Community discussions

Search found 1663 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 34
by BartoszP
Fri Jul 12, 2019 9:52 pm
Forum: Beginner Basics
Topic: RouterOS v6.41.4 access to admin panel -password problem [SOLVED]
Replies: 9
Views: 666

Re: RouterOS v6.41.4 access to admin panel -password problem [SOLVED]

Why do you think that Mikrtik's forum is proper place to ask about problems with Tenda router?
by BartoszP
Fri Jul 12, 2019 5:12 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 60
Views: 8916

Re: v6.44.5 [long-term] is released!

Was it "Upgrading on the edge" by Aerosmith? :-)

Jump from 6.40 directly to 6.45 .... you are brave man. Have you read changelogs in the 6.41?
by BartoszP
Sun Jul 07, 2019 11:41 pm
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 1169

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

anav: maybe my toilet paper has just more layers than your? BTW.... If you want to protect computers on one bridge at L3 from another L3 layer then you need to block bridge A pool (name it poolA) from poolB, poolC, poolD ... poolC protect form poolD but not from poolE .... poolF from poolA, poolB bu...
by BartoszP
Sun Jul 07, 2019 5:35 pm
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 1169

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

@anav:

Nets at L2 may be separated but routing at L3 works and OP asks how to prevent IP access.

@OP:
what about using filters at bridge level? Antything what is forwarded to other interface than WAN should be dropped.
by BartoszP
Sun Jul 07, 2019 3:24 pm
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 1169

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

How you add Port1 to four different bridges?
by BartoszP
Tue Jun 11, 2019 7:05 pm
Forum: Beginner Basics
Topic: Block acces to a New router
Replies: 2
Views: 238

Re: Block acces to a New router

Do you connect any interfaces to this bridge?
by BartoszP
Tue Jun 11, 2019 5:54 pm
Forum: General
Topic: Implementing a Blacklist [SOLVED]
Replies: 2
Views: 220

Re: Implementing a Blacklist [SOLVED]

My simple solution: /ip service set winbox port=18291 /interface list add name=WAN_LIST /interface list member add interface=ETH1-WAN list=WAN_LIST /ip firewall raw # # accept packets to nonstandard WinBox port ... could be tailored for access from particular subnets etc. # add action=accept chain=p...
by BartoszP
Mon Jun 03, 2019 8:01 pm
Forum: RouterBOARD hardware
Topic: hAP ac bricked
Replies: 3
Views: 352

Re: hAP ac bricked

My old 0.02$ to this topic: viewtopic.php?f=1&t=93307&p=490460#p490402
by BartoszP
Wed May 22, 2019 5:26 pm
Forum: RouterBOARD hardware
Topic: RB 450GX4 add a FAN
Replies: 2
Views: 317

Re: RB 450GX4 add a FAN

Directly from power socket if you use 24V PSU?
by BartoszP
Sat May 04, 2019 8:09 pm
Forum: Useful user articles
Topic: How to opitimize list of IP4 addresses
Replies: 6
Views: 1240

Re: How to opitimize list of IP4 addresses

Thank you for the report.
It is example of situation when one subnet is fully included in another. I do not look for such optimization ... yet :)
IMHO it is not "a bug" .. output is fully valid however not optimized to "deep roots".
by BartoszP
Thu May 02, 2019 11:43 pm
Forum: Useful user articles
Topic: How to opitimize list of IP4 addresses
Replies: 6
Views: 1240

How to opitimize list of IP4 addresses

I was thinking how to optimize big IP lists before importing them to Mikrotik. It ended as this program. Feel free to use it. Comments welcome. Written with GNU Linux and gcc. Standard usage ... takes data from stdin and outputs to stdout Program tries to merge consecutive IP addresses or IP ranges....
by BartoszP
Sat Apr 27, 2019 2:45 pm
Forum: RouterBOARD hardware
Topic: Hardware repair RB711-5Hn-MMCX
Replies: 3
Views: 483

Re: Hardware repair RB711-5Hn-MMCX

@tayroborges:

English please !
by BartoszP
Fri Apr 26, 2019 4:25 pm
Forum: General
Topic: RB1100AHx4 Dude Edition insecure by default
Replies: 11
Views: 538

Re: RB1100AHx4 Dude Edition insecure by default

No device calling itself a router should have this as it's fully patched, default configuration out of the box be this: ...... If you want to make excuses for having crappy default configurations that's fine. Mikrotik is the one that is making the reputation for making devices that are part of botn...
by BartoszP
Mon Apr 22, 2019 9:05 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66152

Re: v6.45beta [testing] is released!

