Community discussions

Search found 224 matches

by blajah
Thu Nov 22, 2018 2:28 pm
Forum: Beginner Basics
Topic: Filter traffic in bridg.
Replies: 9
Views: 695

Re: Filter traffic in bridg.

Please post your config and we should be able to help you.
by blajah
Fri Aug 31, 2018 12:13 pm
Forum: General
Topic: LNS config
Replies: 0
Views: 310

LNS config

Hello, We are looking to configure one of our CCR's as LNS as hot standby for our ASR. As i have seen in release notes, it is officially supported in ROS. I have seen couple of examples but noone posted working config. Does anyone have this in production? There are no official examples on wiki. I wo...
by blajah
Tue May 22, 2018 12:17 pm
Forum: General
Topic: WAP LTE KIT [SOLVED]
Replies: 2
Views: 622

Re: WAP LTE KIT [SOLVED]

That was solution. I was on stable branch. THX!
by blajah
Mon May 21, 2018 6:16 pm
Forum: General
Topic: WAP LTE KIT [SOLVED]
Replies: 2
Views: 622

WAP LTE KIT [SOLVED]

Hello, Can anyone help me with information about WAP LTE kit information/setup? If i configure it in routed mode, i get ip /32 ( 10.0.0.1 ) and its OK. But if i configure it as passthrough and set DHCP client on HEX it does get same IP but with /30 subnet mask and default route to .2. I have another...
by blajah
Tue Apr 10, 2018 12:00 pm
Forum: General
Topic: mikrotik - pppoe client delay connection [SOLVED]
Replies: 9
Views: 2535

Re: mikrotik - pppoe client delay connection

Beside MTU/MSS there is not much to configure. Its unclear why would you get slow dial time while directly connected to router. Only option is "PADO delay" inside PPPoE server if you have set by accident.
Connect PC again and torch that interface. Then post what you got.
by blajah
Tue Apr 10, 2018 11:39 am
Forum: Beginner Basics
Topic: Need help setting simple port forwarding to a server behind CRS-125-24G-1S-2HnD
Replies: 17
Views: 1470

Re: Need help setting simple port forwarding to a server behind CRS-125-24G-1S-2HnD

Hi, just rearrange rules: /ip firewall nat add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1-gateway log=yes protocol=tcp to-addresses=192.168.88.88 to-ports=5809 add action=dst-nat chain=dstnat dst-port=1157 in-interface=ether1-gateway log=yes protocol=tcp to-addresses=192.168.88.88 t...
by blajah
Sun Apr 08, 2018 6:41 pm
Forum: Beginner Basics
Topic: Mikrotik to dial PPTP VPN like Windows
Replies: 11
Views: 1153

Re: Mikrotik to dial PPTP VPN like Windows

Ahh, you need to specify source IP when using tunnels. ( so it triggers cryptomap).
by blajah
Sun Apr 08, 2018 6:37 pm
Forum: General
Topic: mikrotik - pppoe client delay connection [SOLVED]
Replies: 9
Views: 2535

Re: mikrotik - pppoe client delay connection

I got it form your first post. Like i said, it could be some broadcast limit. And for reconnection, maybe you have old sessions still up?
by blajah
Sun Apr 08, 2018 6:12 pm
Forum: Beginner Basics
Topic: Need help setting simple port forwarding to a server behind CRS-125-24G-1S-2HnD
Replies: 17
Views: 1470

Re: Need help setting simple port forwarding to a server behind CRS-125-24G-1S-2HnD

In that case you should not have any issue. Export config from yout router, post it here. We will help.
by blajah
Sat Apr 07, 2018 11:10 am
Forum: General
Topic: Use a gateway on a different router
Replies: 2
Views: 391

Re: Use a gateway on a different router

Do you NAT on client router?
by blajah
Sat Apr 07, 2018 11:06 am
Forum: General
Topic: mikrotik - pppoe client delay connection [SOLVED]
Replies: 9
Views: 2535

Re: mikrotik - pppoe client delay connection

Sniff traffic with wireshark or enable PPPoE debug on client side, I assume there is some broadcast issue. PADI is sent to L2 broadcast address, and maybe it gets dropped somewhere on your router on stick configuration. Broadcast storm control ?
by blajah
Sat Apr 07, 2018 10:59 am
Forum: General
Topic: How to Block Skype Using Layer7-Protocol
Replies: 2
Views: 2202

Re: How to Block Skype Using Layer7-Protocol

This method does not affect HTTPS traffic. You can try different approach. Intercept and forbid DNS requests containing skype as keyword. They are not encrypted.
by blajah
Sat Apr 07, 2018 10:49 am
Forum: General
Topic: High latency [SOLVED]
Replies: 2
Views: 699

Re: High latency [SOLVED]

Check interface statistics ( uptime, errors, last downtime, duplex ). Also, it could be issue with routing, but we cannot help wthout topology or configuration.
by blajah
Sat Apr 07, 2018 10:45 am
Forum: General
Topic: Statis routes vs mangle
Replies: 2
Views: 376

Re: Statis routes vs mangle

If you have S2S tunnel, i doubt you need any additional routes. Router should see theese networks as directly connected. If you are experiencing performance issues, first thing that comes to my mind is MTU, but could be a NAT also. Can you draw a simple diagram of your topology, so we could help?
by blajah
Sat Apr 07, 2018 10:40 am
Forum: Beginner Basics
Topic: Hide HS gateway
Replies: 5
Views: 718

Re: Hide HS gateway

Of course,
here it is.
by blajah
Sat Apr 07, 2018 10:38 am
Forum: Beginner Basics
Topic: dynamic quesues
Replies: 3
Views: 497

Re: dynamic quesues

Hi, can you please start writing without all bold posts? All your posts are bold without any reason. Also, 70% of your questions are answered here on forum as well as on wiki.
by blajah
Sat Apr 07, 2018 10:33 am
Forum: Beginner Basics
Topic: Really strange IPsec Mikrotik issue [SOLVED]
Replies: 4
Views: 889

Re: Really strange IPsec Mikrotik issue [SOLVED]

We need configuration so we can help. Blind guess is like you assumed - NAT, but there could be also a lot of other things.
by blajah
Fri Apr 06, 2018 10:28 pm
Forum: Forwarding Protocols
Topic: VRRP on bridge interface
Replies: 5
Views: 1604

Re: VRRP on bridge interface

I can confirm it works as expected. Can you provide export of config or even diagram of what you are trying to achieve?
by blajah
Fri Apr 06, 2018 10:20 pm
Forum: Beginner Basics
Topic: Need help with BRIDGE and routing
Replies: 1
Views: 466

Re: Need help with BRIDGE and routing

Exclude traffic from fast-track.
by blajah
Fri Apr 06, 2018 10:17 pm
Forum: Beginner Basics
Topic: Mikrotik to dial PPTP VPN like Windows
Replies: 11
Views: 1153

Re: Mikrotik to dial PPTP VPN like Windows

Well, downside of masquerading is you have no any log which host form Mikrotik side accessed services. Masquerade rule should be like this: Source IP mikrotik LAN subnet Destination IP Bintec subnet Action masquerade Outgoing interface PPTP_interface Place this rule above your default masquerade and...
by blajah
Fri Apr 06, 2018 8:42 pm
Forum: Beginner Basics
Topic: How to block dhcp from cable modem, but not from cable company
Replies: 2
Views: 527

Re: How to block dhcp from cable modem, but not from cable company

Maybe best would be to ask your ISP to place modem in bridge mode?
In that case you would get public IP on MT, so simple metric can do the job.
by blajah
Fri Apr 06, 2018 8:39 pm
Forum: Beginner Basics
Topic: Hide HS gateway
Replies: 5
Views: 718

Re: Hide HS gateway

Add static arp entries and prohibit unwanted requests using local-proxy-arp.
by blajah
Fri Apr 06, 2018 8:30 pm
Forum: Beginner Basics
Topic: High CPU usage.
Replies: 12
Views: 6278

Re: High CPU usage.

Do you have default deny rule in input chain? What is in your connection tracking table? Sources you added to address list, you can drop in RAW firewall.
by blajah
Fri Apr 06, 2018 8:26 pm
Forum: Beginner Basics
Topic: Mikrotik to dial PPTP VPN like Windows
Replies: 11
Views: 1153

Re: Mikrotik to dial PPTP VPN like Windows

Like CZFan said, you need reverse route ( in any way you preffer to achieve it - on server directly or on router ) and if both subnets know about each other then you do not need a masquerade. In your expample with windows PC, after getting PPTP up, PC is getting IP on virtual adapter and your Bintec...
by blajah
Wed Mar 21, 2018 5:47 pm
Forum: General
Topic: Add source to address list [SOLVED]
Replies: 2
Views: 453

Re: Add source to address list [SOLVED] [SOLVED]

Thanks alot.
by blajah
Wed Mar 21, 2018 5:24 pm
Forum: General
Topic: Add source to address list [SOLVED]
Replies: 2
Views: 453

Add source to address list [SOLVED]

Hello all,
I'm getting bit confused about firewall action in subject. After packet is matched with rule criteria, is that packet passed further in firewall or it is not matched against any other rule?
by blajah
Tue Jan 16, 2018 11:57 am
Forum: Beginner Basics
Topic: Changing Static IP to Dynamic IP?
Replies: 2
Views: 923

Re: Changing Static IP to Dynamic IP?

