Community discussions

Search found 13 matches

by lgkahn
Thu Feb 23, 2017 12:27 am
Forum: General
Topic: ipv6 firewall for comcast bridging with static public ips
Replies: 0
Views: 473

ipv6 firewall for comcast bridging with static public ips

Since I could not fimd a good example of this configuration with an advance firewall for ipv6 for comast (in bridging mode since the default gateway is on the same subnet as your range of ips) anyway here is my firewall that I have is confirmed and tested as working.. Note the ips have been changed....
by lgkahn
Wed Feb 22, 2017 8:16 pm
Forum: General
Topic: Firewall ICMP Rule
Replies: 23
Views: 28608

Re: Firewall ICMP Rule

here are my firewall rules.. much more complicated .. 2 sections one to limit attacks/pings on the router itself and one for my forward rules (net changed in a couple of places for security ... /put "cleaning out icmp_packets_bridge chain" /ipv6 firewall filter remove [/ipv6 firewall filter find cha...
by lgkahn
Tue May 03, 2016 10:28 pm
Forum: Beginner Basics
Topic: pptp vpn issue cannot reach private ip subnet via public pptp address
Replies: 1
Views: 515

pptp vpn issue cannot reach private ip subnet via public pptp address

I have a public subnet 14 ips. and pptp in the vpn on one of the public ips and can reach my machines on the public ips when i vpn in, However, I can ping the private subnet fine from my routeros box as it also has a second address on my private 192.168.11.x subnet. Hoever, When i vpn in onto one of...
by lgkahn
Fri Apr 15, 2016 6:49 pm
Forum: General
Topic: v6.35 [current] is released!
Replies: 103
Views: 25081

Re: v6.35 [current] is released!

iisues. .upgraded made me upgrade winbox.. now when I try to log in with winbox it wont let me says rmon is not enabled.
by lgkahn
Mon Feb 01, 2016 7:07 pm
Forum: Announcements
Topic: v6.34 [current] is released!
Replies: 91
Views: 23218

Re: v6.34 [current] is released!

just for everyone's info.. this version broke our firewall I got an error that said expecting : in this line add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment="0:0 and limit for 5pac/s" disabled=no I figured out what the change was by export the firewall which was alr...
by lgkahn
Sat Jan 16, 2016 1:16 am
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 34360

Re: v6.33.5 [current] is released!

this new release made y 1016g unuseable.. after reboot couldn't even get in the router locally.. anyone have info how to flash back to the 6.33.3 packages assuming I can reset the box and get back in. thanks The configuration had two ip addresses a static public ip ie 173. and a private 192 ip.. bo...
by lgkahn
Fri Jan 15, 2016 11:46 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 34360

Re: v6.33.5 [current] is released!

this new release made y 1016g unuseable.. afer reboot couldn't even get in the router locally.. anyone have info how to flash back to the 6.33.3 packages assuming I can reset the box and get back in.

thanks
by lgkahn
Sat Dec 12, 2015 11:46 pm
Forum: General
Topic: problem with dos attach via dns
Replies: 1
Views: 922

Re: problem with dos attach via dns

i rebooted router and no more crap.. only think i can figure out is that these servers must have been running some denial of service attack over dns that continaully kept the port open (ie via tcp instead of udp) not really sure.. or there is a bug in the router os software and rebooted cleared it.....
by lgkahn
Sat Dec 12, 2015 11:32 pm
Forum: General
Topic: problem with dos attach via dns
Replies: 1
Views: 922

problem with dos attach via dns

I saw all kinds of crap dns in my logs once I enabled syslog. Anyway I dont understand why they are getting through the input filters in the firewall .. To debug I explicitely bocked dns on both udp tcp on port 53 in the firewall rules.. even though those two ports were not allowed and should have b...
by lgkahn
Sat Dec 05, 2015 7:22 pm
Forum: RouterBOARD hardware
Topic: RB1100 Fan issue
Replies: 46
Views: 18099

Re: RB1100 Fan issue

getting a couple of these.. a little lower airflow but much quitter.. will keep you informed when I install

http://www.coolerguys.com/840556098225.html
by lgkahn
Fri Dec 04, 2015 10:53 pm
Forum: RouterBOARD hardware
Topic: performance
Replies: 2
Views: 829

Re: performance

thanks i have some more statistics I have reduced my firewall rules to 129 by using address lists which the older h/w did not support. anyway for 129 rules using rb2011 with speedtest maxing out at 170 megabit/sec cpu utilization is about 65-70% I also picked up a cr1016 older model cpu utilization ...
by lgkahn
Thu Dec 03, 2015 12:37 am
Forum: RouterBOARD hardware
Topic: performance
Replies: 2
Views: 829

performance

I am going to be setting up a transparent bridging firewall configuration with static ips. The reason I need to bridge is that Comcast gives out an ip block with the default gateway on the same subnet as your ip block. I do not want to do NAT and want to actually use the public ips. I assume the sta...
by lgkahn
Fri Mar 06, 2015 12:28 am
Forum: Beginner Basics
Topic: transparant bridge public ips with same subnet.
Replies: 0
Views: 554

transparant bridge public ips with same subnet.

on dd=wrt I did the following.. I need the ip to be on the bridge itself and the bridge to run in promiscuous mode and bridge traffic between 1 port which goes to the cable modem and another which goes to a switch with all my local machines I have public ips... I then want to put a firewall on the b...