Community discussions

MikroTik App

Search found 1638 matches

by Jotne
Sat Jun 06, 2020 7:52 am
Forum: Wireless Networking
Topic: 4k over wifi
Replies: 35
Views: 4506

Re: 4k over wifi

# may/20/2020 16:37:30 by RouterOS 6.43.11
You are running an rather old version of RouterOS. You should upgrade to latest "long term" 6.45.9 or latest stable 6.47.
by Jotne
Sat Jun 06, 2020 12:32 am
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 79
Views: 13923

Re: v7.0beta8 [development] is released!

Did forget about Netflow. Will have a look at it.
I do see that this needs an extra input to work on my server. Accounting do work with Syslog that I already uses.
by Jotne
Sat Jun 06, 2020 12:00 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 178
Views: 27511

Re: v6.47 [stable] is released!

No need to change the thread header. I may be better to start a new thread.
by Jotne
Fri Jun 05, 2020 11:48 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 79
Views: 13923

Re: v7.0beta8 [development] is released!

IP Acccounting is deprecated and removed from ROS v7.
What do I use then to get traffic data from each client that I do use in Splunk for MikroTik?
SNMP is not an option.

Script will then fail 100% if some do an upgrade to 7.x, since on-error seem to not handle this situation.
.
Accounting.jpg
by Jotne
Fri Jun 05, 2020 10:44 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 79
Views: 13923

Re: v7.0beta8 [development] is released!

/ip accouning is missing in latest beta. This breaks my Splunk script. :local AccuntData true # Get traffic data (accounting data) # ---------------------------------- if ($AccuntData) do={ # Test if fasttrack is enabled and give warning :if ([/ip firewall filter find where (action=fasttrack-connec...
by Jotne
Fri Jun 05, 2020 8:48 am
Forum: Beginner Basics
Topic: How can I block website / mp3 etc (string) without proxy ?
Replies: 5
Views: 1428

Re: How can I block website / mp3 etc (string) without proxy ?

/ip pool add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254 add name=dhcp_pool2 ranges=192.168.88.2-192.168.88.126 add name=dhcp_pool3 ranges=192.168.88.2-192.168.88.126 You have some error in your config. These three pools are overlapping or duplicate. I guess you only need the first line. It ...
by Jotne
Fri Jun 05, 2020 8:37 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 178
Views: 27511

Re: v6.47 [stable] is released!

I do think that is a better solution. It clear where DNS go, since you only have DoH configured. Wiki should at least be updated with that no password are needed.

Are there option to use other DoH than Cloudflare?
by Jotne
Fri Jun 05, 2020 8:15 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 178
Views: 27511

Re: v6.47 [stable] is released!

Everyone - DNS wiki page has been updated - https://wiki.mikrotik.com/wiki/Manual:IP/DNS#DNS_over_HTTPS Just a comment to the Wiki that it does miss some information. When importing the certificate, you are asked for a password phrase. This is not mention in the Wiki and it not clear for me when to...
by Jotne
Thu Jun 04, 2020 10:02 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 178
Views: 27511

Re: v6.47 [stable] is released!

2. When I exported my settings with command export file=yyyy-mm-dd-export all ports are exported with speed=100Mbps , so the export looks like: set [ find default-name=ether15 ] speed=100Mbps set [ find default-name=ether16 ] speed=100Mbps set [ find default-name=ether17 ] disabled=yes speed=100Mbp...
by Jotne
Thu Jun 04, 2020 8:12 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 178
Views: 27511

Re: v6.47 [stable] is released!

i have no idea how to make more free space...
hAP lite
Install an older smaller image, then upgrade to latest.
by Jotne
Thu Jun 04, 2020 4:24 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 79
Views: 13923

Re: v7.0beta8 [development] is released!

Test this instead:
/ip dns
set allow-remote-requests=yes use-doh-server=https://1.1.1.1/dns-query
Looks like your router does not resolve the name for cloudflare-dns.com
by Jotne
Thu Jun 04, 2020 2:23 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 79
Views: 13923

Re: v7.0beta7 [development] is released!

Does it work without certificates? Just to test the DoH to see what is wrong?
by Jotne
Thu Jun 04, 2020 2:19 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 79
Views: 13923

Re: v7.0beta7 [development] is released!

DoH works fine for me.

Just added
https://1.1.1.1/dns-query
Did not select "Verify DoH Certificate" since this is just a test.
by Jotne
Thu Jun 04, 2020 8:43 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 178
Views: 27511

Re: v6.47 [stable] is released!

My hAP ac2 did upgrade without problem to 6.47.
I guess you now that you have to select stable in channel to see the upgrade?
by Jotne
Thu Jun 04, 2020 8:24 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

Script updated to 4.0 Removed double stuff Added write-sector-total PS script can be updated without update Splunk software. Here is an example view on write sector increase last 10 hour that will be included in Splunk for MikroTik 3.1 * 10.10.10.1 hEX 6.45.9 (will have a look at this after upgrade ...
by Jotne
Thu Jun 04, 2020 8:14 am
Forum: General
Topic: How to block AnyDesk (TeamViewer analog)?
Replies: 3
Views: 508

Re: How to block AnyDesk (TeamViewer analog)?

Blocking IP may can give problems. Example AnyDesk server is on a big amazon server with hundreds of other web servers. Then you block them all.
by Jotne
Thu Jun 04, 2020 8:12 am
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 121
Views: 30802

Re: Add DNS over HTTPS (DoH) support

you can go to https://1.1.1.1/dns-query using the web browser
There are no webpage opening at this url.
by Jotne
Thu Jun 04, 2020 8:01 am
Forum: Scripting
Topic: Script not Running
Replies: 4
Views: 569

Re: Script not Running

Script /ip firewall filter move 2 destination=11; Schedule /system script run script1; Semicolon at the end of the line has not been needed for many years, and will not help here. You should not use ID number for anything in the script since its temporary and is not the same as the number you see i...
by Jotne
Wed Jun 03, 2020 11:00 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 121
Views: 30802

Re: Add DNS over HTTPS (DoH) support

Why?

Do you thing my ISP opens up the https packets and look for DNS packets?
I will add certificate later. This was just for testing purpose, since DoH was just released.
by Jotne
Wed Jun 03, 2020 10:52 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 121
Views: 30802

Re: Add DNS over HTTPS (DoH) support

I did not use any certificate, just added:
/ip dns
set allow-remote-requests=yes use-doh-server=https://1.1.1.1/dns-query
One line only for DNS and it works fine.
by Jotne
Wed Jun 03, 2020 10:45 pm
Forum: Beginner Basics
Topic: Set multipe DHCP severs on Bridged Interface
Replies: 9
Views: 1231

Re: Set multipe DHCP severs on Bridged Interface

@anav
It may be a very small animal hospital :)
" DHCP server cannot run on slave interface". How can i set DHCP on them ?
What version of routerOS do you run on the router. The message above may tell that its rather old, and it may be at risk security wise.
by Jotne
Wed Jun 03, 2020 10:15 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

Sorry to waste your time over this!
No problem. You have not done anything wrong, just in another way. :)
I will add a comment about in the DHCP view, that if you add static release outside the pool,but within the subnet, i will give wrong number.
by Jotne
Wed Jun 03, 2020 10:01 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

Interesting. I see this is a way you can handle DHCP, and it will confuse the system. Its not easy to take inn to account every possibility. In my work (20000 + computers 2500+ servers), we have only DHCP, and all server IP are within the DHCP scope. But we to convert DHCP leases to static for all t...
by Jotne
Wed Jun 03, 2020 8:50 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

There may be some wrong with that part. Its on part of the script that is not made by me ;) For me it looks correct /ip pool print # NAME RANGES 0 DHCP-Pool-vlan1-Home 10.10.10.55-10.10.11.254 Then the script shows this: script,info MikroTik: script=pool pool=DHCP-Pool-vlan1-Home used=158 total=455 ...
by Jotne
Wed Jun 03, 2020 4:22 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

You can copy all files you have modified to another folder. Remove all MikroTik files, install 3.0, then restore your files. Its also possible to use 7-zip/winrar to extract all the files from 3.0 manuall, then add one by one. If your edit is interesting for other, you could send me them, and I coul...
by Jotne
Wed Jun 03, 2020 7:57 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 178
Views: 27511

Re: v6.47 [stable] is released!

system,error,critical error while running customized default configuration script: no such item system,error,critical Same here, after update to 6.47 my RB4011iGS+5HacQ2HnD-IN and cAP Ac.. Antena gain was gone.. See this post https://forum.mikrotik.com/viewtopic.php?p=797466#p797466 MT We added an ...
by Jotne
Tue Jun 02, 2020 10:16 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 178
Views: 27511

Re: v6.47 [stable] is released!

My hope.
6.46 - > long term
6.47 - > stable
6.48.. no, no more 6 series
7.01 - > testing
by Jotne
Tue Jun 02, 2020 11:14 am
Forum: RouterOS v7 BETA
Topic: Ac 2 never came back to life after update to ros7 [SOLVED]
Replies: 6
Views: 927

Re: Ac 2 never came back to life after update to ros7 [SOLVED]

Do a google search for "netinstall mikrotik tutorial"
by Jotne
Tue Jun 02, 2020 8:35 am
Forum: RouterOS v7 BETA
Topic: Feature Request: Data usage
Replies: 2
Views: 414

Re: Feature Request: Data usage

Problem is to store log data on the routers. Some routers does nearly have space free at all.
It simple and free (upp to 500MB log a day) to setup a Splunk server. Se link in my signature. (I do use 30 min)
by Jotne
Tue Jun 02, 2020 8:28 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 67
Views: 13483

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

I have honey-pot IP addresses, anything that attempts to connect to them, gets their IP added to the block list, these addresses have never been used, so nothing legitimate would have any reason to try and connect. I do nearly the same. Since I do not have an extra public IP, I have and access rule...
by Jotne
Mon Jun 01, 2020 12:04 pm
Forum: General
Topic: Log catch and analyze tool
Replies: 8
Views: 2281

Re: Log catch and analyze tool

Also do not add link to the forum. Click the Attachments below the post and add the file/picture to the post.
All your links are dead/down.
by Jotne
Mon Jun 01, 2020 10:15 am
Forum: Wireless Networking
Topic: How to measure WiFi performance from a Mikrotik AP to a Mac? [SOLVED]
Replies: 6
Views: 993

Re: How to measure WiFi performance from a Mikrotik AP to a Mac? [SOLVED]

Just some posting tip. :)

No quote the post above you. Only quote some part if needed. Use the "Post reply" button (below) instead.
No multipost. If you add some information, just edit previous post if someone has not posted in between. Bump is ok if someone has not replied on some time.
by Jotne
Mon Jun 01, 2020 8:15 am
Forum: Beginner Basics
Topic: How to block SSH attackers after 3 bad logins?
Replies: 19
Views: 7093

Re: How to block SSH attackers after 3 bad logins?

