Community discussions

Search found 125 matches

by baragoon
Wed Oct 02, 2019 12:46 pm
Forum: Beginner Basics
Topic: allow only 10 server IP to access on mikrotik
Replies: 4
Views: 430

Re: allow only 10 server IP to access on mikrotik

yes
use "/ip service" for limiting access to winbox, ssh, etc.
by baragoon
Fri Aug 02, 2019 2:48 pm
Forum: Beginner Basics
Topic: Router for 1Gbit Wan from Mikrotik (What model?)
Replies: 4
Views: 744

Re: Router for 1Gbit Wan from Mikrotik (What model?)

vmunix ~ $ speedtest-cli Retrieving speedtest.net configuration... Testing from Maximum-Net LLC (9x.xx8.x5.xx0)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by PROSTO (Kiev) [0.52 km]: 10.844 ms Testing download speed.........................................
by baragoon
Tue Jul 30, 2019 1:29 pm
Forum: General
Topic: NAT to a local server
Replies: 25
Views: 1883

Re: NAT to a local server


/ip firewall nat add chain=dstnat action=dst-nat protocol=tcp in-interface=WAN-INTERFACE dst-address=WAN-IP dst-port=4000 to-addresses=192.168.88.246 to-ports=80 comment="NAT HTTP"

by baragoon
Tue Jul 02, 2019 10:34 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 69600

Re: v6.45.1 [stable] is released!

Openvpn broken on v6.45.1. Downgrading back to 6.44.3 and it works.
On client side logs observing this line repeatedly
openvpn[30190]: write to TUN/TAP : Invalid argument (code=22)
by baragoon
Wed May 15, 2019 10:08 am
Forum: General
Topic: dst-nat with changing port
Replies: 20
Views: 1102

Re: dst-nat with changing port

/ip firewall nat
add action=netmap chain=dstnat dst-address=WAN.IP.ADD.RESS dst-port=8122 protocol=tcp to-addresses=172.21.2.3 to-ports=22
should work
by baragoon
Thu Apr 11, 2019 12:31 pm
Forum: Beginner Basics
Topic: I can't get more than 20MB trafic, help
Replies: 2
Views: 276

Re: I can't get more than 20MB trafic, help

20MB is more than 100mb
by baragoon
Tue Mar 05, 2019 8:50 am
Forum: General
Topic: ROS 6.44 - VPN L2TP not working
Replies: 23
Views: 5616

Re: ROS 6.44 - VPN L2TP not working

The issue will be fixed in the next RouterOS release.
universal answer :lol:
by baragoon
Fri Mar 01, 2019 9:15 am
Forum: Wireless Networking
Topic: CAPsMAN - different IP POOLs for 2 WLANs
Replies: 4
Views: 323

Re: CAPsMAN - different IP POOLs for 2 WLANs

use different datapaths with different bridges with different dhcp-servers with different ip-pools assigned.
by baragoon
Tue Feb 26, 2019 10:40 am
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 36247

Re: v6.44 [stable] is released!

v6.44 does not contain:
""!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);" ?
It is no information in changelog.
The issue is fixed in:

6.43.12 (2019-02-11 14:39)
6.44beta75 (2019-02-11 15:26)
6.42.12 (2019-02-12 11:46)
by baragoon
Tue Feb 26, 2019 7:48 am
Forum: Beginner Basics
Topic: Control kids iPad usage time
Replies: 9
Views: 975

Re: Control kids iPad usage time

Why not to use built-in ios screen time? https://support.apple.com/en-us/HT208982?
by baragoon
Wed Feb 06, 2019 12:05 pm
Forum: General
Topic: [RB951G-2HnD] 300Mbps Internet bottleneck
Replies: 6
Views: 818

Re: [RB951G-2HnD] 300Mbps Internet bottleneck

2) In case of upgrade, wich router should i go for? a 4011 will be fine?
any requirements?
by baragoon
Tue Feb 05, 2019 11:50 am
Forum: General
Topic: DNS resolution vulnerability
Replies: 7
Views: 588

Re: DNS resolution vulnerability

Do you have a solution?
lol
yes, close tcp and udp 53 from WAN side.
by baragoon
Mon Feb 04, 2019 8:13 am
Forum: General
Topic: Two SSID, Two DHCP servers
Replies: 13
Views: 929

Re: Two SSID, Two DHCP servers

set
local-forwarding=no
for guest ap
by baragoon
Tue Jan 29, 2019 2:22 pm
Forum: General
Topic: help : whatsapp ip pool connect with vpn
Replies: 9
Views: 771

Re: help : whatsapp ip pool connect with vpn

i have many ip . but for try i add this only
just i do this setting then its its wprk with any my client with out connect vpn ?
yes.
if now this ip is inaccessible try if you can ping it after you add static route to it via vpn.
by baragoon
Tue Jan 29, 2019 12:35 pm
Forum: General
Topic: help : whatsapp ip pool connect with vpn
Replies: 9
Views: 771