Firstly you need to know how ISP will provide you with ip address. Is it PPPoE, DHCP, L2TP.... After that we will help you without any problem.
by blajah
Tue Jan 16, 2018 11:54 am
Forum: Beginner Basics
Topic: What product and set-up is needed? [SOLVED]
Replies: 4
Views: 568

Re: What product and set-up is needed? [SOLVED]

Hi,

It mainly depends on your topology. Will you use router + couple AP's or combo devices ( like 951 or HAP AC). Go for capsman setup + hotspot and you will be good to go.
by blajah
Tue Dec 12, 2017 2:45 pm
Forum: Beginner Basics
Topic: CCR1009-7G-1C-1S+PC basic setup
Replies: 7
Views: 2417

Re: CCR1009-7G-1C-1S+PC basic setup

Do you have default route on your MT router?
by blajah
Mon Dec 04, 2017 3:15 pm
Forum: General
Topic: RB 3011 Multicast problem
Replies: 9
Views: 1347

Re: RB 3011 Multicast problem

Guess not :(
by blajah
Sun Dec 03, 2017 5:16 pm
Forum: General
Topic: RB 3011 Multicast problem
Replies: 9
Views: 1347

Re: RB 3011 Multicast problem

Hi,
try latest RC
"*bridge - fixed multicast forwarding (introduced in v6.40rc36);"
by blajah
Sun Dec 03, 2017 4:59 pm
Forum: Beginner Basics
Topic: Forcing single URL to use specific WAN
Replies: 3
Views: 872

Re: Forcing single URL to use specific WAN

Actually,
way better is to read this:
https://wiki.mikrotik.com/wiki/Policy_Base_Routing
by blajah
Mon Nov 27, 2017 10:34 pm
Forum: Beginner Basics
Topic: General port question
Replies: 10
Views: 827

Re: General port question

Is that a windows pc? Try setting network to home if it's not.
by blajah
Mon Nov 27, 2017 2:06 pm
Forum: Beginner Basics
Topic: gateway router config failure, DHCP clients do not get addresses, DNS doesn't work properly [SOLVED]
Replies: 31
Views: 4592

Re: gateway router config failure, DHCP clients do not get addresses, DNS doesn't work properly [SOLVED]

It's this rule

add action=drop chain=forward comment=" Drop all else forward requests!"

Allow icmp in forward chain without more matchers. Just rule
add action=accept chain=forward protocol=icmp
by blajah
Mon Nov 27, 2017 11:27 am
Forum: General
Topic: NAT table not cleared correctly [SOLVED]
Replies: 77
Views: 6814

Re: NAT table not cleared correctly [SOLVED]

You're right, i wasn't thinking enough :)
by blajah
Mon Nov 27, 2017 10:49 am
Forum: Beginner Basics
Topic: gateway router config failure, DHCP clients do not get addresses, DNS doesn't work properly [SOLVED]
Replies: 31
Views: 4592

Re: gateway router config failure, DHCP clients do not get addresses, DNS doesn't work properly [SOLVED]

I just saw, you need to accept ISP's DNS servers in input. You are currently allowing DNS requests only for LAN.
by blajah
Mon Nov 27, 2017 10:44 am
Forum: General
Topic: NAT table not cleared correctly [SOLVED]
Replies: 77
Views: 6814

Re: NAT table not cleared correctly [SOLVED]

Ok, one more thing you can try is to use RAW firewall, matching src/dst addresses with no-track action. This would skip connection tracker.
by blajah
Sun Nov 26, 2017 8:29 pm
Forum: Beginner Basics
Topic: port forwarding confusion
Replies: 8
Views: 1333

Re: port forwarding confusion

This means that traffic is hitting rule correctly, but probably host is droping it.
by blajah
Sun Nov 26, 2017 3:15 pm
Forum: Beginner Basics
Topic: port forwarding confusion
Replies: 8
Views: 1333

Re: port forwarding confusion

You can test ports via numerous methods (yougetsignal, portforward as websites, and nmap/zenmap as applications) Regarding your OS, whats your network described as? Public, work or private? Sometimes, you need to set ports in windows firewall also, even if it says its disabled. I had couple of issue...
by blajah
Sat Nov 25, 2017 10:01 pm
Forum: General
Topic: NAT table not cleared correctly [SOLVED]
Replies: 77
Views: 6814

Re: NAT table not cleared correctly [SOLVED]

Try to disable SIP helper in
/ip firewall service-port
by blajah
Sat Nov 25, 2017 9:43 pm
Forum: Beginner Basics
Topic: Need help blocking IP from accessing device in my internal network behind NAT
Replies: 26
Views: 1652

Re: Need help blocking IP from accessing device in my internal network behind NAT

Consider using port-konocking. No overhead nor increase in CPU usage.
by blajah
Sat Nov 25, 2017 9:33 pm
Forum: Beginner Basics
Topic: Connect to LAN behind mikrotik router over ipsec
Replies: 4
Views: 489

Re: Connect to LAN behind mikrotik router over ipsec

Show us routing tables on both sides. I assume your routers do not know where are remote neworks, so they are sending traffic via default routes.
by blajah
Fri Nov 24, 2017 9:22 pm
Forum: General
Topic: Mapping static local IP to external dynamic IP
Replies: 3
Views: 462

Re: Mapping static local IP to external dynamic IP

I just have tested it on one side ( latest rOs RC ) and it saves fqdn in remote address field. You should be good to go.
by blajah
Wed Nov 22, 2017 11:24 pm
Forum: General
Topic: MTU Question
Replies: 12
Views: 1520

Re: MTU Question

@idlemind, I know this, and this way is the simplest way if a packet is fragmenting. Thanks, this is clear but I remember seing on older versions of RouterOS an MTU of 1508 on PPPoE and going to dig this up and test if the displayed 1508 was only cosmetical or a real value. Check this out https://w...
by blajah
Tue Nov 21, 2017 9:51 pm
Forum: Beginner Basics
Topic: Setup Pppoe over vlan 100 connection
Replies: 16
Views: 6544

Re: Setup Pppoe over vlan 100 connection

Hello,

No, you do not need to bridge VLAN interface and PPPoE client, because PPPoE client is "living" inside VLAN. Can you enable PPPoE debug and show us what gets logged? Also, if you do PPPoE scan from VLAN 100 interface, do you see any PPPoE server/BNG/BRASS/RADIUS/WhateverYourISPIsUsing
by blajah
Tue Nov 21, 2017 9:37 pm
Forum: General
Topic: PPPoE client default MTU
Replies: 15
Views: 8310

Re: PPPoE client default MTU

If you create PPPoE client on router, you would see that default value isn't 1460 or 1480, its auto. Why such a big deal? Auto would work even better then fixed value, and assuming you are leaving it @ default value, you do not care about it ( you do not have any specific requirement setting it thi...
by blajah
Sun Nov 19, 2017 10:47 pm
Forum: General
Topic: PPPoE client default MTU
Replies: 15
Views: 8310

Re: PPPoE client default MTU

If you create PPPoE client on router, you would see that default value isn't 1460 or 1480, its auto. Why such a big deal? Auto would work even better then fixed value, and assuming you are leaving it @ default value, you do not care about it ( you do not have any specific requirement setting it this...
by blajah
Sun Nov 19, 2017 10:28 pm
Forum: General
Topic: Mapping static local IP to external dynamic IP
Replies: 3
Views: 462

Re: Mapping static local IP to external dynamic IP

HI,
If you have a Mikrotiks on both sides easiest way is to configure EoIP tunnel.
by blajah
Sun Nov 19, 2017 9:56 pm
Forum: General
Topic: Interface DSL exists [SOLVED]
Replies: 3
Views: 1046

Re: Interface DSL exists [SOLVED]

Thanks alot!
by blajah
Sat Nov 18, 2017 8:45 pm
Forum: Beginner Basics
Topic: Site-to-Site PPTP problem
Replies: 10
Views: 1775

Re: Site-to-Site PPTP problem

Please post export of ip fire nat
by blajah
Sat Nov 18, 2017 8:38 pm
Forum: Beginner Basics
Topic: gateway router config failure, DHCP clients do not get addresses, DNS doesn't work properly [SOLVED]
Replies: 31
Views: 4592

Re: gateway router config failure, DHCP clients do not get addresses, DNS doesn't work properly [SOLVED]

Order of firewall rules makes sense only when you are looking in ruleset of specific chain. If you are mixing chain order with global order its bit hard for us to help you. Your default deny rule should be last observing ruleset for INPUT chain. Easiest way to filter rules is via winbox. In right co...
by blajah
Sat Nov 18, 2017 5:42 pm
Forum: General
Topic: Interface DSL exists [SOLVED]
Replies: 3
Views: 1046

Re: Interface DSL exists [SOLVED]

C'mon guys,

Someone must know something about this :oops:
by blajah
Sat Nov 18, 2017 5:39 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123593

Re: v6.41rc [release candidate] is released! New bridge implementation!

I have installed it on an old RB750 I use for some test. It shows: Firmware type: ar7240 Factory firmware: 3.02 Current firmware: 3.33 Update firmware: I.e. there is nothing after upgrade firmware and the upgrade button does nothing (no log entry). Edit: I installed 6.40.5, upgraded the firmware to...
by blajah
Sat Nov 18, 2017 5:35 pm
Forum: General
Topic: MTU Question
Replies: 12
Views: 1520

Re: MTU Question

Mangle rules are depending on your rOS version

rOS 6.39
!) ppp - implemented internal algorithm for "change-mss", no mangle rules necessary;

rOS 6.39.2
*) ppp - fixed "change-mss" functionality (introduced in 6.39);

You should be OK without any additional settings :)
by blajah
Fri Nov 17, 2017 9:35 pm
Forum: Beginner Basics
Topic: NAT doesn't work when IP ranges are specified
Replies: 16
Views: 1037

Re: NAT doesn't work when IP ranges are specified

Illogical ? Forward the Voip traffic to a group of phones: how do you make that ? Why would you do that? VOIP phones register and make their own connection, they do not need un-needed VOIP traffic sending to them. Whoa, i was questioning myself this same question, but actually you wrote it. I thoug...
by blajah
Fri Nov 17, 2017 9:27 pm
Forum: Beginner Basics
Topic: Is this simple CAPsMAN Setup possible?
Replies: 11
Views: 1190

Re: Is this simple CAPsMAN Setup possible?

Well, there are 2 ways to achieve your goal. If you are keeping bridge interface on your CAP devices, you should use "Local forwarding" option in datapath configuration. If you do not want to keep bridge interface on CAP's, ( its called manager forwarding ) your CAP's need lets say only IP on ETH in...
by blajah
Thu Nov 16, 2017 10:31 pm
Forum: General
Topic: MTU Question
Replies: 12
Views: 1520

Re: MTU Question

VLANS ( tags) are included in L2MTU so this part is OK. Regarding PPPoE, from 1500 you take out 8 Bytes because all traffic is "wraped" in PPPoE. This leaves you with 1492 MTU for rest overhead + data. Only thing you should consider is MSS change to 1452 ( MTU - 40Bytes ( 20Bytes of IP and 20Bytes o...
by blajah
Thu Nov 16, 2017 10:23 pm
Forum: Beginner Basics
Topic: Cannot ping frm comand line but from lan yes
Replies: 2
Views: 338

Re: Cannot ping frm comand line but from lan yes

What happends if you specify source IP ? It works, i suppose.

