Community discussions

Search found 155 matches

by dadaniel
Fri Nov 11, 2016 11:25 am
Forum: General
Topic: Throttle Windows Updates
Replies: 32
Views: 15613

Re: Throttle Windows Updates

I would try to make the mangle rule more specific (for ex. port 80 TCP), so that the layer7 matcher does not take up all cpu resources (it matches every single packet at the moment)
by dadaniel
Mon Oct 10, 2016 9:58 am
Forum: General
Topic: ROS 6.36.3 export bug
Replies: 3
Views: 594

Re: ROS 6.36.3 export bug

It seems that the card is manually set to 100Mbps, otherwise speed value would not be exported
by dadaniel
Fri Sep 30, 2016 3:44 pm
Forum: General
Topic: Problems with contracted speed vs Routerboard
Replies: 8
Views: 1028

Re: Problems with contracted speed vs Routerboard

Some observations - I do not use fast track activated because this function ends with my control internal band. My CPU keeps stable between 10-35% I tested changing the MTU of my WAN interface and the problem continues. And so far I could not solve this problem. Does anyone have any tips of what ca...
by dadaniel
Thu Sep 29, 2016 12:58 pm
Forum: General
Topic: 6.16 import stops when there is a duplicate entry
Replies: 15
Views: 6583

Re: 6.16 import stops when there is a duplicate entry

Could you prepare the script that way do { /ip firewall address-list add address=111.251.111.129 list=blackmail timeout=3h } on-error={} instead of /ip firewall address-list add address=111.251.111.129 list=blackmail timeout=3h I have no 6.16 so it is only my guess that such solution works. works l...
by dadaniel
Mon Sep 26, 2016 11:39 am
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 34450

Re: v6.37 [current] is released!

I'm not sure where mikrotik going, concerning wireless and radio side I am aware of the limitations imposed by regulatory agencies in terms of DFS and other now is the fact that with the current DFS mode, wireless becomes completely unusable in dense areas DFS just constantly shifting frequency eve...
by dadaniel
Thu Sep 08, 2016 2:00 pm
Forum: General
Topic: strange snmp connection
Replies: 0
Views: 303

strange snmp connection

I got the following log entry in my router: forward: in:bridge1 out:bridge1, src-mac bc:5f:f4:b4:0b:5d, proto UDP, 192.168.0.163:49402->192.168.0.211:161, len 105 0.163 is computer with Epson Status Monitor installed 0.211 is the Epson printer bridge has two interfaces (LAN and WLAN) but WLAN is not...
by dadaniel
Thu Jul 21, 2016 5:27 pm
Forum: Announcements
Topic: v6.36 [current] is released!
Replies: 183
Views: 41681

Re: v6.36 [current] is released!

I noticed another thing after upgrade:

my first filter rule
add action=drop chain=forward connection-state=invalid
got changed to connection-state="" (also in Winbox checkbox is disabled now)
by dadaniel
Thu Jul 21, 2016 3:37 pm
Forum: Announcements
Topic: v6.36 [current] is released!
Replies: 183
Views: 41681

Re: v6.36 [current] is released!

dadaniel - Firewall rules export issue will be fixed within 6.37rc version but UPnP settings are shown in export on my router. Please send supout file to support@mikrotik.com. We will investigate it and see what is wrong. I found out that "set enabled=yes" is exported, but "set enabled=no" is missi...
by dadaniel
Thu Jul 21, 2016 1:43 pm
Forum: Announcements
Topic: v6.36 [current] is released!
Replies: 183
Views: 41681

Re: v6.36 [current] is released!

I noticed that export compact now generates
log-prefix=""
at every firewall line.

And
/ip upnp export
does only generate /ip upnp interfaces output. set enabled=yes/no is missing!
by dadaniel
Tue Jun 14, 2016 12:51 pm
Forum: Announcements
Topic: v6.35.4 [current] is released!
Replies: 51
Views: 21910

Re: v6.35.4 [current] is released!

As far as I know it is not possible to create dynamic rule by static command from console. Though dynamic address-list entries are displayed after /ip firewall address-list print. huh? All "load and block current bogus IP addresses on startup" scripts are useless now?? It makes no sense to save the...
by dadaniel
Fri Feb 26, 2016 1:01 pm
Forum: General
Topic: Eth1 poe port won't do gigabit
Replies: 11
Views: 1865

Re: Eth1 poe port won't do gigabit

Hi,

I cannot even establish a reliable link on eth1. Other ports are working fine. Network card used is Intel I218-LM
by dadaniel
Tue Feb 02, 2016 11:18 am
Forum: Announcements
Topic: v6.34 [current] is released!
Replies: 91
Views: 22692

Re: v6.34 [current] is released!