Re: help : whatsapp ip pool connect with vpn

are you sure that whatsapp using only 157.240.22.52?
to add route to 157.240.22.52 via vpn just type in terminal
/ip route add dst-address=157.240.22.52/32 gateway=pptp-out1
or gateway=pptp-out2 (you have 2 pptp-out connections)
by baragoon
Tue Jan 29, 2019 10:36 am
Forum: General
Topic: help : whatsapp ip pool connect with vpn
Replies: 9
Views: 771

Re: help : whatsapp ip pool connect with vpn

bro if i give you my router access you do for me . if u want i pay you
it is not necessary
do you have ssh access to router?
if yes, post output of
/export hide-sensitive
command here and I'll try to help you.
by baragoon
Tue Jan 29, 2019 9:40 am
Forum: General
Topic: help : whatsapp ip pool connect with vpn
Replies: 9
Views: 771

Re: help : whatsapp ip pool connect with vpn

/ip route
add distance=1 dst-address=whatsapp_pool/mask gateway=vpn_client_interface
by baragoon
Wed Jan 16, 2019 12:38 pm
Forum: Wireless Networking
Topic: How to for a guest network that can't access the internal network
Replies: 22
Views: 1425

Re: How to for a guest network that can't access the internal network

I see this option but I don't understand how to make it a guest network that can only access the internet and none of the rest of my internal network. In fact it looks like this loads my existing wifi configuration which i do not want to screw with at all. You can disable connectivity between lan a...
by baragoon
Wed Jan 16, 2019 11:51 am
Forum: Wireless Networking
Topic: How to for a guest network that can't access the internal network
Replies: 22
Views: 1425

Re: How to for a guest network that can't access the internal network

if you banned in google the best way for you is quickset which allow to setup guest wifi ap. Sorry I have no idea what you're talking about. A quick setup how to for guest wifi is what I'm looking for but cannot find. Quick Set - first upper button on left bar in Winbox. https://forum.mikrotik.com/...
by baragoon
Wed Jan 16, 2019 11:32 am
Forum: Wireless Networking
Topic: How to for a guest network that can't access the internal network
Replies: 22
Views: 1425

Re: How to for a guest network that can't access the internal network

https://www.marthur.com/networking/mikrotik-setup-guest-wifi/201/ According to the comments this one is outdated. Also I have no option for "Master-interface: ap-private". I have only wlan1 and wlan2. if you banned in google the best way for you is quickset which allow to setup guest wifi ap.
by baragoon
Wed Jan 16, 2019 8:24 am
Forum: General
Topic: How to use Mikrotik router as a “switch”?
Replies: 8
Views: 1139

Re: How to use Mikrotik router as a “switch”?

It is hAP ac².

Your code just puts all interfaces to the bridge.
What about IP?
add dhcp client to bridge
by baragoon
Wed Jan 16, 2019 8:18 am
Forum: General
Topic: v7 routeros
Replies: 12
Views: 3154

Re: v7 routeros

Незабаром
by baragoon
Mon Jan 14, 2019 9:36 am
Forum: Beginner Basics
Topic: cant access https website through VPN
Replies: 4
Views: 321

Re: cant access https website through VPN

Hello,

I configured L2TP/IPSec vpn connection.
Everything works, i am able to view resources in local network, but cannot acces website (loading stuck on establihing secure connection in chrome).
What can be possible cause ?
masquerade rule?
by baragoon
Thu Jan 03, 2019 12:53 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 90606

Re: Feature Request: OpenVPN [ovpn] udp tunnels

just to know, do you know an approximate release date? I would not wait all 2019 ...
in a far future :lol:
by baragoon
Thu Jan 03, 2019 12:17 pm
Forum: General
Topic: tool kid-control
Replies: 42
Views: 13039

Re: tool kid-control

I have logged a Ticket with MikroTik Support #2019010322002594, let's see what happens. 8)
will be fixed with ROS7 (c) :lol:
by baragoon
Thu Jan 03, 2019 12:15 pm
Forum: Wireless Networking
Topic: Redirect traffic from specific device to another local ip
Replies: 7
Views: 448

Re: Redirect traffic from specific device to another local ip

And @Chaos your solution is also not working. As I said in the other posts: Can I do it on my Router/Bridge at home or do I have to ask my provider to do this at their router which is the gateway of our devices?
you should do it here - MikroTik RBLHG5nD - 192.168.1.1
by baragoon
Thu Jan 03, 2019 11:22 am
Forum: Wireless Networking
Topic: Redirect traffic from specific device to another local ip
Replies: 7
Views: 448

Re: Redirect traffic from specific device to another local ip

try something like this
/ip firewall nat add action=netmap chain=dstnat protocol=tcp src-address=nintendo_ip to-addresses=raspberry_ip
by baragoon
Fri Dec 21, 2018 9:40 am
Forum: Announcements
Topic: MikroTik News December 2018 (Issue #86)
Replies: 25
Views: 8786

Re: MikroTik News December 2018 (Issue #86)

Cool, RouterOS v7!
Is there a changelog?
:lol:
by baragoon
Wed Dec 05, 2018 12:10 pm
Forum: Beginner Basics
Topic: SSH login
Replies: 6
Views: 592

