Rb951g-2hnd clock is not right

amsteen · September 16, 2023, 3:26pm

Rb951g-2hnd clock is not right
I try to adjust it manualy many times
Even date is wronge
But when power off it reset clock
I am not using ntp server or client

It should read clock from internet. Is it right ??

holvoetn · September 16, 2023, 5:00pm

Not unless you told it to do so.

Ntp client or ip cloud time.

amsteen · September 17, 2023, 9:13am

I try cloud timd and ntp client but it is not working check photos the date is wrong and time is manually entered
I noticed one thing when I enter clock menu the date shows correct for less than second then changed to wrong date ( decreases by 5 days ), also ntp client keeps invalid address for host name until I add ntp server ip
I do not know what is the problem ??

holvoetn · September 17, 2023, 12:20pm

Maybe best to export your config.

Looks like neither IP/Cloud nor NPT client can get out so something is blocking on firewall.
But I saw another post of you where it might be hinted someone has access to your device ??

Netinstall first then !

sid5632 · September 17, 2023, 12:31pm

Stop posting MASSIVE screen shots.

amsteen · September 24, 2023, 4:07pm

This is my setting

# 2023-09-24 19:02:42 by RouterOS 7.10.2
# software id = GY05-HEA2
#
# model = RB951G-2HnD
# serial number = 643005FB23A9
/interface bridge
add name=GuestBr
add name=SteenBr
add name=Stydybridge
add admin-mac=E4:8D:8C:67:1C:DB auto-mac=no fast-forward=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] disabled=yes name=ether3-slave-local
set [ find default-name=ether4 ] disabled=yes name=ether4-slave-local
set [ find default-name=ether5 ] disabled=yes name=ether5-slave-local
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-Ce country=no_country_set default-authentication=no disabled=no \
distance=indoors frequency=auto frequency-mode=manual-txpower hide-ssid=\
yes mode=ap-bridge ssid="B0" station-roaming=enabled \
wireless-protocol=802.11 wps-mode=disabled
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=Steen supplicant-identity=""
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=GUEST \
supplicant-identity=""
add authentication-types=wpa2-psk management-protection=allowed mode=\
dynamic-keys name=Studyp supplicant-identity=MikroTik
/interface wireless
add disabled=no hide-ssid=yes mac-address=E6:8D:8C:67:1C:E0 master-interface=\
wlan1 name=Study security-profile=Studyp ssid=Study wds-default-bridge=\
GuestBr wps-mode=disabled
add default-authentication=no disabled=no hide-ssid=yes keepalive-frames=\
disabled mac-address=E6:8D:8C:67:1C:DF master-interface=wlan1 \
multicast-buffering=disabled name=wlan2 security-profile=Steen ssid=\
nrty-:/96 station-roaming=enabled wds-cost-range=0 wds-default-cost=0 \
wps-mode=disabled
add default-authentication=no disabled=no hide-ssid=yes keepalive-frames=\
disabled mac-address=E6:8D:8C:67:1C:D2 master-interface=wlan1 \
multicast-buffering=disabled name=wlan3 security-profile=GUEST ssid=GUEST \
station-roaming=enabled wds-cost-range=0 wds-default-cost=0 wps-mode=\
disabled
/ip firewall layer7-protocol
add name=you regexp="\93.*(youtu)+.*\""
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip kid-control
add disabled=yes name="  one"
/ip pool
add name=dhcp ranges=192.168.60.35-192.168.60.50
add name=SteenP ranges=10.20.30.40-10.20.30.50
add name=Guest ranges=160.170.180.191-160.170.180.210
add name=Studypool ranges=20.30.40.51-20.30.40.55
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay interface=bridge-local \
lease-time=10m name=default
add address-pool=SteenP authoritative=after-2sec-delay interface=SteenBr \
lease-time=10m name=SteenDHCP
add address-pool=Guest authoritative=after-2sec-delay disabled=yes interface=\
GuestBr lease-time=10m name=GuestDHCP
add address-pool=Studypool interface=Stydybridge name=StudyDHCP
/queue simple
add comment="in the time interval defined in time the speed will be full and e\
xcept this period the speed will be 1 MB" max-limit=5M/5M name=FARS \