6.34 WebFig Torch malfunction, showing two lines of incomplete data (after clicking on start it works):
webfig.png
by dadaniel
Wed Jan 27, 2016 10:32 am
Forum: Scripting
Topic: Script to change hairpin NAT rule DST.Address when public IP changes.
Replies: 7
Views: 3535

Re: Script to change hairpin NAT rule DST.Address when public IP changes.

Is there a script that creates hairpin-rules based on existing port forwards?
by dadaniel
Wed Jan 20, 2016 9:59 am
Forum: General
Topic: 6.34 release candidate version topic!
Replies: 201
Views: 42901

Re: 6.34 release candidate version topic!

Why is to-adresses column not enabled by default? No need to write to-addresses in comment field...! *) upnp - added comment for dynamic dst-nat rules to inform what host/program required it; Nice enhancement! http://content.screencast.com/users/nescafe2002/folders/Snagit/media/45a36763-6eec-4f3b-a6...
by dadaniel
Mon Nov 09, 2015 9:16 am
Forum: Announcements
Topic: Winbox3.0 released!
Replies: 45
Views: 15540

Re: Winbox3.0 released!

Is recognized by AVG 2016
winboxvir.jpg
by dadaniel
Wed Sep 23, 2015 4:30 pm
Forum: General
Topic: WinBox 3.0rc15 recognized as malware (IDP.Ares.Generic) by AVG Antivirus
Replies: 1
Views: 966

WinBox 3.0rc15 recognized as malware (IDP.Ares.Generic) by AVG Antivirus

Mikrotik, please contact AVG to get this resolved...
by dadaniel
Thu Sep 03, 2015 12:51 pm
Forum: Announcements
Topic: v6.32 released [version temporarily removed]
Replies: 116
Views: 29698

Re: v6.32 released [version temporarily removed]

dadaniel - Issue is not fixed yet. It is reported to developers.
Ok, I hope you don't release 6.32 before this is fixed, because RouterOS without working firewall filters is nearly useless :?
by dadaniel
Wed Sep 02, 2015 12:16 pm
Forum: Announcements
Topic: v6.32 released [version temporarily removed]
Replies: 116
Views: 29698

Re: v6.32 released

*) firewall - fixed limit and dst-limit options. requesting more details on this =) the add-dst-to-address-list - rule got triggered before the dst-limit rule above it. One minute later the count on the dst-limit rule started to rise exactly to the value of the add-dst-to-address-list - rule. dst-l...
by dadaniel
Wed Sep 02, 2015 11:29 am
Forum: Announcements
Topic: v6.32 released [version temporarily removed]
Replies: 116
Views: 29698

Re: v6.32 released

What about Ticket #2015082666000269, last message from 28.08 said "Seems that it was not completely fixed"
by dadaniel
Wed Aug 26, 2015 9:48 am
Forum: General
Topic: dst-limit filter rule problem
Replies: 0
Views: 806

dst-limit filter rule problem

I have made firewall rules as found in http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention to protect my mail-server. They look for authentication failure messages my mail server is sending out and add the destination to a blacklist. add chain=forward action=drop src-address-list=mail_blacklis...
by dadaniel
Fri Jul 31, 2015 3:54 pm
Forum: General
Topic: block Windows 10 update-delivery-optimization
Replies: 20
Views: 8971

Re: block Windows 10 update-delivery-optimization

You will have to sniff the traffic to see what protocol is used.
This could be very hard, because you have to be lucky to catch the moment when it is uploading to some other client. I cannot find any information about protocols and ports used anywhere.
by dadaniel
Fri Jul 31, 2015 3:50 pm
Forum: General
Topic: block Windows 10 update-delivery-optimization
Replies: 20
Views: 8971

Re: block Windows 10 update-delivery-optimization

but why? it will save your bandwidth
No, it will kill my bandwidth. Default setting in non-VL editions of Windows 10 is to upload to other users on the internet.
by dadaniel
Fri Jul 31, 2015 3:42 pm
Forum: General
Topic: drop rule above fasttrack rule not working
Replies: 1
Views: 493

drop rule above fasttrack rule not working

When not using fasttrack rule, active connections are dropped immediately when they are added to src-address-list. When using fasttrack, active connections are not dropped, although drop rule is above fasttrack rule: add action=drop chain=forward src-address-list=ftp_blacklist add action=fasttrack-c...
by dadaniel
Thu Jul 30, 2015 2:51 pm
Forum: General
Topic: block Windows 10 update-delivery-optimization
Replies: 20
Views: 8971

block Windows 10 update-delivery-optimization

Does anyone know how to block Windows 10 update-delivery-optimization (built-in feature for getting Windows Updates through P2P) using mikrotik firewall rules? Please see http://windows.microsoft.com/en-gb/windows-10/windows-update-delivery-optimization-faq for details. https://cdn2.vox-cdn.com/thum...
by dadaniel
Wed May 27, 2015 5:18 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 139005

Re: FastTrack - New feature in 6.29

best is to fasttrack connection-state=established,related
Is this fasttrack rule replacing the default "accept connection-state=established,related"-rule or do I still need it?
by dadaniel
Thu May 21, 2015 6:06 pm
Forum: General
Topic: filter rule difference?
Replies: 5
Views: 574

Re: filter rule difference?

