Community discussions

Search found 3116 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 11
by anav
Tue Apr 30, 2019 4:04 pm
Forum: Beginner Basics
Topic: NAT not working in load balance (2 WAN)
Replies: 5
Views: 439

Re: NAT not working in load balance (2 WAN)

You doth ask too much!! Its not a user manual, its only a guide for those brainwashed at MT academies. If they had everything in the guide, then there would be no profits or motivation for all the certifications. ;-P
by anav
Tue Apr 30, 2019 4:02 pm
Forum: Beginner Basics
Topic: Setting up Port Isolation, in addition to web traffic logging/monitoring?
Replies: 4
Views: 325

Re: Setting up Port Isolation, in addition to web traffic logging/monitoring?

Policing kids is not that easy and more of a parental responsibility and know what your kids are doing on the net etc..... That being said, for that particular network I would use open DNS and work with the parents to apply that to their internet. This has worked okay for me in the past...... https:...
by anav
Tue Apr 30, 2019 3:43 am
Forum: Beginner Basics
Topic: INTER VLAN MICROTIK OS HELP
Replies: 4
Views: 316

Re: INTER VLAN MICROTIK OS HELP

Its up to the OP to properly describe the setup and even better to provide a diagram.
Providing advice based on guessing is not something I am apt to do.
by anav
Mon Apr 29, 2019 10:35 pm
Forum: Beginner Basics
Topic: INTER VLAN MICROTIK OS HELP
Replies: 4
Views: 316

Re: INTER VLAN MICROTIK OS HELP

concur there is no vlan 30 here...........
would be good to see your ethernet interfaces defined how many etherports are there.
You have no interface bridge vlans defined either.......

Check out this reference prior to constructing vlans......
viewtopic.php?f=13&t=143620
by anav
Mon Apr 29, 2019 4:19 pm
Forum: Beginner Basics
Topic: Basic DNS Question
Replies: 5
Views: 420

Re: Basic DNS Question

a) b) c) If all your LAN (any subnet) clients use other DNS servers (either rPI or internet servers), then you can disable remote DNS access on your router and remove/disable associated firewall filter rules. You just have to point RB itself at some DNS server so it can resolve download.mikrotik.co...
by anav
Mon Apr 29, 2019 3:41 am
Forum: Wireless Networking
Topic: hAP ac2 as bridge and CAP
Replies: 6
Views: 797

Re: hAP ac2 as bridge and CAP

I have no idea what your saying without a diagram.
by anav
Mon Apr 29, 2019 3:40 am
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 1643

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Suggest reading this source if your keen to do the vlan router method.........
viewtopic.php?f=13&t=143620
by anav
Sun Apr 28, 2019 5:56 pm
Forum: Beginner Basics
Topic: Basic DNS Question
Replies: 5
Views: 420

Re: Basic DNS Question

Done thanks............. So if I have no DNS servers pointing to the router (ie no network address setup with the gatewayIP as DNS IP) Assuming a. I no longer require IP DNS remote requests at all..... (be it for PI server itself, or for all the subnets that use 8.8.8.8 or Pi server IP for DHCP netw...
by anav
Sun Apr 28, 2019 5:19 pm
Forum: Beginner Basics
Topic: Basic DNS Question
Replies: 5
Views: 420

Basic DNS Question

If I have my raspberry Pi on vlan xx. I am thinking of putting the rasperry pi Actual IP on vlan xx into the DHCP NEtwork Settings for all the other subnets (vlans). DO I NEED to make an accompanying firewall forward rule. Add all vlan subnets allow access to PI IP for ports 53 tcp/udp OR !!! Not re...
by anav
Sat Apr 27, 2019 5:12 pm
Forum: Beginner Basics
Topic: Getting crazy with routes within subnets [SOLVED]
Replies: 14
Views: 901

Re: Getting crazy with routes within subnets [SOLVED]

As usual disagree with MKX! There is no need for double nat and two routers in the same network. There is all the reason in the world to keep it simple and use MT for routing/dhcp Asus for WIFI VLANS for separation of users (normal/guests) for wired and wireless. The problem I see is that the RT-AC6...
by anav
Fri Apr 26, 2019 7:42 pm
Forum: Beginner Basics
Topic: Router hAP ac2 on stick (VLANs) [SOLVED]
Replies: 12
Views: 861

Re: Router hAP ac2 on stick (VLANs) [SOLVED]

Please read the link I provided it demonstrates how to setup vlans.........
by anav
Fri Apr 26, 2019 6:36 pm
Forum: Beginner Basics
Topic: Getting crazy with routes within subnets [SOLVED]
Replies: 14
Views: 901

Re: Getting crazy with routes within subnets [SOLVED]

Concur, still waiting for config. :-)
by anav
Thu Apr 25, 2019 11:53 pm
Forum: Beginner Basics
Topic: Router hAP ac2 on stick (VLANs) [SOLVED]
Replies: 12
Views: 861

Re: Router hAP ac2 on stick (VLANs) [SOLVED]

That is not the complete config. :-(
No ethernet interface No interface bridge ports, no interface bridge vlans no firewall rules etc........
Could care less about the pictures for now as I want to make sure what is hitting the zyxel device is correct..........
by anav
Thu Apr 25, 2019 9:14 pm
Forum: SwOS
Topic: VLan Type enabled vs strict
Replies: 3
Views: 738

Re: VLan Type enabled vs strict

Every SwOS manual is rife with errors............ Admins never answer.........
by anav
Thu Apr 25, 2019 7:32 pm
Forum: General
Topic: PCQ with load-balancing
Replies: 7
Views: 659

Re: PCQ with load-balancing

Do not have crystal ball
please post current config
/export hide-sensitive file=yourconfigapr25
by anav
Thu Apr 25, 2019 7:25 pm
Forum: Beginner Basics
Topic: Getting crazy with routes within subnets [SOLVED]
Replies: 14
Views: 901

Re: Getting crazy with routes within subnets [SOLVED]

Two things get configs up and runnning faster. 1- diagram especially for complicated setup (this does not appear to be the case). 2- post your config, there are too many linkages to look at any one aspect in isolation. /export hide-sensitive file=yourconfigapr25 In your case its probably the forward...
by anav
Thu Apr 25, 2019 4:30 pm
Forum: Wireless Networking
Topic: Mikrotik for Large Warehouses scenarios
Replies: 5
Views: 589

Re: Mikrotik for Large Warehouses scenarios

This MUM should generate some ideas.........
https://mum.mikrotik.com/presentations/ ... 843664.pdf (google translate is your friend)
by anav
Thu Apr 25, 2019 4:21 pm
Forum: Wireless Networking
Topic: Mikrotik for Large Warehouses scenarios
Replies: 5
Views: 589

Re: Mikrotik for Large Warehouses scenarios

Why the roof only? Can you not use side walls for installs. I will search the mUM archives because I recently (have no life) went through a bunch of them and one spoke very closely to your exact setup/requirements.........Will see if I can find it again. In the meantime this is a decent refresher on...
by anav
Thu Apr 25, 2019 4:16 pm
Forum: Wireless Networking
Topic: CapsMan & CAP AC
Replies: 9
Views: 940

Re: CapsMan & CAP AC

Are there any potential interfering RF sources???
by anav
Thu Apr 25, 2019 4:13 pm
Forum: Beginner Basics
Topic: Router hAP ac2 on stick (VLANs) [SOLVED]
Replies: 12
Views: 861

Re: Router hAP ac2 on stick (VLANs) [SOLVED]

I find the examples in official manual very helpful. Short and simple, I know immediately the logic behind it, without any explanation because I had a serious accident - head trauma as a child and half my brain is bionic.
Fixed for accuracy.
by anav
Thu Apr 25, 2019 3:46 pm
Forum: General
Topic: Suggestions - Link to Cisco IOS
Replies: 11
Views: 553

Re: Suggestions - Link to Cisco IOS

By the way, just to be clear, the correct calls/classifications are:
(1) Apple IOS and
(2) Cisco Abomination.
by anav
Thu Apr 25, 2019 3:43 pm
Forum: Beginner Basics
Topic: Noobish Requesting Help - VLANed home network [SOLVED]
Replies: 15
Views: 973

Re: Noobish Requesting Help - VLANed home network [SOLVED]

My apologies, I meant that I couldnt be of more help....... I know nothing about using mac based vlans...........
by anav
Thu Apr 25, 2019 3:42 pm
Forum: Beginner Basics
Topic: Router hAP ac2 on stick (VLANs) [SOLVED]
Replies: 12
Views: 861

Re: Router hAP ac2 on stick (VLANs) [SOLVED]

Sob is usually behind the latest trends, still wears bell-bottom jeans, all to say the best reference is this one with good examples.......
viewtopic.php?f=13&t=143620
by anav
Thu Apr 25, 2019 3:37 pm
Forum: Beginner Basics
Topic: Router hAP ac2 on stick (VLANs) [SOLVED]
Replies: 12
Views: 861

Re: Router hAP ac2 on stick (VLANs) [SOLVED]

Great thanks for the diagram! To see if there is an issue on the MT side of the house please post your config
/export hide-sensitive file=yourconfigapr25
by anav
Thu Apr 25, 2019 3:35 pm
Forum: Beginner Basics
Topic: Winbox and firewall [Solved]
Replies: 3
Views: 289

Re: Winbox and firewall

F-Secure shouldnt be blocking winbox but if it does.......... Winbox port is setup by the admin under IP Services (default which nobody should use is 8291).
by anav
Thu Apr 25, 2019 12:56 am
Forum: General
Topic: use another dns for http
Replies: 12
Views: 577

Re: use another dns for http

Way head of you MKX, Ive upscaled being a true connoisseur and quite enjoy my 43!!
https://www.thewhiskyexchange.com/p/325 ... es-liqueur
by anav
Thu Apr 25, 2019 12:50 am
Forum: Beginner Basics
Topic: Isolate VLAN from home network
Replies: 8
Views: 815

Re: Isolate VLAN from home network

Well add to your config the necessary interface bridge vlan settings.......... and modify any current bridge ports if necessary. As far as connectivity, the fact that the V20 is in a vlan ensures some separation at layer 2. To ensure the router doesnt route at layer 3 you need some Forward Chain fil...
by anav
Thu Apr 25, 2019 12:40 am
Forum: Beginner Basics
Topic: Noobish Requesting Help - VLANed home network [SOLVED]
Replies: 15
Views: 973

Re: Noobish Requesting Help - VLANed home network [SOLVED]

Sorry if you dont want to follow the link as prescribed I am of no service. GLuck.
by anav
Wed Apr 24, 2019 10:19 pm
Forum: General
Topic: use another dns for http
Replies: 12
Views: 577

Re: use another dns for http

As usual, the lips are moving but nobody understands what these two geezers are saying.
(Sob and MKX, often seen together)........... ;-P
https://en.wikipedia.org/wiki/Statler_and_Waldorf
https://www.youtube.com/watch?v=X6I_dKUYyI4
by anav
Wed Apr 24, 2019 10:11 pm
Forum: Beginner Basics
Topic: Noobish Requesting Help - VLANed home network [SOLVED]
Replies: 15
Views: 973

Re: Noobish Requesting Help - VLANed home network [SOLVED]

(1) In response to your script, i noted ether3 will be a problem. Note.. # Wired trunk ( trunk regular traffic and DMZ ) add bridge=Main_Bridge interface=ether3 Then......... add bridge=Main_Bridge tagged=Main_Bridge,ether3 vlan-ids=20 add bridge=Main_Bridge tagged=Main_Bridge,ether3,ether4 vlan-ids...
by anav
Wed Apr 24, 2019 9:46 pm
Forum: Beginner Basics
Topic: Isolate VLAN from home network
Replies: 8
Views: 815

Re: Isolate VLAN from home network

It appears then that you really didnt grasp the reference then but it does take several reads for sure.......... What I am saying is you have two vlans. vlan10 is your home vlan vlan20 is your guest vlan The important part comes down to this basic question. Is your access point VLAN capable. If it c...
by anav
Wed Apr 24, 2019 6:41 pm
Forum: General
Topic: Make device discoverable on second subnet
Replies: 2
Views: 313

Re: Make device discoverable on second subnet

I have a similar situation device on another subnet.
i simply created a forward chain firewall rule.
source address (my pc) to destination IP (device) allow
both the discovery software and browser based connections work.
by anav
Wed Apr 24, 2019 6:19 pm
Forum: General
Topic: LtAP mini 4G kit + Verizon?
Replies: 4
Views: 408

Re: LtAP mini 4G kit + Verizon?

