our network range is 10.0.0.0/24
every time i try to stream a video to all my network members throught ip 10.0.0.255 using vlc player’s streaming option my pc gets blocked from internet access!
how to allow vlc player’s rstp protocol to work without issues?
it looks you are trying to multicast the stream. choose appropriate multicast group, install multicast packet, configure PIM on the router. if you have only switches, then just configure VLC properly and check if TTL value of the stream is OK (if you use graphical interface)
but for best results on how to stream you will see in VLC help/manual.
i know how to use the vlc streaming options but the mikrotik server is not allowing the multicasting!
Have you considered maybe posting the router configuration? It’s kind of impossible guess at what could be causing the issue.
Here’s a wild stab: “using vlc player’s streaming option my pc gets blocked from internet access!” - you copied and pasted some “virus blocking” IP firewall filter rules from the wiki or forum without any understanding of what they actually mean, and now they add your PC to address lists and block traffic sourced by it because some rules trigger on broadcast traffic (traffic to 10.0.0.255 on 10.0.0.0/24 isn’t multicast at all, that’s a broadcast address).
Give a lot of details and maybe you’ll get some help. Keeping everyone guessing is a waste of everyone’s time, including yours.
and there is problem with VLC that if graphical interface is used to stream, TTL value is set to 1 instead of what you set up in the configuration. As result, stream reaches the router, where it is rightfully dropped, since TTL reaches 0. And if you had done any searching you should have seen this discussed in the forum.
i chose the broadcast solution
i allowed the igmp service from the firewall and the udp protocol too.
i went into igmp proxy and chose the nic card that is hooked to the pc with the satellite card as upstream with alternative subnet as 0.0.0.0/0,then i entered the second nic card connected to the server as querier in the igmp proxy list too.
at last i started streaming to ip 10.0.0.255
0 packets was received on all pcs on the network from the second card!
i looked in the firewall config …i can see the igmp service port is counting packets but in the igmp proxy list nothing is happening!!!
am i missing something here?
you have to have customer with IGMP sending join request to join some network. Also, if i understood correctly, then you have to choose IGMP group from 224.0.0.0/4 as target address. then you can run VLC and join certain group.
Alternative networks should be used only if interface IP address differs from source address of the multicast stream.
here is my configs
/ip firewall address-list
add address=172.16.0.0/12 comment=“” disabled=no list=illegal-addr
add address=192.168.0.0/16 comment=“” disabled=no list=illegal-addr
add address=192.168.0.0/16 comment=“” disabled=no list=illegal-addr
add address=172.16.0.0/12 comment=“” disabled=no list=illegal-addr
add address=169.254.0.0/16 comment=“” disabled=no list=illegal-addr
add address=223.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=198.18.0.0/15 comment=“” disabled=no list=illegal-addr
add address=192.0.2.0/24 comment=“” disabled=no list=illegal-addr
add address=185.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=180.0.0.0/6 comment=“” disabled=no list=illegal-addr
add address=179.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=176.0.0.0/7 comment=“” disabled=no list=illegal-addr
add address=175.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=104.0.0.0/6 comment=“” disabled=no list=illegal-addr
add address=100.0.0.0/6 comment=“” disabled=no list=illegal-addr
add address=49.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=46.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=42.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=39.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=36.0.0.0/7 comment=“” disabled=no list=illegal-addr
add address=31.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=27.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=23.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=14.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=5.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=2.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=128.0.0.0/16 comment=“” disabled=no list=illegal-addr
add address=192.168.2.0/24 comment=“” disabled=no list=illegal-addr
