Community discussions

Search found 479 matches

  • 1
  • 2
by k6ccc
Wed Jul 12, 2017 7:02 pm
Forum: General
Topic: Mikrotik Portfoward
Replies: 1
Views: 290

Re: Mikrotik Portfoward

by k6ccc
Wed Jul 12, 2017 5:31 pm
Forum: Beginner Basics
Topic: CCQ % vs SNR
Replies: 7
Views: 1475

Re: CCQ % vs SNR

I don't know specifically about the Mikrotik equipment, but a lot of 802.11 equipment is only looking for other 802.11 interference. There are many other types of radio signals on those frequencies that will cause interference to an 802.11 signal, but not register. For example, wireless audio or vid...
by k6ccc
Wed Jul 12, 2017 6:06 am
Forum: Beginner Basics
Topic: CCQ % vs SNR
Replies: 7
Views: 1475

Re: CCQ % vs SNR

My guess is that the link is being interfered with.
by k6ccc
Wed Jul 12, 2017 12:45 am
Forum: SwOS
Topic: problem in ping RB260GS
Replies: 3
Views: 665

Re: problem in ping RB260GS

I assume you mean pinging some device through the RB260GS, as opposed to pinging the RB260GS itself? I say that because I was able to duplicate what you saw, while pinging an Open-Mesh access point that was connected to my RB260GS; but the max ping size while pinging the RB260GS itself was a little ...
by k6ccc
Tue Jul 11, 2017 11:02 pm
Forum: Beginner Basics
Topic: No WebFig for MPLS?
Replies: 3
Views: 512

Re: No WebFig for MPLS?

Shows up on both a RB750r2 running 6.38.5 and a RB750Gr3 running 6.39.2 - right between IP and Routing.
by k6ccc
Sun Jul 09, 2017 11:36 pm
Forum: Beginner Basics
Topic: how to configuration mikrotik hex rb750gr2 between router and wifi extender
Replies: 7
Views: 1498

Re: how to configuration mikrotik hex rb750gr2 between router and wifi extender

You need to tell us what you want the RB750 to do. As your drawing shows, the RB750 serves no useful purpose. As idlemind said, if you can make the ADSL modem behave as a bridge, then the RB750 could (or would) serve as your router with all the intelligence that a router needs. That BTW is how both ...
by k6ccc
Fri Jul 07, 2017 10:30 pm
Forum: Beginner Basics
Topic: Firewall chains for list of interfaces
Replies: 11
Views: 2665

Re: Firewall chains for list of interfaces

I think you are making it far more complex than you need to. I'm doing something similar at my house. I have a wired LAN that is used for most of my stuff. Additionally I have a completely separate LAN that is used for my private WiFi, and a third LAN that is used for my "public" WiFi. All three LAN...
by k6ccc
Fri Jul 07, 2017 9:09 pm
Forum: Beginner Basics
Topic: Firewall chains for list of interfaces
Replies: 11
Views: 2665

Re: Firewall chains for list of interfaces

First of all, I would suggest some organization. You have forward chain rules and input chain rules all mixed together. It will work that way, but sure makes it harder to read for us human beings. Firewall rules are handled in the order that they are listed. In the code extract below, since the firs...
by k6ccc
Fri Jul 07, 2017 6:44 pm
Forum: Beginner Basics
Topic: Firewall chains for list of interfaces
Replies: 11
Views: 2665

Re: Firewall chains for list of interfaces

Without you posting your configuration, we can only guess. From that we can tell what you are doing to get traffic onto different chains (among other stuff). Use the command:
/export hide-sensitive
by k6ccc
Fri Jun 30, 2017 9:37 pm
Forum: Announcements
Topic: v6.39.2 [current]
Replies: 122
Views: 35039

Re: v6.39.2 [current]

Upgraded my RB-750Gr3 from ver. 6.39.1 to 6.39.2 this morning and so far no problems. I'll do the RB-750r2 sometime overnight.
by k6ccc
Thu Jun 29, 2017 9:11 pm
Forum: General
Topic: Winbox: can log in from one computer but not another
Replies: 3
Views: 373

Re: Winbox: can log in from one computer but not another

Verify that there are not restrictions on the IP addresses that can access the login account. I just verified that one with one of my RB-750 routers. I have a backup admin account that has a very restrictive list of IP addresses that are allowed to use that account. I tried to log on from a differen...
by k6ccc
Fri Jun 23, 2017 6:08 pm
Forum: Beginner Basics
Topic: whole site can not access HTTPS websites
Replies: 5
Views: 1406

Re: whole site can not access HTTPS websites

I am assuming you are asking for the rif files? but in truth if it not i need to know what you are asking. but i do not see how attach them. Execute the command /export hide-sensitive Then copy and paste that into a message post on the forum. If you look at all the formatting items above the text e...
by k6ccc
Thu Jun 22, 2017 11:36 pm
Forum: Beginner Basics
Topic: whole site can not access HTTPS websites
Replies: 5
Views: 1406

Re: whole site can not access HTTPS websites

Post your configuration or else we can't really help you.
by k6ccc
Thu Jun 22, 2017 6:11 am
Forum: General
Topic: Is it possible to run a script on login?
Replies: 44
Views: 15050

Re: Is it possible to run a script on login?

Thia is mine. This is a variation of the code posted on 17 December 2014 by skot # BEGIN SETUP :local scheduleName "Send Login alert" :local emailAddress1 "<redacted>.com" :local emailAddress2 "<redacted>.org" :local startBuf [:toarray [/log find message~"logged in" || message~"login failure" || mes...
by k6ccc
Wed Jun 21, 2017 11:58 pm
Forum: General
Topic: Is it possible to run a script on login?
Replies: 44
Views: 15050

Re: Is it possible to run a script on login?

Mine works fine on every version 6.x that I have loaded. I will post mine when I get to a computer.


Sent from my phone using Tapatalk, so blame any typos on Android!
by k6ccc
Sat Jun 17, 2017 2:07 am
Forum: General
Topic: Mikrotik Transceiver over Cisco SW (SFP & SFP+)
Replies: 3
Views: 655

Re: Mikrotik Transceiver over Cisco SW (SFP & SFP+)

Never worked with a Cisco switch, but the HP switches I have are very picky about what SFPs will work in them. I would suspect you are running into a similar situation. I did discover that a a couple SFPs that I bought to try in the HP 2610-48 (unsuccessfully), worked just fine in a RB260GS. :D
by k6ccc
Fri Jun 16, 2017 5:15 pm
Forum: Beginner Basics
Topic: firewall filter rule !=5900
Replies: 1
Views: 305

Re: firewall filter rule !=5900

I use VNC a lot so I recognized that port number instantly! As for which chain to use, the Input chain is for traffic that is inbound to the router and NOT passing through it (such as a WinBox or SSH connection to the router itself); the Output chain is for traffic that is generated by the router it...
by k6ccc
Thu Jun 15, 2017 4:49 pm
Forum: Beginner Basics
Topic: Cant forward ports to https website
Replies: 2
Views: 408

Re: RE: Cant forward ports to https website

Hi, we have a website in our server, that is accessible in LAN only by https (port 443, right?). How can we access it from wan side? I know port forwarding on Mikrotik, but cant solve this. Thanks Add a DST-NAT with destination port of 443 and a target of the NAT to the IP of your server. You will ...
by k6ccc
Wed Jun 14, 2017 8:20 pm
Forum: General
Topic: Accidentally disabled ethernet interface
Replies: 6
Views: 1264

Re: Accidentally disabled ethernet interface

One more question - what hardware are you using?
by k6ccc
Wed Jun 14, 2017 8:19 pm
Forum: General
Topic: Accidentally disabled ethernet interface
Replies: 6
Views: 1264

Re: Accidentally disabled ethernet interface

My problem is that I can't access router and internet connection 1) Are you at the location where the router is located or trying to access it remotely via the internet? 2) Is my assumption in my first response correct about your general configuration? If NOT, give us details. 3) If you are local, ...
by k6ccc
Wed Jun 14, 2017 7:55 pm
Forum: General
Topic: Problem with cable or what?
Replies: 3
Views: 715

Re: Problem with cable or what?