Re: SSH login

Ok fine. Thanks for your reply. So how can I find out the SSH version.
Already answered, Protocol version is 2
vmunix ~ $ telnet hex 22
Trying 1xx.xx.xx.xx...
Connected to hex.
Escape character is '^]'.
SSH-2.0-ROSSSH
^]
telnet> Connection closed.
by baragoon
Thu Nov 08, 2018 9:36 am
Forum: Wireless Networking
Topic: WiFi for apartment
Replies: 3
Views: 566

Re: WiFi for apartment

Cap ac2
Cap AC2?
by baragoon
Tue Oct 23, 2018 9:36 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 24435

Re: v6 RC and v7 BETA

At least we know that folders already exist.
Great news! xD
by baragoon
Tue Sep 25, 2018 1:14 pm
Forum: General
Topic: RouterOS VMWare - Internet Connection Very Slow
Replies: 5
Views: 834

Re: RouterOS VMWare - Internet Connection Very Slow

Hi Guys, Would the license level cause this issue? The RouterOS is currently using a Free License (just for testing) will be upgraded to a paid license once we are happy that it is working as we are expecting it too. Regards The free license level allows CHR to run indefinitely. It is limited to 1M...
by baragoon
Tue Sep 18, 2018 1:47 pm
Forum: General
Topic: How to offer to pay for a new feature?
Replies: 6
Views: 641

Re: How to offer to pay for a new feature?

You can rise the feature request here. May happen everyone would like it too like you and mikrotik will hear all and one day after few years you can get it in beta.
maybe :)
by baragoon
Tue Sep 18, 2018 9:23 am
Forum: General
Topic: add static dns
Replies: 5
Views: 716

Re: add static dns

everything works, added 2 static entries
ip dns static export
---
add address=127.0.0.1 name=sample.com
add address=127.0.0.1 name=www.sample.com
by baragoon
Thu Sep 06, 2018 10:05 am
Forum: Wireless Networking
Topic: High ping in online game when a person is walking between router and notebook
Replies: 5
Views: 452

Re: High ping in online game when a person is walking between router and notebook

Thanks for help, gonna do it today. No privat information in this export text?
hide-sensitive means hide private info
by baragoon
Thu Sep 06, 2018 9:47 am
Forum: Wireless Networking
Topic: High ping in online game when a person is walking between router and notebook
Replies: 5
Views: 452

Re: High ping in online game when a person is walking between router and notebook

login via ssh and run
/export hide-sensitive
and copy-paste here
by baragoon
Wed Aug 29, 2018 9:56 am
Forum: Wireless Networking
Topic: CAPsMAN - can't get 5GHz band on wAP ac to work [SOLVED]
Replies: 14
Views: 1856

Re: CAPsMAN - can't get 5GHz band on wAP ac to work [SOLVED]

Try to create interfaces. This is my example: /caps-man interface add arp=enabled channel.band=2ghz-onlyn channel.reselect-interval=1d configuration=cfg2 disabled=no l2mtu=1600 mac-address=XX:XX:XX:XX:XX:X7 master-interface=none mtu=1500 \ name=cap-wlan2 radio-mac=XX:XX:XX:XX:XX:X7 add channel.band=...
by baragoon
Wed Aug 29, 2018 9:06 am
Forum: Wireless Networking
Topic: CAPsMAN - can't get 5GHz band on wAP ac to work [SOLVED]
Replies: 14
Views: 1856

Re: CAPsMAN - can't get 5GHz band on wAP ac to work [SOLVED]

/caps-man interface export
?
by baragoon
Fri Jul 20, 2018 4:39 am
Forum: RouterBOARD hardware
Topic: hAP ac lite without a beep
Replies: 4
Views: 1158

Re: hAP ac lite without a beep

does not have hardware support for sound
yep. hAP ac lite does not have hardware support for sound
by baragoon
Wed Jul 18, 2018 2:11 pm
Forum: General
Topic: SSH login with certs only [SOLVED]
Replies: 9
Views: 1467

Re: SSH login with certs only [SOLVED]

There is no option that can disable password login.
really?
by baragoon
Tue May 29, 2018 3:25 pm
Forum: Wireless Networking
Topic: Superchannel ?
Replies: 6
Views: 2668

Re: Superchannel ?

simply set wireless-mode=superchannel in your device wireless settings. then set any frequency outside regular range, but note that the built in antenna is not very good for 4.9 or 6GHz. Use something within 5GHz.
What if I'm using capsman?


Отправлено с моего iPhone используя Tapatalk
by baragoon
Fri May 11, 2018 7:45 am
Forum: Beginner Basics
Topic: Uh, can I think of the hAP ac as a wireless router?
Replies: 40
Views: 2917

Re: Uh, can I think of the hAP ac as a wireless router?

Yes, it can be a wireless router.