If you do not access your router from outside using SSH and there are not NAT rules for SSH, you do not need to worry to much. They will not get inn to you. Here is what I do. If your try one port on my outside that are not open, example port 22, then your IP will go to a black list and stay there f...
by Jotne
Mon Jun 01, 2020 7:59 am
Forum: Beginner Basics
Topic: does winbox use ssh for connection ? [SOLVED]
Replies: 2
Views: 446

Re: does winbox use ssh for connection ? [SOLVED]

Are you going to use winbox on the outside interface? If so, do use VPN (but not PPTP) to secure the connection. If you can not use VPN, then: 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing open ports. 3. Use a long and good password. 4. Use access list to ...
by Jotne
Mon Jun 01, 2020 12:28 am
Forum: Scripting
Topic: Help with firewall
Replies: 12
Views: 1630

Re: Help with firewall

Seems that you are running some old software 6.44 and the older system with master port and IP bind to that port (ether2). If you do have many VPN services up and running. PPTP LT2P SSTP. Turn off all you do not need. One should do for for all types (not PPTP since no security) I see various rules d...
by Jotne
Sun May 31, 2020 8:07 pm
Forum: Scripting
Topic: Help with firewall
Replies: 12
Views: 1630

Re: Help with firewall

Where are your config?
And why two threads?
by Jotne
Sun May 31, 2020 7:47 pm
Forum: Beginner Basics
Topic: three newbie questions [SOLVED]
Replies: 27
Views: 3412

Re: three newbie questions [SOLVED]

that didn't work.
Not sure what the problem is. The user in this tread changed his IP without problem.
viewtopic.php?f=7&t=161687
by Jotne
Sun May 31, 2020 7:38 pm
Forum: Scripting
Topic: Accessing to ISP's modem with Scripting?
Replies: 2
Views: 533

Re: Accessing to ISP's modem with Scripting?

If you do use the MT cloud service you can use this command to get your public IP.
:put [/ip cloud get public-address]
by Jotne
Sun May 31, 2020 7:15 pm
Forum: Scripting
Topic: [Script] Automatically change DNS if Pi-hole is no longer working
Replies: 4
Views: 644

Re: [Script] Automatically change DNS if Pi-hole is no longer working

Here is my version of DoH server not working any more. Thanks again for the idea. Added logging when things change. I love to log everything (see my signature) :local currentDNS [/ip dns get server] :local DoHDNS "192.168.20.10" :local backupDNS "8.8.8.8,1.1.1.1" :local testDomain "www.google.com" :...
by Jotne
Sun May 31, 2020 6:43 pm
Forum: Scripting
Topic: [Script] Automatically change DNS if Pi-hole is no longer working
Replies: 4
Views: 644

Re: [Script] Automatically change DNS if Pi-hole is no longer working

Thanks for the script. I do see a use for it in my case. I have a DoH server running separately on an MT running 6.47 beta. On my main MT Router i have one DNS point to that DoH MT router. If add a second DNS on main router, that will be used without going trough the DoH server. So I can use the scr...
by Jotne
Sun May 31, 2020 8:35 am
Forum: Wireless Networking
Topic: rb4011or rt5300ac
Replies: 14
Views: 1888

Re: rb4011or rt5300ac

IP on bridge now looks correct.

Do past you code in code tags. Select you code text a click the code button </>
by Jotne
Sun May 31, 2020 1:12 am
Forum: Wireless Networking
Topic: rb4011or rt5300ac
Replies: 14
Views: 1888

Re: rb4011or rt5300ac

/ip address add address=192.168.88.1/24 comment=defconf interface=ether2 network=\ 192.168.88.0 This is wrong. your main ip should be on the bridge and not on an interface, when that interface is part of a bridge, same as you correctly configured DHCP server /ip dhcp-server add address-pool=dhcp di...
by Jotne
Sat May 30, 2020 11:46 pm
Forum: General
Topic: Log filtration
Replies: 2
Views: 488

Re: Log filtration

I do not think you can just remove parts of log for one user. If you have remote scripts that do log in to the router and does stuff, it will be logged. This is way I removed all remote script and also SNMP, and instead made the router itself sending out all that you need to monitor my rotuers. Look...
by Jotne
Sat May 30, 2020 11:43 pm
Forum: Beginner Basics
Topic: three newbie questions [SOLVED]
Replies: 27
Views: 3412

Re: three newbie questions [SOLVED]

Are you saying that I just enter this and the old one is overwritten?
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
Yes. You may loose contact with the router, but you should be able to reconnect.
by Jotne
Sat May 30, 2020 11:04 pm
Forum: Beginner Basics
Topic: Using hex as switch?
Replies: 9
Views: 1264

Re: Using hex as switch?

All MT devices with more than on part can run fine as Switches. Just configure all part inn to one bridge group, and add IP if admin is needed.
Can not comment about the speed of it, but I think it should do well.
by Jotne
Sat May 30, 2020 10:57 pm
Forum: Beginner Basics
Topic: three newbie questions [SOLVED]
Replies: 27
Views: 3412

Re: three newbie questions [SOLVED]

This IP is the main internal IP of the router. When you do have a bridge, you do connect DHCP/IP etc to the bridge, not to an interface part of the bridge. So not like this: /ip address add address=192.168.88.1/24 comment=defconf interface= ether2 network=192.168.88.0 But like this: /ip address add ...
by Jotne
Sat May 30, 2020 10:51 pm
Forum: Scripting
Topic: Help with firewall
Replies: 12
Views: 1630

Re: Help with firewall

If you do use PPTP, you should change to L2TP/IPSec.
If you do not use PPTP, you should disable it.

Post your config here.
/export hide-sensitive
Cut and past it in a post and wrap it in code block. Select your code and click the </> button.
by Jotne
Sat May 30, 2020 9:34 pm
Forum: Scripting
Topic: Script needed
Replies: 8
Views: 1566

Re: Script needed

I do suggest you create a new thread. Not all are equal good to create an informative title.
So for example. Need a script to move IP from one address list to another.
And in new thread also specify what criteria needed to move the IP addresses.
by Jotne
Sat May 30, 2020 10:41 am
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 6714

Re: V7 questions?

I do agree with anav, asking for syn packets in a "V7 question" topic is a bit off. Better to start another thread.
by Jotne
Fri May 29, 2020 8:55 pm
Forum: Beginner Basics
Topic: three newbie questions [SOLVED]
Replies: 27
Views: 3412

Re: three newbie questions [SOLVED]

Yeah I'm pissed Jotne obscured the process ...........
Uff, that was not my intention :mrgreen:
by Jotne
Fri May 29, 2020 9:38 am
Forum: General
Topic: Think i'm being attacked
Replies: 16
Views: 2073

Re: Think i'm being attacked

192.168.88.0/24 and 172.16.22.0/24 are both c net. 256 Address.
Was just asking since your scope was so small :)

172.16.0.0/16 is a b net

10.0.0.0/8 is a a net
by Jotne
Fri May 29, 2020 9:27 am
Forum: General
Topic: RouterBOARD 750G r3 no HW Offload ?
Replies: 10
Views: 1353

Re: RouterBOARD 750G r3 no HW Offload ?

Yes I do use VLAN, did forget abut this table :)
by Jotne
Fri May 29, 2020 9:25 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

This is some wrong:
sourcetype=mikrotik counter>0  |chart values(counter) by name
Buts not easy to fix when I do not see the real log data.
Sent you a private message.
by Jotne
Fri May 29, 2020 8:54 am
Forum: General
Topic: Run a script if a firewall rule is triggered
Replies: 8
Views: 1260

Re: Run a script if a firewall rule is triggered

Not a simple solution, but I do monitor lots of stuff using Splunk (see my signature) There is a specific view that show all filter rule action, so can see what is going on, I do log my last port of chain in port-knock to Splunk, so can see who enters. So far its only me, since no automatic script t...
by Jotne
Fri May 29, 2020 8:42 am
Forum: Beginner Basics
Topic: three newbie questions [SOLVED]
Replies: 27
Views: 3412

Re: three newbie questions [SOLVED]

(2) Typical rookie mistake. See if you can see it. Can this error come from upgrading from older version where we did have a master port? So an upgrade of OS did this, or is it just normal that so many do this wrong? Here is the config so no need to download file :) # may/28/2020 18:26:55 by Router...
by Jotne
Fri May 29, 2020 8:35 am
Forum: General
Topic: RouterBOARD 750G r3 no HW Offload ?
Replies: 10
Views: 1353

Re: RouterBOARD 750G r3 no HW Offload ?

My STP was set to none and showing no Hardware Offload.
Did try to change to STP stil no HW, then back to none, still no HW
6.45.8
by Jotne
Fri May 29, 2020 8:30 am
Forum: General
Topic: Think i'm being attacked
Replies: 16
Views: 2073

Re: Think i'm being attacked

Not sure why you have a DHCP pool on only 10 IP when you are using a C net.
Maybe you have only a few host, or lots of devices with fixed IP?
by Jotne
Fri May 29, 2020 8:23 am
Forum: General
Topic: Think i'm being attacked
Replies: 16
Views: 2073

Re: Think i'm being attacked

I think this:
add action=dst-nat chain=dstnat dst-port=8999 in-interface=bridge protocol=\
    tcp to-addresses=192.168.88.101
Should be your utside interface not bridge.
add action=dst-nat chain=dstnat dst-port=8999 in-interface=ether1 protocol=\
    tcp to-addresses=192.168.88.101
by Jotne
Fri May 29, 2020 8:10 am
Forum: General
Topic: Think i'm being attacked
Replies: 16
Views: 2073

Re: Think i'm being attacked

That is one of your problem.

You have to many open port.
L2TP/IPSec needs UDP/500 1701 4500
Rest should be removed.
by Jotne
Fri May 29, 2020 12:11 am
Forum: General
Topic: RouterBOARD 750G r3 no HW Offload ?
Replies: 10
Views: 1353

Re: RouterBOARD 750G r3 no HW Offload ?

I do see the same as you . 750G r3 /interface bridge port print detail Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 0 I interface=ether3 bridge=Bridge1 priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto learn=auto horizon=none hw=yes auto-isolate=no rest...
by Jotne
Thu May 28, 2020 11:47 pm
Forum: General
Topic: Think i'm being attacked
Replies: 16
Views: 2073

Re: Think i'm being attacked

I agree with Sindy, PPTP should not be used on the public internet. What you can do. * Block the 92.63.194.0/24 net. * Use a script that block the ip if wrong username is used. One of these scripts should work with just some small modification: https://forum.mikrotik.com/viewtopic.php?p=730484#p7304...
by Jotne
Thu May 28, 2020 7:47 pm
Forum: General
Topic: Script environment suspicious !
Replies: 7
Views: 1113

Re: Script environment suspicious !

It was a bug typo..... fixed ;)
by Jotne
Thu May 28, 2020 7:41 pm
Forum: General
Topic: Run a script if a firewall rule is triggered
Replies: 8
Views: 1260

Re: Run a script if a firewall rule is triggered

it is a nightmare to calculate e.g. "2 hours 3 minutes 9 seconds from now" with the datetime format in ROS scripting, so it is much easier to create an address list item with this lifetime, and link the next action to expiration of this item (or, in another words, to the whole address-list becoming...
by Jotne
Thu May 28, 2020 6:06 pm
Forum: General
Topic: Lots of global variables on hAP ac2
Replies: 5
Views: 965

Re: Lots of global variables on hAP ac2

Ok thanks.
But how to upgrade when I am on latest 6.47.rc2?
by Jotne
Thu May 28, 2020 6:01 pm
Forum: General
Topic: Upgrade to HexS (RB760iGS) cannot get ultra fibre speed.
Replies: 18
Views: 2004

Re: Upgrade to HexS (RB760iGS) cannot get ultra fibre speed.

