Community discussions

MUM Europe 2020

Search found 3225 matches

by anav
Mon Apr 01, 2019 5:57 pm
Forum: Beginner Basics
Topic: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]
Replies: 9
Views: 920

Re: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]

Below, I discuss your setup which may cause some issues and because its hard to understand your config. +++++++++++++++++++++++++++++++++++++++++++++++++++ First, the naming of your interfaces is very strange. There is no advantage I see to naming your etherport by LAN name and its very confusing. J...
by anav
Mon Apr 01, 2019 12:05 am
Forum: Beginner Basics
Topic: VLAN Ethernet ports on CAP
Replies: 6
Views: 589

Re: VLAN Ethernet ports on CAP

Have a read through this reference, there is an example for your case.

viewtopic.php?f=13&t=143620
by anav
Sun Mar 31, 2019 8:08 pm
Forum: Beginner Basics
Topic: Force local IP to use specific wan on load balancing
Replies: 15
Views: 1321

Re: Force local IP to use specific wan on load balancing

I guess what I meant is that you will be accessing your file server when at remote sites (like a coffee shop etc).
by anav
Sun Mar 31, 2019 7:48 pm
Forum: General
Topic: DNS redirect using NAT adding VLAN issue
Replies: 24
Views: 1634

Re: DNS redirect using NAT adding VLAN issue

Okay I am ready to deploy my Rasp PI with Hole Ad blocking but I have a dilemma. The questions is how to implement in a multi-VLAN universe. I have two options ( I will be using an available port on the router as I thought the closer to source the better). Option A. Create a pi-hole VLAN for this pu...
by anav
Sun Mar 31, 2019 7:31 pm
Forum: Beginner Basics
Topic: VLAN Ethernet ports on CAP
Replies: 6
Views: 589

Re: VLAN Ethernet ports on CAP

What type of cap devices are you using. My cap ACs have two ethernet ports but only use one (wired connection to it)?
(It is by no means a switch but I suppose if desperate.......)
by anav
Sun Mar 31, 2019 7:30 pm
Forum: Beginner Basics
Topic: Force local IP to use specific wan on load balancing
Replies: 15
Views: 1321

Re: Force local IP to use specific wan on load balancing

Can you clarify that you want to provide a file server on a cellular 4G network? In other words you are expecting others to come in on the 4G network and get files from your server?
by anav
Sun Mar 31, 2019 4:37 pm
Forum: General
Topic: ros rb4011 2.4g can't be connected by 4 devices?
Replies: 6
Views: 666

Re: ros rb4011 2.4g can't be connected by 4 devices?

Obviously you need the RB5011. :-)
Wait, let me check my crystal ball............ Its cloudy today can't see much.
I know, my tarot cards are handy........... drats there is cat puke on them, useless.

Hmm I know, post your config
/export hide-sensitive file=yourconfig31mar
by anav
Sun Mar 31, 2019 5:33 am
Forum: Beginner Basics
Topic: DHCP Server Issues
Replies: 26
Views: 1960

Re: DHCP Server Issues

A quick perusal doesnt seem to have any show stoppers. I would look at DNS /ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 /ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 /ip dns static add address=192.168.88.1 name=router.lan Go to the IP DNS s...
by anav
Sat Mar 30, 2019 8:38 pm
Forum: Beginner Basics
Topic: Managment Vlan, Port Vlan problem.
Replies: 11
Views: 1038

Re: Managment Vlan, Port Vlan problem.

Two things I dont understand. a. why you do not have the bridge as well tagged for the first two /interface bridge vlan rules? b. how any of the vlans get addresses, dhcp service, etc......... you only are showing the single management vlan but I suspect that this was only to focus on Vlan50 and thu...
by anav
Sat Mar 30, 2019 5:18 pm
Forum: Wireless Networking
Topic: dual AP qick setup
Replies: 5
Views: 802

Re: dual AP qick setup

Don't worry mate, I don't ride ponies! :-0. At least not convicted of doing so yet!
by anav
Sat Mar 30, 2019 5:16 pm
Forum: Wireless Networking
Topic: WiFi in garden - wouldn't cAP AC be better than wAP AC?
Replies: 15
Views: 1644

Re: WiFi in garden - wouldn't cAP AC be better than wAP AC?

mkx playing in the garden again LOL. I bet your the expert on pig fertilizer!
The other issue besides insects would be humidity/fog etc. Plus1 for a purpose designed outdoor unit!!
by anav
Sat Mar 30, 2019 5:13 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 43737

Re: UKNOF 43 CVE

If your networks are so huge and yet you have failed to scale your infrastructure accordingly so that updating them is not manageable, and yet you have money to change over many of your devices just tells me you have other issues to overcome before changing equipment over. Besides the fact that you ...
by anav
Sat Mar 30, 2019 5:02 pm
Forum: Beginner Basics
Topic: Managment Vlan, Port Vlan problem.
Replies: 11
Views: 1038

Re: Managment Vlan, Port Vlan problem.

Hahah, touche mon amie! ;-p Yes the odd settings looked like one of those stupid chip setup nomenclatures that just want to make me puke. Then I saw two bridges, which made me more ill! Then interface bonding, and I thought, I will get myself into trouble with mkx AND sob if I muck about. However th...
by anav
Sat Mar 30, 2019 3:44 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Thanks I will try to have those tattooed on my forehead LOL. Now I understand why those input rules can be done either through input chain or prerouting chain. That Postrouting mangling has nothing to do with changing anything routing wise, but to respect the routing already done and apply it? What ...
by anav
Sat Mar 30, 2019 3:13 pm
Forum: Beginner Basics
Topic: Managment Vlan, Port Vlan problem.
Replies: 11
Views: 1038

Re: Managment Vlan, Port Vlan problem.

Sorry I am not familiar with the switch chip vlan method only the vlan filtering single bridge method.
by anav
Fri Mar 29, 2019 7:35 pm
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

Re: IKEv2 Mobile VPN IOS [SOLVED]

Okay as I thought someone trying to get in.......... No harm no foul. I had debugging on for a bit. When I saw the BOAT PHUCKING LOAD of handshaking going on with tables of entries, I thought my vpn was out of control. Seems its normal but does give one a sense of the encryption and steps involved a...
by anav
Fri Mar 29, 2019 7:30 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 43737

Re: UKNOF 43 CVE

They have to fix the code without breaking the rest of it. Appears this is why it took so long. If they are changing something at a deep deep root level, then the ramifications will spread out like spider webs and each strand has to be dealt with. Not surprising that it takes time. All the while the...
by anav
Fri Mar 29, 2019 4:38 pm
Forum: Beginner Basics
Topic: Load balancing - 2 links 300mbps each
Replies: 5
Views: 652

Re: Load balancing - 2 links 300mbps each

What about the RB450gx4 routerboard??
by anav
Fri Mar 29, 2019 3:14 pm
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

Re: IKEv2 Mobile VPN IOS [SOLVED]

I need some input as to whether I should be concerned or not about a couple of logged firewall entries that I saw recently. I have disabled my vpn (ike) fw rules until I have a better understanding. Note my iphone was not connected at any time when these events took place. "iphone connecting to rout...
by anav
Fri Mar 29, 2019 12:05 am
Forum: Beginner Basics
Topic: DNS issue on vlan OR Not
Replies: 4
Views: 478

DNS issue on vlan OR Not

I have a fairly new PC that for some reason today can no longer resolve IPs. (on vlan11) I can ping IPs, but nslookups dont work. Heck I can even remote rdp out to a wan IP. I tried static and dynamic settings no difference, even unchecked ipv6. Since the PC has wifi I checked the same vlan on wifi ...
by anav
Thu Mar 28, 2019 9:19 pm
Forum: General
Topic: Running IPv6 on Mikrotik? You're out of business in 12 days time
Replies: 32
Views: 16751

Re: Running IPv6 on Mikrotik? You're out of business in 12 days time

Glad I have not even turned on ipv6 packages yet, that link from mkx was back in 2017?? 50 days, how bout 2 years.
by anav
Thu Mar 28, 2019 9:13 pm
Forum: General
Topic: PORT Forwarding for unassigned ports
Replies: 13
Views: 778

Re: PORT Forwarding for unassigned ports

The only unusual is dst-port=3389-3389 with both numbers being the same. What do you have against dst-address-type=local? Nothing in particular but it seems that you randomly dont like me using in-interface=eth1-wan for dst nat rules, but I cant randomly dislike dst-address-type=local rules? Tis no...
by anav
Thu Mar 28, 2019 9:10 pm
Forum: General
Topic: Port forwarding to two pcs for RDP
Replies: 12
Views: 1515

Re: Port forwarding to two pcs for RDP

@anav: Give it a break with in-interface, dst-address is fine.
Sorry I usually talk myself through config rules.
Where are you coming from my sweet little packet and so forth. :-)
Is there a situation where stating in-interface=eth-1 wan could be a problem (not including multi-wan setups)??
by anav
Thu Mar 28, 2019 9:08 pm
Forum: Beginner Basics
Topic: Access from remote network not from local network
Replies: 2
Views: 498

Re: Access from remote network not from local network

Try accessing the external domain name from another subnet (not the subnet the server is on).
In general the functionality you are looking for is called hairpin nat.
by anav
Thu Mar 28, 2019 9:06 pm
Forum: Beginner Basics
Topic: Setting up 2 hAP ac2 - one network
Replies: 1
Views: 487

Re: Setting up 2 hAP ac2 - one network

https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Yup use the above reference to help you setup a structure. Use AP-WISP quickset for the hapac acting as an AP switch to get you started and then modifications after that are MINIMAL -use a bridge -create any vlans required to match vlan IDs used...
by anav
Thu Mar 28, 2019 9:04 pm
Forum: Beginner Basics
Topic: very simple vlan and testing
Replies: 2
Views: 391

Re: very simply vlan and testing

Please read this excellent reference as that will put you in the right place.
viewtopic.php?f=13&t=143620
by anav
Thu Mar 28, 2019 8:38 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Okay so the lessons learned are... With multiple wans a. mark all incoming packets to ensure they will exit the same wan using connection marks (consistent and logical config management) b. for all packets destined to the router, they will go back to the internet via the output chain. c. thus output...
by anav
Thu Mar 28, 2019 8:17 pm
Forum: Beginner Basics
Topic: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]
Replies: 9
Views: 920

Re: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]

It appears you have two connections between the router and the switch? Is this true? Also, please post your configs in this way... /export hide-sensitive file=yourconfigrouter (from your router) and change your isp gateway IP and wani IP to letters /export hide-sensitive file=yourconfigswitch (from ...
by anav
Thu Mar 28, 2019 6:33 pm
Forum: General
Topic: PORT Forwarding for unassigned ports
Replies: 13
Views: 778

Re: PORT Forwarding for unassigned ports

I gather this has nothing to do with normal destination nat from the wan side. Accessing the pc on the lan from the wan? The reason I am thinking this is your masquerade rule is really weird and your destination rule is weirder still! I would have expected something like. dynamic wanip add action=ma...
by anav
Thu Mar 28, 2019 6:22 pm
Forum: General
Topic: Cloud IPs need to be blocked
Replies: 13
Views: 1490

Re: Cloud IPs need to be blocked

select gROOTs answer as solved so people know its solved.
by anav
Thu Mar 28, 2019 6:21 pm
Forum: General
Topic: Port forwarding to two pcs for RDP
Replies: 12
Views: 1515

Re: Port forwarding to two pcs for RDP

If that is the case the proper setup is......
NAT rule
add action=dstnat chain=dst-nat protocol=tcp dst-port=xyxyxyx in-interface=eth1-wan to-address=lanServerIP1 to-ports=3389
add action=dstnat chain=dst-nat protocol=tcp dst-port=ztztzt in-interface=eth1-wan to-address=lanServerIP2 to-ports=3389
by anav
Thu Mar 28, 2019 6:17 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Hi Sob, Follow, but here is my issue (mental block). If we are going to mangle output chain with route marks based on connection marks that were applied way back at the entrance of originating traffic coming in on wans x, y, z.) then why the heck are we route marking those packets earlier after they...
by anav
Thu Mar 28, 2019 12:50 am
Forum: General
Topic: EOIP when Behind another Router - A No Go?
Replies: 6
Views: 607

Re: EOIP when Behind another Router - A No Go?