My first suggestion would be to eliminate a cable issue by temporarily moving the HAP lite into the same location as the RB951 and use a known good short cable in place of the 30M installed cable. If the HAP Lite and any downstream computer work OK in that configuration, I would assume a problem wit...
by k6ccc
Wed Jun 14, 2017 7:45 pm
Forum: General
Topic: Accidentally disabled ethernet interface
Replies: 6
Views: 1264

Re: Accidentally disabled ethernet interface

Give us a little more detail. I'm making an assumption that this router has one internet "WAN" connection, and multiple local LAN connections. Assuming this is the case, is this a router at a remote location that you are accessing via the internet, and you disabled the internet connection? If that's...
by k6ccc
Wed Jun 14, 2017 6:02 pm
Forum: Beginner Basics
Topic: Port forwarding not working
Replies: 4
Views: 1033

Re: Port forwarding not working

Is your ISP blocking ports?
by k6ccc
Wed Jun 14, 2017 4:33 pm
Forum: Beginner Basics
Topic: Block DST-NAT RDS Users
Replies: 10
Views: 1596

Re: Block DST-NAT RDS Users

I guess we're trying to figure out what you're trying to accomplish. If you want people to use the non-standard port, then DST-NAT that port, and don't DST-NAT the standard port. Without a DST-NAT, incoming traffic to 3389 is not going anywhere without you doing anything. I don't see why you think y...
by k6ccc
Tue Jun 13, 2017 5:57 pm
Forum: Beginner Basics
Topic: Block DST-NAT RDS Users
Replies: 10
Views: 1596

Re: Block DST-NAT RDS Users

I agree that you are missing telling us something. Assuming users are connecting to the WAN IP on port 3345 and are forwarded to the standard port 3389 to an internal RDS server. If you don't want people connecting from the internet via the standard port, then don't NAT forward it, and they wont get...
by k6ccc
Thu Jun 08, 2017 11:14 pm
Forum: Beginner Basics
Topic: little LOG bugfix
Replies: 2
Views: 376

Re: little LOG bugfix

If I counted your screen capture right, that allowed 31 characters (can't say that I had ever counted that before). It's supposed to be the log PREFIX - not the entire log entry. 31 characters seems overly generous in my humble opinion.
by k6ccc
Wed Jun 07, 2017 9:27 pm
Forum: General
Topic: Mikrotik Initial Setup
Replies: 9
Views: 1106

Re: Mikrotik Initial Setup

Thank you for including your config - it makes it so much easier to understand! I'm not sure I understand what you are trying to do. Is this router intended to be in a somewhat normal configuration with a "WAN" port connected to your ISP and your clients connected to "LAN" port? That's not how you a...
by k6ccc
Wed Jun 07, 2017 9:05 pm
Forum: Wireless Networking
Topic: Drone plane Wireless network
Replies: 3
Views: 538

Re: Drone plane Wireless network

You don't say where you are. Around here getting 30 KM range on 2.4 GHz would be hopelessly unrealistic because of other traffic on the channels. If that's NOT an issue where you are, then 2.4 GHz would likely work better than 5 GHz. I'll leave the other answers to people better suited to them.
by k6ccc
Wed Jun 07, 2017 7:24 am
Forum: Scripting
Topic: "startup" script runs too early
Replies: 13
Views: 1723

Re: "startup" script runs too early

K6ccc@amsat.org

Sent from my phone using Tapatalk, so blame any typos on Android!
by k6ccc
Wed Jun 07, 2017 6:54 am
Forum: Scripting
Topic: "startup" script runs too early
Replies: 13
Views: 1723

Re: "startup" script runs too early

Used to be SCE, now elsewhere. PM me a direct contact so we can chat.

Sent from my phone using Tapatalk, so blame any typos on Android!
by k6ccc
Wed Jun 07, 2017 2:01 am
Forum: Scripting
Topic: "startup" script runs too early
Replies: 13
Views: 1723

Re: "startup" script runs too early

Leave it to the HAM's to understand. :)
That's almost exactly what I use. It works, and you can delay as long as you need.

BTW - K6DJJ here, Rancho Cucamonga, CA :)
Yep. easy script and it works great.

And congrats on your new callsign issued today!
by k6ccc
Tue Jun 06, 2017 11:21 pm
Forum: Scripting
Topic: "startup" script runs too early
Replies: 13
Views: 1723

Re: "startup" script runs too early

Here is the first two lines of my startup script:

:log info "Starting System Startup script"
:delay 00:00:20

Note that all this script does is send me an E-Mail that lets me know that the router has booted.
by k6ccc
Tue Jun 06, 2017 10:41 pm
Forum: General
Topic: Remove Quick Set from the home page?
Replies: 23
Views: 2803

Re: Remove Quick Set from the home page?

What do you mean the "Quick Set Page comes up every time we login"? Are you logging in via Winbox, WebFig, SSH? WebFig. In the latest version the QuickSet page has been moved to a separate "tab" and a browser cookie remembers the last selected tab, but I still think there should be an option to dis...
by k6ccc
Tue Jun 06, 2017 10:11 pm
Forum: General
Topic: Remove Quick Set from the home page?
Replies: 23
Views: 2803

Re: Remove Quick Set from the home page?

After configuration, the Quick Set page still comes up every time we login to the device, with fields marked red and a button "apply configuration" lurking to destroy the setup. I fear a bit that one time it will be used to accidentally destroy the configuration. What do you mean the "Quick Set Pag...
by k6ccc
Tue Jun 06, 2017 2:22 am
Forum: Beginner Basics
Topic: Mikrotik to Mikrotik winbox port forwarding
Replies: 7
Views: 2103

Re: Mikrotik to Mikrotik winbox port forwarding

Hi, I am having a problem with port forwarding from mikrotik to mikrotik to open winbox interface. I have my public IP and when I enter <publicip>:8291 it enters my main mikrotik router, but when I enter <public ip>:8295 with nat rule to forward it to my <mikrotik internal ip>:8291 it cannot connec...
by k6ccc
Sun Jun 04, 2017 11:40 pm
Forum: Beginner Basics
Topic: Second Mikrotik IP address
Replies: 14
Views: 1322

Re: RE: Re: Second Mikrotik IP address

The purpose, for the third time, is to find out what IP address a second mikrotik takes if the first one uses the default 192.168.88.1. Since you have to configure the hAP AC before it can be used you have to have an IP to connect to it to configure it. 192.168.88.1 As far as I know, when using the...
by k6ccc
Thu Jun 01, 2017 6:14 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 574
Views: 419521

Re: Public-Mikrotik-Bandwidth-Test-Server(s)

BTW, ignore my typo of the IP address that I'm using for my testing. I really am using 50.235.23.218
by k6ccc
Tue May 30, 2017 9:48 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 574
Views: 419521

Re: Public-Mikrotik-Bandwidth-Test-Server(s)

First of all, thanks guys for offering these bandwidth tests. I'm trying to set this up as a script with the output to a file which will then be E-Mailed to me. The idea being that once a day, the router will perform the test. If I see substantial changes in performance, I can investigate. For testi...
by k6ccc
Tue May 30, 2017 8:10 pm
Forum: SwOS
Topic: SwOS: Is a trunk port with native (untagged) vlan possible?
Replies: 8
Views: 2968

Re: SwOS: Is a trunk port with native (untagged) vlan possible?

BTW, the screen captures that are linked in the previous post will be back in a day or so. I'm moving websites to a new internet service and this one has not been moved yet. Should happen soon. If someone can't wait, I can move them to one of the websites that has moved, or E-Mail them to you.
by k6ccc
Tue May 30, 2017 7:51 pm
Forum: Beginner Basics
Topic: New MikroTik user struggling with port forwarding
Replies: 14
Views: 1498

Re: New MikroTik user struggling with port forwarding

You can also set in-interface to your wan interface if you have dynamic ip. There are a lot of options in configuring the firewall. Actually I DID have both the destination IP and In-Interface when I had the traffic coming into my static DSL internet connection. However as part of moving stuff over...
by k6ccc
Mon May 29, 2017 8:10 am
Forum: Beginner Basics
Topic: New MikroTik user struggling with port forwarding
Replies: 14
Views: 1498

Re: New MikroTik user struggling with port forwarding

If you have dynamic WAN address, it's good idea to use dst-address-type=local for dstnat rules. If you don't set any specification for dst address, it will dstnat all connections, even outgoing ones, so you won't be able to connect to port 8123 anywhere else. There's a good chance you won't ever ne...
by k6ccc
Sat May 27, 2017 6:30 am
Forum: SwOS
Topic: SwOS: Is a trunk port with native (untagged) vlan possible?
Replies: 8
Views: 2968

Re: SwOS: Is a trunk port with native (untagged) vlan possible?

Sorry for the delay in posting this - been a busy week! Here is screen captures of the VLAN and VLANs tab of my RB260GS. The trunk is the one labeled as Garage trunk and is using the SFP port at 1Gb/s (I don't need GB for this, but had a SFP floating around that I wanted to try). The port labeled as...
by k6ccc
Sat May 27, 2017 5:42 am
Forum: Beginner Basics
Topic: can't ping interface same router
Replies: 1
Views: 588

Re: can't ping interface same router

Is that ALL the firewall rules that you have? If that's the case, neither is needed since the default is to accept anything that makes it to the end of the forward chain. If you do have a "Drop anything that makes it this far" rule at the end of the forward chain (which you should), you are not allo...
by k6ccc
Wed May 24, 2017 8:43 pm
Forum: General
Topic: Unable to bandwidth
Replies: 5
Views: 758

Re: Unable to bandwidth

What hardware? I ran into the same thing a few weeks ago. I later found if I remember right that the speed test will use all CPU cores EXCEPT one. That means that if you have a single CPU router, it can't​ do a speed test. I recently added a dual CPU router and it will work to an external speed test...
by k6ccc
Wed May 24, 2017 5:01 am
Forum: Beginner Basics
Topic: 3 LANs on one router
Replies: 3
Views: 462

Re: 3 LANs on one router

Thanks router will amazingly enough, ROUTE between the LANs unless you block it with firewall rules.


Sent from my phone using Tapatalk, so blame any typos on Android!
by k6ccc
Tue May 16, 2017 2:06 am
Forum: SwOS
Topic: SwOS: Is a trunk port with native (untagged) vlan possible?
Replies: 8
Views: 2968

Re: RE: Re: SwOS: Is a trunk port with native (untagged) vlan possible?