Mikrotik will do everything the Netgear can and beyond.
even openvpn over udp? :)
by baragoon
Fri Apr 27, 2018 8:00 am
Forum: General
Topic: hardware offload for rb922 and hEX
Replies: 12
Views: 3687

Re: hardware offload for rb922 and hEX

disable (r)stp and hw-offload will work
by baragoon
Tue Apr 24, 2018 2:34 pm
Forum: General
Topic: Feature Request: SOCKS5 proxy
Replies: 28
Views: 34336

Re: Feature Request: SOCKS5 proxy

8 years and still nothing...
Image
by baragoon
Mon Apr 23, 2018 10:35 am
Forum: General
Topic: hap ac lite - ether ports max 100MBs
Replies: 4
Views: 432

Re: hap ac lite - ether ports max 100MBs

100MB only.
Hi is expecting 100 Megabytes per second on 100 megabit per second interface :D
I know Mikrotik is awesome with a list of features, but how do you expect something that is only 10/100Mbps to work at 1000Mbps?

https://mikrotik.com/product/RB952Ui-5ac2nD
by baragoon
Wed Apr 04, 2018 2:54 pm
Forum: General
Topic: CloudFlare DNS over TLS
Replies: 41
Views: 18243

Re: CloudFlare DNS over TLS

Will be implemented in ROS v7 :D
by baragoon
Wed Apr 04, 2018 2:52 pm
Forum: Virtualization
Topic: Metarouter: failed to import image
Replies: 4
Views: 982

Re: Metarouter: failed to import image

Because RB951-2n Storage size 64 MB and RB962UiGS-5HacT2HnT Storage size 16 MB
OMG... this is fail.... :(
and I see that total hdd size if 16MiB, but free size is only 1540 KiB...

so, no chance to have meta router with openwrt? may be usb stick can be used as storage?
any chances
by baragoon
Wed Apr 04, 2018 2:39 pm
Forum: Virtualization
Topic: Metarouter: failed to import image
Replies: 4
Views: 982

Re: Metarouter: failed to import image

Because RB951-2n Storage size 64 MB and RB962UiGS-5HacT2HnT Storage size 16 MB
by baragoon
Fri Mar 16, 2018 10:03 am
Forum: Beginner Basics
Topic: Very slow WiFi download speed. (MikroTik hAP ac2) [SOLVED]
Replies: 25
Views: 18398

Re: Very slow WiFi download speed. (MikroTik hAP ac2) [SOLVED]

Same problem is in hap ac lite. It justifies each other differently. Just do not use the mikrotik as a home appliance. my hap ac lite and LG 55UJ635V (5 meters distance): connected to 5hgz (ac) can't reach more ~ 10mbps connected to 5hgz (n) can't reach more ~ 40mbps connected to 2hgz (n) can't rea...
by baragoon
Tue Oct 31, 2017 8:49 am
Forum: General
Topic: HAIRPIN HAT not working [SOLVED]
Replies: 33
Views: 2580

Re: HAIRPIN HAT not working [SOLVED]

try to add this one
/ip firewall nat add action=netmap chain=dstnat dst-address=WAN_IP dst-port=443,80 protocol=tcp to-addresses=192.168.10.10
by baragoon
Fri Oct 13, 2017 2:48 pm
Forum: Beginner Basics
Topic: Disabling info about ssh logging
Replies: 19
Views: 1547

Re: Disabling info about ssh logging

bump
by baragoon
Wed Oct 11, 2017 12:05 pm
Forum: Beginner Basics
Topic: Disabling info about ssh logging
Replies: 19
Views: 1547

Re: Disabling info about ssh logging

and as usual question about ovpn-server and "warning duplicate packet, dropping" remains without answer...
by baragoon
Tue Oct 10, 2017 8:44 am
Forum: Beginner Basics
Topic: Disabling info about ssh logging
Replies: 19
Views: 1547

Re: Disabling info about ssh logging

Please do the following when you want to get rid of specific logs: 1) Take a look at log entry topics: 15:39:14 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 2) Now look for all related topics under "/system logging menu". For example: ":foreach i in=([/system logging fin...
by baragoon
Sun Jul 02, 2017 8:09 pm
Forum: Beginner Basics
Topic: Purely Internal UPnP across two networks possible?
Replies: 1
Views: 328

Re: Purely Internal UPnP across two networks possible?

No


Отправлено с моего iPhone используя Tapatalk
by baragoon
Mon Jun 26, 2017 12:56 pm
Forum: General
Topic: My Router was Hacked? -- Weird stuff
Replies: 7
Views: 1612

Re: My Router was Hacked? -- Weird stuff

setup an extensive firewall.
with 53 udp opened :D
by baragoon
Mon Jun 05, 2017 8:18 pm
Forum: General
Topic: Can I block HTTPS site with proxy?
Replies: 11
Views: 3200

Re: Can I block HTTPS site with proxy?

Layer 7 or DNS regexp mb.


Отправлено с моего iPhone используя Tapatalk
by baragoon
Mon Jun 05, 2017 3:14 pm
Forum: General
Topic: Can I block HTTPS site with proxy?
Replies: 11
Views: 3200

Re: Can I block HTTPS site with proxy?

No. HTTPS isn't supported by mikrotik proxy.


