Community discussions

MikroTik App

Search found 45 matches

by cavaughan
Sun Apr 30, 2023 4:00 pm
Forum: General
Topic: NAT rules to and from
Replies: 2
Views: 354

Re: NAT rules to and from

Guscht, thank you so much! Yep, just had to move the rules to the very beginning of the NAT rules and it worked. So simple....
by cavaughan
Sun Apr 30, 2023 4:12 am
Forum: General
Topic: NAT rules to and from
Replies: 2
Views: 354

NAT rules to and from

So I have a block of 5 public IPs. Let's say 173.160.187.9-13 The MK router is on x.9 Now one mail server is at x.10, then next at x.11 Any traffic to x.10 gets NAT-ed over to 10.0.1.13, and for x.11 to 10.0.1.14. All works great! But I need traffic coming out to 10.0.1.13 and 10.0.1.14 to exit thro...
by cavaughan
Fri Apr 28, 2023 8:48 pm
Forum: General
Topic: Firewall and blocking of certain ports
Replies: 5
Views: 492

Re: Firewall and blocking of certain ports

Thanks for that advice. I really thought such rules would better protect our network. I know they sure the router down, but what's more important. I'll start disabling and see how that works.
by cavaughan
Fri Apr 28, 2023 6:28 pm
Forum: General
Topic: Firewall and blocking of certain ports
Replies: 5
Views: 492

Firewall and blocking of certain ports

After setting up VPN access over Wireguard or L2TP/IPSEC, access to servers over smb, ssh, http(s), rdp, any service that was available on a server within the network was available. Suddenly, now only rdp and ssh work. Oddly enough https to the Mikrotik server on the LAN, of course, works, but http ...
by cavaughan
Mon Nov 29, 2021 11:56 pm
Forum: Wireless Networking
Topic: Wifi extremely slow
Replies: 4
Views: 2181

Re: Wifi extremely slow

By switching to Channel 8 the speed has dramatically improved to 49 Mbps download.

Spynappels: I listed in my original post the device in question, which is the wifi access point. I also indicated what download speed I'm getting with a wired connection.
by cavaughan
Mon Nov 29, 2021 11:39 pm
Forum: Wireless Networking
Topic: Wifi extremely slow
Replies: 4
Views: 2181

Wifi extremely slow

Recently we noticed that the wifi in our office has just dropped to a crawl. Doing a speed check using our provider's own speed check tool (which would seemingly choose their closest server) the tool showed about 9 Mbps for download! We should be getting 200 Mbps. Then I directly connected to the sa...
by cavaughan
Thu Sep 09, 2021 5:21 am
Forum: General
Topic: route to another MK
Replies: 9
Views: 754

Re: route to another MK

OK, I think it's starting to work!
Thank you SO MUCH TWOFROGS!!!!!!!

How many times did I look at the rules and the 2 never set off an alarm!!!!
by cavaughan
Thu Sep 09, 2021 5:15 am
Forum: General
Topic: route to another MK
Replies: 9
Views: 754

Re: route to another MK

I'll delete the 88.0 dst. But yeah, that's exactly what I need to reach from 1.0 network.

OMG! I had 2.0 in there. Now I see. I'm an idiot.....
by cavaughan
Thu Sep 09, 2021 5:05 am
Forum: General
Topic: route to another MK
Replies: 9
Views: 754

Re: route to another MK

Here are the rules. You see the 3rd rule I would have hoped allowed anything from the other network. Flags: X - disabled, I - invalid, D - dynamic 0 D ;;; special dummy rule to show fasttrack counters chain=forward action=passthrough 1 ;;; defconf: accept established,related,untracked chain=input ac...
by cavaughan
Thu Sep 09, 2021 4:53 am
Forum: General
Topic: route to another MK
Replies: 9
Views: 754

Re: route to another MK

I then tried disabling src-nat, but that also isn't working.... Wait I'm just masquerading..... I should be doing something else, no? Ok I changed it to: Flags: X - disabled, I - invalid, D - dynamic 0 ;;; defconf: masquerade chain=srcnat action=masquerade out-interface-list=WAN log=no log-prefix=&q...
by cavaughan
Thu Sep 09, 2021 4:48 am
Forum: General
Topic: route to another MK
Replies: 9
Views: 754