Thank you very much for pointing me to this problem :)

I noticed that it is possible to limit by src and dst-address. This would only count too much connection attempts to the same dst-address, but would not work if the attacker is changing dst-addresses all the time, right?
by dadaniel
Thu May 21, 2015 5:17 pm
Forum: General
Topic: filter rule difference?
Replies: 5
Views: 574

Re: filter rule difference?

last rule will use dst-address as criteria, to do the same it should use src-address as criteria. I think only it's counting is based on dst-address, so 'ignore the first three packets, let the fourth pass and count every other packet that arrives in the same minute to the same dst-address' The fir...
by dadaniel
Thu May 21, 2015 1:21 pm
Forum: General
Topic: filter rule difference?
Replies: 5
Views: 574

filter rule difference?

Can you please tell me the difference between these firewall rules? Will both of them work? Do I get the same result with both of them? add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w chain=forward connection-state=new dst-port=22 protocol=tcp src-address-list=s...
by dadaniel
Thu May 21, 2015 11:31 am
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 139005

Re: FastTrack - New feature in 6.29

Why not to mark packet at mangle postrouting?
It does only make sense to use FastTrack on specific (known) connections before they enter filter/other routing chains. Using it afterwards makes no sense at all...
by dadaniel
Thu Mar 12, 2015 9:41 pm
Forum: Scripting
Topic: script to add Ip address
Replies: 20
Views: 3321

Re: script to add Ip address

Could you please post the code that allows communication to std gateway so you can access the Internet and block the rest of the net? Above firewall rules seems to block the whole subnet used including the gateway?
by dadaniel
Tue Mar 03, 2015 10:38 pm
Forum: Wireless Networking
Topic: Ubiquitik or Mikroquiti? ;-)
Replies: 1
Views: 732

Ubiquitik or Mikroquiti? ;-)

Ubiquiti AM-5AC21-60 + Meconet LMR240UF 90° RPSMA + RF-Elements EasyBracket 912 + RB922UAGS-5HPacD-NM

2.jpg
1.jpg
by dadaniel
Fri Feb 13, 2015 8:51 am
Forum: Beginner Basics
Topic: only allow access to default gateway and internet
Replies: 3
Views: 974

Re: only allow access to default gateway and internet

ISPs router and the rest of the network is plugged into ether0, ether1 to ether4 is hardware switched(master port ether1), ether0 and ether1 are member of bridge1 dhcp-client is running on bridge1 and get dhcp data including default gateway from ISPs modem. These are the only changes I made from def...
by dadaniel
Thu Feb 12, 2015 8:14 pm
Forum: Beginner Basics
Topic: only allow access to default gateway and internet
Replies: 3
Views: 974

only allow access to default gateway and internet

Can someone please tell me the firewall rules I need to allow only traffic that goes to the current default gateway of the routerboard and to Internet?

Thank you very much in advance!
by dadaniel
Thu Nov 06, 2014 9:44 pm
Forum: General
Topic: 6.22rc7: connection-nat-state matcher
Replies: 0
Views: 1034

6.22rc7: connection-nat-state matcher

Can I use this as a fix for Ticket#2014012266000405 (src-nat with 'accept related' and 'drop all' at the end drops NAT'ed UDP packets)?

Will this matcher also catch NAT'ed UDP packets?
by dadaniel
Tue Oct 28, 2014 4:21 pm
Forum: General
Topic: Does WDS mode means WDS repeating?
Replies: 3
Views: 895

Re: Does WDS mode means WDS repeating?

Sorry but this does not answer my question, because these things are done in wireless driver imho.
*bump*
by dadaniel
Wed Oct 22, 2014 12:16 pm
Forum: General
Topic: Does WDS mode means WDS repeating?
Replies: 3
Views: 895

Does WDS mode means WDS repeating?

Is the "bad" WDS repeating mode (sending every station everything, thus -50% speed with every connected station) active when setting wireless mode to WDS?

Or is it the same "transparent Layer 2 mode" like in Ubiquiti AirOS?
by dadaniel
Sun Sep 07, 2014 12:19 pm
Forum: Beginner Basics
Topic: CRS VLAN configuration help
Replies: 1
Views: 779

CRS VLAN configuration help

I need some help with the VLAN configuration on the CRS109 please: I have an existing managed D-Link Switch where: Port 1 = 802.1Q VLAN1 + VLAN2 = Trunk Port 2-5 = 802.1Q VLAN1 = LAN Port 6-10 = 802.1Q VLAN2 = WAN The CRS109 should be configured like that: Port 1 = 802.1Q VLAN1 + VLAN2 = Trunk Port ...
by dadaniel
Fri Sep 05, 2014 10:44 am
Forum: General
Topic: ARP table not working properly?
Replies: 3
Views: 883

Re: ARP table not working properly?

