Community discussions

Search found 11 matches

by Bas15
Sat Apr 11, 2015 11:12 am
Forum: Beginner Basics
Topic: Question on firewall / switch choice
Replies: 2
Views: 664

Question on firewall / switch choice

I'm currently testing/using a RB2011iL-RM and I'm looking into buying 2 firewall's for datacenter rack. I do know that I can't setup a firewall cluster at the moment, so it will be something active /passive that I plug-over the cables when needed. I'm also considering to replace my current 24p cisco...
by Bas15
Sat Apr 11, 2015 10:43 am
Forum: General
Topic: Feature request: support RSA keys and update DH group support
Replies: 2
Views: 859

Feature request: support RSA keys and update DH group support

Would like to see RSA keys supported and if that's not an option, to update the DH groups support so eg Connectbot can be used to access the MT. https://code.google.com/p/connectbot/wiki/FrequentlyAskedQuestions Q: Why can't I connect to my Mikrotik router? A: Mikrotik uses a version of OpenSSHd tha...
by Bas15
Wed Apr 08, 2015 7:04 pm
Forum: General
Topic: IPsec VPN not comming up
Replies: 3
Views: 2765

Re: IPsec VPN not comming up

After some changes Phase 1 is succesfull, now stuck on no policy found: 0.0.0.0/0[0] 0.0.0.0/0[0] proto=any dir=in I did create the NAT rule and rebooted. add chain=srcnat dst-address=192.168.180.0/24 src-address=192.168.101.0/24 It appears that the policy I created is not used as it has a destinati...
by Bas15
Wed Apr 08, 2015 3:49 pm
Forum: General
Topic: IPsec VPN not comming up
Replies: 3
Views: 2765

IPsec VPN not comming up

Having seen many VPN topics already I still cant get mine to work. I have a Mikrotik 2011iL at home with a public IPv4 adress on eth0 (ISP modem in pass-through) which will be the replacement of my current Juniper ssg-5 (screenos) that currently does multiple VPNs. In the datacenter I have a Juniper...
by Bas15
Wed Apr 08, 2015 2:05 pm
Forum: Beginner Basics
Topic: Order of firewall rules processing on hardware level / performance
Replies: 7
Views: 3921

Re: Order of firewall rules processing on hardware level / performance

A bit off topic, but anyway. I have been running a few days on the Mikrotik. All works well but just reverted as my VPN would not establish with a Juniper Screenos " negotiation failed due to time up".

Still looking into that to get it fixed.
The CPU levels out at 25% load.
by Bas15
Wed Apr 08, 2015 2:01 pm
Forum: General
Topic: IPv6 Experiment
Replies: 7
Views: 991

Re: IPv6 Experiment

As I don't know to much about the RouterOS I'm not sure if the following would be an adition.

As IPv6 clients (like androids) do not hava a static DNS and RA also doesnt, maybe enable DHCPv6, setup a DNS server and log the queries? Then you would see what sites and maybe services would be accessed.
by Bas15
Fri Apr 03, 2015 2:34 pm
Forum: General
Topic: IPv6 only inside
Replies: 2
Views: 880

Re: IPv6 only inside

You could use a router in front of your firewall (virtual machine) on which you install SIIT. Some people work on IPv6 only (internally), me for instance. But I dualstack my mail and webservers at the moment as the enviroment is small. But taking it a bit larger, suchs as a content provider or ISP t...
by Bas15
Thu Apr 02, 2015 11:49 am
Forum: Beginner Basics
Topic: Order of firewall rules processing on hardware level / performance
Replies: 7
Views: 3921

Re: Order of firewall rules processing on hardware level / performance

Thank you very much for this 101, it gave me some new insight of how to approach the setup. I decided that this is best because if I DO see a security threat taking place, and add the guilty IP to blacklist, then I don't want him to get 5 more password guesses before sshd closes the socket. I want h...
by Bas15
Mon Mar 30, 2015 7:23 pm
Forum: General
Topic: Feature request for v7.x
Replies: 269
Views: 63561

Re: Feature request for v7.x

Would like to see SIIT support, which basically allows to remove IPv4 from internal networks and do DNS64/ NAT64 stateless translation on your edge devices. https://tools.ietf.org/html/draft-anderson-v6ops-siit-dc-2xlat-00 http://fud.no/talks/20150317-V6_World_Congress_2015-SIIT_DC_IPv4_Service_Cont...
by Bas15
Mon Mar 30, 2015 2:48 pm
Forum: Beginner Basics
Topic: Order of firewall rules processing on hardware level / performance
Replies: 7
Views: 3921

Order of firewall rules processing on hardware level / performance

After looking at documents *1 *2 *3 how RouterOS processes packets I'm still wondering from a performance perspective what the best way is to setup your firewall rules. The main question I have is; - Are packets processed throught the firewall policies based on the ID's or based on the chain (input/...
by Bas15
Mon Mar 30, 2015 12:41 pm
Forum: General
Topic: SIIT support / thoughts
Replies: 3
Views: 1114

SIIT support / thoughts

Hi all, I just registered to find some answers that I could not find. Will post that in another topic. To contribute I was searching for routerOs and SIIT support or plans/thoughts on it. In short, in datacenters, but also in customer enviroments (like the ones I manage) remove IPv4 from all servers...