Отправлено с моего iPhone используя Tapatalk
by baragoon
Sun Apr 16, 2017 1:56 pm
Forum: Wireless Networking
Topic: hap ac lite files gone after reboot
Replies: 2
Views: 928

Re: hap ac lite files gone after reboot

Lol. Place files inside flash directory and they will be there after reboot.


Отправлено с моего iPhone используя Tapatalk
by baragoon
Sun Apr 09, 2017 1:37 pm
Forum: General
Topic: port forwarding not working routeros v6.38.5
Replies: 1
Views: 636

Re: port forwarding not working routeros v6.38.5

And?


Отправлено с моего iPhone используя Tapatalk
by baragoon
Wed Apr 05, 2017 9:31 am
Forum: Wireless Networking
Topic: Mikrotik wi-fi and Iphone = problem
Replies: 69
Views: 45075

Re: Mikrotik wi-fi and Iphone = problem

Guys, this is international forum with only English allowed. If you want to talk russian - go to russian mikrotik unofficial forum. If you want to help us - help. If to teach us to rules - go the wood. There is an official support through tikets, but they don't answer questions. If you breaking for...
by baragoon
Wed Apr 05, 2017 8:20 am
Forum: Wireless Networking
Topic: Mikrotik wi-fi and Iphone = problem
Replies: 69
Views: 45075

Re: Mikrotik wi-fi and Iphone = problem

Guys, this is international forum with only English allowed.
If you want to talk russian - go to russian mikrotik unofficial forum.
by baragoon
Mon Mar 27, 2017 10:48 am
Forum: Wireless Networking
Topic: WiFi Roaming (small-sized installation)
Replies: 9
Views: 4566

Re: WiFi Roaming (small-sized installation)

You didn't clarified your indoor and outdoor areas need to be covered.
by baragoon
Mon Mar 27, 2017 9:12 am
Forum: Wireless Networking
Topic: WiFi Roaming (small-sized installation)
Replies: 9
Views: 4566

Re: WiFi Roaming (small-sized installation)

without switching the wifi APs.
This is physically impossible to move client from one ap to another without switching.
It can be 2 aps in capsman and client will move between them with minimal connectivity loss.
by baragoon
Tue Mar 07, 2017 9:40 am
Forum: Forwarding Protocols
Topic: PIM-SM issue
Replies: 2
Views: 535

Re: PIM-SM issue

I'm also tried to make multicast working across different subnets and may say that it's not working.
by baragoon
Fri Mar 03, 2017 8:55 pm
Forum: Wireless Networking
Topic: Wi-Fi speed issues on hAP AC Lite
Replies: 37
Views: 17638

Wi-Fi speed issues on hAP AC Lite

I'm having hap ac lite and 70mbps with 5ghz in single chain with iPhone 5s and laptop with Broadcom wlan adapter. I think this is normal behavior.

Image

Отправлено с моего iPhone используя Tapatalk
by baragoon
Fri Mar 03, 2017 10:01 am
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 9
Views: 2640

Re: Very strange environment variables. Did I get hacked?

There is no logins to ssh, webfig or winbox except of my so this is a bug and not hacked device


Отправлено с моего iPhone используя Tapatalk
by baragoon
Fri Mar 03, 2017 7:42 am
Forum: General
Topic: Very strange environment variables. Did I get hacked?
Replies: 9
Views: 2640

Re: Very strange environment variables. Did I get hacked?

Same envs on latest rc
Image
by baragoon
Tue Feb 28, 2017 7:35 pm
Forum: General
Topic: Feature Request - Option to hide Quick Set Page
Replies: 5
Views: 1152

Re: Feature Request - Option to hide Quick Set Page

+1 for option to completely disable quickset


Отправлено с моего iPhone используя Tapatalk
by baragoon
Mon Feb 27, 2017 9:00 am
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2843

Re: Hairpin nat weirdness

Main problem is source ip of hairpined connection, all these connects coming with router ip and i'm unable to understand who is connected.
by baragoon
Sun Feb 26, 2017 8:03 pm
Forum: General
Topic: 'Hairpin NAT' in 6.38.3 - How should it be done?
Replies: 4
Views: 2211

Re: 'Hairpin NAT' in 6.38.3 - How should it be done?

Try to remove out interface from rules 1-3


Отправлено с моего iPhone используя Tapatalk
by baragoon
Sun Feb 26, 2017 4:47 pm
Forum: Beginner Basics
Topic: WOL from WAN
Replies: 20
Views: 8958

Re: WOL from WAN

very simple first add static arp entry, for example /ip arp add address=172.16.69.30 interface=br-lan mac-address=FF:FF:FF:FF:FF:FF next forward 9 udp port from wan to lan with address from the previously created static arp /ip firewall nat add action=netmap chain=dstnat comment=wol dst-port=9 proto...
by baragoon
Sat Feb 25, 2017 3:39 pm
Forum: Beginner Basics
Topic: Binding web gui to inside interface?
Replies: 4
Views: 608

Re: Binding web gui to inside interface?