What is "ultra fibre speed"? 1Ebps :)
by Jotne
Thu May 28, 2020 5:47 pm
Forum: Scripting
Topic: Get Identity On Traceroute
Replies: 2
Views: 411

Re: Get Identity On Traceroute

It seems that it is not possible to pass the output from the tool traceroute to a script.
by Jotne
Thu May 28, 2020 5:42 pm
Forum: General
Topic: Run a script if a firewall rule is triggered
Replies: 8
Views: 1260

Re: Run a script if a firewall rule is triggered

Why would you a function like this? I do ask, since If I do now the reason, I may see another way to solve this. I do use Splunk to do handle stuff that I need to monitor. Not a simle solution to solve this, but if you like to add an ip to an access list, and drop it. # Send packet to chain "Demo" o...
by Jotne
Thu May 28, 2020 2:16 pm
Forum: Scripting
Topic: Firewall Filter RATE: How to access value in script?
Replies: 4
Views: 1864

Re: Firewall Filter RATE: How to access value in script?

Please use code tags for code. Click </> button when code is selected ; is not neded, so removed. (only needed when multiple commands on same line) and extra not needed else removed Tab added to better see strukture. #START :local comm "COMMENT" :local time 1 :local bt0 [/ip firewall filter get [fin...
by Jotne
Thu May 28, 2020 7:54 am
Forum: Beginner Basics
Topic: three newbie questions [SOLVED]
Replies: 27
Views: 3412

Re: three newbie questions [SOLVED]

question 1: jan/02/1970 00:04:14 This tell me that you have not setup NTP at your router. You should do. . Not sure what your DHCP problem is, but is not ether1 your outside? how come your router list a private address like 192.168.100.11 ? . . question 2: I enter the recommended command below and ...
by Jotne
Wed May 27, 2020 10:27 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

Splunk for MikroTik updated to v3.0 Mayor changes is the PPPoE view and support for IPv6 in the MikroTik Firewall Rules module To upgrade, delete the folder /splunk/etc/app/Mikrotik Then install the unpacked spl (use winrar/winzip) file, install app from "Manage app" -> "Install app from file" To ge...
by Jotne
Wed May 27, 2020 9:48 pm
Forum: General
Topic: Lots of global variables on hAP ac2
Replies: 5
Views: 965

Lots of global variables on hAP ac2

Is it normal to have nearly 30 global variables default on hAP ac2? When I deleted them, they did come back. Router running 6.47rc2, never been on internet, just as a switch behind another router. Any documentation on what this is and what its used for? Some short like the two first here, but rest a...
by Jotne
Wed May 27, 2020 8:08 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 3119

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

Or you can keep the IPSec open but add QoS and give then a very slow connection, like 1kbps.
Also logg all their traffic and see where they go.
You can also redirect port 80/443 to a specific web server, so same web page opens all the time.
by Jotne
Wed May 27, 2020 7:46 pm
Forum: Scripting
Topic: Colon or not to Colon
Replies: 5
Views: 883

Re: Colon or not to Colon

On the third line I use /interface to switch to a different 'path' and then I don't have to use a ":" for commands in that 'path'. As soon as I cal a global command then I have to use a ":". I have seen this behaviour as well. If you are doing lots commands in a sub folder you can skip the path if ...
by Jotne
Wed May 27, 2020 2:46 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 3119

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

Others will say this approach makes no sense, why go through all the hassle of doing this : just drop any packet that is not part of a session or targeted towards non DNAT'ed ports and get on with your life ;-) and don't even bother logging this "noise" that exists "by default" 99.999% of these att...
by Jotne
Wed May 27, 2020 9:13 am
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 3119

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

I have an access rule that if anyone tries one port that is not open on the outside, he will be blocked for 24 hour on any port. This gives me an access list with from 2000 to 15000 IPs at any time. If this for some reason is me that has been blocked from outside, I can use port knock to whitelist m...
by Jotne
Tue May 26, 2020 10:00 pm
Forum: General
Topic: DNS over HTTPS
Replies: 23
Views: 3612

Re: DNS over HTTPS

6.47 RC was just released over here: viewtopic.php?f=21&t=161583
by Jotne
Tue May 26, 2020 8:48 pm
Forum: General
Topic: DNS over HTTPS
Replies: 23
Views: 3612

Re: DNS over HTTPS

And 6.47 is still in testing :)
by Jotne
Tue May 26, 2020 8:46 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

Downloaded the file from this forum and expanded it using 7-zip (Winrar should do as well), so file seems fine,
by Jotne
Tue May 26, 2020 1:49 pm
Forum: General
Topic: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]
Replies: 23
Views: 3119

Re: My MikroTik is Hacked!!! Found file 7wmp0b4s.rsc [SOLVED]

However, keep in mind i had a strong password. Strong password is not enough if this was used to administrate the box from outside (internet). Use VPN for administrate your box. If you can not use VPN, use: 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing op...
by Jotne
Tue May 26, 2020 1:41 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

I am working with v3.0 and there the kv search is updated. Try this: This should just give the devices: sourcetype=mikrotik module=script script=sysinfo | dedup host Then if that gives lines, run this updated version. sourcetype=mikrotik module=script script=sysinfo | dedup host | rex "version=\"(?<...
by Jotne
Tue May 26, 2020 9:42 am
Forum: General
Topic: blocking all websites except some special ones [SOLVED]
Replies: 3
Views: 614

Re: blocking all websites except some special ones [SOLVED]

for example for only yahoo.com we have got a lot of IPs... how can i do it ? Most of today's website not just have many IPs, but also lots of the code on the page comes from other sits, like commercial and other stuff. So only allow the IP for a specific web site, may not give the result you want. ...
by Jotne
Tue May 26, 2020 7:53 am
Forum: Scripting
Topic: New to scripting, need help
Replies: 15
Views: 1754

Re: New to scripting, need help

To check the syntax you can put the code between { } : This is only when cut and past to terminal for testing and its more than one line. Inside script its not needed. This should do: :do { :local checkdns [:resolve "my.domain" server=1.2.3.100]; /ip dhcp-server network set 0 dns-server=1.2.3.100 }...
by Jotne
Mon May 25, 2020 8:35 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

It can monitor as many as you like. Only limit is the amount of data logged to Splunk. For free you get 500MB, that should be ok for a small to medium system, depending on what you select to log. DNS eats lots of log space. What OS did you try? I do in first post recommend Ubuntu. Ubuntu running on ...
by Jotne
Mon May 25, 2020 6:36 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

I have see KV store error due to certificate error on splunk. Other than that, I do not know what can be wrong. I do suggest that you install Splunk from scratch on an Ubuntu 18.04 or 20.04 server. Works every time I have tried. I do use less than an hour to install Ubuntu/Splunk and Mikrotik plugin...
by Jotne
Mon May 25, 2020 2:37 pm
Forum: Scripting
Topic: New to scripting, need help
Replies: 15
Views: 1754

Re: New to scripting, need help

Try it out,

Test it from command line, cut past.
first with and "my.domain" correct, then change this to a name it does not resolve, to see if DNS is changed,
by Jotne
Mon May 25, 2020 2:05 pm
Forum: General
Topic: Vpn L2TP/IPSEC
Replies: 12
Views: 1556

Re: Vpn L2TP/IPSEC

I do not need it, but other may help you with your config.

Run form terminal this command to get everything.
/export hide-sensitive
Cut and paste everything inn to a post here using code tags </> (select code and click the button to get code tags)
by Jotne
Mon May 25, 2020 2:02 pm
Forum: Scripting
Topic: New to scripting, need help
Replies: 15
Views: 1754

Re: New to scripting, need help

I hva not tested it, but remove :put in front of /ip dhcp...

Test all commands one by one and see what is changing.
/ip dhcp-server network set 0 dns-server=X.X.X.X
do this adds or change dns when run, test it out.
by Jotne
Mon May 25, 2020 1:33 pm
Forum: General
Topic: Vpn L2TP/IPSEC
Replies: 12
Views: 1556

Re: Vpn L2TP/IPSEC

What 6.46, and where are your export?
by Jotne
Mon May 25, 2020 1:03 pm
Forum: General
Topic: DHCP override [SOLVED]
Replies: 8
Views: 827

Re: DHCP override [SOLVED]

Or if you can get my previous post to work with packed marking, you could use source mac address.
Then it does not matter what IP the client gets. The client then get routed based on its mac address.
by Jotne
Mon May 25, 2020 11:27 am
Forum: General
Topic: Vpn L2TP/IPSEC
Replies: 12
Views: 1556

Re: Vpn L2TP/IPSEC

After April update
What version? MT have different train.
6.45
6.46
6.47 beta


@Discmandj: can you please share your config /export hide-sensitive file=config for both routes.
by Jotne
Mon May 25, 2020 11:19 am
Forum: Beginner Basics
Topic: Port Forwarding Issue - Unable to access from LAN [SOLVED]
Replies: 3
Views: 437

Re: Port Forwarding Issue - Unable to access from LAN [SOLVED]

You can solve this in two ways. If you have an internal DNS server, add your full host name to it with internal IP. Inside user then points directly to inside server IP, and outside user points to outside public IP + traffic goes directly to your inside server for inside clients - needs an internal ...
by Jotne
Mon May 25, 2020 10:03 am
Forum: Scripting
Topic: New to scripting, need help
Replies: 15
Views: 1754

Re: New to scripting, need help

:do {
	:local test [:resolve "test.com"] 
	:put "this will run on success"
	:put "some more to do"
} on-error={
	/ip dns set servers=1.1.1.1
}
by Jotne
Mon May 25, 2020 8:44 am
Forum: General
Topic: DHCP override [SOLVED]
Replies: 8
Views: 827

Re: DHCP override [SOLVED]

It seems that you can mark the packet for one IP and then set a unique route for that marking.
viewtopic.php?t=65544
Dont ask me how, since I have not tested it and mangle is not my field :)

Edit:
This may help:
https://wiki.mikrotik.com/wiki/Policy_Base_Routing
by Jotne
Mon May 25, 2020 8:05 am
Forum: Scripting
Topic: Getting wireless interface rx signal-strength
Replies: 12
Views: 4321

Re: Getting wireless interface rx signal-strength

@nichky

Use the "Post Reply" button to reply someone. If quote is needed, only quote some part, not the whole post.
Here you quoted the post without writing anything :)
by Jotne
Sun May 24, 2020 11:52 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

Did an change in what to debug settings in first post Change from: /system logging add action=logserver prefix=MikroTik topics=!debug to: /system logging add action=logserver prefix=MikroTik topics=!debug, !packet This reduces overall DNS logging by 80% So I do suggest that you add this, specially i...
by Jotne
Sun May 24, 2020 10:34 pm
Forum: Scripting
Topic: New to scripting, need help
Replies: 15
Views: 1754

Re: New to scripting, need help

But if you need a script, this should do:
:do {
	:local test [:resolve "test.com"] 
} on-error={
	/ip dns set servers=1.1.1.1
}
by Jotne
Sun May 24, 2020 10:05 pm
Forum: Scripting
Topic: New to scripting, need help
Replies: 15
Views: 1754

Re: New to scripting, need help

Why not just add more DNS server.
8.8.8.8
8.8.4.4
1.1.1.1
1.0.0.1
by Jotne
Sun May 24, 2020 3:03 pm
Forum: Beginner Basics
Topic: A desperate cry for help.
Replies: 5
Views: 1078

Re: A desperate cry for help.