Haha, I love your criteria, but its all wrong for me. Couldnt care less about what layer I am dealing with, layers are for onions! What stokes my goat is how easy it is to setup. I have watched setting up of an EOIP tunnel, no offense but even I can't screw that up (mt gods are snickering namely sob...
by anav
Thu Mar 28, 2019 12:45 am
Forum: Beginner Basics
Topic: Question about recent VLAN post "VLAN your network"
Replies: 5
Views: 451

Re: Question about recent VLAN post "VLAN your network"

Funny! My brother, who works on networks at a small carrier, told me the same thing last night. :)

By the way, my Mikrotik stuff was a Christmas gift from him. Something to keep me occupied.... it's certainly done that!
So, there is a family plot at foot to drive you stark raving mad! ;-=)
by anav
Wed Mar 27, 2019 11:26 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

hahah, you know what I got out of your explanation right............. well slightly more than that LOL. I got the fact that the output chain mangle rules are strictly for traffic that went to the router and now has to leave the router but has to go out the right wanx and thus we mark route this traf...
by anav
Wed Mar 27, 2019 11:22 pm
Forum: Beginner Basics
Topic: Question about recent VLAN post "VLAN your network"
Replies: 5
Views: 451

Re: Question about recent VLAN post "VLAN your network"

Thanks very much for clarifying this for me. Probably because I'm new to all this, I did not quite get that understanding out of the VLAN post. I appreciate your thorough replay. Hopefully, in the coming days I'll take a stab at implementing this. Worst case, I've become very familiar with the rese...
by anav
Wed Mar 27, 2019 10:17 pm
Forum: General
Topic: IKEv2 - Road Warrior (NAT Workaround)
Replies: 50
Views: 7723

Re: IKEv2 - Road Warrior (NAT Workaround)

That's what I thought, so IP cloud can handle both local and remote dynamic IP situations for EOIP tunnels correct?
by anav
Wed Mar 27, 2019 10:10 pm
Forum: General
Topic: PVID question!
Replies: 3
Views: 1042

Re: PVID question!

No worries, Zock and I do encourage you to read the link reference several times to fully understand it. (draw your own network diagrams and config and compare how you do for example). The best thing to do about the bridge is leave it at default settings pvid=1 is the default. We are not going to us...
by anav
Wed Mar 27, 2019 9:42 pm
Forum: General
Topic: IKEv2 - Road Warrior (NAT Workaround)
Replies: 50
Views: 7723

Re: IKEv2 - Road Warrior (NAT Workaround)

@gotsprings, does IP cloud address of home router get updated automatically if the IP changes or does one need a script for that?/ @sindy remind me to call you when I try ipsec related setups. I managed to get ikev2 working on my iphone....... pretty pleased with that. IP Cloud updates every 60 sec...
by anav
Wed Mar 27, 2019 9:33 pm
Forum: General
Topic: Firewall rules: dst-limit invert
Replies: 10
Views: 700

Re: Firewall rules: dst-limit invert

Okay so you are limiting how many sessions a person can have open on your site? For example an FTP server, to limit of 3 would not allow someone to download more than 3 files at any one time? The rate of connections is a harder one to pin down. Hmmm, can you think of an example???
by anav
Wed Mar 27, 2019 9:29 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

So the conclusion I can make is that. Marking the server responses with mark routes is not enough! All traffic with mangled anything needs to be identified on the way out the door with the same mark route markings. For some unknown reason the IP Route instructions from the admin are not enough??? Si...
by anav
Wed Mar 27, 2019 9:22 pm
Forum: Beginner Basics
Topic: Question about recent VLAN post "VLAN your network"
Replies: 5
Views: 451

Re: Question about recent VLAN post "VLAN your network"

I think your missing the point. Untagged traffic is not for the purpose of subnetting a specific LAN. It is a functionality to enable the admin to indicate to the router which interfaces need the tagged vlan stripped off before reaching the other end of the cable connected to the port. This is typic...
by anav
Wed Mar 27, 2019 6:34 pm
Forum: Beginner Basics
Topic: Block traffic between VLAN
Replies: 8
Views: 794

Re: Block traffic between VLAN

Clean way. /ip firewall filter {input chain} allow established related block invalid allow icmp allow admin to router allow lan requests for DNS tcp/udp drop all else {forward chain} fastrack allow established related allow established related +++++++++++++++++++++++++ drop all else. With this setup...
by anav
Wed Mar 27, 2019 5:54 pm
Forum: Wireless Networking
Topic: dual AP qick setup
Replies: 5
Views: 802

Re: dual AP qick setup

Ahh okay, I used the default setting on my capac (came with AP-WISP) selected as default. I simply added the WLANs and vWLANs I needed. I assumed a quickset setting of dualAP was also standard on some devices and would work out of the box. You don't expect me to remember every detail of every thread...
by anav
Wed Mar 27, 2019 5:50 pm
Forum: General
Topic: Cloud IPs need to be blocked
Replies: 13
Views: 1490

Re: Cloud IPs need to be blocked

Support staff are not so easily annoyed. In fact they expect and like questions which have a quick and easy answer.
Operator error! :-)
by anav
Wed Mar 27, 2019 5:49 pm
Forum: General
Topic: IKEv2 - Road Warrior (NAT Workaround)
Replies: 50
Views: 7723

Re: IKEv2 - Road Warrior (NAT Workaround)

@gotsprings, does IP cloud address of home router get updated automatically if the IP changes or does one need a script for that?/
@sindy remind me to call you when I try ipsec related setups. I managed to get ikev2 working on my iphone....... pretty pleased with that.
by anav
Wed Mar 27, 2019 5:44 pm
Forum: General
Topic: PVID question!
Replies: 3
Views: 1042

Re: PVID question!

This thread is the best resource for vlans........... https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Caveat the below is based upon my experience with ROUTER vlans on a bridge with bridge filtering (not switch based vlans). Basically bridge ports are used to identify trunk ports and access p...
by anav
Wed Mar 27, 2019 5:37 pm
Forum: General
Topic: Firewall rules: dst-limit invert
Replies: 10
Views: 700

Re: Firewall rules: dst-limit invert

Resource limiting / protection: rate, capacity, ...
too vague of an answer for me..........
What does this limiting actually do and why would I apply it to my pc, somebody elses PC, a printer, etc.................
by anav
Wed Mar 27, 2019 5:32 pm
Forum: General
Topic: Port forwarding to two pcs for RDP
Replies: 12
Views: 1515

Re: Port forwarding to two pcs for RDP

I didnt quite understand your setup? If you wist to use a non-standard RDP port and then port translate that to the standard RDP port of 3389, I have provided a sample A below. This sample also assumes that there is only one RDP server (pc) on the LAN. Example A. 1. Forward Chain Filter rule. add ac...
by anav
Wed Mar 27, 2019 5:23 pm
Forum: Beginner Basics
Topic: How to remove the static switch from this setup ?
Replies: 16
Views: 836

Re: How to remove the static switch from this setup ?

Netflix account you can share with two others and thus recoup some of the fees by asking for 2 Euros for the account LOL. 10-2-2 means only paying 6 euros for netflix vice 10. Throw in the other 6 euros from dropping the extra WANIP and thats now 12 Euros a month. I am going to make you rich!!! or v...
by anav
Wed Mar 27, 2019 5:20 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Seems like you should draw a diagram of how this works............. Pre routing, pouting, means little to me LOL. See my granular diagram below! Session A. WANTRAFFICINCOMINGWanX---------------------->ROUTER PREROUTING--------->Mangle-----> Apply WANX connection marks to session A connection--------...
by anav
Wed Mar 27, 2019 5:03 pm
Forum: Beginner Basics
Topic: How do you turn on hEX's DMZ?
Replies: 16
Views: 3230

Re: How do you turn on hEX's DMZ?

Now this is what I am talking about. Come to MT forums and learn philosophy!! The correct answer is use lights or dynamite! - too much work to drain a pond and one may starve to death in the meantime ;-) As for the OP, I think its fair to say, there is no such functionality called DMZ at least in te...
by anav
Wed Mar 27, 2019 4:49 pm
Forum: Beginner Basics
Topic: What is the version of TLS and JAVA in Mikrotik version 6.44.1 ?
Replies: 5
Views: 566

Re: What is the version of TLS and JAVA in Mikrotik version 6.44.1 ?

That is only if you use webconfig correct?
by anav
Wed Mar 27, 2019 1:31 pm
Forum: General
Topic: Providing Internet access to VLANs
Replies: 21
Views: 2267

Re: Providing Internet access to VLANs

Its very possible................. I have something similar, one MT Router RB450gx4 feeding a dlink 24port managed switch on eth2, eth3 goes to a 260GS MT managed switch, eth 4 goes to a second LAN not on the bridge. The Dlink feeds some access ports and a three trunk ports (one to a second 260GS sw...
by anav
Wed Mar 27, 2019 1:02 pm
Forum: General
Topic: Cloud IPs need to be blocked
Replies: 13
Views: 1490

Re: Cloud IPs need to be blocked

Open the door HAL..... Resistance is futile, join the MT Borg.... Obviously this one has not been cloned yet and is still fighting back.. We are pwned by the Cloud.. Wake up you have simply been dreaming, there is no traffic to the cloud, trust MT! Suggest sending a supout file to MT support and any...
by anav
Wed Mar 27, 2019 12:56 pm
Forum: General
Topic: Firewall rules: dst-limit invert
Replies: 10
Views: 700

Re: Firewall rules: dst-limit invert

What would be a typical usage for such setups?
by anav
Wed Mar 27, 2019 12:54 pm
Forum: Beginner Basics
Topic: How to remove the static switch from this setup ?
Replies: 16
Views: 836

Re: How to remove the static switch from this setup ?

I didn't knew what you meant about the savings and IP :P I got a "business" type plan with 3 dedicated IP which is max for this plan, my ISP gave me 3 pppoe accounts for that :) The accounts are set to 1000mbps down and 500mbps up so I like them, and only ~22 EUR/mo total. And for the home router I...
by anav
Wed Mar 27, 2019 12:51 pm
Forum: Beginner Basics
Topic: What is the best outdoor wireless access point
Replies: 9
Views: 1114

Re: What is the best outdoor wireless access point

Perhaps think outside the container. :-) (1) WAN or MultiWAN input to main Router (2) Router ethernet too Outdoor Multipoint Omni TX device of some sort (in close proximity LOS) to containers. (3) Each Container equipped with a receiving antenna (to ethernet cable built-in) to AP inside container w...
by anav
Wed Mar 27, 2019 12:47 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

It's not circle when you go only one way. So far you covered only first incoming packet, which got the connection marked. Now what about response packet that the service on router wants to send to client? They get routed marked as per below!! and now the router can send them out the right WAN inter...
by anav
Wed Mar 27, 2019 2:19 am
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

And around we go in circles, because we have already stated that data coming into any one of the wan ports is already marked with a connection mark, whether tis destined for port 380, 666 or whatever. Traffic not ORIGINATING on the LAN side.
by anav
Wed Mar 27, 2019 1:32 am
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

I like that dst address rule accept to remove local traffic from being mangled LOL. Brilliant! As for my point, who cares about marking output chain traffic with a second set of route marks. As I stated return traffic from the server which came from the various wans to begin with got connection mark...
by anav
Wed Mar 27, 2019 12:45 am
Forum: General
Topic: 10.000 Clients on One Server
Replies: 7
Views: 702

Re: 10.000 Clients on One Server

Ten clients should not require multiple routers/switches.
by anav
Wed Mar 27, 2019 12:42 am
Forum: General
Topic: wAP vlan bridge issue
Replies: 6
Views: 547

Re: wAP vlan bridge issue

Thats fine, I have the same with my vlan 11..... Look at my rules....... I dont untag my core vlan, because all the etherports on my router that are access ports! If I had one etherport that served a PC on the core lan that that bridge port would be untagged on a bridge interface vlan rule. The only...
by anav
Wed Mar 27, 2019 12:35 am
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Thanks Sob, my point was that if the return traffic from the servers (which is already connection marked, and now is route marked) then how the heck will this traffic when routed according to the route mark applied by our rule go out the wrong WAN? (in other words why mark route outgoing packets whe...
by anav
Wed Mar 27, 2019 12:31 am
Forum: Beginner Basics
Topic: How to remove the static switch from this setup ?
Replies: 16
Views: 836

Re: How to remove the static switch from this setup ?

