Community discussions

MUM Europe 2020

Search found 17 matches

by busla
Sat Jan 28, 2017 11:40 am
Forum: Beginner Basics
Topic: Restriction Level
Replies: 6
Views: 907

Re: Restriction Level

This is possible, why answer "no" after I first said it was possible? In the real world "5 website on internet" are not own hosted blogs. You can't separate https traffic from/to cloud hosters. But all web services use both of them: encryption and clouds. So, you need a DNS filter or more complex p...
by busla
Tue Jan 24, 2017 5:58 pm
Forum: Beginner Basics
Topic: Restriction Level
Replies: 6
Views: 907

Re: Restriction Level

i want to restrict only 2 users ip for access only 5 website on internet, is this possible on mikrotik?
no
by busla
Tue Jan 24, 2017 1:47 pm
Forum: Beginner Basics
Topic: problem with passing l2tp port and protocol from mikrotik
Replies: 18
Views: 2456

Re: problem with passing l2tp port and protocol from mikrotik

but how can i pass through my vpn port and protocol from mikrotik ? l2tp uses random free UDP port at both sides see RFC 2662, section 8.1: L2TP uses the registered UDP port 1701 [RFC1700]. The entire L2TP packet, including payload and L2TP header, is sent within a UDP datagram. The initiator of an...
by busla
Mon Dec 12, 2016 1:55 pm
Forum: Beginner Basics
Topic: Step by Step Port Forwarding
Replies: 2
Views: 1190

Re: Step by Step Port Forwarding

3) In case firewall filters are used to drop some traffic you must be sure that forward packets which belong to natted connection are accepted: /ip firewall filter add chain=forward action=accept in-interface=wan_interface connection-nat-state=dstnat connection-state=established,related In my case ...
by busla
Sun Dec 11, 2016 4:33 pm
Forum: General
Topic: is any way to block upload file extension ?
Replies: 3
Views: 824

Re: is any way to block upload file extension ?

is any way to block upload file by extension type example block uploading ,jpg or .mp4 ?
No. It is not.
by busla
Sat Nov 19, 2016 1:51 pm
Forum: Beginner Basics
Topic: Filter outside access with MAC
Replies: 3
Views: 634

Re: Filter outside access with MAC

So MAC is only available on the side of the switch in the Mikrotik and not at the router side/outside.
There are not sides in thr Mikrotik. They are levels of the protocol stack.
by busla
Sat Nov 19, 2016 1:39 pm
Forum: Beginner Basics
Topic: Filter outside access with MAC
Replies: 3
Views: 634

Re: Filter outside access with MAC

No, it isn't possible. You can filter by ip address.
by busla
Fri Nov 11, 2016 6:50 pm
Forum: Beginner Basics
Topic: new NAT does nothing
Replies: 7
Views: 1022

Re: new NAT does nothing

you are wrong. this is only needed for accessing router's services
It work in hundreds installations. - Just check howtos from Google search and comments to them.
by busla
Fri Nov 11, 2016 2:45 pm
Forum: Beginner Basics
Topic: 3 Routers 1 SSID
Replies: 8
Views: 1233

Re: 3 Routers 1 SSID

As I understand, you want use routers 2 and 3 as transparent access pionts.

easiest way:
Turn off DHCP-server on routers 2 and 3.
Use bridged port (not 1st in default configuration) for connection.

But CAPsMAN is more effective.
by busla
Fri Nov 11, 2016 10:16 am
Forum: General
Topic: New Packet flow diagram
Replies: 103
Views: 73542

Re: New Packet flow diagram

The diagram is a part of wiki. I have studied it.
My sample is a sample, not a problem. I want to know a real 'paclet flow' in RouterOS. It solve all my problems.
by busla
Thu Nov 10, 2016 11:34 pm
Forum: Beginner Basics
Topic: bypass opendns
Replies: 13
Views: 2165

Re: bypass opendns

define custom DHCP option for local DNS
set this option for selected leases
by busla
Thu Nov 10, 2016 11:07 pm
Forum: General
Topic: New Packet flow diagram
Replies: 103
Views: 73542

Re: New Packet flow diagram

busla
this conversation is not in any way related to this "New packet Flow Diagram"
Why?
I create rules based on packet flow. Rules don't work. Either the diagram is wrong or diagram need some comments.
by busla
Wed Nov 09, 2016 7:02 pm
Forum: Beginner Basics
Topic: new NAT does nothing
Replies: 7
Views: 1022

Re: new NAT does nothing

Documentation is wrong. You must add allow rule to the input chain of ip->firewall->filter.
by busla
Wed Nov 09, 2016 12:13 pm
Forum: General
Topic: Mikrotik connected to proxy switch - internet access
Replies: 17
Views: 2132

Re: Mikrotik connected to proxy switch - internet access

The redirect is not enough. You must reconfigure proxy to transparent mode.
by busla
Tue Nov 08, 2016 5:03 pm
Forum: General
Topic: New Packet flow diagram
Replies: 103
Views: 73542

Re: New Packet flow diagram

I have service at 192.168.0.2:12345 I added the rule: ip firewall nat add chain=forward action=dst-nat protocol=udp port=12345 to-addresses=192.168.0.2 in-interface=ether1 log=yes but the log remains empty Dst-NAT rule doesn't work when it isn't allow rule in input chain of filter: ip firewall filte...
by busla
Tue Nov 08, 2016 2:29 pm
Forum: General
Topic: set a public IP to a server
Replies: 9
Views: 2167

Re: set a public IP to a server

It is a classic way: use separated network for public servers.
You can find more info by words: "DMZ", "demilitarized zone", "demilitarized network".

1) disable brige
2) plug directly server C into Mikrotik
3) set ip 139.1.2.1 for 3th interface
4) define routes
5) check firewall rules
by busla
Tue Nov 08, 2016 12:56 pm
Forum: General
Topic: New Packet flow diagram
Replies: 103
Views: 73542

Re: New Packet flow diagram

As described in the diagram RouterOS must apply dst-nat rules before filter rules. But it does not. Why?