Would you mind sharing the reason for this strange configuration? These are Ptmp links where default forward on wlan is disabled and communication is handled by the routing protocol. We do not want to waste ip addresses or subnets (because we would need them for every link in this case). The same c...
by dadaniel
Thu Sep 04, 2014 12:04 pm
Forum: General
Topic: ARP table not working properly?
Replies: 3
Views: 883

ARP table not working properly?

Hi, I'm using a rather strange configuration on my RB750 with ROS v6.19: ether1 has 10.12.123.123 255.255.0.0 ether2 has 10.12.123.124 and the same subnet as ether1. and I'm using a routing protocol. My problem is that the routing protocol needs some time to start working properly and something stop...
by dadaniel
Mon Aug 18, 2014 5:53 pm
Forum: General
Topic: Newsletter 60: 802.11ac
Replies: 104
Views: 54656

Re: Newsletter 60: 802.11ac

Got my first batch of SXT AC and SXT AC SA.
802.11af works fine. The non SA Version does not have a shield painting inside.
So for ptp on a loaded tower some additional shielding might be neccesary.
Is there any SXT shield kit available?
by dadaniel
Fri Jul 25, 2014 4:10 pm
Forum: General
Topic: Newsletter 60: 802.11ac
Replies: 104
Views: 54656

Re: Newsletter 60: 802.11ac

From SXTac Datasheet: "802.3af/at supported (Mode B. requires crossover cable)" ... Does this mean that it will only link at 100Mbit when using 802.3af/at? Because Wikipedia says that "Mode B delivers power on the spare pairs".

But there are no spare pairs when using Gigabit
by dadaniel
Wed Jul 09, 2014 10:42 am
Forum: General
Topic: Winbox: Could Not get Index: Fatal error
Replies: 33
Views: 53740

Re: Winbox: Could Not get Index: Fatal error

I have also had this problem one time, it was caused by a ssh port forward to an internal linux machine.
by dadaniel
Thu Jul 03, 2014 3:18 pm
Forum: General
Topic: PPTP without add-default-route - how to get gateway address?
Replies: 3
Views: 1232

Re: PPTP without add-default-route - how to get gateway addr

(I suppose default Gateway: "remote-address"):
This field is empty, only local address is visible.
as this is tunnel interface you can use interface name as default gateway. And you can assign static name for PPTP-out tunnel.
I will try this, thank you.
by dadaniel
Thu Jul 03, 2014 10:51 am
Forum: General
Topic: PPTP without add-default-route - how to get gateway address?
Replies: 3
Views: 1232

PPTP without add-default-route - how to get gateway address?

Every time I connect to my Internet provider using PPTP client, I get a dynamic public IP and a dynamic default gateway.
How can I get this gateway address when using add-default-route=no?
by dadaniel
Tue Jul 01, 2014 12:16 pm
Forum: Scripting
Topic: 3G failover script
Replies: 1
Views: 1261

3G failover script

Could anyone please share a simple 3G failover script? The 3G connection should only be activated when for example 8.8.8.8 is not reachable via ethernets default route and disabled if 8.8.8.8 is reachable via ethernet again.
by dadaniel
Sat Jun 28, 2014 5:03 pm
Forum: General
Topic: RB260GSP is it giga POE OUT?
Replies: 15
Views: 5600

Re: RB260GSP is it giga POE OUT?

1000poe.png
by dadaniel
Fri Jun 27, 2014 2:18 pm
Forum: SwOS
Topic: RB 260GS transmit multicast trafic
Replies: 4
Views: 3881

Re: RB 260GS transmit multicast trafic

have you sent bug report to MikroTik Technical Support ( support@mikrotik.com )?
by dadaniel
Fri Jun 27, 2014 10:54 am
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 112
Views: 62511

Re: DDoS story, or WARNING: use 'conection-limit' with cauti

Is it somehow possible to make these rules more efficient? Currently every new connection is counted, jumped into new chain and there again counted and if below the threshold returned to forwarding chain...
by dadaniel
Sun Jun 22, 2014 2:39 pm
Forum: RouterBOARD hardware
Topic: routerboard with Gbit-PoE-out like 260gsp?
Replies: 2
Views: 989

routerboard with Gbit-PoE-out like 260gsp?

Will there ever be a routerboard with Gigabit and PoE-out?
by dadaniel
Sun May 18, 2014 1:59 pm
Forum: General
Topic: wrong tx power calculation and change on DFS activation?
Replies: 1
Views: 561

wrong tx power calculation and change on DFS activation?