Some kit comes with poe injectors, check the hardware page for that product. (edit, Yes it contains the poe injector with the kit) Check which bands Verizon uses to make sure about compatibility! MT usually makes two models (US based 2,4,5,12 and International 1/2/3/5/7/8/20/38/40) the one that cove...
by anav
Wed Apr 24, 2019 6:17 pm
Forum: General
Topic: Exclude particular Client from DNS redirect [SOLVED]
Replies: 5
Views: 360

Re: Exclude particular Client from DNS redirect [SOLVED]

That is a strange WIKI document and not sure if the person writing it had a wandering mind........... From the WIKI In /ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.88.1 to-ports=53 protocol=tcp dst-port=53 add chain=dstnat action=dst-nat to-addresses=192.168.88.1 to-ports=53...
by anav
Wed Apr 24, 2019 6:05 pm
Forum: General
Topic: Devices in VLAN in Management Bridge unreachable
Replies: 10
Views: 715

Re: Devices in VLAN in Management Bridge unreachable

Well that config is way beyond my level of comprehension. All I can say is that this reference is the bible............... https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 My general comments are A. do not use a bridge to give out DHCP. (the only thing that should reference bridge as an interf...
by anav
Wed Apr 24, 2019 5:54 pm
Forum: General
Topic: Devices in VLAN in Management Bridge unreachable
Replies: 10
Views: 715

Re: Devices in VLAN in Management Bridge unreachable

The code Font icon is perfect for this (black square with white square brackets). :-) Go to your post the one above this and try it (edit it). #apr/24/2019 14:49:29 by RouterOS 6.44 # software id = 1937-YN8A # # model = CCR1016-12G # serial number = 52A204A4AB7E /interface bridge add name=Cambium-Br...
by anav
Wed Apr 24, 2019 5:46 pm
Forum: General
Topic: Devices in VLAN in Management Bridge unreachable
Replies: 10
Views: 715

Re: Devices in VLAN in Management Bridge unreachable

Why not just cut and paste and use the code block in the FONT line a the top of the EDIT block.
My firewall/AV setup blocks pastebin LOL.
by anav
Wed Apr 24, 2019 5:44 pm
Forum: General
Topic: use another dns for http
Replies: 12
Views: 577

Re: use another dns for http

Well let me fix up your house IT, I am sure it needs some configuration! Im really good at vlans LOL.
by anav
Wed Apr 24, 2019 5:42 pm
Forum: General
Topic: Mangle or rule to group devices by hostname
Replies: 1
Views: 151

Re: Mangle or rule to group devices by hostname

Suggest you actually post this in the script forum!
A quick search........
viewtopic.php?f=9&t=141486&p=697337&hil ... me#p697337
by anav
Wed Apr 24, 2019 5:08 pm
Forum: General
Topic: Devices in VLAN in Management Bridge unreachable
Replies: 10
Views: 715

Re: Devices in VLAN in Management Bridge unreachable

i dont play whackamole with attempting to solve config issues. Just remove any sensitive bits (dont need to see any vpn stuff, dhcp leases, any firewall address lists, etc............. as a minimum interface ethernet ip addresses vlan config bridge config bridge port config birdge vlan config dhcp-s...
by anav
Wed Apr 24, 2019 5:04 pm
Forum: General
Topic: use another dns for http
Replies: 12
Views: 577

Re: use another dns for http

The point being that an office worker who doesn't have any training shouldnt be mucking about in the network...................
If you dont agree SOB, then I am coming to work for your company tomorrow...... with high recommendations from you LOL
by anav
Wed Apr 24, 2019 4:57 pm
Forum: Beginner Basics
Topic: Isolate VLAN from home network
Replies: 8
Views: 815

Re: Isolate VLAN from home network

Why not get rid of the following quickset legacy crap.............. /ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254 /ip dns static add address=192.168.88.1 name=router.lan The most glaring error is attaching vlan20 to an interface. Normally the vlan should be part of bridge..........
by anav
Wed Apr 24, 2019 3:49 pm
Forum: General
Topic: use another dns for http
Replies: 12
Views: 577

Re: use another dns for http

Suggest you contact the head of IT in your company as these appear to be very basic networking items, or hire a consultant.
by anav
Wed Apr 24, 2019 3:46 pm
Forum: General
Topic: Devices in VLAN in Management Bridge unreachable
Replies: 10
Views: 715

Re: Devices in VLAN in Management Bridge unreachable

post your config
/export hide-sensitive file=yourconfig
by anav
Wed Apr 24, 2019 3:45 pm
Forum: General
Topic: Block invaild VPN user did not work now!
Replies: 1
Views: 154

Re: Block invaild VPN user did not work now!

post your config
/export hide-sensitive file=yourconfig
by anav
Wed Apr 24, 2019 3:41 pm
Forum: Beginner Basics
Topic: Isolate VLAN from home network
Replies: 8
Views: 815

Re: Isolate VLAN from home network

First read this excellent resource to finesse your config lots of examples.
viewtopic.php?t=143620
THen come back after tweaking your setup.

Post your config
/export hide-sensitive file=yourconfig
by anav
Wed Apr 24, 2019 6:10 am
Forum: General
Topic: dhcp en bridge vlan filtering
Replies: 5
Views: 485

Re: dhcp en bridge vlan filtering

this seems out of place...............
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=\
192.168.88.0

and not clear what is ether1 anyway??
add bridge=bridge-vlans interface=ether1
by anav
Tue Apr 23, 2019 8:17 pm
Forum: General
Topic: LtAP mini 4G kit + Verizon?
Replies: 4
Views: 408

Re: LtAP mini 4G kit + Verizon?

Why would you buy kit for 4G LTE(, that has connectivity speeds of 150 down) that only comes with 10/100 ethernet ports??
by anav
Tue Apr 23, 2019 8:16 pm
Forum: General
Topic: PORT Forwarding for unassigned ports
Replies: 13
Views: 661

Re: PORT Forwarding for unassigned ports

Lets start at the first post............ If there is after effects its the food stuffing of Easter. We will be eating turkey soup for the next 3 days too. To be frank, I don't have a clue of what the poster is doing. With that configuration. It doesnt compute at all. I cant even begin to attempt to ...
by anav
Tue Apr 23, 2019 7:44 pm
Forum: General
Topic: Failed to give out IP address: unknown pool
Replies: 4
Views: 308

Re: Failed to give out IP address: unknown pool

Off topic - google translate has become much better recently, yet it still cannot translate all the slang words :-) So we know what is your native language :-) My favourite part of any response LOL. Let me guess.......... Sob is slow and MKX likes to eat souvlakia ........... So I would guess Slova...
by anav
Tue Apr 23, 2019 7:39 pm
Forum: General
Topic: Port Knocking, avoid scan-caused false positives?
Replies: 17
Views: 1018

Re: Port Knocking, avoid scan-caused false positives?

I must come to your rescue!! I have a full proof IKEv2 setup that works for my iphone and the MT app. I only charge $400 an hour! As long as travel expenses are on you, you're welcome to come here and set me a VPN in 6 minutes (it's fool proof, n'est ce pas?) ;-) Sometimes I can't help myself not t...
by anav
Tue Apr 23, 2019 7:38 pm
Forum: General
Topic: Port Knocking, avoid scan-caused false positives?
Replies: 17
Views: 1018

Re: Port Knocking, avoid scan-caused false positives?

Not so fast dear @anav! You have that nice & secure IKEv2 VPN with certificate, right? What will you do when you happen to be somewhere out and you won't have it with you? All I need is any computer where I will use regular web browser to tickle my three tcp ports and I will be able to connect to w...
by anav
Tue Apr 23, 2019 7:26 pm
Forum: Beginner Basics
Topic: internet not working despite pingable addresses
Replies: 10
Views: 490

Re: internet not working despite pingable addresses

:facepalm:
The sound of one hand clapping is prevalent whilst configuring Mikrotik devices. :-)
by anav
Tue Apr 23, 2019 7:24 pm
Forum: Beginner Basics
Topic: RouterOS - NAT problem (dst-nat)
Replies: 23
Views: 1364

Re: RouterOS - NAT problem (dst-nat)

Concur, best thing to do is post your entire config........
Not sure where some of those rules came from but as stated questionable......
by anav
Tue Apr 23, 2019 7:23 pm
Forum: Beginner Basics
Topic: hEXr3, 6.44.2 bridge mode [SOLVED]
Replies: 26
Views: 1765

Re: hEXr3, 6.44.2 bridge mode [SOLVED]

I would remove it as functionality in quickset altogether........
by anav
Tue Apr 23, 2019 5:18 pm
Forum: Wireless Networking
Topic: Need Reccomendation for Omnidirectional device
Replies: 17
Views: 1232

Re: Need Reccomendation for Omnidirectional device

Hey bigbills, that was an interesting article and highlights the versatility of MT products. The one question I have is.................. Does MT not have a decent LTE to ethernet product. The author seems to really love that netgear and actually pooh poohs anything MT in this area. I would be inter...
by anav
Tue Apr 23, 2019 4:58 pm
Forum: Wireless Networking
Topic: CurrentUsers cAP series
Replies: 1
Views: 230

Re: CurrentUsers cAP series

I have seen this in a post somewhere but you should be able to host 30-50 users without problems. Past 50 I think you may get into issues. I think MT states 70 or so but I am not sure that is realistic. (talking capac). There are many variables at play and without defining the scenario its really a ...
by anav
Tue Apr 23, 2019 4:56 pm
Forum: General
Topic: Run script when a gateway fails over
Replies: 5
Views: 385

Re: Run script when a gateway fails over

I am waiting for the post that shows reality. Two wans, two dynamic IP addresses and one of them is not simple cable that just simply loads but it is fibre op where one has to read the IP address from the client side and then stick it into the routing rule. I can get failover to work from fibre to c...
by anav
Tue Apr 23, 2019 4:52 pm
Forum: General
Topic: Port Knocking, avoid scan-caused false positives?
Replies: 17
Views: 1018

Re: Port Knocking, avoid scan-caused false positives?