add address=10.5.50.0/24 comment=“” disabled=no list=illegal-addr
add address=72.233.96.254 comment=“” disabled=no list=black_list
add address=41.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=80.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=62.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=163.121.170.209 comment=“” disabled=no list=illegal-addr
add address=50.16.0.0/14 comment=“” disabled=no list=black_list
add address=184.72.0.0/15 comment=“” disabled=no list=black_list
add address=89.178.0.0/15 comment=“” disabled=no list=black_list
add address=94.198.224.0/21 comment=“” disabled=no list=black_list
add address=91.148.128.0/18 comment=“” disabled=no list=black_list
add address=67.215.64.0/19 comment=“” disabled=no list=black_list
add address=209.51.128.0/19 comment=“” disabled=no list=black_list
add address=62.0.0.0/8 comment=“” disabled=no list=black_list
add address=41.0.0.0/8 comment=“” disabled=no list=black_list
add address=169.254.0.0/16 comment=“” disabled=no list=illegal-addr
add address=195.0.0.0/8 comment=“” disabled=no list=black_list
add address=213.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=208.94.0.0/22 comment=“” disabled=no list=illegal-addr
add address=87.0.0.0/8 comment=“” disabled=no list=black_list
add address=178.0.0.0/8 comment=“” disabled=no list=black_list
add address=208.94.0.0/22 comment=“” disabled=no list=black_list
add address=67.228.0.0/16 comment=“” disabled=no list=illegal-addr
add address=67.228.0.0/16 comment=“” disabled=no list=black_list
add address=64.62.128.0/17 comment=“” disabled=no list=black_list
add address=64.62.128.0/17 comment=“” disabled=no list=illegal-addr
add address=174.132.0.0/15 comment=“” disabled=no list=black_list
add address=174.132.0.0/15 comment=“” disabled=no list=illegal-addr
add address=87.0.0.0/8 comment=“” disabled=no list=black_list
add address=87.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=67.215.64.0/19 comment=“” disabled=no list=black_list
add address=195.0.0.0/8 comment=“” disabled=no list=black_list
add address=67.215.65.132 comment=“” disabled=no list=black_list
add address=67.215.65.132 comment=“” disabled=no list=black_list
add address=38.0.0.0/8 comment=“” disabled=no list=black_list
add address=41.232.144.8 comment=“” disabled=no list=black_list
add address=78.140.128.0/18 comment=“” disabled=no list=black_list
add address=78.140.128.0/18 comment=“” disabled=no list=illegal-addr
add address=74.0.0.0/8 comment=“” disabled=no list=black_list
add address=74.0.0.0/8 comment=“” disabled=no list=illegal-addr
add address=112.175.243.22 comment=“” disabled=no list=black_list
add address=112.175.243.22 comment=“” disabled=no list=“port scanners”
add address=41.234.147.214 comment=“” disabled=no list=black_list
add address=41.234.147.214 comment=“” disabled=no list=“port scanners”
add address=255.255.255.255 comment=“” disabled=no list=illegal-addr
add address=255.255.255.255 comment=“” disabled=no list=black_list
add address=255.255.255.255 comment=“” disabled=no list=“port scanners”
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=yes
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=no
add action=drop chain=forward comment=“” disabled=no icmp-options=8:0
protocol=icmp
add action=drop chain=virus comment=“Drop Messenger Worm” disabled=no
dst-port=135-139 protocol=udp
add action=drop chain=virus comment=“Drop Blaster Worm” disabled=no dst-port=
445 protocol=udp
add action=drop chain=forward comment=“Drop all P2P” disabled=no p2p=all-p2p
add action=drop chain=input comment=“Drop invalid connections”
connection-state=invalid disabled=no
add action=drop chain=input comment=“limit total http connections to 100”
connection-limit=100,0 disabled=no dst-port=80 protocol=tcp
add action=drop chain=input comment=“suppress DoS attack from 1 IP”
connection-limit=2,32 disabled=no protocol=tcp src-address-list=
black_list
add action=add-src-to-address-list address-list=black_list
address-list-timeout=1d chain=input comment=“detect DoS attack 1 IP”
connection-limit=10,24 disabled=no protocol=tcp
add action=jump chain=input comment=“!!! Check for well-known viruses !!!”
disabled=no jump-target=virus
add action=drop chain=input comment=“” disabled=no dst-port=25 protocol=tcp
add action=drop chain=input comment=“Telnet for demo purposes” disabled=no
dst-port=23 protocol=tcp
add action=drop chain=forward comment=“Drop invalid connections”
connection-state=invalid disabled=no
add action=jump chain=forward comment=“!!! Check for well-known viruses !!!”
