Community discussions

Search found 155 matches

by dadaniel
Sun May 18, 2014 1:59 pm
Forum: General
Topic: wrong tx power calculation and change on DFS activation?
Replies: 1
Views: 559

wrong tx power calculation and change on DFS activation?

I have set these values on SXT SA: antenna-gain=14 band=5ghz-onlyn country=austria dfs-mode=radar-detect disabled=no frequency=5600 frequency-mode=regulatory-domain mode=ap-bridge wireless-protocol=nv2 Now current Tx power stays on 3/6dBm (+14dBi = 20dbm = 0,1W) Without dfs-mode current TX power sta...
by dadaniel
Thu Apr 17, 2014 4:44 pm
Forum: General
Topic: Easiest Way to have Netwatch Ping More than Once
Replies: 25
Views: 4581

Re: Easiest Way to have Netwatch Ping More than Once

is it possible to use
local i
in more than one script at the same time?
by dadaniel
Thu Apr 10, 2014 5:51 pm
Forum: Scripting
Topic: How to ***really*** block invalid TCP and UDP packet
Replies: 43
Views: 35817

Re: How to ***really*** block invalid TCP and UDP packet

The only rule that get hits is

add action=drop chain=forward dst-port=0 protocol=tcp

in my case. 12 Packets in the last 7h.
by dadaniel
Wed Apr 02, 2014 5:57 pm
Forum: Beginner Basics
Topic: default-config 802.1Q Trunk
Replies: 1
Views: 1539

default-config 802.1Q Trunk

Is it possible to adapt the ether1-gateway-->NAT-->ether2-lan default-config so that both lan and wan is served through one interfaces 802.1Q Trunk?
by dadaniel
Wed Mar 19, 2014 2:02 pm
Forum: General
Topic: Roaming features?
Replies: 0
Views: 767

Roaming features?

Does Mikrotik support any roaming features like PMK Caching, Pre-Authentication or 802.11r, 802.11v, 802.11k?
by dadaniel
Mon Feb 10, 2014 1:05 pm
Forum: Beginner Basics
Topic: proxy: how to block a specific url sub-directory?
Replies: 3
Views: 1265

Re: proxy: how to block a specific url sub-directory?

Thanks,

is there a way to do without proxy?
by dadaniel
Thu Feb 06, 2014 12:26 pm
Forum: Beginner Basics
Topic: proxy: how to block a specific url sub-directory?
Replies: 3
Views: 1265

proxy: how to block a specific url sub-directory?

for example:

I want to allow www.website.com but block www.website.com/badsite/notgood

In fact I want to block http://*/badsite/notgood


How to?
by dadaniel
Thu Jan 23, 2014 5:30 pm
Forum: Beginner Basics
Topic: src-nat problem
Replies: 4
Views: 1771

Re: src-nat problem

/ip firewall address-list add address=123.123.123.108/28 list=ournetwork add address=192.168.0.0/24 list=ournetwork /ip firewall filter add action=drop chain=forward connection-state=invalid add chain=input in-interface=ether5-lan add chain=input connection-state=established add chain=input connecti...
by dadaniel
Wed Jan 22, 2014 12:18 pm
Forum: Beginner Basics
Topic: src-nat problem
Replies: 4
Views: 1771

src-nat problem

I'm using the following firewall rule for the internet connectivity of my internal network, so the src address of outgoing connections is one of my official ips (123.123.123.111). /ip firewall nat add action=src-nat chain=srcnat src-address=192.168.0.0/24 to-addresses=123.123.123.111 My problem is t...
by dadaniel
Tue Jan 14, 2014 11:50 am
Forum: General
Topic: v6.7 released
Replies: 225
Views: 109066

Re: v6.7 released

Will Ticket#2013112866000182 be fixed in v6.8?
by dadaniel
Thu Nov 28, 2013 9:49 am
Forum: General
Topic: CRS switch-groups
Replies: 3
Views: 759