It's also possible that we're overthinking it. For basic level protection against bots, even changing service port helps a lot. Move e.g. ssh from port 22 to 23726 and you'll get only small fraction of hits. It's not real solution, but it shows that they go for easy targets and don't bother with an...
by anav
Tue Apr 23, 2019 4:46 pm
Forum: General
Topic: PORT Forwarding for unassigned ports
Replies: 13
Views: 661

Re: PORT Forwarding for unassigned ports

i will have to reread this entire thread again, but later, it just hurts my head right now. I will be back Sob, when I have a fresh brain wave.........
by anav
Tue Apr 23, 2019 4:37 pm
Forum: General
Topic: Failed to give out IP address: unknown pool
Replies: 4
Views: 308

Re: Failed to give out IP address: unknown pool

I have an excellent idea,
post your config!! Typically the router didnt fail, the person setting up the config failed (I know this from personal experience).
/export hide-sensitive file=yourconfig
by anav
Tue Apr 23, 2019 4:36 pm
Forum: Beginner Basics
Topic: RouterOS - NAT problem (dst-nat)
Replies: 23
Views: 1364

Re: RouterOS - NAT problem (dst-nat)

I dont see red very well LOL.
Best if you use standard format
/export hide-sensitive file=yourconfig

I see issues in both firewall filter and nat rules.
by anav
Mon Apr 22, 2019 10:11 pm
Forum: Beginner Basics
Topic: Dual WAN, SSH slow with port forward [SOLVED]
Replies: 3
Views: 323

Re: Dual WAN, SSH slow with port forward [SOLVED]

Suggest you need to mangle any traffic coming from servers on the LAN that need to go out wan2 (assuming they came in on WAN2).
The router doesnt route according to which wan they came in.................. you have to program it.
by anav
Mon Apr 22, 2019 10:07 pm
Forum: Beginner Basics
Topic: RouterOS - NAT problem (dst-nat)
Replies: 23
Views: 1364

Re: RouterOS - NAT problem (dst-nat)

If I remember correctly, you're dealing with outgoing email traffic, but this is about incoming traffic. That is correct, but what about incoming emails??? In any case, if traffic coming in on WAN2, hits the server and then heads out, even though there is conn track, the router will stupidly send t...
by anav
Mon Apr 22, 2019 4:39 pm
Forum: Beginner Basics
Topic: VLAN on CRS326 - can`t connect to gw in VLAN subnet [SOLVED]
Replies: 12
Views: 721

Re: VLAN on CRS326 - can`t connect to gw in VLAN subnet [SOLVED]

/ip firewall filter add chain=input action=drop in-interface=vlan-guests add chain=input action=drop src-address=<guest vlan network>/24 I got it. You mean to block connections from vlan-guests to MikroTik. That`s important you`re right. Thanks, this topic was very useful for me. Typically the only...
by anav
Mon Apr 22, 2019 4:36 pm
Forum: Beginner Basics
Topic: RouterOS - NAT problem (dst-nat)
Replies: 23
Views: 1364

Re: RouterOS - NAT problem (dst-nat)

Sob I will admit to meeting in the middle on this one, perhaps a little teensy weensy bit of mangling will do LOL. I do have to ask though for my email traffic, why do I not need to mangle that traffic at all? I have at least two different IP addresses magically ( without mangling ;-p ) able to be r...
by anav
Sun Apr 21, 2019 9:03 pm
Forum: Wireless Networking
Topic: Need Reccomendation for Omnidirectional device
Replies: 17
Views: 1232

Re: Need Reccomendation for Omnidirectional device

If there are no normal egresses/ingresses for cables into your camper make one and use shielded ethernet (even an electrical box with a ubiquiti or mikcrotik surge suppressor etc..........) I would avoid any antennae cabling.
by anav
Sun Apr 21, 2019 9:01 pm
Forum: Beginner Basics
Topic: NAT problems - Xbox One and Nintendo Switch
Replies: 32
Views: 3673

Re: NAT problems - Xbox One and Nintendo Switch

Concur, the company should provide the design solution assuming you have detailed the user requirements properly.
This also assumes they purchased the mikrotik equipment. If not then CZFans idea is the correct one.
by anav
Sun Apr 21, 2019 8:57 pm
Forum: Beginner Basics
Topic: RouterOS - NAT problem (dst-nat)
Replies: 23
Views: 1364

Re: RouterOS - NAT problem (dst-nat)

Dont let IT big heads scare you. No clear need to mangle yet! ;-P As far as these lines go /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.4.14.1 scope=30 target-scope=10 add disabled=no distance=1 dst-address=10.5.147.11/32 gateway=10.33.52.1 scope=30 target-scope=10 I would c...
by anav
Sun Apr 21, 2019 5:01 pm
Forum: Wireless Networking
Topic: Need Reccomendation for Omnidirectional device
Replies: 17
Views: 1232

Re: Need Reccomendation for Omnidirectional device

Remove the need for any length of attennae wire, the extra cost if any is well worth it.
by anav
Sun Apr 21, 2019 4:58 pm
Forum: Announcements
Topic: SwOS version 2.9 released!
Replies: 72
Views: 26377

Re: SwOS version 2.9 released!

Thats funny as version 2.9 is the only version I will run as its more stable and works compared to the older ones. To be fair, this thing tries ones patience but once setup properly it keeps on working.
by anav
Sun Apr 21, 2019 4:55 pm
Forum: Beginner Basics
Topic: wyze cam port forwarding
Replies: 8
Views: 1311

Re: wyze cam port forwarding

/ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=defconf /ip address add address=192.168.88.1/24 comment=defconf interface=ether2 network=\ 192.168.88.0 You are in a conflict situation. sol'n add address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0
by anav
Sun Apr 21, 2019 4:47 pm
Forum: Beginner Basics
Topic: hEXr3, 6.44.2 bridge mode [SOLVED]
Replies: 26
Views: 1765

Re: hEXr3, 6.44.2 bridge mode [SOLVED]

Agreed Samot, quickset is just a starting point its not meant for any special changes or specific setups. The hex works out of the box for a basic LAN and basic WAN.

For the OP, just use this....
https://www.youtube.com/watch?v=XKYmgtVs9kc
by anav
Sun Apr 21, 2019 4:43 am
Forum: Beginner Basics
Topic: RouterOS - NAT problem (dst-nat)
Replies: 23
Views: 1364

Re: RouterOS - NAT problem (dst-nat)

The best thing to do is post your config and that way we can confirm what has been done and what is needed. /export hide-sensitive file=yourconfig That being said..... I have a similar setup for my two wans WAN1 primary WAN2 secondary, however I need WAN2 for my email traffic. As for port forwarding...
by anav
Fri Apr 19, 2019 9:37 pm
Forum: Beginner Basics
Topic: wyze cam port forwarding
Replies: 8
Views: 1311

Re: wyze cam port forwarding

I can absolutely assure you that the Wyze cameras do NOT require anything "special" to be opened on a reasonably normal router configuration. As long as a LAN device can get to the internet and responses get back to it, it will connect just fine. I have 13 Wyze cameras (2 Pans and 11 V2). Other tha...
by anav
Fri Apr 19, 2019 5:32 pm
Forum: General
Topic: CRS326 + multiple vlans with hardware offloading and non-vlan ports
Replies: 5
Views: 496

Re: CRS326 + multiple vlans with hardware offloading and non-vlan ports

yeah the dude pcunite needs to change his nick to vlanunite ;-)
more to the point, MT should pay him to do a proper user manaul!!
by anav
Fri Apr 19, 2019 5:30 pm
Forum: Beginner Basics
Topic: wyze cam port forwarding
Replies: 8
Views: 1311

Re: wyze cam port forwarding

My recommendation is to get rid of any modern device that depends upon you open up your router to the world of insecurity.
Nothing I read with any validity suggests you need any port forwarding.

The issue is most likely your config. Please post.

/export hide-sensitive file=yourconfig
by anav
Thu Apr 18, 2019 7:33 pm
Forum: Beginner Basics
Topic: Multiple VLANs with one Router as Default Gateway in each VLAN
Replies: 7
Views: 1015

Re: Multiple VLANs with one Router as Default Gateway in each VLAN

Without a diagram what you are asking seems overly complicated/confusing......... A clearer set of requirements without any discussion of solution would be useful. I need users from group A to do this I need users from group B to do this and any other requirements without discussion of vlans or equi...
by anav
Thu Apr 18, 2019 1:55 am
Forum: Forwarding Protocols
Topic: VLAN - best practice?
Replies: 9
Views: 1412

Re: VLAN - best practice?

Interesting functionality what is the use case for that scenario vice simply using one vlan for both subnets?? Obviously there seems to be a reason to have two VLANS vice one and normally if there is some degree of sharing (common printer etc) then firewall can be made so that the connectivity neede...
by anav
Wed Apr 17, 2019 9:00 pm
Forum: Beginner Basics
Topic: Remote access from the Internet (WAN side)
Replies: 33
Views: 201808

Re: Remote access from the Internet (WAN side)

What?? Its 2019......... where did the time go! ;-)
by anav
Wed Apr 17, 2019 6:00 pm
Forum: Wireless Networking
Topic: Cap AC, Hap AC2 or UniFi?
Replies: 38
Views: 10943

Re: Cap AC, Hap AC2 or UniFi?

@UpRunTech Best practical thinking/advice on this thread! Thanks.
by anav
Wed Apr 17, 2019 5:52 pm
Forum: General
Topic: Problems with BitTorrent
Replies: 8
Views: 556

Re: Problems with BitTorrent

Well, the best thing to do is post your config and then we can see if there any particular reasons for the slow down.

/export hide-sensitive file=yourconfig
by anav
Wed Apr 17, 2019 5:42 pm
Forum: Beginner Basics
Topic: Bridging WiFi client with DHCP and the rest
Replies: 2
Views: 241

Re: Bridging WiFi client with DHCP and the rest

Please post your config, your verbiage does not inspire confidence in my understanding of the situation LOL.
/export hide-sensitive file=yourconfig
by anav
Wed Apr 17, 2019 5:38 pm
Forum: Beginner Basics
Topic: Remote access from the Internet (WAN side)
Replies: 33
Views: 201808

Re: Remote access from the Internet (WAN side)

@scampbell Trainer my ass, go back to security school! This whole thread seems to ignore the huge security implications (or infractions if for a business) that are being apparently openly discussed. Access to the router in any plain mode is let me put it in simple terms - STUPID. The best way to acc...
by anav
Wed Apr 17, 2019 5:26 pm
Forum: Beginner Basics
Topic: 2 wan fail over with detection further than gw
Replies: 3
Views: 316

Re: 2 wan fail over with detection further than gw

By the way I have the exact same setup. fibreop is my main conneciton and cable is my backup. In my case I also have emails which are attached to the cable connection. Here is my setup using google and opendns servers..... /ip route add check-gateway=ping distance=2 gateway=8.8.4.4 target-scope=30 a...
by anav
Wed Apr 17, 2019 5:19 pm
Forum: Beginner Basics
Topic: Avoiding Double NAT with multiple routers
Replies: 25
Views: 9950

Re: Avoiding Double NAT with multiple routers

@Arxondas if the second router is not changing public to private IPs (as you stated no NAT). Then you only need the DSTNAT rule on the first router. it should point to the correct PC being used not the IP of the second unit for too address. Also you will need a firewall rule in the first(main router...
by anav
Wed Apr 17, 2019 5:03 pm
Forum: Beginner Basics
Topic: EoL Mikrotik Routers [SOLVED]
Replies: 5
Views: 611

Re: EoL Mikrotik Routers [SOLVED]

Hi Normis, does this include the likely kernel change envisioned/required for v7 and beyond. I am linux and kernel challenged (if you don't count my extraordinary culinary skills at making popcorn) and thus don't grasp the challenges of limitations that upgrade may impose. Part 2 of the question is ...
by anav
Wed Apr 17, 2019 4:58 pm
Forum: Beginner Basics
Topic: VLAN on CRS326 - can`t connect to gw in VLAN subnet [SOLVED]
Replies: 12
Views: 721

Re: VLAN on CRS326 - can`t connect to gw in VLAN subnet [SOLVED]

hi mkx, i must be missing something but the block rules seem strange to me...... In other words why create a bunch of block rules vice create allow rules....... I usually - allow fasttrack established etc. - allow established etc. ++++++ - drop everything else ++++ = only the traffic I wish to permit
by anav
Tue Apr 16, 2019 9:42 pm
Forum: Beginner Basics
Topic: 2 wan fail over with detection further than gw
Replies: 3
Views: 316

Re: 2 wan fail over with detection further than gw

How many public DNS servers will it take to satisfy you LOL
by anav
Mon Apr 15, 2019 2:41 pm
Forum: Beginner Basics
Topic: Noobish Requesting Help - VLANed home network [SOLVED]
Replies: 15
Views: 973

Re: Noobish Requesting Help - VLANed home network [SOLVED]

Read through this excellent post and find the example that mirrors your situation........
viewtopic.php?t=143620
by anav
Sun Apr 14, 2019 5:31 pm
Forum: Wireless Networking
Topic: Backyard WiFi Coverage
Replies: 5
Views: 587

Re: Backyard WiFi Coverage

Why muck about with indoor stuff and pretend a wall is not going to have a detrimental effect.
This unit looks well made for an outdoor scenario.
https://mikrotik.com/product/rbomnitikg_5hacd
by anav
Sat Apr 13, 2019 9:53 pm
Forum: Beginner Basics
Topic: CHAPTER 2, Basic Configuration, Interface Configuration
Replies: 3
Views: 461

Re: CHAPTER 2, Basic Configuration, Interface Configuration

You missed the point Tony.
What the op meant is that you use ONE THREAD for all your announcements. That is much better than a million of your posts for each topic.
One place where people can bookmark and go to. Its logical even for an IT person LOL.
by anav
Sat Apr 13, 2019 9:51 pm
Forum: Beginner Basics
Topic: Router for my new home!
Replies: 14
Views: 1228

Re: Router for my new home!

