Community discussions

MUM Europe 2020

Search found 57 matches

by tslytsly
Thu May 16, 2019 3:30 pm
Forum: Beginner Basics
Topic: Direct specific content through VPN
Replies: 4
Views: 378

Re: Direct specific content through VPN

You could mark based on TLS SNI. Do this in the mangle pre-routing chain like this (note the passthrough for the first rule): /ip firewall mangle add action=mark-connection chain=prerouting comment="First mark based on TLS SNI" connection-mark=no-mark new-connection-mark=RouteViaVPN passthrough=yes ...
by tslytsly
Sat Jan 19, 2019 11:35 am
Forum: General
Topic: How to mark packets going from router itself
Replies: 14
Views: 2006

Re: How to mark packets going from router itself

Thanks, added this rule, but now we are unable to connet to the router from LAN (only via MAC address).
Hmm, that didn't happen on mine.

Remove this
dst-address-type=!local 
And put
dst-address!=<yourLANIPrange>
by tslytsly
Sat Jan 19, 2019 11:11 am
Forum: General
Topic: How to mark packets going from router itself
Replies: 14
Views: 2006

Re: How to mark packets going from router itself

Something like this:
add action=mark-routing chain=output comment="Mark Output From Router that is not local" dst-address-type=!local new-routing-mark=TestRoute passthrough=yes
by tslytsly
Sat Jan 19, 2019 10:45 am
Forum: General
Topic: How to mark packets going from router itself
Replies: 14
Views: 2006

Re: How to mark packets going from router itself

You can do this in /ip firewall mangle

You need an output chain rule.
In the advanced tab specify connection type is not local.
This will only apply to the router itself. Output is only for traffic originating in the router.
I would post code, but on a mobile.
by tslytsly
Wed Apr 25, 2018 10:56 am
Forum: RouterBOARD hardware
Topic: wAP LTE kit and Vodafone sim [Solved]
Replies: 1
Views: 1274

Re: wAP LTE kit and Vodafone sim

Oh dear...
Turns out that this was because the wAP had no signal...

Lesson learned.
Anyway, it would be nice if the unit had a signal strength meter...
by tslytsly
Tue Apr 24, 2018 6:31 pm
Forum: RouterBOARD hardware
Topic: wAP LTE kit and Vodafone sim [Solved]
Replies: 1
Views: 1274

wAP LTE kit and Vodafone sim [Solved]

Hi all, I have followed the quick start for LTE in the manual and the modem seems to be talking to the network. But I am not getting an IP and the interface is not "running" Any help would be appreciated. (This is on 6.42.1) LTE info output: pin-status: no password required functionality: full manuf...
by tslytsly
Thu Dec 08, 2016 10:27 am
Forum: Beginner Basics
Topic: port forwarding
Replies: 17
Views: 1758

Re: port forwarding

This: Destination address if you have a static IP from your ISP Or In Interface and choose your wan interface as the traffic is coming in on that interface. If you are going to specify the interface you need to use in-interface= this is because you want to translate traffic arriving in your WAN inte...
by tslytsly
Wed Dec 07, 2016 8:44 pm
Forum: General
Topic: input drop all rule - moved by accident!!
Replies: 18
Views: 2879

Re: input drop all rule - moved by accident!!

update:

However, I tried a tripp-lite USB to Rj45 console cable -- this doesnt appear to work for console? Nothing displays, baud 9600
default baud is 115200 on Mikrotik
by tslytsly
Wed Dec 07, 2016 8:40 pm
Forum: General
Topic: RouterOS DHCP and windows clients
Replies: 7
Views: 1095

Re: RouterOS DHCP and windows clients

Do you have a switch connected to router and devices connected to said switch? I've had this issue with MAC & windows PC -- was a switch and the POE autonegotiate issue, took longer for link to establish and acquire the IP address. Was even happening with Fortigate router. yes at work, no for home....
by tslytsly
Wed Dec 07, 2016 6:34 pm
Forum: General
Topic: input drop all rule - moved by accident!!
Replies: 18
Views: 2879

Re: input drop all rule - moved by accident!!

Just had to say that I'm proud to have ninja'd 2 posts! :lol:
by tslytsly
Wed Dec 07, 2016 6:31 pm
Forum: General
Topic: input drop all rule - moved by accident!!
Replies: 18
Views: 2879

Re: input drop all rule - moved by accident!!

access via console... its a RB2011 device

There is a Mini USB port in front, can connect with mini-usb and use terminal?

