Community discussions

Search found 19 matches

by okazdal
Mon Oct 16, 2017 10:44 am
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 83324

Re: RouterOS NOT affected by WPA2 vulnerabilities

Hello, thank you for rapid response with the patch.

But I'm not seeing 6.39.3 as available update for my router.
It just shows v6.39.2 (stable) as current version, and no packages are available at auto-upgrade section. Is there a reason?
Hi,
6.39.3 is on bugfix channel.

Osman Kazdal
by okazdal
Thu Apr 06, 2017 2:10 pm
Forum: General
Topic: Game NAT issues on routed public IP connections
Replies: 14
Views: 616

Re: Game NAT issues on routed public IP connections

Hi,
This means you do not have any NAT rule on your router.
by okazdal
Thu Apr 06, 2017 10:10 am
Forum: General
Topic: Game NAT issues on routed public IP connections
Replies: 14
Views: 616

Re: Game NAT issues on routed public IP connections

Hi,
Can you export your NAT table and paste the output here?

/ip firewall nat export
by okazdal
Wed Apr 05, 2017 3:25 pm
Forum: Beginner Basics
Topic: Need a clarification on capsman local forwarding
Replies: 4
Views: 947

Re: Need a clarification on capsman local forwarding

Hi,

1. Yes, I think it will apply to both. LAN transfer might use more cpu though.
2. In that case, I would use CAPsMAN forwarding. It is much simpler with CAPsMAN forwarding.

Osman
by okazdal
Wed Apr 05, 2017 2:53 pm
Forum: Beginner Basics
Topic: Need a clarification on capsman local forwarding
Replies: 4
Views: 947

Re: Need a clarification on capsman local forwarding

Hi, Consider this setup: MikroTik gateway - CAPsMAN running --------------- AP ------------- DSL modem for some special connection I have 2 subnets on main MikroTik gateway. Both MikroTik gateway and DSL modem have internet. But, I want to use DSL for some special needs. I want to setup 3 different ...
by okazdal
Wed Apr 05, 2017 2:35 pm
Forum: Wireless Networking
Topic: Connect hosts from different subnets
Replies: 8
Views: 435

Re: Connect hosts from different subnets

Hi, First, disable (carefully) all firewall forward rules and try pinging. If it is working, I am just guessing here, just add following two rules above of your forward rule /ip firewall filter add action=drop chain=forward connection-nat-state="" connection-state=invalid add action=accept chain=for...
by okazdal
Wed Apr 05, 2017 2:27 pm
Forum: General
Topic: Game NAT issues on routed public IP connections
Replies: 14
Views: 616

Re: Game NAT issues on routed public IP connections

Hi,
I have two questions:
- Are PPPoE client devices MikroTik?
- What do you have on your main router on your NAT table?

Osman
by okazdal
Wed Mar 29, 2017 2:40 pm
Forum: Forwarding Protocols
Topic: What does /ip route vrf really do?
Replies: 13
Views: 2674

Re: What does /ip route vrf really do?

Hi,
VRF means Virtual Routing and Forwarding. It is one of the main services that you can use with MPLS.
There is very good documentation about it on wiki.
https://wiki.mikrotik.com/wiki/Manual:V ... Forwarding
by okazdal
Fri Mar 24, 2017 9:51 am
Forum: General
Topic: WAN interface bandwidth is greater than LAN interface
Replies: 1
Views: 283

Re: WAN interface bandwidth is greater than LAN interface

Hi,
You should analyse the traffic. From what you explained, it sounds like there might be an attack on your router.
- You should filter and drop all unnecessary traffic from your WAN.
- Check Tools -> Profile to see how your CPU utilisation is.