Re: CRS switch-groups

That VLAN rule table does not apply to CRS125, the features which will allow similar functionality are currently being developed.
Will this VLAN processing run at hardware level and is capable of wire-speed?
by dadaniel
Wed Nov 27, 2013 2:39 pm
Forum: General
Topic: CRS switch-groups
Replies: 3
Views: 759

CRS switch-groups

How many switch groups can be created on Cloud Router Switch?
Is it possible to use the hardware VLAN Rule table ( http://wiki.mikrotik.com/wiki/Manual:Sw ... Rule_Table )? How many rules can be created?
by dadaniel
Wed Nov 27, 2013 2:19 pm
Forum: General
Topic: Changelog RouterOS 6.7
Replies: 27
Views: 16304

Re: Changelog RouterOS 6.7

it should be more precise and report proper values as there where issues observed that sometimes unrealistic reading was displayed. could you please comment on the following questions: which max. initial PoE current is possible with the current hardware/firmware? which protection is built in and is...
by dadaniel
Wed Nov 20, 2013 12:04 pm
Forum: General
Topic: Known issues and bugs - a list
Replies: 283
Views: 110371

Re: Known issues and bugs - a list

In support emails, 90% of bugs are not bugs, but mistakes.
Your e-mail-support is very good, but getting an answer takes way to long. I do not have the time to wait 1 week for each reply of the same case number. Sorry...
by dadaniel
Wed Oct 09, 2013 2:20 pm
Forum: General
Topic: Inter-VLAN routing RB750GL on switch level?
Replies: 2
Views: 948

Re: Inter-VLAN routing RB750GL on switch level?

AFAIK it is not possible, only VLAN switching and some sort of ACL is possible in hardware: http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features
by dadaniel
Fri Sep 20, 2013 3:37 pm
Forum: Scripting
Topic: script + address-list
Replies: 3
Views: 2247

Re: script + address-list

I have the same question. Anyone?
by dadaniel
Mon Sep 02, 2013 8:51 am
Forum: General
Topic: vlan-id, vlan-priority, new-vlan-id not supported
Replies: 2
Views: 818

Re: vlan-id, vlan-priority, new-vlan-id not supported

Every single one, because RouterOS implements 802.1q
sorry, I forgot to add "wirespeed VLAN capable (via switch chipset)"
by dadaniel
Fri Aug 30, 2013 4:32 pm
Forum: General
Topic: vlan-id, vlan-priority, new-vlan-id not supported
Replies: 2
Views: 818

vlan-id, vlan-priority, new-vlan-id not supported

Which currently available fanless routerboard is fully wirespeed VLAN capable (via switch chipset)?
by dadaniel
Fri Aug 30, 2013 3:46 pm
Forum: General
Topic: Switch chip rules and delivering packets to VLAN interfaces
Replies: 5
Views: 5161

Re: Switch chip rules and delivering packets to VLAN interfa

Is there any news about that? Is this resolved in v6.x?
by dadaniel
Sun Aug 18, 2013 2:39 pm
Forum: General
Topic: action after X ammount of pings?
Replies: 7
Views: 1068

Re: action after X ammount of pings?

Try this:

add chain=forward comment="allow 10 ICMP-requests per second per source IP" dst-limit=10,2,src-address protocol=icmp
add action=add-src-to-address-list address-list=icmpflooders address-list-timeout=60m chain=forward protocol=icmp
by dadaniel
Fri Aug 16, 2013 12:54 pm
Forum: General
Topic: firewall rule interface: using hw-sw master-port sufficient?
Replies: 2
Views: 521

Re: firewall rule interface: using hw-sw master-port suffici

Thank you very much for the clarification :-D
by dadaniel
Fri Aug 16, 2013 11:11 am
Forum: General
Topic: firewall rule interface: using hw-sw master-port sufficient?
Replies: 2
Views: 521

firewall rule interface: using hw-sw master-port sufficient?