disabled=no jump-target=virus
add action=drop chain=virus comment=“Drop Blaster Worm” disabled=no dst-port=
445 protocol=tcp
add action=drop chain=virus comment=“Drop Blaster Worm” disabled=no dst-port=
445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030
protocol=tcp
add action=drop chain=virus comment=“Drop MyDoom” disabled=no dst-port=1080
protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214
protocol=tcp
add action=drop chain=virus comment=“ndm requester” disabled=no dst-port=1363
protocol=tcp
add action=drop chain=virus comment=“ndm server” disabled=no dst-port=1364
protocol=tcp
add action=drop chain=virus comment=“screen cast” disabled=no dst-port=1368
protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373
protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377
protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434
protocol=tcp
add action=drop chain=virus comment=“Bagle Virus” disabled=no dst-port=2745
protocol=tcp
add action=drop chain=virus comment=“Drop Dumaru.Y” disabled=no dst-port=2283
protocol=tcp
add action=drop chain=virus comment=“Drop Beagle” disabled=no dst-port=2535
protocol=tcp
add action=drop chain=virus comment=“Drop Beagle.C-K” disabled=no dst-port=
2745 protocol=tcp
add action=drop chain=virus comment=“Drop MyDoom” disabled=no dst-port=
3127-3128 protocol=tcp
add action=drop chain=virus comment=“Drop Backdoor OptixPro” disabled=no
dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=
tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=
udp
add action=drop chain=virus comment=“Drop Sasser” disabled=no dst-port=5554
protocol=tcp
add action=drop chain=virus comment=“Drop Beagle.B” disabled=no dst-port=8866
protocol=tcp
add action=drop chain=virus comment=“Drop Dabber.A-B” disabled=no dst-port=
9898 protocol=tcp
add action=drop chain=virus comment=“Drop Dumaru.Y” disabled=no dst-port=
10000 protocol=tcp
add action=drop chain=virus comment=“Drop MyDoom.B” disabled=no dst-port=
10080 protocol=tcp
add action=drop chain=virus comment=“Drop NetBus” disabled=no dst-port=12345
protocol=tcp
add action=drop chain=virus comment=“Drop Kuang2” disabled=no dst-port=17300
protocol=tcp
add action=drop chain=virus comment=“Drop SubSeven” disabled=no dst-port=
27374 protocol=tcp
add action=drop chain=virus comment=“Drop PhatBot, Agobot, Gaobot” disabled=
no dst-port=65506 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=
udp
add action=drop chain=virus comment=“Drop Sasser” disabled=no dst-port=5554
protocol=tcp
add action=drop chain=virus comment=“Drop Beagle.B” disabled=no dst-port=8866
protocol=tcp
add action=drop chain=virus comment=“Drop Dabber.A-B” disabled=no dst-port=
9898 protocol=tcp
add action=drop chain=virus comment=“Drop Dumaru.Y” disabled=no dst-port=
10000 protocol=tcp
add action=drop chain=virus comment=“Drop MyDoom.B” disabled=no dst-port=
10080 protocol=tcp
add action=drop chain=virus comment=“Drop NetBus” disabled=no dst-port=12345
protocol=tcp
add action=drop chain=virus comment=“Drop Kuang2” disabled=no dst-port=17300
protocol=tcp
add action=drop chain=virus comment=“Drop SubSeven” disabled=no dst-port=
27374 protocol=tcp
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“Port scanners to list "
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“NMAP FIN Stealth scan
\n” disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=”" disabled=no protocol=tcp
tcp-flags=fin,syn
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“SYN/FIN scan” disabled=no
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“SYN/RST scan” disabled=no
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“FIN/PSH/URG scan” disabled=
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“ALL/ALL scan” disabled=no