And also edit your subject in the first post to describe what your problem is, and not just asking for help.
Ans when posting the config of your router, post it in code tags as text and not just upload the file.
Some like this
by Jotne
Sun May 24, 2020 3:00 pm
Forum: Beginner Basics
Topic: Router Blocks some internet Trafic
Replies: 15
Views: 1907

Re: Router Blocks some internet Trafic

As I can see, he did fix this after my first post abut it.
I have made the change as suggested but it does not make any difference to the download speed of the LAN connection.
by Jotne
Sun May 24, 2020 2:02 pm
Forum: Useful user articles
Topic: How to create an account for the wiki pages?
Replies: 1
Views: 466

Re: How to create an account for the wiki pages?

I think its only for MT staff.
by Jotne
Sun May 24, 2020 1:19 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

Script updated to 3.9

Gives better command history for Router OS v7 or newer.
Fixed better handling with NTP/SNTP information

PS script can be updated without update Splunk software.
by Jotne
Sun May 24, 2020 10:59 am
Forum: Beginner Basics
Topic: Router Blocks some internet Trafic
Replies: 15
Views: 1907

Re: Router Blocks some internet Trafic

Its better if you post the config directly and not just the file, but like this: # may/24/2020 07:40:23 by RouterOS 6.46.6 # software id = 0Q6R-8P8C # # model = RB941-2nD # serial number = 9D740A0996CE /interface bridge add admin-mac=74:4D:28:33:0F:88 auto-mac=no comment=defconf name=bridge /interfa...
by Jotne
Sun May 24, 2020 10:17 am
Forum: Scripting
Topic: Getting wireless interface rx signal-strength
Replies: 12
Views: 4321

Re: Getting wireless interface rx signal-strength

To get better detail about the field, use as-value. Try cut/past this script. Its part of my Splunk script to monitor all wifi clients. (see signature) { :if ([:len [/interface wireless find ]]>0) do={ :foreach logline in=[/interface wireless registration-table find] do={ :local output "$[/interface...
by Jotne
Sun May 24, 2020 10:03 am
Forum: Scripting
Topic: Script for synchronization of DHCP leases between master and slaves
Replies: 2
Views: 358

Re: Script for synchronization of DHCP leases between master and slaves

Most of the work is just a copy from this: viewtopic.php?t=147251
That is ok, but giving the original creator some credit, or just a link to the original post would be fine :)
by Jotne
Sat May 23, 2020 5:55 pm
Forum: Scripting
Topic: How to set the same field of all list members to the same value? [SOLVED]
Replies: 3
Views: 475

Re: How to set the same field of all list members to the same value? [SOLVED]

You are welcome.

As for the first part, to get information, you could do:
:foreach i in=[find] do={:put ([get $i]->"address")}
You need to handle it as an array. To get a kv field you do use the $array->"field" Where the array her are found by the [get $i]
by Jotne
Sat May 23, 2020 5:35 pm
Forum: Scripting
Topic: How to set the same field of all list members to the same value? [SOLVED]
Replies: 3
Views: 475

Re: How to set the same field of all list members to the same value? [SOLVED]

This should do:
:foreach i in=[find] do={set $i address=192.168.20.2/32}
or since its just one IP and no subnet:
:foreach i in=[find] do={set $i address=192.168.20.2}
by Jotne
Sat May 23, 2020 2:36 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

Script updated to 3.8
Fixed so that some information only get collected every hour, even if scripts run every 5 min.
This is to not flod system with duplicate information.
by Jotne
Sat May 23, 2020 8:07 am
Forum: General
Topic: Best way to prevent attack from external
Replies: 9
Views: 1283

Re: Best way to prevent attack from external

Do you need to administrate the router from the outside? If yes, VPN is the way to go for Router admin from the outside. If VPN is not possible to use, then to access the route: 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing open ports. 3. Use a long and go...
by Jotne
Fri May 22, 2020 1:58 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

Splunk reads data since rights on the files are set by syslog so Splunk can read them and inputs.conf tells it to read them. -rw-r--r-- 1 syslog syslog 2520311 May 22 12:56 20200522-12.log The "r" in all three places makes all able to read the files. To test, log in as the Splunk user: sudo su - spl...
by Jotne
Wed May 20, 2020 1:45 pm
Forum: General
Topic: use static DNs in home network [SOLVED]
Replies: 10
Views: 1186

Re: use static DNs in home network [SOLVED]

1 S 10.. PTR http://www. sensor1.com 1d
You can not have space in DNS names, so www.sensor1.com should work. (this belongs to sensor-1.com)

If this is purely to access server on internal net, do use a name that does not belongs to someone else.
example sensor1.home
by Jotne
Wed May 20, 2020 11:30 am
Forum: Beginner Basics
Topic: Splitting up ports
Replies: 14
Views: 1527

Re: Splitting up ports

In my work splitting an Ethernet cable to get more separate lines is a no go.
Add a new cable if you need more lines.
by Jotne
Wed May 20, 2020 11:13 am
Forum: Beginner Basics
Topic: Does RouterOS block NTP traffic by default?
Replies: 19
Views: 1632

Re: Does RouterOS block NTP traffic by default?

Ahh, that explains it! Yes, then I think it's it's quite likely that my ISP is to blame. They also block other things like any outbound TCP connections TO port 25. I guess all this makes sense to prevent malicious activity, but it is annoying. TCP/25 is normal to block due to email spam from variou...
by Jotne
Tue May 19, 2020 10:06 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 30
Views: 9574

Re: Log all console commands [SOLVED]

And here is the script. Schedule it to run every 5 min and it will send all new command to syslog { if ([:tonum [:pick [/system resource get version] 0 1]] > 6 ) do={ global cmd local f 0 foreach i in=[system history find] do={ if ($i = $cmd) do={:set $f 1} if ($f<>1) do={ :log info message="StartCM...
by Jotne
Tue May 19, 2020 8:54 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 30
Views: 9574

Re: Log all console commands [SOLVED]

It seems that MT is working on some in v7. Adding a filter rule, then system history show the complete command: V7_Beta] > /system/history/print detail Flags: U - undoable, R - redoable, F - floating-undo U redo=/ip firewall filter add action=accept chain=forward disabled=no dst-address=0.0.0.0/0 lo...
by Jotne
Mon May 18, 2020 4:22 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 6714

Re: V7 questions?

With more than 300 post, you are not 100% new user.
RouterOS is closed source, so no underlying access.
by Jotne
Mon May 18, 2020 2:49 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 6714

Re: V7 questions?

no Linux root access is possible then... nothing for me then... :-)
Do you have any other RouterOS with Linux root access?
Why ask for it on v7?
What do you miss on RouterOS since you need root access?
by Jotne
Mon May 18, 2020 2:33 pm
Forum: Scripting
Topic: Functions in CMD Scripts
Replies: 23
Views: 30318

Re: Functions in CMD Scripts

Here is an example on how to remove space from an variable.
Or actually it takes all text up until first space.
{
:local test "MyTest "
:put "Before *$test*"
:set test [:pick $test 0 [:find $test " "]]
:put "After *$test*"
}
Before *MyTest *
After *MyTest*
by Jotne
Sun May 17, 2020 11:32 am
Forum: Scripting
Topic: Date arithmetic?
Replies: 11
Views: 3137

Re: Date arithmetic?

Do you know of a script that converts from epoch to mikrotik date / time? Not seen, but should not be to hard to make. Problem is that MT uses various from of date logging. * If log time is less than 24 hours (or is it from this date, not sure) it uses time only: 13:56:28 * Older logs with month an...
by Jotne
Sun May 17, 2020 10:52 am
Forum: Scripting
Topic: Date arithmetic?
Replies: 11
Views: 3137

Re: Date arithmetic?

I have posted a solution in this thread. https://forum.mikrotik.com/viewtopic.php?t=75555 You then have a script that converts date to epoc time so that you can do the math. Not an optimal solution, but should work. I have sent email to support@mikrotik.com for them to implement better date handling...
by Jotne
Sun May 17, 2020 10:28 am
Forum: Scripting
Topic: How to get IP, MAC, EtherPort for all currently active EtherPorts? [SOLVED]
Replies: 25
Views: 2406

Re: How to get IP, MAC, EtherPort for all currently active EtherPorts? [SOLVED]

This: /interface ethernet print give only information about the interface it self and its mac address. Not mac-address that ar connected to it. [xxx] > /interface ethernet print Flags: X - disabled, R - running, S - slave # NAME MTU MAC-ADDRESS ARP 0 RS ether1 1500 00:50:5A:AA:5F:75 enabled [xxxx] >...
by Jotne
Sun May 17, 2020 10:20 am
Forum: Scripting
Topic: How to get IP, MAC, EtherPort for all currently active EtherPorts? [SOLVED]
Replies: 25
Views: 2406

Re: How to get IP, MAC, EtherPort for all currently active EtherPorts? [SOLVED]

I did try to see if it was possible to get the mac from all interface, not just bridge, but still no luck. But if there are some I do miss and its possible, it should be possible to make a script that covers both bridges and ports. Mye ethernet1 is connected to the wan and do not have any bridge. Th...
by Jotne
Sun May 17, 2020 1:09 am
Forum: General
Topic: walled garden wa.me
Replies: 3
Views: 523

Re: walled garden wa.me

And as I do write, this shourtcut links is just a redirect.
You need to open all involved site, like whatsapp.com
by Jotne
Sun May 17, 2020 1:07 am
Forum: Scripting
Topic: DuckDNS Dynamic DNS updater script
Replies: 5
Views: 1635

Re: DuckDNS Dynamic DNS updater script

If you use RouterOS built in dynamic DNS updater /ip cloud, you get a free DNS to use some like this:
6f3806e0aaaa.sn.mynetname.net
Then you can use this directly, or point other service like DuckDNS, Dyndns to the name and no more manual or scripted update neded.
by Jotne
Sun May 17, 2020 12:29 am
Forum: Scripting
Topic: How to get IP, MAC, EtherPort for all currently active EtherPorts? [SOLVED]
Replies: 25
Views: 2406

Re: How to get IP, MAC, EtherPort for all currently active EtherPorts? [SOLVED]

This seems to work: { :local ip /interface bridge host :foreach ID in=[find] do={ :local inf [get $ID interface] :local mac [get $ID mac-address] :local idmac [/ip arp find mac-address="$mac"] :if ([:len $idmac] > 0) do={ :set ip [/ip arp get $idmac address] } :put "interface=$inf mac=$mac ip=$ip" }...
by Jotne
Fri May 15, 2020 3:28 pm
Forum: General
Topic: Documentation errors
Replies: 6
Views: 1139

Re: Documentation errors

I do agree that this is a wrong as well.
172.16.16.1 is not a public IP, so they should change what they write or another example IP.
by Jotne
Fri May 15, 2020 3:24 pm
Forum: General
Topic: walled garden wa.me
Replies: 3
Views: 523

Re: walled garden wa.me

Maybe it redirect you to some other page that you have not open?
It seems to redirect to whatsapp.com, that also need to be open i guess.
by Jotne
Fri May 15, 2020 3:16 pm
Forum: General
Topic: tool kid-control
Replies: 58
Views: 20800

Re: tool kid-control

I did try this some time ago, and my kid did change his mac, so did not help at all :lol:
Could be an option to block all mac address, except the one you allow, but would not be any fleksible at all.

https://www.groovypost.com/howto/change ... ws-10-why/
by Jotne
Fri May 15, 2020 3:10 pm
Forum: General
Topic: Wrong value from SNMP IF-MIB::ifSpeed
Replies: 15
Views: 4431

Re: Wrong value from SNMP IF-MIB::ifSpeed

If you have not yet done, you should send an email to support@mikrotik.com.
by Jotne
Fri May 15, 2020 9:35 am
Forum: Scripting
Topic: Add value to the end of an array?
Replies: 2
Views: 1259

Re: Add value to the end of an array?