Does the CSS326 support this? I have the exact same setup as k6ccc (probably the same access point brand :) ) and planning on getting a CSS326. Which access points are you using? Mine are from Open-Mesh. Very happy with them. And now that I'm completed with the 90th birthday parties for my Dad that...
by k6ccc
Wed May 10, 2017 2:28 am
Forum: SwOS
Topic: SwOS: Is a trunk port with native (untagged) vlan possible?
Replies: 8
Views: 2968

Re: SwOS: Is a trunk port with native (untagged) vlan possible?

I'm doing essentially exactly what you are trying to do, but I'm doing it on a RB260GS with Ver. 1.6 firmware. I can't look at my config as I'm at work and my internet is down at home right now. This evening I will take a look at how I did it. In my situation, I have a cloud managed WiFi access poin...
by k6ccc
Tue May 09, 2017 11:15 pm
Forum: Beginner Basics
Topic: How i can login in APs that have vlan?
Replies: 4
Views: 579

Re: How i can login in APs that have vlan?

sorry brother , i am not very good in network as you , i am a beginner so would you mind telling me what i should do step by step ? Sorry, I can't help you with details on your specific equipment as you are doing it quite differently than I am. I was hoping that my example would give you enough hin...
by k6ccc
Sun May 07, 2017 11:08 pm
Forum: Beginner Basics
Topic: How i can login in APs that have vlan?
Replies: 4
Views: 579

Re: How i can login in APs that have vlan?

I have a somewhat similar situation to you, and have no problem connecting. I believe most of your problem is that your computer or phone knows absolutely nothing about VLANs, so it needs to be connected via a port that is on the correct VLAN, but is NOT a trunked port. In my case it is a managed sw...
by k6ccc
Sun May 07, 2017 2:05 am
Forum: General
Topic: STOP WINBOX DISCOVERY
Replies: 5
Views: 1326

Re: STOP WINBOX DISCOVERY

@k6ccc - What is the bottom flag in your profile pic? The bottom one is an Army National Guard flag. At the time I put the flag pole up, a niece and here husband were living with us. He was an Army National Guard member and was activated and deployed to Afghanistan. During the time he was deployed,...
by k6ccc
Fri May 05, 2017 8:43 pm
Forum: General
Topic: [Possible virus/bug] Terminal, User and many other settings became unavailable (Terminal not allowed (9))
Replies: 9
Views: 2415

Re: [Possible virus/bug] Terminal, User and many other settings became unavailable (Terminal not allowed (9))

Sorry you got hacked. Several things can be done to make it harder for an internet based address to attack your router. Here are a few suggestions: 1) Of course if you don't need remote access, simply firewall any access from your internet port in the input chain completely. 2) If you do need remote...
by k6ccc
Thu May 04, 2017 5:30 pm
Forum: General
Topic: STOP WINBOX DISCOVERY
Replies: 5
Views: 1326

Re: STOP WINBOX DISCOVERY

Use a non-standard port for WinBox on the router or routers. User firewall rules to drop access from the internet. If you need internet access to the router, use something like port knocking to enable access as needed.
by k6ccc
Thu May 04, 2017 5:24 pm
Forum: General
Topic: Log
Replies: 2
Views: 292

Re: Log

any help ???
With what? Your first post only said "Thanks"

We're not mind readers. What's the problem that you are looking for help with?
by k6ccc
Tue Apr 18, 2017 6:19 am
Forum: Beginner Basics
Topic: Basic Help with routerBOARD
Replies: 3
Views: 518

Re: Basic Help with routerBOARD

You are asking about RouterOS questions on the SwitchOS section of the forum. You will likely get a better response by posting in the Beginner Basics section of the forum.
by k6ccc
Tue Apr 18, 2017 6:13 am
Forum: Beginner Basics
Topic: [Solved] How to set up two subnets on one router?
Replies: 7
Views: 2691

Re: How to set up two subnets on one router?

This is very easy to do. I have as many as five LANs on one of my RB750s at home. However I'm not in a position to look at my configuration to compare to yours at this time.
by k6ccc
Wed Apr 05, 2017 2:41 am
Forum: General
Topic: Can Mikrotik OS Handle such idea!!
Replies: 7
Views: 791

Re: Can Mikrotik OS Handle such idea!!

You would need to move the server to site 2, or a larger link from site 1 to site 2.
by k6ccc
Thu Mar 30, 2017 12:54 am
Forum: General
Topic: Forum functions
Replies: 5
Views: 565

Re: Forum functions

Only partially. Oh well...
Still have to look at the thread to see if there is a subject change. I have seen that used on this forum.
by k6ccc
Thu Mar 30, 2017 12:53 am
Forum: General
Topic: Forum functions
Replies: 5
Views: 565

Re: Forum functions - RESOLVED!

Let's see if this works right....

Does not do the points part, but makes it obvious..
by k6ccc
Thu Mar 16, 2017 11:08 pm
Forum: Beginner Basics
Topic: dst-nat in NAT doesn't appear to be working
Replies: 5
Views: 731

Re: dst-nat in NAT doesn't appear to be working

Did you create a firewall rule to allow the destination address to be reached? Building the NAT does not automatically open the port in the firewall. You can BTW create a firewall rule that will allow any NATted port through the firewall without having to explicitly specifying it (although I persona...
by k6ccc
Tue Feb 28, 2017 12:57 am
Forum: Beginner Basics
Topic: WOL from WAN
Replies: 20
Views: 9011

Re: RE: Re: WOL from WAN

Once you are logged on the the router you don't need any script because you can use the command: /tool wol interface=aaaa mac=xx:xx:xx:xx:xx:xx However, when you want to send a WOL command from somewhere else, it is a bit more tricky. Yes I know I can just type the command, but I can assure you tha...
by k6ccc
Mon Feb 27, 2017 10:56 pm
Forum: Beginner Basics
Topic: WOL from WAN
Replies: 20
Views: 9011

Re: WOL from WAN

I have a short script built that sends a WOL packet to a particular computer. If I need to activate the WOL, I SSH into the router and call up the script. The script also includes a log entry so I can tell if I (or someone else) activates the script.
by k6ccc
Sat Feb 25, 2017 2:04 am
Forum: General
Topic: Weird issue with network scanning
Replies: 4
Views: 351

Re: Weird issue with network scanning

Let's start by asking you to describe your network. What router, and what is the general network layout. Once we know that, we might be able to ask more specific questions.
by k6ccc
Thu Feb 23, 2017 2:31 am
Forum: Beginner Basics
Topic: I can't access my DRV by the external link
Replies: 4
Views: 446

Re: I can't access my DRV by the external link

First step is to connect to the DVR from inside your firewall in order to rule out some other issue. I had a similar issue with Windows updates breaking access to my DVR. Problem had nothing to do with the firewall. Took some very specific changes in security settings for Active X in Internet Explor...
by k6ccc
Sun Feb 19, 2017 8:44 am
Forum: Beginner Basics
Topic: Cannot Reinstall Router OS on RB450G
Replies: 3
Views: 468

Re: Cannot Reinstall Router OS on RB450G

- Major snip - But today I locked myself out of my RB450G by setting the IP Address for a device on my network to the same IP as my laptop (which is the only widows device I have configured with winbox that has access to my RB450G) by accident, so I need to start with a fresh install and restore my...
by k6ccc
Thu Feb 09, 2017 8:49 pm
Forum: SwOS
Topic: RB260GS removed from production?
Replies: 1
Views: 673

Re: RB260GS removed from production?

It's still on the Mikrotik website with no indication of it going away. I have plans for at least one more at home (where I also have no need for POE), so I hope they are not going away. The vendor in the U.S.A. that I bought mine from shows them out of stock with expected delivery in May. Checked s...
by k6ccc
Wed Feb 08, 2017 2:45 am
Forum: General
Topic: SNTP not working
Replies: 19
Views: 3506

Re: SNTP not working

For what it's worth, I do not get a ping response from us.pool.ntp.org, but I do get a ping response from both IPs you listed. I'm trying this from a PC in southern California, USA. I looked at both of my RB750s and I have 50.22.155.163 and 131.107.13.100, and no DNS name. Both show the active serve...
by k6ccc
Tue Feb 07, 2017 6:31 pm
Forum: Beginner Basics
Topic: Remote access to 750gl
Replies: 3
Views: 478

Re: Remote access to 750gl

Glad you got it working, but from a security standpoint, that scares me. If you are going to allow all addresses on the internet to access the router, at the very least, change the services port to a non-standard port. WinBox will happily connect to non-standard ports - and ALWAYS use secure mode. A...
by k6ccc
Tue Feb 07, 2017 6:10 pm
Forum: General
Topic: Routing problem? It should work but it doesn't!
Replies: 7
Views: 796

Re: Routing problem? It should work but it doesn't!