Osman Kazdal
by okazdal
Fri Mar 24, 2017 9:34 am
Forum: Forwarding Protocols
Topic: 2 WAN UP-Links
Replies: 10
Views: 637

Re: 2 WAN UP-Links

Hi, If you want LAN1 to use WAN1 and LAN2 to use WAN2, you should configure policy routing. https://wiki.mikrotik.com/wiki/Policy_Base_Routing If you want to configure load balancing, RouterOS has many load balancing methods, I would suggest PCC. https://wiki.mikrotik.com/wiki/Manual:PCC Osman Kazdal
by okazdal
Fri Mar 24, 2017 9:05 am
Forum: General
Topic: Mikrotik in enterprise company
Replies: 6
Views: 826

Re: Mikrotik in enterprise company

Hello, We are a consulting company from Turkey. We have customers from very different sectors, banks, global electronics manufacturers, universities, ISPs, etc... We use MikroTik routers with all of them. We use it mainly as firewall and hotspot. We use CAPsMAN as WiFi controller. In a university, w...
by okazdal
Thu Mar 23, 2017 3:50 pm
Forum: General
Topic: Maltrail + Mikrotik (IDS)
Replies: 10
Views: 1186

Re: Maltrail + Mikrotik (IDS)

Hi,
I think you should download trafr from http://mikrotik.com/download
by okazdal
Thu Mar 23, 2017 2:27 pm
Forum: General
Topic: Maltrail + Mikrotik (IDS)
Replies: 10
Views: 1186

Re: Maltrail + Mikrotik (IDS)

Hi, I quickly checked out Maltrail documentation. I think you should set up a mirror port and connect your sensor to that port. Streaming will not help you. Streaming uses tzsp format to send traffic data. Check out https://wiki.mikrotik.com/wiki/Ethereal/Wireshark Maybe you can use streaming with t...
by okazdal
Thu Mar 23, 2017 2:13 pm
Forum: Beginner Basics
Topic: DHCP Server
Replies: 5
Views: 277

Re: DHCP Server

Hi again, You can see them all on IP -> Neighbors window. But Sob's way is easier. There is also much better way, assuming your access points are all MikroTik, just implement CAPSMAN, this way you don't even need to set IP addresses on your access points and you can manage updates and all wireless c...
by okazdal
Thu Mar 23, 2017 1:28 pm
Forum: Beginner Basics
Topic: DHCP Server
Replies: 5
Views: 277

Re: DHCP Server

Hello,
This is totally normal. You should add arp entries for all 9 access points manually on your IP -> Arp table.
Just find out their MAC addresses and add necessary ARP entries.

Osman Kazdal
by okazdal
Thu Mar 23, 2017 11:48 am
Forum: Beginner Basics
Topic: Firewall question
Replies: 12
Views: 993

Re: Firewall question

Hi, First of all, chain input is to protect the router itself and chain forward is to protect your clients / servers. You do not need "Drop DNS queries from WAN" rule if you have "Drop everything else" rule. But be careful about dropping everything since you might lose layer 3 connectivity to the ro...
by okazdal
Thu Mar 23, 2017 11:04 am
Forum: General
Topic: Transparent firewall
Replies: 5
Views: 514

Re: Transparent firewall

Hi again, I would suggest you watch MUM presentations by Tom Smyth and Wardner Maia. Their presentations are a great start to give you pointers and ideas about what you should do against DDoS. Below are the links to their presentations. I think you can also find videos. https://mum.mikrotik.com//pre...
by okazdal
Wed Mar 22, 2017 5:11 pm
Forum: Beginner Basics
Topic: LAN Speed
Replies: 8
Views: 461

Re: LAN Speed

Hello, You should check if Simple Queues are limiting your connection speed. You can do so by checking traffic tab in your simple queue configuration. If so, you should add one more simple queue with target and destination addresses and give a higher limit, possibly 1000Mbps. Try to create a new sim...
by okazdal
Wed Mar 22, 2017 2:05 pm
Forum: General
Topic: Transparent firewall
Replies: 5
Views: 514

Re: Transparent firewall

Hello, You can have MikroTik work as a layer 3 stateful firewall. And I must add it is a very good stateful firewall. I have many customers who replaced their Cisco ASA with a CCR MikroTik router. DDOS and intrusion prevention depends on the kind of the attack. You have very good tools to fight agai...