Re: route to another MK

2frogs! Thank you so much for the reply. On MK2 the NAT config is: Flags: X - disabled, I - invalid, D - dynamic 0 ;;; defconf: masquerade chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none But you're saying it should be: Flags: X - disabled, I - invalid, D - dynamic 0 ;;; d...
by cavaughan
Thu Sep 09, 2021 4:38 am
Forum: General
Topic: route to another MK
Replies: 9
Views: 754

Re: route to another MK

Here's the routing tables. You see I created the 4th one, but, it no work.... # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 2 ADC 192.168.1.0/24 192.168.1.1 bridge 0 3 ADC 192.168.23.0/24 192.168.23.1 bridge-guests 0 4 AS 192.168.88.0/24 192.168.1.154 2
by cavaughan
Thu Sep 09, 2021 4:21 am
Forum: General
Topic: route to another MK
Replies: 9
Views: 754

route to another MK

Probably really messed this up, but it seems like there should be a way to make this work. I wish to note right now that I am having to fix this remotely so a complete reset is not an option. I have a main MK router (MK1), which is the router to the Internet and firewall. It hosts DHCP for internal ...
by cavaughan
Fri Apr 09, 2021 1:11 am
Forum: Wireless Networking
Topic: Suggested additional APs (CAPsMAN)
Replies: 3
Views: 1240

Suggested additional APs (CAPsMAN)

We have a RB2011UiAS-2HnD as the primary router/firewall for our office. We want to add 2 wifi ap's managed by CAPsMAN. I'm thinking for one point using the RBcAPGi-5acD2nD-US. But I was hoping to use another RB2011UiAS-2HnD, as the other AP because the device that is in that location now (and which...
by cavaughan
Thu Mar 26, 2020 1:09 am
Forum: General
Topic: L2TP VPN issue
Replies: 1
Views: 1242

L2TP VPN issue

I have 3 companies using MK routers with VPN's for their clients. Now with people working from home they may be getting taxed, but only 1 is consistently having issues. This only concerns Windows 10 clients, btw. There many posts here about this issue, which comes down to the error: l2tp connection ...
by cavaughan
Thu Oct 17, 2019 1:03 am
Forum: General
Topic: Determine computer on particular eth port
Replies: 2
Views: 800

Determine computer on particular eth port

There must be a way to determine what computer is attached to a particular eth port. No? Or at least a MAC or IP address on a particular eth port?
by cavaughan
Thu Aug 22, 2019 12:19 am
Forum: General
Topic: Discord question
Replies: 7
Views: 4597

Re: Discord question

Blocking in raw table? What is that?
by cavaughan
Wed Aug 21, 2019 11:19 pm
Forum: General
Topic: Discord question
Replies: 7
Views: 4597

Re: Discord question

Here are the 1st four rules. The rule to block the computer in question is rule No. 3 (counting from 0 - 3), which I put on Drop for Action when wishing to terminate all internet activity. So would I have to basically disable the first rule (as the other 2 are to permit VPN connectivity), then enabl...
by cavaughan
Wed Aug 21, 2019 9:49 pm
Forum: General
Topic: Discord question
Replies: 7
Views: 4597

Discord question

Got a question about blocking a computer. On the MK router I have the computer use a static IP and in the firewall I can choose to drop all traffic for that computer. It works for everything except the messaging program Discord. As long as it is open it maintains a connection. HOW?
by cavaughan
Thu Jul 18, 2019 5:48 am
Forum: General
Topic: VPN issue
Replies: 4
Views: 1614

Re: VPN issue

Thanks for the reply! To be honest, I don't know what is a good and simple protocol for Windows computers. I would never use PPTP, but OpenVPN. But then I only use Linux. But all my clients use Windows, so I need to use a protocol that they can easily set up. I'd really appreciate any input about a ...
by cavaughan
Thu Jul 18, 2019 2:26 am
Forum: General
Topic: VPN issue
Replies: 4
Views: 1614

Re: VPN issue

Ok, here's another clue. Looking at the firewall and the established connections, I see my devices source address: 192.168.1.10:56126, the dst address: 192.168.1.5:3389, but the TCP State only goes to: syn sent. There is never an awk, I assume. And you can see in the Orig./Repl. Bytes and Packets th...
by cavaughan
Sat Jul 13, 2019 1:37 am
Forum: General
Topic: VPN issue
Replies: 4
Views: 1614