I have enabled port switching ( http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features ) on some of my routerboard's interfaces.

Is it sufficient to use the master-port in my firewall rules? Or do I have to add a rule for each interface in the port switching group?
by dadaniel
Fri Aug 16, 2013 9:40 am
Forum: General
Topic: simple firewall question
Replies: 2
Views: 468

simple firewall question

Is
add action=drop chain=input connection-state=invalid
necessary when the last rule is
add action=drop chain=input
and there are several add action=accept rules in between?
by dadaniel
Tue Jul 30, 2013 4:52 pm
Forum: General
Topic: addr-list delay
Replies: 4
Views: 838

Re: addr-list delay

Is that ip in the address list? If it is, then insure you are blocking the request from the client. You are adding the dst-address of the fail packet (response to client), but you want to block that src-address on any further port 110 requests from that client. Sorry, i forgot to paste the block ru...
by dadaniel
Tue Jul 30, 2013 4:03 pm
Forum: General
Topic: addr-list delay
Replies: 4
Views: 838

addr-list delay

Based on several mikrotik examples found in www, I put in the following firewall rules to protect our mail server from getting bruteforced: add address=213.47.xxx.xxx/28 list=ournetwork add address=192.168.0.0/24 list=ournetwork add action=drop chain=forward comment="block POP3 bruteforcers" src-add...
by dadaniel
Thu Jun 06, 2013 5:39 pm
Forum: General
Topic: Connection Tracking
Replies: 20
Views: 13032

Re: Connection Tracking

try at least RouterOS 6.0 version. Already tried with v6... no difference. Great that this is "no problem" for Sergejs... but why loading CPU when it is absolutely not neccesary? Please look at the starting date of this thread ... 2007 :? Hello, Yes, connection tracking uses CPU, I do not see any p...
by dadaniel
Thu Jun 06, 2013 11:44 am
Forum: General
Topic: Connection Tracking
Replies: 20
Views: 13032

Re: Connection Tracking

Any news about this topic? I'm also running into CPU load problems :(
by dadaniel
Thu May 16, 2013 5:02 pm
Forum: General
Topic: Firewall filter: log&drop problem on heavy bruteforce attack
Replies: 0
Views: 1036

Firewall filter: log&drop problem on heavy bruteforce attack

These are my firewall rules, they worked as expected... until today: add action=drop chain=forward comment="gesperrte POP3 IPs blockieren" disabled=no src-address-list=pop3_blacklist add action=drop chain=forward comment="gesperrte RDP IPs blockieren" disabled=no src-address-list=rdp_blacklist add a...
by dadaniel
Thu May 16, 2013 2:16 pm
Forum: General
Topic: Bypass nat by dst-address
Replies: 3
Views: 2689

Re: Bypass nat by dst-address

This works but CPU load does not decrease, so it seems that conntracking is still active for these connections.
Is there a way to avoid this? I need that because the connection is maxing out at 100Mbps now, but according to Mikrotik performance tests RB750G* should be capable of routing >100Mbps.
by dadaniel
Thu May 16, 2013 11:27 am
Forum: General
Topic: Optimizing queue trees / packet marking
Replies: 2
Views: 505

Re: Optimizing queue trees / packet marking

NAT translation is loading the CPU, this boards hardly reach 100Mbit. The chipset does not support hardware NAT acceleration.
Also firewall rules containing "content=" using a huge amount of CPU.
by dadaniel
Wed May 15, 2013 10:36 am
Forum: General
Topic: Accept connections from pptp clients rule?
Replies: 0
Views: 245

Accept connections from pptp clients rule?