Do you get the second WANIP for free?
by anav
Wed Mar 27, 2019 12:30 am
Forum: Beginner Basics
Topic: hEX - IPsec Tunnel slow
Replies: 31
Views: 6831

Re: hEX - IPsec Tunnel slow

So the question remains, is this a software bug or a hardware limitation?
by anav
Tue Mar 26, 2019 8:54 pm
Forum: General
Topic: Memory consumption by firewall address list
Replies: 4
Views: 498

Re: Memory consumption by firewall address list

Suggest someone has already done all the work you are doing but provides protection for so much more at pennies a day and which addresses specific MT device limitations wrt storage.
Search word MOAB.
by anav
Tue Mar 26, 2019 8:51 pm
Forum: General
Topic: Mikrotik "Internet detect" problem
Replies: 18
Views: 7994

Re: Mikrotik "Internet detect" problem

But what is the goal of this function and how it is used / impacts others is not clarified. I sprayed coffee on my desk reading this kernel of truth Sebastia !!! You have just described all the functionality of MT devices, so equally poorly documented LOL. Its the outcome of the Lowest Cost Complia...
by anav
Tue Mar 26, 2019 8:42 pm
Forum: Beginner Basics
Topic: Config problem, cannot find the problem
Replies: 3
Views: 313

Re: Config problem, cannot find the problem

This does not seem right to me........... /interface bridge port add bridge=Bridge_2_IPTV interface= vlan _4_IPTV For two reasons. a. one does not put vlans as a bridge port! Bridge ports are for etheports or wlans! b. that vlan vlan-_4_IPTV is already associated with ether1 and thus is not a member...
by anav
Tue Mar 26, 2019 8:33 pm
Forum: Beginner Basics
Topic: How to remove the static switch from this setup ?
Replies: 16
Views: 836

Re: How to remove the static switch from this setup ?

Firstly, If not on a tight budget, replace the ornery netis device with a hapac2!! ( Please note I was not given free MT swag to make that endorsement ;-)
Secondly, If you are on a tight budget and are paying for extra WANIPs, my suggestion may actually save money LOL.
by anav
Tue Mar 26, 2019 7:45 pm
Forum: Beginner Basics
Topic: Public IP adress in LAN
Replies: 15
Views: 859

Re: Public IP adress in LAN

Looks good, as long as you understand why you needed the change.
by anav
Tue Mar 26, 2019 7:43 pm
Forum: Beginner Basics
Topic: How to remove the static switch from this setup ?
Replies: 16
Views: 836

Re: How to remove the static switch from this setup ?

The home router would need to go few rooms away from the MikroTik, then I plug TV and others to that router, so I that I only drag one cable from MikroTik to the other room(s); and my home network setup would be separate from the MikroTik and some servers. Edit: with so many security problems in th...
by anav
Tue Mar 26, 2019 7:36 pm
Forum: Scripting
Topic: EOIP + IPSEC Update Local IP
Replies: 2
Views: 511

Re: EOIP + IPSEC Update Local IP

Hi gotsprings, just trying to get a handle on the practical nature of the solution.
Is this for the case where ones local WANIP is dynamic vice static?

How does one use IP cloud for the remote site and why do it that way?
Can dyndns names be used for either local or remote??
by anav
Tue Mar 26, 2019 7:29 pm
Forum: Beginner Basics
Topic: Public IP adress in LAN
Replies: 15
Views: 859

Re: Public IP adress in LAN

Firstly, I didnt mention etherport1 or etherport3. Second follow the bouncing ball. You have Five (lan type) ports on your router, eth2-eth5 and WLAN1 As per your bridgeport settings they are all under the Bridge. In addition you are having the bridge act as your DHCP server for your SINGLE LAN. /ip...
by anav
Tue Mar 26, 2019 7:19 pm
Forum: Beginner Basics
Topic: Firewall rule Order
Replies: 3
Views: 548

Re: Firewall rule Order

Depends on your personal concept for firewalls. Some prefer (like me) that one for the most part only require to add rules when adding traffic flow using drop all else as last rule. In other words, everything is explicitly denied, unless specifically allowed. Some prefer (had lobotomies) to assume e...
by anav
Tue Mar 26, 2019 7:15 pm
Forum: Beginner Basics
Topic: How to remove the static switch from this setup ?
Replies: 16
Views: 836

Re: How to remove the static switch from this setup ?

My recommendation would be to ditch the switch and the home router LOL. Wild assed guess: Sounds like a case for a second bridge that ties the eth1 port on the MT and lets say eth2 as well which goes to home router. Not sure if one would need to create a vlan to glue that together (bridge is probabl...
by anav
Tue Mar 26, 2019 7:09 pm
Forum: Beginner Basics
Topic: guest networtk
Replies: 18
Views: 1221

Re: guest networtk

Bad port?
by anav
Tue Mar 26, 2019 5:39 pm
Forum: General
Topic: Mangle rule to match https initial packet [SOLVED]
Replies: 9
Views: 736

Re: Mangle rule to match https initial packet [SOLVED]

The old age conundrum. How to have folks access your servers when you dont have a list of their WANIPs (not static) and thus one cannot at a minimum have a source address list in the mix. An address list in of itself does not provide security for 'sensitive information; and that is why two factor au...
by anav
Tue Mar 26, 2019 4:17 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

No argument from me mkx. At least you admitted RoS was alien LOL. I do have to admit though there is nothing sexier than a person of the opposite (hmmmm lets say gender that attracts you) speaking your language with a foreign accent. In my case even those purporting to speak english (UK, Aussies etc...
by anav
Tue Mar 26, 2019 4:11 pm
Forum: General
Topic: Mangle rule to match https initial packet [SOLVED]
Replies: 9
Views: 736

Re: Mangle rule to match https initial packet [SOLVED]

Can you describe in use case format or words that do not discuss solutions or configuration setup. What is that you want to be able to do or to prevent regarding usage of the network? I want office users to be able to............ I want to ensure guest using our wirelss config do not..................
by anav
Tue Mar 26, 2019 4:08 pm
Forum: General
Topic: Remotely access Mikrotik router
Replies: 11
Views: 1117

Re: Remotely access Mikrotik router

Thanks for the reminder kris, I have modified my previous post.
by anav
Tue Mar 26, 2019 4:02 pm
Forum: Beginner Basics
Topic: Public IP adress in LAN
Replies: 15
Views: 859

Re: Public IP adress in LAN

One issue I see is that you have a mismatch in you primary subnet............

/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
by anav
Tue Mar 26, 2019 3:53 pm
Forum: Wireless Networking
Topic: dual AP qick setup
Replies: 5
Views: 802

Re: dual AP qick setup

The quickset config looks defaultish and nothing stands out.
I would need to see the complete config
/export hide-sensitive file=yourconfig

Also is the main router MT, if so its config as well.
You note a managed switch in between? Type?
Which are the trunk ports and what vlans do they carry?
by anav
Tue Mar 26, 2019 3:50 pm
Forum: Wireless Networking
Topic: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?
Replies: 4
Views: 490

Re: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?

From what I have read there is no auto handover capability built-in to MT wifi products capsman or not. The best advice was already provided and just be advised that 2.4Ghz APs should have their power reduced by about 4-5 dbs,otherwise they will apt to be selected by devices over 5ghz unless really ...
by anav
Tue Mar 26, 2019 3:44 pm
Forum: Wireless Networking
Topic: How to list devices around mk?
Replies: 5
Views: 664

Re: How to list devices around mk?

Hello. Through my mikrotik I need to know how many wi-fi devices are within reach of my router. Is this possible? That would be MT router model RBMagicRouter.5hld. It comes with a crystal ball attached to the top. :-) The best you can hope for is a. scans for other APs in the area or anything else ...
by anav
Tue Mar 26, 2019 3:40 pm
Forum: General
Topic: Remotely access Mikrotik router
Replies: 11
Views: 1117

Re: Remotely access Mikrotik router

PPTP good too Brain dead? The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues . Mikrotik's implementation of PPTP is secure. It's the Windows one you're mocking my mental disability with. https://www....
by anav
Tue Mar 26, 2019 3:34 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Hi Adrian, that is why I am trying to put advice in language that is digestible. The MT geeks here speak config as though its our mother tongue LOL. I have taken it upon myself, through humour, to attempt to bring them down to earth. I could have put on my signa, I would rather herd rats than big MT...
by anav
Tue Mar 26, 2019 1:40 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

In plain English, (1) All external requests (originating) are connection marked by the router, depending upon which WAN interface they come in on. (2) When traffic is exiting the router and has these marks, assign the applicable routing marks to match the same interface. This does nothing by itself ...
by anav
Tue Mar 26, 2019 2:55 am
Forum: Beginner Basics
Topic: guest networtk
Replies: 18
Views: 1221

Re: guest networtk

I thought about it somemore as I was confused as to BASE-VLAN or Management VLAN etc.... For me the BASE VLAN is my core home vlan and all my IT devices that get IPs (APs, managed switches get IPs from this vlan). If I wanted to have all my devices on a management LAN, thats perhaps when I would use...
by anav
Tue Mar 26, 2019 2:45 am
Forum: General
Topic: wAP vlan bridge issue
Replies: 6
Views: 547

Re: wAP vlan bridge issue

The only thing I didnt understand in your config was this line......... add bridge=all-vlan-bridge tagged=all-vlan-bridge untagged=\ ether1_sw2.p15,wlan2-PrivateSSID-5G,wlan1-PrivateSSID vlan-ids=10 why is ether1 untagged here?? I'm assuming of course that ether 1 is the trunk port from the router o...
by anav
Tue Mar 26, 2019 2:25 am
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Strategy to take down a country - drop hex routers, like leaflets, on the population and watch them self destruct and go stark raving mad. No bullets need be fired, no animals hurt in the process.
by anav
Tue Mar 26, 2019 2:20 am
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Dont play in quickset once you start configuring the router...........
The router creates dynamic routing rules if thats what you are seeing (normal).
by anav
Mon Mar 25, 2019 11:09 pm
Forum: Beginner Basics
Topic: guest networtk
Replies: 18
Views: 1221

Re: guest networtk

No time to give up LOL. There are several issues with the config. Overall your DNS settings are all over the map. Suggest you dont make peer DNS enabled on the client, at least for now, so disable that checkbox. Also get rid of the static IP DNS setting that is a left over from quickset. (this one /...
by anav
Mon Mar 25, 2019 9:48 pm
Forum: General
Topic: Remotely access Mikrotik router
Replies: 11
Views: 1117

Re: Remotely access Mikrotik router

You could also setup IKEv2 and access via the MT mobile App from anywhere, home, coffee shop or via cellular data.
by anav
Mon Mar 25, 2019 9:47 pm
Forum: General
Topic: Remotely access Mikrotik router
Replies: 11
Views: 1117

Re: Remotely access Mikrotik router

How does dddn and address list provide secure encrypted connections?
by anav
Mon Mar 25, 2019 9:43 pm
Forum: Beginner Basics
Topic: guest networtk
Replies: 18
Views: 1221

Re: guest networtk

If you are relying on quicket to configure your router, you are beyond help LOL.
Get back into the normal section of winbox and use the link provided.
If you wish to post your latest complete config, that would be fine.
/export hide-sensitive file=yourconfigtoday
by anav
Mon Mar 25, 2019 9:41 pm
Forum: Beginner Basics
Topic: Output, postrouting or forward?
Replies: 3
Views: 417

Re: Output, postrouting or forward?