Not only that they are marketing in the newsletter "NEW" powerline, which actually uses three generation old chips circa 2012.
by anav
Sat Apr 13, 2019 9:49 pm
Forum: Beginner Basics
Topic: hEXr3, 6.44.2 bridge mode [SOLVED]
Replies: 26
Views: 1765

Re: hEXr3, 6.44.2 bridge mode [SOLVED]

Don't mind the impatient others, they understand IT but not people :-) The best thing you can do is place a copy of your config here and then instead of wild-assed guessing or playing whackamole we can see the information needed directly! To get a copy of the config you simply go to the left hand me...
by anav
Fri Apr 12, 2019 3:05 pm
Forum: Wireless Networking
Topic: Recommendation for a 100m PtP link ?
Replies: 3
Views: 364

Re: Recommendation for a 100m PtP link ?

The new 60hz products seem well suited for your application. Small form factor great throughput, you could probably connect up several pairs of devices providing separate inputs into the second building IT infrastructure https://mikrotik.com/product/wireless_wire With a slightly bigger budget, this ...
by anav
Fri Apr 12, 2019 2:57 pm
Forum: Beginner Basics
Topic: Help 2 Wan 2 lan
Replies: 3
Views: 346

Re: Help 2 Wan 2 lan

The requirements are not well understood. a. you have two isps b. you have one MT router model? c. you wish to have two wifi networks, (two SSIDs) with each being serviced by one ISP (isp1- ssid1, isp2 -ssid-2) What subnets do you have on the router, can we assume three subnets? 1- wired normal use ...
by anav
Fri Apr 12, 2019 2:53 pm
Forum: Beginner Basics
Topic: Access deice behind second MIkrotik router
Replies: 1
Views: 232

Re: Access deice behind second MIkrotik router

Is the first Mikortik attached to the internet (and routing) and the second Mikrotik a switch or also routing?
Diagrams would be helpful.

I would recommend only haveing one unit do the routing and separate networks(subnets) by vlans and then using FW rules to allow traffic permitted.
by anav
Thu Apr 11, 2019 8:42 pm
Forum: Forwarding Protocols
Topic: VLAN - best practice?
Replies: 9
Views: 1412

Re: VLAN - best practice?

For vlan bridges, this is by far the best resource..........
viewtopic.php?f=13&t=143620
by anav
Thu Apr 11, 2019 8:09 pm
Forum: Beginner Basics
Topic: PS4/Hulu connection issues.
Replies: 6
Views: 792

Re: PS4/Hulu connection issues.

Interesting but what I want to know is ........... what do INPUT chain rules have do with Internet being forwarded to LAN and LAN being forwarded to the internet??? I would have thought that is where FW rules may have been an issue. In other words you have not shed light on what the actual problem i...
by anav
Thu Apr 11, 2019 7:04 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 554
Views: 66392

Re: LHG 60G experience

All Mikrotik 60G hardware is so far compatible, so you can mix LHGs and WAPs as you like. But don't expect it to work with other vendors, even if it uses common 802.11ad platform. Everyone is playing on it's own playground, there is no intercompatibility due to customized protocols and different ve...
by anav
Thu Apr 11, 2019 6:59 pm
Forum: General
Topic: DHCP for VLAN on bridge
Replies: 8
Views: 495

Re: DHCP for VLAN on bridge

Concur, many ways to skin a mickrotik trainer..... either
a. setup vlan subnets as per a 'normal' setup and then create firewall rules to allow traffic between them as required, or
b. have everything accessible on one lan and forget about vlans.
by anav
Thu Apr 11, 2019 6:50 pm
Forum: General
Topic: Feature requests
Replies: 1163
Views: 212317

Re: Feature requests

I already did that Sob! I added an RPI for my DNS. ;-)
by anav
Thu Apr 11, 2019 2:28 pm
Forum: General
Topic: DHCP for VLAN on bridge
Replies: 8
Views: 495

Re: DHCP for VLAN on bridge

Dont have your bridge give out dhcp is a start.
Just use a homevlan for personal traffic (basevlan) and othervlans for their purposes.

Use this reference as a guide, the examples are excellent.
viewtopic.php?f=13&t=143620
by anav
Thu Apr 11, 2019 3:43 am
Forum: Beginner Basics
Topic: Inter vlan with dhcp
Replies: 11
Views: 759

Re: Inter vlan with dhcp

You can get rid of this quickset default rule... /ip dns static add address=192.168.88.1 name=router.lan and add some dynamic dns server entries such as 1.1.1.1 or 8.8.8.8 for example. What is the purpose of this input chain rule? You have it inserted twice in your config as well! add action=accept ...
by anav
Wed Apr 10, 2019 9:26 pm
Forum: General
Topic: PWR-LINE adapter speed is ?
Replies: 10
Views: 1694

Re: PWR-LINE adapter speed is ?

The newer chips and firmware with the QCA7500 work way better across circuits. (by newer I mean circa 2014/2015) as opposed to the one in the MT circa 2012. Of note no new chips for powerline have come out since the QCA7500.
by anav
Wed Apr 10, 2019 9:16 pm
Forum: Beginner Basics
Topic: Help me set up an unstable VLAN! [SOLVED]
Replies: 4
Views: 480

Re: Help me set up an unstable VLAN! [SOLVED]

Good news then!
by anav
Wed Apr 10, 2019 3:40 pm
Forum: General
Topic: PWR-LINE adapter speed is ?
Replies: 10
Views: 1694

Re: PWR-LINE adapter speed is ?

Avoid this product. The chip was put out in 2012 and performs terribly. Much better for electrical wiring is products based on the 2014 qualcom QCA7450 and the better still 2015 QCA7500 chip. But wait, they dont have a USB attached. Someone has got you by the short and curlys................. I am p...
by anav
Wed Apr 10, 2019 3:35 pm
Forum: General
Topic: Infected Routerboard sending SPAM
Replies: 7
Views: 686

Re: Infected Routerboard sending SPAM

You did not update the software frequently enough, and you had inadequate firewall.
(also potentially poor way of accessing the router itself from remote location)
by anav
Wed Apr 10, 2019 3:30 pm
Forum: Beginner Basics
Topic: Help with HEX S Firewall
Replies: 2
Views: 258

Re: Help with HEX S Firewall

its a forward chain rule. Everything is Blocked by default as nothing i spermitted to the internet. Post your config /export hide-sensitive file=myconfig ONe has to assume then you create a rule to allow LAN to WAN? If so just before this rule (order is important) put in another rule blocking lan to...
by anav
Wed Apr 10, 2019 2:48 pm
Forum: Beginner Basics
Topic: Need Help Configuring Hotspot & AP VLAN
Replies: 10
Views: 735

Re: Need Help Configuring Hotspot & AP VLAN

Try changing the bridge interface vlan rule by not tagging the bridge and see if that does anything....... would also like to see config on router too from /interface bridge vlan add bridge=BR1 tagged= BR1 ,sfp1,ether1 untagged=\ ether3,ether4,ether5,ether6,ether7,ether8 vlan-ids=99 to /interface br...
by anav
Wed Apr 10, 2019 2:43 pm
Forum: Beginner Basics
Topic: Using RouterOS to VLAN your network
Replies: 91
Views: 25426

Re: Using RouterOS to VLAN your network

I was more thinking of the home scenario where I had my Managed Switch(dlink) which was feeding an unmanaged switch in the basement to which a CAPAC was attached. The capac needed vlans but the unmanaged switch wasn't cutting the mustard. They hybrid feed from the dlink actually worked and fine for ...
by anav
Wed Apr 10, 2019 2:23 pm
Forum: Announcements
Topic: Newsletter 88, April 2019
Replies: 15
Views: 7752

Re: Newsletter 88, April 2019

okay thanks mkx its probably safe to assume to look at similar models with the same chip......... Edit: the top ranked powerlines - have QCA7500 (which came out in 2015) Lesser ranked powerlines - have the older QCA7450 (circa 2014 ish) https://www.engadget.com/2012/01/10/qualcomm-powerline-networki...
by anav
Wed Apr 10, 2019 4:54 am
Forum: Announcements
Topic: Newsletter 88, April 2019
Replies: 15
Views: 7752

Re: Newsletter 88, April 2019

What is the throughput of the powerline equipment, its not exactly reviewed at smallnetbuilder.com ;-)
by anav
Wed Apr 10, 2019 3:30 am
Forum: Beginner Basics
Topic: Using RouterOS to VLAN your network
Replies: 91
Views: 25426

Re: Using RouterOS to VLAN your network

The evolution of the examples is going great. Very useable and straightforward. I also note that MT is working hard to try and keep their wiki on the topic in better shape too. One thing they do discuss that you dont mention is hybrid ports. Where PVID is set but also other vlans are tagged on the s...
by anav
Tue Apr 09, 2019 8:44 pm
Forum: Wireless Networking
Topic: hAP ac wireless problem
Replies: 8
Views: 831

Re: hAP ac wireless problem

Please post config...
/export hide-sensitive file=yourconfig
by anav
Tue Apr 09, 2019 8:34 pm
Forum: Beginner Basics
Topic: RB941-2ND-TC, newbie e connection as AP for IOT devices
Replies: 4
Views: 399

Re: RB941-2ND-TC, newbie e connection as AP for IOT devices

Woody I have two capACs, reset to defaults, use quickset of AP-WISP and then leave quickset. :-) All you need to do is some basic setup for wireless and you are done. When you want to setup vlans follow the right example in this excellent reference. https://forum.mikrotik.com/viewtopic.php?f=13&t=14...
by anav
Tue Apr 09, 2019 8:31 pm
Forum: Beginner Basics
Topic: Losing hair over Wifi Vlans (Hap AC2)
Replies: 2
Views: 562

Re: Losing hair over Wifi Vlans (Hap AC2)

The best course of action is to read up on this reference. It has all the info you need to get setup with vlans.
viewtopic.php?f=13&t=143620

Once you have your config up, and want to have it reviewed post it here......
/export hide-sensitive file=yourconfig
by anav
Tue Apr 09, 2019 8:28 pm
Forum: Beginner Basics
Topic: Problems with Port Forwarding
Replies: 2
Views: 275

Re: Problems with Port Forwarding

Everything seems to be in order but trying to make sense of the mess in firewall rules is a good idea. ORDER is important and yours is all mixed up. INput Chain Rules, then FORWard Chain rules. Also you do not need to put a firewall rule in place for winbox, besides the fact that we now all know you...
by anav
Tue Apr 09, 2019 8:21 pm
Forum: Beginner Basics
Topic: Limit Bandwidth to Per IP
Replies: 6
Views: 1193

Re: Limit Bandwidth to Per IP

Queues are the method for BW limiting but there is another feature in the same vein and that is rate limiting (limiting the number of concurrent connections. This may very well do the job for you but unlike queues I believe if there is excess capacity (only one person on line) that person is still l...
by anav
Tue Apr 09, 2019 4:26 pm
Forum: Beginner Basics
Topic: Firewall rule toblock the internet access exept
Replies: 1
Views: 185

Re: Firewall rule toblock the internet access exept

The server parts (ports IPs) are probably easy, the Windows update part............ not sure.
You may be better putting a windows type server on the LAN network and all PCs get their windows updates from that???
by anav
Tue Apr 09, 2019 4:24 pm
Forum: Beginner Basics
Topic: Need Help Configuring Hotspot & AP VLAN
Replies: 10
Views: 735

Re: Need Help Configuring Hotspot & AP VLAN

For switch configurations there is a nice review at the recent Austin MUM.
https://mum.mikrotik.com/presentations/ ... 716964.pdf
by anav
Mon Apr 08, 2019 3:47 pm
Forum: Beginner Basics
Topic: How to properly 802.1Q-tag DHCPDISCOVERs ?
Replies: 1
Views: 216

Re: How to properly 802.1Q-tag DHCPDISCOVERs ?