You imply that traffic connected to the bridge do work, but only this one non-bridge port is not working. Carefully compare the rules and settings for the working ports and the non-working port. I'll bet you find something that is different and preventing. If that does not help, I would also suggest...
by k6ccc
Wed Feb 01, 2017 6:50 pm
Forum: General
Topic: excessive broadcast/multicast,probably a loop
Replies: 6
Views: 1791

Re: excessive broadcast/multicast,probably a loop

What are those ports connected to?
Are they on the LAN or VLAN?
by k6ccc
Tue Jan 24, 2017 1:33 am
Forum: Beginner Basics
Topic: IP Address Conflict
Replies: 3
Views: 1359

Re: IP Address Conflict

Could you have two DHCP servers that are serving addresses in the same IP range? That's the most common reason for having multiple devices with the same IP address. If it was just one, IP, I would expect a device mis-configured, but it looks like you have several duplicates. Oh, I didn't catch that ...
by k6ccc
Tue Jan 24, 2017 1:26 am
Forum: Beginner Basics
Topic: How to Port Forward from Dynamic WAN IP to Internal Address
Replies: 5
Views: 1463

Re: How to Port Forward from Dynamic WAN IP to Internal Address

Do you have a firewall rule that is preventing the external traffic from getting to the server?
by k6ccc
Thu Jan 19, 2017 11:13 pm
Forum: RouterBOARD hardware
Topic: Choosing Mikrotik HW for my house
Replies: 12
Views: 2457

Re: Choosing Mikrotik HW for my house

k6ccc I want 1000mbit router not just because of internet speed ... but because I use 1000mbit at my network, mostly for NAS and file share. I can put after 100mbit router 1000mbit switch and do not use other LAN ports on router though :). At the moment, that's what I do. I use the routers strictly...
by k6ccc
Thu Jan 19, 2017 9:06 pm
Forum: RouterBOARD hardware
Topic: Choosing Mikrotik HW for my house
Replies: 12
Views: 2457

Re: Choosing Mikrotik HW for my house

I would agree that in your case using a separate router vs WiFi makes a huge amount of sense (usually does in my opinion). I am using a pair of RB750r2 routers (I'm weird and have 7 LANS). The 100mb routers are fine for me since my internet is only DSL at 2.5mb, but since you have the higher interne...
by k6ccc
Thu Jan 19, 2017 6:01 pm
Forum: General
Topic: Important bug in Winbox 3.8 and 3.9
Replies: 5
Views: 546

Re: Important bug in Winbox 3.8 and 3.9

Unable to duplicate on one of my RB750r2 routers running 6.38 OS and accessing with WinBox 3.9
Worked perfectly.
by k6ccc
Thu Jan 19, 2017 5:38 pm
Forum: Beginner Basics
Topic: DHCP Hates Me
Replies: 19
Views: 1658

Re: DHCP Hates Me

Assuming that ether1 is your WAN port and all other ports are on the LAN side (that would be a "normal" configuration - and your port names suggest that), port ether2 should be it's own master, and all other ports EXCEPT ether1 should have ether2 as their master. If that first part did not make sens...
by k6ccc
Tue Jan 17, 2017 9:33 pm
Forum: Beginner Basics
Topic: Help! Need some advice regarding VLANs in RB750GL
Replies: 4
Views: 486

Re: Help! Need some advice regarding VLANs in RB750GL

There is no need to use a bridge at all. While I will agree that you could do it as SteloNLD suggested, that seems overly complex. Just running a couple VLANs would be easy. If you had managed switches, you would not even need the routers at all, although of course the router adds capability and wil...
by k6ccc
Tue Jan 17, 2017 1:39 am
Forum: Beginner Basics
Topic: Help! Need some advice regarding VLANs in RB750GL
Replies: 4
Views: 486

Re: Help! Need some advice regarding VLANs in RB750GL

Yes, VLANs would make that easy. However I'm on my phone right now and there is no way I would even try to type up details on setting it up from my phone. Check out VLAN in the Wiki. If you can't figure it out, ask and I'll point you in the right direction. Sent from my Droid Turbo via Tapatalk, so ...
by k6ccc
Fri Jan 13, 2017 11:53 pm
Forum: Beginner Basics
Topic: DHCP Server does not work
Replies: 12
Views: 1556

Re: DHCP Server does not work

Why is your WAN port your Master port for every interface?
I'm glad someone brought that up. That did not look right to me either, but as I've stated, I don't use a Master Port on either of my routers.
by k6ccc
Thu Jan 12, 2017 10:17 pm
Forum: Beginner Basics
Topic: DHCP Server does not work
Replies: 12
Views: 1556

Re: DHCP Server does not work

Well, you've got me then. As I said, I know very little about having more than one port on any given LAN as I don't do that at all. Someone who does so will have to answer.
by k6ccc
Thu Jan 12, 2017 5:50 am
Forum: Beginner Basics
Topic: DHCP Server does not work
Replies: 12
Views: 1556

Re: DHCP Server does not work

But it does not indicate if any port is a master (other than the name - which can be anything).
by k6ccc
Wed Jan 11, 2017 8:09 pm
Forum: General
Topic: How to block inter vlan routing
Replies: 1
Views: 3376

Re: How to block inter vlan routing

That's easy. Create firewall rules to drop packets from one VLAN to another. For example: chain=forward action=drop in-interface=E3-p5_201 out-interface=VLAN_205 log=no log-prefix="" chain=forward action=drop in-interface=VLAN_205 out-interface=E3-p5_201 log=no log-prefix="" The first line will drop...
by k6ccc
Wed Jan 11, 2017 7:16 pm
Forum: Beginner Basics
Topic: DHCP Server does not work
Replies: 12
Views: 1556

Re: DHCP Server does not work

Hmm, just to be clear: where did you notice that I am allowing DHCP server just on port 1 (which is my master port)? Maybe I missed something :? None of the code segments that you included specified that port 1 was a master port (unless I missed it) other than the name you gave it, but the name can...
by k6ccc
Wed Jan 11, 2017 1:23 am
Forum: Beginner Basics
Topic: DHCP Server does not work
Replies: 12
Views: 1556

Re: DHCP Server does not work

I'm trying to compare your data to one of my routers, and in some cases getting some radically different screens, so I may be missing something here. Also note the router that I'm comparing to is used as a router and not a switch or bridge - all VLANs appear on one port only. I have never used a Mik...
by k6ccc
Mon Jan 09, 2017 5:49 pm
Forum: SwOS
Topic: Software ID Change Frequently
Replies: 1
Views: 1187

Re: Software ID Change Frequently

For starters, what hardware?
You asked this in the Switch OS portion of the forum, but I rather suspect you are talking about a router and not a switch based on the software version.
by k6ccc
Wed Jan 04, 2017 7:12 pm
Forum: Beginner Basics
Topic: SSH Out to non standard port
Replies: 6
Views: 1062

Re: SSH Out to non standard port

Sorry, I did not understand what you were trying to do. Can't help you with what you are trying to do.
by k6ccc
Wed Jan 04, 2017 6:31 pm
Forum: Beginner Basics
Topic: SSH Out to non standard port
Replies: 6
Views: 1062

Re: SSH Out to non standard port

I'm a little confused about what you are trying to do, so let me make sure I have it right. You have a RouterOS based router that you want to control via SSH on a non-standard port. That router is behind some other router that is doing NAT. Do I have that right? If that's the case, that's easy. In y...
by k6ccc
Tue Nov 01, 2016 5:30 pm
Forum: General
Topic: Allow Ethernet interface with specific MAC address only
Replies: 13
Views: 5376

Re: Allow Ethernet interface with specific MAC address only

Is there a reason not to just use "Src MAC Address" (on the Advanced tab when using WinBox) as part of a firewall rule?
by k6ccc
Thu Oct 27, 2016 2:30 am
Forum: General
Topic: protect from clients infected
Replies: 3
Views: 509

Re: protect from clients infected

I don't think so... The criteria for your rule is if the inbound packet is not on the address list Client-Infected, and from the interface ether5. Your action is to add that source IP to the address list Client-Infected, with no time out. The result is that all input packets on ether-5 will meet the...
by k6ccc
Wed Oct 26, 2016 6:09 pm
Forum: Beginner Basics
Topic: I would like to filter through cameras at the door 2 for mac address
Replies: 2
Views: 391

Re: I would like to filter through cameras at the door 2 for mac address

Saw what? Let's start off with what hardware and firmware are you using. Second, what is it you are actually trying to do? Setting up a filter based on a specific MAC or IP is easy enough, but I'm not really understanding what you are trying to accomplish. A little more detail please.
by k6ccc
Tue Oct 25, 2016 9:07 pm
Forum: Beginner Basics
Topic: MikroTik port forward problem
Replies: 9
Views: 1270

Re: MikroTik port forward problem

OK, I've got it - that is I think I understand your problem. If I have it right, inbound traffic to your web server is working fine with the port forwarding. What is the problem is that from the server you can't get to any other website. If that's the case, I know exactly what is happening. Your por...
by k6ccc
Tue Oct 25, 2016 8:36 pm
Forum: Beginner Basics
Topic: MikroTik port forward problem
Replies: 9
Views: 1270

Re: MikroTik port forward problem

Confirming that your web server is operating on port 3399, but you want it to be accessed from public port 80? The fact that disabling rule 2 causes it to work, tells me that your web server is not operating on the port you think it's on. Or I'm not understanding what you are trying to do. Also, do ...
by k6ccc
Wed Oct 19, 2016 12:57 am
Forum: Beginner Basics
Topic: RB750 & VLANs With HP Switch-Inter VLAN Communication
Replies: 3
Views: 1472

Re: RB750 & VLANs With HP Switch-Inter VLAN Communication

That's close to the way I do it. In my data cabinet, I have two RB750r2 routers and a HP 2610-48 switch. There are eight VLANs in use in the switch. Six of the VLANs appear in router #1, and five of the VLANs appear in router #2. Since the routers only have five physical ports, I had to combine two ...
by k6ccc
Fri Oct 14, 2016 6:23 pm
Forum: Wireless Networking
Topic: p2p link in same room
Replies: 4
Views: 617

Re: p2p link in same room

Try actually reading the documentation instead of asking the forum simple questions. You might learn something that way. I don't have any MikroTik WiFi so I don't know the settings off the top of my head. I looked it up on the Wiki. It took me less than 30 seconds to find the answer. Why don't you t...
by k6ccc
Thu Oct 13, 2016 4:01 am
Forum: Beginner Basics
Topic: DHCP Server Routing
Replies: 14
Views: 1569

Re: DHCP Server Routing

It's a router - it will happily route between the LANs unless you put in firewall rules to prevent it.