After upgrade of CRS125 it stopped to be visible in a neigherhood and for WinBox.
by BartoszP
Mon Apr 22, 2019 9:02 am
Forum: Beginner Basics
Topic: CHAPTER 2, Basic configuration: username, identity, NTP, Monitoring, Maintenance
Replies: 1
Views: 179

Re: CHAPTER 2, Basic configuration: username, identity, NTP, Monitoring, Maintenance

Tony:

Once more ... please do not start so many threads. Make one and please stick with it.
by BartoszP
Thu Apr 11, 2019 8:32 am
Forum: Beginner Basics
Topic: CHAPTER 2, Basic Configuration, Interface Configuration
Replies: 3
Views: 348

Re: CHAPTER 2, Basic Configuration, Interface Configuration

Isn't it better to make one topic instead of starting several ones?
by BartoszP
Sun Apr 07, 2019 11:20 pm
Forum: Beginner Basics
Topic: MIkrotik backup script
Replies: 1
Views: 225

Re: MIkrotik backup script

by BartoszP
Sun Mar 17, 2019 9:38 am
Forum: Announcements
Topic: v6.44.1 [stable] is released!
Replies: 86
Views: 17012

Re: v6.44.1 [stable] is released!

After upgrade to 6.44.1 on RB962 GRE+IPSec stopped working when connected to 6.44 on the other side. After downgrade to 6.44 back on-line.
by BartoszP
Sun Mar 17, 2019 12:34 am
Forum: Beginner Basics
Topic: Locked out badly
Replies: 3
Views: 305

Re: Locked out badly

What about logging with WinBox via MACaddress?
by BartoszP
Fri Mar 15, 2019 8:56 pm
Forum: General
Topic: RB4011iGS+ admin password issue
Replies: 3
Views: 276

Re: RB4011iGS+ admin password issue

Resseting configuration should not be allowed without setting password as integral part of this process.
by BartoszP
Fri Mar 15, 2019 3:08 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 43989

Re: Statement on Vault 7 document release

You are using the wrong symbol to explain to IT people, should use "!=" instead, then they will better understand :-)
For some "<>" should be used :)
by BartoszP
Tue Mar 12, 2019 4:25 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 330
Views: 72863

Re: Winbox vulnerability: please upgrade

It is always safer to netinstall as it formats device.
by BartoszP
Mon Mar 11, 2019 11:02 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66152

Re: v6.45beta [testing] is released!

*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
Emils

I'm interested how did it happen? What someone had been messing for with e-mail part of ROS?
by BartoszP
Thu Mar 07, 2019 5:06 pm
Forum: General
Topic: RB4011 real world speed tests
Replies: 11
Views: 958

Re: RB4011 real world speed tests

"Expected more" means 23+ Gb sustained transmission with 190$ device?
by BartoszP
Wed Mar 06, 2019 12:49 pm
Forum: General
Topic: Radical change coming for home and small business networking
Replies: 37
Views: 2475

Re: Radical change coming for home and small business networking

No. It's not old thinking.

My net is my castle. Period.
by BartoszP
Wed Mar 06, 2019 8:33 am
Forum: General
Topic: Radical change coming for home and small business networking
Replies: 37
Views: 2475

Re: Radical change coming for home and small business networking

Xymox,

Be responsible ISP/IT company and inform your customers that someone tries to take over their security.

Inform them about pros and cons and explain why you prefer not to jump into that train.

Easy.
by BartoszP
Mon Mar 04, 2019 12:38 am
Forum: General
Topic: Radical change coming for home and small business networking
Replies: 37
Views: 2475

Re: Radical change coming for home and small buisness networking

Hmmm.... I watched this video and what comes to my eyes is "security manager will configure customers' micornets to be safe/secure etc...." or sth like that ...
Who the ..... is Alice ... opssss ... security manager?
by BartoszP
Wed Feb 27, 2019 5:52 pm
Forum: General
Topic: Hardware Selection
Replies: 14
Views: 1029

Re: Hardware Selection

Keeping up with the Simpsons ... let me decide :-)
by BartoszP
Wed Feb 27, 2019 4:21 pm
Forum: General
Topic: Hardware Selection
Replies: 14
Views: 1029

Re: Hardware Selection

Frankly speaking: Bartosz ... "sz" pronounced as "sh" in "wash" :lol:
by BartoszP
Wed Feb 27, 2019 4:08 pm
Forum: General
Topic: routerOS blocks various surveillance cloud adresses
Replies: 2
Views: 213

Re: routerOS blocks various surveillance cloud adresses

How your PC reaches camera?

WAN -> LAN? Is it OK?
LAN -> LAN? OK or not? Look for Harpin NAT.
LAN -> WAN? OK?
by BartoszP
Wed Feb 27, 2019 2:38 pm
Forum: General
Topic: Hardware Selection
Replies: 14
Views: 1029

Re: Hardware Selection

CRS are switches not routers. Thay can do routing but they are not designed for routing/natting/mangling heavy traffic. You should look for CCR devices if you want to mostly route or start with AH1100x4 ones. I have installation with AH1100x4 for 50+ users, VPN+IPSec used to access main office share...
by BartoszP
Wed Feb 27, 2019 12:44 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 32348

Re: v6.44 [stable] is released!