I will quote a famous poster who recently replied on a thread........
"The right one."
by anav
Mon Mar 25, 2019 8:43 pm
Forum: General
Topic: why mikrotik donot support nat 444
Replies: 14
Views: 2095

Re: why mikrotik donot support nat 444

When everything is in QuickSet, nothing is Quick anymore and it turns into quicksand quickly!
Couldn't resist.
by anav
Mon Mar 25, 2019 8:39 pm
Forum: Beginner Basics
Topic: guest networtk
Replies: 18
Views: 1221

Re: guest networtk

Nope one does not add vlans to the bridge port settings. :-) Dont forget to read that link I gave you its all in there!! By the way you should not have connection to the internet from the VLANS unless you allow it in the forward chain. {forward chain} accept established, related ++++++++++ drop all ...
by anav
Mon Mar 25, 2019 6:35 pm
Forum: Beginner Basics
Topic: Is it recommended: Two Subnets on one Bridge?
Replies: 11
Views: 1146

Re: Is it recommended: Two Subnets on one Bridge?

Draw a diagram of what you require. Then we will able to dissect your config with more assurances. Bridgeports are not set to vlans but are set to etherports or wlans. Because bridgeports also serve to communicate ingress, pvids are used when an etherport or a WLAN is to be an access port type conne...
by anav
Mon Mar 25, 2019 2:40 pm
Forum: General
Topic: EOIP when Behind another Router - A No Go?
Replies: 6
Views: 607

Re: EOIP when Behind another Router - A No Go?

Lets walk through the process. A. setup one tunnel site1 (me) site2 (remote) B. Basic config very easy, add common tunnel ID, and secret word C. Since using secret word (I assume this is the only ipsec part of the config?), disable fastrack checkbox DONE Lets say site 1 has bridge called bridge-home...
by anav
Mon Mar 25, 2019 1:03 pm
Forum: General
Topic: SOLVED: bridged VLANs are not working anymore
Replies: 21
Views: 1212

Re: SOLVED: bridged VLANs are not working anymore

Well, if you had posted a complete config, vice snippets, it may have been solved far earlier. ;-)
Glad you found the offending config!! I can sleep better at nights! :-)
by anav
Mon Mar 25, 2019 12:50 pm
Forum: Beginner Basics
Topic: Is it recommended: Two Subnets on one Bridge?
Replies: 11
Views: 1146

Re: Is it recommended: Two Subnets on one Bridge?

Personally, I tend to use one bridge for all my vlans. There is no need to add WANS to bridges for normal setups. There are cases where it is required or possibly advantageous but my experience is limited. Traffic is directed via routing not bridges. WAN generally describes the external interface (t...
by anav
Mon Mar 25, 2019 10:14 am
Forum: General
Topic: EOIP when Behind another Router - A No Go?
Replies: 6
Views: 607

Re: EOIP when Behind another Router - A No Go?

Much thanks vernacik........
The other end is a vodafone T7320 router but dont know which firmware version yet.
Apparently STE ...15 or later can be easily changed to bridge mode which would make an MT behind it then routable, but depends on what other services the vodafone provides.
by anav
Mon Mar 25, 2019 3:47 am
Forum: General
Topic: EOIP when Behind another Router - A No Go?
Replies: 6
Views: 607

EOIP when Behind another Router - A No Go?

I want to establish an EoIP tunnel between NA and Europe. The issue is the Europe connections is behind a vodafone router/modem. I am not sure if it can be put in bridge mode or not. Further it might be providing TV and telephone and thus something an MT router probably cannot replicate. So my quest...
by anav
Mon Mar 25, 2019 2:22 am
Forum: General
Topic: SOLVED: bridged VLANs are not working anymore
Replies: 21
Views: 1212

Re: bridged VLANs are not working anymore

Try deleting the UPNP rule and see what affect that has??
Other than that, go rule by rule disabling to find out where the issue is.
by anav
Sun Mar 24, 2019 10:25 pm
Forum: General
Topic: EoIP not use for ethernet5
Replies: 4
Views: 427

Re: EoIP not use for ethernet5

I have never done EOIP but am thinking about it. I would probably create a second bridge for my EOIP tunnel and reserve one of my etherports for the EOIP tunnel. (or simply assign a different LAN subnet to the etherport). To this port one can attach a switch, an AP, NAS whatever you want to share wi...
by anav
Sun Mar 24, 2019 8:44 pm
Forum: Beginner Basics
Topic: guest networtk
Replies: 18
Views: 1221

Re: guest networtk

The dhcp-pool interface should match the IP address interface setting........ add address-pool=dhcp10 disabled=no interface= bridge_def name=dhcp10 add address-pool=dhcp20 disabled=no interface=vlan20 name=dhcp20 It should be..... add address-pool=dhcp10 disabled=no interface=vlan10 name=dhcp10 add ...
by anav
Sun Mar 24, 2019 8:16 pm
Forum: General
Topic: DNS redirect using NAT adding VLAN issue
Replies: 24
Views: 1634

Re: DNS redirect using NAT adding VLAN issue

Just remember, that I am no IT networking guru and wont have my PI device to confirm until later this week.
by anav
Sun Mar 24, 2019 7:35 pm
Forum: General
Topic: DNS redirect using NAT adding VLAN issue
Replies: 24
Views: 1634

Re: DNS redirect using NAT adding VLAN issue

Good questions.................. I see what you are doing wrt to redirect!! Except you need to use action= redirect Perhaps we can simplify those rules. add action= redirect chain=dstnat \ dst-port=53 log=yes log-prefix=redirect-gdns-udp \ protocol=udp add action= redirect chain=dstnat \ dst-port=53...
by anav
Sun Mar 24, 2019 7:00 pm
Forum: Beginner Basics
Topic: guest networtk
Replies: 18
Views: 1221

Re: guest networtk

(1) Yes, conflict in your setup. /ip address add address=192.168.1.1/24 interface= ether2 network=192.168.1.0 Should be /ip address add address=192.168.1.1/24 interface= br-vlan10 network=192.168.1.0 (2) Missing Items. - bridge interface vlan rules (the bridge ports handle ingress vlan traffic, the ...
by anav
Sun Mar 24, 2019 4:34 am
Forum: General
Topic: iOS app reporting Internet available (limited access)
Replies: 6
Views: 1446

Re: iOS app reporting Internet available (limited access)

I don't see that error on my ios APP, including on wifi in the house, or remotely over an IKEv2 VPN tunnel.
by anav
Sun Mar 24, 2019 4:33 am
Forum: General
Topic: DNS redirect using NAT adding VLAN issue
Replies: 24
Views: 1634

Re: DNS redirect using NAT adding VLAN issue

Nice diagram by the way. I am getting my pi 3+B this week so I plan on something similar All my subnets running PCs will have to go through pi for dns resolving and add blocking. For my smart devices, media devices, game devices, dont think it really matters unless someone has a compelling reason. I...
by anav
Sun Mar 24, 2019 4:30 am
Forum: General
Topic: VLAN filtering and InterVLAN-routing
Replies: 2
Views: 505

Re: VLAN filtering and InterVLAN-routing

Read this excellent reference on vlans and adjust config accordingly. Right off the bat I would not apply a subnet to the bridge itself and I would not use a vlan on the bridge either. Just leave the default pvid=1 setting for your bridge. https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Once ...
by anav
Sun Mar 24, 2019 4:26 am
Forum: General
Topic: bridge filter
Replies: 4
Views: 380

Re: bridge filter

Instead of posting different requirements on each post why dont you write a coherent set of requirements.
Functionality you would like to have out of your network, without discussion of equipment or config solutions - strictly what you need people to do (for work or pleasure LOL)
by anav
Sun Mar 24, 2019 4:24 am
Forum: General
Topic: Need help configuring firewall to connect to resources behind Hotspot Bridge
Replies: 2
Views: 345

Re: Need help configuring firewall to connect to resources behind Hotspot Bridge

I am willing to give it a go but require a diagram so I understand the topology
and config of the router
/export hide-sensitive file=yourconfig

If any of the devices having issues are behind the switch then would require switch config
by anav
Sun Mar 24, 2019 4:22 am
Forum: General
Topic: Remotely access Mikrotik router
Replies: 11
Views: 1117

Re: Remotely access Mikrotik router

PPTP good too
Brain dead?
The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues.
by anav
Sun Mar 24, 2019 4:20 am
Forum: General
Topic: wAP vlan bridge issue
Replies: 6
Views: 547

Re: wAP vlan bridge issue

Read through the appropriate examples in this excellent reference.
Then adjust your config accordingly.
If you are still having issue then post your config for review
/export hide-sensitive file=yourconfig

viewtopic.php?f=13&t=143620
by anav
Sun Mar 24, 2019 4:18 am
Forum: Beginner Basics
Topic: Managment Vlan, Port Vlan problem.
Replies: 11
Views: 1038

Re: Managment Vlan, Port Vlan problem.

Have a careful read of this excellent reference and adjust you config accordingly.
Recommend do not use vlan1 for vlan traffic.

viewtopic.php?f=13&t=143620

After your next config session based on the above repost it for review
/export hide-sensitive file=yourconfig
by anav
Sun Mar 24, 2019 4:15 am
Forum: Beginner Basics
Topic: Is it recommended: Two Subnets on one Bridge?
Replies: 11
Views: 1146

Re: Is it recommended: Two Subnets on one Bridge?

Best thing would be to have a read through this excellent reference.
Then work on your config and when you think its almost there....... post your complete config.
/export hide-sensitive file=yourconfig

viewtopic.php?f=13&t=143620
by anav
Sun Mar 24, 2019 4:13 am
Forum: Beginner Basics
Topic: Ports stay closed when i open them.
Replies: 1
Views: 264

Re: Ports stay closed when i open them.

I need to open RDP (3389) i know its unsafe but its just for testing. When i go to nat in winbox and add the following rule /ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=3389 in-interface=ether1 protocol=tcp to-addresses=192.168.88.250 to-ports=3389 then i test if the port i...
by anav
Sun Mar 24, 2019 2:34 am
Forum: General
Topic: Providing Internet access to VLANs
Replies: 21
Views: 2267

Re: Providing Internet access to VLANs

Oh its there, check under IP DNS STATIC TAB ;-)
Read the link I sent you, its accurate!
by anav
Sun Mar 24, 2019 2:33 am
Forum: General
Topic: Providing Internet access to VLANs
Replies: 21
Views: 2267

Re: Providing Internet access to VLANs

/interface bridge vlan (modify delete vlan1 rule for this one) add bridge=bridge tagged=bridge,ether2,ether3,ether4,ether5 vlan-ids=11 For ether 5, if you are going to add an AP, assuming tis mikrotik or an AP that can assign vlans then it should not get pvid and should be treated like a trunk port ...
by anav
Sun Mar 24, 2019 2:25 am
Forum: General
Topic: Providing Internet access to VLANs
Replies: 21
Views: 2267

Re: Providing Internet access to VLANs

If you need a vlan for admin or general purposes, create vlan11 and ditch vlan1 Keep vlan=id=1 as default ID for all your switches (at least on the tagged port from the router) and as your bridge vlanid setting. Since you have remote dns settings already enabled you probably can get rid of this defa...
by anav
Sun Mar 24, 2019 2:04 am
Forum: General
Topic: Providing Internet access to VLANs
Replies: 21
Views: 2267

