Community discussions

Search found 77 matches

  • 1
  • 2
by zuku
Thu Feb 07, 2019 11:25 am
Forum: Beginner Basics
Topic: Winbox mac access on one bridged port
Replies: 2
Views: 206

Re: Winbox mac access on one bridged port

OK, I excluded ETH10 from bridge, (bridge had ports from ETH1 to ETH10) -created in "Interface list" new list 'winbox' and added ETH10 to that list. -assigned in Neighbors-->Discovery Inerface: "winbox" -assigned in Tools-->Mac Server-->Mac Winbox Server: "winbox" results: until eth10 is excluded fr...
by zuku
Mon Feb 04, 2019 11:42 am
Forum: Beginner Basics
Topic: Winbox mac access on one bridged port
Replies: 2
Views: 206

Winbox mac access on one bridged port

Hi, I have RB2011 and would use it as switch so my ETH2 to ETH10 ports are bridged with uplink port ETH1. But now I need to have Winbox Mac address access only on ETH1 - how to do that? I have in IP-->Neighbors-->Duscovery Inerface: "WAN" (ETH1) and in Tools-->Mac Server-->Mac Winbox Server: "WAN" E...
by zuku
Mon Dec 10, 2018 2:32 pm
Forum: General
Topic: Vlan not getting IP from windows DHCP
Replies: 9
Views: 411

Re: Vlan not getting IP from windows DHCP

I'm giving up and I'm switching to static IP addresses. The problem concern the same devices from one manufacturer - Posiflex, all they have the same etnernet card "Realtek PCIe GBE Family Controller" as I read this card is very problematic, and I think here is the problem, but for now don't know ho...
by zuku
Tue Nov 27, 2018 3:04 pm
Forum: General
Topic: Vlan not getting IP from windows DHCP
Replies: 9
Views: 411

Re: Vlan not getting IP from windows DHCP

I connected laptop to vlan13 switchport T2600G and it getting IP 10.10.13.76 from windows DHCP server - it is so weird because rest of vlan devices can't do this - faulty switch? I have question, I do dhcp packet analyze with wireshark connected to T2600G switch, if I connect ethernet cable to vlan1...
by zuku
Tue Nov 27, 2018 2:03 pm
Forum: General
Topic: Vlan not getting IP from windows DHCP
Replies: 9
Views: 411

Re: Vlan not getting IP from windows DHCP

I created dhcp only for testing purposes, my main DHCP is on windows domain server and there is scope for vlan13.
Image
by zuku
Tue Nov 27, 2018 12:58 pm
Forum: General
Topic: Vlan not getting IP from windows DHCP
Replies: 9
Views: 411

Re: Vlan not getting IP from windows DHCP

If I create DHCP server on vlan13, then pos terminals getting IP from DHCP, so there is problem with mikrotik relay or windows dhcp server.
by zuku
Mon Nov 26, 2018 9:27 pm
Forum: General
Topic: Vlan not getting IP from windows DHCP
Replies: 9
Views: 411

Re: Vlan not getting IP from windows DHCP

My config is: Pos terminals<--------->tp-link T2600G ports with pvid 13 untagged of vlan13<---------tagged vlan13----------->tp-link TL-SG2452<--------tagged vlan13---------->vlan13 on interface sfp-sfpplus1 Mikrotik /interface vlan add comment="vlan_13 - POS - 10.10.13.0" interface=sfp-sfpplus1 nam...
by zuku
Mon Nov 26, 2018 2:34 pm
Forum: General
Topic: Vlan not getting IP from windows DHCP
Replies: 9
Views: 411

Vlan not getting IP from windows DHCP

On mikrotik with ROS 6.38.7 I have configured vlan13 subnet (10.10.13.0/24) for pos terminals. On my main lan subnet (10.1.0.0) I have domain server 2012 with DHCP and scope for this VLAN13. My problem is that some POS terminals getting IP from DHCP some not, but if anyway any terminal will get it's...
by zuku
Fri Nov 23, 2018 3:14 pm
Forum: Beginner Basics
Topic: Adding wireless to office network
Replies: 7
Views: 581