VPN issue

I've set up PPTP VPN on several MK routers. They all work except for one problem. I need to access the local network hosted by the MK router. Only one of the routers works right. It has to be a firewall issue, as the only major difference is the firewall settings. On the problem routers I was able t...
by cavaughan
Mon Oct 22, 2018 3:50 am
Forum: General
Topic: Internet access blocking
Replies: 4
Views: 1058

Re: Internet access blocking

Thanks! That makes sense, since it would take a while for the "block" to take effect. I never understood why.
by cavaughan
Sun Oct 21, 2018 9:52 pm
Forum: General
Topic: Internet access blocking
Replies: 4
Views: 1058

Re: Internet access blocking

The question is: what is the point of the "Block" option.
by cavaughan
Sun Oct 21, 2018 8:16 pm
Forum: General
Topic: Internet access blocking
Replies: 4
Views: 1058

Internet access blocking

Under IP > DHCP Server > Leases for a particular client you can check a "Block" option to block access. It used to be that if I wanted to block internet access for a particular device, I would check that box. Now it doesn't seem to do anything. The only way to block internet access was to ...
by cavaughan
Wed Aug 22, 2018 4:53 am
Forum: General
Topic: Losing wifi
Replies: 1
Views: 678

Losing wifi

I have a CRS109-8G-1S-2HnD WiFi modem at 6.42.6 (I'm going to upgrade it here in a second). It's worked great for a few years now, but recently all WiFi connectivity drops. By rebooting it the connectivity is restored. The oddest thing I noticed after rebooting this morning was that the logs stated ...
by cavaughan
Sun Aug 12, 2018 7:19 am
Forum: General
Topic: Unable to upgrade
Replies: 3
Views: 1265

Re: Unable to upgrade

Ok, I figured it out. The package for Dude was sitting in files and probably installing each time I rebooted all this time. I removed it from Files and now everything is fine.
by cavaughan
Sun Aug 12, 2018 7:17 am
Forum: General
Topic: Unable to upgrade
Replies: 3
Views: 1265

Re: Unable to upgrade

Yes, that is exactly the version I downloaded, but which the system itself downloaded. Most interesting is the log:

can not install dude-6.39.2: it is not made for mips, but for i386
by cavaughan
Sun Aug 12, 2018 6:17 am
Forum: General
Topic: Unable to upgrade
Replies: 3
Views: 1265

Unable to upgrade

I have a CRS125-24G-1S-2HnD. It is currently at 6.42.1. I've tried updating it, but it won't take the upgrade. I even downloaded the file, uploaded it to the device, rebooted, but it remains at the same OS. What could be wrong?
by cavaughan
Thu Feb 01, 2018 8:35 pm
Forum: General
Topic: Firmware
Replies: 1
Views: 616

Firmware

OMG! I've been using Mikrotik routers for well over a year now, thought I was always keep them all up-to-date. Today, however, I was poking around on one and noticed a separate section for Firmware updates. I've never done them. Prior to doing this, I just wanted to be sure about any concerns I shou...
by cavaughan
Thu Feb 01, 2018 8:30 pm
Forum: RouterBOARD hardware
Topic: Repeaters
Replies: 1
Views: 703

Repeaters

Does anyone know whether the cAP devices act as repeaters? It looks like the "cAP ac" device does. But I want to be sure. To be clear I just want to expand the range of my current wifi with a device that would not be physically connected to the primary wifi. It would be working in conjunct...
by cavaughan
Wed Dec 30, 2015 1:12 am
Forum: General
Topic: Mikrotik Portable Access Point
Replies: 2
Views: 1010

Mikrotik Portable Access Point

Lately I've heard a lot about using a VPN/TOR portable router when on the road. Of course one could just set up a VPN on your single computer, but when you're traveling as a family it would make sense to use one of these devices. Just to be sure everyone know what I'm talking about, you can basicall...
by cavaughan
Thu Dec 17, 2015 10:08 pm
Forum: Beginner Basics
Topic: CRS125 as in-house switch
Replies: 2
Views: 1230

