Community discussions

Search found 30 matches

by eduardomazolini
Sun Apr 07, 2019 9:24 pm
Forum: Forwarding Protocols
Topic: BGP instance out-filter and BGP peer out-filter
Replies: 2
Views: 1258

Re: BGP instance out-filter and BGP peer out-filter

I was with the configuration below: /routing bgp instance set default as=XXXXXX client-to-client-reflection=no disabled=yes router-id=XXX.XX.68.X add as=XXXXXX client-to-client-reflection=no name=VIVO out-filter=vivo-out router-id=XXX.XX.69.X routing-table=VIVO add as=XXXXXX client-to-client-reflect...
by eduardomazolini
Tue Mar 19, 2019 5:02 am
Forum: General
Topic: BUG dynamic=no in interface pppoe-server
Replies: 0
Views: 138

BUG dynamic=no in interface pppoe-server

Maybe dynamic is a nullable field, but is not a nomal condition for other dynamics in the system. /interface pppoe-server add name=pppoe-in1 service="" user=teste NOT WORK print where dynamic=no NOT WORK remove [find dynamic=no] WORK print where !dynamic NOT WORK remove [find !dynamic] WORK print wh...
by eduardomazolini
Wed Jan 17, 2018 2:35 am
Forum: Beginner Basics
Topic: v6.41 QuickSet can´t check NAT
Replies: 0
Views: 205

v6.41 QuickSet can´t check NAT

Hi,

I upgraded many SXT clients, in some ones NAT option on QuickSet is uncheck.
Some field technicians reported unable to check NAT options and solution is downgrade to v6.40.5.
I could not identify the similarity between cases.
Someone with the same problem?
by eduardomazolini
Mon Nov 06, 2017 12:30 pm
Forum: Scripting
Topic: Update ROS and firmware via scripting / API
Replies: 3
Views: 906

Re: Update ROS and firmware via scripting / API

Tried to do some script based update of ROS version on 100's of RB (mostly 951 and 2011). As I run /system package update install via terminal I start to see percents of upgrade progres switch is not what I need, for if I run it via telnet from remote server the connection will stay online until th...
by eduardomazolini
Tue Aug 01, 2017 7:37 pm
Forum: Scripting
Topic: Block specific URL
Replies: 4
Views: 1057

Re: Block specific URL

It's not absolutely true.
Server name is send on tls header.
But all other information are encrypted.
Search for SNI Extension to the TLS. (Server Name Identification)

Enviado de meu SM-G800H usando Tapatalk
by eduardomazolini
Thu May 18, 2017 11:07 pm
Forum: Scripting
Topic: WoL packet from WAN to LAN logging to .txt file
Replies: 1
Views: 287

Re: WoL packet from WAN to LAN logging to .txt file

Search for:
IP accounting
Trafic Flow
Pack Sniffer

Enviado de meu SM-G800H usando Tapatalk
by eduardomazolini
Tue May 09, 2017 2:50 am
Forum: Announcements
Topic: v6.39.1 [current]
Replies: 158
Views: 34718

Re: RE: Re: v6.39.1 [current]

After update RB 750 v.6.38 to 6.39.1 is di. Nothig help .......reset or hardware reset. Netinstall not help too. Blink only power light. :(
My mAP broken too

Enviado de meu SM-G800H usando Tapatalk
by eduardomazolini
Fri May 05, 2017 3:51 am
Forum: Announcements
Topic: v6.39.1 [current]
Replies: 158
Views: 34718

Re: v6.39.1 [current]

Mu backup was missing to!

