Community discussions

MikroTik App

Search found 29 matches

by hobbes1069
Mon Feb 10, 2020 12:37 am
Forum: General
Topic: Slow LAN-to-WAN with CRS125-24G-1S
Replies: 1
Views: 571

Slow LAN-to-WAN with CRS125-24G-1S

I've been using my CRS125-24G-1S for a few years now and I was usually getting up to 64Mbps but recently it's dropped to 30-40Mbps. I had not changed anything in my configuration. I tried updating to the latest firmware (currently 6.46.2) with no change. I now added FastTrack and can get up to 125Mb...
by hobbes1069
Sun Apr 29, 2018 3:30 pm
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2849

Re: Getting Plex to play nice with firewall rules

Ok, Plex is completely frustrating... I gave up last night and now that I'm sitting here drinking my morning coffee everything decided to work including my iPhone when I didn't change anything... I think a lot of this has to do with the Plex side and perhaps waiting for tokens to update or something...
by hobbes1069
Wed Apr 25, 2018 9:41 pm
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2849

Re: Getting Plex to play nice with firewall rules

But how then does IP NAT rule work if one wants to limit external IP address or addresses (by list if more than one) to access the LAN Server (port(s)?? Do we need a separate FW rule on the forward chain? In other threads it seems to be indicated that we can simply specific the source address(es) i...
by hobbes1069
Wed Apr 25, 2018 12:19 am
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2849

Re: Getting Plex to play nice with firewall rules

Thanks, that helps. I had done some more (re)reading and was begging to come to that conclusion. So basically, for my simple SOHO router situation, a packet is either destined for the router itself (ping, port scan attempts, etc) which "input" would apply to, or it's dst-nat'ed in which case the "fo...
by hobbes1069
Mon Apr 23, 2018 2:15 am
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2849

Re: Getting Plex to play nice with firewall rules

That helps a little bit, but I'm basically running a home/SOHO network so I have one WAN interface (port 24) and everything else is internal or "switched" so for my particular setup it sounds like my assertion is correct.

Thanks,
Richard
by hobbes1069
Mon Apr 23, 2018 1:57 am
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2849

Re: Getting Plex to play nice with firewall rules

I think part of what's confusing to people is when to use chain=input and when to use chain=forward because I see similar rules with both. I know it's very complicated and the pictures make it worse not better :) So when does NAT apply? So is it really going through the firewall twice? Once for the ...
by hobbes1069
Mon Apr 23, 2018 12:27 am
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2849

Re: Getting Plex to play nice with firewall rules

I was having problems with the router bogging down and stop accepting connections so I reverted to a known good configuration: Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Accept established connection packets chain=input action=accept connection-state=established log=no log-prefix="" 1 ;;; A...
by hobbes1069
Sun Apr 22, 2018 8:24 pm
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2849

Re: Getting Plex to play nice with firewall rules

I think the fault seems to be with Plex. When I click "retry" after making a chance it always fails, but if I reload Plex from the web browser it shows green and I have been able to stream a movie to my phone after turning off wifi. That fixes that problem but I would still like to understand better...
by hobbes1069
Sun Apr 22, 2018 7:51 pm
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2849

Re: Getting Plex to play nice with firewall rules

The NAT part is pretty straightforward. I have dstnat set on a non-standard port forwarding to my server on 32400.

Thanks,
Richard
by hobbes1069
Sun Apr 22, 2018 6:08 pm
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2849

Getting Plex to play nice with firewall rules

I've been working for hours this morning to get Plex available from the internet. I've googled a ton, and what I figured out is that even with NAT working correctly some packets are being dropped that it needs to work. I briefly had success when I added a rule for connection-nat-state=dstnat in fron...
by hobbes1069
Fri Feb 16, 2018 5:37 pm
Forum: Scripting
Topic: DynDNS script that works!!! (without using the legacy GET method) [SOLVED]
Replies: 0
Views: 1152

DynDNS script that works!!! (without using the legacy GET method) [SOLVED]

I have pieced together a working script but I'm sure it could still use some improvement. It uses the recommended https method[1] instead of the legacy http method so not only are you not transmitting your password in plain text, but it uses an API token which only allows update of the IP address. I...
by hobbes1069
Fri Feb 16, 2018 5:33 pm
Forum: Scripting
Topic: Can't find the error
Replies: 2
Views: 356

Re: Can't find the error

THANK YOU!