Idea's?
RB2011's have an RJ45 Cisco type serial connection.
by tslytsly
Wed Dec 07, 2016 6:23 pm
Forum: General
Topic: input drop all rule - moved by accident!!
Replies: 18
Views: 2879

Re: input drop all rule - moved by accident!!

Hi Toxicfusion,

I'm afraid that you will likely have to go to site and connect via console cable.

This is why the Safe Mode is so good....
by tslytsly
Wed Dec 07, 2016 5:40 pm
Forum: General
Topic: RouterOS DHCP and windows clients
Replies: 7
Views: 1095

Re: RouterOS DHCP and windows clients

Post output of: /ip dhcp-server export OK, this is the CCR: # dec/07/2016 15:35:36 by RouterOS 6.36 # software id = TXJ8-U3VA # /ip dhcp-server add address-pool=client_dhcp_pool disabled=no interface=client lease-time=3d \ name=client_dhcp /ip dhcp-server option add code=121 name=classlessRoute val...
by tslytsly
Wed Dec 07, 2016 3:49 pm
Forum: General
Topic: RouterOS DHCP and windows clients
Replies: 7
Views: 1095

Re: RouterOS DHCP and windows clients

Maybe this error is not MikroTik related. Maybe it is MS fault: https://answers.microsoft.com/en-us/windows/forum/windows_10-networking/dhcp-pcs-are-not-getting-an-ip-unless-i/09d7a4d3-e7a0-4406-b041-7f068923d2cd Hmm, could be. I will keep an eye on that forum topic. However I'm sure I tried a /rel...
by tslytsly
Tue Dec 06, 2016 4:58 pm
Forum: General
Topic: Why is only the first public IP working on my RB?
Replies: 5
Views: 795

Re: Why is only the first public IP working on my RB? [Solved]

Thanks for your feedback tslytsly. I am thinking that by some weird bug or other problem Winbox was showing me the incorrect (or old) rule order and that the rule order was indeed wrong with the masquerade rule being above src-nat. No problem. If you were testing from another internal host then it ...
by tslytsly
Tue Dec 06, 2016 11:57 am
Forum: General
Topic: Why is only the first public IP working on my RB?
Replies: 5
Views: 795

Re: Why is only the first public IP working on my RB?

Got it. You need to have BOTH of these in the masquerade rule: add action=masquerade chain=srcnat out-interface=ether1-gateway \ src-address=!192.168.1.2 dst-address=!192.168.1.2 I thought the NAT table also has a rule priority like the Filer list but it doesn't. Doh! Hi sveno, NAT table does have ...
by tslytsly
Mon Dec 05, 2016 9:06 pm
Forum: General
Topic: RouterOS DHCP and windows clients
Replies: 7
Views: 1095

RouterOS DHCP and windows clients

Hi all, I'm noticing some odd behaviour with the DHCP server on RouterOS. At work we have a CCR1009-8G-1S-1S+ on software version 6.36. this acts as the DHCP server for all our networks. It seems that in the last few months different clients, all windows 7 or higher, get a bad config from the server...
by tslytsly
Mon Dec 05, 2016 3:24 pm
Forum: Beginner Basics
Topic: MicroTik RB951G-2HnD port forwarding
Replies: 5
Views: 1093

Re: MicroTik RB951G-2HnD port forwarding

It worked! Thanks. Of course I believe the problem was not just the firewall rule but also dst-address-list as "tslytsly" said, because bdfore I created this thread I tried removing all firewall drop rules and it didn't work. Right now all the drop rules are enabled including that "drop all from WA...
by tslytsly
Mon Dec 05, 2016 10:25 am
Forum: Beginner Basics
Topic: port forwarding
Replies: 17
Views: 1758

Re: port forwarding

chain=dstnat action=dst-nat to-addresses=my ip4 to-ports=1334 protocol=tcp dst-port=1334 log=no log-prefix="" and chain=dstnat action=dst-nat to-addresses=my ip4 to-ports=1337 protocol=tcp dst-port=1337 log=no log-prefix="" OK, make sure you specify which interface the traffic will arrive in, so in...
by tslytsly
Mon Dec 05, 2016 10:21 am
Forum: General
Topic: VoIP call causes extreme lag
Replies: 12
Views: 1613