CRS125 as in-house switch

Got a CRS125-24G-15-2HnD-IN Could Router Switch. All I really want to use it as right now is as an, let's say, in-house switch, or just a switch. No routing will needed between networks. Another server in the office works as DHCP, so I just need this CRS125 to really be a switch/hub. So far, I've be...
by cavaughan
Thu Jun 18, 2015 8:08 pm
Forum: Wireless Networking
Topic: Dual subnets, one with guest isolation
Replies: 1
Views: 939

Dual subnets, one with guest isolation

Wondering whether the following can be implemented on a MikroTik wireless device. I want have to have at least 2 wireless networks - one for office personnel with the same ip address subnet as the LAN; and one for guests, which is isolated from the former. I see on the forums talk about wireless iso...
by cavaughan
Thu Dec 25, 2014 2:13 am
Forum: Beginner Basics
Topic: Remote access
Replies: 7
Views: 2243

Re: Remote access

Ok, figured it out.
I just needed to change src-port to dst-port and everything worked!
by cavaughan
Thu Dec 25, 2014 2:12 am
Forum: General
Topic: Remote access
Replies: 3
Views: 1273

Re: Remote access

Ok, figured it out.
I just needed to change src-port to dst-port and everything worked!
by cavaughan
Wed Dec 24, 2014 8:12 pm
Forum: General
Topic: Remote access
Replies: 3
Views: 1273

Re: Remote access

Yes, it is an RB750. So are you saying there is no way to access it remotely, or can the firewall rules be manipulated to bypass that default setting. Here is some information about my settings that might help: So here are the results of the commands you asked me to provide. A few things I have remo...
by cavaughan
Wed Dec 24, 2014 8:06 am
Forum: Beginner Basics
Topic: Remote access
Replies: 7
Views: 2243

Re: Remote access

So here are the results of the commands you asked me to provide. A few things I have removed for privacy reasons: /ip service export /ip service set telnet disabled=yes set ftp disabled=yes set ssh port=222 set api disabled=yes /ip firewall filter export /ip firewall filter add chain=input protocol=...
by cavaughan
Tue Dec 23, 2014 5:21 am
Forum: Beginner Basics
Topic: Remote access
Replies: 7
Views: 2243

Re: Remote access

222 was on purpose to help in preventing hacks on port 22.
by cavaughan
Tue Dec 23, 2014 1:06 am
Forum: Beginner Basics
Topic: Remote access
Replies: 7
Views: 2243

Re: Remote access

Well, let's put it this was for ssh, it is listed in the Filter as:

0 ;;; SSH for secure shell
chain=input action=accept protocol=tcp dst-port=222 log=no
log-prefix=""

So wouldn't that be the same?
BTW, note that the 0 means it's in position ZERO.
by cavaughan
Tue Dec 23, 2014 12:25 am
Forum: Beginner Basics
Topic: Remote access
Replies: 7
Views: 2243

Remote access

So, I've set up a new router, enabled ssh and set up PPTP, but am unable to access any the router remotely. I have one other older router that works perfectly and looking at it the only main difference I see is that although it is also set up as a Router, there is a Bridge interface on it. Out of cu...
by cavaughan
Tue Dec 23, 2014 12:22 am
Forum: General
Topic: Remote access
Replies: 3
Views: 1273

Remote access

So, I've set up a new router, enabled ssh and set up PPTP, but am unable to access any the router remotely. I have one other older router that works perfectly and looking at it the only main difference I see is that although it is also set up as a Router, there is a Bridge interface on it. Out of cu...
by cavaughan
Sat Nov 15, 2014 12:57 am
Forum: General
Topic: Bruteforce ssh prevention
Replies: 3
Views: 1583

Re: Bruteforce ssh prevention

So, the latter in my understanding of what it should do is not working. I'm watching right now attempted ssh logins, dozens in a row from the same ip all for root. But the rules never applied. Any ideas what's going on?
by cavaughan
Thu Nov 13, 2014 3:12 am
Forum: General
Topic: Bruteforce ssh prevention
Replies: 3
Views: 1583

Bruteforce ssh prevention

I added the firewall filters to help prevent bruteforce logins on ssh per the instruction at: http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention_%28FTP_%26_SSH%29 I see continual attempts that trace back to China trying to ssh in, but when I go to: /ip firewall address-list and issue print co...