/ip service
set www address=192.168.1.0/24
replace 192.168.1.0/24 to your local network address
by baragoon
Sat Feb 25, 2017 3:35 pm
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2843

Re: Hairpin nat weirdness

i just want to have access to nated ports via external_ip:port from my lan without masquerading like in any other routers
by baragoon
Fri Feb 24, 2017 6:20 pm
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2843

Re: Hairpin nat weirdness

No. I disabled firewall in bridge settings. Nothing changed. I can believe that is normal when I can access nated ports via vpn without hairpin (yes, vpn have another subnet - 172.16.69.16/27) but i repeat that I can access nated ports (opened ssh from 172.16.69.2 wired connected pc) via my cell pho...
by baragoon
Thu Feb 23, 2017 9:22 am
Forum: Wireless Networking
Topic: Advice wanted
Replies: 6
Views: 588

Re: Advice wanted

Or even hap ac + 2 wap ac


Отправлено с моего iPhone используя Tapatalk
by baragoon
Thu Feb 23, 2017 8:55 am
Forum: Wireless Networking
Topic: Advice wanted
Replies: 6
Views: 588

Re: Advice wanted

I think 3x wAP ac + hEX with CAPsMAN will be better because Metal 52 ac is single chain but wAP is dual+triple.
by baragoon
Thu Feb 23, 2017 8:38 am
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2843

Re: Hairpin nat weirdness

Thank you for your replies!
But i still can't understand why I can access nated ports in my wired connected pc from laptop via wifi or from vpn without hairpining?
by baragoon
Tue Feb 21, 2017 6:26 pm
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2843

Re: Hairpin nat weirdness

XX.XX.XX.XX is my wan ip


Отправлено с моего iPhone используя Tapatalk
by baragoon
Tue Feb 21, 2017 1:28 pm
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2843

Re: Hairpin nat weirdness

This is wonderful that the support shy away from this topic and says nothing
Image
by baragoon
Tue Feb 21, 2017 10:25 am
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2843

Re: Hairpin nat weirdness

It's been years, but nobody can answer me. It's a shame to Mikrotik... 3 years of "v7 beta" with promises of new functionality and fixing current v6 bugs and still nothing. Unusable PIM, openvpn... I'm really disappointed in Mikrotik. I never saw such problems in *wrt and similar devices like Zyxel...
by baragoon
Tue Feb 21, 2017 8:24 am
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2843

Re: Hairpin nat weirdness

No Mikrotik experts on Mikrotik forum?
BTW if I enable masquerade rule all my connections from lan to wan_ip "come" with source-ip of router. How to avoid this?
In Linux it works with a few simple rules. Hairpin nat is like a "duct tape".
by baragoon
Mon Feb 20, 2017 1:36 pm
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2843

Re: Hairpin nat weirdness

2 wired devices - pc & tv dst-nat to some port to tv - i can't reach port from pc via wan_ip but can from wlan or vpn dst-nat to some port to pc - i can't reach port from pc via wan_ip but can from wlan or vpn dst-nat to some port to vpn connected laptop - i can reach port from pc via wan_ip but can...
by baragoon
Mon Feb 20, 2017 12:20 pm
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2843

Re: Hairpin nat weirdness

It's just a single question for Mikrotik experts: how it can be possible that devices in the same network have different access to single resource without any filter rules?
by baragoon
Mon Feb 20, 2017 8:33 am
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2843

Re: Hairpin nat weirdness

Here is my config [root@MikroTik] > /export hide-sensitive # feb/20/2017 08:22:31 by RouterOS 6.38.1 # software id = IW7X-FBCR # /interface bridge add name=br-lan /interface ethernet set [ find default-name=ether1 ] name=ether1-wan set [ find default-name=ether5 ] poe-out=off /ip neighbor discovery ...
by baragoon
Sun Feb 19, 2017 5:45 pm
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2843

Hairpin nat weirdness

Hi all. I having a strange behavior of hairpin nat. Even if I don't enable masquerade rule in nat section of firewall I can access to my forwarded ports via external ip only from wireless clients. But no access from wired. When I enable masquerade rule I have access both from wired and wireless. Sho...
by baragoon
Fri Feb 17, 2017 1:57 pm
Forum: Announcements
Topic: Winbox 3.11 released!
Replies: 94
Views: 285573

Re: Winbox 3.11 released!

For upload files the Drag and drop is not working!

Bug introduced in v3.10.
Works well with wine :shock:
by baragoon
Fri Feb 17, 2017 1:55 pm
Forum: Announcements
Topic: Winbox 3.11 released!
Replies: 94
Views: 285573

Re: Winbox 3.11 released!

*) fixed wireless interface tabs, HT MCS tab was not shown in 5g/n/ac mode;
But still no Current TX Power in 5g/n/ac mode.
Image
by baragoon
Wed Feb 15, 2017 8:55 pm
Forum: General
Topic: Upnp/dlna server and renderer in differrent subnets
Replies: 1
Views: 601

Upnp/dlna server and renderer in differrent subnets

Hi all. Anyone have succesfull experience running dlna server and player in different subnets? If player and server are in same subnet I can see both server and player from my iphone and android phones but when server and player not in the same subnet I enabled pim and can see only dlna server from ...
by baragoon
Sun Feb 12, 2017 7:21 pm
Forum: General
Topic: Dstnat in output chain?
Replies: 14
Views: 3306

Re: Dstnat in output chain?