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“NMAP NULL scan” disabled=no
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment=“dropping port scanners” disabled=no
src-address-list=“port scanners”
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=forward comment=“Port scanners to list "
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=forward comment=“NMAP FIN Stealth scan
\n” disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=forward comment=”" disabled=no protocol=tcp
tcp-flags=fin,syn
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=forward comment=“SYN/FIN scan” disabled=no
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=forward comment=“SYN/RST scan” disabled=no
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=forward comment=“FIN/PSH/URG scan”
disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=forward comment=“ALL/ALL scan” disabled=no
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=forward comment=“NMAP NULL scan” disabled=
no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=forward comment=“” disabled=no dst-port=135-139
protocol=tcp
add action=drop chain=forward comment=Worm.NetSky.Y@mm disabled=no dst-port=
82 protocol=tcp
add action=drop chain=forward comment=W32.Korgo.A/B/C/D/E/F-1 disabled=no
dst-port=113 protocol=tcp
add action=drop chain=forward comment=W33.Korgo.A/B/C/D/E/F-2 disabled=no
dst-port=2041 protocol=tcp
add action=drop chain=forward comment=W32.Korgo.A/B/C/D/E/F-3 disabled=no
dst-port=3067 protocol=tcp
add action=drop chain=forward comment=W32.Korgo.A/B/C/D/E/F-4 disabled=yes
dst-port=6667 protocol=tcp
add action=drop chain=forward comment=W32.Korgo.A/B/C/D/E/F-5 disabled=no
dst-port=445 protocol=tcp
add action=drop chain=forward comment=Backdoor.Nibu.B-1 disabled=no dst-port=
1000-1001 protocol=tcp
add action=drop chain=forward comment=Backdoor.Nibu.B-2 disabled=no dst-port=
2283 protocol=tcp
add action=drop chain=forward comment=Backdoor.IRC.Aladinz.R-1 disabled=no
dst-port=3422 protocol=tcp
add action=drop chain=forward comment=Backdoor.IRC.Aladinz.R-2 disabled=no
dst-port=43958 protocol=tcp
add action=drop chain=forward comment=W32.Dabber.A/B-1 disabled=no dst-port=
5554 protocol=tcp
add action=drop chain=forward comment=W32.Dabber.A/B-2 disabled=no dst-port=
8967 protocol=tcp
add action=drop chain=forward comment=Worm.NetSky.S/T/U@mm disabled=no
dst-port=6789 protocol=tcp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-1 disabled=no
dst-port=8787 protocol=tcp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-2 disabled=no
dst-port=8879 protocol=tcp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-3 disabled=no
dst-port=31666 protocol=tcp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-5 disabled=no
dst-port=54320-54321 protocol=tcp
add action=drop chain=forward comment=Block.NetBus.Trojan-1 disabled=no
dst-port=12345-12346 protocol=tcp
add action=drop chain=forward comment=Block.NetBus.Trojan-2 disabled=no
dst-port=20034 protocol=tcp
add action=drop chain=forward comment=GirlFriend.Trojan-1 disabled=no
dst-port=21554 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-1 disabled=no
dst-port=41 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-2 disabled=no
dst-port=3150 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-3 disabled=no
dst-port=999 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-4 disabled=no
dst-port=6670 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-5 disabled=no
dst-port=6771 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-6 disabled=no
dst-port=60000 protocol=tcp
add action=drop chain=forward comment=DeepThroat.Trojan-7 disabled=no