Re: Adding wireless to office network

strange, I removed from wlan1 interface VLAN tagging, so now are:
vlan-id=1 vlan-mode=no tag
and my guest wifi on vlan16 working now, I get proper subnet from my CCR.
Why it sould't be there vlan tagging settings, as I use vlan for that wireless network?
by zuku
Fri Nov 23, 2018 9:31 am
Forum: Beginner Basics
Topic: Adding wireless to office network
Replies: 7
Views: 581

Re: Adding wireless to office network

Be careful not to have ether1 on RB2011 part of any of bridges (if it's part of one now, you have to remove it before performing the configuration). The answer to your final question is in the text about point 2 (number 3). how can I achieve my setup without bridge RB2011 eth1 with the rest eth2-et...
by zuku
Thu Nov 22, 2018 6:59 pm
Forum: Beginner Basics
Topic: Adding wireless to office network
Replies: 7
Views: 581

Re: Adding wireless to office network

My goal is: on endpoint wifi device (RB2011UiAS) have access to my CCR lan 10.1.0.0/16 on ethernet interfaces, and one separated guest wifi. so using VLAN I do: 1.on CCR lan interface I add vlan16 172.16.0.1/24, on RB2011UiAS eth1 add vlan16 172.16.0.2/24 2. on RB2011UiAS create guest wifi with vlan...
by zuku
Wed Nov 21, 2018 10:47 pm
Forum: Beginner Basics
Topic: Adding wireless to office network
Replies: 7
Views: 581

Adding wireless to office network

Hi, I'm looking for config advice, I have lan with main mikrotik CCR ( lan ip 10.1.0.1), one ISP, multiple switches. Now I need to add two RB2011 in two separate buildings (this is still the same lan), on every of them I need to have two WIFI networks, one with access to private lan (after radius, n...
by zuku
Thu Oct 11, 2018 3:22 pm
Forum: Beginner Basics
Topic: Manage export - import
Replies: 4
Views: 329

Re: Manage export - import

I use notepad++ on windows 10, do you thing this is problem related to ROS 6.37.5 & 6.38 differences?
E.g import ends at very simple config like:
/ip neighbor discovery
set ether7 comment="WAN2 - DSL" discover=no
by zuku
Tue Oct 09, 2018 11:06 am
Forum: Beginner Basics
Topic: Manage export - import
Replies: 4
Views: 329

Manage export - import

Hi, My problem is when I do export to file, and then import from file on new mikrotik (source mikrotik has 6.37.5. ROS and destination have 6.38 ROS) I can't import this config because of errors: "expected end of command (line.... column...)". If I edit this rsc file and remove this line, problem re...
by zuku
Tue Sep 11, 2018 7:16 pm
Forum: Beginner Basics
Topic: Resolve domain dns names in mikrotik
Replies: 4
Views: 429

Re: Resolve domain dns names in mikrotik

I asked about that because I do redirect remote desktop from internet to my computers on lan, so I use 'dst-nat' with 'to-addresses' but the problem is that every PC have dynamically allocated IP, so my port forwarding rule working until pc not change its IP address. I could use a script: /ip firewa...
by zuku
Tue Sep 11, 2018 2:54 pm
Forum: Forwarding Protocols
Topic: 6.4x OpenVPN + OSPF trouble
Replies: 8
Views: 1555

Re: 6.4x OpenVPN + OSPF trouble

I have the same problem on mikrotik 6.40.9 bugfixes, my other mikrotik routers with older ROS do not have this error, I had to switch to static route to work on this router. Is any way to fix this?
by zuku
Tue Sep 11, 2018 11:38 am
Forum: Beginner Basics
Topic: Resolve domain dns names in mikrotik
Replies: 4
Views: 429

Resolve domain dns names in mikrotik

I have Windows 2012 domain server with DNS and DHCP, all computers with leased IP are registered on my DNS so I have proper hostname resolution on my LAN. On DNS server as forwarder I have set Mikrotik LAN IP, and on Mikrotik I have OpenDNS servers configured. Everything work as expected but on mikr...
by zuku
Mon Jun 11, 2018 1:55 pm
Forum: Beginner Basics
Topic: Can't copy big files through VPN
Replies: 3
Views: 369

