Community discussions

Search found 11 matches

by NiK
Tue Apr 24, 2018 8:10 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164454

Re: Advisory: Vulnerability exploiting the Winbox port

But the intruder can also sit inside your network. What if the intruder connects in with the MAC address/Neighbors service? There is no filtering possible on that. Nope. If in-port is a part of a bridge - You can filter MAC-Winbox and MAC-Telnet pakets using bridge filter chain input. Example drop ...
by NiK
Thu Dec 29, 2016 12:33 pm
Forum: Forwarding Protocols
Topic: Transparent bridge using PPtP and EoIP Issue
Replies: 8
Views: 2357

Re: Transparent bridge using PPtP and EoIP Issue

Possible, problem is in max MTU and MSS. When tunnel is established, all packets betwwen networks are incapsulated into tunnel IP packets. When one tunnel created inside other (Eoip inside PPtP) - encapsulation occurs twice. Try to decelerate MTU and set TCP-MSS to MTU-40 on a border routers firewall.
by NiK
Thu Dec 29, 2016 12:16 pm
Forum: Forwarding Protocols
Topic: Block port 80 on certain IP
Replies: 1
Views: 2281

Re: Block port 80 on certain IP

If web-server is in the LAN (user PC in the same subnet 192.168.88.0/24), traffic between user and server goes directly, and You can't filter it.
by NiK
Sat Nov 05, 2016 11:31 am
Forum: General
Topic: Remote Mikrotik using WebFig
Replies: 4
Views: 1170

Re: Remote Mikrotik using WebFig

May be wrong order of rules.
The rule created by command "/ip firewall filter add action=accept chain=input dst-port=80 protocol=tcp" should be moved up to position before other drop/reject rules.
by NiK
Sat Nov 05, 2016 11:28 am
Forum: General
Topic: 2 LANs with 2 WANS
Replies: 4
Views: 565

Re: 2 LANs with 2 WANS

The easiest way is:
1) create second routing table for routing through WAN2
2) create route rule that uses second routing table for some trafic (see policy-based routing - /ip route rule)
by NiK
Mon Oct 31, 2016 4:45 pm
Forum: General
Topic: PPP on-up script variable question
Replies: 6
Views: 1419

Re: PPP on-up script variable question

if You need interface NAME for pptp-server, just use construction like this:
([/int pptp-server get ($"interface") name])
For example, this command logs pptp-server interface name into standart error log:
:log error ([/int pptp-server get ($"interface") name])
by NiK
Mon Oct 31, 2016 4:29 pm
Forum: General
Topic: PPP on-up script variable question
Replies: 6
Views: 1419

Re: PPP on-up script variable question

This topic must be in "scripting" part.
You got the "number"/"index key" (not name) in array. Normal or not it depends from what do You want to get.
Print what do You want to get and command that You use.
by NiK
Mon Oct 31, 2016 9:12 am
Forum: General
Topic: PPP on-up script variable question
Replies: 6
Views: 1419

Re: PPP on-up script variable question

Try to use syntax like this: ($"local-address")
by NiK
Wed Sep 14, 2016 8:49 pm
Forum: General
Topic: CRS and hardware MAC-based Vlan
Replies: 1
Views: 937

CRS and hardware MAC-based Vlan

I'm trying to setup MAC-based Vlan with CRS125 switch. Default in my conf interface eth7 is slave of eth2 and belongs to default untagged Vlan. Eth2 connected to the bridge with IP 192.168.1.1/24 According to wiki, on eth port properties I set: /interface ethernet switch mac-based-vlan add src-mac=0...
by NiK
Sat Jan 09, 2016 11:55 pm
Forum: General
Topic: Known issues and bugs - a list
Replies: 283
Views: 111515

Re: Known issues and bugs - a list

Hello! Problem: We have 2 offices connected via Internet by GRE tunnels. Each office has only one public IP-address. GRE tunnel established between these public IP. Both offices have LAN with different private IP/subnet. NAT is used to access office users to the Internet. Some users from office #1 L...
by NiK
Sat Jan 09, 2016 11:51 pm
Forum: General
Topic: Known issues and bugs - a list
Replies: 283
Views: 111515

Re: Known issues and bugs - a list

Hello! We have two offices connected via Internet by GRE tunnels. Each office has only one public IP-address. GRE tunnel established between these public IP. Both offices have LAN with different private IP/subnet. NAT is used to access office users to the Internet. Some users from office #1 LAN, nee...