Sent from my Droid Turbo via Tapatalk, so blame any typos or spelling errors on Android
by k6ccc
Thu Oct 13, 2016 3:49 am
Forum: Beginner Basics
Topic: Wireless coverage without roaming
Replies: 10
Views: 1313

Re: Wireless coverage without roaming

Similar comment to ZeroByte. Roaming with equipment that is designed for it can work very well. I'm using Open Mesh nodes very at my house with great results. Three of the nodes are wired gateways, and the other two are mesh nodes. As my kids tell me, I've got the best WiFi of anyone they know - now...
by k6ccc
Fri Sep 16, 2016 1:57 am
Forum: Beginner Basics
Topic: Question about VLAN
Replies: 5
Views: 797

Re: Question about VLAN

Ummm, router or switch? SwitchOS does not include a DHCP server, so I have to assume you are talking about a router, and not a switch. what hardware? Sure you can assign a DHCH server to a VLAN. If the VLAN exists, you can assign a DHCP server to the VLAN - it's just another interface selection. I h...
by k6ccc
Fri Sep 16, 2016 1:32 am
Forum: General
Topic: Strange issue? Not sure what's going on.
Replies: 3
Views: 587

Re: Strange issue? Not sure what's going on.

I assume by "Live IP" you are referring to a dynamic IP. What is assigning the dynamic IP and why is the router getting one for each end? Or is there more to your drawing?
by k6ccc
Thu Sep 15, 2016 2:40 am
Forum: Beginner Basics
Topic: Can't connect to RB750GL
Replies: 7
Views: 882

Re: Can't connect to RB750GL

And then, once you have it correct, BACK IT UP! Personally, my two RB750 routers create a backup and export file every night and E-Mail those to me. I don't care if it has not changed in months - I have a backup and export less than 24 hours old. Done with a script I found on the wiki and adjusted f...
by k6ccc
Thu Sep 01, 2016 5:42 pm
Forum: Beginner Basics
Topic: mikrotik switch one port only internet access
Replies: 12
Views: 1905

Re: mikrotik switch one port only internet access

Unless I'm completely not understanding what you are trying to do, you are asking a switch to perform routing rules. Wrong device for the job. What you are trying to do would be very easy in a router, but not with a switch.
by k6ccc
Sat Aug 27, 2016 1:00 am
Forum: Beginner Basics
Topic: mikrotik switch one port only internet access
Replies: 12
Views: 1905

Re: mikrotik switch one port only internet access

OK, I'm confused. The RB260 is a switch, not a router. There is no bridge command in SwitchOS, so how are you creating a bridge, and then assigning an IP to the bridge? There are no firewall commands either. You may be able to use the ACL to limit access, but I don't see on a quick look that even th...
by k6ccc
Thu Aug 18, 2016 9:12 am
Forum: Beginner Basics
Topic: IP to IP NAT
Replies: 15
Views: 1684

Re: IP to IP NAT

I'm not 100% sure, but I've never seen a NAT that is not pointing to the IP of the router. In other words, you would need to point your ping to an address that exists on the router, not to a fake address that does not really exist. You would also need to make sure that the router itself was not resp...
by k6ccc
Thu Aug 18, 2016 1:58 am
Forum: Beginner Basics
Topic: Can someone help setup these routers with me
Replies: 5
Views: 864

Re: Can someone help setup these routers with me

There are several ways you could do it with varying degrees of complexity. Unless there is more going on than you list here, your central router does not need to be a router - it could be a switch (either dumb or managed). The high tech way to do it would be to create a VPN tunnel between router 2 &...
by k6ccc
Tue Aug 16, 2016 11:26 pm
Forum: Beginner Basics
Topic: IP to IP NAT
Replies: 15
Views: 1684

Re: IP to IP NAT

Can you draw a picture? I'm getting lost from the description.
by k6ccc
Tue Aug 16, 2016 10:01 pm
Forum: Beginner Basics
Topic: 3 devices, one network
Replies: 6
Views: 829

Re: 3 devices, one network

Right off the Mikrotik website about the 210: > two SFP+ cages for 10G connectivity (first port supports 1.25G/10G modules, second port only 10G modules) Looking at the website, it looks like the 109 and 125 are 1Gig only, so you have a problem! Don't think I have a good solution except to use a med...
by k6ccc
Tue Aug 16, 2016 6:32 am
Forum: Beginner Basics
Topic: 3 devices, one network
Replies: 6
Views: 829

Re: 3 devices, one network

You mention trunks, are you running multiple VLANs, or is this all just plain single LAN and S1 & S2 are operating just as simple switches without any router functionality?
by k6ccc
Mon Aug 15, 2016 11:19 pm
Forum: SwOS
Topic: 16/32/48 ports
Replies: 51
Views: 20180

Re: 16/32/48 ports

Gee, my father also lives in La Verne... Nice to see a local here...


Sent from my Droid Turbo via Tapatalk, so blame any typos or spelling errors on Android
by k6ccc
Mon Aug 15, 2016 10:38 pm
Forum: SwOS
Topic: 16/32/48 ports
Replies: 51
Views: 20180

Re: 16/32/48 ports

I think the concept would more of a large switch - that "oh by the way" has a router in it too. Personally I have two 48 port HP managed switches at home (although neither is anywhere near fully loaded).


Sent from my Droid Turbo via Tapatalk, so blame any typos or spelling errors on Android
by k6ccc
Wed Aug 10, 2016 1:28 am
Forum: RouterBOARD hardware
Topic: Mikrotik ATA
Replies: 16
Views: 2949

Re: Mikrotik ATA

And people wonder why I still have a 1A2 key system in my house with POTS lines going into it. Just because it comes in your house on an analog copper pair doesn't mean it's a true POTS line. Good point - especially these days. In my case, I had contacts with the local phone company when I bought m...
by k6ccc
Wed Aug 10, 2016 1:00 am
Forum: RouterBOARD hardware
Topic: Mikrotik ATA
Replies: 16
Views: 2949

Re: Mikrotik ATA

Funny thing is - a true land line has certain key advantages over cell phones / VoIP, <snip> And people wonder why I still have a 1A2 key system in my house with POTS lines going into it. Although you lose the line status lights, and hold function, it still works in a power failure. For those who d...
by k6ccc
Wed Aug 10, 2016 12:40 am
Forum: General
Topic: is it possible use 2 ip? 1 mikrotik
Replies: 7
Views: 802

Re: is it possible use 2 ip? 1 mikrotik

Please post your config and I'll take a look (or someone else might spot an issue before I can look at it).
by k6ccc
Tue Aug 09, 2016 7:38 pm
Forum: RouterBOARD hardware
Topic: RB3011: temperature spikes to 90°C!
Replies: 10
Views: 2293

Re: RB3011: temperature spikes to 90°C!

Off hand, I would say that is incorrect data. I could not determine if that router has a fan, but a fan that is failing to start once in a while could cause it to get hotter than normal, but unlikely that hot, that fast. If it does not have a fan (and presumed not to need one), I can't see if gettin...
by k6ccc
Tue Aug 09, 2016 4:55 am
Forum: Beginner Basics
Topic: port forwarding for my samsung 16ch DVR
Replies: 1
Views: 519

Re: port forwarding for my samsung 16ch DVR

I'll start with question #4. Start with a bunch of reading on the wiki: http://wiki.mikrotik.com/wiki/Main_Page As for securing the router, the wiki has lots, but here is one I used to START with: http://wiki.mikrotik.com/wiki/Securing_New_RouterOs_Router After reading that search around some more. ...
by k6ccc
Tue Aug 09, 2016 4:39 am
Forum: Beginner Basics
Topic: RB951 wont come on
Replies: 2
Views: 555

Re: RB951 wont come on

If you have access to a volt meter, check the output of the power supply to see if it's producing power. Also, you can try a different power supply - provided you have another one that has the right connector and polarity, and an acceptable voltage.
by k6ccc
Mon Aug 08, 2016 8:03 pm
Forum: General
Topic: is it possible use 2 ip? 1 mikrotik
Replies: 7
Views: 802

Re: is it possible use 2 ip? 1 mikrotik

OK, now on a PC rather than my phone.. In my case, I replaced multiple consumer grade routers that each had a public static IP from my ISP via a DSL, with a single MicroTik RB750r2 router. I wanted each local LAN to be completely isolated from the other local LANs (having multiple routers made that ...
by k6ccc
Mon Aug 08, 2016 3:30 pm
Forum: General
Topic: is it possible use 2 ip? 1 mikrotik
Replies: 7
Views: 802

Re: is it possible use 2 ip? 1 mikrotik

Yes, but not going to try from my phone. Will post more details in a couple hours when I'm on a computer.