Re: Providing Internet access to VLANs

/export hide-sensitive file=yourconfig I have my RouterOS hooked up to two one dlink 24 port, one netgear GS110 and two MT 260GS units. Tis possible to get there!!! As far as pvid=1, my experience with the assortment of switches is to keep the default pvid of ONE on all trunk ports, including the br...
by anav
Sun Mar 24, 2019 2:02 am
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

Re: IKEv2 Mobile VPN IOS [SOLVED]

I was out earlier and managed to simultaneously use two browsers to connect to a switch on one vlan, the septic panel via terminal on another and have my MT app working, plus I could also get to the WWW. So all in all, I guess satisfactory.
by anav
Sat Mar 23, 2019 9:59 pm
Forum: Beginner Basics
Topic: Vlan beginner understand
Replies: 2
Views: 419

Re: Vlan beginner understand

Read this reference, most excellent.
viewtopic.php?f=13&t=143620
by anav
Sat Mar 23, 2019 9:54 pm
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

Re: IKEv2 Mobile VPN IOS [SOLVED]

Okay it works now??, I had to move the ipsec rule to right after my fastrack accept rule. I am thinking that there is a firewall rule that is getting in the way. There is a whole bunch from axiom cyber and it would not surprize me if one of them is a stopper. Spoke to soon, it stopped working, perha...
by anav
Sat Mar 23, 2019 9:49 pm
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

Re: IKEv2 Mobile VPN IOS [SOLVED]

Concur 100%, but its not - so I am looking for some assistance in a specific rule (and logging) or sniffing, I should create to see where the issue is occurring?
by anav
Sat Mar 23, 2019 7:27 pm
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

Re: IKEv2 Mobile VPN IOS [SOLVED]

Sob there appears to be a contradiction. A. out,none - packet will not go out to tunnel (regular traffic) to me describes the use case where I want to to out to the internet via the router and source nat (regular traffic) and thus through the firewall rules of the router etc......... IPHONE---------...
by anav
Sat Mar 23, 2019 4:03 pm
Forum: Beginner Basics
Topic: What is the best outdoor wireless access point
Replies: 9
Views: 1114

Re: What is the best outdoor wireless access point

Perhaps think outside the container. :-) (1) WAN or MultiWAN input to main Router (2) Router ethernet too Outdoor Multipoint Omni TX device of some sort (in close proximity LOS) to containers. (3) Each Container equipped with a receiving antenna (to ethernet cable built-in) to AP inside container wi...
by anav
Sat Mar 23, 2019 3:39 pm
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

Re: IKEv2 Mobile VPN IOS [SOLVED]

Roger, so the matching ipsec-policy=ipsec should be inter preted as, matching any traffic that required encryption, which addresses my traffic from the iphone. (I initially read the exceedingly sparse document setting explanation to mean since the traffic was already decrypted it no longer needed en...
by anav
Sat Mar 23, 2019 4:58 am
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

Re: IKEv2 Mobile VPN IOS [SOLVED]

Hmmm, makes me think my previous rules were wise to have disabled. The one rule I need not worry about is the incoming encryted traffic from the iphone over the internet. add action=accept chain=input comment="VPN To Router" \ connection-state=new disabled=no protocol=udp \ dst-ports=500,4500 in-int...
by anav
Sat Mar 23, 2019 1:07 am
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

Re: IKEv2 Mobile VPN IOS [SOLVED]

How do I keep or ALLOW my 'fake' vpn subnet access to the router (for my MT App) and to my LANs, but exclude external addresses of the same ilk. Right now I would have to assume that anybody would be able to access my router or my LANS if they approach my WANIP with a source address the same as my f...
by anav
Fri Mar 22, 2019 11:05 pm
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

Re: IKEv2 Mobile VPN IOS [SOLVED]

Success, now have internet through VPN tunnel from iphone cell data to router and out firewall Success, now have access to LAN components such as my 260GS switches Success, now have access to router via WINBOX. Why is what I need to know. Why I had to put the input chain rule and the forward chain r...
by anav
Fri Mar 22, 2019 3:45 pm
Forum: Beginner Basics
Topic: Port forward on port 8080
Replies: 14
Views: 1081

Re: Port forward on port 8080

I don't know where all those things came from, and I have nothing against your configs. I'm just saying that I'm reading a lot of your posts and some of your advices are more trial & error suggestions than they could be, if you read the manual first. :) The alternative is post nothing. I learn by t...
by anav
Fri Mar 22, 2019 3:27 pm
Forum: Beginner Basics
Topic: Connecting SSTP Client and SSTP Server on MT
Replies: 6
Views: 614

Re: Connecting SSTP Client and SSTP Server on MT

Your best bet is to find an existing similar thread here on the forums or go look for the closest type of VPN youtube video that is recent enough. I am illiterate and thus find the wiki to be a mangled mess of instructions, that I would use as a weapon to confuse my enemies in wartime, or if in prin...
by anav
Fri Mar 22, 2019 3:21 pm
Forum: Beginner Basics
Topic: Port forward on port 8080
Replies: 14
Views: 1081

Re: Port forward on port 8080

You have a point, lets get rid of nationalism, religion (and my configs) and share our cultures through food and alcohol. This is the path towards one peoples, peace and fullfilment!!
by anav
Fri Mar 22, 2019 3:12 pm
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

Re: IKEv2 Mobile VPN IOS [SOLVED]

Thanks So far so good. I entered in the input chain rule and BINGO, connection was established very quickly and held for a while..... I entered in my forward chain rule add chain=forward action=accept source address=192.168.44.0/24 out-interface=home-lan-vlan11 I then went to my safari browser BUT w...
by anav
Fri Mar 22, 2019 2:54 pm
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

Re: IKEv2 Mobile VPN IOS [SOLVED]

Thank you emils, you are a scholar and a gentleman and there are damned few of us left. :-)
I am assuming you mean input from the WAN interface vice the LAN interface??
by anav
Fri Mar 22, 2019 2:49 pm
Forum: Beginner Basics
Topic: Port forward on port 8080
Replies: 14
Views: 1081

Re: Port forward on port 8080

Anyone have an idea to how make de mkt dont think that port 8080 is for proxy?? That's not it. There's no special treatment for proxy. Even if it was enabled, dstnat rule would override it. Enable logging for the rule and see if there are matching packets. If not, it could be ISP doing some filteri...
by anav
Fri Mar 22, 2019 2:41 pm
Forum: General
Topic: IKEv2 Mobile VPN IOS [SOLVED]
Replies: 20
Views: 2689

IKEv2 Mobile VPN IOS [SOLVED]

Tis true, I am attempting to setup up IKEv2, to primarily use the MT App and to further of course my knowledge of configuring RouterOS. I have managed to create the necessary certificates on the MT and transfer them to my Iphone (thanks to python). I believe I have configured the IPSEC portion succe...
by anav
Fri Mar 22, 2019 1:35 pm
Forum: Beginner Basics
Topic: Port forward on port 8080
Replies: 14
Views: 1081

Re: Port forward on port 8080

You need to include the in-interface=eth1-wan in your destination nat rule.
by anav
Fri Mar 22, 2019 2:38 am
Forum: General
Topic: Attempt of attacks through Remote Desktop [SOLVED]
Replies: 6
Views: 878

Re: Attempt of attacks through Remote Desktop [SOLVED]

First ensure you have the latest updates to Win 7 or Win 10. Don't use older Operating Systems. Microsoft dropped the ball 3 times already where a hacker could send a specially crafted packet that would contain a command that would be executed under the System user. So without logging in, a hacker ...
by anav
Fri Mar 22, 2019 1:53 am
Forum: General
Topic: 2 Ethernet ports not working on HAP AC2 [SOLVED]
Replies: 9
Views: 1108

Re: 2 Ethernet ports not working on HAP AC2 [SOLVED]

1 - One bridge, call it home-bridge 2 - Four VLANs, Vlan2-home, Vlan3-Guest, Vlan4-VM, Vlan10-iot with interface being the bridge 3 - Router config Trunk Port ether1 (all vlans tagged) 4 - Switch config Trunk Port ether1 from router (tagged with all VLANs), Trunk port ether2 to WAP(tagged with VLANs...
by anav
Fri Mar 22, 2019 1:39 am
Forum: General
Topic: 2 Ethernet ports not working on HAP AC2 [SOLVED]
Replies: 9
Views: 1108

Re: 2 Ethernet ports not working on HAP AC2 [SOLVED]

No worries, I am you, just sitting in a different chair in a different country LOL. This article should be considered the bible with good examples. https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Okay a couple of things from your diagram. Dont use VLAN1 lets make it vlan10 Why is your VM vlan...
by anav
Fri Mar 22, 2019 1:29 am
Forum: General
Topic: Attempt of attacks through Remote Desktop [SOLVED]
Replies: 6
Views: 878

Re: Attempt of attacks through Remote Desktop [SOLVED]

As indicated one thing that one can do is only allowed known source WANIPs that want to connect on that port. If you are connecting from a fixed place with a static IP that may be possible. The other thing you can do is do port translation. In the example below you set the RDP port to 38910 on the c...
by anav
Fri Mar 22, 2019 1:18 am
Forum: Beginner Basics
Topic: Can't connect to web interface internal
Replies: 10
Views: 1103

Re: Can't connect to web interface internal

More than likely your Qs will be answered if adhering to Sebastia's suggestion

/export hide-sensitive file=yourconfigmar21
by anav
Thu Mar 21, 2019 7:37 pm
Forum: Beginner Basics
Topic: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]
Replies: 9
Views: 920

Re: The Problem of InterVLAN Construction of RB1100AHx4 and CRS317-1G-16S+ [SOLVED]

Hi Lee, No worries, as long as you dont have any small cameras spying on me (kpop). :-) What you are asking to do is very possible!! Thanks for the very nice diagram! The best reference i can provide is this link, it has very good examples for what you need. https://forum.mikrotik.com/viewtopic.php?...
by anav
Thu Mar 21, 2019 7:30 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Too intense LOL. I disagree and perhaps we should have a mud wrestling contest to settle this.
I suppose you are one of those folks that stifles a sneeze and hates orgasms too. ;-P
by anav
Thu Mar 21, 2019 6:10 pm
Forum: Beginner Basics
Topic: [RB4011] can't connect to Ethernet, no Wifi
Replies: 3
Views: 616

Re: [RB4011] can't connect to Ethernet, no Wifi

Assuming you bought this new correct? The router works out of the box with default settings. Ether1 connect to wan and Ether2-5 for example are bridged to a LAN 192.168.88.1 In other words you can first connect your PC to ether2 and you can then use winbox to access the router. For resetting, basica...
by anav
Thu Mar 21, 2019 6:00 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

Oh anav, only now I realize how boringly technical forum we had here before you showed up. ;) Say what? This is a technical forum? I came hear to meet people and make friends so that I would have a place to stay when I travel!! Speaking of which, how many spare beds do you have at your place. You a...
by anav
Thu Mar 21, 2019 5:56 pm
Forum: General
Topic: Feature Request: Separate the firmware(bootloader) and routeros version number
Replies: 8
Views: 767

Re: Feature Request: Separate the firmware(bootloader) and routeros version number

or I really need to update the bootloader everytime? /set sarcasm=on ... If you don't update Routerboot every time, @ Normis will pay you a visit (and you don't want that, believe me ) . est, you don't need to upgrade Routerboot every time, specially so for devices that are more than a year or two ...
by anav
Thu Mar 21, 2019 5:51 pm
Forum: General
Topic: Static DNS for Local network
Replies: 18
Views: 1477

Re: Static DNS for Local network

I would put a solved box around your last post and move on. :-)
by anav
Thu Mar 21, 2019 5:48 pm
Forum: General
Topic: New router for home
Replies: 10
Views: 666

Re: New router for home

that is what I was thinking the RB4011 is a beast. However I am not experienced enough to state if its overkill or not. I also dont know the best MT solution for one wifi device and 40 wifi connected devices ( I suspect most will say get a second device to spread the load). Depends on if any of the ...
by anav
Thu Mar 21, 2019 5:17 pm
Forum: General
Topic: SOLVED: bridged VLANs are not working anymore
Replies: 21
Views: 1212