For a KV array, you can do:
{
:local array [ :toarray "producer=ford;color=blue" ]
:set ("$array"->"type") "mustang"
:put $array
}
producer=ford;color=blue;type=mustang
by Jotne
Fri May 15, 2020 9:08 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

Other question: Is there an option, to give comments to the IP-Adresses in Traffic Throughput Monitor? Sometimes the IPs are solved to Hostnames, but I would be happy to define comments as well. What commend do you like? Name of host are resolved when Splunk uses DNS to find its name. There are sev...
by Jotne
Fri May 15, 2020 8:35 am
Forum: Beginner Basics
Topic: Mikrotik router
Replies: 2
Views: 462

Re: Mikrotik router

All MikroTik routers run RouterOS and can be setup as hotspot.
You can use a router without wifi as hotspot and use a Cisco Wifi accesspoint if you like.
by Jotne
Thu May 14, 2020 7:39 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

Did not understand the question.
My post above clearly stats that if you run Splunk as a non root user you need an external server to receive sysloge.
At least if you uses port below 1024, Splunk will not work. So Mikrotik send udp/515->rsyslog server <- Splunk reads the file.
by Jotne
Thu May 14, 2020 3:59 pm
Forum: Scripting
Topic: script send email as user login into routerboard
Replies: 34
Views: 11283

Re: script send email as user login into routerboard

Google search is a nice tool to find these types of stuff.

Example here:
https://wiki.mikrotik.com/wiki/Manual:Tools/email
by Jotne
Thu May 14, 2020 3:52 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

If you do use Splunk as a non root (recomended) user, you need an external Syslog server. This setup needs Splunk for Mikrotik v3.0 to read field correctly. (out soon) This is how to set it up using Ubuntu server. Should work on most version. rsyslog comes default with Ubuntu so no need to install a...
by Jotne
Thu May 14, 2020 10:42 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

Other question: Is there an option, to give comments to the IP-Adresses in Traffic Throughput Monitor? Sometimes the IPs are solved to Hostnames, but I would be happy to define comments as well. I do recommend using Linux for Splunk. Its created for Linux, later exported to work in Windows. My inst...
by Jotne
Wed May 13, 2020 9:45 pm
Forum: General
Topic: Winbox GUI Filter Feature / Button
Replies: 10
Views: 2005

Re: Winbox GUI Filter Feature / Button

MikroTik should explain what it means with contains in the firewall filter when address is selected.
I would say that this still is a bug and needs to be fixed.

Searching for address contains 192 should give positive on all these lines
192.168.0.1
10.192.20.45
16.23.192.53
72.100.20.192
by Jotne
Wed May 13, 2020 4:36 pm
Forum: General
Topic: snmp not working on mikrotik device with a pppoe connection
Replies: 5
Views: 751

Re: snmp not working on mikrotik device with a pppoe connection

I have a mikrotik device connected to the internet via pppoe. I need to be able to monitor the device via snmp. In my project using Splunk to monitor RouterOS I stopped using SNMP, since public IP may change. I do us script on the router that sends all needed information to a sentral Syslog server....
by Jotne
Wed May 13, 2020 4:16 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

What about this search? sourcetype=mikrotik module=script script=sysinfo | dedup host | rex "version=\"(?<version>[^\"]*)\" board-name=\"(?<board_name>[^\"]*)\" model=\"(?<model>[^\"]*)\" serial=(?<serial>\S*) identity=\"(?<identity>[^\"]*)\"" | table host identity serial model board_name version
by Jotne
Wed May 13, 2020 3:58 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

Can you try to run i manually.
Splunk-app:Mikrotik->Reports->Click on name "device lookup updater"
Do you get any information? (Try it twice)
If not, what do you get
Splunk-app:Mikrotik->Reports-> "device lookup updater" Open in Search
by Jotne
Wed May 13, 2020 3:53 pm
Forum: Scripting
Topic: Colon or not to Colon
Replies: 5
Views: 883

Re: Colon or not to Colon

In API I do not know. but on console for v7.0 b5 both with and without colon do works.

Some strange that RouterOS then allow you to skip the Colon, when manual clearly stats that you need it?
by Jotne
Wed May 13, 2020 3:48 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

You are 100% correct.
I did fix this by using coalesce
| eval identity=coalesce(identity,host)
Version 3.0 will be out soon with this fix and som other stuff as well.
PPPoE logging
IPv6 IP support in firewall
by Jotne
Wed May 13, 2020 10:24 am
Forum: Scripting
Topic: Colon or not to Colon
Replies: 5
Views: 883

Colon or not to Colon

I Mikrotik Router OS scripting.
Is there any reason to use the Colon : in front of commands

Eks This works
:do {:put "hello"}
And so do this:
do {put "hello"}
Is there any reason to use one or another.
by Jotne
Wed May 13, 2020 10:19 am
Forum: Scripting
Topic: wireless access list disable
Replies: 1
Views: 370

Re: wireless access list disable

From a terminal window try tu run the script manually. :put [/wireless access list find where comment ~"limit"] If this does not show anything, you do not have any access list with comment "limit" If you see data then try cut/past this to cli. { :foreach i in=[/wireless access list find where commen...
by Jotne
Wed May 13, 2020 8:43 am
Forum: Scripting
Topic: Get information from UserManager
Replies: 2
Views: 932

Re: Get information from UserManager

And the answer in the post you link was:
You can't.
PS please post image to the forum and not using link.
Using the Attachments function below the post when edit it and upload the image.
by Jotne
Mon May 11, 2020 4:19 pm
Forum: Scripting
Topic: script send email as user login into routerboard
Replies: 34
Views: 11283

Re: script send email as user login into routerboard

Same script, with tabs and without not needed semicolon. :log info message=("Start Check Logged Users") :local tmpAllTheUsersLogged value=[/user active find] :if ([:len $tmpAllTheUsersLogged] > 0) do={ :local tmpMessage value="" :foreach tmpArrayItem in=$tmpAllTheUsersLogged do={ :set $tmpMessage va...
by Jotne
Mon May 11, 2020 3:34 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved
Replies: 305
Views: 113239

Re: Tool: Using Splunk to analyse MikroTik logs 2.9 (Graphing everything) Topic is solved

An serious error found in the script in 2f. If NTP module is missing, the whole script fails. Fixed in new version 3.6.
by Jotne
Mon May 11, 2020 9:01 am
Forum: General
Topic: Traffic court
Replies: 1
Views: 387

Re: Traffic court

Post the image in the forum, its better then external link. Click the Attachments below the post.
.
.
error.png
by Jotne
Mon May 11, 2020 8:54 am
Forum: Beginner Basics
Topic: ssh connection to mikrotik not working (timeout)
Replies: 12
Views: 1465

Re: ssh connection to mikrotik not working (timeout)

Its better to post the file in the post here. Click the Attachments under the post and add the file, like this: export-data_clean.rsc Or just cut and past the code inn to the post with code tags </> like this: # may/10/2020 21:53:59 by RouterOS 6.45.2 # software id = ZJ3M-ESHW # # # /interface ether...
by Jotne
Mon May 11, 2020 8:48 am
Forum: Beginner Basics
Topic: How to access network from internet for some IP [SOLVED]
Replies: 7
Views: 902

Re: How to access network from internet for some IP [SOLVED]

VPN is the way to go for Router admin from the outside. If VPN is not possible to use, then to access the route: 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing open ports. 3. Use a long and good password. 4. Use access list to prevent any random internet fr...
by Jotne
Sun May 10, 2020 1:06 am
Forum: Scripting
Topic: Syntax highlighting for PSPad
Replies: 1
Views: 482

Re: Syntax highlighting for PSPad

Thanks for the contribution, but always add the file to the board, not use link to a site. Especially when its not in English.
To attach a file, click the Attachments folder below the edit field and add the file, like this:
PSPad-RB.rar
by Jotne
Fri May 08, 2020 9:23 pm
Forum: Beginner Basics
Topic: nslookup on Mikrotik
Replies: 17
Views: 35474

Re: nslookup on Mikrotik

When you use set of a variable, it should be declared fist (but works without), so either this; :local result :set $result [:resolve mt.lv] :put $result Or set it directly when declare the variable like this: :local result [:resolve mt.lv] :put $result One line local result [:resolve mt.lv]; :put $r...
by Jotne
Fri May 08, 2020 8:58 am
Forum: Scripting
Topic: Mikrotik RouterOS automatic backup and update script
Replies: 10
Views: 3224

Re: Mikrotik RouterOS automatic backup and update script

Auto upgrade MT routers may fail. There has over the last years been several times bug has been introduced or change to some like Wifi that made the router stopped working. So a delay is minimum thing that should be in the script. But If I had lots of routers and lots of time, I would have setup a w...
by Jotne
Wed May 06, 2020 2:12 pm
Forum: Scripting
Topic: script send email as user login into routerboard
Replies: 34
Views: 11283

Re: script send email as user login into routerboard

Its possible by setting an gloabal variable with history of the user logged inn, but would be some complicated.

You can also look at my Splunk project in my signature. There you can see in an external app all logged in user/when and get it nice graphed.
by Jotne
Tue May 05, 2020 9:08 am
Forum: General
Topic: rb2011 unwanted bandwidth limit
Replies: 2
Views: 801

Re: rb2011 unwanted bandwidth limit

Post your config:
/export hide-sensitive
by Jotne
Tue May 05, 2020 9:06 am
Forum: Scripting
Topic: someone help me?
Replies: 1
Views: 586

Re: someone help me?

This will list all static DHCP leases and put Name and Address in to variables for later use: { :foreach i in=[/ip dhcp-server lease find where !dynamic] do={ local Name [/ip dhcp-server lease get $i host-name] local Address [/ip dhcp-server lease get $i address] :put "Name=$Name IP=$Address" } }
by Jotne
Tue May 05, 2020 8:35 am
Forum: Scripting
Topic: Use output of /tool profile
Replies: 2
Views: 649

Re: Use output of /tool profile

Did you search the forum?
viewtopic.php?t=78746
Even if this post is old, its still valid

Send an email to supprort@mikrotik.com with this as a future request.
by Jotne
Tue May 05, 2020 8:30 am
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 13
Views: 1823

Re: Time Sync with SNTP client and IP Cloud Not Working

Even better, export all.
/export hide-sensitive
by Jotne
Mon May 04, 2020 10:25 pm
Forum: Scripting
Topic: I did it! Script to compute UNIX time!
Replies: 10
Views: 7793

Re: I did it! Script to compute UNIX time!