Sent from my Droid Turbo via Tapatalk, so blame any typos or spelling errors on Android
by k6ccc
Mon Aug 08, 2016 7:54 am
Forum: General
Topic: is it possible use 2 ip? 1 mikrotik
Replies: 7
Views: 802

Re: is it possible 2 ip? 1 mikrotik

Your two IPs from you ISP would be on the ethernet port that your fiber is connected to - in this case, ether 1. What you do with those two IPs is based on your firewall rules. That is similar to what I'm doing with my DSL. Router #1 and router #2 both use three IPs from my ISP (total of six IPs). I...
by k6ccc
Thu Aug 04, 2016 7:30 am
Forum: Beginner Basics
Topic: how to change firewall rules using script?
Replies: 9
Views: 1507

Re: how to change firewall rules using script?

Yes, you can,but I'm not enough of a scripting expert to give much advise beyond doing a lot of reading on the Wiki. I will point you at a page that I started with:
http://wiki.mikrotik.com/wiki/Securing_ ... rOs_Router
by k6ccc
Tue Aug 02, 2016 5:18 pm
Forum: Beginner Basics
Topic: Some Sites Blocked
Replies: 2
Views: 545

Re: Some Sites Blocked

It would be helpful if you included the config of your router so we could see how it's configured. Without that, we are just guessing.
by k6ccc
Tue Aug 02, 2016 5:17 pm
Forum: Beginner Basics
Topic: one specific domain not reachable
Replies: 3
Views: 472

Re: one specific domain not reachable

It would be helpful if you included the config of your router so we could see how it's configured. Without that, we are just guessing.
by k6ccc
Thu Jul 28, 2016 4:58 am
Forum: General
Topic: How to allow a website in RB750
Replies: 24
Views: 2296

Re: How to allow a website in RB750

Many websites don't have a non-shared IP address, or address that will go directly to them. You must specify the URL. Based on what I can see, there is nothing you can do to to be able to reach that website by pointing to the IP address because the server is configured to not allow it - you must use...
by k6ccc
Thu Jul 28, 2016 1:56 am
Forum: General
Topic: How to allow a website in RB750
Replies: 24
Views: 2296

Re: How to allow a website in RB750

<snip> And I cannot find the IP address to put into firewall rule. I have ping the website but I cannot use that IP go back into website. I don't know why??? A given IP address may have many websites on it.  What the web server does with a request for just the IP address is entirely up to how the s...
by k6ccc
Wed Jul 27, 2016 3:59 am
Forum: General
Topic: How to allow a website in RB750
Replies: 24
Views: 2296

Re: How to allow a website in RB750

Your question is so broad that we can't answer anything. Is this a website on your LAN, or the internet, or some thing else?
Are you trying g to access this from your LAN, or something else?


Sent from my Droid Turbo via Tapatalk, so blame any typos or spelling errors on Android
by k6ccc
Mon Jul 25, 2016 5:51 pm
Forum: Beginner Basics
Topic: Outbound Port Blocked
Replies: 1
Views: 365

Re: Outbound Port Blocked

Since you did not include all the details of your rules, I'm having to fill in the blanks.  It would appear that your dst-nat is applied to traffic on all interfaces.  So when you are on your LAN and attempt to get to some server on the internet on port 443, the dst-nat is sending it back to your ow...
by k6ccc
Sun Jul 24, 2016 9:43 pm
Forum: Beginner Basics
Topic: Backup rb750 r2 -> Restore rb750 g r2 : leads to reverse port order
Replies: 1
Views: 418

Re: Backup rb750 r2 -> Restore rb750 g r2 : leads to reverse port order

Remember that a backup and restore is intended to be used for the same hardware.  For copying config to a new device, you should use export, and then the resulting script to configure the new device.  You may want to review the Wiki for details on that too.
by k6ccc
Sat Jul 23, 2016 7:40 pm
Forum: SwOS
Topic: Rb260gs connect the three switch's
Replies: 1
Views: 788

Re: Rb260gs connect the three switch's

Please give us more detail on what you are trying to accomplish. A network drawing would likely be useful. You mention VLANs but nothing about what you need to do. Obviously the 260 only has one SFP port, so any of the other switches that connect to the 260 have to be 10, 100, or 1000 base-T. Sent f...
by k6ccc
Sat Jul 23, 2016 2:03 am
Forum: Beginner Basics
Topic: VLAN Newbie
Replies: 3
Views: 653

Re: VLAN Newbie

Let me take a stab at this.  Separating everything with VLANs will work for what you want to do.  I make NO claim that this is the only or best way to do this, but would work. The first step is to define how many separate VLANs you need.  I'll start with that.  I used example VLAN numbers and IP ran...
by k6ccc
Fri Jul 22, 2016 9:41 pm
Forum: Beginner Basics
Topic: No Internet Access and cant' PING
Replies: 6
Views: 2259

Re: No Internet Access and cant' PING

Other than the fasttrack connection (which I don't know what that is), I don't see anything obviously wrong with the config.  A couple of thoughts (in no particular order): You have the WAN interface set as a DHCP client.  Does the internet service that you are using offer plain old DHCP or is somet...
by k6ccc
Thu Jul 21, 2016 11:54 pm
Forum: Scripting
Topic: Run backup file by script
Replies: 7
Views: 2509

Re: Run backup file by script

Here's mine.  Backup and export, and E-Mail both to one of my addresses.
I don't how that is related to OP's problem.
The OP is trying to do the opposite of what your script does.

I think.
You're right.  I misread the original post.  Sorry.
by k6ccc
Thu Jul 21, 2016 11:38 pm
Forum: Scripting
Topic: Run backup file by script
Replies: 7
Views: 2509

Re: Run backup file by script

Here's mine.  Backup and export, and E-Mail both to one of my addresses. # Policies needed:  ftp, read, policy, sensitive, test # Policies NOT needed:  password, reboot, write, sniff, romon :log info "Starting daily backup"; /system backup save name=RB750-2_Daily :delay 00:00:01 # :log info "Startin...
by k6ccc
Thu Jul 21, 2016 8:35 pm
Forum: General
Topic: Blocking Pokemon Go
Replies: 29
Views: 6467

Re: Blocking Pokemon Go

I can only speak definitively about here in the United States, but generally for other locations.  Here in the USA, NO ONE can legally jam any licensed radio frequency and even most unlicensed radio frequencies.  A hotel chain even got a huge fine for faking WiFi signals that prevented people from u...
by k6ccc
Thu Jul 21, 2016 8:14 pm
Forum: Beginner Basics
Topic: error : dhcp offering lease without success ?
Replies: 7
Views: 3222

Re: error : dhcp offering lease without success ?

Hmmm, thanks.  I had seen that as well.  Always the same device - a mesh type access point that was mesh connected only (no wired connection).  All 4 addresses for that device were having this issue somewhat regularly.  Checked the DHCP static settings and found several devices that had the "always ...
by k6ccc
Wed Jul 20, 2016 10:34 pm
Forum: SwOS
Topic: Two RB260GS connected over 15km SFP
Replies: 1
Views: 1055

Re: Two RB260GS connected over 15km SFP

I don't see any problem with that. Just make sure that the SFP adapters are compatible with the fiber single mode vs multimode), and the correct connectors. I would assume for that distance, it's single mode cable. Sent from my Droid Turbo via Tapatalk, so blame any typos or spelling errors on Android
by k6ccc
Mon Jul 18, 2016 7:28 pm
Forum: Beginner Basics
Topic: error sending e-mail (test) : AUTH failed
Replies: 6
Views: 8246

Re: error sending e-mail (test) : AUTH failed

Note that if you use 2 factor authentication in your Google account, the option for "Use less secure apps" is not available.  As I have several G-Mail accounts, some with 2FA and some without 2FA, I am using one of my G-Mail accounts that does not use 2FA for sending mail from my MikroTik routers.  ...
by k6ccc
Mon Jul 18, 2016 7:23 pm
Forum: Beginner Basics
Topic: How to set static IP for webserver?
Replies: 6
Views: 909

Re: How to set static IP for webserver?

If you set a static IP in your web server, then it does not request a DHCP address from your router, so the router does not care at all what address is used.  If you do have the router assigning DHCP addresses, make sure the static IP of the server is outside the DHCP address pool.  For example, my ...
by k6ccc
Mon Jul 18, 2016 10:01 am
Forum: SwOS
Topic: 16/32/48 ports
Replies: 51
Views: 20180

Re: 16/32/48 ports

There are times that the simplicity of switch is nice.  I recently had to think about that one myself, and elected to get the RB260GS switch.  I only needed 5 ports, but I also have two 48 port HP managed switches at my house (neither are fully loaded).  However, speculating on what a 24 port versio...
by k6ccc
Sat Jul 16, 2016 12:17 am
Forum: General
Topic: Is it possible to run a script on login?
Replies: 44
Views: 15050

Re: Is it possible to run a script on login?