dst-port=2140 protocol=tcp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-1 disabled=no
dst-port=10067 protocol=tcp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-2 disabled=no
dst-port=10167 protocol=tcp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-3 disabled=no
dst-port=3700 protocol=tcp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-4 disabled=no
dst-port=9872-9875 protocol=tcp
add action=drop chain=forward comment=Delta.Source.Trojan-1 disabled=no
dst-port=6883 protocol=tcp
add action=drop chain=forward comment=Delta.Source.Trojan-2 disabled=no
dst-port=26274 protocol=tcp
add action=drop chain=forward comment=Delta.Source.Trojan-3 disabled=no
dst-port=4444 protocol=tcp
add action=drop chain=forward comment=Delta.Source.Trojan-4 disabled=no
dst-port=47262 protocol=tcp
add action=drop chain=forward comment=Eclypse.Trojan-1 disabled=no dst-port=
3791 protocol=tcp
add action=drop chain=forward comment=Eclypse.Trojan-2 disabled=no dst-port=
3801 protocol=tcp
add action=drop chain=forward comment=Eclypse.Trojan-3 disabled=no dst-port=
65390 protocol=tcp
add action=drop chain=forward comment=Y3K.RAT.Trojan-1 disabled=no dst-port=
5880-5882 protocol=tcp
add action=drop chain=forward comment=Y3K.RAT.Trojan-2 disabled=no dst-port=
5888-5889 protocol=tcp
add action=drop chain=forward comment=NetSphere.Trojan-1 disabled=no
dst-port=30100-30103 protocol=tcp
add action=drop chain=forward comment=NetSphere.Trojan-2 disabled=no
dst-port=30133 protocol=tcp
add action=drop chain=forward comment=NetMonitor.Trojan-1 disabled=no
dst-port=7300-7301 protocol=tcp
add action=drop chain=forward comment=NetMonitor.Trojan-2 disabled=no
dst-port=7306-7308 protocol=tcp
add action=drop chain=forward comment=FireHotcker.Trojan-1 disabled=no
dst-port=79 protocol=tcp
add action=drop chain=forward comment=FireHotcker.Trojan-2 disabled=no
dst-port=5031 protocol=tcp
add action=drop chain=forward comment=FireHotcker.Trojan-3 disabled=no
dst-port=5321 protocol=tcp
add action=drop chain=forward comment=TheThing.Trojan-1 disabled=no dst-port=
6400 protocol=tcp
add action=drop chain=forward comment=GateCrasher.Trojan-1 disabled=no
dst-port=1047 protocol=tcp
add action=drop chain=forward comment=GateCrasher.Trojan-2 disabled=no
dst-port=6969-6970 protocol=tcp
add action=drop chain=forward comment=SubSeven-1 disabled=no dst-port=2774
protocol=tcp
add action=drop chain=forward comment=SubSeven-2 disabled=no dst-port=27374
protocol=tcp
add action=drop chain=forward comment=SubSeven-3 disabled=no dst-port=1243
protocol=tcp
add action=drop chain=forward comment=SubSeven-4 disabled=no dst-port=1234
protocol=tcp
add action=drop chain=forward comment=SubSeven-5 disabled=no dst-port=
6711-6713 protocol=tcp
add action=drop chain=forward comment=SubSeven-7 disabled=no dst-port=16959
protocol=tcp
add action=drop chain=forward comment=Moonpie.Trojan-1 disabled=no dst-port=
25685-25686 protocol=tcp
add action=drop chain=forward comment=Moonpie.Trojan-2 disabled=no dst-port=
25982 protocol=tcp
add action=drop chain=forward comment=NetSpy.Trojan-1 disabled=no dst-port=
1024-1030 protocol=tcp
add action=drop chain=forward comment=NetSpy.Trojan-2 disabled=no dst-port=
1033 protocol=tcp
add action=drop chain=forward comment=
NetSpy.Trojan-3Back.Orifice.2000.Trojan-4 disabled=no dst-port=
31337-31339 protocol=tcp
add action=drop chain=forward comment=Trojan disabled=no dst-port=8102
protocol=tcp
add action=drop chain=forward comment=Netspy3.0Trojan disabled=no dst-port=
7306 protocol=tcp
add action=drop chain=forward comment=Trojan.BingHe disabled=no dst-port=7626
protocol=tcp
add action=drop chain=forward comment=WAY.Trojan disabled=no dst-port=8011