Can't copy big files through VPN

I have problem and don't know how resolve it. I need sometimes to copy files around 80-100MB between two sites with Mikrotik routers on both side. On Main site I have fiber 100mbit/s and on remote fiber 50mbit/s. When I start copy files using SMB protocol between shared folder from main site to shar...
by zuku
Sun May 06, 2018 2:37 pm
Forum: Beginner Basics
Topic: Filtering IPSEC site-to-site connection
Replies: 3
Views: 321

Filtering IPSEC site-to-site connection

Hi, I have configured standard Tunnel site-to-site IPSEC connection: Src.Address=172.16.8.0/24 Dst.Address=192.168.0.0/24 Protocol=255 (all) everything works OK, full access between these two LAN, but I need to filter this connection that remote network 192.168.0.0 could connect to my network only o...
by zuku
Wed Apr 04, 2018 10:19 am
Forum: Beginner Basics
Topic: PPTP Rate limit not working
Replies: 4
Views: 407

Re: PPTP Rate limit not working

ahh good that you mentioned this Queue is creating only when client is connected, and now when client is connected in Simple Queues I have pptp-profile queue with order number 0 (don't have anything else here). So will test this setup and will you know. thanks.
by zuku
Tue Apr 03, 2018 1:11 pm
Forum: Beginner Basics
Topic: PPTP Rate limit not working
Replies: 4
Views: 407

Re: PPTP Rate limit not working

I don't see anywhere in "Queues" any automatically created PPP queue, I have like this:
- Simple Queues is empty
- Interface Queues:
Image
-Queue Tree - empty
-Queue Types:
Image

I don't use fastrack.
by zuku
Fri Mar 30, 2018 10:01 am
Forum: Beginner Basics
Topic: PPTP Rate limit not working
Replies: 4
Views: 407

PPTP Rate limit not working

I have configured PPTP profile ans set here rate-limit
Image
but when client is connected it's getting full bandwidth of my WAN connection:
Image
My ROS is 6.37.5. How could I troubleshoot this issue?
by zuku
Thu Dec 07, 2017 3:31 pm
Forum: Beginner Basics
Topic: Add second IPSEC tunnel with the same destination subnet
Replies: 0
Views: 179

Add second IPSEC tunnel with the same destination subnet

Hi, I have already configured on mikrotik couples of IPSEC tunnel VPNs, one of them have destination subnet 192.168.1.0/24 now I need to connect new customer and they have the same local subnet 192.168.1.0/24 as my other VPN already configured. Can I simply create new Peer and new Policy with the sa...
by zuku
Mon Sep 11, 2017 12:05 pm
Forum: Beginner Basics
Topic: Ovpn active-backup bonding not return to primary
Replies: 0
Views: 275

Ovpn active-backup bonding not return to primary

Hi, I'm trying to do full active failover between my branch office and HQ main office, mikrotiks on both side have two WANs and on this WANs are running ovpn tunnels. Now I had to do setup to prevent any failure of any WAN on both sides, no matter which WAN fail connection should switch to other, so...
by zuku
Mon Sep 11, 2017 11:40 am
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

but on this second WAN used for port forwarding this block of 16 Public IP are used only for forwarding nothing more so I don't use NAT (masquerade) on these addresses.
So should I use NETMAP or something to do 1:1 translation ?
by zuku
Fri Sep 08, 2017 7:25 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

yes I understand how it works, but wonder how could this work earlier through my linux box which was part of my mikrotik LAN subnet, it has 10.1.0.36 address, and it's own WAN and on this WAN do port forwarding even for remote subnets https://s26.postimg.org/b5r9qnrs9/Untitled_Diagram.jpg I added to...
by zuku
Fri Sep 08, 2017 5:39 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

hmm before I connected WAN2 to mikrotik this link was in my linux box which do port forwarding, and with this config where 10.1.0.1 is Mikrotik LAN GW: route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.1.0.1 eth0 route add -net 192.168.5.0 netmask 255.255.255.0 gw 10.1.0.1 eth0 iptables -t nat ...
by zuku
Fri Sep 08, 2017 2:18 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