+1


Отправлено с моего iPhone используя Tapatalk
by baragoon
Fri Feb 10, 2017 9:02 am
Forum: General
Topic: OVPN & Linux
Replies: 3
Views: 1566

Re: OVPN & Linux

Here is my working example: /certificate add name=template-CA country="" state="" locality="" organization="" unit="" common-name="ovpn-ca" key-size=4096 days-valid=3650 key-usage=crl-sign,key-cert-sign /certificate sign template-CA ca-crl-host=127.0.0.1 name="ovpn-ca" /certificate add name=template...
by baragoon
Wed Feb 08, 2017 7:48 pm
Forum: General
Topic: bridge only for wireless
Replies: 14
Views: 2121

Re: bridge only for wireless

Your port3 isn't a slave of master port right? I'm trying to understand your config. Can you share you interfaces and addresses config export?


Отправлено с моего iPhone используя Tapatalk
by baragoon
Wed Feb 08, 2017 1:53 pm
Forum: General
Topic: Question about MAC addresses on Routerboards
Replies: 5
Views: 693

Re: Question about MAC addresses on Routerboards

Did you tried /interface ethernet reset-mac-address eth1 ?
by baragoon
Tue Feb 07, 2017 4:28 pm
Forum: Forwarding Protocols
Topic: Multicasting PIM IGMP Issue
Replies: 2
Views: 649

Re: Multicasting PIM IGMP Issue

Something happens when you run server at 192.168.88.254 and trying to discover server from client 192.168.99.254?
by baragoon
Tue Feb 07, 2017 4:19 pm
Forum: General
Topic: bridge only for wireless
Replies: 14
Views: 2121

Re: bridge only for wireless

I have the exactly same setup, and how i done it is very simple. PORT1 = WAN connected to my provider ADSL modem PORT2 = -> Connected to switch and gives internet output to rest of the network PORT3= bridged wth WLAN interface on router and also this PORT3 is connected to same switch. Does you have...
by baragoon
Tue Feb 07, 2017 8:28 am
Forum: General
Topic: Strange symbol in dhcp-hostname
Replies: 3
Views: 545

Re: Strange symbol in dhcp-hostname

tried to extend dhcp-hostname to "playstation" but still seeing cube in winbox and playstation\00 in ssh.
by baragoon
Mon Feb 06, 2017 4:26 pm
Forum: General
Topic: Strange symbol in dhcp-hostname
Replies: 3
Views: 545

Re: Strange symbol in dhcp-hostname

by baragoon
Mon Feb 06, 2017 2:34 pm
Forum: General
Topic: Strange symbol in dhcp-hostname
Replies: 3
Views: 545

Strange symbol in dhcp-hostname

Hi all. I have and old Sony PS3 box connected to Mikrotik and I see that dhcp-hostname which set from PS3 network options is showing strange symbols (I also updated PS3 to latest FW and still seeing incorrect dhcp-hostname). From Winbox: 1.png From ssh: 2.png ps3\00 Webfig shows this lease with corr...
by baragoon
Mon Feb 06, 2017 8:30 am
Forum: Scripting
Topic: update IPs in address list with domain name
Replies: 2
Views: 1735

Re: update IPs in address list with domain name

It updates automatically. Each DNS record has TTL (time to live) and it's valid until TTL expires. When it happens, RouterOS asks DNS server for fresh records.
Oh, thanks. I will check this.
by baragoon
Sat Feb 04, 2017 4:24 pm
Forum: General
Topic: bridge only for wireless
Replies: 14
Views: 2121

Re: bridge only for wireless

Firewall rules are the same in both scenarios. Default raw and mangle with fasttrack enabled, 10-15 filter and 10-15 nat rules. Can share them later.


Отправлено с моего iPhone используя Tapatalk
by baragoon
Sat Feb 04, 2017 1:39 pm
Forum: Scripting
Topic: update IPs in address list with domain name
Replies: 2
Views: 1735

update IPs in address list with domain name

Hi all. Please help. How to update address list with domain name? For example, I have 1 address list with domain "yandex.ua". When I create it also created "child" entries containing IPs: 2 list=yandex.ua address=yandex.ua creation-time=feb/03/2017 15:01:32 dynamic=no 3 D ;;; yandex.ua list=yandex.u...
by baragoon
Sat Feb 04, 2017 1:35 pm
Forum: General
Topic: bridge only for wireless
Replies: 14
Views: 2121

Re: bridge only for wireless

Regarding wiki I need to bridge wireless interfaces and switch master port. In this configuration, when I'm running speedtest wired, I see up to 60% CPU usage. When I removed bridge, created new one only with wireless interfaces, running dhcp on it. On master switch port second dhcp server. Then whe...
by baragoon
Fri Feb 03, 2017 1:59 pm
Forum: General
Topic: bridge only for wireless
Replies: 14
Views: 2121

Re: bridge only for wireless

So how to achieve this?
ether1 - wan
ether25 - lan
wlan12 - wifi.
Create bridge between ether1 & wlan12 (without lan access?), leave ether25 in normal switch mode without bridging?
I tried to remove ether25 from bridge and leave there ether1 and wlan12 but it didn't works.
Any help please.
TIA.
by baragoon
Wed Feb 01, 2017 6:54 pm
Forum: General
Topic: bridge only for wireless
Replies: 14
Views: 2121

Re: bridge only for wireless

Ok. But it's possible to make separate wired and wireless subnets and not use bridge for wired?