Just little hint, torch traffic from router A when you are trying to ping host B, and look in source IP field.
by blajah
Thu Nov 16, 2017 10:20 pm
Forum: Beginner Basics
Topic: Unable to access RB via webbrowser
Replies: 9
Views: 690

Re: Unable to access RB via webbrowser

Hi, First you should hide your IP addresses in your original post. Next, you should check IP->Services, just to make sure there is nothing changed. Your firewall rule is accepting (matching ) some traffic. One additional note, i guess you are not trying to open WebFig from LAN side, just pointing yo...
by blajah
Thu Nov 16, 2017 10:10 pm
Forum: General
Topic: Interface DSL exists [SOLVED]
Replies: 3
Views: 1046

Interface DSL exists [SOLVED]

Hi, just playing with one of my test devices ( RB750G, ROS 6.41rc52 ) i have found that there is some DSL interface with basic commands : /interface dsl> set arp comment l2mtu mtu vci numbers arp-timeout disabled mac-address name vpi Have i missed this in some release-notes or forum topic? I have go...
by blajah
Thu Nov 16, 2017 10:03 pm
Forum: Beginner Basics
Topic: Access to DNS from OpenVPN clients
Replies: 3
Views: 590

Re: Access to DNS from OpenVPN clients

Well, i doubt its issue on MT side. I do not have a way to test whats with DDWRT settings, but can you point ( just for testing purposes) DNS servers of DDWRT to mikrotik and then test resolving,
Do you have some DNS Proxy on DDWRT or some catch-all-DNS firewall rule, or some similar mechanism?
by blajah
Wed Nov 15, 2017 7:15 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123593

Re: v6.41rc [release candidate] is released! New bridge implementation!

For me the more important question about boot firmware is: Will the firmware version change with every RouterOS release even if no changes are made? Suppose you installed RouterOS 6.41, then upgraded firmware to 6.41. RouterOS 6.41.1 ships with no changes to the firmware. Is the available firmware ...
by blajah
Wed Nov 15, 2017 6:08 pm
Forum: Beginner Basics
Topic: Access to DNS from OpenVPN clients
Replies: 3
Views: 590

Re: Access to DNS from OpenVPN clients

By default DNS uses UDP/53 not TCP. Does your firewall allows DNS queries from outside? Actually it does, if it works on WIN10. There must be issue with DDWRT setup, Hows your OVPNs IP Network described? Do you have DNS Servers in PPP Profile?
by blajah
Wed Nov 15, 2017 12:58 pm
Forum: Beginner Basics
Topic: NAT doesn't work when IP ranges are specified
Replies: 16
Views: 1037

Re: NAT doesn't work when IP ranges are specified

Acutally i do not agree. There is no logic in this request if we are talking about unicast. In Anycast it would make sense. Like, @Steveocee explained, in common scenarios it is useless to have such option, but a lot of routers are used in more complex environment, and still we all have the same fea...
by blajah
Wed Nov 15, 2017 12:39 pm
Forum: Beginner Basics
Topic: connection-state=established
Replies: 3
Views: 1288

Re: connection-state=established

Its explained in ConTrack settings :) /ip firewall connection tracking> pri enabled: yes tcp-syn-sent-timeout: 5s tcp-syn-received-timeout: 5s tcp-established-timeout: 1d tcp-fin-wait-timeout: 10s tcp-close-wait-timeout: 10s tcp-last-ack-timeout: 10s tcp-time-wait-timeout: 10s tcp-close-timeout: 10s...
by blajah
Sat Nov 11, 2017 8:58 pm
Forum: Beginner Basics
Topic: Couple of doubts: routable subnets
Replies: 9
Views: 688

Re: Couple of doubts: routable subnets

Hi, You do not need VLANs if you do not have reason to use them. Easiest way to accomplish this is to use Eth1 for ISP1, Eth2 for ISP2, eth 3 for 1st LAN subnet ( connection to 1st switch) and Eth4 for 2nd LAN subnet. At this point you have a just phisically connected network segments, and now you w...
by blajah
Tue Oct 24, 2017 3:21 pm
Forum: Beginner Basics
Topic: Only a websit can't reach
Replies: 1
Views: 306

Re: Only a websit can't reach

Hi,

Try to resize MSS ( clamp) if you have MTU smaller then 1500.
by blajah
Fri Sep 22, 2017 8:58 pm
Forum: Beginner Basics
Topic: Router won't route LAN to WAN! Totally stumped [SOLVED]
Replies: 29
Views: 3969

Re: Router won't route LAN to WAN! Totally stumped [SOLVED]

Well, just in case, can you ping internet IP's with your LAN IP as source IP?
by blajah
Fri Sep 22, 2017 8:45 pm
Forum: Beginner Basics
Topic: Multple DHCP for VLANs
Replies: 2
Views: 529

Re: Multple DHCP for VLANs

Hi, Besides what evince said, you have not told us how you are sending traffic between router and switch. Is VLAN 1 untagged ( native) or tagged on trunk port on both sides? What's configured on EdgeSwitch part? Are VLANs created under correct interface on MT side? Pretty much if you want VLAN 1 to ...
by blajah
Fri Sep 22, 2017 8:36 pm
Forum: Beginner Basics
Topic: How to isolate networks [SOLVED]
Replies: 7
Views: 4855

Re: How to isolate networks [SOLVED]

Hi,
post cidr's of both networks.
by blajah
Fri Sep 22, 2017 8:33 pm
Forum: Beginner Basics
Topic: Block hikvision cloud
Replies: 3
Views: 707

Re: Block hikvision cloud

Hi,
If i recall correctly, Hickvision cloud is hosted on amazon. Can you specify what are you trying to accomplish?
by blajah
Sat Apr 08, 2017 9:18 am
Forum: Beginner Basics
Topic: FTP out not working
Replies: 6
Views: 671

Re: FTP out not working

Can you telnet to ftp server from host on your lan?(using port 21)
by blajah
Thu Apr 06, 2017 11:46 am
Forum: General
Topic: Problem RouterOS 6.38.5 - Denial of Service
Replies: 67
Views: 12180

Re: Vulnerability RouterOS 6.38.5 - Denial of Service

I'm not getting why such heat about this "issue". From my point of view DoS and DDoS attacks are mainly directed, and if you do not have dedicated appliance for mitigation, any router based firewall is simply work-around. Even in work around context, creating dynamic firewall matchers, you can detec...
by blajah
Tue Apr 04, 2017 4:34 pm
Forum: Beginner Basics
Topic: 951ui 3G modem... strange
Replies: 13
Views: 1060

Re: 951ui 3G modem... strange

try to disable dhcp client on ether1, and also post status of ppp-out1 interface, just to see IP you are getting from carrier. Post default route/routes. If you can ping from router itself, can you ping something with source address of your lan? Can you post traceroute from router and PC?
by blajah
Mon Apr 03, 2017 1:41 pm
Forum: Beginner Basics
Topic: First jump with stars, in tracert
Replies: 2
Views: 428

Re: First jump with stars, in tracert

Hi,
IP->route->print
there you can see where default route points to !
by blajah
Fri Mar 10, 2017 1:18 pm
Forum: Beginner Basics
Topic: Router OS confirguration for ISP router
Replies: 1
Views: 501

Re: Router OS confirguration for ISP router

Hi, 1. "I want to use the Ethernet bonding feature on RouterOS to bond as many DSL connections as possible" - only possible if your ISP's are willing to do so. If no, you can use load-balancing in your favor 2. "Then, I want to configure a PPPoE service on the main router. However, I want to be able...
by blajah
Fri Mar 10, 2017 1:11 pm
Forum: Beginner Basics
Topic: rb951g-2hnd trunk cisco 2960(not working config)
Replies: 1
Views: 288

Re: rb951g-2hnd trunk cisco 2960(not working config)

Hello,

Why are you trunking ports if you are passing only VLAN 100?
by blajah
Fri Mar 03, 2017 7:17 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82300

Re: v6.39rc [release candidate] is released

Tnx for quick fix. Confirming PPPoE is working as expected.
by blajah
Fri Mar 03, 2017 3:15 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82300

Re: v6.39rc [release candidate] is released

Confirming PPPoE went down on RC40. Cannot test torch trick atm.
by blajah
Thu Mar 02, 2017 3:15 pm
Forum: General
Topic: DHCP error after reboot
Replies: 6
Views: 858

Re: DHCP error after reboot

Whats your DHCP config? Is it authoritative ?
by blajah
Thu Mar 02, 2017 11:31 am
Forum: Beginner Basics
Topic: https, 443 proxy configuration
Replies: 8
Views: 7431

Re: https, 443 proxy configuration

Actually it's not so big issue. I have blocked ranges announced by FB ASN and from my side there is no way to open FB: 0 fb 204.15.20.0/22 feb/27/2017 12:18:41 1 fb 69.63.176.0/20 feb/27/2017 12:18:41 2 fb 173.252.64.0/18 feb/27/2017 12:18:41 3 fb 31.13.64.0/19 feb/27/2017 12:18:41 4 fb 31.13.96.0/2...
by blajah
Thu Mar 02, 2017 11:12 am
Forum: Beginner Basics
Topic: 1 wan unlimited, 2nd wan ONLY AS BACKUP
Replies: 9
Views: 4070

Re: 1 wan unlimited, 2nd wan ONLY AS BACKUP

Hello,

take look at this:
https://wiki.mikrotik.com/wiki/Advanced ... _Scripting
It should give you idea.
by blajah
Thu Mar 02, 2017 11:11 am
Forum: Beginner Basics
Topic: Block Websites and Torrents On Mikrotik 951Ui 2HnD
Replies: 9
Views: 7618

Re: Block Websites and Torrents On Mikrotik 951Ui 2HnD

Regarding websites, have you tried to create access list and add url's then drop that access list ( ROS will resolve url's to IP's ) ? Its relative new feature in firewall.
by blajah
Sat Feb 25, 2017 9:35 pm
Forum: Beginner Basics
Topic: Route traffic between two interfaces
Replies: 9
Views: 2225

Re: Route traffic between two interfaces

Can you ping respective interfaces IP addresses from servers - 10.15.x.1?
by blajah
Sat Feb 25, 2017 9:13 pm
Forum: Beginner Basics
Topic: How do I connect to IP 0.0.0.0?
Replies: 13
Views: 5467

Re: How do I connect to IP 0.0.0.0?

