[FEATURE REQUEST] Please consider adding support for the MAP-E (RFC7597) transitional protocol (preferably accelerated for the socs that support so). Recently my isp (Cosmote, the major ISP in Greece), began implementing MAP-E on its latest cpes for residential/soho (xdsl/FTTH) connections, and some...

I just did my wAP AC LTE6.
Pretty basic config (travel ap), but so far it looks ok.

I would like to join the request for RFC 7084 to be supported. On residential connections that the wan can be unstable, I had to either set ridiculously short lifetimes on prefixes (it works, its sub-optimal/messy), or I end up with ghost prefixes assigned on hosts. For now I just disable ipv6 altog...

Will the fix be included only in later production runs? I was under the assumption that the factory-firmware identifies the firmware ver# the device initially shipped with, and it can't be somehow upgraded. Or we are talking about bakup routerboot code... (in which case I still think it is not user...

i have a RB30011UIAS that will not update to v6.42.6 what can i do its on v6.42.1

Assuming that you use the correct file/procedure maybe you got hacked too?
Maybe at an earlier point in time when running < 6.42.1?

*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43); Please clarify: Ex: I run 6.40.8 System routerboard print: routerboard: yes model: RouterBOARD 3011UiAS serial-number: 689A05572F46 firmware-type: ...

re-reading your post.. (i'm on the 1st coffee, sorry),
disregard my post on firewalling since there is no new connection.

I don't know of any, but I'm not up-to-date with the latest versions of MS server versions. An idea would be to blacklist source ip if a lot of connections are made @ rdp port in a small time frame, and then drop the attempted connections on firewall. That would limit the problem somewhat. Even bett...

About the allow new dst-natted. Back to the basics: A "new" incoming/outside connection is when someone never seen before is trying to connect to your torrent box inside (a peer in torrent terms), with the above rule it is allowed in as long as nat rules for it are in place (either dynamic...

You don't *have* to disable anything, it will work as is too. But you *could* use upnp for port mapping if you prefer so, and If your torrent client supports upnp. In that case you don't need the 2 explicit nat rules for torrent traffic, and only a generic rule to allow new dst-natted connections fr...

1 & 3: As i said, imho, probably overkill in your case. Offc. its different if you have routed networks downstream, but in your case you nat a private range to a single ip. And ICMP is useful in many things outside a ping. If it makes you feel safer you can keep the chains for icmp & port sc...

yes, your last drop-all in forward chain will also drop non-dstnatted traffic from wan.
I would suggest to do some reading about firewalling in the wiki/docs.

Cluttered, you mix chains in your ordering, I just got a headache... You better sort by chain. I suppose that this is for home/soho use, eh? On forward chain, you probably want accept established/related before jump to icmp. The icmp jump it self is questionable since you masquerade lan anyway. The ...

You have 2 different chains there. The last "drop all" is in the input chain, and will indeed drop the wan/ppp dns traffic on input if not explicitly allowed earlier in the chain. A similar "drop-all" rule on the forward chain, would drop non dst-natted traffic from wan if not al...

Assuming that you already have RB 3011 operating as your local gateway: 1. You set-up the controller to a pc. 2. You connect the unifi ap to lan, it gets a local ip lease from dhcp 3. you ssh to unifi ap and set the inform url (or you set the inform url as a dhcp option on the dhcp server). 4. You u...

Its my WAN private And When i attempt to Connect To a server the logs Moved up about 1000 bytes but after that it say firewall problem Also gameranger doesnt have their own server game so ITS Peer and peer And yes ITS say need 16000 Udp Oh yes btw id you want to u cAn help ke via TeamViewer u cAn c...

Re-reading your post. Xboxes can be a pain to play together/co-op behind a single ip, since both will try to use/forward the same ports. Optimally you would want to route public ips to each console if this is an option. Alternatively if ipv6 is supported by M$/xbox (i have no idea...) and available ...

Since your wan uplink is a pppoe tunnel over the physical interface, you need to specify the pppoe interface as "external". Currently (afaik) routeros doesn't support acls for upnp limiting, so you either allow all upnp use or use the firewall to limit access. Xboxes should'nt need any spe...

Do you need these explicit checks if you have

Code: Select all

/ip settings
set rp-filter=strict

I suppose not, not really.
Its already on strict, I just feel better having an extra check inplace

If you have own /48 prefix, notation: 2001:535:fb15::/48 - this is your network IPv6 2001:535:fb15:aaaa::/64 - this is "aaaa" subnet of your IPv6 /48 prefix Thanks for taking time to reply. That I understand, unfortunately it will not do. I have a /56 on wan (pppoe to isp), subnetted to /...

Hi, I had been busy setting up my rb for ipv6, and I could use some help with the firewall. In the ipv4 world, I have the following rule: /ip firewall filter add action=accept chain=forward comment="Allow new connections from LAN." \ connection-state=new in-interface=ether6-master-LAN src-...

Thanks for the suggestions.
Unfortunately ccr is way above my budget (for home/soho/lab use that is).
I was like hoping that Mtik could suggest a suitable psu board that fits the screw holes of the case.
Modding will be.

Hi. I just got my 1st 3011. What a nice piece of kit. Interesting enough there seems to be a pre-stamped position for an internal psu in the rack mount case next to RB pcb, and a cut-out for a female power plug in the back. Now, I do understand the reasoning behind the decision to use external power...

It should be with an SFP module, so that it would be possible to support FTTH, G.fast, and DOCSIS subscriptions. Do the different operators really use a standard for their digital telephony offers? Then it's a question of when there will exist really good OTT TV services. SFP would be a plus offc, ...

Well... I would like an al-in-one device that could replace the ISP cpe, now that many network operators move to an all-ip telephony. Situation: The major/National telekom here moves to an all ip telephony solution. Same as DT and co in North Europe. For residential/small bussiness connections with ...

Btw, I notice the same issue on my new 850Gx2 running 6.27.
I suppose it is just a problem of routeros reporting wrong values,
but a confirmation from Mtik stuff wouldn't hurt.

Hi :D Problem: RB450G firmware: 3.18 Simple setup: 1 WAN (pppoe client to a bridged vdsl modem) 1 LAN masqueraded to WAN, a basic firewall and some QoS. I was running 6.15 and it was fine. Upgraded to 6.18. Device hung/stuck on reboot. After 15min I had to hard reset it, after that it came online @ ...