Can you please give me a hint how to allow pptp clients to access the router via Winbox or Webfig (regardless of their ip range!) when the last firewall rule is "add action=drop chain=input comment=drop_all"?
by dadaniel
Thu Mar 28, 2013 11:47 am
Forum: General
Topic: ROS 5.24: simple queue 'target upload/download' bug
Replies: 1
Views: 681

ROS 5.24: simple queue 'target upload/download' bug

Hello, when entering both RxMaxLimit/TxMaxLimit and direction=both the rule works and is displayed ok. BUT if direction=upload it is displayed wrong and does not work! Please see attached screenshot (target upload is checked = ok, but download(!) value is displayed instead of upload). queue error.jpg
by dadaniel
Wed Feb 27, 2013 5:36 pm
Forum: General
Topic: 5.24 released!
Replies: 161
Views: 44018

Re: 5.24 released!

Hi, The target upload/download captions seem to be reversed in simple queue settings. Please see attached screenshot. Additionally it is not possible to set queues using terminal, for example: add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=upload disabled=no interface=ether1-mode...
by dadaniel
Mon Nov 26, 2012 5:25 pm
Forum: General
Topic: 5.22 released!
Replies: 104
Views: 47572

Re: 5.22 released!

by dadaniel
Wed Nov 07, 2012 4:33 pm
Forum: General
Topic: 5.21 released
Replies: 78
Views: 18906

5.21: config export error

/interface ethernet export file=if.rsc expected output: /interface ethernet set 0 name=ether1-modem set 1 name=ether2-wan1 set 2 name=ether3-wan2 master-port=ether2-wan1 set 3 name=ether4-wan3 master-port=ether2-wan1 set 4 name=ether5-lan actual output: /interface ethernet switch set 0 mirror-source...
by dadaniel
Wed Nov 07, 2012 3:32 pm
Forum: General
Topic: firewall filter rules: multiple SRC or DST adr or if?
Replies: 1
Views: 546

firewall filter rules: multiple SRC or DST adr or if?

I want to use multiple SRC or DST adresses or interfaces in one rule, until now I have to create a bunch of rules to get things working right... :(

Is this on the to-do list for future releases?
by dadaniel
Thu Jun 28, 2012 3:59 pm
Forum: General
Topic: show "To Addresses" in IP-Firewall-NAT?
Replies: 1
Views: 342

show "To Addresses" in IP-Firewall-NAT?

Is it possible to display a row displaying "To Addresses" in IP-Firewall-NAT?
by dadaniel
Thu Jun 28, 2012 3:54 pm
Forum: General
Topic: Firewall/Filter/PSD recognize DNS answers as UDP scan?
Replies: 1
Views: 585

Firewall/Filter/PSD recognize DNS answers as UDP scan?

When I set a filter rule with psd=20,3s,3,1 my DNS servers soon get blocked. When I enable psd only for TCP traffic all is ok.

Any ideas?
by dadaniel
Tue Jun 12, 2012 1:39 pm
Forum: General
Topic: upgrade v.3.25 to 5.17
Replies: 7
Views: 1912

Re: upgrade v.3.25 to 5.17

yes, you can. if you need any help, email support, we will help if any licensing issues arise. Sorry,but didn't find e-mail of support.So may I post message here? I downloaded routeros-4.17.It has 5 directories,1 .iso file and 4 files.Which of them I have to copy in Files of router? Alex This is th...
by dadaniel
Fri May 11, 2012 2:32 pm
Forum: General
Topic: is there a more simple way to count new connections?
Replies: 2
Views: 497

is there a more simple way to count new connections?

I found this one in the wiki, is there a way to do the same without the need for four rules? add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w chain=forward comment="put Src IP on blocklist after 4 new SSH connections in one minute" connection-state=new disabled=n...
by dadaniel
Thu Feb 23, 2012 11:09 pm
Forum: General
Topic: v5.14 released
Replies: 73
Views: 20550

Re: v5.14 released

Port flapping on RB750G seems to be fixed :)
by dadaniel
Wed Feb 22, 2012 11:11 pm
Forum: General
Topic: v5.13 released
Replies: 64
Views: 8184

Re: v5.13 released

Doesn't appear to be even acknowledged by MT as yet, even though there is more than one report of the issue mentioned on this topic.
has anybody written to support@? :)
Hello,

Thank you for reporting this with attached supout.rif file.
We will try to fix it as soon as possible.