Re: bridged VLANs are not working anymore

Hi Good Sir, I will have a look at your rules FW rules as the vlan config seems pretty solid. Nothing major found yet..... (1) Dont see why you need this rule??? add action=accept chain=input comment="Allow LAN NTP queries" dst-port=123 \ in-interface-list=LAN protocol=udp I have NTP setup up as per...
by anav
Thu Mar 21, 2019 5:05 pm
Forum: General
Topic: New router for home
Replies: 10
Views: 666

Re: New router for home

Hi Marine, I have the wired RB450Gx4 in my home running many vlans and two capACs. Typically I have vlans to separate smart devices media boxes NAS gaming console video etc, not all require wifi though. For WLANS each capac has two chains so typically I use the 2.4ghz chain for smart devices (on vla...
by anav
Thu Mar 21, 2019 4:40 pm
Forum: General
Topic: SOLVED: bridged VLANs are not working anymore
Replies: 21
Views: 1212

Re: bridged VLANs are not working anymore

Mkx, I specifically made heavy usage of bold and colour just for you to see what changes I had recommended. Glad that you agreed with me, or should I humbly say, the master confirmed the novices advice LOL. Spartacus..................... you must have failed the most important commandment. :-( THOU ...
by anav
Thu Mar 21, 2019 4:36 pm
Forum: General
Topic: New router for home
Replies: 10
Views: 666

Re: New router for home

My propouse is to extend with ap in future maybe ubiquiti or mikrotik wireless app when i have a bigger house but for now i want it to work ike router for now and have like 40 wifi devices connected to him ! what should i choose? Did you say 40. Yikes, hmm the RB4011 with wifi is starting to look g...
by anav
Thu Mar 21, 2019 4:34 pm
Forum: General
Topic: Static DNS for Local network
Replies: 18
Views: 1477

Re: Static DNS for Local network

The mad musings of a Mikrotik user obsessed with the minutia in life (should I use in-interface or destination address - I know I will flip a coin 200 times and take the PCC average based on.......) "Yeah John, I am perfecting this forum technique I call (Bait and Run) .... I find the craziest whack...
by anav
Thu Mar 21, 2019 4:24 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

First, sorry, I was too quick and didn't study your config in detail.
......
Premature you say!............Ahh your such a softy.......
by anav
Thu Mar 21, 2019 4:06 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 50637

Re: Statement on Vault 7 document release

So its unanimous use unimus? ;-)
by anav
Thu Mar 21, 2019 2:20 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

WTF.........ahhhh sorry Sob, my bad. I have hole in my pocket and the peanuts I stuffed in there must have left a trail for MKX to find.................. ;-P
by anav
Thu Mar 21, 2019 2:14 pm
Forum: Wireless Networking
Topic: Ethernet bridge and wireless repeater at the same time
Replies: 4
Views: 373

Re: Ethernet bridge and wireless repeater at the same time

Why cannot you simply drill a hole through a closet floor and run wire.
by anav
Thu Mar 21, 2019 2:10 pm
Forum: General
Topic: Need Some Help with Firewall
Replies: 3
Views: 432

Re: Need Some Help with Firewall

You dont need a firewall, you just need an open door for anyone to hack errrr use your services.
by anav
Thu Mar 21, 2019 2:09 pm
Forum: General
Topic: New router for home
Replies: 10
Views: 666

Re: New router for home

I have a wizard router myself. The question I have is what are your requirements. I am not as quick as mkx, so it was not clear to me you were asking about wifi, or vpn tunnels etc........... If it is about wifi, then how many clients at the same time, what type of wifi do they use, size of area cov...
by anav
Thu Mar 21, 2019 2:03 pm
Forum: General
Topic: SOLVED: bridged VLANs are not working anymore
Replies: 21
Views: 1212

Re: bridged VLANs are not working anymore

Hi Spartacus, You dont have to change your admin vlan if its going to cause other issues with other equipment. In your case it may be just smarter to let it work as is. I went through the pain of this with dlink managed switch 24 port GS110 netgear managed switch TWO 260GS MT low frill managed switc...
by anav
Thu Mar 21, 2019 1:53 pm
Forum: Beginner Basics
Topic: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]
Replies: 63
Views: 3741

Re: Port is open when I scan from the internet, but I cannot access it from local network [SOLVED]

// I have a separate topic but I get new issues and questions along the way and it gets confusing and unproductive, I think is best to ask / solve one by one With the attached setup, what I am trying to do is have 3 pppoe connections from my ISP, both are made trough their same ethernet cable inset...
by anav
Thu Mar 21, 2019 6:09 am
Forum: General
Topic: HAP AC2 crashy piece of crap
Replies: 3
Views: 458

Re: HAP AC2 crashy piece of crap

You go girl, nasty pony! (of course I mean that in a non-binary way ;-) )
by anav
Thu Mar 21, 2019 4:43 am
Forum: Scripting
Topic: ISP failover script
Replies: 4
Views: 1439

Re: ISP failover script

I have a potentially unique scenario in that I have to manually put in my Bell Fibre Op gateway information. In other words lets say Bell is my primary and I have a secondary Cable connection (that works easy peasy just plug and connect). The Bell on the hand is a pita, runs on vlanxx from the provi...
by anav
Thu Mar 21, 2019 4:34 am
Forum: General
Topic: HAP AC2 crashy piece of crap
Replies: 3
Views: 458

Re: HAP AC2 crashy piece of crap

How do you really feel?
Operator error?
by anav
Thu Mar 21, 2019 4:25 am
Forum: General
Topic: SOLVED: bridged VLANs are not working anymore
Replies: 21
Views: 1212

Re: bridged VLANs are not working anymore

My first comment would be to NOT use vlan=1 if possible. :-) Create vlan11 for admin vlan. Bridges would still retain their default pvid setting of 1, but the key here is not to assign a dhcp subnet to the bridge!! (instead set to vlan11)! By the way that is a quick change (ip address to vlan11 int...
by anav
Thu Mar 21, 2019 4:05 am
Forum: General
Topic: Static DNS for Local network
Replies: 18
Views: 1477

Re: Static DNS for Local network

@sob, hahaha where did you ever get the impression I use static DNS settings, such a cwazee idea LOL. I lowwwwthhheee (loathe) static DNS, gives me the heebeejeebies, the unmitigated gall to suggest I use them.......... xcuse me while I wipe my eyes for having read it!!
by anav
Thu Mar 21, 2019 4:02 am
Forum: General
Topic: 2 Ethernet ports not working on HAP AC2 [SOLVED]
Replies: 9
Views: 1108

Re: 2 Ethernet ports not working on HAP AC2 [SOLVED]

Had a brief look at your config. Potential issues: 1. You have assigned two subnets to the same bridge, this is not good LOL /ip address add address= 192.168.88.1/24 comment=defconf interface =bridge network=\ 192.168.88.0 add address= 192.168.9.1/24 comment=defconf interface =bridge network=\ 192.1...
by anav
Thu Mar 21, 2019 2:51 am
Forum: Beginner Basics
Topic: Mikrotik RB2011 in "Router" Mode
Replies: 12
Views: 1185

Re: Mikrotik RB2011 in "Router" Mode

It may be useful to post your SXT config then, but only if you are having issues down the line.
by anav
Wed Mar 20, 2019 10:03 pm
Forum: General
Topic: 2 Ethernet ports not working on HAP AC2 [SOLVED]
Replies: 9
Views: 1108

Re: 2 Ethernet ports not working on HAP AC2 [SOLVED]

Suggest you clean up the config and use only one bridge. Much less confusing. Yeah its really easy to walk away and resort to simplistic solutions, isn't it. I have this configuration working perfectly on the HAP AC, so I know that this works. Plus this is what I need to have segmentation in my net...
by anav
Wed Mar 20, 2019 10:00 pm
Forum: General
Topic: Static DNS for Local network
Replies: 18
Views: 1477

Re: Static DNS for Local network

No, it's very logical. They are different servers. If you give some info to one and then tell clients to ask another for that info, it simply doesn't have it and can't give the answer you want. Is there a reason why you put different dns server in "/ip dhcp-server network" instead of router's addre...
by anav
Wed Mar 20, 2019 9:35 pm
Forum: General
Topic: SOLVED: bridged VLANs are not working anymore
Replies: 21
Views: 1212

Re: bridged VLANs are not working anymore

Spartacus my dear friend. Still in the VLAN battle I see. :-)
Well rest your shield and sword for a bit and post your latest config.
/export hide-sensitive file=yourconfigmar20.

I will take up the cause and defend the ramparts while you take a break!
by anav
Wed Mar 20, 2019 9:32 pm
Forum: Beginner Basics
Topic: Mikrotik RB2011 in "Router" Mode
Replies: 12
Views: 1185

Re: Mikrotik RB2011 in "Router" Mode

Sorry Gerry, I have no experience with SXT so didnt realize you were conversant so to speak. I gather you are getting internet then from wifi and your router is an ALL IN ONE unit distributing wired and wifi interent to your home/office. You probably know more than I, so I am probably of no much fur...
by anav
Wed Mar 20, 2019 8:27 pm
Forum: General
Topic: Static DNS for Local network
Replies: 18
Views: 1477

Re: Static DNS for Local network

Hmmm not sure what you are getting at?? I use IP servers on the internet and allow remote requests. If there are any subnets I have (vlans etc) that I wish to have specific DNS servers I simply replace the dhcp-network-setting from network ............... gateway ............. dns server From 192.68...
by anav
Wed Mar 20, 2019 8:22 pm
Forum: Beginner Basics
Topic: Mikrotik RB2011 in "Router" Mode
Replies: 12
Views: 1185

Re: Mikrotik RB2011 in "Router" Mode

Mikrotik is not a consumer oriented plugNplay router. It does come with a default setup that is secure and is up and running right away. Plug your WAN cable into ether1 and your LAN into 2,3,4,5 etc and you are up and running on 192.168.88.1 network. That is the quickset format and simply works! The...
by anav
Wed Mar 20, 2019 7:42 pm
Forum: Beginner Basics
Topic: Mikrotik RB2011 in "Router" Mode
Replies: 12
Views: 1185

Re: Mikrotik RB2011 in "Router" Mode

I dont see why not.
The only queston I have is why choose any particular model for the router, (what are your requirements))
by anav
Wed Mar 20, 2019 7:39 pm
Forum: General
Topic: how to block teamviewer?
Replies: 12
Views: 10931

Re: how to block teamviewer?

Why would you want to block it? hi roger due of company policy :) thanks guys your prompt response gonna try this if this TV wont pass through via 443. thanks COMPANY POLICY Accessing TeamViewer First Time - Warning Accessing TeamViewer Second Time - Second Warning and Counselling Accessing TeamVie...
by anav
Wed Mar 20, 2019 5:49 pm
Forum: Virtualization
Topic: DNAT does not translated returned traffic
Replies: 2
Views: 700

Re: DNAT does not translated returned traffic

/ip firewall nat add action=src-nat chain=srcnat comment="xxxxxxxxxxx" out-interface=ether1 src-address=10.60.7.0/24 to-addresses=xxx.xxx.xxx.xxx add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx dst-port=64000 in-interface=ether1 protocol=tcp to-addresses=10.60.7.20 to-ports=22 The standa...
by anav
Wed Mar 20, 2019 5:28 pm
Forum: Scripting
Topic: Block client internet access, but allow local access.
Replies: 8
Views: 25826

Re: Block client internet access, but allow local access.