protocol=tcp
add action=drop chain=forward comment=Trojan.NianSeHoYian disabled=no
dst-port=19191 protocol=tcp
add action=drop chain=forward comment=NetBull.Trojan disabled=no dst-port=
23444-23445 protocol=tcp
add action=drop chain=forward comment=WinCrash.Trojan-1 disabled=no dst-port=
2583 protocol=tcp
add action=drop chain=forward comment=WinCrash.Trojan-2 disabled=no dst-port=
3024 protocol=tcp
add action=drop chain=forward comment=WinCrash.Trojan-3 disabled=no dst-port=
4092 protocol=tcp
add action=drop chain=forward comment=WinCrash.Trojan-4 disabled=no dst-port=
5714 protocol=tcp
add action=drop chain=forward comment=Doly1.0/1.35/1.5trojan-1 disabled=no
dst-port=1010-1012 protocol=tcp
add action=drop chain=forward comment=Doly1.0/1.35/1.5trojan-2 disabled=no
dst-port=1015 protocol=tcp
add action=drop chain=forward comment=TransScout.Trojan-2 disabled=no
dst-port=9878 protocol=tcp
add action=drop chain=forward comment=Backdoor.YAI..Trojan-1 disabled=no
dst-port=2773 protocol=tcp
add action=drop chain=forward comment=Backdoor.YAI.Trojan-2 disabled=no
dst-port=7215 protocol=tcp
add action=drop chain=forward comment=Backdoor.YAI.Trojan-3 disabled=no
dst-port=54283 protocol=tcp
add action=drop chain=forward comment=BackDoorTrojan-1 disabled=no dst-port=
1003 protocol=tcp
add action=drop chain=forward comment=BackDoorTrojan-2 disabled=no dst-port=
5598 protocol=tcp
add action=drop chain=forward comment=BackDoorTrojan-3 disabled=no dst-port=
5698 protocol=tcp
add action=drop chain=forward comment=PrayerTrojan-1 disabled=no dst-port=
2716 protocol=tcp
add action=drop chain=forward comment=PrayerTrojan-2 disabled=no dst-port=
9999 protocol=tcp
add action=drop chain=forward comment=SchwindlerTrojan-1 disabled=no
dst-port=21544 protocol=tcp
add action=drop chain=forward comment=SchwindlerTrojan-2 disabled=no
dst-port=31554 protocol=tcp
add action=drop chain=forward comment=Shaft.DDoS.Trojan-1 disabled=no
dst-port=18753 protocol=tcp
add action=drop chain=forward comment=Shaft.DDoS.Trojan-2 disabled=no
dst-port=20432 protocol=tcp
add action=drop chain=forward comment=Devil.DDoS.Trojan disabled=no dst-port=
65000 protocol=tcp
add action=drop chain=forward comment=LatinusTrojan-1 disabled=no dst-port=
11831 protocol=tcp
add action=drop chain=forward comment=LatinusTrojan-2 disabled=no dst-port=
29559 protocol=tcp
add action=drop chain=forward comment=Snid.X2Trojan-1 disabled=no dst-port=
1784 protocol=tcp
add action=drop chain=forward comment=Snid.X2Trojan-2 disabled=no dst-port=
3586 protocol=tcp
add action=drop chain=forward comment=Snid.X2Trojan-3 disabled=no dst-port=
7609 protocol=tcp
add action=drop chain=forward comment=BionetTrojan-1 disabled=no dst-port=
12348-12349 protocol=tcp
add action=drop chain=forward comment=BionetTrojan-2 disabled=no dst-port=
12478 protocol=tcp
add action=drop chain=forward comment=BionetTrojan-3 disabled=no dst-port=
57922 protocol=tcp
add action=drop chain=forward comment=Worm.Novarg.a.Mydoom.a.-1 disabled=no
dst-port=3127-3198 protocol=tcp
add action=drop chain=forward comment=Worm.MsBlaster-1 disabled=no dst-port=
4444 protocol=tcp
add action=drop chain=forward comment=Worm.BBeagle.a.Bagle.a. disabled=no
dst-port=6777 protocol=tcp
add action=drop chain=forward comment=Worm.BBeagle.b disabled=no dst-port=
8866 protocol=tcp
add action=drop chain=forward comment=Worm.BBeagle.c-g/j-l disabled=no
dst-port=2745 protocol=tcp
add action=drop chain=forward comment=Worm.BBeagle.p/q/r/n disabled=no
dst-port=2556 protocol=tcp
add action=drop chain=forward comment=Worm.BBEagle.m-2 disabled=no dst-port=
20742 protocol=tcp
add action=drop chain=forward comment=Worm.BBeagle.s/t/u/v disabled=no