Not quite sure but I imagine all etherports are on the same bridge.
Then define the vlans
Then apply bridge port and bridge vlan rules
Then turn on vlan filtering on the bridge.

This article should give you some good advice.
viewtopic.php?f=13&t=143620
by anav
Mon Apr 08, 2019 4:13 am
Forum: SwOS
Topic: ACLs on CSS106
Replies: 3
Views: 997

Re: ACLs on CSS106

Ive setup two 260GS unit but strictly as VLAN managed switches no FW rules.
by anav
Mon Apr 08, 2019 3:39 am
Forum: General
Topic: How to create trunk port in CRS3xx [SOLVED]
Replies: 7
Views: 540

Re: How to create trunk port in CRS3xx [SOLVED]

That's a lot of words ...... just say 'sloppy' ;-P
PS. I am only hawkeye lite!
by anav
Mon Apr 08, 2019 3:34 am
Forum: Beginner Basics
Topic: Inter vlan with dhcp
Replies: 11
Views: 759

Re: Inter vlan with dhcp

Well, who is in charge here, you or the hex router LOL.
by anav
Mon Apr 08, 2019 1:41 am
Forum: Wireless Networking
Topic: hAP ac^2 won't pass IPs
Replies: 8
Views: 650

Re: hAP ac^2 won't pass IPs

Follow 2 frogs advice and the point that stood out for me in your rb3011 config was this contradiction.......... /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1 /interface bridge port add bridge=bridge1 interface=ether2 /ip address add address=192.168.88.1/24 interface...
by anav
Mon Apr 08, 2019 12:14 am
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 157
Views: 46966

Re: Feature request - DNSCrypt support...

Can we just holding back these advanced fancy DNS standards, but support setting up non-standard tcp/udp port in /ip dns? Just a little update in 6.45, or maybe 6.46... DNS pollution(intercept plain text like google from udp 53 port then return 127.0.0.1) is very easy way for a ISP to do if mikroti...
by anav
Sun Apr 07, 2019 10:22 pm
Forum: General
Topic: CAP interfaces not being tagged correctly with bridge VLAN filtering enabled
Replies: 3
Views: 773

Re: CAP interfaces not being tagged correctly with bridge VLAN filtering enabled

I dont use capsman. In any case for vlans the best reference is https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Yes, just leave the pvid of the bridge of as the default on the hapAC, that is the correct thing to do. You tag and untag access ports and trunk ports as per usual. There is no need...
by anav
Sun Apr 07, 2019 9:58 pm
Forum: Beginner Basics
Topic: Inter vlan with dhcp
Replies: 11
Views: 759

Re: Inter vlan with dhcp

The issue is I want to use too dumb switches and not need to set vlans up on the switch. The switch side of the hex router can do vlans as well. I want each vlan to be on a separate port and not tagged In that case treat the the ports to the unmanaged switches as access ports. /interface bridge por...
by anav
Sun Apr 07, 2019 4:45 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 16
Views: 7520

Re: Add DNS over HTTPS (DoH) support

RPI apparently has the ability to do this and is very inexpensive, now that I have ad block working I might give this a try.
by anav
Sun Apr 07, 2019 4:19 pm
Forum: General
Topic: How to create trunk port in CRS3xx [SOLVED]
Replies: 7
Views: 540

Re: How to create trunk port in CRS3xx [SOLVED]

@mkx, why do we have
/interface bridge vlan add bridge=bridge1 tagged=bridge1,sfp1,sfp2,sfp3,ether1 vlan-ids=101

and not (since eth1 is an access port??)
/interface bridge vlan add bridge=bridge1 tagged=bridge1,sfp1,sfp2,sfp3 untagged=ether1 vlan-ids=101
by anav
Sat Apr 06, 2019 6:28 pm
Forum: General
Topic: Holy grail for Failover 2 Wans NO SCRIPTING
Replies: 14
Views: 2764

Re: Holy grail for Failover 2 Wans NO SCRIPTING

Overly complex Failover. Simple recursive routes (choose 1 or 2 public DNS) is just as effective, no mangling required. Nope. Established sessions (like VPN) never return to the primary connection. This is a recurring problem for Mikrotik that there doesn't exist vetted solutions which either funct...
by anav
Sat Apr 06, 2019 5:09 pm
Forum: General
Topic: SIP port(s)
Replies: 6
Views: 474

Re: SIP port(s)

I want mind to grind coffee beans. They should call it the cAPpuccinoAC
by anav
Sat Apr 06, 2019 4:10 pm
Forum: General
Topic: Holy grail for Failover 2 Wans NO SCRIPTING
Replies: 14
Views: 2764

Re: Holy grail for Failover 2 Wans NO SCRIPTING

Concur and thus one could be talking about
1. failover where two wans are equally used (mangling required)
2. failover where one WAN is primary and one WAN is secondary
by anav
Sat Apr 06, 2019 3:02 pm
Forum: Beginner Basics
Topic: Inter vlan with dhcp
Replies: 11
Views: 759

Re: Inter vlan with dhcp

Confusing as to why traffic going to a network switch from the router needs no dhcp setting but just a network. How will devices get IPs?? or are you setting them all statically. This is pretty basic stuff but a good reference is the following...... https://forum.mikrotik.com/viewtopic.php?f=13&t=14...
by anav
Sat Apr 06, 2019 2:54 pm
Forum: General
Topic: Holy grail for Failover 2 Wans NO SCRIPTING
Replies: 14
Views: 2764

Re: Holy grail for Failover 2 Wans NO SCRIPTING

Overly complex Failover. Simple recursive routes (choose 1 or 2 public DNS) is just as effective, no mangling required.
by anav
Sat Apr 06, 2019 3:13 am
Forum: General
Topic: Pastry Vacuum - Pi Hole Setup
Replies: 0
Views: 537

Pastry Vacuum - Pi Hole Setup

Just want to make sure I have not made any obvious blunders. THe hard part am having are the router DHCP settings for the PI. Here are the actual PI settings themselves on eth0....... (RPI and pihole static IP set at 192.168.32.16 (with gatewayIP of 192.168.32.1 and the set of DNS servers allowed et...
by anav
Sat Apr 06, 2019 1:02 am
Forum: Beginner Basics
Topic: How to go back to dynamic IP in DHCP server [SOLVED]
Replies: 7
Views: 620

Re: How to go back to dynamic IP in DHCP server [SOLVED]

Not really, its a one way decision. If you want to make it dynamic one deletes the fixed lease and DHCP works as advertised afterwards
by anav
Sat Apr 06, 2019 1:00 am
Forum: Beginner Basics
Topic: Help me set up an unstable VLAN! [SOLVED]
Replies: 4
Views: 480

Re: Help me set up an unstable VLAN! [SOLVED]

THe problem is this line in the RB........... add bridge=BR1 tagged=\ BR1,eth2, eth3,eth4,eth5,eth6,eth7,eth8,eth9,eth10,eth11,eth12,eth13 \ vlan-ids=100 If you look back, I stated to put it like so........ add bridge=BR1 tagged=BR1,eth2 untagged =eth3,eth4,eth5,eth6,eth7,eth8,eth9,eth10,eth11,eth12...
by anav
Fri Apr 05, 2019 10:47 pm
Forum: General
Topic: Infected Routerboard sending SPAM
Replies: 7
Views: 686

Re: Infected Routerboard sending SPAM

What version of RouterOS were you running?
Only safe way is to use netinstall with latest firmware.
by anav
Fri Apr 05, 2019 10:45 pm
Forum: Beginner Basics
Topic: How to go back to dynamic IP in DHCP server [SOLVED]
Replies: 7
Views: 620

Re: How to go back to dynamic IP in DHCP server [SOLVED]

Quick guess is to delete the lease??
by anav
Fri Apr 05, 2019 3:34 pm
Forum: Beginner Basics
Topic: Can't access Internet from LAN devices
Replies: 5
Views: 620

Re: Can't access Internet from LAN devices

please post config
/export hide-sensitive file=yourconfig
by anav
Fri Apr 05, 2019 3:31 pm
Forum: Announcements
Topic: v6.44.2 [stable] is released!
Replies: 67
Views: 12804

Re: v6.44.2 [stable] is released!

Russian-speaking forum: https://forum.mikrotik.by/. Welcome!
Can you add a translated page (little brexit flag link) to english please ;-P
Sorry, I'm out of politics, just use Google Translate xD
Fair enough, wise move! Google it is.
by anav
Fri Apr 05, 2019 3:50 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40730

Re: UKNOF 43 CVE

ipv6 dumb extravagance anyway Welcome to 2019.. you must have been asleep since DARPA were experimenting with this TCP/IP thing.. that's ok though, we'll help you through it. It all started with RIPE and global commerce.. Thank god for that, otherwise I wouldn't had the pure joy of playing doom wit...
by anav
Thu Apr 04, 2019 7:28 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 428
Views: 147026

Re: Tik App, MikroTik android utility ALPHA test

Just wanted to chime in that the APP is working great ---> Router accessed remotely via IKEv2 connection to get to the router and then access APP once internal to the router.
by anav
Thu Apr 04, 2019 6:39 pm
Forum: Announcements
Topic: v6.44.2 [stable] is released!
Replies: 67
Views: 12804

Re: v6.44.2 [stable] is released!

still no progress for bgp and ospf bugs, :( thx This version is exclusively IPv6 soft lockup bugfix. No progress in any other facilities at all. Literacy issue wrt release notes I guess. ;-) Russian-speaking forum: https://forum.mikrotik.by/. Welcome! Can you add a translated page (little brexit fl...
by anav
Thu Apr 04, 2019 4:56 pm
Forum: Beginner Basics
Topic: stuck on 6.42.6 [SOLVED]
Replies: 6
Views: 471

Re: stuck on 6.42.6 [SOLVED]

Got it, you did the best thing to ensure a safe/secure restart.
by anav
Thu Apr 04, 2019 4:55 pm
Forum: Beginner Basics
Topic: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]
Replies: 9
Views: 758

Re: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]

Gun Bae! My IKE v2 implementation was done for my use case. The following is the general sense of what I did. The details will be in my next post later today or tomorrow. User: admin Scenario: I want to be able to access the router via secure connection and use the Mikrotik APP on my iphone to acces...
by anav
Thu Apr 04, 2019 4:49 pm
Forum: Beginner Basics
Topic: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]
Replies: 9
Views: 758

Re: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]

Gun Bae! My IKE v2 implementation was done for my use case. The following is the general sense of what I did. The details will be in my next post later today or tomorrow. User: admin Scenario: I want to be able to access the router via secure connection and use the Mikrotik APP on my iphone to acces...
by anav
Thu Apr 04, 2019 4:19 pm
Forum: Beginner Basics
Topic: stuck on 6.42.6 [SOLVED]
Replies: 6
Views: 471

Re: stuck on 6.42.6 [SOLVED]

Solved in what way? I still have no sense of what was wrong that prevented the upload of newer firmware the normal way?
by anav
Thu Apr 04, 2019 4:15 pm
Forum: Beginner Basics
Topic: Slow upload speeds RB750Gr3
Replies: 2
Views: 380

Re: Slow upload speeds RB750Gr3

You have posted twice on the same topic LOL. Thus you do have some skills! :-) Based on the router speed test tables, thats probably all you are going to get from the Hex. https://mikrotik.com/product/RB750Gr3#fndtn-testresults I have the RB450bx4 and I almost get 1gib throughput that my ISP gives m...
by anav
Thu Apr 04, 2019 4:02 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40730

Re: UKNOF 43 CVE

It can be firewalled like you say, I posted rules that give you ideas how (and you can tune it to your needs). But many said that they have legitimate traffic coming from a single source to multiple destinations. Congrats to your Team Normis, under what must be an incredibly stressful pressure cook...
by anav
Thu Apr 04, 2019 5:02 am
Forum: Beginner Basics
Topic: Need Help Configuring Hotspot & AP VLAN
Replies: 10
Views: 735

Re: Need Help Configuring Hotspot & AP VLAN

Did you have a read through the mother of all vlan references LOL (not dragons though).
viewtopic.php?f=13&t=143620
by anav
Thu Apr 04, 2019 5:00 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 157428

Re: RouterOS v7.0 beta1 - when?