Re: VoIP call causes extreme lag

@tslytsly I was pinging from the router itself to 8.8.8.8, and the delay was same way measurable on WAN port. Upstream then? My ISP? What I could try is to connect out on VPN and see if the issue persists over that. If, in your Wireshark capture, the pings show as arriving very delayed, then yes th...
by tslytsly
Fri Dec 02, 2016 6:46 pm
Forum: General
Topic: VoIP call causes extreme lag
Replies: 12
Views: 1613

Re: VoIP call causes extreme lag

OK I've checked it, packet sniffer to wireshark, and seemingly there is nothing out of order. I can see the call being established, SRTP packets with sequence rising both ways throughout the call, even when the ping to external server is already times out. Only thing around the time when the lag be...
by tslytsly
Fri Dec 02, 2016 3:56 pm
Forum: Beginner Basics
Topic: port forwarding
Replies: 17
Views: 1758

Re: port forwarding

Flags: X - disabled, I - invalid, D - dynamic 0 ;;; allow NAT'd traffic chain=forward action=accept connection-nat-state=dstnat log=no log-prefix="" there u go hope u can help me Hmm, that looks ok. And if it is the only rule then it would work anyway because ROS is default accept. Can you do that ...
by tslytsly
Fri Dec 02, 2016 3:10 pm
Forum: Beginner Basics
Topic: port forwarding
Replies: 17
Views: 1758

Re: port forwarding

If you are using winbox you can open a terminal and export bits of the config with the print command. On the left side if Winbox, under Tools you should see New Terminal, click this. in the terminal window that opens type: ip firewall filter print this will output something like this in the terminal...
by tslytsly
Fri Dec 02, 2016 1:20 pm
Forum: Beginner Basics
Topic: port forwarding
Replies: 17
Views: 1758

Re: port forwarding

yi already done that but sadly it gave me same result so i did i do something wrong so this is my rule chain dst nat dst port 1337 action dst nat to port 1337 to addres my ip4 addres Hmm, can you please paste the output of: ip firewall filter print Make sure to delete or obscure any private data.
by tslytsly
Fri Dec 02, 2016 12:00 pm
Forum: Beginner Basics
Topic: MicroTik RB951G-2HnD port forwarding
Replies: 5
Views: 1093

Re: MicroTik RB951G-2HnD port forwarding

Agree with Ty, the last filter rule is already dropping all that isn't NAT'd. Also this bit: dst-address-list=5.160.39.58 from your NAT rules seems wrong: add action=dst-nat chain=dstnat dst-address-list=5.160.39.58 dst-port=7020 \ in-interface=ether1 protocol=tcp to-addresses=192.168.1.21 to-ports=...
by tslytsly
Fri Dec 02, 2016 11:53 am
Forum: Beginner Basics
Topic: RB750GL, Home Automation, & Apple TV Issue
Replies: 5
Views: 735

Re: RB750GL, Home Automation, & Apple TV Issue

Hi not1337 and welcome to Mikrotik!

It's hard to give you any definite answers on this, however it's unlikely to be the router since I assume the Apple TVs are disappearing on the local network?
Assuming you aren't using multiple LANs the router will not be involved in this communication.
by tslytsly
Fri Dec 02, 2016 11:49 am
Forum: Beginner Basics
Topic: port forwarding
Replies: 17
Views: 1758

Re: port forwarding

Hi derell
Don't forget to add a filter rule to allow the traffic:
ip firewall filter add chain=forward connection-nat-state=dstnat action=accept comment="allow NAT'd traffic" disabled=no
hope that helps.
by tslytsly
Fri Dec 02, 2016 9:55 am
Forum: Beginner Basics
Topic: Port forwarding
Replies: 3
Views: 764

Re: Port forwarding

You can check this link.
This is a good link, but don't forget to do an accept rule for the traffic in the filter section:
ip firewall filter add connection-nat-state=dstnat action=accept
by tslytsly
Fri Dec 02, 2016 9:49 am
Forum: General
Topic: VoIP call causes extreme lag
Replies: 12
Views: 1613

Re: VoIP call causes extreme lag (wtf?)

Are you saying that my SIP server may be DoSing me? That makes perfect sense, I'll create a rule to see that. What would you recommend? Netflow and wireshark? Or just log the firewall drops? I would start with a packet sniffer capture of the WAN interface when you get the slow down. This will show ...
by tslytsly
Thu Dec 01, 2016 4:49 pm
Forum: General
Topic: VoIP call causes extreme lag
Replies: 12
Views: 1613

Re: VoIP call causes extreme lag (wtf?)