Was your PC connected via cable to any of unaccessible AP's?

There could be issue with firewall/filter.
Also, is there any routing protocol involved in your setup? CAPsMAN? Its hard to blind guess issue without posting your config.
by blajah
Thu Feb 23, 2017 4:38 pm
Forum: Beginner Basics
Topic: Static route invalidated when vpn connection goes down
Replies: 3
Views: 344

Re: Static route invalidated when vpn connection goes down

Hi,

i think you can use check-gateway option in existing static route. That would resolve your issue.
by blajah
Wed Dec 28, 2016 6:28 pm
Forum: Beginner Basics
Topic: Seems some firewall settings disappear on power cycle
Replies: 10
Views: 1470

Re: Seems some firewall settings disappear on power cycle

Not 100% sure, but if i recall correctly on PPPoE interface, if you set up MTU, then router sets by itself MSS rule and it has Dynamic flag.
by blajah
Tue Dec 27, 2016 1:34 pm
Forum: Beginner Basics
Topic: Please Help me im being attacked RIGHT NOW
Replies: 34
Views: 4921

Re: Please Help me im being attacked RIGHT NOW

Yeah, only on port 53, mainly UDP, but if data is bigger then 512 bytes, then it switches to TCP.
by blajah
Mon Dec 26, 2016 2:30 pm
Forum: General
Topic: VLAN and IP Management
Replies: 9
Views: 1042

Re: VLAN and IP Management

Maybe this will help: Wiki says: Configure the port which connects switch-chip with CPU, set "vlan-header=leave-as-is" because management traffic already should be tagged and Since the master-port receives all the traffic coming from switch-cpu port, VLAN has to be configured on master-port, in this...
by blajah
Mon Dec 26, 2016 2:22 pm
Forum: Beginner Basics
Topic: Please Help me im being attacked RIGHT NOW
Replies: 34
Views: 4921

Re: Please Help me im being attacked RIGHT NOW

Well, i'm not sure what do you mean by "my dns changes"? Is your ISP changing IP's of DNS or there is something else? Securing your DNS ( disabling DNS amplification attacks from your router) can be done by various methods, but maybe easiest to maintain is to create access list with IP's of your DNS...
by blajah
Sun Dec 25, 2016 3:00 pm
Forum: General
Topic: VLAN and IP Management
Replies: 9
Views: 1042

Re: VLAN and IP Management

Is cpu port member of VLAN50 on 10.23.3.242?
by blajah
Sun Dec 25, 2016 2:27 pm
Forum: Beginner Basics
Topic: Please Help me im being attacked RIGHT NOW
Replies: 34
Views: 4921

Re: Please Help me im being attacked RIGHT NOW

If i do not specify ports in the rule does it just apply to all ports? Yes What is phase 1, 2 and 3 services? Just names of access lists who are created by firewall rules. You can change names whatever you like. One more note, as you see there are no DNS rules involved in this rule-set. You need to...
by blajah
Fri Dec 23, 2016 9:59 pm
Forum: Beginner Basics
Topic: Very uncommon issue
Replies: 1
Views: 266

Re: Very uncommon issue

Hi,

read this, it would be good start

http://wiki.mikrotik.com/wiki/Per-Traff ... _Balancing
by blajah
Fri Dec 23, 2016 9:36 pm
Forum: Beginner Basics
Topic: Please Help me im being attacked RIGHT NOW
Replies: 34
Views: 4921

Re: Please Help me im being attacked RIGHT NOW

Well, if you are allowing mgmt from specific pool of ip addresses there is no need to create access list , you can do it directly via firewall rule. It is easier to read if you have access list but at the end its up to you. /ip firewall address-list add list=management-servers address=192.168.0.0[b]...
by blajah
Thu Dec 22, 2016 12:21 pm
Forum: General
Topic: problems with VOIP
Replies: 5
Views: 1227

Re: problems with VOIP

Hi, one additional note. This ( what VAN said) will only work if you have SIP helper enabled.
ip-firewall-service ports
by blajah
Wed Dec 21, 2016 3:29 pm
Forum: General
Topic: firewall in mikrotik.
Replies: 2
Views: 394

Re: firewall in mikrotik.

Hi,

What are you trying to accomplish?
by blajah
Wed Dec 21, 2016 10:11 am
Forum: General
Topic: CRS and LACP/802.11AD
Replies: 2
Views: 623

CRS and LACP/802.11AD

Hi guys,

is there any information about LACP/802.11ad support for CRS series? I know its not currently supported by switch chip, but this is one really nice feature to have. I do not ask for date or anything, just is this in developing process or it's waiting for better times to come?
by blajah
Sun Nov 27, 2016 1:45 pm
Forum: Beginner Basics
Topic: I want to block all internet access to a client only allow him two websites via MikroTik Router
Replies: 1
Views: 1419

Re: I want to block all internet access to a client only allow him two websites via MikroTik Router

HI, you can try this way: *Create access list containing 2 website URL's you want to allow. ip firewall address-list add address=xyz.com list=client_allowed add address=zyx.com list=client_allowed ip firewall filter add action=accept chain=forward comment="" src-address=192.168.2.33 dst-address-list...
by blajah
Wed Nov 23, 2016 10:37 am
Forum: Beginner Basics
Topic: Firewall help
Replies: 2
Views: 591

Re: Firewall help

Hi,

2nd question is easy. Just block IP addresses from guest VLAN to input chain.
Regarding your first question, try to move rule #6 to bottom. Also, if that does not work, try to allow port 50022 in input.
by blajah
Mon Nov 14, 2016 3:20 pm
Forum: Beginner Basics
Topic: routing problem
Replies: 4
Views: 667

Re: routing problem

I think its issue with route itself ( interface as gateway but no IP from same subnet on interface or masquerade rule). In this case you can take a different approach. If your interface ( ether2-Cable) gets public IP address from your ISP, you need to set private IP from same pool (192.168.100.0/24)...
by blajah
Mon Nov 14, 2016 3:08 pm
Forum: Beginner Basics
Topic: Can't ping 2 subnet
Replies: 1
Views: 410

Re: Can't ping 2 subnet

Hi,

Your router should route 2 networks happily, that's why is called router. If you do not have any firewall rules blocking this traffic, it should work out of box. Post your config for deeper look.
by blajah
Thu Nov 03, 2016 8:39 pm
Forum: Beginner Basics
Topic: turn off wifi
Replies: 7
Views: 3025

Re: turn off wifi

Thats pretty much impossible. Can you run some WiFi scanner just to get BSSID and AP MAC so you can be sure its your device? I'm saying this because i use similar script @home and when it turns WiFi off it really goes off. InSSIDer ( windows) or WiFite on linux.
by blajah
Tue Nov 01, 2016 5:39 pm
Forum: Beginner Basics
Topic: IPSEC VPN Behind Nat
Replies: 2
Views: 1546

Re: IPSEC VPN Behind Nat

You should try NAT-T or read relevant issue here

http://forum.mikrotik.com/viewtopic.php?t=36676
by blajah
Fri Oct 28, 2016 1:10 pm
Forum: General
Topic: VPN
Replies: 9
Views: 902

Re: VPN

Well,

Because of default deny you need to accept mentioned ports in input chain, and place them above default deny.
by blajah
Fri Oct 28, 2016 12:25 pm
Forum: General
Topic: VPN
Replies: 9
Views: 902

Re: VPN

Are you accepting connections to these ports on WAN interface on mikrotik?
Hows your firewall configured?
by blajah
Fri Oct 28, 2016 12:23 pm
Forum: Beginner Basics
Topic: Problems with IPs and Interfaces
Replies: 12
Views: 1114

Re: Problems with IPs and Interfaces

You are right. Bridge should be used for this.

I'm not sure what are you referring to in 2nd question.
by blajah
Fri Oct 28, 2016 11:41 am
Forum: Beginner Basics
Topic: SIP not working
Replies: 1
Views: 407

Re: SIP not working

HI, i think this is the issue: add action=passthrough chain=dstnat dst-address=50.x.x.x dst-port=10000-20000 protocol=tcp to-addresses=192.168.62.87 to-ports=10000-20000 add action=passthrough chain=dstnat dst-address=50.x.x.x dst-port=10000-20000 protocol=udp to-addresses=192.168.62.87 to-ports=100...
by blajah
Fri Oct 28, 2016 11:29 am
Forum: Beginner Basics
Topic: port forwarding help
Replies: 1
Views: 321

Re: port forwarding help

Yes it is possible with 2 rules. One for TCP and one for UDP. chain=dstnat action=dst-nat to-addresses=x.x.x.x to-ports=8220-8335 protocol=udp in-interface=WAN_Interface dst-port=8220-8335 log=no log-prefix="" chain=dstnat action=dst-nat to-addresses=x.x.x.x to-ports=8220-8335 protocol=tcp in-interf...
by blajah
Fri Oct 28, 2016 11:07 am
Forum: General
Topic: VPN
Replies: 9
Views: 902

Re: VPN

You should nat 1701, 4500 and 500 UDP, form Billion to MT.
by blajah
Fri Oct 28, 2016 11:00 am
Forum: Beginner Basics
Topic: Problems with IPs and Interfaces
Replies: 12
Views: 1114

Re: Problems with IPs and Interfaces

Lets try this way. All interfaces you plan to use as ports for servers, should be configured as access ports on switch. Hosts on these ports should be able to talk to WAN GW without issues. In 2nd scenario, you need to put private IP to interface, masquerade private traffic to selected public IP, an...
by blajah
Fri Oct 28, 2016 10:43 am
Forum: General
Topic: VPN
Replies: 9
Views: 902

Re: VPN

You can switch modem to bridge ( i just checked in manual for that modem). Path is : Configuration, WAN port - protocol "Pure Bridge". But anyway you need username/pass combo to setup PPPoE client ( assuming your ISP is authenticating you this way). This you can get from your ISP. As for port-forwar...
by blajah
Fri Oct 28, 2016 10:24 am
Forum: Beginner Basics
Topic: Vlan Load Balancing
Replies: 16
Views: 1698