Wow this is the biggest blunder in the history of the internet. Such a shame since RouterOS is great except for this problem with IPv6 in general. This should be open sourced before they go under. Really it's pretty much to late. I say open source RouterOS 7+ now or die. Release it for the communit...
by anav
Wed Apr 03, 2019 11:54 pm
Forum: Beginner Basics
Topic: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]
Replies: 9
Views: 758

Re: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]

Glad you got your network working just right. Kudos go to pcunite who developed the best reference for vlans! I like noodle based soups so if I ever get to Korea you can take me to the best soup restaurants LOL. :-) No worries, I will post later on IKE vpn, at least what the patient people here help...
by anav
Wed Apr 03, 2019 11:49 pm
Forum: Beginner Basics
Topic: Best VPN for Mikrotik / RouterOS
Replies: 12
Views: 2055

Re: Best VPN for Mikrotik / RouterOS

For $20 a month I can get you setup for live TV that is legal so you dont have to torrent LOL.
by anav
Wed Apr 03, 2019 11:48 pm
Forum: Beginner Basics
Topic: Bridge 2 vlans
Replies: 7
Views: 525

Re: Bridge 2 vlans

Diagram would help, in terms of configuring hex..... this reference is spot on for vlans.
viewtopic.php?f=13&t=143620
by anav
Wed Apr 03, 2019 8:08 pm
Forum: General
Topic: DNS redirect using NAT adding VLAN issue
Replies: 24
Views: 1307

Re: DNS redirect using NAT adding VLAN issue

Okay, so the scenario is I have 5 VLANS vlan5,6,7,8,9,10 all on the same bridge (being fed on eth2, eth3 to two different managed switches etc......... vlan5,6,7 require Pi-hole to block advertising, vlans 8,9,10 do not. RPI is on ether4, not on the bridge, not on a vlan with IP 192.168.4.2 (gateway...
by anav
Wed Apr 03, 2019 6:48 pm
Forum: Wireless Networking
Topic: hAP AC Mesh with VLANS
Replies: 1
Views: 295

Re: hAP AC Mesh with VLANS

ethernet over powerline?
How bout.......
https://mikrotik.com/product/wireless_wire
by anav
Wed Apr 03, 2019 6:38 pm
Forum: General
Topic: RB2011iL/UiAS Weirdness Happening, Checking if anyone else has seen this
Replies: 2
Views: 234

Re: RB2011iL/UiAS Weirdness Happening, Checking if anyone else has seen this

Suggest posting a config from the working unit and one from the worst unit to compare..........

/export hide-sensitive file=latestconfigs
by anav
Wed Apr 03, 2019 6:35 pm
Forum: Beginner Basics
Topic: CCR MikroTik configuration [SOLVED]
Replies: 7
Views: 614

Re: CCR MikroTik configuration [SOLVED]

Your communication skills are clearly lacking so yes please carry on without assistance.
If you need help please provide a diagram to help us understand what the network looks like and post a config when ready for review
/export hide-sensitive file=yourlatestconfig
by anav
Wed Apr 03, 2019 5:15 am
Forum: Beginner Basics
Topic: Best VPN for Mikrotik / RouterOS
Replies: 12
Views: 2055

Re: Best VPN for Mikrotik / RouterOS

So you are asking what third party vendor VPN is best? Try google.
by anav
Tue Apr 02, 2019 10:06 pm
Forum: General
Topic: DNS redirect using NAT adding VLAN issue
Replies: 24
Views: 1307

Re: DNS redirect using NAT adding VLAN issue

I'm not sure if that would do the trick ... but can't you use main router as DNS server for clients and use rpi as router's upstream DNS server? So set /ip dns set allow-remote-requests=yes servers=<single IP of rpi here> ... Or do dst-nat on TCP port 53 for "LAN" connections and set up rpi as targ...
by anav
Tue Apr 02, 2019 8:37 pm
Forum: General
Topic: Trunk Port on MT4011 (RTL8367)
Replies: 7
Views: 607

Re: Trunk Port on MT4011 (RTL8367)

Just for info, 4011 is not a good match for doing vlan switching/bridging/filtering as it all has to happen in software by cpu. I am hoping with newer switch chips like my rb450gx4 and rb4011 that the extra CPU power and ram will allow MT to make HW offloading a reality for these newer product for ...
by anav
Tue Apr 02, 2019 8:32 pm
Forum: Wireless Networking
Topic: Problem with Mikrotik Wireless and Dlink IPCam
Replies: 3
Views: 415

Re: Problem with Mikrotik Wireless and Dlink IPCam

Who added these rules...... they smell of security risk. Don't tell me that you actually use the default port for winbox. (There is no need to identify winbox port on firewall rules). add action=accept chain=input comment="Permit HTTP+WINBOX" dst-port=1080 \ protocol=tcp add action=accept chain=inpu...
by anav
Tue Apr 02, 2019 8:03 pm
Forum: General
Topic: How to configure 4 Up-Links on same WAN with 4 vLANs
Replies: 12
Views: 693

Re: How to configure 4 Up-Links on same WAN with 4 vLANs

@k6ccc So are you like a suburb of LA? Seems like your on the cusp of Mountains, must be beautiful and close to ski hills? (prevalent raging forest fires in that area)?
by anav
Tue Apr 02, 2019 7:01 pm
Forum: Wireless Networking
Topic: hAP AC
Replies: 8
Views: 800

Re: hAP AC

Nest, you got me on that one!!
Concur with vecernik69! (the dirty pony).
by anav
Tue Apr 02, 2019 6:58 pm
Forum: General
Topic: How to configure 4 Up-Links on same WAN with 4 vLANs
Replies: 12
Views: 693

Re: How to configure 4 Up-Links on same WAN with 4 vLANs

https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Check out this excellent read with examples. It may not apply but may give you some good ideas at least on the vlan end of things. The rest sounds like a mangle process where you ensure traffic going in one interface, goes out same interface and...
by anav
Tue Apr 02, 2019 6:52 pm
Forum: General
Topic: Trunk Port on MT4011 (RTL8367)
Replies: 7
Views: 607

Re: Trunk Port on MT4011 (RTL8367)

Check out this document as well. Its very good with examples.

viewtopic.php?f=13&t=143620
by anav
Tue Apr 02, 2019 6:48 pm
Forum: Beginner Basics
Topic: DHCP Server Issues
Replies: 26
Views: 1564

Re: DHCP Server Issues

Only other thing I can think of is you still have the old quickset static DNS setting to get rid of.
When you come back try the AP-Wisp default setup. hook up to main router on eth1.
Then all you need to do is configure the bridge and wireless I think.
by anav
Tue Apr 02, 2019 6:42 pm
Forum: Beginner Basics
Topic: DNS issue on vlan OR Not
Replies: 4
Views: 387

Re: DNS issue on vlan OR Not

The interesting story on this one is the following facts. 1. Problem PC a. PC nic card gets VLAN11 dhcp no problem b. Able to ping internet numbers c. Able to ping gateway, router and other network devices d. Able to access other vlan11 network devices by PC such as switches e. Unable to resolve int...
by anav
Tue Apr 02, 2019 6:37 pm
Forum: Beginner Basics
Topic: DNS issue on vlan OR Not
Replies: 4
Views: 387

Re: DNS issue on vlan OR Not

I think I have a graphic somewhere that shows a fist which then dissolves with only one finger remaining............ ;-)
by anav
Tue Apr 02, 2019 6:29 am
Forum: Beginner Basics
Topic: DHCP Server Issues
Replies: 26
Views: 1564

Re: DHCP Server Issues

Hmmm. I dont see anything off the bat?
What mode is the HAPAC2 selected in quickset (AP-WISP?)

Perhaps your configuration is suffering from the 'Trump Wall Effect'.. lmao, sorry couldnt resist its late.
Perhaps with fresh eyes tomorrow I may see something else.
by anav
Tue Apr 02, 2019 6:22 am
Forum: General
Topic: DNS redirect using NAT adding VLAN issue
Replies: 24
Views: 1307

Re: DNS redirect using NAT adding VLAN issue

If I don't have an easier router method, I shall take your advice. Much thanks either way!
by anav
Tue Apr 02, 2019 5:06 am
Forum: General
Topic: vlan swos rb260gs
Replies: 1
Views: 179

Re: vlan swos rb260gs

Exactly provide a diagram and configs if you have them.
by anav
Tue Apr 02, 2019 3:02 am
Forum: Beginner Basics
Topic: DHCP Server Issues
Replies: 26
Views: 1564

Re: DHCP Server Issues

if you post both configs again I may have time to look at it later tonight.
by anav
Mon Apr 01, 2019 11:35 pm
Forum: General
Topic: DNS redirect using NAT adding VLAN issue
Replies: 24
Views: 1307

Re: DNS redirect using NAT adding VLAN issue

So you configured the RPI itself with multiple VLAN subnets??
by anav
Mon Apr 01, 2019 10:34 pm
Forum: General
Topic: DNS redirect using NAT adding VLAN issue
Replies: 24
Views: 1307

Re: DNS redirect using NAT adding VLAN issue

++++++++++++++++++++++ Wait , what if for the vlans I want lets say vlan11,100,200,69,66 I use the gateway IP of the associated subnet as the DNS server (AS I DO NOW). Then since its really the router I am pointing them at....... I tell the router send all my DNS requests to the pi-hole. Is that po...
by anav
Mon Apr 01, 2019 10:31 pm
Forum: Wireless Networking
Topic: hAP AC
Replies: 8
Views: 800

Re: hAP AC

Can anyone inform me about theorical maximum concurrents users can be connect on hAP AC device. 50 users 150 users 500 users 2000 users I think you would be safe up to 50 users. After that you probably get reduced performance 50-80 and probably useless performance at 100. Should perhaps be looking ...
by anav
Mon Apr 01, 2019 10:20 pm
Forum: General
Topic: WAN Notifications
Replies: 6
Views: 454

Re: WAN Notifications

How will you be notified if all three go down? :-) The purpose of failover is so that the internet keeps being provided if one or two ISPs are not available. There is nothing to admin here unless you control the ISPs LOL. If the router goes down well you are in the situation of the first line. If th...
by anav
Mon Apr 01, 2019 8:03 pm
Forum: Beginner Basics
Topic: DHCP Server Issues
Replies: 26
Views: 1564

Re: DHCP Server Issues

Are you saying scripts are on your devices and you don't know how they got there??
by anav
Mon Apr 01, 2019 6:30 pm
Forum: General
Topic: DNS redirect using NAT adding VLAN issue
Replies: 24
Views: 1307

Re: DNS redirect using NAT adding VLAN issue

OMG, I am getting ill, I am going to have to program another box, this time in snotty linus code... Egads, I am really stooping low here. Where is my spoon its feeding time. ;-) Okay so put vlan11 on the eth0 port and with a fixed static LANIP. That part seems okay. Next are you saying I have to add...
by anav
Mon Apr 01, 2019 6:21 pm
Forum: General
Topic: ros rb4011 2.4g can't be connected by 4 devices?
Replies: 6
Views: 503

Re: ros rb4011 2.4g can't be connected by 4 devices?