Should do :)
by Jotne
Mon May 04, 2020 7:11 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 13
Views: 1823

Re: Time Sync with SNTP client and IP Cloud Not Working

1.1.1.1 is not an NTP server.

Find a server from this pool.
https://www.pool.ntp.org
by Jotne
Mon May 04, 2020 4:25 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 13
Views: 1823

Re: Time Sync with SNTP client and IP Cloud Not Working

My bad.

When NTP is not installed, it uses a simple NTP or SNTP, not sure.

You set it up from CLI, did not find any info in WinBox
/system ntp client set enabled=yes
/system ntp client set primary-ntp=1.1.1.1
/system ntp client print 
by Jotne
Mon May 04, 2020 4:09 pm
Forum: Scripting
Topic: I did it! Script to compute UNIX time!
Replies: 10
Views: 7793

Re: I did it! Script to compute UNIX time!

Here is an updated version that could be used to both get current time or convert data from input. Example current time :put [$EpochTime] 1588597644 Convert time :put [$EpochTime "may/01 16:23:50"] 1588343030 EpochTime "15:23:50"] 1588598630 When date not give, it uses current day/month/year :global...
by Jotne
Mon May 04, 2020 11:53 am
Forum: Scripting
Topic: delete address list old than 7 days
Replies: 14
Views: 2378

Re: delete address list old than 7 days

Found this thread: viewtopic.php?f=9&t=75555

If I am able to change the script to take input, I will try to make a script that convert the time field to epoch time.
Then it should be easy to calculate older than 7 days.
by Jotne
Mon May 04, 2020 10:24 am
Forum: Scripting
Topic: I did it! Script to compute UNIX time!
Replies: 10
Views: 7793

Re: I did it! Script to compute UNIX time!

Thanks for the script. This is some I have complained to MT support about. Some like this should be built in to the RouterOS software. As it is now, its impossible to handle time in RouterOS. Example: From Cli, look at log time. For event less then 24 hour, only time is shown. For event more than 24...
by Jotne
Mon May 04, 2020 9:37 am
Forum: Beginner Basics
Topic: Inter Vlan Routing
Replies: 27
Views: 3252

Re: Inter Vlan Routing

My hEX (RB750Gr3) do route fine between VLAN.
Main VLAN (my home)
Guest VLAN
DMZ VLAN

As mkx write
BTW, hEX can route around (or slightly less than) 400 Mbps ...
by Jotne
Mon May 04, 2020 9:25 am
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 13
Views: 1823

Re: Time Sync with SNTP client and IP Cloud Not Working

SNTP is not the same as NTP
Do you have the NTP package installed? Look at:
System -> Packages
There you should see under name a NTP package.

Not sure if SNTP can respond to other NTP request, it may only be a NTP client and not a server.
by Jotne
Mon May 04, 2020 9:16 am
Forum: Scripting
Topic: how do i get the system active user [SOLVED]
Replies: 15
Views: 2223

Re: how do i get the system active user [SOLVED]

/ip firewall address-list remove [find where comment=$user && name=RC] This does not work since in Winbox an entry is called name, but from terminal its called list So: /ip firewall address-list remove [find where comment=$user && list=RC] If you from terminal type this: /ip firewall address-list p...
by Jotne
Mon May 04, 2020 8:30 am
Forum: Beginner Basics
Topic: Restricting access to guests in LAN
Replies: 4
Views: 934

Re: Restricting access to guests in LAN

Since I already need to use the ACL FW for normal LAN users As you see many other reply to your post that your should not use L2 Firewall. You need then to handle one and one mac/ip address. How do you know someone does not fake mac so they get changed to the other side of the firewall? One way to ...
by Jotne
Mon May 04, 2020 8:22 am
Forum: Scripting
Topic: Port knoking and secure connect pptp
Replies: 3
Views: 883

Re: Port knoking and secure connect pptp

p.s. semicolon these are the rules of good form
That was long time ago, things changes. :)
by Jotne
Sun May 03, 2020 11:40 pm
Forum: Beginner Basics
Topic: Restricting access to guests in LAN
Replies: 4
Views: 934

Re: Restricting access to guests in LAN

You create a VLAN for all Guest, then add the port for the guest to this VLAN, same with create a own guest Wifi.
Then you make filter rules.

I do not recommend at all mixing in Layer 2 firewall. Do a VLAN and stick til Layer 3 Routing/firewall. Make it simple.
by Jotne
Sun May 03, 2020 10:01 pm
Forum: Scripting
Topic: Port knoking and secure connect pptp
Replies: 3
Views: 883

Re: Port knoking and secure connect pptp

I can not help you at the moment, since I do not have any external MT but its some interesting approach. Since you try from one Mikrotik Router to another Miktroik Router, have you tested L2TP/IPSec to see what speed you do get? Do you see new entry in the access list knock1000 on the main router wh...
by Jotne
Sun May 03, 2020 6:02 pm
Forum: Scripting
Topic: how do i get the system active user [SOLVED]
Replies: 15
Views: 2223

Re: how do i get the system active user [SOLVED]

How did 100.100.100.209 end up in your address list? Just because he did connect to you using ppp? Since its not dynamic D, then someone or a script did add this. Another thing 100.100.100.209 is part of the public internet, and should not be used internally. Give the whole story. Are you using pppo...
by Jotne
Sun May 03, 2020 4:24 pm
Forum: Scripting
Topic: how do i get the system active user [SOLVED]
Replies: 15
Views: 2223

Re: how do i get the system active user [SOLVED]

How do the name get there in the first place?
by Jotne
Sun May 03, 2020 2:16 pm
Forum: Scripting
Topic: ppp active remove also in address list
Replies: 1
Views: 552

Re: ppp active remove also in address list

What is wrong with this thread?

viewtopic.php?f=9&t=160654
by Jotne
Sun May 03, 2020 2:02 pm
Forum: Scripting
Topic: how do i get the system active user [SOLVED]
Replies: 15
Views: 2223

Re: how do i get the system active user [SOLVED]

So you have a unique firewall filter for every user? Why would you have that? When do the filter rule get created? As I wrote before, no need for semicolon at end of line.... And use code tags around the code. Its a button like this </> above the post when edit/write it. You also have an extra } tha...
by Jotne
Sun May 03, 2020 9:43 am
Forum: Scripting
Topic: delete address list old than 7 days
Replies: 14
Views: 2378

Re: delete address list old than 7 days

Not sure why its not working, but since you already have the ID of the line to delete, just use the ID like this: { :foreach i in=[/ip firewall address-list find where creation-time~"apr" && list~"mylist"] do={ :local address [/ip firewall address-list get $i address] :log info "Removing $address in...
by Jotne
Sun May 03, 2020 9:28 am
Forum: Scripting
Topic: Question regarding DHCP-DNS scripting
Replies: 2
Views: 688

Re: Question regarding DHCP-DNS scripting

I have not tested your script, but some tips. No need for semicolon ; at the end of each line, only between commands on same line. Change this: :log info "fqdn: $hostname"; :log info "ip: $leaseActIP"; :log info "registering: $leaseBound"; :log info "matching records: $recordExists"; to :log info "f...
by Jotne
Sun May 03, 2020 9:14 am
Forum: Beginner Basics
Topic: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]
Replies: 56
Views: 6246

Re: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]

It seems that you try to do some that its not common to do (firewall in local lan). Why? It may be better to use different subnet. Your next post should be a diagram, and also do /export hide-sensitive so we get the whole picture. Also stop spamming the forum with post Do not multipost. If you have ...
by Jotne
Sun May 03, 2020 9:06 am
Forum: Scripting
Topic: how do i get the system active user [SOLVED]
Replies: 15
Views: 2223

Re: how do i get the system active user [SOLVED]

We are saying that you mix thing. User logging inn to the router using web/winbox/telnet/ssh, has nothing to do with /ppp secret. To get all user logged inn to router, do: { :foreach UsersID in=[/user active find] do={ :local User [/user active get $UsersID] # change line below to email :put $User }...
by Jotne
Sun May 03, 2020 12:09 am
Forum: Beginner Basics
Topic: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]
Replies: 56
Views: 6246

Re: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]

RouterOS was installed, and it said and says it operates in Bridge Mode as opposed to Router Mode (= selectable). So you are using the device as a switch? If so you have to turn on use ip firewall for the switch. If not, nothing will pass trough the filter rules, if I am correct. /interface/bridge/...
by Jotne
Sat May 02, 2020 6:29 pm
Forum: Scripting
Topic: How to delete a list in reverse order? [SOLVED]
Replies: 5
Views: 994

Re: How to delete a list in reverse order? [SOLVED]

I can see you can do this as a test, but in a production router I have not done any thing like this.
Make a good configuration and let it stay.
by Jotne
Sat May 02, 2020 6:27 pm
Forum: Beginner Basics
Topic: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]
Replies: 56
Views: 6246

Re: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]

If there is noe solution, start with a default configuration, delete fast track. Then add inn one and one rule.
by Jotne
Sat May 02, 2020 5:16 pm
Forum: Beginner Basics
Topic: Trying to understand default configuration of hAP2
Replies: 3
Views: 668

Re: Trying to understand default configuration of hAP2

If ports are not member of a bridge, then packets need to go trough the routing process.
https://help.mikrotik.com/docs/display/ ... n+RouterOS
https://www.youtube.com/watch?v=MF0lGclPa5E
by Jotne
Sat May 02, 2020 5:13 pm
Forum: Beginner Basics
Topic: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]
Replies: 56
Views: 6246

Re: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]

Start by disabling fast track, then we can have a look at the counters. https://www.youtube.com/watch?v=6LaqhDm6PHI

Also try to understand this page as well.
https://help.mikrotik.com/docs/display/ ... n+RouterOS
by Jotne
Sat May 02, 2020 5:09 pm
Forum: Scripting
Topic: How to delete a list in reverse order? [SOLVED]
Replies: 5
Views: 994

Re: How to delete a list in reverse order? [SOLVED]

Can you explain why you are doing this. I would not have dared to delete any access list (filter rule) just by number. If this are temporary access list I would have used some form of naming, and deleted them by name. This way script can not by accident delete important rules, and in worst case prev...
by Jotne
Sat May 02, 2020 9:41 am
Forum: Scripting
Topic: how do i get the system active user [SOLVED]
Replies: 15
Views: 2223

Re: how do i get the system active user [SOLVED]

Not sure what you try. What is the final goal? Why do you need to get users password in a script? /ppp secret This is where all user for remote connection (VPN) are stored. name=winbox This sounds like and admin user and should not be found here: /ppp secret winbox is a bad username both as vpn and ...
by Jotne
Sat May 02, 2020 9:23 am
Forum: Scripting
Topic: no such item (4) - FQDN address-list find where comment=X
Replies: 7
Views: 1018

Re: no such item (4) - FQDN address-list find where comment=X

I do agree that RouterOS is no good to debug. IF some stops, it should log a line telling where and what failed. At least on-error should pick this up so that the sctipt does not stop. I do see that this problem has been around for 10 years+ https://forum.mikrotik.com/viewtopic.php?t=26893 You need ...
by Jotne
Fri May 01, 2020 8:39 pm
Forum: Scripting
Topic: add addres-list in 6.43.16 and older
Replies: 5
Views: 863

Re: add addres-list in 6.43.16 and older

You are welcome.