Regards,...
by dadaniel
Wed Feb 15, 2012 5:59 pm
Forum: General
Topic: v5.13 released
Replies: 64
Views: 8184

Re: v5.13 released

When updated to 5.13 from 5.12 I have got a problem with interfaces going up and down in irregular intervals. It can be running fine for a long time and then more often then on minute apart go up and down up and down. I see the same behaviour, it seems that the interface stays up when a winbox conn...
by dadaniel
Mon Jan 23, 2012 5:33 pm
Forum: General
Topic: v5.12 released
Replies: 144
Views: 24990

Re: v5.12 released

Remove default configuration does not work anymore on RB750G. When you click on the button all settings seem to remain the same, interface names are not changed to ether1 and so on...

:(
by dadaniel
Thu Nov 10, 2011 11:46 am
Forum: General
Topic: UPnP and NAT-PMP
Replies: 13
Views: 6308

Re: UPnP and NAT-PMP

It would be great to have the same features as seen here in Tomato Firmware:
upnpnat.jpg
by dadaniel
Mon Sep 19, 2011 3:00 pm
Forum: General
Topic: RouterOS v5.7 released
Replies: 227
Views: 66974

Re: RouterOS v5.7 released

UPnP 'Forced external IP' is still broken (first IP of external Interface is used instead of the 'forced' one).
Sent supout and screenshots: Ticket#2011091666000168
by dadaniel
Wed May 18, 2011 12:45 pm
Forum: General
Topic: UPnP Dst. Address
Replies: 1
Views: 386

Re: UPnP Dst. Address

*bump* Is there any way to do this? :?:
by dadaniel
Sun May 15, 2011 12:59 am
Forum: General
Topic: [Solved] RB750G ROS 5.2 serious performance issue.
Replies: 15
Views: 2878

Re: RB750G ROS 5.2 100/100 Mbps link serious performance iss

This is a known problem with v5.2

switch back to the latest 4.x firmware and your problem is solved
by dadaniel
Thu May 05, 2011 4:09 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 204059

UPnP Dst. Address

I have multiple IPs on my external interface. I need to set the Dst. Address of the dst-nat made by UPnP, but I have not found a way to do this.

Thank you!
by dadaniel
Thu May 05, 2011 12:32 pm
Forum: General
Topic: DHCP Assigned and Deassigned
Replies: 8
Views: 12840

Re: DHCP Assigned and Deassigned

I have the same problem with 4.17 and RB750G.

Please help!
by dadaniel
Wed May 04, 2011 11:55 am
Forum: General
Topic: UPnP Dst. Address
Replies: 1
Views: 386

UPnP Dst. Address

I have multiple IPs on my external interface. Where can I set the Dst. Address UPnP should use?
by dadaniel
Mon May 02, 2011 11:28 pm
Forum: General
Topic: v5.2 released
Replies: 161
Views: 29486

Re: v5.2 released

5.2 still has the througput issue.
I am also having throughput issues with 5.2 on RB750G. I only get ~30Mbps of my 100Mbps connection. No problem with 4.17
by dadaniel
Mon May 02, 2011 11:18 pm
Forum: General
Topic: What the hell is going on (after upgrade to v5.1)
Replies: 11
Views: 1296

Re: What the hell is going on (after upgrade to v5.1)

I am having WAN to LAN throughput issues with 5.2 on RB750G. I only get ~30Mbps of my 100Mbps connection.
No problem with 4.17
by dadaniel
Fri May 14, 2010 11:52 pm
Forum: General
Topic: Dynamic Upnp rules, how long?
Replies: 8
Views: 1278

Re: Dynamic Upnp rules, how long?

Is there a solution now?