dst-port=4751 protocol=tcp
add action=drop chain=forward comment=Worm.BBeagle.aa/ab/w/x-z-2 disabled=no
dst-port=2535 protocol=tcp
add action=drop chain=forward comment=Worm.LovGate.r.RpcExploit disabled=no
dst-port=5238 protocol=tcp
add action=drop chain=forward comment=Worm.Sasser.b/c/f disabled=no dst-port=
5554 protocol=tcp
add action=drop chain=forward comment=Worm.Sasser.b/c/f disabled=no dst-port=
9996 protocol=tcp
add action=drop chain=forward comment=Worm.Sasser.d disabled=no dst-port=9995
protocol=tcp
add action=drop chain=forward comment=Worm.Lovgate.a/b/c/d disabled=no
dst-port=10168 protocol=tcp
add action=drop chain=forward comment=Worm.Lovgate.v.QQ disabled=no dst-port=
20808 protocol=tcp
add action=drop chain=forward comment=Worm.Lovgate.f/g disabled=no dst-port=
1092 protocol=tcp
add action=drop chain=forward comment=Worm.Lovgate.f/g disabled=no dst-port=
20168 protocol=tcp
add action=drop chain=forward comment=“” disabled=no dst-port=593 protocol=
tcp
add action=drop chain=forward comment=“” disabled=no dst-port=1214 protocol=
tcp
add action=drop chain=forward comment=ndm.requester disabled=no dst-port=
1363-1364 protocol=tcp
add action=drop chain=forward comment=screen.cast disabled=no dst-port=1368
protocol=tcp
add action=drop chain=forward comment=hromgrafx disabled=no dst-port=1373
protocol=tcp
add action=drop chain=forward comment=cichlid disabled=no dst-port=1377
protocol=tcp
add action=drop chain=forward comment=Backdoor.OptixPro disabled=no dst-port=
3410 protocol=tcp
add action=drop chain=forward comment=“” disabled=no dst-port=135-139
protocol=udp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-6 disabled=no
dst-port=8787 protocol=udp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-7 disabled=no
dst-port=8879 protocol=udp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-8 disabled=no
dst-port=31666 protocol=udp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-9 disabled=no
dst-port=31337-31338 protocol=udp
add action=drop chain=forward comment=Back.Orifice.2000.Trojan-10 disabled=no
dst-port=54320-54321 protocol=udp
add action=drop chain=forward comment=Block.NetBus.Trojan-3 disabled=no
dst-port=12345-12346 protocol=udp
add action=drop chain=forward comment=Block.NetBus.Trojan-4 disabled=no
dst-port=20034 protocol=udp
add action=drop chain=forward comment=GirlFriend.Trojan-2 disabled=no
dst-port=21554 protocol=udp
add action=drop chain=forward comment=DeepThroat.Trojan-8 disabled=no
dst-port=41 protocol=udp
add action=drop chain=forward comment=DeepThroat.Trojan-9 disabled=no
dst-port=3150 protocol=udp
add action=drop chain=forward comment=DeepThroat.Trojan-10 disabled=no
dst-port=999 protocol=udp
add action=drop chain=forward comment=DeepThroat.Trojan-11 disabled=no
dst-port=6670 protocol=udp
add action=drop chain=forward comment=DeepThroat.Trojan-12 disabled=no
dst-port=6771 protocol=udp
add action=drop chain=forward comment=DeepThroat.Trojan-13 disabled=no
dst-port=60000 protocol=udp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-5 disabled=no
dst-port=10067 protocol=udp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-6 disabled=no
dst-port=10167 protocol=udp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-7 disabled=no
dst-port=3700 protocol=udp
add action=drop chain=forward comment=Portal.of.Doom.Trojan-8 disabled=no
dst-port=9872-9875 protocol=udp
add action=drop chain=forward comment=Delta.Source.Trojan-5 disabled=no
dst-port=6883 protocol=udp
add action=drop chain=forward comment=Delta.Source.Trojan-6 disabled=no
dst-port=26274 protocol=udp
add action=drop chain=forward comment=Delta.Source.Trojan-7 disabled=no
dst-port=44444 protocol=udp