I have set these values on SXT SA: antenna-gain=14 band=5ghz-onlyn country=austria dfs-mode=radar-detect disabled=no frequency=5600 frequency-mode=regulatory-domain mode=ap-bridge wireless-protocol=nv2 Now current Tx power stays on 3/6dBm (+14dBi = 20dbm = 0,1W) Without dfs-mode current TX power sta...
by dadaniel
Thu Apr 17, 2014 4:44 pm
Forum: General
Topic: Easiest Way to have Netwatch Ping More than Once
Replies: 25
Views: 4594

Re: Easiest Way to have Netwatch Ping More than Once

is it possible to use
local i
in more than one script at the same time?
by dadaniel
Thu Apr 10, 2014 5:51 pm
Forum: Scripting
Topic: How to ***really*** block invalid TCP and UDP packet
Replies: 43
Views: 35856

Re: How to ***really*** block invalid TCP and UDP packet

The only rule that get hits is

add action=drop chain=forward dst-port=0 protocol=tcp

in my case. 12 Packets in the last 7h.
by dadaniel
Wed Apr 02, 2014 5:57 pm
Forum: Beginner Basics
Topic: default-config 802.1Q Trunk
Replies: 1
Views: 1541

default-config 802.1Q Trunk

Is it possible to adapt the ether1-gateway-->NAT-->ether2-lan default-config so that both lan and wan is served through one interfaces 802.1Q Trunk?
by dadaniel
Wed Mar 19, 2014 2:02 pm
Forum: General
Topic: Roaming features?
Replies: 0
Views: 768

Roaming features?

Does Mikrotik support any roaming features like PMK Caching, Pre-Authentication or 802.11r, 802.11v, 802.11k?
by dadaniel
Mon Feb 10, 2014 1:05 pm
Forum: Beginner Basics
Topic: proxy: how to block a specific url sub-directory?
Replies: 3
Views: 1268

Re: proxy: how to block a specific url sub-directory?

Thanks,

is there a way to do without proxy?
by dadaniel
Thu Feb 06, 2014 12:26 pm
Forum: Beginner Basics
Topic: proxy: how to block a specific url sub-directory?
Replies: 3
Views: 1268

proxy: how to block a specific url sub-directory?

for example:

I want to allow www.website.com but block www.website.com/badsite/notgood

In fact I want to block http://*/badsite/notgood


How to?
by dadaniel
Thu Jan 23, 2014 5:30 pm
Forum: Beginner Basics
Topic: src-nat problem
Replies: 4
Views: 1774

Re: src-nat problem

/ip firewall address-list add address=123.123.123.108/28 list=ournetwork add address=192.168.0.0/24 list=ournetwork /ip firewall filter add action=drop chain=forward connection-state=invalid add chain=input in-interface=ether5-lan add chain=input connection-state=established add chain=input connecti...
by dadaniel
Wed Jan 22, 2014 12:18 pm
Forum: Beginner Basics
Topic: src-nat problem
Replies: 4
Views: 1774

src-nat problem

I'm using the following firewall rule for the internet connectivity of my internal network, so the src address of outgoing connections is one of my official ips (123.123.123.111). /ip firewall nat add action=src-nat chain=srcnat src-address=192.168.0.0/24 to-addresses=123.123.123.111 My problem is t...
by dadaniel
Tue Jan 14, 2014 11:50 am
Forum: General
Topic: v6.7 released
Replies: 225
Views: 109101

Re: v6.7 released

Will Ticket#2013112866000182 be fixed in v6.8?
by dadaniel
Thu Nov 28, 2013 9:49 am
Forum: General
Topic: CRS switch-groups
Replies: 3
Views: 761

Re: CRS switch-groups

That VLAN rule table does not apply to CRS125, the features which will allow similar functionality are currently being developed.
Will this VLAN processing run at hardware level and is capable of wire-speed?
by dadaniel
Wed Nov 27, 2013 2:39 pm
Forum: General
Topic: CRS switch-groups
Replies: 3
Views: 761

CRS switch-groups

How many switch groups can be created on Cloud Router Switch?
Is it possible to use the hardware VLAN Rule table ( http://wiki.mikrotik.com/wiki/Manual:Sw ... Rule_Table )? How many rules can be created?
by dadaniel
Wed Nov 27, 2013 2:19 pm
Forum: General
Topic: Changelog RouterOS 6.7
Replies: 27
Views: 16317

Re: Changelog RouterOS 6.7

it should be more precise and report proper values as there where issues observed that sometimes unrealistic reading was displayed. could you please comment on the following questions: which max. initial PoE current is possible with the current hardware/firmware? which protection is built in and is...
by dadaniel
Wed Nov 20, 2013 12:04 pm
Forum: General
Topic: Known issues and bugs - a list
Replies: 283
Views: 110419

Re: Known issues and bugs - a list

In support emails, 90% of bugs are not bugs, but mistakes.
Your e-mail-support is very good, but getting an answer takes way to long. I do not have the time to wait 1 week for each reply of the same case number. Sorry...
by dadaniel
Wed Oct 09, 2013 2:20 pm
Forum: General
Topic: Inter-VLAN routing RB750GL on switch level?
Replies: 2
Views: 949

Re: Inter-VLAN routing RB750GL on switch level?