Naturally, right after I post the above messages, I figured it out!  A one character slight typo in how I customized it for my purposes.

And yes, I've learned a few more things about what the script is doing...
Thanks again for writing it!

Jim
by k6ccc
Fri Jul 15, 2016 11:38 pm
Forum: General
Topic: Is it possible to run a script on login?
Replies: 44
Views: 15050

Re: Is it possible to run a script on login?

One other thing I noticed is that the subject of the E-Mail is always :  MikroTik alert jul/15/2016 06:52:27
Looking at the code, the time should be from $currentTime, so it would appear that $currentTime is not updating.  Related?

Jim
by k6ccc
Fri Jul 15, 2016 11:30 pm
Forum: General
Topic: Is it possible to run a script on login?
Replies: 44
Views: 15050

Re: Is it possible to run a script on login?

I found this thread from the Wiki page about this script.  First of all, Thanks for this script!  I'm pretty new with RouterOS and extremely new to scripts for it.  I'm using it on a RB750r2 with 6.35.4 of ROS.  I've got at least part of it figured out what you did (I often learn by seeing what othe...
by k6ccc
Fri Jul 15, 2016 7:57 pm
Forum: Beginner Basics
Topic: 1Gbit negotiation failure in hardware switching secenario with vlans for rb750r2 (hex lite)
Replies: 2
Views: 439

Re: 1Gbit negotiation failure in hardware switching secenario with vlans for rb750r2 (hex lite)

As jarda said, it's a 10/100 switch.
There is a Gigabit version - the RB750Gr2
by k6ccc
Thu Jul 14, 2016 7:48 pm
Forum: Beginner Basics
Topic: Basic LAN to LAN
Replies: 4
Views: 651

Re: Basic LAN to LAN

Check your routes table.  There should be dynamic routes for each LAN port.
by k6ccc
Thu Jul 14, 2016 12:40 am
Forum: Beginner Basics
Topic: test email not working with gmail
Replies: 41
Views: 28480

Re: test email not working with gmail

I updated one of my routers to 6.34 (from 6.25) this morning, so I will also give it a try... Sent from my Droid Turbo via Tapatalk, so blame any typos or spelling errors on Android Hi Jim, Be sure to update your routerboard firmware.  I have an RB751 that was running firmware version 3.24 and woul...
by k6ccc
Wed Jul 13, 2016 10:30 pm
Forum: Beginner Basics
Topic: test email not working with gmail
Replies: 41
Views: 28480

Re: test email not working with gmail

I updated one of my routers to 6.34 (from 6.25) this morning, so I will also give it a try...


Sent from my Droid Turbo via Tapatalk, so blame any typos or spelling errors on Android
by k6ccc
Tue Jul 12, 2016 11:22 pm
Forum: Beginner Basics
Topic: test email not working with gmail
Replies: 41
Views: 28480

Re: test email not working with gmail

Well, I got it working - finally.  Tried all kinds of stuff.  Tried G-Mail, my ISP's server, and even my own mail server.  From router #1 which connects to the LAN for my server, I could send mail via the local LAN IP address, but not the public IP from either router.  I know that an external device...
by k6ccc
Tue Jul 12, 2016 5:22 pm
Forum: Beginner Basics
Topic: Unable to access mikrotik services, like ssh and winbox, from Internet
Replies: 9
Views: 1620

Re: Unable to access mikrotik services, like ssh and winbox, from Internet

I believe that would be another layer of security that I mentioned.  In my case, the remote access methods use non-standard ports, a multi-step port knock to even open the ports, and complex usernames and passwords.  Only secure connections are allowed (no http, ftp, or telnet from the internet for ...
by k6ccc
Tue Jul 12, 2016 5:04 pm
Forum: Beginner Basics
Topic: test email not working with gmail
Replies: 41
Views: 28480

Re: test email not working with gmail

Hi Jim, Scroll further down the page and look in the section, "Connected apps & sites".  "Allow less secure apps"  is the last entry in that section. Don Not there.  All I have in that section is sub-sections for  "Apps connected to your account" and "Saved Passwords". UPDATE! On my primary persona...
by k6ccc
Tue Jul 12, 2016 7:35 am
Forum: Beginner Basics
Topic: test email not working with gmail
Replies: 41
Views: 28480

Re: test email not working with gmail

<snip> In order to set the gmail email server to send from a "less secure" source, go to your gmail account using your web browser.   Click on your profile photo in the upper-right corner of the web page.  If you haven't uploaded a profile photo, there will be a circle with a "D" in the middle of i...
by k6ccc
Tue Jul 12, 2016 1:36 am
Forum: Beginner Basics
Topic: stuck with vlans
Replies: 6
Views: 907

Re: stuck with vlans

Here are three links that should give a pretty good idea.  The third one specifically is addressing using a switch to break out a trunk. http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN http://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment http://wiki.mikrotik.com/wiki/SwOS/Router-On-A-Stic...
by k6ccc
Tue Jul 12, 2016 1:06 am
Forum: Beginner Basics
Topic: Reverse Access Point
Replies: 12
Views: 1027

Re: Reverse Access Point

Then you need to nat all connections passed to the outer interface via masquerade rule. To make sure we are on the same page, I'm going to define the terminology I'm using: Source WiFi AP / router = The hidden access point that is souring a connection to the internet.  OP has no control over this A...
by k6ccc
Mon Jul 11, 2016 11:42 pm
Forum: Beginner Basics
Topic: Reverse Access Point
Replies: 12
Views: 1027

Re: Reverse Access Point

Thanks, but I don't have access to the providing network. It is not mine, I have only full access on the mikrotik. So I can't create any routes on the 2nd network.
You shouldn't need access to the upstream router / AP.  To it, you will just look like a single client.
by k6ccc
Mon Jul 11, 2016 7:37 pm
Forum: SwOS
Topic: SwOS Web Interface Error
Replies: 17
Views: 5982

Re: SwOS Web Interface Error

ive got this problem too with RB260G and v1.16. <snip> looking at http://192.168.88.1/!dhost.b it shows about 100 lines of the following: [{adr:'44d9e7ff7191',prt:0x02,drp:0x00,mir:0x00,sts:0x07,vid:0x01dc},{adr:'44d9e7ff7191',prt:0x02,drp:0x00,mir:0x00,sts:0x07,vid:0x01dc}, Followup to what I wrot...
by k6ccc
Mon Jul 11, 2016 7:29 pm
Forum: SwOS
Topic: SwOS Web Interface Error
Replies: 17
Views: 5982

Re: SwOS Web Interface Error

Working fine for me on a RB260GS with version 1.16 I have about 50 entries in the hosts table and using multiple VLANs.  As I type this, up time is a little under 36 days.  I am looking at it with FireFox version 46.0.1 from an old XP desktop computer.  The connection from the desktop to the switch ...
by k6ccc
Sun Jul 10, 2016 5:22 am
Forum: Beginner Basics
Topic: Unable to access mikrotik services, like ssh and winbox, from Internet
Replies: 9
Views: 1620

Re: Unable to access mikrotik services, like ssh and winbox, from Internet

I would be VERY careful about making command ports available via the internet.  At the very least use non-standard ports.  Then add another layer of security or two above that.
 
by k6ccc
Tue Jul 05, 2016 11:18 pm
Forum: Beginner Basics
Topic: isolate LAN clients from each other
Replies: 6
Views: 9777

Re: isolate LAN clients from each other

You bet you can.  I'm doing exactly that.  Here is a firewall rule that allows the IP addresses that are in my "Privileged" list to access to the interface Ether4 (what I have named as E4-p7_207).  You could also just have the specific IP entered instead of a list, but I have a couple of allowed loc...
by k6ccc
Sun Jul 03, 2016 12:49 am
Forum: Beginner Basics
Topic: Complicated VLAN setup
Replies: 21
Views: 3186

Re: Complicated VLAN setup

Nice of you to include a graphic of what you are trying to accomplish.  Makes it SO MUCH easier. Agreed that the unmanaged switch won't likely play well with VLAN traffic.  Go buy a 260GS (since we're in the MikroTik family).  It will handle the gigibit and VLANs just fine for you and they are inexp...
by k6ccc
Fri Jul 01, 2016 3:45 pm
Forum: SwOS
Topic: Question on VLAN
Replies: 5
Views: 1615

Re: Question on VLAN

Unless I'm missing something, you don't need anything special in the switch. It should do what you need right out of the box or a reset to default. A dumb hub or switch would work. For that matter, why do you need the switch at all? Can't you connect your router directly to your internet connection?...
by k6ccc
Thu Jun 30, 2016 6:32 pm
Forum: SwOS
Topic: Question on VLAN
Replies: 5
Views: 1615

Re: Question on VLAN

OK, let me see if I understand what you are wanting to do. In your router, you will have a WAN connection to your ISP that will have 6 PPPOE accounts encapsulated in it.  You want the router to split the 6 PPPOE accounts so that each account is routed to a specific VLAN on an 802.1q trunk to a RB260...
by k6ccc
Thu Jun 30, 2016 3:37 am
Forum: General
Topic: Block Port 25 or not ?
Replies: 59
Views: 7850

Re: Block Port 25 or not ?

