but it input chain is not the same as forward one. You can block access to router but not traffic forwarded to/from users.

Why blocking access to router is bad idea? Should "popular" addresses try to access our router?

And implement "security fix" in 6.40.7 PLEASE!!!!!

Maybe you are victim of viewtopic.php?f=2&t=133438

Are you joking? It's not 1st April.

Does 5.26 to 6.41 upgrade go without problems? Jumping 43 versions ahead with MAJOR change of bridge and switch implementations? Brave move.

@Joe1vm ... only 62 .... "My" past few days: 56k+ tries ...... :-( Winbox section drops specified ports and makes list of IP which try for the 2+ times to access that ports. Same for RAW section which do same for sbl lists. If it is already in RAW list then drop it early to avoid checking 20k+ entri...

So why you have not upgraded first to 6.40.7 (bugfix) with old bridge implementation?
Why are you upgraded working hotel infrastructure to RC version? RC is test version so upgrade could fail.

Thank you for warning but how many people do batch upgrade from such old version? You have checked procedure with ROS 6.0 and extrapolated that 5.x should work too. You are brave admin. Have you read changelogs? https://mikrotik.com/download/changelogs Important note!!! Backup before upgrade! Router...

DHCP client should be set for bridge1 itself.
When any interface is assigned to bridge then it losts its identity and becomes just pure "electrical socket" of bridge interface. All funcionalty then should be set for bridge.

Ready are you? What know you of ready?

Not only Mikrotik has problems ... some homebrown FTP deamons could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. https://tinyurl.com/y926t3br

You should cross your fingers and look for valid maintanace contract to resolve problem.

People are using your products without the simple default security.

Could you elaborate more on this? What do you mean "without the simple security"?

look here https://wiki.mikrotik.com/wiki/Manual:I ... nation_NAT

Ask DVR guy to change ports from 80 to eg. 40080 and follow above examples for port 40080.
You can also redirect external 40080 to port 80 on DVR to have DVR working.

@Discmandj ... it is not problem of ISP's configuration or allow/disalow will. Look at above links.

Port forward: http://bfy.tw/Heg7
Access local server with public IP from LAN: http://bfy.tw/HegK

Search found 1427 matches