Re: Vlan Load Balancing

Like Jarda has said, if you want to get answers, you need to explain what do you have :
*equipment
*configurations
*goal you are trying to reach

Imagine this:
I have problem with my car. I want to drive. Can you help me?
by blajah
Fri Oct 28, 2016 10:21 am
Forum: General
Topic: VPN
Replies: 9
Views: 902

Re: VPN

You are NAT-ing traffic twice. So or you wanna DMZ your Mikrotik or forward ports for VPN to Mikrotik. First solution is easier to configure, 2nd depends on protocol you gonna use. If you do not have any other hosts connected to modem, you can use DMZ form modem to MT, or even reconfigure modem to b...
by blajah
Fri Oct 28, 2016 10:12 am
Forum: General
Topic: Feature request
Replies: 0
Views: 504

Feature request

Hello,

Is there any way we can get a additional parameter for export which would mask IP addresses. Something like hide-sensitive hide-ip? Auto-masking first 2 octets would be enough. This would allow users to show config without manually editing IP's. ( it would uniform help requests).
by blajah
Fri Oct 28, 2016 10:06 am
Forum: Beginner Basics
Topic: Problems with IPs and Interfaces
Replies: 12
Views: 1114

Re: Problems with IPs and Interfaces

OK, just lets start with your current config. Paste it here, and hide sensitive.
by blajah
Thu Oct 27, 2016 9:31 pm
Forum: Beginner Basics
Topic: Problems with IPs and Interfaces
Replies: 12
Views: 1114

Re: Problems with IPs and Interfaces

Does the first method works?
by blajah
Thu Oct 27, 2016 9:18 pm
Forum: Beginner Basics
Topic: Problems with IPs and Interfaces
Replies: 12
Views: 1114

Re: Problems with IPs and Interfaces

OK, so your WAN port is configured with 1.1.1.3/24. Default route is pointing to 1.1.1.1/24. Its clear now. Do you want to expose server/s to internet completely ( like assign a address from your pool - 1.1.1.37) or you want to 1to1 NAT public IP's to servers sitting on private pool? Its not complic...
by blajah
Thu Oct 27, 2016 8:54 pm
Forum: Beginner Basics
Topic: Problems with IPs and Interfaces
Replies: 12
Views: 1114

Re: Problems with IPs and Interfaces

Sooo, :) lets start with your config.
How's WAN configured? How's your public block routed to you? Where is 1.1.1.1 address (interface)? Just share a bit of your config and it will get much more answers in decent timeframe.
by blajah
Thu Oct 27, 2016 8:48 pm
Forum: Beginner Basics
Topic: Port forwarding not working and I can't see why
Replies: 15
Views: 1437

Re: Port forwarding not working and I can't see why

You're welcome.
by blajah
Thu Oct 27, 2016 6:01 pm
Forum: Beginner Basics
Topic: Port forwarding not working and I can't see why
Replies: 15
Views: 1437

Re: Port forwarding not working and I can't see why

Take it nice and slowly. As for masquerade you need this: chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix="" This is all you need. If you have disabled NAT rules it's expected you do not see traffic coming in, because your router does not have a clue what to do with that traffi...
by blajah
Thu Oct 27, 2016 5:23 pm
Forum: Beginner Basics
Topic: Port forwarding not working and I can't see why
Replies: 15
Views: 1437

Re: Port forwarding not working and I can't see why

Whoa :) Well, there can be couple issues. In first place try to change dst-nat rules so it does not contain source IP but interface as criteria, and action should be dst-nat: Your rule #1 chain=dstnat action=dst-nat to-addresses=192.168.201.101 to-ports=5094-5095 dscp=46 in-interface=Your_WAN_interf...
by blajah
Thu Oct 27, 2016 4:48 pm
Forum: Beginner Basics
Topic: RB750Gr2 Looses Internet Connectivity
Replies: 12
Views: 994

Re: RB750Gr2 Looses Internet Connectivity

This looks ok so far. Next time when outage occurs, try to disable enable DHCP client or renew IP. ip dhcp-client renew Looks like issue with DHCP lease. You can also try with script like :if ( [/ping 8.8.8.8 interface=wan count=5 ] = 0 ) do={/ip dhcp-client renew wan} Set it in scheduler to execute...
by blajah
Thu Oct 27, 2016 4:19 pm
Forum: Beginner Basics
Topic: Port forwarding not working and I can't see why
Replies: 15
Views: 1437

Re: Port forwarding not working and I can't see why

I have a PBX behind my RB2011 and it is running SIP trunks. I am having 1 way audio issues (inbound from carrier being blocked). I cannot seem to get the setup correct in IP/Firewall/NAT for this. Here's what I need in a basic description: -UDP ports 10020 through 10531 need to come inbound from th...
by blajah
Thu Oct 27, 2016 4:00 pm
Forum: Beginner Basics
Topic: RB750Gr2 Looses Internet Connectivity
Replies: 12
Views: 994

Re: RB750Gr2 Looses Internet Connectivity

If i got correctly, you can not ping WAN GW? That's issue with A: connection to ISP or B: with config of WAN interface So, can you post relevant config ( just wan side) ? Your assumption is right. Its not FW issue, its WAN side related. It's our goal to find out why there are outages on WAN side.
by blajah
Wed Oct 26, 2016 2:40 pm
Forum: General
Topic: Configuring WAN ONT Mikrotik RB951g
Replies: 2
Views: 712

Re: Configuring WAN ONT Mikrotik RB951g

Yes it can work, but only what we do not know is whats the termination form your ISP ( what do you mean by ONT) . Is there Media Converter with eth port, or there is terminal like Huawei's HG8245. In 2nd case it depends hows the ONT configured ( routed or bridge mode).
by blajah
Wed Oct 26, 2016 11:34 am
Forum: Beginner Basics
Topic: RB750Gr2 Looses Internet Connectivity
Replies: 12
Views: 994

Re: RB750Gr2 Looses Internet Connectivity

Hi, OK, lets start with basic troubleshooting. In moments when connection is down can you ping your WAN GW? ( 69.243.104.1 ) or post output of ip route nexthop pri Also, how's DHCP configured on LAN side? Can you manually set IP on one PC just for testing purposes? Does masquerade rule getting hits ...
by blajah
Wed Oct 26, 2016 11:04 am
Forum: Beginner Basics
Topic: Provide 2 Real IP
Replies: 3
Views: 474

Re: Provide 2 Real IP

Well, i haven't understood your last post. Can you explain ( like some kind of diagram or picture) where you will mask your private data. Like
WAN IP x.x.x.2/30
WAN GW x.x.x.1

Public LAN pool y.y.y.1/28

Server should get this ip, tplink other. How's cabling done?
by blajah
Tue Oct 25, 2016 5:48 pm
Forum: General
Topic: Firewall rules + fastpath
Replies: 4
Views: 876

Re: Firewall rules + fastpath

ip services in console

or IP menu, then services submenu on Winbox
by blajah
Tue Oct 25, 2016 5:38 pm
Forum: RouterBOARD hardware
Topic: HEX Lite
Replies: 5
Views: 951

Re: HEX Lite

Thanks for answer, i didn't know that.
by blajah
Mon Oct 24, 2016 10:23 pm
Forum: General
Topic: Hacked DVR's
Replies: 12
Views: 2608

Re: Hacked DVR's

Confirming. Currently i have 1096 IP's on ACL, but my timeout is 1d. I have checked random 15 addresses and 13 were DVRs.
by blajah
Mon Oct 24, 2016 9:39 pm
Forum: RouterBOARD hardware
Topic: HEX Lite
Replies: 5
Views: 951

Re: HEX Lite

Hmm, thats fairly new information for me. Thanks, and could you maybe point me to thread or elaborate why's that?

Thanks again.
by blajah
Mon Oct 24, 2016 11:24 am
Forum: Beginner Basics
Topic: Help for this Configuration
Replies: 2
Views: 371

Re: Help for this Configuration

Hi,

it should be ok. By default router ( any) will route traffic between directly connected networks without any issue. So, just by defining IP's and rest of net attributes, you should be able to talk between LAN subnets.

Routing answer is here:
http://wiki.mikrotik.com/wiki/Manual:PCC
by blajah
Mon Oct 24, 2016 11:16 am
Forum: Beginner Basics
Topic: Question about hairpin nat
Replies: 1
Views: 448

Re: Question about hairpin nat

That should work.
by blajah
Mon Oct 24, 2016 8:01 am
Forum: Beginner Basics
Topic: Provide 2 Real IP
Replies: 3
Views: 474

Re: Provide 2 Real IP

Answer depends of your config or what you plan to implement. If your wan is routed via /30, assign first ip from public block to next interface, set 2nd ip to wan card of server and 3rd ip on wan of tp link. Connect devices via switch to mentioned interface and you should be good to go. There are mo...
by blajah
Mon Oct 24, 2016 7:53 am
Forum: Beginner Basics
Topic: NAT behavior of default RouterOS
Replies: 6
Views: 683

Re: NAT behavior of default RouterOS

Sorry for jumping in, but MT supports hairpinning easily.
by blajah
Sun Oct 23, 2016 9:38 am
Forum: Beginner Basics
Topic: why is 'bridge' interface replaced with 'ether2-master' in 'address list' regardless if there is pppoe connected or not
Replies: 91
Views: 10179

Re: why is 'bridge' interface replaced with 'ether2-master' in 'address list' regardless if there is pppoe connected or

I'm still trying to figure out is this guy just trolling or he is completely serious with questions. Anyway Mr.Mducharme has nerves made of steel.
by blajah
Sun Oct 23, 2016 9:11 am
Forum: Beginner Basics
Topic: RB750Gr2 Looses Internet Connectivity
Replies: 12
Views: 994

Re: RB750Gr2 Looses Internet Connectivity

Yes, route should be checked via IP-ROUTES. Status of 0.0.0.0/0.