Well if you want the full proof solution... a. put IP on its own vlan or bridge or separate ethernet subnet.(disables any connectivity at layer 2) b. allow vlan/bridge/ethernet subnet to and fro home subnet (use firewall to allow connectivity at Layer 3 but only internally) c. DONE. c. assumes drop ...
by anav
Wed Mar 20, 2019 5:21 pm
Forum: Beginner Basics
Topic: RB3011UiAS-RM Speeds
Replies: 5
Views: 511

Re: RB3011UiAS-RM Speeds

/export hide-sensitive file=yourconfigmar20
by anav
Wed Mar 20, 2019 5:17 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 432
Views: 158816

Re: Tik App, MikroTik android utility ALPHA test

My post has nothing to do with getting the APP. It has everything to do with making sure the APP is up to date and informing MT users which is the latest app version. Have you used a smartphone before? The mechanism is identical to any other app on your phone. Make sure Google Play or AppStore (dep...
by anav
Wed Mar 20, 2019 3:57 pm
Forum: General
Topic: Question about routerboard
Replies: 2
Views: 363

Re: Question about routerboard

In broad terms, MTT devices are authorized for use in both the US and Canada and thus must meet certain criteria for adherence to safety standards. Many folks here use MT products running their own businesses and also working as the IT manager in larger businesses. In other words, if the equipment w...
by anav
Wed Mar 20, 2019 1:08 pm
Forum: Beginner Basics
Topic: Extending home network with additional mikrotik APs.
Replies: 6
Views: 880

Re: Extending home network with additional mikrotik APs.

The dlink will be separate devices and you will have no control over them, via capsman. If you are asking will they be able to receive an industry standard wifi signal.......... well thats up to dlink.
by anav
Wed Mar 20, 2019 10:25 am
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 432
Views: 158816

Re: Tik App, MikroTik android utility ALPHA test

My post has nothing to do with getting the APP. It has everything to do with making sure the APP is up to date and informing MT users which is the latest app version. Have you used a smartphone before? The mechanism is identical to any other app on your phone. Make sure Google Play or AppStore (dep...
by anav
Tue Mar 19, 2019 9:14 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 975

Re: Need help routing public subnet IP to internal server

Doesn't like it:

/ip address> add address=1.1.1.1/32 network=2.2.2.1/32 interface=ether9
invalid 'sob" value for 'sniffle" argument network 'cries softly'[/b]
Fixed for dramatic and ironic affect! ;-)
by anav
Tue Mar 19, 2019 7:23 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 432
Views: 158816

Re: Tik App, MikroTik android utility ALPHA test

I AM NOT DEAF I ONLY CAN'T READ.
Ahh, that explains it. I wasn't using deaf in the literal sense but in the context of not paying attention. Although I don't know why I am explaining this in text as you cannot read.
Perhaps I should yell very loudly into the air and you may hear me. ;-)
by anav
Tue Mar 19, 2019 6:56 pm
Forum: General
Topic: Join two houses to one LAN (VPN?) [SOLVED]
Replies: 3
Views: 550

Re: Join two houses to one LAN (VPN?) [SOLVED]

Concur, thought about doing this with my brother who lives in Europe. (EOIP tunnel) Use dedicated ports if necessary at either end for the network (for example if its for access to an NAS for example) or to physically control what is accessible. The idea being that he has a EOIP port live at his hou...
by anav
Tue Mar 19, 2019 6:52 pm
Forum: General
Topic: Block port tcp/udp
Replies: 12
Views: 1368

Re: Block port tcp/udp

@AminYounessi,
Disable all services on service ports, the error remains.

@All
Let's upgrade MK to the latest release stable and tester.
Netinstall to latest release is the prudent thing to do.
by anav
Tue Mar 19, 2019 6:50 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 975

Re: Need help routing public subnet IP to internal server

I believe the answers you seek are to be found here........
viewtopic.php?t=138896
by anav
Tue Mar 19, 2019 6:38 pm
Forum: Virtualization
Topic: CHR does not transmit frames with VLAN tags from bridge
Replies: 4
Views: 1506

Re: CHR does not transmit frames with VLAN tags from bridge

Not to worry its a virtual bug, not real! ;-)

Any configuration with routerOS and vlans that I have worked with has bridge vlan-filtering=yes???
by anav
Tue Mar 19, 2019 6:32 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 432
Views: 158816

Re: Tik App, MikroTik android utility ALPHA test

https://mikrotik.com/mobile_app then you reach https://play.google.com/store/apps/details?id=com.mikrotik.android.tikapp or https://itunes.apple.com/app/id1323064830 ARE YOU DEAF?? My post has nothing to do with getting the APP. It has everything to do with making sure the APP is up to date and inf...
by anav
Tue Mar 19, 2019 3:55 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 50637

Re: Statement on Vault 7 document release

upgrade ≠ reset configuration On upgrade system files are replaced with new ones. You are using the wrong symbol to explain to IT people, should use " != " instead, then they will better understand :-) Funniest post I have seen in awhile. Thanks for the levity. If there are any more questions on th...
by anav
Tue Mar 19, 2019 3:46 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 432
Views: 158816

Re: Tik App, MikroTik android utility ALPHA test

Where can we find the latest version of the app, or more accurately how do we know if we have the latest version of the app installed. Perhaps on your MT download page you can have an information entry? Perhaps another blue square next to WINBOX - THEDUDE - NETINSTALL - MT APP - The pull down for th...
by anav
Tue Mar 19, 2019 2:03 pm
Forum: Beginner Basics
Topic: Portfowarding not working correctly [SOLVED]
Replies: 7
Views: 870

Re: Portfowarding not working correctly [SOLVED]

There may be an easier solution, courtesy of sob..... (removes complexity of hairpin nat) If you simply want to check that your server is working etc etc. Just dont try to access the server (via the wanip) from the same subnet on the router. For example if the server is in 192.168.10.0 network then ...
by anav
Tue Mar 19, 2019 1:48 pm
Forum: General
Topic: Vlan Subnets with dhcp and statics, config? [SOLVED]
Replies: 2
Views: 333

Re: Vlan Subnets with dhcp and statics, config? [SOLVED]

Read this excellent reference with examples.
viewtopic.php?f=13&t=143620
by anav
Tue Mar 19, 2019 2:10 am
Forum: Wireless Networking
Topic: Problem with Mikrotik Wireless and Dlink IPCam
Replies: 3
Views: 511

Re: Problem with Mikrotik Wireless and Dlink IPCam

post config
/export hide-sensitive file=yourconfigmarch
by anav
Tue Mar 19, 2019 2:09 am
Forum: Wireless Networking
Topic: wAP 60G tagged to untagged vlan? [SOLVED]
Replies: 2
Views: 469

Re: wAP 60G tagged to untagged vlan? [SOLVED]

Ingress filtering is set on the bridge port as well as setting pvid...........
Vlan filtering is set on the bridge.

Suggest have a read through this excellent reference......
viewtopic.php?f=13&t=143620
by anav
Tue Mar 19, 2019 2:06 am
Forum: Beginner Basics
Topic: Hardware Purchase Advice for VLAN support
Replies: 6
Views: 416

Re: Hardware Purchase Advice for VLAN support

I would not put four APs in four adjacent rooms.
Depending upon walls and construction one may suffice but without knowing the layout its hard to say.
by anav
Tue Mar 19, 2019 1:08 am
Forum: Beginner Basics
Topic: Port forwarding doesn't work [SOLVED]
Replies: 18
Views: 1078

Re: Port forwarding doesn't work [SOLVED]

Why do people put up with getting non public IP addresses from providers, its crazy???
by anav
Mon Mar 18, 2019 10:06 pm
Forum: General
Topic: Block port tcp/udp
Replies: 12
Views: 1368

Re: Block port tcp/udp

I agree egads, I am remiss for not noticing this fact - # feb/18/2019 15:07:29 by RouterOS 6.32.3 As per the previous poster, do not try to rejig the configuration, complete the netinstall process. Download from the MT website the latest firmware, use that for the netinstall process and then configu...
by anav
Mon Mar 18, 2019 10:02 pm
Forum: Beginner Basics
Topic: Port forwarding doesn't work [SOLVED]
Replies: 18
Views: 1078

Re: Port forwarding doesn't work [SOLVED]

These I would remove from the interface list members........ The bridge being part of the LAN covers all the components under the bridge so to speak. add interface=wlan1 list=discover add interface=ether2-master list=discover add interface=ether3 list=discover add interface=bridge_local list=discove...
by anav
Mon Mar 18, 2019 9:14 pm
Forum: Wireless Networking
Topic: My WLAN guest don't get local DHCP IP's
Replies: 3
Views: 706

Re: My WLAN guest don't get local DHCP IP's

Nice router! I dont understand why you have DHCP from a device on your LAN. The router can handle that just fine. Non-standard things (okay non-standard for home use) freak me out because I dont have any IT training LOL. So this is what I call the blind leading the blind. No you are probably brillia...
by anav
Mon Mar 18, 2019 8:46 pm
Forum: General
Topic: Raspberry PI Zero and RouterOS, usb interface, lte
Replies: 8
Views: 3364

Re: Raspberry PI Zero and RouterOS, usb interface, lte

I am thinking of getting a Pi 3 B+. It has an ethernet port, can I simply connect ether4 directly to the pi-device for example or is the preferred method via USB?
I thought the USB was to attach a keyboard or something?
by anav
Mon Mar 18, 2019 8:43 pm
Forum: General
Topic: Block port tcp/udp
Replies: 12
Views: 1368

Re: Block port tcp/udp

Unlike Steve, I am not going to play whackamole.
Please post your config
/export hide-sensitive file=yourconfigmar18
by anav
Mon Mar 18, 2019 8:40 pm
Forum: Beginner Basics
Topic: Port forwarding doesn't work [SOLVED]
Replies: 18
Views: 1078

Re: Port forwarding doesn't work [SOLVED]

Okay post your config again with the updates and I will have another look please.
by anav
Mon Mar 18, 2019 8:38 pm
Forum: Beginner Basics
Topic: Trying to setup load balancing with PCC, router doesn't use ISP2
Replies: 13
Views: 1585

Re: Trying to setup load balancing with PCC, router doesn't use ISP2

Well the easiest would probably be not to mangle that traffic from that IP address and then it will get routed out the main table on the route where wan distance=1. Thus if you wanted user x to use WAN3, and you had no other funky requirements. Just set distance =1 for wan3, 2 for wan1, 3 for wan2, ...
by anav
Mon Mar 18, 2019 5:20 pm
Forum: Beginner Basics
Topic: Port forwarding doesn't work [SOLVED]
Replies: 18
Views: 1078

Re: Port forwarding doesn't work [SOLVED]

Nope, the input chain is access to the router, not the LAN behind the router (only for admins for the most part). How are you trying to access your servers (from an external site, or from your own network using the app and thus accessing it from the external IP address but from behind your LAN)., Al...
by anav
Mon Mar 18, 2019 5:13 pm
Forum: General
Topic: Block port tcp/udp
Replies: 12
Views: 1368

Re: Block port tcp/udp

Post your config to troubleshoot.
/export hide-sensitive file=yourconfigmar18
by anav
Mon Mar 18, 2019 4:16 pm
Forum: General
Topic: Putty updated to 0.71
Replies: 12
Views: 971

Re: Putty updated to 0.71

Maybe best put(ty) in the Useful Articles Forum LOL.
by anav
Mon Mar 18, 2019 4:12 pm
Forum: Beginner Basics
Topic: Port forwarding doesn't work [SOLVED]
Replies: 18
Views: 1078

Re: Port forwarding doesn't work [SOLVED]

I would update your firmware for starters. There is no such thing as master slave in newer firmwares. Make sure this rule is first on your input chain add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked Get rid of t...
by anav
Mon Mar 18, 2019 2:37 pm
Forum: General
Topic: Putty updated to 0.71
Replies: 12
Views: 971

Re: Putty updated to 0.71

Or a coffee LOL.
I use hyperterminal LOL.
I use putty for plumbing purposes. ;-)
by anav
Mon Mar 18, 2019 2:05 pm
Forum: Scripting
Topic: Solved Script to recreate the load balance mangle rules
Replies: 12
Views: 18416