That got it.
by hobbes1069
Fri Feb 16, 2018 3:32 pm
Forum: Scripting
Topic: Can't find the error
Replies: 2
Views: 356

Can't find the error

I have an almost working script that updates the IP for Dyndns using the https method instead of the legacy http method. It also uses an API token instead of your password. The problem is there's some sort of error I can't figure out. /system script print highlights the brace in front of the last el...
by hobbes1069
Wed Feb 14, 2018 11:14 pm
Forum: Scripting
Topic: DynDNS script that works?
Replies: 8
Views: 7653

Re: DynDNS script that works?

I've gotten it work EXCEPT I'm getting some kind of syntax error I can't track down in the last if/else statement... ### Settings ### :global ddnsuser <username> :global ddnstoken "<token>" :global ddnshost <fqdn> :global theinterface "<wan-interface>" ### Script Begins ### :global ipfresh [ /ip add...
by hobbes1069
Mon Feb 12, 2018 6:48 pm
Forum: Scripting
Topic: DynDNS script that works?
Replies: 8
Views: 7653

Re: DynDNS script that works?

I'm also trying to use the new URL method with https rather than http for two reasons, it uses a token instead of my actual password and it's encrypted... I don't know why this didn't work from the script but by hand I finally found a method that works: /tool fetch url="https://<user>:<token>@member...
by hobbes1069
Thu Feb 08, 2018 10:44 pm
Forum: Scripting
Topic: DynDNS script that works?
Replies: 8
Views: 7653

DynDNS script that works?

I've googled the heck out of this problem and none of the scripts I've found from the forums or the wiki seem to work. I've tried just about eveything I can think of and it seems no matter what I try the result is "404 Not Found" yet I've gotten curl and wget to work from my linux box. My working th...
by hobbes1069
Wed Jan 06, 2016 4:06 pm
Forum: General
Topic: Large bandwidth usage upstream on idle
Replies: 7
Views: 894

Re: Large bandwidth usage upstream on idle

I would expect to see at least some sort of warning here, but the documentation is very sparse, especially around the "allow remote requests" option. http://wiki.mikrotik.com/wiki/Manual:IP/DNS Now that I know what to search for I can find several instances of this problem/question on the mikrotik f...
by hobbes1069
Wed Jan 06, 2016 5:36 am
Forum: General
Topic: Large bandwidth usage upstream on idle
Replies: 7
Views: 894

Re: Large bandwidth usage upstream on idle

I'm very glad I found this thread, apparently I've chewed up 270GB of my 300GB Comcast internet in about 6 days... I guess the family will be playing with wood blocks for the rest of the month. Why does this happen? I understand that this is a fairly complicated piece of equipment but the documentat...
by hobbes1069
Sun Aug 23, 2015 10:58 pm
Forum: Beginner Basics
Topic: All port-forwarded SSH connections appear to be coming from the router, not the originating IP
Replies: 8
Views: 858

Re: All port-forwarded SSH connections appear to be coming from the router, not the originating IP

Ok, just got back from a 3 day canoe trip so I could implement your suggestion. I went ahead and made port 24 "ether24-wan" so I didn't have to change the master port. Swapped the DNS client to that interface and change the Firewall NAT masquerade to that interface an now everything seems to be work...
by hobbes1069
Sat Aug 22, 2015 12:39 am
Forum: Beginner Basics
Topic: All port-forwarded SSH connections appear to be coming from the router, not the originating IP
Replies: 8
Views: 858

Re: All port-forwarded SSH connections appear to be coming from the router, not the originating IP