I haven't understood first part. Is your modem in routed or bridge mode?
by blajah
Sat Oct 22, 2016 9:43 pm
Forum: Beginner Basics
Topic: RDP not working over Ipsec site-2-site
Replies: 4
Views: 1327

Re: RDP not working over Ipsec site-2-site

Hi,

Have you tried to explicitly allow RDP in firewall? Like src network, dst network, port 3389 ? Is that rule getting hits? Did you torch rdp connections in current config? Can you connect via RDP to their side?
by blajah
Sat Oct 22, 2016 9:28 pm
Forum: Beginner Basics
Topic: RB750Gr2 Looses Internet Connectivity
Replies: 12
Views: 994

Re: RB750Gr2 Looses Internet Connectivity

Do you have IP on WAN interface when problem occurs? Is DHCP client on WAN interface? Whats the status of default route? Are you NATing traffic twice or MT is getting WAN IP from ISP? ( ISP - WANIP ->ISPModem<-private pool->RB->2nd private pool<-LAN)
by blajah
Sat Oct 22, 2016 8:46 pm
Forum: RouterBOARD hardware
Topic: HEX Lite
Replies: 5
Views: 951

HEX Lite

Hi, i just wanna to ask about one issue with RB mentioned in topic name. I have couple of RB's in my lab, and HexLite is one of them. I have enabled bonding( balance rr) between RB750Gv1 and HexLite. There is no any heavy config. Only IP's on 3 interfaces ( eth1,5 and bonding1 - eth 2,3 are slaves)....
by blajah
Sat Oct 22, 2016 7:25 pm
Forum: General
Topic: How to Separate Internet Traffic from VPN Traffic
Replies: 2
Views: 1079

Re: How to Separate Internet Traffic from VPN Traffic

Hi, IIRC its not issue with configuration on MT side, but with PPTP client. You can try to stop PPTP client adding default route to system ( PC ). Click properties on your PPTP connection, select Networking tab, double click IPv4 protocol. Select Advanced , untick "use default gateway on remote netw...
by blajah
Tue Oct 18, 2016 1:50 pm
Forum: Beginner Basics
Topic: Error: this page can't be displayed....
Replies: 6
Views: 2794

Re: Error: this page can't be displayed....

What type your WAN connection is?

How's MTU configured on WAN interface?
by blajah
Tue Oct 18, 2016 1:47 pm
Forum: Beginner Basics
Topic: Two ISP connection settings
Replies: 3
Views: 489

Re: Two ISP connection settings

Well, in general you have 2 ISP links, and you wan to distribute traffic in some manner over these 2 links. *One link for surfing and stuff, other for crucial traffic ( business related ) * Keep internal users on 1, and infrastructure nodes on 2nd link *etc etc There are a lot ideas, but only you ca...
by blajah
Mon Oct 17, 2016 12:14 pm
Forum: Beginner Basics
Topic: Two ISP connection settings
Replies: 3
Views: 489

Re: Two ISP connection settings

Hi,

you do not need LoadBalancing, you need failover.

Something like this:

http://wiki.mikrotik.com/wiki/Two_gateways_failover
or
http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting
by blajah
Mon Oct 17, 2016 12:04 pm
Forum: Beginner Basics
Topic: firewall rules
Replies: 3
Views: 577

Re: firewall rules

Hi,

you need to be more specific. Do you wan to drop traffic from internet targeted to your WAN ip or you want to block access from LAN to specific resources on internet?
by blajah
Tue Oct 11, 2016 4:06 pm
Forum: Beginner Basics
Topic: DNS static working only if requested directly
Replies: 5
Views: 955

Re: DNS static working only if requested directly

Hi,

If i understood correctly, your Linux host is using DNS servers that are not Mikrotik itself. Thats why your router knows where are specific hosts, but your Linux host doesn't. Set mikrotiks IP as DNS server on Linux host and it should be good.
by blajah
Tue Oct 11, 2016 4:03 pm
Forum: Beginner Basics
Topic: Error: this page can't be displayed....
Replies: 6
Views: 2794

Re: Error: this page can't be displayed....

Hi,

First it would be good to write URL of webiste you are trying to access. After this, why do you think this is Mikrotik related?

Have you been able to access specific website via another ISP/CPE?
by blajah
Wed May 18, 2016 12:56 pm
Forum: Beginner Basics
Topic: "Actions" in NAT section
Replies: 2
Views: 514

Re: "Actions" in NAT section

Hi,

yeah, masquerade is what are you looking for.

chain=srcnat action=masquerade out-interface=your_WAN_interface_name log=no log-prefix=""
by blajah
Thu May 12, 2016 2:21 pm
Forum: Beginner Basics
Topic: 1 computer on LAN can't connect to router/internet
Replies: 27
Views: 4991

Re: 1 computer on LAN can't connect to router/internet

Can you ping gateway ( Mikrotik's LAN interface) from that MacBook while internet is not working?
Is " Add arp for leases" enabled?
Whats your lease time? According to log, address was used for 2min 29s.
by blajah
Wed May 11, 2016 9:43 am
Forum: Beginner Basics
Topic: 1-to-1 NAT on two external addresses - cannot configure properly, please help
Replies: 3
Views: 749

Re: 1-to-1 NAT on two external addresses - cannot configure properly, please help

Hi, First thing i noticed is: / ip service set telnet port=23 address=0.0.0.0/0 disabled=no set ftp port=21 address=0.0.0.0/0 disabled=no set www port=80 address=0.0.0.0/0 disabled=no set ssh port=22 address=0.0.0.0/0 disabled=no set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes S...
by blajah
Fri May 06, 2016 12:54 pm
Forum: General
Topic: 2 VRF's, overlapping networks
Replies: 2
Views: 392

Re: 2 VRF's, overlapping networks

TNX for feedback. Thats what i was thinking also. But question was just in case i have overlooked something. Tnx alot.
by blajah
Thu May 05, 2016 1:56 pm
Forum: General
Topic: 2 VRF's, overlapping networks
Replies: 2
Views: 392

2 VRF's, overlapping networks

Hi, Recently got question which confused me alot. Network A is on location 1, and network B is on location 2. If you want to move these 2 networks to same physical location it would be easy if address ranges are not overlapping. But, when bot networks are using same range ( lets say 192.168.88.0/24)...
by blajah
Fri Apr 29, 2016 3:41 pm
Forum: Beginner Basics
Topic: how to detect and block access via one port
Replies: 23
Views: 3670

Re: how to detect and block access via one port

Then i do not understand what are you trying to accomplish. Two rules i have posted will do the next: 2. Will match and allow up to 2 packets per minute, if ports are not 80 and 443 3. Will match and add source to address list if traffic exceeds rule above I didnt wrote 1st rule , because you have a...
by blajah
Thu Apr 28, 2016 10:21 pm
Forum: Beginner Basics
Topic: What we are missing in our Firewall + NAT configuration?
Replies: 18
Views: 2718

Re: What we are missing in our Firewall + NAT configuration?

Hi again, Can you try to access internet from server with masquerade setup instead of src-nat? Can you try to remove 0.0.0.0/0 in dst-add for src-nat rules? Also, when you trace one of your servers public IP's whats your last hop responding to trace? Is it ISP CE routers inside interface(A.B.C.29)? ...
by blajah
Thu Apr 28, 2016 4:17 pm
Forum: Beginner Basics
Topic: RB2011UiAS-RM with 6.30.4 OS can't connect to internet
Replies: 10
Views: 1464

Re: RB2011UiAS-RM with 6.30.4 OS can't connect to internet

Yeah, you can connect via winbox, using MAC address.
by blajah
Wed Apr 27, 2016 10:43 pm
Forum: Beginner Basics
Topic: Suspicious logs in firewall. How to properly react to such incident?
Replies: 3
Views: 748

Re: Suspicious logs in firewall. How to properly react to such incident?

You should start with netstat on your machines.
by blajah
Wed Apr 27, 2016 10:20 pm
Forum: Beginner Basics
Topic: What we are missing in our Firewall + NAT configuration?
Replies: 18
Views: 2718

Re: What we are missing in our Firewall + NAT configuration?

Tool torch is what you are looking for. I will check up your config later and try to help a bit. edit: From the first quick look, you need to: 1.Mark traffic per public ip and route it back in same manner ( modifying current config) or 2. Assign public addresses to different interfaces and set up ma...
by blajah
Wed Apr 27, 2016 10:17 pm
Forum: Beginner Basics
Topic: DNS Server
Replies: 16
Views: 3514

Re: DNS Server

Seriously, what exactly are you trying to do?
I'm asking the same :D

Have you changed a webfig port?
by blajah
Wed Apr 27, 2016 10:12 pm
Forum: Beginner Basics
Topic: RB2011UiAS-RM with 6.30.4 OS can't connect to internet
Replies: 10
Views: 1464

Re: RB2011UiAS-RM with 6.30.4 OS can't connect to internet

Maybe stupid question, but did you delete default config of 2011?
by blajah
Wed Apr 27, 2016 9:58 pm
Forum: Beginner Basics
Topic: how to detect and block access via one port
Replies: 23
Views: 3670

Re: how to detect and block access via one port

Looks like i'm starting to loose concept. Lets try to re-analyze all rules. So, you are trying to catch traffic which is not traffic to ports 80 and 443? In that case, i guess you can do it like this: chain=input action=accept connection-nat-state=!dstnat protocol=tcp dst-port=!80,443 limit=2/1m,0:p...
by blajah
Wed Apr 27, 2016 9:12 pm
Forum: Beginner Basics
Topic: Need Help
Replies: 9
Views: 1032

Re: Need Help

Hi,
here is winbox proxy-arp setup:
Image
Are these interfaces in some slave/master relationship? Do you have bridge setup?
by blajah
Wed Apr 27, 2016 1:37 pm
Forum: Beginner Basics
Topic: how to detect and block access via one port
Replies: 23
Views: 3670

Re: how to detect and block access via one port

Lets try this way. You need 2 rules: 1st rule is matcher, like if someone gets up to 5 packets per second accept this traffic 2nd rule is drop traffic which excedes rule above ( add to address list). One thing i overlooked: If you are matching web traffic ( http/https) with such strict rule ( 5 pack...
by blajah
Wed Apr 27, 2016 1:10 pm
Forum: Beginner Basics
Topic: Need Help
Replies: 9
Views: 1032

Re: Need Help

Are you using winbox or CLI? Also, can you export config( hide sensitive).
by blajah
Tue Apr 26, 2016 9:25 pm
Forum: Beginner Basics
Topic: DNS Server
Replies: 16
Views: 3514