One should realize that stating i use my rb4011 but when the 2.4 wireless devices over 4 i cant't connect it any more why? Is NOT the same situation as I have created 20 virtual WLANS and am having issues with this setup when connecting more than four devices to (a single vLWAN or four different vLW...
by anav
Mon Apr 01, 2019 6:17 pm
Forum: Beginner Basics
Topic: DHCP Server Issues
Replies: 26
Views: 1564

Re: DHCP Server Issues

There is no need for capsman If you don't want to use it. In other words, nothing forces one to use it. I have two capACs and you would have to beat me with a spoon for a long long time for me to add complexity to my life unnecessarily.
by anav
Mon Apr 01, 2019 6:05 pm
Forum: Beginner Basics
Topic: Trouble getting WAN over to VLANs
Replies: 1
Views: 193

Re: Trouble getting WAN over to VLANs

Hi there, best bet is to have a read through this link, it has great examples. Check your config against it. If you have any questions or have modded your config and want to have it reviewed post back. Cheers! https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 On a first blush, one line that sto...
by anav
Mon Apr 01, 2019 5:57 pm
Forum: Beginner Basics
Topic: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]
Replies: 9
Views: 758

Re: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]

Below, I discuss your setup which may cause some issues and because its hard to understand your config. +++++++++++++++++++++++++++++++++++++++++++++++++++ First, the naming of your interfaces is very strange. There is no advantage I see to naming your etherport by LAN name and its very confusing. J...
by anav
Mon Apr 01, 2019 12:05 am
Forum: Beginner Basics
Topic: VLAN Ethernet ports on CAP
Replies: 6
Views: 479

Re: VLAN Ethernet ports on CAP

Have a read through this reference, there is an example for your case.

viewtopic.php?f=13&t=143620
by anav
Sun Mar 31, 2019 8:08 pm
Forum: Beginner Basics
Topic: Force local IP to use specific wan on load balancing
Replies: 15
Views: 892

Re: Force local IP to use specific wan on load balancing

I guess what I meant is that you will be accessing your file server when at remote sites (like a coffee shop etc).
by anav
Sun Mar 31, 2019 7:48 pm
Forum: General
Topic: DNS redirect using NAT adding VLAN issue
Replies: 24
Views: 1307

Re: DNS redirect using NAT adding VLAN issue

Okay I am ready to deploy my Rasp PI with Hole Ad blocking but I have a dilemma. The questions is how to implement in a multi-VLAN universe. I have two options ( I will be using an available port on the router as I thought the closer to source the better). Option A. Create a pi-hole VLAN for this pu...
by anav
Sun Mar 31, 2019 7:31 pm
Forum: Beginner Basics
Topic: VLAN Ethernet ports on CAP
Replies: 6
Views: 479

Re: VLAN Ethernet ports on CAP

What type of cap devices are you using. My cap ACs have two ethernet ports but only use one (wired connection to it)?
(It is by no means a switch but I suppose if desperate.......)
by anav
Sun Mar 31, 2019 7:30 pm
Forum: Beginner Basics
Topic: Force local IP to use specific wan on load balancing
Replies: 15
Views: 892

Re: Force local IP to use specific wan on load balancing

Can you clarify that you want to provide a file server on a cellular 4G network? In other words you are expecting others to come in on the 4G network and get files from your server?
by anav
Sun Mar 31, 2019 4:37 pm
Forum: General
Topic: ros rb4011 2.4g can't be connected by 4 devices?
Replies: 6
Views: 503

Re: ros rb4011 2.4g can't be connected by 4 devices?

Obviously you need the RB5011. :-)
Wait, let me check my crystal ball............ Its cloudy today can't see much.
I know, my tarot cards are handy........... drats there is cat puke on them, useless.

Hmm I know, post your config
/export hide-sensitive file=yourconfig31mar
by anav
Sun Mar 31, 2019 5:33 am
Forum: Beginner Basics
Topic: DHCP Server Issues
Replies: 26
Views: 1564

Re: DHCP Server Issues

A quick perusal doesnt seem to have any show stoppers. I would look at DNS /ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 /ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 /ip dns static add address=192.168.88.1 name=router.lan Go to the IP DNS s...
by anav
Sat Mar 30, 2019 8:38 pm
Forum: Beginner Basics
Topic: Managment Vlan, Port Vlan problem.
Replies: 11
Views: 874

Re: Managment Vlan, Port Vlan problem.

Two things I dont understand. a. why you do not have the bridge as well tagged for the first two /interface bridge vlan rules? b. how any of the vlans get addresses, dhcp service, etc......... you only are showing the single management vlan but I suspect that this was only to focus on Vlan50 and thu...
by anav
Sat Mar 30, 2019 5:18 pm
Forum: Wireless Networking
Topic: dual AP qick setup
Replies: 5
Views: 549

Re: dual AP qick setup

Don't worry mate, I don't ride ponies! :-0. At least not convicted of doing so yet!
by anav
Sat Mar 30, 2019 5:16 pm
Forum: Wireless Networking
Topic: WiFi in garden - wouldn't cAP AC be better than wAP AC?
Replies: 15
Views: 1368

Re: WiFi in garden - wouldn't cAP AC be better than wAP AC?

mkx playing in the garden again LOL. I bet your the expert on pig fertilizer!
The other issue besides insects would be humidity/fog etc. Plus1 for a purpose designed outdoor unit!!
by anav
Sat Mar 30, 2019 5:13 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40730

Re: UKNOF 43 CVE

If your networks are so huge and yet you have failed to scale your infrastructure accordingly so that updating them is not manageable, and yet you have money to change over many of your devices just tells me you have other issues to overcome before changing equipment over. Besides the fact that you ...
by anav
Sat Mar 30, 2019 5:02 pm
Forum: Beginner Basics
Topic: Managment Vlan, Port Vlan problem.
Replies: 11
Views: 874

Re: Managment Vlan, Port Vlan problem.

Hahah, touche mon amie! ;-p Yes the odd settings looked like one of those stupid chip setup nomenclatures that just want to make me puke. Then I saw two bridges, which made me more ill! Then interface bonding, and I thought, I will get myself into trouble with mkx AND sob if I muck about. However th...
by anav
Sat Mar 30, 2019 3:44 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3185

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Thanks I will try to have those tattooed on my forehead LOL. Now I understand why those input rules can be done either through input chain or prerouting chain. That Postrouting mangling has nothing to do with changing anything routing wise, but to respect the routing already done and apply it? What ...
by anav
Sat Mar 30, 2019 3:13 pm
Forum: Beginner Basics
Topic: Managment Vlan, Port Vlan problem.
Replies: 11
Views: 874

Re: Managment Vlan, Port Vlan problem.

Sorry I am not familiar with the switch chip vlan method only the vlan filtering single bridge method.
by anav
Fri Mar 29, 2019 7:35 pm
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 1926

Re: IKEv2 Mobile VPN IOS [SOLVED]

Okay as I thought someone trying to get in.......... No harm no foul. I had debugging on for a bit. When I saw the BOAT PHUCKING LOAD of handshaking going on with tables of entries, I thought my vpn was out of control. Seems its normal but does give one a sense of the encryption and steps involved a...
by anav
Fri Mar 29, 2019 7:30 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40730

Re: UKNOF 43 CVE

They have to fix the code without breaking the rest of it. Appears this is why it took so long. If they are changing something at a deep deep root level, then the ramifications will spread out like spider webs and each strand has to be dealt with. Not surprising that it takes time. All the while the...
by anav
Fri Mar 29, 2019 4:38 pm
Forum: Beginner Basics
Topic: Load balancing - 2 links 300mbps each
Replies: 5
Views: 567

Re: Load balancing - 2 links 300mbps each

What about the RB450gx4 routerboard??
by anav
Fri Mar 29, 2019 3:14 pm
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 1926

Re: IKEv2 Mobile VPN IOS [SOLVED]

I need some input as to whether I should be concerned or not about a couple of logged firewall entries that I saw recently. I have disabled my vpn (ike) fw rules until I have a better understanding. Note my iphone was not connected at any time when these events took place. "iphone connecting to rout...
by anav
Fri Mar 29, 2019 12:05 am
Forum: Beginner Basics
Topic: DNS issue on vlan OR Not
Replies: 4
Views: 387

DNS issue on vlan OR Not

I have a fairly new PC that for some reason today can no longer resolve IPs. (on vlan11) I can ping IPs, but nslookups dont work. Heck I can even remote rdp out to a wan IP. I tried static and dynamic settings no difference, even unchecked ipv6. Since the PC has wifi I checked the same vlan on wifi ...
by anav
Thu Mar 28, 2019 9:19 pm
Forum: General
Topic: Running IPv6 on Mikrotik? You're out of business in 12 days time
Replies: 32
Views: 15692

Re: Running IPv6 on Mikrotik? You're out of business in 12 days time

Glad I have not even turned on ipv6 packages yet, that link from mkx was back in 2017?? 50 days, how bout 2 years.
by anav
Thu Mar 28, 2019 9:13 pm
Forum: General
Topic: PORT Forwarding for unassigned ports
Replies: 13
Views: 661

Re: PORT Forwarding for unassigned ports

The only unusual is dst-port=3389-3389 with both numbers being the same. What do you have against dst-address-type=local? Nothing in particular but it seems that you randomly dont like me using in-interface=eth1-wan for dst nat rules, but I cant randomly dislike dst-address-type=local rules? Tis no...
by anav
Thu Mar 28, 2019 9:10 pm
Forum: General
Topic: Port forwarding to two pcs for RDP
Replies: 12
Views: 973

Re: Port forwarding to two pcs for RDP

@anav: Give it a break with in-interface, dst-address is fine.
Sorry I usually talk myself through config rules.
Where are you coming from my sweet little packet and so forth. :-)
Is there a situation where stating in-interface=eth-1 wan could be a problem (not including multi-wan setups)??
by anav
Thu Mar 28, 2019 9:08 pm
Forum: Beginner Basics
Topic: Access from remote network not from local network
Replies: 2
Views: 328

Re: Access from remote network not from local network

Try accessing the external domain name from another subnet (not the subnet the server is on).
In general the functionality you are looking for is called hairpin nat.
by anav
Thu Mar 28, 2019 9:06 pm
Forum: Beginner Basics
Topic: Setting up 2 hAP ac2 - one network
Replies: 1
Views: 344

Re: Setting up 2 hAP ac2 - one network

https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Yup use the above reference to help you setup a structure. Use AP-WISP quickset for the hapac acting as an AP switch to get you started and then modifications after that are MINIMAL -use a bridge -create any vlans required to match vlan IDs used...
by anav
Thu Mar 28, 2019 9:04 pm
Forum: Beginner Basics
Topic: very simple vlan and testing
Replies: 2
Views: 284

Re: very simply vlan and testing

Please read this excellent reference as that will put you in the right place.
viewtopic.php?f=13&t=143620
by anav
Thu Mar 28, 2019 8:38 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3185

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Okay so the lessons learned are... With multiple wans a. mark all incoming packets to ensure they will exit the same wan using connection marks (consistent and logical config management) b. for all packets destined to the router, they will go back to the internet via the output chain. c. thus output...
by anav
Thu Mar 28, 2019 8:17 pm
Forum: Beginner Basics
Topic: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]
Replies: 9
Views: 758

Re: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]

It appears you have two connections between the router and the switch? Is this true? Also, please post your configs in this way... /export hide-sensitive file=yourconfigrouter (from your router) and change your isp gateway IP and wani IP to letters /export hide-sensitive file=yourconfigswitch (from ...
by anav
Thu Mar 28, 2019 6:33 pm
Forum: General
Topic: PORT Forwarding for unassigned ports
Replies: 13
Views: 661

Re: PORT Forwarding for unassigned ports

I gather this has nothing to do with normal destination nat from the wan side. Accessing the pc on the lan from the wan? The reason I am thinking this is your masquerade rule is really weird and your destination rule is weirder still! I would have expected something like. dynamic wanip add action=ma...
by anav
Thu Mar 28, 2019 6:22 pm
Forum: General
Topic: Cloud IPs need to be blocked
Replies: 13
Views: 1147

Re: Cloud IPs need to be blocked

select gROOTs answer as solved so people know its solved.
by anav
Thu Mar 28, 2019 6:21 pm
Forum: General
Topic: Port forwarding to two pcs for RDP
Replies: 12
Views: 973

Re: Port forwarding to two pcs for RDP

If that is the case the proper setup is......
NAT rule
add action=dstnat chain=dst-nat protocol=tcp dst-port=xyxyxyx in-interface=eth1-wan to-address=lanServerIP1 to-ports=3389
add action=dstnat chain=dst-nat protocol=tcp dst-port=ztztzt in-interface=eth1-wan to-address=lanServerIP2 to-ports=3389
by anav
Thu Mar 28, 2019 6:17 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3185

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Hi Sob, Follow, but here is my issue (mental block). If we are going to mangle output chain with route marks based on connection marks that were applied way back at the entrance of originating traffic coming in on wans x, y, z.) then why the heck are we route marking those packets earlier after they...
by anav
Thu Mar 28, 2019 12:50 am
Forum: General
Topic: EOIP when Behind another Router - A No Go?
Replies: 6
Views: 463

Re: EOIP when Behind another Router - A No Go?