This is why I always run scripts from command line wrapped in {} and change :log to :put, to see all what is going on.
by Jotne
Fri May 01, 2020 3:10 pm
Forum: Scripting
Topic: add addres-list in 6.43.16 and older
Replies: 5
Views: 863

Re: add addres-list in 6.43.16 and older

This works and was just posted some days ago by me. https://forum.mikrotik.com/viewtopic.php?f=9&t=160442&p=789115&hilit=address#p789115 { :local newIP 192.168.0.1 if ([:len [/ip firewall address-list find where address=$newIP list=Control]]=0) do { /ip firewall address-list add address=$newIP list=...
by Jotne
Fri May 01, 2020 12:46 pm
Forum: General
Topic: Apple devices flooding DHCP server
Replies: 15
Views: 3309

Re: Apple devices flooding DHCP server

I was thinking of blocking Apple devices ;)
by Jotne
Fri May 01, 2020 11:22 am
Forum: Scripting
Topic: no such item (4) - FQDN address-list find where comment=X
Replies: 7
Views: 1018

Re: no such item (4) - FQDN address-list find where comment=X

Its som hard to debug such a big script. If you wrap the script in {} and past it to the terminal, its easier to see where things go wrong. Same with put instead of log. All on screen when things are running. Also split the scripts up in parts and cut/past part by part to terminal. What version is y...
by Jotne
Fri May 01, 2020 9:11 am
Forum: Scripting
Topic: API DHCP leases
Replies: 2
Views: 689

Re: API DHCP leases

Not sure what is wrong, but I do use Splunk (syslog) with RouterOS to get all DHCP information.
Look at link in my signature for example.
by Jotne
Fri May 01, 2020 9:01 am
Forum: Scripting
Topic: no such item (4) - FQDN address-list find where comment=X
Replies: 7
Views: 1018

Re: no such item (4) - FQDN address-list find where comment=X

I know this error is due to fact that ROS is "forgetting" some dynamic entries during script execution but thiis is basically single, atomic instruction. This can be how ROS handles subroutines. Without showing the whole script its not easy to see what is wrong. Add the whole script in { } and cut ...
by Jotne
Fri May 01, 2020 8:50 am
Forum: Scripting
Topic: SCRIPT to research all the mangrove counters
Replies: 1
Views: 597

Re: SCRIPT to research all the mangrove counters

This command should do:
/ip firewall mangle reset-counters-all
by Jotne
Fri May 01, 2020 8:46 am
Forum: General
Topic: Apple devices flooding DHCP server
Replies: 15
Views: 3309

Re: Apple devices flooding DHCP server

I do agree that it can be done.
But around 100 buildings, 2-30 doors to enter in every building, it would be some mess to update :)
by Jotne
Thu Apr 30, 2020 8:23 pm
Forum: General
Topic: Apple devices flooding DHCP server
Replies: 15
Views: 3309

Re: Apple devices flooding DHCP server

Runs for the hills....................... Hint: Put a password on that guest wifi and busstop users wont be able to login. ;-P
Not as easy as it sounds. User now help them self and authenticate using SMS. If there is a password, users need to have a way to know the password.
by Jotne
Thu Apr 30, 2020 8:52 am
Forum: Announcements
Topic: MikroTik newsletter May 2020 (#95)
Replies: 43
Views: 22120

Re: MikroTik newsletter May 2020 (#95)

Will CCR2X series come out straight with ROSv7 or will it be part of the v6 family first?
Do you expect an answer from MT on this? They will not respond. :)
My guess, no, v7 is in early beta stage.
by Jotne
Wed Apr 29, 2020 8:17 pm
Forum: General
Topic: Auto updating ROS - yeah or nay?
Replies: 7
Views: 1282

Re: Auto updating ROS - yeah or nay?

Agree 100% with Sindy. There has been several times over the last year that an update has broken some on the router or change some that did make some stop. One thing I remember was change in some Wifi settings where user has set some that was not default. The upgrade did change some parameters so th...
by Jotne
Wed Apr 29, 2020 8:07 pm
Forum: Scripting
Topic: Issue with script adding IP to add-list from MAC-addr [SOLVED]
Replies: 2
Views: 828

Re: Issue with script adding IP to add-list from MAC-addr [SOLVED]

Just a quick question.
Is the goal to av access list for certain mac address and then to do some with it?

If this is IP from a DHCP, why not make those IP static?
I convert all my DHCP to static IP to make sure all clients gets same IP all the time.
by Jotne
Wed Apr 29, 2020 7:53 pm
Forum: Beginner Basics
Topic: Port forward with webserver
Replies: 16
Views: 1923

Re: Port forward with webserver

In see you like hairpin NAT ;)

Good thing we can use both if needed :)
by Jotne
Wed Apr 29, 2020 5:24 pm
Forum: Beginner Basics
Topic: Port forward with webserver
Replies: 16
Views: 1923

Re: Port forward with webserver

Here is a nice video on how to setup Hairpin NAT: https://www.youtube.com/watch?v=_kw_bQyX-3U Pros and cons using DNS vs Hairpin NAT. Hairpin NAT ========= Pros : Easy to setup Add new server without any internal NAT Cons: All packets going trough the router for devices on the same net. Gives more l...
by Jotne
Wed Apr 29, 2020 12:11 pm
Forum: Scripting
Topic: Dynamically created arrays
Replies: 3
Views: 871

Re: Dynamically created arrays

Create multiple array with mac as ID for all. One array has first seen, one array has last seen etc. Some like this maclist {A1:B1:C1:D1:E1:F1; A2:B2:C2:D2:E2:F2} maclist_firstseen {A1:B1:C1:D1:E1:F1=April202020;A2:B2:C2:D2:E2:F2=April252020} maclist_lastseen {A1:B1:C1:D1:E1:F1=April252020;A2:B2:C2:...
by Jotne
Wed Apr 29, 2020 9:48 am
Forum: Beginner Basics
Topic: Hacker attacks on CCR [SOLVED]
Replies: 9
Views: 2472

Re: Hacker attacks on CCR [SOLVED]

If you need to administer your Router from Outside, use VPN But if that is not an option, take care if you open WinBox on the outside IP. 1. Use a good and very strong username/password 2. Make sure routerOS is updated to latest version 3. Use access list to limit who can admin the router from outsi...
by Jotne
Wed Apr 29, 2020 9:42 am
Forum: Beginner Basics
Topic: bytes up/down calculated wrong
Replies: 6
Views: 1069

Re: bytes up/down calculated wrong

You can edit your own post, so you get all question in one post not 3 in some minutes. Click the pencil button above the post.
by Jotne
Wed Apr 29, 2020 8:46 am
Forum: Announcements
Topic: v6.46.6 [stable] is released!
Replies: 69
Views: 30069

Re: v6.46.6 [stable] is released!

Upgraded from 6.46.5 to 6.46.6 n so far I didnt see any better. Maybe need to wait for 6.46.7 for stability.
Did it get worse than 6.46.5? Do you have problems with 6.46.5? All fixes are not for all, so it may be that there are changes that makes it better for others.
by Jotne
Wed Apr 29, 2020 8:39 am
Forum: Scripting
Topic: Dynamically created arrays
Replies: 3
Views: 871

Re: Dynamically created arrays

To use Key=Value array, try this: Use {} around code so it can run directly from terminal, and change log to put to get info on screen. { :local array ({}) :local list {"1"; "2"; "3"} :foreach a in=$list do={ :set ( $array -> "$a" ) ({}) :set ( $array -> "$a" ) false } :put $array :set ($array -> "2...
by Jotne
Tue Apr 28, 2020 8:46 am
Forum: Scripting
Topic: Script for adding DNS entries to an address list fails.
Replies: 3
Views: 905

Re: Script for adding DNS entries to an address list fails.

Its better to test ting so you do not end up in error situation. And you should test if the IP is used in the actual list and not in any other access list. So do the testing. For the semicolon ; I am 100% sure you do not need it at the end of each line, it was change some time back. I have done some...
by Jotne
Tue Apr 28, 2020 12:36 am
Forum: General
Topic: mikrotik blocked my mac address! [SOLVED]
Replies: 14
Views: 2712

Re: mikrotik blocked my mac address! [SOLVED]

Maybe its the IP that is blocked not mac?
I have a rule on my Router like this. Try one non open port, get blocked for 24 hour.
by Jotne
Mon Apr 27, 2020 9:50 pm
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 117193

Re: v6.47beta [testing] is released!

As far as I have tested, you need to not accept DNS from your ISP to make DoH to work.
If you get DNS from ISP it will be used, so in
IP->DHCP Client->Open your outside interface->un-check "Use Peer DNS"
by Jotne
Mon Apr 27, 2020 8:06 pm
Forum: General
Topic: mikrotik blocked my mac address! [SOLVED]
Replies: 14
Views: 2712

Re: mikrotik blocked my mac address! [SOLVED]

You are on the public internet, and then try to access a device on the inside of your net using Telnet?

Post your config and we can have a look at it:
/export hide-sensitive
by Jotne
Mon Apr 27, 2020 7:47 pm
Forum: Beginner Basics
Topic: Port forward with webserver
Replies: 16
Views: 1923

Re: Port forward with webserver

@anav

Thanks for the detailed message. Off course we are here for learning and having fun.
I do learn new things every day and even then do mistake like blocking wrong IP: viewtopic.php?f=2&p=788996 :mrgreen:
by Jotne
Mon Apr 27, 2020 7:33 pm
Forum: General
Topic: Instagram not working [SOLVED]
Replies: 4
Views: 1345

Re: Instagram not working [SOLVED]

I found the error. It was and IP id did block some time ago, not sure why.
So stupid change on the router did make a big impact, since my wife nearly killed me :)
by Jotne
Mon Apr 27, 2020 3:35 pm
Forum: Beginner Basics
Topic: How to send PM to other user (ie. privately contacting a user)? [SOLVED]
Replies: 13
Views: 1825

Re: How to send PM to other user (ie. privately contacting a user)? [SOLVED]

This forum has PM disabled.
Why?

It has several times I would like to talk to a user in private, without expose my email to all.
by Jotne
Mon Apr 27, 2020 3:07 pm
Forum: Beginner Basics
Topic: Port forward with webserver
Replies: 16
Views: 1923

Re: Port forward with webserver

you won't need to touch it ever again, no matter how many hostnames you add/remove/change. Not 100% true. If you add a Webcamera on another IP than your Web server, you need to make some changes. You can as I do use a proxy server that handles all URL and send them to different server. Than you can...
by Jotne
Mon Apr 27, 2020 12:11 pm
Forum: Scripting
Topic: Script for adding DNS entries to an address list fails.
Replies: 3
Views: 905

Re: Script for adding DNS entries to an address list fails.

Your script has an error. :local tmpDomainName [/ip dns cache get $i name ]; This "name" will get the name of the host and store it to variable "tmpDomainName " Then this will fail, since "address" is an IP address :if ( [/ip firewall address-list find where address =$tmpDomainName] = "") do={ You n...
by Jotne
Mon Apr 27, 2020 11:53 am
Forum: Beginner Basics
Topic: Port forward with webserver
Replies: 16
Views: 1923

Re: Port forward with webserver

If you are on the inside of your network, where the server is, you need a DNS pointing to the internal address. You can not use the external address on the inside network. There are other ways to do it, but add a static DNS of your inside DNS server pointing to the inside IP, are the simplest way to...
by Jotne
Mon Apr 27, 2020 12:06 am
Forum: Scripting
Topic: Auto upgrade script
Replies: 20
Views: 25409

Re: Auto upgrade script

I do not recommend 100% automatically upgrade with new firmware.
There hare over the last years been bug or changes in the firmware that has broken some stuff.
Make sure you could delay it until you are 100% sure it does not brakes your device(s).
by Jotne
Mon Apr 27, 2020 12:02 am
Forum: General
Topic: System -> Auto Upgrade howto?
Replies: 3
Views: 13013

Re: System -> Auto Upgrade howto?