Re: DNS Server

Hi, Have you masked your public ip with 0.0.0.0( in example above) or this address is really in dst-nat rule? Try without IP add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1 log=yes protocol=tcp to-addresses=192.168.88.10 to-ports=80 Also, consider changing webfig port to some other p...
by blajah
Tue Apr 26, 2016 8:38 pm
Forum: Beginner Basics
Topic: Need Help
Replies: 9
Views: 1032

Re: Need Help

Hi,

try to set proxy arp on both interfaces. That should do the trick ( considering you do not have any firewall rules in forward chain which could deny communication between subnets).
by blajah
Tue Apr 26, 2016 8:33 pm
Forum: Beginner Basics
Topic: Can't connect between 2 subnet in 2 eth
Replies: 5
Views: 836

Re: Can't connect between 2 subnet in 2 eth

One more thing, consider proxy-arp .
by blajah
Tue Apr 26, 2016 8:31 pm
Forum: Beginner Basics
Topic: how to detect and block access via one port
Replies: 23
Views: 3670

Re: how to detect and block access via one port

Hi, Let me try to explain "limit" attribute. It matches packets/bytes up to some limit. If you make rule like add action=accept chain=input disabled=no limit=5,5 protocol=icmp it means rule will allow up to 5 pings in 5 seconds. More then this will be processed by next rule, and for this case it is:...
by blajah
Tue Apr 26, 2016 12:39 pm
Forum: Beginner Basics
Topic: Can't connect between 2 subnet in 2 eth
Replies: 5
Views: 836

Re: Can't connect between 2 subnet in 2 eth

Are ports eth1 and eth2 in same bridge ?
by blajah
Tue Apr 26, 2016 12:37 pm
Forum: Beginner Basics
Topic: DNS Server
Replies: 16
Views: 3514

Re: DNS Server

Hi,

Try to add remote DNS servers in
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
by blajah
Wed Apr 06, 2016 3:24 pm
Forum: Beginner Basics
Topic: How to Monitor Mikrotik RB951Ui-2nD Remotely
Replies: 2
Views: 547

Re: How to Monitor Mikrotik RB951Ui-2nD Remotely

Hi,

create management interfaces/VLAN on each device, interconnect them via tunnels. address them as you like. Thats the general idea,
by blajah
Fri Mar 18, 2016 12:32 pm
Forum: Beginner Basics
Topic: RB750GL with DSL as WAN
Replies: 5
Views: 717

Re: RB750GL with DSL as WAN

Hi, it is not clear how do you authenticate on your ISP infrastructure. [*]"My ISP allocates WAN IP address (public IPv4) through DSL router with DNS and NAT on DSL router through private IP network : 192.168.1.0/24, 192.168.1.1 is gateway/DNS" How? - PPPoE, DHCP/MAC,IP Block statically routed to yo...
by blajah
Fri Mar 18, 2016 10:10 am
Forum: Beginner Basics
Topic: RB750GL with DSL as WAN
Replies: 5
Views: 717

Re: RB750GL with DSL as WAN

Hi, Both scenarios are Ok, but i prefer 2nd option ( modem in bridge). That's way better and easier way to get to the goal. In that case, you neet to put DSL to bridge, and then optimize WAN config on 750 according to your ISP requirements. With current config whats the issue you are experiencing? P...
by blajah
Fri Jan 22, 2016 4:36 pm
Forum: Beginner Basics
Topic: my first MPLS
Replies: 8
Views: 758

Re: my first MPLS

Hi,

Send us traceroute from pc to internet. Lets see how far it goes.
by blajah
Wed Dec 30, 2015 12:13 pm
Forum: Beginner Basics
Topic: netmap to external IP
Replies: 8
Views: 2674

Re: netmap to external IP

Hi there. On order to get good answers please provide:
* simple diagram of your topology - nothing fancy, paint would be ok
* Are you able to access a web-server typing y.y.y.y in browser directly?
* Is web-server already NAT-ed?
by blajah
Sat Nov 07, 2015 6:19 pm
Forum: Beginner Basics
Topic: problem when downloading
Replies: 2
Views: 367

Re: problem when downloading

Hello,

you are consuming all of your bandwidth with that download. That's why you can not surf.
by blajah
Wed Sep 16, 2015 6:57 pm
Forum: Beginner Basics
Topic: Unable to connect to VPN server
Replies: 6
Views: 879

Re: Unable to connect to VPN server

Whoah, your configuration is really confusing. There are 30+ rules of masquerade with unknown interface. You have all servers running on your router ( PPTP, SSTP, L2TP, OVPN). Your ether12 has public and private address. I have not seen logical masquerade. Sorry, i am not able to provide any help. I...
by blajah
Fri Sep 11, 2015 9:11 pm
Forum: Beginner Basics
Topic: Bit of routing advice needed.
Replies: 14
Views: 1352

Re: Bit of routing advice needed.

Just to make this clear, ping is ok, RDP is not? Are there any firewall rules on 192.168.1.1 which could produce this behavior?
by blajah
Fri Sep 11, 2015 7:34 am
Forum: Beginner Basics
Topic: Port Forwarding Woes
Replies: 8
Views: 1427

Re: Port Forwarding Woes

Hi,

check ip->services. Change these "service" ports, or disable for test purposes. You should be good to go.
by blajah
Thu Sep 10, 2015 8:46 pm
Forum: Beginner Basics
Topic: Unable to connect to VPN server
Replies: 6
Views: 879

Re: Unable to connect to VPN server

Hi,
can you provide more details about your issue. Draw topology, explain who is establishing VPN to where... Its bit odd to expect help without any explanation.
by blajah
Thu Sep 10, 2015 8:43 pm
Forum: Beginner Basics
Topic: Routerboard hAP Lite - Simple VLAN setup for UniFi APs
Replies: 4
Views: 2714

Re: Routerboard hAP Lite - Simple VLAN setup for UniFi APs

Hi,
From my point of view you do not need the VLAN in your setup. You can do it different, with what is called VRF-Lite(well very close to it :D ). In Mikrotik words its all about routing marks.Check this topic out, http://forum.mikrotik.com/viewtopic.php?t=42577 maybe it will fit your needs.
by blajah
Thu Sep 10, 2015 8:13 am
Forum: Beginner Basics
Topic: Bit of routing advice needed.
Replies: 14
Views: 1352

Re: Bit of routing advice needed.

Hi,

yes, redirects will make a change. Can you post tracertoute from pc to server?
by blajah
Thu Sep 10, 2015 7:43 am
Forum: Beginner Basics
Topic: Access network behind other router from wifi network
Replies: 6
Views: 985

Re: Access network behind other router from wifi network

Hi, If your fritz is NATing traffic, you should disable nat. Then you should create routes between networks, so IP of fritz would be your gateway for 192.168.188.0 network. Default route on fritz should point to IP of Mikrotik's IP and you should be good to go( assuming you configured access on frit...
by blajah
Thu Sep 03, 2015 11:02 pm
Forum: Beginner Basics
Topic: adding an sbs dhcp to routeros network
Replies: 3
Views: 526

Re: adding an sbs dhcp to routeros network

You're welcome :D
by blajah
Thu Sep 03, 2015 7:04 pm
Forum: Beginner Basics
Topic: adding an sbs dhcp to routeros network
Replies: 3
Views: 526

Re: adding an sbs dhcp to routeros network

Set DHCP relay and dns to point to your internal services.
by blajah
Wed Sep 02, 2015 7:33 pm
Forum: Beginner Basics
Topic: Bit of routing advice needed.
Replies: 14
Views: 1352

Re: Bit of routing advice needed.

Can you show me a trace from PC to server?
Edit
What's the default route on 172.16.1.1?
by blajah
Tue Sep 01, 2015 11:56 pm
Forum: Beginner Basics
Topic: Bit of routing advice needed.
Replies: 14
Views: 1352

Re: Bit of routing advice needed.

Hi there. Let me first confirm if i get your scenario correct: Host with IP 172.16.1.10 can establish a RDP session to server with IP 10.1.0.1 only if its default gateway is set to 172.16.1.1? And your issue is that when on same host default gateway is 172.16.1.3 you can not establish RDP session? I...
by blajah
Wed Aug 19, 2015 11:26 pm
Forum: Beginner Basics
Topic: Redirect
Replies: 2
Views: 374

Re: Redirect

If you are already blocking all unwanted traffic, you can redirect sites in DNS, and also, you should be OK with creating 1 hosts file with same redirects, and then copy them all way across the network. Its not Mikrotik related, but give it a try.
by blajah
Wed Aug 19, 2015 11:02 pm
Forum: General
Topic: Winbox & WIN10 issue
Replies: 3
Views: 1276

Re: Winbox & WIN10 issue

Hi,

Its 15.6 inch HP laptop. Native resolution is 1366x768 which is set as display resolution also. Once again, i am 99% sure i didn't have this issue on WIN7. Tnx for replys, guys.
by blajah
Mon Aug 17, 2015 8:58 pm
Forum: General
Topic: ADSL Bridge Mode Issues
Replies: 12
Views: 3179

Re: ADSL Bridge Mode Issues

Hi Milos,

Call your ISP and check if they can see your Mikrotik's MAC address from xDSL port on DSLAM. I have seen couple of issues with only 1 MAC allowed on xDSL port.
by blajah
Mon Aug 17, 2015 8:30 pm
Forum: General
Topic: Winbox & WIN10 issue
Replies: 3
Views: 1276

Winbox & WIN10 issue

Hi, I have upgraded form WIN7 to WIN10 couple days ago. Ever since i'm having strange issue with winbox, Some windows in winbox i can not see completely ( bottom part is under the taskbar), and there is no way to move/maximize it to be visible. Well, here is the video: http://gfycat.com/WeeklyRealis...
by blajah
Mon Aug 17, 2015 8:03 pm
Forum: Beginner Basics
Topic: SSDP
Replies: 1
Views: 684

Re: SSDP

Hi,

try to block udp requests to port 80,and also block any traffic sourced on port 1900
by blajah
Sat Aug 15, 2015 3:57 pm
Forum: Announcements
Topic: 6.31 released
Replies: 227
Views: 47636

Re: 6.31 released

RB951G-2ND and RB750G had a NTP client running before the upgrade. After the upgrade, in profiler NTP process was always on 0.5% ( i have waited 10-15 min). After disabling then enabling NTP client, process appears then disappears from profiler after 10-15 seconds (as expected).
by blajah
Thu Aug 13, 2015 11:10 pm
Forum: Beginner Basics
Topic: Domain does not redirect correctly to NAT:Port but to Router
Replies: 7
Views: 897

Re: Domain does not redirect correctly to NAT:Port but to Router

Hi,

glad i was able to help. Enjoy your MT devices :D
by blajah
Thu Aug 13, 2015 2:30 pm
Forum: Beginner Basics
Topic: HQ VPN - Multiple Sites
Replies: 4
Views: 1064

Re: HQ VPN - Multiple Sites

Hi,

check this out
http://mum.mikrotik.com/presentations/HR13/kirnak.pdf.