add action=drop chain=forward comment=Delta.Source.Trojan-8 disabled=no
dst-port=47262 protocol=udp
add action=drop chain=forward comment=Eclypse.Trojan-1 disabled=no dst-port=
3791 protocol=udp
add action=drop chain=forward comment=Eclypse.Trojan-2 disabled=no dst-port=
3801 protocol=udp
add action=drop chain=forward comment=Eclypse.Trojan-3 disabled=no dst-port=
5880-5882 protocol=udp
add action=drop chain=forward comment=Eclypse.Trojan-4 disabled=no dst-port=
5888-5889 protocol=udp
add action=drop chain=forward comment=Trin00.DDoS.Trojan-1 disabled=no
dst-port=34555 protocol=udp
add action=drop chain=forward comment=Trin00.DDoS.Trojan-2 disabled=no
dst-port=35555 protocol=udp
add action=drop chain=forward comment=NetSpy.DK.Trojan-1 disabled=no
dst-port=31338 protocol=udp
add action=drop chain=forward comment=Worm.MsBlaster-2 disabled=no dst-port=
69 protocol=udp
add action=drop chain=forward comment=Worm.Sobig.f-2 disabled=no dst-port=
995-999 protocol=udp
add action=drop chain=forward comment=Worm.Sobig.f-3 disabled=no dst-port=
8998 protocol=udp
add action=drop chain=forward comment=“LIMIT USER CONECTION TO 25”
connection-limit=25,24 disabled=yes protocol=tcp src-address=10.0.0.0/24
add action=drop chain=output comment=“” disabled=no src-address=127.0.0.1
add action=accept chain=input comment=“” disabled=no dst-address=224.0.0.0/4
dst-port=1234 protocol=udp
add action=accept chain=input comment=“” disabled=no protocol=igmp
add action=accept chain=forward comment=“” disabled=no dst-address=
224.0.0.0/4 dst-port=1234 protocol=udp
add action=drop chain=forward comment=“” disabled=no src-address=127.0.0.1
add action=drop chain=input comment=“” disabled=no src-address=127.0.0.1
add action=drop chain=virus comment=WinCrash disabled=no dst-port=3024
protocol=tcp
add action=drop chain=virus comment=Block.NetBus.Trojan-2 disabled=no
dst-port=20034 protocol=tcp
add action=drop chain=forward comment=“block bifrost” disabled=no dst-port=81
protocol=tcp
add action=drop chain=virus comment=“” disabled=no dst-port=81 protocol=tcp
add action=drop chain=virus comment=“block Poison Ivy” disabled=no dst-port=
3460 protocol=tcp
add action=drop chain=forward comment=“block poison ivy” disabled=no
dst-port=3460 protocol=tcp
add action=drop chain=forward comment=“poison ivy” disabled=no dst-port=8000
protocol=tcp
add action=drop chain=virus comment=“Poison IVY” disabled=no dst-port=8000
protocol=tcp
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat comment=“masquerade hotspot network”
disabled=no src-address=10.0.0.0/24
add action=masquerade chain=srcnat comment=“” disabled=no src-address=
100.100.100.0/24
add action=masquerade chain=srcnat comment=“” disabled=no src-address=
192.168.100.0/24
/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061
set pptp disabled=yes
just to remind you guys
all i wanted is to be able to broadcast using ip 10.0.0.255 or to be able to multicast from ether2 to the entire network including wlan 1 and 2
i use dvbdream and vlc to stream from ip 10.0.0.1
first of, remove alternative-subnets from igmp-proxy configuration
second, choose either IGMP-proxy or PIM, they both do the same task and cannot be present on the router.
please post clearly your /routing pim interface and /routing pim rp sections
if you have working configuration, check /routing pim joins section and MRIB
then i will go for the PIM option
but i have a question first
IGMP v1: RFC 1112
IGMP v2: RFC 2236
IGMP v3: RFC 3376
which is the best version to use with mikrotik servers to get the best QOS and best streaming speed?
streaming speed is not altered by what protocol you are using (only in complex network topologies you will benefit from using IGMPv3 over IGMPv2)