AFAIK it is not possible, only VLAN switching and some sort of ACL is possible in hardware: http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features
by dadaniel
Fri Sep 20, 2013 3:37 pm
Forum: Scripting
Topic: script + address-list
Replies: 3
Views: 2257

Re: script + address-list

I have the same question. Anyone?
by dadaniel
Mon Sep 02, 2013 8:51 am
Forum: General
Topic: vlan-id, vlan-priority, new-vlan-id not supported
Replies: 2
Views: 822

Re: vlan-id, vlan-priority, new-vlan-id not supported

Every single one, because RouterOS implements 802.1q
sorry, I forgot to add "wirespeed VLAN capable (via switch chipset)"
by dadaniel
Fri Aug 30, 2013 4:32 pm
Forum: General
Topic: vlan-id, vlan-priority, new-vlan-id not supported
Replies: 2
Views: 822

vlan-id, vlan-priority, new-vlan-id not supported

Which currently available fanless routerboard is fully wirespeed VLAN capable (via switch chipset)?
by dadaniel
Fri Aug 30, 2013 3:46 pm
Forum: General
Topic: Switch chip rules and delivering packets to VLAN interfaces
Replies: 5
Views: 5164

Re: Switch chip rules and delivering packets to VLAN interfa

Is there any news about that? Is this resolved in v6.x?
by dadaniel
Sun Aug 18, 2013 2:39 pm
Forum: General
Topic: action after X ammount of pings?
Replies: 7
Views: 1071

Re: action after X ammount of pings?

Try this:

add chain=forward comment="allow 10 ICMP-requests per second per source IP" dst-limit=10,2,src-address protocol=icmp
add action=add-src-to-address-list address-list=icmpflooders address-list-timeout=60m chain=forward protocol=icmp
by dadaniel
Fri Aug 16, 2013 12:54 pm
Forum: General
Topic: firewall rule interface: using hw-sw master-port sufficient?
Replies: 2
Views: 521

Re: firewall rule interface: using hw-sw master-port suffici

Thank you very much for the clarification :-D
by dadaniel
Fri Aug 16, 2013 11:11 am
Forum: General
Topic: firewall rule interface: using hw-sw master-port sufficient?
Replies: 2
Views: 521

firewall rule interface: using hw-sw master-port sufficient?

I have enabled port switching ( http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features ) on some of my routerboard's interfaces.

Is it sufficient to use the master-port in my firewall rules? Or do I have to add a rule for each interface in the port switching group?
by dadaniel
Fri Aug 16, 2013 9:40 am
Forum: General
Topic: simple firewall question
Replies: 2
Views: 470

simple firewall question

Is
add action=drop chain=input connection-state=invalid
necessary when the last rule is
add action=drop chain=input
and there are several add action=accept rules in between?
by dadaniel
Tue Jul 30, 2013 4:52 pm
Forum: General
Topic: addr-list delay
Replies: 4
Views: 840

Re: addr-list delay

Is that ip in the address list? If it is, then insure you are blocking the request from the client. You are adding the dst-address of the fail packet (response to client), but you want to block that src-address on any further port 110 requests from that client. Sorry, i forgot to paste the block ru...
by dadaniel
Tue Jul 30, 2013 4:03 pm
Forum: General
Topic: addr-list delay
Replies: 4
Views: 840

addr-list delay

Based on several mikrotik examples found in www, I put in the following firewall rules to protect our mail server from getting bruteforced: add address=213.47.xxx.xxx/28 list=ournetwork add address=192.168.0.0/24 list=ournetwork add action=drop chain=forward comment="block POP3 bruteforcers" src-add...
by dadaniel
Thu Jun 06, 2013 5:39 pm
Forum: General
Topic: Connection Tracking
Replies: 20
Views: 13041

Re: Connection Tracking

try at least RouterOS 6.0 version. Already tried with v6... no difference. Great that this is "no problem" for Sergejs... but why loading CPU when it is absolutely not neccesary? Please look at the starting date of this thread ... 2007 :? Hello, Yes, connection tracking uses CPU, I do not see any p...
by dadaniel
Thu Jun 06, 2013 11:44 am
Forum: General
Topic: Connection Tracking
Replies: 20
Views: 13041