queue=default/default target=160.170.180.196/32 total-queue=default
add name="HP LAP" queue=default/default target=160.170.180.192/32 \
total-queue=default
add max-limit=100M/100M name="MY MOBILE" queue=default/default target=\
10.20.30.43/32 total-queue=default
add name=Toshiba queue=default/default target=10.20.30.45/32 total-queue=\
default
add max-limit=512M/512M name="DEll LAPTOP" queue=default/default target=\
192.168.60.42/32 total-queue=default
add comment="Dell PC" max-limit=1M/1M name="Dell PC" queue=default/default \
target=192.168.60.49/32 total-queue=default
add comment="dell desktop" name="DELL desktop" queue=default/default target=\
10.20.30.44/32 total-queue=default
add max-limit=512k/512k name="Old Pc" queue=default/default target=\
192.168.60.36/32 time=0s-1d,sun,mon,tue,wed,thu,fri,sat total-queue=\
default
add name="HP LAPTOP" queue=default/default-small target=160.170.180.192/32 \
total-queue=default
add max-limit=512k/512k name=tablet queue=default/default target=\
160.170.180.193/32 total-queue=default
add max-limit=512k/512k name="Kareem Mobile" queue=default/default target=\
160.170.180.193/32 total-queue=default
add max-limit=2M/2M name="Rehab Mobile" queue=default/default target=\
192.168.60.47/32 total-queue=default
add name=user1 queue=default/default target=192.168.60.43/32 total-queue=\
default
add max-limit=5M/5M name="Nour Mobile" queue=default/default target=\
160.170.180.197/32 total-queue=default
add name=Unknown queue=default/default target=192.168.60.200/32 total-queue=\
default
add name=Reciver queue=default/default target=160.170.180.191/32
add name="Wireless Interface" queue=default/default target=ether1-gateway \
total-queue=default
add dst=bridge-local name="Total Trafic" queue=default/default target=\
192.168.60.1/32 total-queue=default
add name=Bridge queue=default/default target=192.168.1.150/32 total-queue=\
default
/queue tree
add name=Wireless parent=wlan1 queue=default
add name=Gateway parent=ether1-gateway queue=default
add name=Total parent=global queue=default
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/interface bridge port
add bridge=bridge-local ingress-filtering=no interface=ether2-master-local
add bridge=bridge-local ingress-filtering=no interface=wlan1
add bridge=bridge-local ingress-filtering=no interface=ether4-slave-local
add bridge=bridge-local ingress-filtering=no interface=ether5-slave-local
add bridge=SteenBr ingress-filtering=no interface=wlan2
add bridge=GuestBr ingress-filtering=no interface=wlan3
add bridge=bridge-local disabled=yes interface=all
/ip neighbor discovery-settings
set discover-interface-list=discover
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether2-master-local list=discover
add interface=ether3-slave-local list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-slave-local list=discover
add interface=wlan1 list=discover
add interface=bridge-local list=discover
add interface=ether2-master-local list=mactel
add interface=ether3-slave-local list=mactel
add interface=ether2-master-local list=mac-winbox
add interface=ether4-slave-local list=mactel
add interface=ether3-slave-local list=mac-winbox
add interface=ether5-slave-local list=mactel
add interface=ether4-slave-local list=mac-winbox
add interface=wlan1 list=mactel
add interface=ether5-slave-local list=mac-winbox
add interface=bridge-local list=mactel
add interface=wlan1 list=mac-winbox
add interface=bridge-local list=mac-winbox
add interface=ether1-gateway list=WAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireless access-list
add comment=Rehab interface=wlan1 mac-address=A8:34:6A:CB:9A:0A time=\
0s-1d,sun,mon,tue,wed,thu,fri,sat vlan-mode=no-tag
add comment="Toshiba LAPTOP" disabled=yes interface=wlan2 mac-address=\
20:16:D8:31:D7:2A time=0s-1d,sun,mon,tue,wed,thu,fri,sat vlan-mode=no-tag
add comment="DELL LAP" disabled=yes interface=wlan1 mac-address=\
00:22:5F:AA:EC:3D time=0s-1d,sun,mon,tue,wed,thu,fri,sat vlan-mode=no-tag