Hi,
Really need a capture of your WAN interface to diagnose this.

For instance, it could be that not all the SIP traffic is successfully traversing the firewall, causing many re-transmissions which are hitting the firewall.
This is unlikely, but possible depending on your SIP server setup.
by tslytsly
Tue Jul 05, 2016 11:01 am
Forum: Beginner Basics
Topic: Hard time getting any port fowarding to work
Replies: 9
Views: 1678

Re: Hard time getting any port fowarding to work

No problem ricotrevisan,
Not sure it should be stickied, the grammar is terrible! (But I cannot be bothered to edit it  :lol:)

If you get chance to uprate the post for me that would be great, thanks.

tslytsly
by tslytsly
Mon Jul 04, 2016 7:00 pm
Forum: Beginner Basics
Topic: Hard time getting any port fowarding to work
Replies: 9
Views: 1678

Re: Hard time getting any port fowarding to work

Thanks for this. So is this correct that to do a proper port forward I need to: - add port in first tab "Filter Rules" - add NAT forwarding destination address and port ? I thought on the NAT rule would suffice, but I need both. What a long night to figure this one out. Hi ricotrevisan, Yes you do ...
by tslytsly
Mon Jul 04, 2016 6:01 pm
Forum: Beginner Basics
Topic: PPTP traffic not triggering firewall rule???
Replies: 4
Views: 849

Re: PPTP traffic not triggering firewall rule???

Hi guys, I am sorry to ask such a stupid question but I am really lost and have absolutely no clue why it happens.... :-D I am running a PPTP server using address pool 192.168.3.5-10 for the pptp clients. The local address of the pptp server interface is 192.168.3.1, dns is 192.168.3.1. There is a ...
by tslytsly
Fri Feb 19, 2016 11:28 am
Forum: Scripting
Topic: strange problem importing rsc script
Replies: 6
Views: 3558

Re: strange problem importing rsc script

Notepad++ will/should be your friend :-)
Actually I already use it for everything.
I even have a custom style for RouterOS so rsc files look like the terminal.. 8)

in this case Notepad++ didn't show the medium shade characters.
by tslytsly
Wed Feb 17, 2016 4:36 pm
Forum: Scripting
Topic: strange problem importing rsc script
Replies: 6
Views: 3558

Re: strange problem importing rsc script

That was it!
I never even considered the text encoding, it seems vb.net uses UTF-8 by default.
I just had to force it to write the script using ASCII.

Thanks BartoszP

tslytsly
by tslytsly
Wed Feb 17, 2016 4:11 pm
Forum: Scripting
Topic: strange problem importing rsc script
Replies: 6
Views: 3558

Re: strange problem importing rsc script

They could be spaces, tabs or other nonvisible characters as "hardspace" or ... you have edited and copied script as UTF-8 file and then strange chars come from UTF coding. My advice: Copy scripts from Winbox to "stupid" NotePad and then look for nonstandard characters. Remove them and copy the scr...
by tslytsly
Wed Feb 17, 2016 3:10 pm
Forum: Scripting
Topic: strange problem importing rsc script
Replies: 6
Views: 3558

strange problem importing rsc script

Hi all, I have been designing a simple program that generates a script file to be imported in to a fully reset (i.e. no defaults) Mikrotik router. However when I try to import the rsc file generated by the program I get this error: expected command name (line 1 column 1) I don't know why, when I cop...
by tslytsly
Thu Nov 19, 2015 12:52 pm
Forum: Beginner Basics
Topic: [SOLVED] The most simple /29 configuration
Replies: 9
Views: 1296

Re: The most simple /29 configuration

Very detailed and helpful. Thanks so much for taking the time guys! My router's finally all set up now.
No problem, if you found our posts useful please rate them positive! :-D

Also, you might want to edit the title of this thread and add [SOLVED] for the benefit of future generations!