Enviado de meu SM-G800H usando Tapatalk
by eduardomazolini
Fri Mar 17, 2017 12:25 pm
Forum: Scripting
Topic: How to isolate browser from download
Replies: 5
Views: 556

Re: How to isolate browser from download

Isolate by connection transmited bytes. Search on Wiki for Heavy traffic

Enviado de meu SM-G800H usando Tapatalk
by eduardomazolini
Mon Feb 27, 2017 9:16 pm
Forum: RouterOS v7
Topic: Feature request: Hotspot use SNI for HTTPS walled Garden
Replies: 4
Views: 1273

Feature request: Hotspot use SNI for HTTPS walled Garden

Today, Hotspot Walled Garden use DNS cache to pass all request to IP resolved from DNS, when HTTPS request is made. Google and Facebook use same servers for many services. Put Facebook/Google API com Walled garden is same to put all services. And is important option to disable actual DNS use for Wal...
by eduardomazolini
Mon Feb 20, 2017 6:25 pm
Forum: General
Topic: HTTPS URLs not working in hotspot walled garden
Replies: 11
Views: 3897

Re: HTTPS URLs not working in hotspot walled garden

OK but on firsts bytes. On first push packet

Enviado de meu SM-G800H usando Tapatalk
by eduardomazolini
Mon Feb 20, 2017 2:55 pm
Forum: Beginner Basics
Topic: If https url is encrypted, how walled garden allows it by regex?
Replies: 2
Views: 581

Re: If https url is encrypted, how walled garden allows it by regex?

I won't claim to understand it, but certificate is not encrypted so common name/alt name can be read from it. You're right, but mikrotik uses the DNS cache and frees everything going to a particular IP regardless of the requested hostname. I'm facing problem with this here, my provider has a google...
by eduardomazolini
Mon Feb 20, 2017 2:43 pm
Forum: General
Topic: HTTPS URLs not working in hotspot walled garden
Replies: 11
Views: 3897

Re: HTTPS URLs not working in hotspot walled garden

I understand that mikrotik cannot lookup inside the packets to see the real request destination by Host header. But the hotspot code can have an option to check the DNS resolutions (yes All DNS resolutions are being made by the mikrotik) and when there are an resolution for a name in walled garden ...
by eduardomazolini
Fri Feb 10, 2017 3:34 am
Forum: Scripting
Topic: Valid Ip in conection ppp-out 3g/4g Vivo
Replies: 11
Views: 1474

Re: RE: Ip Válido em conexao 3g vivo

Boa noite senhores, estou com problemas com ip válido, pois as operadoras estão com poucos ips disponíveis e repassam ips iniciando em 100.0.0.0 e assim o Cloud do MK não se atualiza com o IP correto e perco acesso a uma câmera IP que está rodando atrás de uma RB com ppp para a USB do Modem 3g da V...
by eduardomazolini
Wed Jan 25, 2017 10:14 pm
Forum: General
Topic: Snmp timeout when the response port route is different from the input
Replies: 0
Views: 236

Snmp timeout when the response port route is different from the input

To explain my problem I created with some RBs that I have at home a very reduced and objective scenario. Basically the problem occurs across my network where I have 2 routes. If I register on The Dude an equipment then I change my route, SNMP stops working. In the examples of the prints the commands...
by eduardomazolini
Thu Sep 29, 2016 8:42 pm
Forum: Scripting
Topic: '/interface/wireless/scan','=.id=wlan1', '=rounds=1'
Replies: 3
Views: 729

Re: '/interface/wireless/scan','=.id=wlan1', '=rounds=1'

I Use version 6.37 no secure.

Enviado de meu SM-G800H usando Tapatalk
by eduardomazolini
Thu Sep 29, 2016 8:07 pm
Forum: General
Topic: master port/bridge stop to work
Replies: 0
Views: 268

master port/bridge stop to work

Hi, I'm facing a problem that seems defect crash electric, but has occurred three times in the last month which leaves me concerned. I wonder of you will agree that it is defective. 1) In a POP: Nano -> Ominitik (PA 5.8) -> Groove (PA 2.4) All ports in bridge, Groove stopped, clients fell, but Omini...
by eduardomazolini
Thu Sep 29, 2016 4:03 pm
Forum: Scripting
Topic: '/interface/wireless/scan','=.id=wlan1', '=rounds=1'
Replies: 3
Views: 729

'/interface/wireless/scan','=.id=wlan1', '=rounds=1'