I do not recommend 100% automatically upgrade with new firmware.
There hare over the last years been bug or changes in the firmware that has broken some stuff.
Make sure you could delay it until you are 100% sure it does not brakes your device(s).
by Jotne
Sun Apr 26, 2020 5:34 pm
Forum: General
Topic: Instagram not working [SOLVED]
Replies: 4
Views: 1345

Instagram not working [SOLVED]

I have a strange problem. For some reason Instagram stopped working. To be exact Instagram does not show Video of photos after login. Text and placeholder for image shows up. This is second time this has happen. 1 time was some week ago and it was like this for nearly one week. It just started worki...
by Jotne
Sun Apr 26, 2020 9:50 am
Forum: Scripting
Topic: ASK [random wifi password generator]
Replies: 21
Views: 2940

Re: ASK [random wifi password generator]

You could change the
len=20
to
 len=5
in the URL to get a shorter one, or try to find an other web page that you have more control of the password generation.
by Jotne
Sun Apr 26, 2020 9:41 am
Forum: General
Topic: port forwarding only works with one port
Replies: 13
Views: 2013

Re: port forwarding only works with one port

Use code tags button </> when posting codes. This one many do wrong. /ip address add address=192.168.20.1/24 comment=defconf interface= sfp-sfpplus1 network=192.168.20.0 Inside IP must be assign to the bridge and not the interface, if the interface is a part of a bridge, so like this: /ip address ad...
by Jotne
Sun Apr 26, 2020 12:20 am
Forum: Beginner Basics
Topic: parental control
Replies: 5
Views: 1257

Re: parental control

https://blog.cloudflare.com/introducing-1-1-1-1-for-families/ This works even better if you have a redirect of port 53 to your DNS, so user can not change their DNS to some other manually. For anyone who like to pass this, just use VPN, f.eks Hola free VPN for Chrome. https://hola.org/ But it preven...
by Jotne
Sat Apr 25, 2020 10:35 pm
Forum: Scripting
Topic: DHCP automatic dynamic to static
Replies: 5
Views: 3671

Re: DHCP automatic dynamic to static

Host name will stay in the lease as host-name field. But if you like to add it in the comment field as well, this should do: # Created Jotne 2020 v1.3 # # This scripts converts all DHCP release to static automatically # It should run on all routerOS version # Test if this is a Bound session and the ...
by Jotne
Sat Apr 25, 2020 10:11 pm
Forum: General
Topic: port forwarding only works with one port
Replies: 13
Views: 2013

Re: port forwarding only works with one port

Sindy asked you do post this:
/export hide-sensitive
by Jotne
Sat Apr 25, 2020 4:56 pm
Forum: General
Topic: Ssh problems trying to login !!
Replies: 6
Views: 1309

Re: Ssh problems trying to login !!

If you use MT as a pure Switch, this will work.
If you do Routing NAT etc, you can not have same IP net on inside/outside of MT Router.

Can you post the config of out MT Router?
/export hide-sensitive
by Jotne
Fri Apr 24, 2020 3:14 pm
Forum: Scripting
Topic: log changes to routing table?
Replies: 1
Views: 713

Re: log changes to routing table?

May be possible using script on the router, but It would be a complicated script, if at all possible. What you can do is to send all routes every 5 minutes (or any time you like) to syslog server like Splunk. Then Splunk could easy show changes from on 5 min to another 5 min. Sy my signatur link for...
by Jotne
Fri Apr 24, 2020 1:19 pm
Forum: General
Topic: Fasttrack not working.
Replies: 18
Views: 2858

Re: Fasttrack not working.

First thing I need to turn off is Fasttrack to get QoS and other stuff to work :)
by Jotne
Fri Apr 24, 2020 1:17 pm
Forum: Scripting
Topic: delete address list old than 7 days
Replies: 14
Views: 2378

Re: delete address list old than 7 days

I just mailed MT and asked about date in RouterOS logs. There are two problems. 1. Less than 24 hour, only using hour/min/sec 2. More than 24 hour uses monh/date hour/min/sec where moth are written with name "mar/apr" So I asked for all log to logg with full info like 2020-04-24 12:15 This makes cal...
by Jotne
Fri Apr 24, 2020 8:43 am
Forum: General
Topic: L2TP/IPSEC and Android Disconnect after ~83 seconds
Replies: 13
Views: 4010

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Huawei with andorid 9
RouterOS 6.45.8
L2TP/IPSec stats connected.
by Jotne
Thu Apr 23, 2020 1:08 pm
Forum: Scripting
Topic: The issue of get log time
Replies: 2
Views: 813

Re: The issue of get log time

Response from MikroTik Hello, This is used only for viewing logs on the router, not for log collectors. If yu want to collect logs, set up syslog server and send all logs to that server. Then on your server you can set timestamp in any human readable format you like. My response to this is that not ...
by Jotne
Thu Apr 23, 2020 10:52 am
Forum: Beginner Basics
Topic: NAT not work
Replies: 6
Views: 1088

Re: NAT not work

Do you have multiple NAT, since your router has 192.168.xx.10 (private IP)?
by Jotne
Thu Apr 23, 2020 10:15 am
Forum: Scripting
Topic: The issue of get log time
Replies: 2
Views: 813

Re: The issue of get log time

I think the month/date is added if its more than 24 hour since its logged. Nothing to do with timezone/NTP etc. apr/14 12:43:14 ssh,error disabling '/ip ssh strong-crypto' may help 09:19:17 system,error,critical login failure for user test from 10.10.10.178 via ssh I agree this not a good standard, ...
by Jotne
Thu Apr 23, 2020 9:58 am
Forum: Scripting
Topic: Regex: How to get matched content? [SOLVED]
Replies: 2
Views: 877

Re: Regex: How to get matched content? [SOLVED]

What you is looking for is called capturing group. It des not look like RouterOS support capturing group or named capturing group. { :local regexTestString "my test string bla bla" :if ( $regexTestString ~".*(?<tt>test.*)" ) do={ :put "regex match: $tt" } } RouterOS regex info: https://wiki.mikrotik...
by Jotne
Thu Apr 23, 2020 9:24 am
Forum: Beginner Basics
Topic: NAT not work
Replies: 6
Views: 1088

Re: NAT not work

add action=dst-nat chain=dstnat comment=win_box_9999 dst-port=9999 \ in-interface=ether1 protocol=tcp to-addresses=192.168.1.1 to-ports=8291 This is wrong as well. Winbox is used on the closest IP on the router. So from outside, it's your outside IP 192.168.xxx.10, and from inside, it's your inside...
by Jotne
Thu Apr 23, 2020 8:41 am
Forum: General
Topic: Security: Address(es) of MikroTik update server(s) needed [SOLVED]
Replies: 10
Views: 2151

Re: Security: Address(es) of MikroTik update server(s) needed [SOLVED]

NSA backdoor, botnets, ransomware, bugs, ... I read in old news and postings that in 2017/2018 the NSA already had hacked the RouterOS --> just research yourself. Here are the statements of MikroTik dated 30th May, 2018 and later: https://blog.mikrotik.com/security/www-vulnerability.html Here is th...
by Jotne
Thu Apr 23, 2020 8:27 am
Forum: Scripting
Topic: ASK [random wifi password generator]
Replies: 21
Views: 2940

Re: ASK [random wifi password generator]

Its more or less the same as I wrote above. Use code tags around your script. Select code and click the </> button.

:put $pass
is not needed.

You need to create a schedule for it to run weekly.
by Jotne
Wed Apr 22, 2020 11:18 pm
Forum: General
Topic: Security: Address(es) of MikroTik update server(s) needed [SOLVED]
Replies: 10
Views: 2151

Re: Security: Address(es) of MikroTik update server(s) needed [SOLVED]

What is exactly you like to block that is originate from the Router itself destined to internet?

I know you can setup scripts to fetch html pages etc.
by Jotne
Wed Apr 22, 2020 11:14 pm
Forum: RouterOS v7 BETA
Topic: beta5 bug: '/export verbose' hangs
Replies: 9
Views: 2059

Re: beta5 bug: '/export verbose' hangs

MT will never answer that. Only some like "when its ready" :)
by Jotne
Wed Apr 22, 2020 9:35 pm
Forum: RouterOS v7 BETA
Topic: beta5 bug: '/export verbose' hangs
Replies: 9
Views: 2059

Re: beta5 bug: '/export verbose' hangs

Remember this is early beta, not for production. Just for test and feedback :)
If you find errors, you should also send an email to support@mikrotik.com
by Jotne
Wed Apr 22, 2020 8:48 pm
Forum: Scripting
Topic: Function: IP to Decimal
Replies: 11
Views: 2836

Re: Function: IP to Decimal

:oops: :oops: :oops:

Did forget that on my test router did not have ipv6 :)
Works now.
by Jotne
Wed Apr 22, 2020 8:39 pm
Forum: Scripting
Topic: ASK [random wifi password generator]
Replies: 21
Views: 2940

Re: ASK [random wifi password generator]

I split it up, so I could see what does not work.

If you have more than one line of commands, you need to wrap then in {} or [] to run from terminal. In script this is not needed.

Not work on terminal
:local test 123
:put $test
This work
{
:local test 123
:put $test
}
by Jotne
Wed Apr 22, 2020 12:20 pm
Forum: General
Topic: DNS over HTTPS
Replies: 23
Views: 3612

Re: DNS over HTTPS

I just added this to Use Doh Server
https://1.1.1.1/dns-query
I think its better to use IP only, so you do not need extra DNS server, to just resolve the DoH server
by Jotne
Wed Apr 22, 2020 12:15 pm
Forum: RouterOS v7 BETA
Topic: beta5 bug: '/export verbose' hangs
Replies: 9
Views: 2059

Re: beta5 bug: '/export verbose' hangs

Fails for me as well.
by Jotne
Wed Apr 22, 2020 11:54 am
Forum: Scripting
Topic: ASK [random wifi password generator]
Replies: 21
Views: 2940

Re: ASK [random wifi password generator]

Then try :interface wireless security-profiles print to get then name of your profile. Then run after change your_profile to your profile :interface wireless security-profiles set your_profile wpa2-pre-shared-key="test" Does this work? NB I do not have Wifi device so need to take on test at a time. ...
by Jotne
Wed Apr 22, 2020 9:25 am
Forum: Scripting
Topic: /tool fetch via specific interface?
Replies: 3
Views: 2403

Re: /tool fetch via specific interface?

I think this can be done by adding a static route to site you like to fetch to the second wan interface.
by Jotne
Wed Apr 22, 2020 8:31 am
Forum: Scripting
Topic: Function: IP to Decimal
Replies: 11
Views: 2836

Re: Function: IP to Decimal

For this I do get:
 :put (fe80::0 | ::8) 
Script Error: cannot compute bitwise "or" of internal number and internal number