iPhone and Android may occasionally randomize their mac address as a form of privacy from tracking.i check his mac address online i can't find any info
You can also create a CNAME record that resolves to your mikrotik ddns url. Saves you the cost of ddns hosting.With this script and Namecheap, you can have a much cooler and shorter ddns domain.
Your way would do the job, although anav's way would be considered the correct way.I wonder if the way I did it would also do the job.
If your PC started off as DHCP and then you set it to a static IP, the old lease will still be shown until it expires.because some pc i set as static at DHCP there and i saw it at lease there.
DNS uses UDP, not TCP. UDP is connectionless so there is no connection to mark.action=mark-connection
Bloody hell, I just checked my rules on several routers. Default config for forward chain was allow established, allow related, drop invalid. Which is why I've never had to add a rule for NAT'd connections.Nope, you need to allow them somehow. The best way (in most cases) is the magic rule
Wan port should not be in a bridge, nor a slave to any other port. Goto IP > Firewall, NAT There should be 1 masquerade rule tied to the wan port (usually ether1).even creating a separate bridge group with only the wan port in.
I use that one a lot. Works well for me.