Also, what i do not like is your comment "1 951Ui-2HnD to use as "server" ". Its bad practice to relay on only 1 device in such implemetation. Consider VRRP or whatever suits your needs on main location.
by blajah
Thu Aug 13, 2015 8:14 am
Forum: Beginner Basics
Topic: Double route, automatic switching
Replies: 3
Views: 519

Re: Double route, automatic switching

Try this:

/routing filter
add action=passthrough chain=dynamic-in disabled=no set-check-gateway=ping
by blajah
Wed Aug 12, 2015 11:13 pm
Forum: Beginner Basics
Topic: EOIP?
Replies: 2
Views: 536

Re: EOIP?

Pretty much yeah. You should create GRE tunnel from site to site.
by blajah
Wed Aug 12, 2015 1:28 pm
Forum: Beginner Basics
Topic: mikrotik 750gl +adsl + static ip
Replies: 1
Views: 467

Re: mikrotik 750gl +adsl + static ip

How your isp is routing/assigning your ip's to you?
How many IP adresses you have from ISP?
Are your clients dialing PPPoE connections to you?
by blajah
Wed Aug 12, 2015 1:23 pm
Forum: Beginner Basics
Topic: prolem with ping when browsing
Replies: 1
Views: 335

Re: prolem with ping when browsing

Hi,

cook a coffee and open this URL http://wiki.mikrotik.com/wiki/Manual:Queue
by blajah
Wed Aug 12, 2015 1:20 pm
Forum: Beginner Basics
Topic: NAT Port forwarding 2 WAN
Replies: 5
Views: 1422

Re: NAT Port forwarding 2 WAN

You need to mark traffic. Your default route is simply default, and that means your router will route all traffic to outside via that route no matter what interface traffic came from. If you mark traffic that comes via WAN2r interface, and route it back via same WAN2 interface it will work 100%.
by blajah
Wed Aug 12, 2015 1:08 pm
Forum: Beginner Basics
Topic: Double route, automatic switching
Replies: 3
Views: 519

Re: Double route, automatic switching

Hi,

your decription of what you are trying to achieve is incomplete. Are you trying to make your setup work as failover or as load-balancer? Are there any additional criteria for traffic shaping ( protocol, destination, etc etc...)?
by blajah
Fri Jul 31, 2015 10:22 am
Forum: Beginner Basics
Topic: BASIC ROUTER CONFIGURATION
Replies: 2
Views: 551

Re: BASIC ROUTER CONFIGURATION

Hi, not much help from me, but if you are good with cisco, you can use CLI on MT. Telnet or SSH, whatever you like.

BtW, no offence, you can answer yourself, with approx. 30min looking @ GUI.

Also, you can try http://wiki.mikrotik.com/wiki/Manual:In ... figuration
by blajah
Fri Jul 31, 2015 10:15 am
Forum: Beginner Basics
Topic: Second router help
Replies: 12
Views: 1058

Re: Second router help

Can you post routing table again? Also, can you disable all traffic marking and routes for marked traffic? Just leave 2 default routes for WAN1 and WAN2.
by blajah
Wed Jul 29, 2015 5:57 pm
Forum: Beginner Basics
Topic: Routing Help
Replies: 2
Views: 460

Re: Routing Help

Well, if you provide more details about your topology i will try to help you. Diagram with devices and connected interface addresses would be nice.
by blajah
Wed Jul 29, 2015 5:48 pm
Forum: Beginner Basics
Topic: ADSL MTU MSS PPPoE problem on RB2011UAS-2HnD
Replies: 8
Views: 1530

Re: ADSL MTU MSS PPPoE problem on RB2011UAS-2HnD

*Check cabling ( MT - modem), maybe cable is damaged If this was the root cause, you would expect the issue to exist if the modem is doing the PPPoE authentication. This doesn't seem to be the case though. It was a blind guess, we have no information about cabling :) * Set MTU to 1492/1480b and the...
by blajah
Wed Jul 29, 2015 4:48 pm
Forum: Beginner Basics
Topic: Second router help
Replies: 12
Views: 1058

Re: Second router help

Hi,

/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN - 02

Should do the job.
by blajah
Wed Jul 29, 2015 4:36 pm
Forum: Beginner Basics
Topic: ADSL MTU MSS PPPoE problem on RB2011UAS-2HnD
Replies: 8
Views: 1530

Re: ADSL MTU MSS PPPoE problem on RB2011UAS-2HnD

Hi there, Here are couple of ideas: *Check cabling ( MT - modem), maybe cable is damaged *Try to ping some local IP ( if your provider is not blocking ICMP to default gateway obitained by PPPoE), because maybe your provider is having some heavy load on upstream ( ICMP is treated as lowest priority t...
by blajah
Wed Jul 29, 2015 4:05 pm
Forum: Beginner Basics
Topic: I need some help about config?
Replies: 8
Views: 1174

Re: I need some help about config?

Hi,

sorry for late reply.
Because you have connected your IPTV VLAN to bridge interface ( where are all of your devices, and multicast traffic is flowing), there can be some issues with multicast helper running on AP. Try to disable it.
by blajah
Wed Jul 29, 2015 3:52 pm
Forum: Beginner Basics
Topic: Second router help
Replies: 12
Views: 1058

Re: Second router help

Hi, Let's try this way: *Delete all your config related to WAN-2 *Add IP address from 192.168.1.0/24 network to WAN-2 interface ( lets say its 192.168.1.100) *Set static route to 192.168.1.0/24 via 192.168.1.1 ( MT should create additional route with interface label as gateway and preferred source a...
by blajah
Tue Jul 28, 2015 1:58 pm
Forum: Beginner Basics
Topic: Basic routing configuration
Replies: 5
Views: 724

Re: Basic routing configuration

From my point of view ( i'm not saying i'm right) your server is sending all traffic back via default route. For testing purposes can you change default route to 89.25.173.225?
by blajah
Sat Jul 25, 2015 8:48 am
Forum: Beginner Basics
Topic: I need some help about config?
Replies: 8
Views: 1174

Re: I need some help about config?

HI,

Whats with your CPE usage on HAP while you are streaming and surfing at same time?
Also, are there multicast issues(flood) on local-bridge?
Can you post your config export?
by blajah
Fri Jul 24, 2015 11:19 pm
Forum: Beginner Basics
Topic: GATEWAY TIMEOUT
Replies: 2
Views: 385

Re: GATEWAY TIMEOUT

Trace to specific website?
by blajah
Fri Jul 24, 2015 10:23 pm
Forum: Beginner Basics
Topic: I need some help about config?
Replies: 8
Views: 1174

Re: I need some help about config?

Huh, well let me try to guess what are you up to. Your ISP modem/router has 1 eth port for internet, lets say LAN1. LAN2 port is for IPTV. Now you wan to connect MT to your ISP modem/router and then connect your devices to MT? What do you need to provide is: *How your ISP is routing you to internet?...
by blajah
Fri Jul 24, 2015 7:31 pm
Forum: Beginner Basics
Topic: Basic routing configuration
Replies: 5
Views: 724

Re: Basic routing configuration

Address 89.25.173.225 is pingable from internet ( just tested it).

Can you ping it from server? Is it default gateway on server?
edit:
b1863515 was quicker :)
by blajah
Wed Jul 08, 2015 2:36 pm
Forum: Beginner Basics
Topic: Router settings - the right way?
Replies: 3
Views: 1185

Re: Router settings - the right way?

Hi, first things first :) *Can you reconfigure your modem to bridge mode, and then do all "intelligent" things on MT?( i'm guessing you are getting public IP via PPPoE from your ISP) *If yes, then all services ( like DHCP, Firewall, etc will be on MT, not on DSL modem) which will increase overall ne...
by blajah
Wed Jul 08, 2015 1:53 pm
Forum: Announcements
Topic: Manual Improvements
Replies: 94
Views: 19097

Re: Manual Improvements

Hello MT, Just quick intro. I'm working as tech support in one bigger ISP in my country so i will try to forward issues of customers i have helped to and what simple scenarios would be really helpful: *xDSL modem in bridge mode and Mikrotik dialing PPPoE ( NAT) config *Fiber with WAN/30 and public b...
by blajah
Sat Jul 04, 2015 11:03 pm
Forum: Beginner Basics
Topic: VLAN Trunking
Replies: 9
Views: 1118

Re: VLAN Trunking

Hi, couple of questions: * Whats the config of switch? (switchport mode and native VLAN (if any)) * From your post i could not understand if port is not getting IP or device connected to port on switch? * "The switch gets an ip of 172.28.8.133" - VLAN int or ...? If you want an IP address on physica...
by blajah
Thu Jul 02, 2015 9:10 am
Forum: Beginner Basics
Topic: [SOLVED] Connecting to another network from a router connected to Mikrotik
Replies: 4
Views: 2191

Re: Connecting to another network from a router connected to Mikrotik

Hello, if i'm getting right what you are trying to accomplish, this is what you should do: Create static route for 192.168.90.0/24 network /ip route add distance=1 dst-address=192.168.90.0/24 gateway=192.168.88.4 This should be enough for MT to know where theese IP's are. Real question/problem is ho...
by blajah
Mon Jun 22, 2015 3:46 pm
Forum: Beginner Basics
Topic: PPPoE and VoIP
Replies: 1
Views: 890

Re: PPPoE and VoIP

Maybe it's better to consider using trunks in this scenario.
by blajah
Fri Jun 12, 2015 9:02 pm
Forum: General
Topic: Is it possible to unbrand a router?
Replies: 9
Views: 1423

Re: Is it possible to unbrand a router?

Hi, What do you mean by branded? Imprinted logos on case of router or greeting when you telnet/ssh to router?