Отправлено с моего iPhone используя Tapatalk
by baragoon
Wed Feb 01, 2017 4:05 pm
Forum: General
Topic: bridge only for wireless
Replies: 14
Views: 2121

bridge only for wireless

Hi all. Is it possible to create bridge for communication between wireless clients and internet and leave all wired communications via switch (master port)? Because as far as i see if i configure master port in switch and created bridge with this master port and wireless interfaces all traffic route...
by baragoon
Tue Jan 31, 2017 6:18 am
Forum: General
Topic: Help on ARP
Replies: 6
Views: 865

Re: Help on ARP

You can enable arp in dhcp server so all your leased ips will be in arp


Отправлено с моего iPhone используя Tapatalk
by baragoon
Fri Jan 27, 2017 10:12 am
Forum: General
Topic: RB750r2 tunnels performance tests
Replies: 6
Views: 1405

Re: RB750r2 tunnels performance tests

Cool.
If someone can make same tests with rb750gr3 is will be great.
by baragoon
Thu Jan 26, 2017 1:59 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82291

Re: v6.39rc [release candidate] is released

On device QRT AC, winbox 3.10, ROS 6.38 - 6.38.1 and 6.39rc19 release i don't see settings for HT MCS on wlan interface.
same on hap ac lite with 6.39rc19
by baragoon
Thu Jan 19, 2017 6:16 pm
Forum: General
Topic: Important bug in Winbox 3.8 and 3.9
Replies: 5
Views: 545

Re: Important bug in Winbox 3.8 and 3.9

Unable to duplicate on one of my RB750r2 routers running 6.38 OS and accessing with WinBox 3.9
Worked perfectly.
We use bug-fix-only
by baragoon
Thu Jan 19, 2017 2:04 pm
Forum: General
Topic: Important bug in Winbox 3.8 and 3.9
Replies: 5
Views: 545

Re: Important bug in Winbox 3.8 and 3.9

can't reproduce in winbox 3.9 and ros 6.38.1
by baragoon
Thu Jan 19, 2017 8:11 am
Forum: General
Topic: DNS - Forwarding - Firewall Rule
Replies: 1
Views: 1165

Re: DNS - Forwarding - Firewall Rule

to forward all your DNS requests to another server you need rule like this
chain=dstnat action=netmap to-addresses=208.67.222.123 protocol=udp dst-port=53
by baragoon
Wed Jan 18, 2017 4:02 pm
Forum: General
Topic: Home config with wifi roaming
Replies: 14
Views: 11423

Re: Home config with wifi roaming

echo question > /dev/null :)


Отправлено с моего iPhone используя Tapatalk
by baragoon
Wed Jan 18, 2017 12:11 pm
Forum: Announcements
Topic: Tik App, MikroTik android utility ALPHA test
Replies: 425
Views: 144258

Re: Tik App, MikroTik android utility ALPHA test

Is iOS version in plans?


Отправлено с моего iPhone используя Tapatalk
by baragoon
Tue Jan 17, 2017 12:19 pm
Forum: General
Topic: Home config with wifi roaming
Replies: 14
Views: 11423

Home config with wifi roaming

Hi all. Please give an advise regarding network architecture for home. Plans are next: I want to create seamless wifi roaming (capsman, wds?) for 4 rooms. One MT device in each room (for example hap ac). Scheme is something like this: 1) Main device. ether1 connected to ISP, to ether2-ether4 will be...
by baragoon
Tue Jan 17, 2017 10:23 am
Forum: Beginner Basics
Topic: Dynamic bridge ports
Replies: 3
Views: 2216

Re: Dynamic bridge ports

Those ports appear because they are slaves to the master switch port.
I would say not to worry about.
Thank you for info.
by baragoon
Mon Jan 16, 2017 7:22 pm
Forum: Beginner Basics
Topic: Dynamic bridge ports
Replies: 3
Views: 2216

Dynamic bridge ports

Hi all. Can someone explain a sense of dynamic bridge ports? In my config I have all ether ports grouped to switch with master port (ether2). Regarding to wiki I've created bridge containing ether2+wlan ports. On 6.36.4 I see only 3 ports in bridge (master and 2 wlans) but after updating to 6.38 bri...
by baragoon
Sun Jan 15, 2017 7:19 pm
Forum: Announcements
Topic: Winbox 3.8 released!
Replies: 47
Views: 18156

Re: Winbox 3.8 released!

Winbox 3.8 is totally lol release. Waiting to 3.8.1 or so.


Отправлено с моего iPhone используя Tapatalk