Re: Connection Tracking

Any news about this topic? I'm also running into CPU load problems :(
by dadaniel
Thu May 16, 2013 5:02 pm
Forum: General
Topic: Firewall filter: log&drop problem on heavy bruteforce attack
Replies: 0
Views: 1037

Firewall filter: log&drop problem on heavy bruteforce attack

These are my firewall rules, they worked as expected... until today: add action=drop chain=forward comment="gesperrte POP3 IPs blockieren" disabled=no src-address-list=pop3_blacklist add action=drop chain=forward comment="gesperrte RDP IPs blockieren" disabled=no src-address-list=rdp_blacklist add a...
by dadaniel
Thu May 16, 2013 2:16 pm
Forum: General
Topic: Bypass nat by dst-address
Replies: 3
Views: 2694

Re: Bypass nat by dst-address

This works but CPU load does not decrease, so it seems that conntracking is still active for these connections.
Is there a way to avoid this? I need that because the connection is maxing out at 100Mbps now, but according to Mikrotik performance tests RB750G* should be capable of routing >100Mbps.
by dadaniel
Thu May 16, 2013 11:27 am
Forum: General
Topic: Optimizing queue trees / packet marking
Replies: 2
Views: 506

Re: Optimizing queue trees / packet marking

NAT translation is loading the CPU, this boards hardly reach 100Mbit. The chipset does not support hardware NAT acceleration.
Also firewall rules containing "content=" using a huge amount of CPU.
by dadaniel
Wed May 15, 2013 10:36 am
Forum: General
Topic: Accept connections from pptp clients rule?
Replies: 0
Views: 247

Accept connections from pptp clients rule?

Can you please give me a hint how to allow pptp clients to access the router via Winbox or Webfig (regardless of their ip range!) when the last firewall rule is "add action=drop chain=input comment=drop_all"?
by dadaniel
Thu Mar 28, 2013 11:47 am
Forum: General
Topic: ROS 5.24: simple queue 'target upload/download' bug
Replies: 1
Views: 681

ROS 5.24: simple queue 'target upload/download' bug

Hello, when entering both RxMaxLimit/TxMaxLimit and direction=both the rule works and is displayed ok. BUT if direction=upload it is displayed wrong and does not work! Please see attached screenshot (target upload is checked = ok, but download(!) value is displayed instead of upload). queue error.jpg
by dadaniel
Wed Feb 27, 2013 5:36 pm
Forum: General
Topic: 5.24 released!
Replies: 161
Views: 44046

Re: 5.24 released!

Hi, The target upload/download captions seem to be reversed in simple queue settings. Please see attached screenshot. Additionally it is not possible to set queues using terminal, for example: add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=upload disabled=no interface=ether1-mode...
by dadaniel
Mon Nov 26, 2012 5:25 pm
Forum: General
Topic: 5.22 released!
Replies: 104
Views: 47626

Re: 5.22 released!

by dadaniel
Wed Nov 07, 2012 4:33 pm
Forum: General
Topic: 5.21 released
Replies: 78
Views: 18917

5.21: config export error

/interface ethernet export file=if.rsc expected output: /interface ethernet set 0 name=ether1-modem set 1 name=ether2-wan1 set 2 name=ether3-wan2 master-port=ether2-wan1 set 3 name=ether4-wan3 master-port=ether2-wan1 set 4 name=ether5-lan actual output: /interface ethernet switch set 0 mirror-source...
by dadaniel
Wed Nov 07, 2012 3:32 pm
Forum: General
Topic: firewall filter rules: multiple SRC or DST adr or if?
Replies: 1
Views: 547

firewall filter rules: multiple SRC or DST adr or if?

I want to use multiple SRC or DST adresses or interfaces in one rule, until now I have to create a bunch of rules to get things working right... :(

Is this on the to-do list for future releases?
by dadaniel
Thu Jun 28, 2012 3:59 pm
Forum: General
Topic: show "To Addresses" in IP-Firewall-NAT?
Replies: 1
Views: 343

show "To Addresses" in IP-Firewall-NAT?

Is it possible to display a row displaying "To Addresses" in IP-Firewall-NAT?
by dadaniel
Thu Jun 28, 2012 3:54 pm
Forum: General
Topic: Firewall/Filter/PSD recognize DNS answers as UDP scan?
Replies: 1
Views: 587

Firewall/Filter/PSD recognize DNS answers as UDP scan?

When I set a filter rule with psd=20,3s,3,1 my DNS servers soon get blocked. When I enable psd only for TCP traffic all is ok.

Any ideas?
by dadaniel
Tue Jun 12, 2012 1:39 pm
Forum: General
Topic: upgrade v.3.25 to 5.17
Replies: 7
Views: 1915

Re: upgrade v.3.25 to 5.17

yes, you can. if you need any help, email support, we will help if any licensing issues arise. Sorry,but didn't find e-mail of support.So may I post message here? I downloaded routeros-4.17.It has 5 directories,1 .iso file and 4 files.Which of them I have to copy in Files of router? Alex This is th...
by dadaniel
Fri May 11, 2012 2:32 pm
Forum: General
Topic: is there a more simple way to count new connections?
Replies: 2
Views: 499

is there a more simple way to count new connections?