I am a home user that runs a web and mail server at home - along with a few other weird things.  I can tell you what my ISP does (from the customer prospective).  The have three levels of firewall at their end that can be selected by the customer.  They are:  "No Firewall" with an option box to Allo...
by k6ccc
Wed Jun 29, 2016 11:48 pm
Forum: Beginner Basics
Topic: Multiple Networks - how to do the separation?
Replies: 5
Views: 1776

Re: Multiple Networks - how to do the separation?

You've got it.

Once I got the hang of it, it was pretty simple.  Remember that everything is allowed unless you deny it.  So essentially you want to allow the specific stuff you want and they deny everything else.
by k6ccc
Tue Jun 28, 2016 4:29 pm
Forum: SwOS
Topic: Question on VLAN
Replies: 5
Views: 1615

Re: Question on VLAN

Your description is not clear to me. Having different VLANs in the router connect to the same ISP (with either the same or different IPs) is pretty easy, and setting up VLANs in the switch is fairly easy, but in not quite understanding what is connected to what. I think I'm doing something similar t...
by k6ccc
Mon Jun 27, 2016 11:52 pm
Forum: Beginner Basics
Topic: Multiple Networks - how to do the separation?
Replies: 5
Views: 1776

Re: Multiple Networks - how to do the separation?

Pretty easy with a few firewall rules.  I'm doing a similar thing.  In my case I replaced multiple consumer grade routers with one MikroTik.  The MikroTik is set up to emulate the individual routers.  Each LAN is isolated from the others, and routes to the internet via a different public IP (just as...
by k6ccc
Tue Jun 21, 2016 10:47 pm
Forum: General
Topic: Time based firewall rules stay inactive
Replies: 10
Views: 2436

Re: Time based firewall rules stay inactive

Interesting.  Have you tried it to see if it's working correctly or not doing anything?  How are you monitoring the activity?  I just tried a TOD based rule on one of my RB750s and it worked perfectly.  The rule was as follows: chain=ICMP action=drop protocol=icmp time=12h29m-12h30m,tue log=no log-p...
by k6ccc
Thu Jun 16, 2016 2:30 am
Forum: SwOS
Topic: (SOLVED) RB260GS Vlan tagged and untagged question
Replies: 2
Views: 2167

Re: RB260GS Vlan tagged and untagged question

Take a look at this. Not exactly what you are doing, but should help you out.
http://wiki.mikrotik.com/wiki/SwOS/Router-On-A-Stick
by k6ccc
Thu Jun 16, 2016 2:27 am
Forum: SwOS
Topic: RB260GS and DHCP client issues
Replies: 1
Views: 1155

Re: RB260GS and DHCP client issues

You did not show what's on the VLAN tab which is part of the puzzle, but you don't have the VLANs tab set right.  Take a look at this: http://wiki.mikrotik.com/wiki/SwOS/Router-On-A-Stick I set mine up a couple weeks ago and am for the most part, doing exactly this, and it worked perfectly by follow...
by k6ccc
Fri Jun 10, 2016 11:19 pm
Forum: Beginner Basics
Topic: Interface default-name all seem to be wrong
Replies: 2
Views: 1457

Re: Interface default-name all seem to be wrong

I did a little experimentation and reading and figured that one out (I think).  First thing is remember that the name of a port can be anything.  You can set it to anything you darn well please and it means nothing except to make it more understandable to us humans.  However apparently the router al...
by k6ccc
Fri Jun 10, 2016 5:28 pm
Forum: Beginner Basics
Topic: Winbox says Wrong User Name or Password (RB750GL)
Replies: 8
Views: 4065

Re: Winbox says Wrong User Name or Password (RB750GL)

Unless you added a firewall rule to prevent it, you left a router on a public IP that will respond on port 80 with the factory default ID and no password?  To make it worse, the login page identifies what type of equipment that is responding so even if a hacker does not happen to know the default pa...
by k6ccc
Wed Jun 08, 2016 9:04 pm
Forum: Beginner Basics
Topic: Correct way to set up VLANs
Replies: 3
Views: 1089

Re: Correct way to set up VLANs

How you setup VLANs depends entirely on what you are trying to accomplish, and what hardware is involved. Let me give my specific example. I have two RB750s that are both connected to a single HP 2610-48 managed switch. All 5 ports of each router are in use and are connected to the switch (router #1...
by k6ccc
Wed Jun 08, 2016 2:54 am
Forum: Beginner Basics
Topic: Winbox says Wrong User Name or Password (RB750GL)
Replies: 8
Views: 4065

Re: Winbox says Wrong User Name or Password (RB750GL)

Can you log into the router via http, ssh, or ftp? That would confirm if the router changed password.

And you did back up the config regularly - right?
by k6ccc
Tue Jun 07, 2016 4:53 am
Forum: Beginner Basics
Topic: Port Scan Blocking Firewall Rule not Working
Replies: 8
Views: 12135

Re: Port Scan Blocking Firewall Rule not Working

<snip> Simply discard / tarpit ;) all incoming connection, except the service you want reach outside: /ip firewall filter add action=tarpit chain=forward connection-state=new in-interface=<WAN-INTERFACE> protocol=tcp add action=drop chain=forward connection-state=new in-interface=<WAN-INTERFACE> pr...
by k6ccc
Tue Jun 07, 2016 4:35 am
Forum: Beginner Basics
Topic: Network design - why does it work this way and what is the best option
Replies: 3
Views: 623

Re: Network design - why does it work this way and what is the best option

I'm trying to visualize your network layout without success. However, the MikroTik is a router, it will happily route traffic between the different LANs unless you prevent it from doing so via firewall rules. That's about as far as I can go with your limited description of what is connected to what....
by k6ccc
Mon Jun 06, 2016 6:21 am
Forum: SwOS
Topic: Display Statistics in "Human Readable" Format
Replies: 14
Views: 1882

Re: Display Statistics in "Human Readable" Format

What's not human readable? Version 1.16 is plain text...
by k6ccc
Sat Jun 04, 2016 9:57 am
Forum: SwOS
Topic: RB260GS VLANs
Replies: 9
Views: 12941

Re: RB260GS VLANs

Also poked at it and did not get it working. Read this description and it was a piece of cake.

http://wiki.mikrotik.com/wiki/SwOS/Router-On-A-Stick

Jim
by k6ccc
Thu Jun 02, 2016 8:25 pm
Forum: Beginner Basics
Topic: Masquerading to two WAN addresses in same subnet?
Replies: 2
Views: 584

Re: Masquerading to two WAN addresses in same subnet?

I got it working!

I was making it far too complicated. Instead of using a masquerade for outbound, I used three src-nat (one for each LAN) for outbound. Right out of the manual if I had read that far...
by k6ccc
Thu Jun 02, 2016 7:01 pm
Forum: Beginner Basics
Topic: Masquerading to two WAN addresses in same subnet?
Replies: 2
Views: 584

Re: Masquerading to two WAN addresses in same subnet?

Anyone? For most stuff it does not really matter what outbound IP traffic uses on the WAN, but I now have run into a situation where this is causing a problem. I have a radio linking system that initiates contact from my end to another location via the internet. The far end is expecting the traffic ...
by k6ccc
Thu Jun 02, 2016 2:23 am
Forum: Beginner Basics
Topic: A simple port forwarding
Replies: 10
Views: 1167

Re: A simple port forwarding

Are you trying to access the web page from the internet, from something on the 192.168.1.0 LAN, or something on the 192.168.88.0 LAN? All three have different answers. If you are trying from a device on the internet, you will need to set up port forwarding in whatever router is NATing your internet ...
by k6ccc
Thu May 26, 2016 5:38 pm
Forum: Beginner Basics
Topic: Is WinBox secure?
Replies: 2
Views: 775

Re: Is WinBox secure?

Duh! Couldn't find in the docs (still can't BTW), but it's right there on the connection screen!

Thanks
by k6ccc
Thu May 26, 2016 12:45 am
Forum: Beginner Basics
Topic: Is WinBox secure?
Replies: 2
Views: 775

Is WinBox secure?

I could not find an answer to this. Is communications between a PC running WinBox to a router secured? I would like to be able to use WinBox to look at routers from a remote location (via the internet), but would prefer that the communication be encrypted in one form or another (particularly passwor...
by k6ccc
Thu May 26, 2016 12:29 am
Forum: Beginner Basics
Topic: I need two ports but can use only one
Replies: 4
Views: 547

Re: I need two ports but can use only one

I'm not specifically familiar with the hAP ac, but did a quick look at it. Is there a reason that you can't connect the router to the internet connection of the AP, and then the PC to one of the LAN connections of the hAP? The only reason you should need the switch is if you need more than 4 LAN por...
by k6ccc
Wed May 25, 2016 2:14 am
Forum: Beginner Basics
Topic: Masquerading to two WAN addresses in same subnet?
Replies: 2
Views: 584

Masquerading to two WAN addresses in same subnet?

Let me give a little background. Before MikroTik, I have several consumer type routers each for completely independent LANS at my house. For example, my "normal" home LAN has one router, but my private and semi-public WiFi each have their own router. The result being that for example if someone hack...
  • 1
  • 2