Ok, that makes me feel a bit better. Now, if I keep ether1 as master then I have to change ether2 to none and then have 3-24 master off of ether2. Is there a shorthand way of doing this through the CLI? Or I can move the WAN connection to port 24 like I was planning on before I found out it defaulte...
by hobbes1069
Fri Aug 21, 2015 9:24 pm
Forum: Beginner Basics
Topic: All port-forwarded SSH connections appear to be coming from the router, not the originating IP
Replies: 8
Views: 858

Re: All port-forwarded SSH connections appear to be coming from the router, not the originating IP

Ok, I think I'm starting to understand the problem but don't want to experiment with changing settings until I understand. My assumption (which may very well be bad) is that QuickSet at least knows what it's doing. I used it to get an IP from my Comcast cable modem and set the internal address to 19...
by hobbes1069
Fri Aug 21, 2015 7:04 pm
Forum: Beginner Basics
Topic: All port-forwarded SSH connections appear to be coming from the router, not the originating IP
Replies: 8
Views: 858

Re: All port-forwarded SSH connections appear to be coming from the router, not the originating IP

Dstnat only changes destination address and srcnat changes source address. If you have just those two NAT rules you posted and no others, source address will be changed only if packet goes out through ether1-master-local. But from your dstnat rule, ether1-master-local looks more like WAN, so packet...
by hobbes1069
Fri Aug 21, 2015 1:37 am
Forum: Beginner Basics
Topic: All port-forwarded SSH connections appear to be coming from the router, not the originating IP
Replies: 8
Views: 858

Re: All port-forwarded SSH connections appear to be coming from the router, not the originating IP

Ok, I guess it's worth braking this down into two issues: 1. How do I get it to act like a regular stand alone router so the originating IP get's passed to the internal server. 2. The 75.64.26.0/23 destination setting is my attempt to not have to worry about Comcast changing my IP and not having to ...
by hobbes1069
Thu Aug 20, 2015 9:59 pm
Forum: Beginner Basics
Topic: All port-forwarded SSH connections appear to be coming from the router, not the originating IP
Replies: 8
Views: 858

All port-forwarded SSH connections appear to be coming from the router, not the originating IP

Pre-story: I was going crazy trying to figure out why when I was setting up port forwarding just like the wiki was showing that I could sometimes remote ssh in and other times the connection was refused until on a whim I decided to look at my fail2ban log. I use fail2ban on the only computer I allow...
by hobbes1069
Tue Aug 18, 2015 4:04 pm
Forum: Beginner Basics
Topic: Trying to port forwarded ssh (port 22) to a NAT'd computer exactly like example, but it doesn't work.
Replies: 3
Views: 394

Re: Trying to port forwarded ssh (port 22) to a NAT'd computer exactly like example, but it doesn't work.

But I still can't ssh out or get to the router....
Never mind... It looks like sourceforge svn+ssh access is down right now.

Thanks,
Richard
by hobbes1069
Tue Aug 18, 2015 5:34 am
Forum: Beginner Basics
Topic: Trying to port forwarded ssh (port 22) to a NAT'd computer exactly like example, but it doesn't work.
Replies: 3
Views: 394

Trying to port forwarded ssh (port 22) to a NAT'd computer exactly like example, but it doesn't work.

I am trying to forward port 22 to a local computer (192.168.0.2) and I'm following the example, http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Port_mapping.2Fforwarding pretty much to a T but not only does it not work on incomming connections but it breaks ssh'ing to the switch from inside. [a...
by hobbes1069
Sun Aug 16, 2015 4:41 pm
Forum: Beginner Basics
Topic: CRS125-24G-1S: Changing ether1 (Internet) MAC from Quick Set causes local connection to fail
Replies: 3
Views: 826

CRS125-24G-1S: Changing ether1 (Internet) MAC from Quick Set causes local connection to fail

I'm trying to setup my new CRS125-24G-1S-RM up as a SOHO router+switch. I currently have a spare laptop connected to port 2 to do Webfig since I run linux and I don't really need much in the way of advanced configuration. When trying to setup things using the Quick Set option I found that if I leave...