I found this one in the wiki, is there a way to do the same without the need for four rules? add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w chain=forward comment="put Src IP on blocklist after 4 new SSH connections in one minute" connection-state=new disabled=n...
by dadaniel
Thu Feb 23, 2012 11:09 pm
Forum: General
Topic: v5.14 released
Replies: 73
Views: 20558

Re: v5.14 released

Port flapping on RB750G seems to be fixed :)
by dadaniel
Wed Feb 22, 2012 11:11 pm
Forum: General
Topic: v5.13 released
Replies: 64
Views: 8188

Re: v5.13 released

Doesn't appear to be even acknowledged by MT as yet, even though there is more than one report of the issue mentioned on this topic.
has anybody written to support@? :)
Hello,

Thank you for reporting this with attached supout.rif file.
We will try to fix it as soon as possible.

Regards,...
by dadaniel
Wed Feb 15, 2012 5:59 pm
Forum: General
Topic: v5.13 released
Replies: 64
Views: 8188

Re: v5.13 released

When updated to 5.13 from 5.12 I have got a problem with interfaces going up and down in irregular intervals. It can be running fine for a long time and then more often then on minute apart go up and down up and down. I see the same behaviour, it seems that the interface stays up when a winbox conn...
by dadaniel
Mon Jan 23, 2012 5:33 pm
Forum: General
Topic: v5.12 released
Replies: 144
Views: 25014

Re: v5.12 released

Remove default configuration does not work anymore on RB750G. When you click on the button all settings seem to remain the same, interface names are not changed to ether1 and so on...

:(
by dadaniel
Thu Nov 10, 2011 11:46 am
Forum: General
Topic: UPnP and NAT-PMP
Replies: 13
Views: 6325

Re: UPnP and NAT-PMP

It would be great to have the same features as seen here in Tomato Firmware:
upnpnat.jpg
by dadaniel
Mon Sep 19, 2011 3:00 pm
Forum: General
Topic: RouterOS v5.7 released
Replies: 227
Views: 66999

Re: RouterOS v5.7 released

UPnP 'Forced external IP' is still broken (first IP of external Interface is used instead of the 'forced' one).
Sent supout and screenshots: Ticket#2011091666000168
by dadaniel
Wed May 18, 2011 12:45 pm
Forum: General
Topic: UPnP Dst. Address
Replies: 1
Views: 386

Re: UPnP Dst. Address

*bump* Is there any way to do this? :?:
by dadaniel
Sun May 15, 2011 12:59 am
Forum: General
Topic: [Solved] RB750G ROS 5.2 serious performance issue.
Replies: 15
Views: 2883

Re: RB750G ROS 5.2 100/100 Mbps link serious performance iss

This is a known problem with v5.2

switch back to the latest 4.x firmware and your problem is solved
by dadaniel
Thu May 05, 2011 4:09 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 204752

UPnP Dst. Address

I have multiple IPs on my external interface. I need to set the Dst. Address of the dst-nat made by UPnP, but I have not found a way to do this.

Thank you!
by dadaniel
Thu May 05, 2011 12:32 pm
Forum: General
Topic: DHCP Assigned and Deassigned
Replies: 8
Views: 12860

Re: DHCP Assigned and Deassigned

I have the same problem with 4.17 and RB750G.

Please help!
by dadaniel
Wed May 04, 2011 11:55 am
Forum: General
Topic: UPnP Dst. Address
Replies: 1
Views: 386

UPnP Dst. Address

I have multiple IPs on my external interface. Where can I set the Dst. Address UPnP should use?
by dadaniel
Mon May 02, 2011 11:28 pm
Forum: General
Topic: v5.2 released
Replies: 161
Views: 29515

Re: v5.2 released

5.2 still has the througput issue.
I am also having throughput issues with 5.2 on RB750G. I only get ~30Mbps of my 100Mbps connection. No problem with 4.17
by dadaniel
Mon May 02, 2011 11:18 pm
Forum: General
Topic: What the hell is going on (after upgrade to v5.1)
Replies: 11
Views: 1297

Re: What the hell is going on (after upgrade to v5.1)

I am having WAN to LAN throughput issues with 5.2 on RB750G. I only get ~30Mbps of my 100Mbps connection.
No problem with 4.17
by dadaniel
Fri May 14, 2010 11:52 pm
Forum: General
Topic: Dynamic Upnp rules, how long?
Replies: 8
Views: 1279

Re: Dynamic Upnp rules, how long?

Is there a solution now?