:)
by tslytsly
Tue Nov 17, 2015 5:18 pm
Forum: Beginner Basics
Topic: Continually down and up eth1 wan
Replies: 4
Views: 1111

Re: Continually down and up eth1 wan

Hi, Can you help me out with my problem, the thing is that I continually get down and up eth1 my wan port. Sometimes after many times of down&up remains down and I have to physically reconnect the cable (cat 5e, 115meters). http://i.imgur.com/606YtF1.jpg Thanks for your assistance Hi, 115 meters is...
by tslytsly
Tue Nov 17, 2015 5:15 pm
Forum: Beginner Basics
Topic: WAN IP Change -> Forwarded Ports Connection Failure
Replies: 2
Views: 464

Re: WAN IP Change -> Forwarded Ports Connection Failure

Hey all, recently had to configure a static IP for WAN interface, and in the process of doing so, lost connectivity to items that had port forwarding configured. What would cause this? Using WinBox for config. Hi, there are a few things that could have caused this. First does your new config use a ...
by tslytsly
Tue Nov 17, 2015 4:54 pm
Forum: Beginner Basics
Topic: Port Forward to my VPN Server not working
Replies: 2
Views: 787

Re: Port Forward to my VPN Server not working

My setup: Comcast Modem (not a router)--> RB2011 (6.33)-->switch-->VPN Server (192.168.1.141) I cannot get port forwarding to work. I need to forward ports 444 tcp and 1194 udp. I followed this guide: http://www.icafemenu.com/how-to-port-forward-in-mikrotik-router.htm using my port numbers and my v...
by tslytsly
Tue Nov 17, 2015 10:43 am
Forum: Beginner Basics
Topic: Hairpin NAT
Replies: 10
Views: 1651

Re: Hairpin NAT

30 chain=dstnat action=dst-nat to-addresses=192.168.1.250 to-ports=80 protocol=tcp src-address=192.168.1.0/24 dst-address=192.168.1.250 dst-address-type=local in-interface=ether1-gateway dst-port=80 log=no log-prefix="" This is wrong, you are still specifying that the traffic will come in ether1-ga...
by tslytsly
Mon Nov 16, 2015 5:39 pm
Forum: Beginner Basics
Topic: [SOLVED] The most simple /29 configuration
Replies: 9
Views: 1296

Re: The most simple /29 configuration

After that, and once each server has gotten its ip address, you can make that lease static (IP > DHCP Server > Leases), so that a given server gets always the same given ip.
Good point pukkita, wish I'd said that! :D
by tslytsly
Mon Nov 16, 2015 4:30 pm
Forum: Beginner Basics
Topic: [SOLVED] The most simple /29 configuration
Replies: 9
Views: 1296

Re: The most simple /29 configuration

Thanks for the reply. I managed to set it up on each PC and want to learn how to do it another way. Is it possible to set each PC to "obtain IP automatically" and still get an IP from the router? I've been reading about DHCP but is clueless when it comes to setting things up.... Hi, Yes you can do ...
by tslytsly
Mon Nov 16, 2015 12:40 pm
Forum: Beginner Basics
Topic: Port Forwarding from LAN point of view.
Replies: 1
Views: 598

Re: Port Forwarding from LAN point of view.

Hi Umbro,

You have already opened a second post about this here: http://forum.mikrotik.com/viewtopic.php?f=13&t=102202

I have posted a suggestion for you.

You might want to close this post as it's just a duplicate really.

:)
by tslytsly
Mon Nov 16, 2015 12:01 pm
Forum: Beginner Basics
Topic: Hairpin NAT
Replies: 10
Views: 1651

Re: Hairpin NAT

Maybe I will add my settings: [admin@MikroTik] /ip firewall nat> print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; default configuration chain=srcnat action=masquerade out-interface=ether1-gateway log=no log-prefix="" 1 chain=srcnat action=masquerade protocol=tcp src-address=192.168.1.0/24 ...
by tslytsly
Fri Nov 13, 2015 6:16 pm
Forum: Beginner Basics
Topic: How to Dynamic NAT VLAN over second WAN ip
Replies: 2
Views: 566

Re: How to Dynamic NAT VLAN over second WAN ip

Hi, I configured my Mikrotik routerboard like this: - WAN interface has 2 public IP's, lets say 1.1.1.1 and 1.1.1.2 - I use two VLANs with two subnets, let says VLAN 10 = 172.16.10.0/24 and VLAN 20 = 172.16.20.0/24 I want to configure dynamic nat (i guess that is masquerade) like this: VLAN10 inter...
by tslytsly
Tue Nov 10, 2015 2:39 pm
Forum: Beginner Basics
Topic: Pleae check my NAT - new in MikroTik
Replies: 2
Views: 399

Re: Pleae check my NAT - new in MikroTik

Hello, in your NAT rules, you need to specify dst-address or in-interface. You need fileter rule if you have a drop in forward. Regards, Agreed, in fact the rules you have now will NAT any traffic that traverses the firewall with those dst-ports. Best to add in-interface=ether1-gateway to all of th...
by tslytsly
Sat Nov 07, 2015 11:29 am
Forum: Beginner Basics
Topic: [SOLVED]Default route to Internet
Replies: 10
Views: 2807

Re: Default route to Internet

my ip route print is: [admin@MikroTik] > /ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 200.200.200.250 1 1 ADC 192.168.8...
by tslytsly
Fri Nov 06, 2015 10:24 am
Forum: Beginner Basics
Topic: [SOLVED]Default route to Internet
Replies: 10
Views: 2807

Re: Default route to Internet

This looks like your routing is setup wrong, can you please post the output from
ip route print
?

