Community discussions

MUM Europe 2020

Search found 24 matches

by Netstumble
Sat Aug 04, 2018 8:58 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 118039

Re: v6.43rc [release candidate] is released!

Will the fix be included only in later production runs? I was under the assumption that the factory-firmware identifies the firmware ver# the device initially shipped with, and it can't be somehow upgraded. Or we are talking about bakup routerboot code... (in which case I still think it is not user...
by Netstumble
Thu Aug 02, 2018 12:47 pm
Forum: Announcements
Topic: v6.42.6 [current]
Replies: 102
Views: 31049

Re: v6.42.6 [current]

i have a RB30011UIAS that will not update to v6.42.6 what can i do its on v6.42.1
Assuming that you use the correct file/procedure maybe you got hacked too?
Maybe at an earlier point in time when running < 6.42.1?
by Netstumble
Thu Aug 02, 2018 12:33 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 118039

Re: v6.43rc [release candidate] is released!

*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43); Please clarify: Ex: I run 6.40.8 System routerboard print: routerboard: yes model: RouterBOARD 3011UiAS serial-number: 689A05572F46 firmware-type: ipq8060 factory-firm...
by Netstumble
Mon Mar 27, 2017 3:56 pm
Forum: General
Topic: RDP password scan
Replies: 6
Views: 1656

Re: RDP password scan

re-reading your post.. (i'm on the 1st coffee, sorry),
disregard my post on firewalling since there is no new connection.
by Netstumble
Mon Mar 27, 2017 3:34 pm
Forum: General
Topic: RDP password scan
Replies: 6
Views: 1656

Re: RDP password scan

I don't know of any, but I'm not up-to-date with the latest versions of MS server versions. An idea would be to blacklist source ip if a lot of connections are made @ rdp port in a small time frame, and then drop the attempted connections on firewall. That would limit the problem somewhat. Even bett...
by Netstumble
Fri Mar 24, 2017 4:54 pm
Forum: Beginner Basics
Topic: Firewall question
Replies: 12
Views: 1719

Re: Firewall question

About the allow new dst-natted. Back to the basics: A "new" incoming/outside connection is when someone never seen before is trying to connect to your torrent box inside (a peer in torrent terms), with the above rule it is allowed in as long as nat rules for it are in place (either dynamic from upnp...
by Netstumble
Fri Mar 24, 2017 8:18 am
Forum: Beginner Basics
Topic: Firewall question
Replies: 12
Views: 1719

Re: Firewall question

You don't *have* to disable anything, it will work as is too. But you *could* use upnp for port mapping if you prefer so, and If your torrent client supports upnp. In that case you don't need the 2 explicit nat rules for torrent traffic, and only a generic rule to allow new dst-natted connections fr...
by Netstumble
Thu Mar 23, 2017 7:15 pm
Forum: Beginner Basics
Topic: Firewall question
Replies: 12
Views: 1719

Re: Firewall question

1 & 3: As i said, imho, probably overkill in your case. Offc. its different if you have routed networks downstream, but in your case you nat a private range to a single ip. And ICMP is useful in many things outside a ping. If it makes you feel safer you can keep the chains for icmp & port scanners. ...
by Netstumble
Thu Mar 23, 2017 2:36 pm
Forum: Beginner Basics
Topic: Firewall question
Replies: 12
Views: 1719

Re: Firewall question

yes, your last drop-all in forward chain will also drop non-dstnatted traffic from wan.
I would suggest to do some reading about firewalling in the wiki/docs.
by Netstumble
Thu Mar 23, 2017 12:39 pm
Forum: Beginner Basics
Topic: Firewall question
Replies: 12
Views: 1719

Re: Firewall question

Cluttered, you mix chains in your ordering, I just got a headache... You better sort by chain. I suppose that this is for home/soho use, eh? On forward chain, you probably want accept established/related before jump to icmp. The icmp jump it self is questionable since you masquerade lan anyway. The ...
by Netstumble
Thu Mar 23, 2017 11:42 am
Forum: Beginner Basics
Topic: Firewall question
Replies: 12
Views: 1719

Re: Firewall question

You have 2 different chains there. The last "drop all" is in the input chain, and will indeed drop the wan/ppp dns traffic on input if not explicitly allowed earlier in the chain. A similar "drop-all" rule on the forward chain, would drop non dst-natted traffic from wan if not allowed earlier in the...
by Netstumble
Thu Mar 23, 2017 11:26 am
Forum: Beginner Basics
Topic: Setting up rb3011+unifi AC lite
Replies: 1
Views: 521

Re: Setting up rb3011+unifi AC lite

Assuming that you already have RB 3011 operating as your local gateway: 1. You set-up the controller to a pc. 2. You connect the unifi ap to lan, it gets a local ip lease from dhcp 3. you ssh to unifi ap and set the inform url (or you set the inform url as a dhcp option on the dhcp server). 4. You u...
by Netstumble
Thu Jan 05, 2017 11:54 am
Forum: Beginner Basics
Topic: Open port (GAMERANGER)
Replies: 16
Views: 4112

Re: Open port (GAMERANGER)