Haha, I love your criteria, but its all wrong for me. Couldnt care less about what layer I am dealing with, layers are for onions! What stokes my goat is how easy it is to setup. I have watched setting up of an EOIP tunnel, no offense but even I can't screw that up (mt gods are snickering namely sob...
by anav
Thu Mar 28, 2019 12:45 am
Forum: Beginner Basics
Topic: Question about recent VLAN post "VLAN your network"
Replies: 5
Views: 374

Re: Question about recent VLAN post "VLAN your network"

Funny! My brother, who works on networks at a small carrier, told me the same thing last night. :)

By the way, my Mikrotik stuff was a Christmas gift from him. Something to keep me occupied.... it's certainly done that!
So, there is a family plot at foot to drive you stark raving mad! ;-=)
by anav
Wed Mar 27, 2019 11:26 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3185

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

hahah, you know what I got out of your explanation right............. well slightly more than that LOL. I got the fact that the output chain mangle rules are strictly for traffic that went to the router and now has to leave the router but has to go out the right wanx and thus we mark route this traf...
by anav
Wed Mar 27, 2019 11:22 pm
Forum: Beginner Basics
Topic: Question about recent VLAN post "VLAN your network"
Replies: 5
Views: 374

Re: Question about recent VLAN post "VLAN your network"

Thanks very much for clarifying this for me. Probably because I'm new to all this, I did not quite get that understanding out of the VLAN post. I appreciate your thorough replay. Hopefully, in the coming days I'll take a stab at implementing this. Worst case, I've become very familiar with the rese...
by anav
Wed Mar 27, 2019 10:17 pm
Forum: General
Topic: IKEv2 - Road Warrior (NAT Workaround)
Replies: 50
Views: 6643

Re: IKEv2 - Road Warrior (NAT Workaround)

That's what I thought, so IP cloud can handle both local and remote dynamic IP situations for EOIP tunnels correct?
by anav
Wed Mar 27, 2019 10:10 pm
Forum: General
Topic: PVID question!
Replies: 3
Views: 577

Re: PVID question!

No worries, Zock and I do encourage you to read the link reference several times to fully understand it. (draw your own network diagrams and config and compare how you do for example). The best thing to do about the bridge is leave it at default settings pvid=1 is the default. We are not going to us...
by anav
Wed Mar 27, 2019 9:42 pm
Forum: General
Topic: IKEv2 - Road Warrior (NAT Workaround)
Replies: 50
Views: 6643

Re: IKEv2 - Road Warrior (NAT Workaround)

@gotsprings, does IP cloud address of home router get updated automatically if the IP changes or does one need a script for that?/ @sindy remind me to call you when I try ipsec related setups. I managed to get ikev2 working on my iphone....... pretty pleased with that. IP Cloud updates every 60 sec...
by anav
Wed Mar 27, 2019 9:33 pm
Forum: General
Topic: Firewall rules: dst-limit invert
Replies: 10
Views: 520

Re: Firewall rules: dst-limit invert

Okay so you are limiting how many sessions a person can have open on your site? For example an FTP server, to limit of 3 would not allow someone to download more than 3 files at any one time? The rate of connections is a harder one to pin down. Hmmm, can you think of an example???
by anav
Wed Mar 27, 2019 9:29 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3185

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

So the conclusion I can make is that. Marking the server responses with mark routes is not enough! All traffic with mangled anything needs to be identified on the way out the door with the same mark route markings. For some unknown reason the IP Route instructions from the admin are not enough??? Si...
by anav
Wed Mar 27, 2019 9:22 pm
Forum: Beginner Basics
Topic: Question about recent VLAN post "VLAN your network"
Replies: 5
Views: 374

Re: Question about recent VLAN post "VLAN your network"

I think your missing the point. Untagged traffic is not for the purpose of subnetting a specific LAN. It is a functionality to enable the admin to indicate to the router which interfaces need the tagged vlan stripped off before reaching the other end of the cable connected to the port. This is typic...
by anav
Wed Mar 27, 2019 6:34 pm
Forum: Beginner Basics
Topic: Block traffic between VLAN
Replies: 8
Views: 594

Re: Block traffic between VLAN

Clean way. /ip firewall filter {input chain} allow established related block invalid allow icmp allow admin to router allow lan requests for DNS tcp/udp drop all else {forward chain} fastrack allow established related allow established related +++++++++++++++++++++++++ drop all else. With this setup...
by anav
Wed Mar 27, 2019 5:54 pm
Forum: Wireless Networking
Topic: dual AP qick setup
Replies: 5
Views: 549

Re: dual AP qick setup

Ahh okay, I used the default setting on my capac (came with AP-WISP) selected as default. I simply added the WLANs and vWLANs I needed. I assumed a quickset setting of dualAP was also standard on some devices and would work out of the box. You don't expect me to remember every detail of every thread...
by anav
Wed Mar 27, 2019 5:50 pm
Forum: General
Topic: Cloud IPs need to be blocked
Replies: 13
Views: 1147

Re: Cloud IPs need to be blocked

Support staff are not so easily annoyed. In fact they expect and like questions which have a quick and easy answer.
Operator error! :-)
by anav
Wed Mar 27, 2019 5:49 pm
Forum: General
Topic: IKEv2 - Road Warrior (NAT Workaround)
Replies: 50
Views: 6643

Re: IKEv2 - Road Warrior (NAT Workaround)

@gotsprings, does IP cloud address of home router get updated automatically if the IP changes or does one need a script for that?/
@sindy remind me to call you when I try ipsec related setups. I managed to get ikev2 working on my iphone....... pretty pleased with that.
by anav
Wed Mar 27, 2019 5:44 pm
Forum: General
Topic: PVID question!
Replies: 3
Views: 577

Re: PVID question!

This thread is the best resource for vlans........... https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Caveat the below is based upon my experience with ROUTER vlans on a bridge with bridge filtering (not switch based vlans). Basically bridge ports are used to identify trunk ports and access p...
by anav
Wed Mar 27, 2019 5:37 pm
Forum: General
Topic: Firewall rules: dst-limit invert
Replies: 10
Views: 520

Re: Firewall rules: dst-limit invert

Resource limiting / protection: rate, capacity, ...
too vague of an answer for me..........
What does this limiting actually do and why would I apply it to my pc, somebody elses PC, a printer, etc.................
by anav
Wed Mar 27, 2019 5:32 pm
Forum: General
Topic: Port forwarding to two pcs for RDP
Replies: 12
Views: 973

Re: Port forwarding to two pcs for RDP

I didnt quite understand your setup? If you wist to use a non-standard RDP port and then port translate that to the standard RDP port of 3389, I have provided a sample A below. This sample also assumes that there is only one RDP server (pc) on the LAN. Example A. 1. Forward Chain Filter rule. add ac...
by anav
Wed Mar 27, 2019 5:23 pm
Forum: Beginner Basics
Topic: How to remove the static switch from this setup ?
Replies: 16
Views: 666

Re: How to remove the static switch from this setup ?

Netflix account you can share with two others and thus recoup some of the fees by asking for 2 Euros for the account LOL. 10-2-2 means only paying 6 euros for netflix vice 10. Throw in the other 6 euros from dropping the extra WANIP and thats now 12 Euros a month. I am going to make you rich!!! or v...
by anav
Wed Mar 27, 2019 5:20 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3185

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Seems like you should draw a diagram of how this works............. Pre routing, pouting, means little to me LOL. See my granular diagram below! Session A. WANTRAFFICINCOMINGWanX---------------------->ROUTER PREROUTING--------->Mangle-----> Apply WANX connection marks to session A connection--------...
by anav
Wed Mar 27, 2019 5:03 pm
Forum: Beginner Basics
Topic: How do you turn on hEX's DMZ?
Replies: 16
Views: 2506

Re: How do you turn on hEX's DMZ?

Now this is what I am talking about. Come to MT forums and learn philosophy!! The correct answer is use lights or dynamite! - too much work to drain a pond and one may starve to death in the meantime ;-) As for the OP, I think its fair to say, there is no such functionality called DMZ at least in te...
by anav
Wed Mar 27, 2019 4:49 pm
Forum: Beginner Basics
Topic: What is the version of TLS and JAVA in Mikrotik version 6.44.1 ?
Replies: 5
Views: 474

Re: What is the version of TLS and JAVA in Mikrotik version 6.44.1 ?

That is only if you use webconfig correct?
by anav
Wed Mar 27, 2019 1:31 pm
Forum: General
Topic: Providing Internet access to VLANs
Replies: 21
Views: 1528

Re: Providing Internet access to VLANs

Its very possible................. I have something similar, one MT Router RB450gx4 feeding a dlink 24port managed switch on eth2, eth3 goes to a 260GS MT managed switch, eth 4 goes to a second LAN not on the bridge. The Dlink feeds some access ports and a three trunk ports (one to a second 260GS sw...
by anav
Wed Mar 27, 2019 1:02 pm
Forum: General
Topic: Cloud IPs need to be blocked
Replies: 13
Views: 1147

Re: Cloud IPs need to be blocked

Open the door HAL..... Resistance is futile, join the MT Borg.... Obviously this one has not been cloned yet and is still fighting back.. We are pwned by the Cloud.. Wake up you have simply been dreaming, there is no traffic to the cloud, trust MT! Suggest sending a supout file to MT support and any...
by anav
Wed Mar 27, 2019 12:56 pm
Forum: General
Topic: Firewall rules: dst-limit invert
Replies: 10
Views: 520

Re: Firewall rules: dst-limit invert

What would be a typical usage for such setups?
by anav
Wed Mar 27, 2019 12:54 pm
Forum: Beginner Basics
Topic: How to remove the static switch from this setup ?
Replies: 16
Views: 666

Re: How to remove the static switch from this setup ?

I didn't knew what you meant about the savings and IP :P I got a "business" type plan with 3 dedicated IP which is max for this plan, my ISP gave me 3 pppoe accounts for that :) The accounts are set to 1000mbps down and 500mbps up so I like them, and only ~22 EUR/mo total. And for the home router I...
by anav
Wed Mar 27, 2019 12:51 pm
Forum: Beginner Basics
Topic: What is the best outdoor wireless access point
Replies: 9
Views: 861

Re: What is the best outdoor wireless access point

Perhaps think outside the container. :-) (1) WAN or MultiWAN input to main Router (2) Router ethernet too Outdoor Multipoint Omni TX device of some sort (in close proximity LOS) to containers. (3) Each Container equipped with a receiving antenna (to ethernet cable built-in) to AP inside container w...
by anav
Wed Mar 27, 2019 12:47 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3185

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

It's not circle when you go only one way. So far you covered only first incoming packet, which got the connection marked. Now what about response packet that the service on router wants to send to client? They get routed marked as per below!! and now the router can send them out the right WAN inter...
by anav
Wed Mar 27, 2019 2:19 am
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3185

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

And around we go in circles, because we have already stated that data coming into any one of the wan ports is already marked with a connection mark, whether tis destined for port 380, 666 or whatever. Traffic not ORIGINATING on the LAN side.
by anav
Wed Mar 27, 2019 1:32 am
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3185

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

I like that dst address rule accept to remove local traffic from being mangled LOL. Brilliant! As for my point, who cares about marking output chain traffic with a second set of route marks. As I stated return traffic from the server which came from the various wans to begin with got connection mark...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 11