Also, you have too many masquerade rules, you should only have the
chain=srcnat action=masquerade src-address=192.168.88.0/24 out-interface=ether3
one, the others need to be removed.
by tslytsly
Fri Nov 06, 2015 10:19 am
Forum: Beginner Basics
Topic: Splitting ISP connection base on tagged/untagged VLAN
Replies: 3
Views: 1715

Re: Splitting ISP connection base on tagged/untagged VLAN

Sorry for the late reply, but thank you tslytsly, whis worked perfect. Since I already had a setup with DHCP-server and all that I tried to implement this into my setup. What I had to do was: Add VLAN interface iptv-vlan on interface ether1 with VLAN ID 845 Add bridge bridge-iptv Create bridge port...
by tslytsly
Thu Nov 05, 2015 6:35 pm
Forum: General
Topic: Fasttrack on CCR 1009-8G-1S-1S+
Replies: 9
Views: 1616

Re: Fasttrack on CCR 1009-8G-1S-1S+

What do you have in the forward chain at the top? The Fasttrack rule is at the top of the forward chain. Mine's working on my CCR-1009 using the 6.33rc's, but don't see much if any speed improvement with the 1009's speed and my low volume. My CRS125 and RB2011 see a vast improvement. They've been s...
by tslytsly
Wed Nov 04, 2015 6:39 pm
Forum: General
Topic: Fasttrack on CCR 1009-8G-1S-1S+
Replies: 9
Views: 1616

Re: Fasttrack on CCR 1009-8G-1S-1S+

If no firewall (NAT/Filter) is running, you don't need FastTrack.
Everything is configured as per the RouterOS manual example for Fasttrack.

We DO have NATted connections, both in and out.

So I would expected Fasttrack to work.

But IP settings show that it is not active, my question is why not?
by tslytsly
Wed Nov 04, 2015 4:53 pm
Forum: General
Topic: Fasttrack on CCR 1009-8G-1S-1S+
Replies: 9
Views: 1616

Re: Fasttrack on CCR 1009-8G-1S-1S+

Fasttrack is only helping for connections that need connection tracking. NATed connections for example. Regular routing does not benefit from Fasttrack. What does help is Fastpath. You don't need to enable anything to enable fastpath. It just works when the hardware and configuration supports it. A...
by tslytsly
Tue Nov 03, 2015 6:18 pm
Forum: General
Topic: Fasttrack on CCR 1009-8G-1S-1S+
Replies: 9
Views: 1616

Fasttrack on CCR 1009-8G-1S-1S+

Hi, I have a CCR 1009 sitting at the core of our work network. We have multiple VLANs, mgmt, client, Wifi, Voip, etc. I've added a Fasttrack rule to the top of our forward chain with a standard accept related/est below it: 5 ;;; FastTrackTest chain=forward action=fasttrack-connection connection-stat...
by tslytsly
Tue Nov 03, 2015 11:41 am
Forum: Beginner Basics
Topic: [SOLVED]Default route to Internet
Replies: 10
Views: 2807

Re: Default route to Internet

Hi,

Can you post your NAT rules?

You can do this using the terminal with the command:
ip firewall nat print
If you're not sure how to use the terminal then take a screen shot of the NAT config page: IP > Firewall > NAT.

Make sure you obscure any public IP info!
by tslytsly
Tue Oct 27, 2015 7:01 pm
Forum: Beginner Basics
Topic: Splitting ISP connection base on tagged/untagged VLAN
Replies: 3
Views: 1715

Re: Splitting ISP connection base on tagged/untagged VLAN

My ISP is sending my main internet untagged and my IPTV connection tagged with VLAN 845. This is all incoming on ether1 and I would like to split it up. I would like the VLAN 845 to be switched/stripped to ether2, so that the TV-box will use the ISP DHCP-Server and get the VLAN 845 traffic untagged...