Re: Solved Script to recreate the load balance mangle rules

No Chupaka, he has been unable to get mangling and PCC working in another thread so he bitches about it like spam everywhere else. :-) However, if you want to help out, I would ask that you join us at this thread as I have been unable to solve what should be straightforward........ https://forum.mik...
by anav
Mon Mar 18, 2019 1:48 pm
Forum: General
Topic: Putty updated to 0.71
Replies: 12
Views: 971

Re: Putty updated to 0.71

Which is my point. Post it in the phucking putty forum.
Do you want me to start effing posting everytime there is a windows update, a linux update, a macos update, an avast update, etc etc etc............
I might as well post everytime I pop a zit, and pluck a nose hair. ;-)
by anav
Mon Mar 18, 2019 1:45 pm
Forum: General
Topic: bridging a VLAN onto a DHCP server
Replies: 4
Views: 373

Re: bridging a VLAN onto a DHCP server

post config complete
/export hide-sensitive file=yourconfigmar18
by anav
Mon Mar 18, 2019 1:43 pm
Forum: General
Topic: Inter VLAN routing problem
Replies: 2
Views: 229

Re: Inter VLAN routing problem

post config complete
/export hide-sensitive file=yourconfigmar18
by anav
Mon Mar 18, 2019 1:40 pm
Forum: General
Topic: IPTV who should pay?
Replies: 46
Views: 4421

Re: IPTV who should pay?

they may not be very excited about someone who's requirements are way above average Unfortunately customer "average" data usage per month is increasing at a high pace? "Unlimited" always sounds better. The advertising wording can be misleading when "Unlimited Data" is used but on the agreement form...
by anav
Mon Mar 18, 2019 1:37 pm
Forum: Beginner Basics
Topic: Radus server in my Mikrotik router
Replies: 6
Views: 535

Re: Radus server in my Mikrotik router

It is part of the extra packages, right? I have downloaded these files but how to install?
No idea, but there are probably plenty of docs and videos you could use google to search for!!
by anav
Mon Mar 18, 2019 1:35 pm
Forum: Beginner Basics
Topic: Hardware Purchase Advice for VLAN support
Replies: 6
Views: 416

Re: Hardware Purchase Advice for VLAN support

When you saying acting as AP switches in the room, I would go with MKXs advice. I have capACs in two locations but this is for wifi only as they are designed to be on ceiling or on wall, and thus not conducive to switch functionality. So it depends what you need and where you want it an footprint et...
by anav
Mon Mar 18, 2019 3:49 am
Forum: Forwarding Protocols
Topic: Ibgp Upload traffic issue between mikrotik and Huawei
Replies: 5
Views: 733

Re: Ibgp Upload traffic issue between mikrotik and Huawei

Yes everything goes to the Huawei unit (otherwise known as the PLAAF Device). ;-)
by anav
Mon Mar 18, 2019 3:46 am
Forum: Beginner Basics
Topic: RB750Gr3 Port Forwarding and Plex
Replies: 1
Views: 295

Re: RB750Gr3 Port Forwarding and Plex

This rule is missing something............... add action=accept chain=forward comment="Allow Port Forwarding - DSTNAT" \ connection-nat-state=dstnat in-interface=WAN (or if multiple WANS in-interface-list=WAN) These rules are wrong.......... add action=dst-nat chain=dstnat comment=Plex dst-port=3240...
by anav
Mon Mar 18, 2019 3:35 am
Forum: General
Topic: Putty updated to 0.71
Replies: 12
Views: 971

Re: Putty updated to 0.71

Where do I install the putty package on my winbox??
by anav
Mon Mar 18, 2019 3:34 am
Forum: General
Topic: Mangle rules
Replies: 4
Views: 447

Re: Mangle rules

https://forum.mikrotik.com/viewtopic.php?t=49106#p249410 didn't understand :( What he is saying is DO NOT BOTHER marking packets. Waste of time!! Use Mark connections!! What happens when you state mark connections, the router upon detecting a connection that meets the criteria automatically marks a...
by anav
Mon Mar 18, 2019 3:31 am
Forum: General
Topic: faile to obtain ip address error
Replies: 4
Views: 393

Re: faile to obtain ip address error

You like working in the dark vecernik87?? Vampire?

For the OP, please post your config.
/export hide-sensitive file=yourconfigmarch
by anav
Mon Mar 18, 2019 2:15 am
Forum: Wireless Networking
Topic: blog.mikrotik.com: 802.11ay?
Replies: 3
Views: 748

Re: blog.mikrotik.com: 802.11ay?

Geez, thats why you dont let CEOs drink at media events. ;-P
by anav
Mon Mar 18, 2019 2:14 am
Forum: General
Topic: bridging a VLAN onto a DHCP server
Replies: 4
Views: 373

Re: bridging a VLAN onto a DHCP server

Yes, I have many vlans including my home vlan whose common interface is my home bridge.
The bridge does not have dhcp service. My home vlan is the homeLAn so to speak.
by anav
Mon Mar 18, 2019 2:12 am
Forum: General
Topic: 2 Ethernet ports not working on HAP AC2 [SOLVED]
Replies: 9
Views: 1108

Re: 2 Ethernet ports not working on HAP AC2 [SOLVED]

Suggest you clean up the config and use only one bridge. Much less confusing.
by anav
Sun Mar 17, 2019 9:08 pm
Forum: General
Topic: Queue
Replies: 8
Views: 703

Re: Queue

You need to set the Max Limit on the General tab to 10M or 3M as required That sound like stupid idea but it works :) Thank you a lot. Why does it sound like a stupid idea? Probably because he didnt understand, nor did I, what a Military Rank - "General" has to do with MT queues? :-) I think he mea...
by anav
Sun Mar 17, 2019 8:53 pm
Forum: Beginner Basics
Topic: NAT newbie help [SOLVED]
Replies: 11
Views: 773

Re: NAT newbie help [SOLVED]

@anav: Go away, demon! :) If it's static, dst-adress is the right choice. But I don't see anything clearly wrong either. Except if access to webserver would be tested from same LAN, in that case see end of my previous post. If not, do you see the counter on dstnat rule increasing? ME?? no @Sob Go a...
by anav
Sun Mar 17, 2019 8:39 pm
Forum: Beginner Basics
Topic: Converting from Ubiquiti and need help with basic config
Replies: 14
Views: 744

Re: Converting from Ubiquiti and need help with basic config

LOL @anav
I see the simple queues tab, but it looks vastly different than what I am used to. Any help would be greatly appreciated : )
https://wiki.mikrotik.com/wiki/Manual:Queue

https://www.youtube.com/watch?v=xO1WHU3DuDw
by anav
Sun Mar 17, 2019 8:36 pm
Forum: Beginner Basics
Topic: NAT newbie help [SOLVED]
Replies: 11
Views: 773

Re: NAT newbie help [SOLVED]

Hmm a quick glance seems to show the setup is okay.
YOU do have two masquerade rules. consider getting rid of the non-default one for now.
(assuming you only have one WAN?)


Also Try using
for the destination nat rule, In-interface=WAN and not destination address.
by anav
Sun Mar 17, 2019 8:01 pm
Forum: Beginner Basics
Topic: Converting from Ubiquiti and need help with basic config
Replies: 14
Views: 744

Re: Converting from Ubiquiti and need help with basic config

Thank you. I will give it a try. Next question - I need to limit this customer to 200Mbps. How do I accomplish this? Show up at the door with a sawed off shotgun and explain what happens when one goes over the 200mbps limit. Oh drats, I bet your in a civilized part of the world. I believe simple qu...
by anav
Sun Mar 17, 2019 8:00 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 101965

Re: Winbox vulnerability: please upgrade

Shocking, in the middle of the busy trading day, the DOW shut down unexpectedly, as the routers running the show rebooted like spontaneous combustion. The IT admins were quite confused until they realized that automatic firmware upgrades had been applied simultaneously to both main and HA routers. O...
by anav
Sun Mar 17, 2019 5:49 pm
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 26
Views: 9932

Re: Recommend way to block Ads with Mikrotik

You don't understand me. I'm looking for similar solution like Pi-hole but for mikrotik. Some script. Don' want use adblock, ublock etc in my computers and mobile devices. But that would put pi-hole out of business, a very ruthless move on the part of MT. What is it exactly that pi-hole does then? ...
by anav
Sun Mar 17, 2019 5:32 pm
Forum: General
Topic: load-balancing don't work
Replies: 49
Views: 3921

Re: load-balancing don't work

Thanks Sindy for your input. I have been at this thread for awhile and fresh eyes and smarter brains are required. Kisses hugs, whatever you prefer LOL.
by anav
Sun Mar 17, 2019 5:28 pm
Forum: Beginner Basics
Topic: Converting from Ubiquiti and need help with basic config
Replies: 14
Views: 744

Re: Converting from Ubiquiti and need help with basic config

Are you saying that this CPE device is your modem/router and then you have your MT device after that??
by anav
Sun Mar 17, 2019 5:03 pm
Forum: General
Topic: Strange problems with PCC LB, packet mark problem? [SOLVED]
Replies: 10
Views: 718

Re: Strange problems with PCC LB, packet mark problem? [SOLVED]

If I was a Vulcan, the first person I would mind meld with is Sob, to steal err transfer all his MT knowledge!!!!
Then I too could be smugly be content to answer complex questions with riddles and half answers. ;-)
by anav
Sun Mar 17, 2019 5:01 pm
Forum: Beginner Basics
Topic: NAT newbie help [SOLVED]
Replies: 11
Views: 773

Re: NAT newbie help [SOLVED]

Other advice. Access your router (webconfig, winbox) externally via secure methods. 1. Recommended is via VPN 2. SSH (not sure but its probably better than nothing but DO CHANGE THE DEFAULT PORT like 33022 for example!! 3. Port Knocking is another method............. 4. ***source address list (add t...
by anav
Sun Mar 17, 2019 4:56 pm
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 26
Views: 9932

Re: Recommend way to block Ads with Mikrotik

I'm talking about pc browser, not mikrotik. Want to block ads in browsers via mikrotik That is a browser problem. Fix it in your browser and also is a user problem, thus educate your users. What next, automatically provide tissue paper when a PC user is going to sneeze?? I know, while we are at.......
by anav
Sun Mar 17, 2019 4:49 pm
Forum: General
Topic: cannot port forward on internal LAN
Replies: 9
Views: 569

Re: cannot port forward on internal LAN

My least favourite game is whackamole! ;-)
https://www.youtube.com/watch?v=kbyekup6i6U

This is analogous to my troubleshooting skills as well. :-)
by anav
Sun Mar 17, 2019 4:48 pm
Forum: General
Topic: Strange problems with PCC LB, packet mark problem? [SOLVED]
Replies: 10
Views: 718

Re: Strange problems with PCC LB, packet mark problem? [SOLVED]

Routes to all LAN subnets are in the main routing table, true. But if packet to LAN happens to get different routing mark, it means that route will be looked up in different routing table, not in main. And if that routing table doesn't have specific routes to LAN subnets, packet will be sent to int...
by anav
Sun Mar 17, 2019 4:35 pm
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 26
Views: 9932

Re: Recommend way to block Ads with Mikrotik

I never see ads on my MT router.
Do they popup in your Winbox??
by anav
Sun Mar 17, 2019 4:26 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 557
Views: 76241

Re: LHG 60G experience

Hi, Earlier today a network loop was introduced in our internal network. While investigating the source of the loop we disconnected the 4 links with other buildings that we have using LHG60s and a link with wAP60. While rebooting one of the LHG60 links the devices never really came back. I thought ...
by anav
Sun Mar 17, 2019 4:21 pm
Forum: Wireless Networking
Topic: My WLAN guest don't get local DHCP IP's
Replies: 3
Views: 706

Re: My WLAN guest don't get local DHCP IP's

Yeah your config makes no sense to me at all. What I need is a clear indication of how many subnets you are using and their purpose (you have half done for what looks like two of them) Im assuming the AP ether port is attached to an access point that is serving all four of your wlans (2 normal and 2...