Hi, I'm writing a script to get the result scan every 5s. I use mikronode-ng but I think this is a problem RouterOS. By sending the second command CPU lock in 100% it only happens if I send the parameter "rounds". When sending =duration=3 for example it does not. I'm completely disconnecting and con...
by eduardomazolini
Mon Sep 26, 2016 6:43 am
Forum: General
Topic: DHCP Simple Queue
Replies: 10
Views: 2266

Re: DHCP Simple Queue

I do that.

http://blog.mazolini.com.br/2014/02/mik ... r.html?m=1

Enviado de meu SM-G800H usando Tapatalk
by eduardomazolini
Mon Sep 05, 2016 2:19 pm
Forum: Beginner Basics
Topic: NAT 2 router w/ BGP
Replies: 2
Views: 464

Re: NAT 2 router w/ BGP

OK I NAT only client IP, not a BGP router IP.

Enviado de meu SM-G800H usando Tapatalk
by eduardomazolini
Mon Sep 05, 2016 1:38 am
Forum: Beginner Basics
Topic: NAT 2 router w/ BGP
Replies: 2
Views: 464

NAT 2 router w/ BGP

I have 2 routers with BGP divulge one / 22 and different / 23 in each. I have one client with internal ip, I need to do NAT for specific ip. The download is the router 2, however need to upload it for the router 1. Say: 10.1.1.2 -> 203.0.113.2 I checked: / Ip settings September rp-filter = no tcp-sy...
by eduardomazolini
Sun Sep 04, 2016 4:00 pm
Forum: Scripting
Topic: Script in mikrotik to Login into public hotspot captive portal
Replies: 1
Views: 644

Re: Script in mikrotik to Login into public hotspot captive portal

Search for:
/system schedule
/tool fetch

Enviado de meu SM-G800H usando Tapatalk
by eduardomazolini
Fri Sep 02, 2016 1:39 am
Forum: Wireless Networking
Topic: Wireshark dissector
Replies: 0
Views: 381

Wireshark dissector

Using wireless sniffer I can capture 802.11 protocol over TZSP protocol.
But when NV2is active mixed among the data SSID is visible in some packets.
Someone has a dissector for NV2?

References:
http://wiki.mikrotik.com/wiki/Manual:In ... ss#Sniffer
http://wiki.mikrotik.com/wiki/Manual:Nv2
by eduardomazolini
Thu Sep 01, 2016 3:50 pm
Forum: RouterOS v7
Topic: API wireless scan
Replies: 0
Views: 727

API wireless scan

Insert Flags on result of API interface wireless scan.

Enviado de meu SM-G800H usando Tapatalk
by eduardomazolini
Fri Jul 08, 2016 6:58 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Hotspot Feature: Social Networks
Replies: 20
Views: 11978

Re: Hotspot Feature: Social Networks

Its possible I use. Facebook and Google+. Redirect clients to external php site with is previous authorized for OAUTH in this social networking. Without a server you no have url for redirect work or authorize oAuth. It's no easy but work. The easy is share some content with Facebook to have trial. E...
by eduardomazolini
Fri Jul 08, 2016 6:41 am
Forum: Scripting
Topic: Problem in HTTPS when I go to Google page
Replies: 3
Views: 777

Re: Problem in HTTPS when I go to Google page

This is HSTS is a Android Chrome fail.

Enviado de meu SM-G800H usando Tapatalk
by eduardomazolini
Mon Jul 04, 2016 8:29 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: NAT64 and DNS64
Replies: 77
Views: 24103

Re: NAT64 and DNS64

If i may jump into conversation. From what i notices MikroTik really loves when feature description is set in stone - so there are actual "Internet Standard". From what i was able to find on this topic is: a) http://tools.ietf.org/id/draft-bagnulo-behave-nat64-03.txt "This Internet-Draft will expir...
by eduardomazolini
Thu Jul 16, 2015 9:16 pm
Forum: General
Topic: Prevent direct TRIAL
Replies: 0
Views: 251

Prevent direct TRIAL

I am creating a hotspot and needed to force the user to go through my page before login. I did the redirect, but if the customer call direct GET / login?Username=T-<mac> he can access. I would like to add a token in the http header or qurey-path or use the Referer header. For this thought of using t...