Its my WAN private And When i attempt to Connect To a server the logs Moved up about 1000 bytes but after that it say firewall problem Also gameranger doesnt have their own server game so ITS Peer and peer And yes ITS say need 16000 Udp Oh yes btw id you want to u cAn help ke via TeamViewer u cAn c...
by Netstumble
Tue Nov 01, 2016 4:56 pm
Forum: Beginner Basics
Topic: Having trouble with setup and UPnP
Replies: 3
Views: 700

Re: Having trouble with setup and UPnP

Re-reading your post. Xboxes can be a pain to play together/co-op behind a single ip, since both will try to use/forward the same ports. Optimally you would want to route public ips to each console if this is an option. Alternatively if ipv6 is supported by M$/xbox (i have no idea...) and available ...
by Netstumble
Tue Nov 01, 2016 4:46 pm
Forum: Beginner Basics
Topic: Having trouble with setup and UPnP
Replies: 3
Views: 700

Re: Having trouble with setup and UPnP

Since your wan uplink is a pppoe tunnel over the physical interface, you need to specify the pppoe interface as "external". Currently (afaik) routeros doesn't support acls for upnp limiting, so you either allow all upnp use or use the firewall to limit access. Xboxes should'nt need any special rules...
by Netstumble
Fri Sep 02, 2016 11:02 am
Forum: General
Topic: IPv6 local subnet notation?
Replies: 4
Views: 673

Re: IPv6 local subnet notation?

Do you need these explicit checks if you have
/ip settings
set rp-filter=strict
I suppose not, not really.
Its already on strict, I just feel better having an extra check inplace :)
by Netstumble
Fri Sep 02, 2016 11:00 am
Forum: General
Topic: IPv6 local subnet notation?
Replies: 4
Views: 673

Re: IPv6 local subnet notation?

If you have own /48 prefix, notation: 2001:535:fb15::/48 - this is your network IPv6 2001:535:fb15:aaaa::/64 - this is "aaaa" subnet of your IPv6 /48 prefix Thanks for taking time to reply. That I understand, unfortunately it will not do. I have a /56 on wan (pppoe to isp), subnetted to /64s inside...
by Netstumble
Fri Sep 02, 2016 2:02 am
Forum: General
Topic: IPv6 local subnet notation?
Replies: 4
Views: 673

IPv6 local subnet notation?

Hi, I had been busy setting up my rb for ipv6, and I could use some help with the firewall. In the ipv4 world, I have the following rule: /ip firewall filter add action=accept chain=forward comment="Allow new connections from LAN." \ connection-state=new in-interface=ether6-master-LAN src-address=\ ...
by Netstumble
Tue Aug 30, 2016 4:55 pm
Forum: RouterBOARD hardware
Topic: RB3011 internal psu?
Replies: 4
Views: 1842

Re: RB3011 internal psu?

Thanks for the suggestions.
Unfortunately ccr is way above my budget (for home/soho/lab use that is).
I was like hoping that Mtik could suggest a suitable psu board that fits the screw holes of the case.
Modding will be.
by Netstumble
Thu Aug 18, 2016 2:59 pm
Forum: RouterBOARD hardware
Topic: RB3011 internal psu?
Replies: 4
Views: 1842

RB3011 internal psu?

Hi. I just got my 1st 3011. What a nice piece of kit. Interesting enough there seems to be a pre-stamped position for an internal psu in the rack mount case next to RB pcb, and a cut-out for a female power plug in the back. Now, I do understand the reasoning behind the decision to use external power...
by Netstumble
Thu May 21, 2015 11:39 am
Forum: RouterBOARD hardware
Topic: NEW PRODUCTS WISHLIST 2015
Replies: 50
Views: 8150

Re: NEW PRODUCTS WISHLIST 2015

It should be with an SFP module, so that it would be possible to support FTTH, G.fast, and DOCSIS subscriptions. Do the different operators really use a standard for their digital telephony offers? Then it's a question of when there will exist really good OTT TV services. SFP would be a plus offc, ...
by Netstumble
Thu May 21, 2015 5:41 am
Forum: RouterBOARD hardware
Topic: NEW PRODUCTS WISHLIST 2015
Replies: 50
Views: 8150

Re: NEW PRODUCTS WISHLIST 2015

Well... I would like an al-in-one device that could replace the ISP cpe, now that many network operators move to an all-ip telephony. Situation: The major/National telekom here moves to an all ip telephony solution. Same as DT and co in North Europe. For residential/small bussiness connections with ...
by Netstumble
Wed Apr 08, 2015 2:03 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 memory
Replies: 2
Views: 909

Re: RB850Gx2 memory

Btw, I notice the same issue on my new 850Gx2 running 6.27.
I suppose it is just a problem of routeros reporting wrong values,
but a confirmation from Mtik stuff wouldn't hurt.
by Netstumble
Tue Aug 05, 2014 9:42 am
Forum: General
Topic: v6.18
Replies: 109
Views: 30162

Re: v6.18

Hi :D Problem: RB450G firmware: 3.18 Simple setup: 1 WAN (pppoe client to a bridged vdsl modem) 1 LAN masqueraded to WAN, a basic firewall and some QoS. I was running 6.15 and it was fine. Upgraded to 6.18. Device hung/stuck on reboot. After 15min I had to hard reset it, after that it came online @ ...