I have access to every my remote network, problem is I think with mangle because I have only this for port forward: add action=mark-routing chain=prerouting comment="PFW WAN IN -- > WAN OUT" connection-mark=WAN1 in-interface-list=Lan+ETH5 new-routing-mark=to_WAN1 passthrough=no add action=mark-routi...
by zuku
Fri Sep 08, 2017 1:29 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

address 87.X.X.153 is one of 16 public addresses on my newly added WAN2 on mikrotik, every of this Public addresses will be redirected to my servers on LAN but also on remote ovpn subnets connected to my mikrotik. So let's say: 87.X.X.151 --> 10.1.0.140 (Mikrotik-Lan) this DST_NAT working 87.X.X.153...
by zuku
Fri Sep 08, 2017 12:48 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

life is not so simple, because new problems occurs :) when I do port forwarding on my WAN2 to my lan on mikrotik it works without problems, but when I need to do port forwarding to remote OVPN network I don't get connection: add action=dst-nat chain=dstnat dst-address=87.X.X.153 dst-port=3315 protoc...
by zuku
Thu Sep 07, 2017 4:34 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

so I think I can say that my problem is solved :D I've done this in Sob way (short version): /ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=sfp1 new-connection-mark=WAN1 passthrough=no add action=mark-connection chain=prerouting connection-mark=n...
by zuku
Wed Sep 06, 2017 11:40 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

I deleted all mangle rules, rebooted mikrotik and voila everything start working, I have ping on WAN2 this is so strange for me because everything working without any mangle and mark rules :o even port forward on WAN2 to internal lan server working so I'm asking myself if I need these rules if every...
by zuku
Wed Sep 06, 2017 8:27 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

mangle output log with src-address as WAN2 is clear I leave it couple of minutes while pinging from outside - nothing. If I remove src-address, then I have many ICMP replies but only from my ovpn tunels and my main WAN1 - SFP1, nothing about ether8 (WAN2) 19:16:34 firewall,info output: in:(none) out...
by zuku
Wed Sep 06, 2017 5:07 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

Can you do an export of your ip route as well. sure: /ip route add check-gateway=ping distance=1 dst-address=8.8.4.4/32 gateway=x.x.x.57 routing-mark=google add disabled=yes distance=1 gateway=x.x.x.245 routing-mark=from_WAN2 add disabled=yes distance=1 gateway=x.x.x.57 routing-mark=to_WAN1 add dis...
by zuku
Wed Sep 06, 2017 4:53 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

when I enable torch o WAN2 I see that something is going on here, I see my incoming connection from 83.x.x.130, but this not shows as connection mangle mark "WAN2" https://s26.postimg.org/u9p9pbos9/torch.jpg additionally I see that counters on WAN2 prerouting increasing this time, earlier I didn't h...
by zuku
Wed Sep 06, 2017 9:08 am
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

RP Filter changed to "no" or "loose" but still can't ping WAN2 IP, any "WAN2" connections marks doesn't show in mikrotik firewall connections while pinging. Remote IPSEC networks doesn't have access to my server, it's java based application on this server, application login page doesn't show for the...
by zuku
Tue Sep 05, 2017 7:23 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

Yes, link that I'm trying connect as WAN2 working for 100% I switched it to my other tp-link router and everything works there.
Now I see in IP --> setting that I have RP filter - Strict .
My IPSEC are in tunnel mode, and my OVPN tunnels have OSFP so do not have any route roules.
by zuku
Tue Sep 05, 2017 8:48 am
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

OK so I have changed setup with yours, and even rebooted mikrotik: /ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=sfp1 new-connection-mark=WAN1 passthrough=no add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether8...
by zuku
Fri Sep 01, 2017 9:02 am
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

I giving up with this, because even this first rule: add action=mark-connection chain=input connection-mark=no-mark in-interface=ether8 new-connection-mark=WAN2->ROS passthrough=no should show on firewall connections connection mark "WAN2->ROS" when I ping mikrotik to WAN2 from outside, but it didn'...
by zuku
Tue Aug 29, 2017 10:20 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

I'm done with tutorial I can't add this load balancing part: add chain=prerouting connection-mark=LAN->WAN src-address-list=LAN action=mark-routing new-routing-mark=to_WAN1 comment="Load-Balancing here" because then all my ovpn tunnels disconnecting and I loose connectivity with my remote ovpn netwo...
by zuku
Tue Aug 29, 2017 6:21 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

could anyone help me with that?
by zuku
Mon Aug 28, 2017 9:11 am
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Re: Dual wan setup troubles