Strange ... IPSec works for me :-) after upgrade 6.43.12 -> 6.44

IPSeced IPIP and GRE tunnels work smooth after upgrade, self-reconnected without problems. Comments still in place.
by BartoszP
Fri Feb 22, 2019 9:48 pm
Forum: General
Topic: Problem on 6.37.5 version
Replies: 5
Views: 702

Re: Problem on 6.37.5 version

Do you really use these public IPs in your configuration?
by BartoszP
Mon Feb 18, 2019 5:48 pm
Forum: Beginner Basics
Topic: How do I get a question moderated??
Replies: 2
Views: 252

Re: How do I get a question moderated??

Be patient. Most of moderators are volunteers so it takes some time to be moderated.
by BartoszP
Fri Feb 15, 2019 3:44 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 31
Views: 6952

Re: DHCP Offering Lease Without Success

Suspecting that DHCP server mostly warns

A. when device try to renew address when lease is still valid and full DHCP REQUEST-ACK-CONFIRM process is not done
or
B. ROS sees that device is "vanishing" ... I see it in logs when CAPSMAN moves device from one AP or interface to another.
by BartoszP
Fri Feb 15, 2019 12:59 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 31
Views: 6952

Re: DHCP Offering Lease Without Success

Does not help ... no change .. still receiving warnings
by BartoszP
Thu Feb 14, 2019 2:02 pm
Forum: General
Topic: Guide to (possibly) hack RouterOS ... If yes please protect it
Replies: 10
Views: 874

Re: Guide to (possibly) hack RouterOS ... If yes please protect it

Most users who start threads "Mikrotik hacked...", "My router is unsecured", "Big hole in security of ..." seems to not check forum for security topics Did you try easiest method to look for security problems: https://forum.mikrotik.com/search.php?keywords=vulnerability https://forum.mikrotik.com/se...
by BartoszP
Wed Feb 13, 2019 5:53 pm
Forum: General
Topic: how to see "(2265 messages not shown)"?
Replies: 2
Views: 351

Re: how to see "(2265 messages not shown)"?

If I recall correctly it means that there is NNNN exactly the same consequent messages in the log.
by BartoszP
Wed Feb 13, 2019 5:48 pm
Forum: General
Topic: Config Review - Security Conscience Home User
Replies: 19
Views: 1137

Re: Config Review - Security Conscience Home User

It is my way of "drop it ASAP" 0. if attacker scans us again (is already on the list) then drop it right now. A. check if unwanted port is checked. B. if yes, add attacker to the ban list C. drop all packets coming from attacker list /ip firewall raw add action=accept chain=prerouting dst-port=porto...
by BartoszP
Wed Feb 13, 2019 4:43 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1097
Views: 192253

Re: Feature requests

It would be convinient to CAPSAM and DHCP to log to log not only MAC address but also HOSTNAME if it is known.
Process of transforming MAC 2 HOST is tedious and if log changes quickly you have no chance to check who is associating/dhcping
by BartoszP
Mon Feb 11, 2019 5:34 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 31
Views: 6952

Re: DHCP Offering Lease Without Success

Uncheck ...
"Always send replies as broadcasts even if destination IP is known. Will add additional load on L2 network."
DHCP broadcast an offer even if device is just deassigned.
by BartoszP
Mon Feb 11, 2019 4:31 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 31
Views: 6952

Re: DHCP Offering Lease Without Success

For me the problem is with static addresses and seems to be connected with this option which sends offer even if there is no demand for it. Converting dynamic address to static makes this option somehow "checked" even DHCP server has it "unchecked" so if you forgot to uncheck then static reservation...
by BartoszP
Thu Jan 31, 2019 2:43 am
Forum: General
Topic: How to migrate RB3011 to CCR1009
Replies: 4
Views: 369

Re: How to migrate RB3011 to CCR1009

Before import rename all interfaces in 1009 to names used in 3011. It will make import much easier.
by BartoszP
Tue Jan 29, 2019 9:30 pm
Forum: Beginner Basics
Topic: DNS server behaviour
Replies: 5
Views: 412

Re: DNS server behaviour

/ip firewall filter
add action=drop chain=input comment=WAN->DNS dst-port=53 in-interface=YOURWAN protocol=udp
by BartoszP
Wed Jan 23, 2019 8:59 pm
Forum: Beginner Basics
Topic: Como usa a RBGrooveA-52HPn simultâneo
Replies: 2
Views: 245

Re: Como usa a RBGrooveA-52HPn simultâneo

Please edit your post and use English
by BartoszP
Tue Jan 22, 2019 5:06 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 4762

Re: 6.43.8 vulnerability or hack?

Anav ... should mrz explain again and again and step by step what to do when you are hacked or could expect that autor is aware of https://blog.mikrotik.com/
  • 1
  • 2
  • 3
  • 4
  • 5
  • 34