I've changed my setup with this provided on Tomas Kirnak presentation: add action=mark-connection chain=input comment="WAN1 IN -- > WAN1 OUT" in-interface=sfp1 new-connection-mark=WAN1 passthrough=no add action=mark-routing chain=output connection-mark=WAN1 new-routing-mark=to_WAN1 passthrough=no ad...
by zuku
Sun Aug 27, 2017 6:05 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 4648

Dual wan setup troubles

Hi, I'm trying to add to mikrotik second WAN, because ISP gave me on this WAN link another subnet block of 16 Public IP addresses, these IP should forward for my internal services on LAN, but now I'm stuck with problem even accessing my mikrotik through this second WAN, if I figure this out then wil...
by zuku
Wed Jun 14, 2017 10:03 am
Forum: Beginner Basics
Topic: Block DST-NAT RDS Users
Replies: 10
Views: 1253

Re: Block DST-NAT RDS Users

@boldsuck it's small problem that not all my customers have public IP so I don't know every IP they have, and I have also staff members connecting to SSH services. At the beginning I had whitelist firewall rule with all safe known IP and this rule was before my firewall DST-NAT rule that allowing an...
by zuku
Tue Jun 13, 2017 8:43 pm
Forum: Beginner Basics
Topic: Block DST-NAT RDS Users
Replies: 10
Views: 1253

Re: Block DST-NAT RDS Users

I have RDS server my customers connecting to it on standard port, but I have so many scans on it and brute force attacks, so I added add to src-list and then block too many login attemps: add action=drop chain=forward disabled=yes \ dst-port=3389 log-prefix=RDP protocol=tcp src-address-list=rdp_ssh_...
by zuku
Tue Jun 13, 2017 2:13 pm
Forum: Beginner Basics
Topic: Block DST-NAT RDS Users
Replies: 10
Views: 1253

Block DST-NAT RDS Users

Hi, I have redirected RDS users to connect to non-default 3345 port to my mikrotik and then forwarded to standard port 3389 on internal RDS server. Now my question is how to block users connecting to standard 3389 and allow these connecting to changed 3345 port, because every of them finally going t...
by zuku
Wed May 31, 2017 10:18 pm
Forum: Beginner Basics
Topic: Mikrotik configuration for mail server
Replies: 12
Views: 3597

Re: Mikrotik configuration for mail server

21:10:16 firewall,info MAIL-ADM dstnat: in:sfp-sfpplus1 out:(none), src-mac 74:d0:2b:2c:24:4d, proto TCP (SYN), 10.1.1.12:51238->X.X.X.60:1005, len 52 So if connection flow would really be: LAN [sfp-sfpplus1] -> WAN [sfp1] {DST-NAT}- > DMZ [ETH5], then originating interface would be in:sfp1 [wan] ?
by zuku
Wed May 31, 2017 7:23 pm
Forum: Beginner Basics
Topic: Mikrotik configuration for mail server
Replies: 12
Views: 3597

Re: Mikrotik configuration for mail server

Sob you told me earlier that if my LAN users go to my webmail server on DMZ using FQDN so Public WAN IP, then data flow is like: LAN [sfp-sfpplus1] -> DMZ [ETH5] I can't agree with you, because when I'm trying access from LAN to webserver on DMZ to its management port let say: http://mail.mydomain.c...
by zuku
Wed May 10, 2017 8:59 pm
Forum: Beginner Basics
Topic: Mikrotik configuration for mail server
Replies: 12
Views: 3597

Re: Mikrotik configuration for mail server

if You could a look at my firewall rules, I had to give some forward drop rules e.g. Facebook, MalwareDrop,Youtube.. on top of other forward allow rules because if these were below they didn't worked: 0 ;;; block: DMZ invalid chain=forward action=drop connection-state=invalid log=no log-prefix="" 1 ...
by zuku
Tue May 09, 2017 9:31 pm
Forum: Beginner Basics
Topic: Mikrotik configuration for mail server
Replies: 12
Views: 3597

Re: Mikrotik configuration for mail server

have problems with this setup, after enabled rule: 61 chain=forward action=drop log=no log-prefix="" I have lost on connection with my remote connected IPSEC networks, so I added: 16 ;;; dmz: allow from LAN to remote networks chain=forward action=accept src-address=10.1.0.0/16 dst-address-list=Remot...
  • 1
  • 2