add comment=repeater disabled=yes interface=wlan1 mac-address=\
00:E0:20:13:8B:56 time=0s-1d,sun,mon,tue,wed,thu,fri,sat vlan-mode=no-tag
add comment="Linksys usb Wi-Fi " disabled=yes interface=wlan2 mac-address=\
68:7F:74:71:05:9D vlan-mode=no-tag
add comment="fars small tablet" disabled=yes interface=wlan3 mac-address=\
20:14:3C:18:50:11 time=0s-1d,sun,mon,tue,wed,thu,fri,sat vlan-mode=no-tag
add comment=TV-BOX disabled=yes interface=wlan2 mac-address=40:F3:08:34:02:58 \
time=0s-1d,sun,mon,tue,wed,thu,fri,sat vlan-mode=no-tag
add comment="Amgad Tablet" disabled=yes interface=wlan3 mac-address=\
00:A8:09:01:A6:BD time=16h30m-18h30m,sun,mon,tue,wed,thu,fri,sat
add comment="OPEN FOR ALL" disabled=yes vlan-mode=no-tag
add comment="Nour Mobile" disabled=yes interface=wlan3 mac-address=\
50:DA:D6:E5:AF:27 time=16h-18h,sun,mon,tue,wed,thu,fri,sat vlan-mode=\
no-tag
add comment="mona Mobile" disabled=yes interface=wlan3 mac-address=\
D0:31:69:CD:2A:60 vlan-mode=no-tag
add comment=ESP32-test disabled=yes interface=wlan1 mac-address=\
3C:71:BF:5A:6E:B0 time=13h-23h,sun,mon,tue,wed,thu,fri,sat vlan-mode=\
no-tag
add comment=FARS disabled=yes interface=wlan2 mac-address=94:87:E0:7F:B5:88 \
time=16h-18h,sun,mon,tue,wed,thu,fri,sat
add comment=reciver0 disabled=yes interface=wlan3 mac-address=\
C8:3A:35:D1:FE:D2
add comment=Tails disabled=yes interface=wlan2 mac-address=20:16:D8:8C:C2:B7 \
time=0s-1d,sun,mon,tue,wed,thu,fri,sat vlan-mode=no-tag
add comment="Amgad Mobile" interface=wlan2 mac-address=68:4A:E9:01:13:EF
add comment="HP LAPTOP" interface=wlan2 mac-address=80:19:34:65:F7:39
/ip address
add address=192.168.60.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.60.0
add address=192.168.30.150/24 interface=ether1-gateway network=192.168.30.0
add address=10.20.30.30/24 interface=wlan2 network=10.20.30.0
add address=160.170.180.190/24 interface=bridge-local network=160.170.180.0
add address=20.30.40.50/24 interface=Study network=20.30.40.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" disabled=yes interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.60.50 client-id=1:70:54:d2:41:93:16 comment=\
"Toshiba Labtop" mac-address=70:54:D2:41:93:16 server=default
add address=192.168.60.39 client-id=1:0:c:29:7e:c1:1b comment="XP inside VM" \
mac-address=00:0C:29:7E:C1:1B server=default
add address=192.168.60.253 client-id=1:0:c:29:58:b1:c2 comment="Work VM \E3\CB\
\C8\CA \E1\E5 \CF\ED \C5\E4 \C5\D3 \DB\ED\D1 \C8\C7\DE\ED \C7\E1\C3\CC\E5\
\D2\C9 " mac-address=00:0C:29:58:B1:C2 server=default
add address=192.168.60.52 always-broadcast=yes client-id=1:20:16:d8:31:d7:2a \
comment="Toshiba 0" disabled=yes mac-address=20:16:D8:31:D7:2A server=\
default
add address=192.168.60.54 block-access=yes client-id=1:54:e4:bd:8e:45:6c \
comment=EZCAST mac-address=54:E4:BD:8E:45:6C server=default
add address=192.168.60.200 block-access=yes client-id=1:f8:d0:ac:d8:c5:77 \
comment=UNKNOWEN mac-address=F8:D0:AC:D8:C5:77 server=default
add address=192.168.60.53 client-id=1:c0:17:4d:35:c0:4e comment=\
"Rehab Mobile" disabled=yes mac-address=C0:17:4D:35:C0:4E server=default
add address=192.168.60.51 client-id=1:a8:34:6a:cb:9a:a comment="Amgad Mobile" \
disabled=yes mac-address=A8:34:6A:CB:9A:0A server=default
add address=192.168.60.46 always-broadcast=yes comment=Reciver disabled=yes \
mac-address=C8:3A:35:D1:FE:D2 server=default
add address=192.168.60.44 comment=ESP mac-address=18:FE:34:DB:65:F7 server=\
default
add address=192.168.60.37 comment=ESPCAM mac-address=24:6F:28:12:D8:2C \
server=default
add address=192.168.60.45 client-id=00:13:EF:90:17:5E comment="OLD PC" \
mac-address=00:13:EF:90:17:5E server=default
add address=192.168.60.48 client-id=1:80:19:34:65:f7:39 comment="HP LAPTOP" \
disabled=yes mac-address=80:19:34:65:F7:39 server=default
add address=192.168.60.43 client-id=1:0:c:29:3b:8c:c9 comment=VMWARE \
mac-address=00:0C:29:3B:8C:C9 server=default
add address=192.168.60.55 comment="OLD TOSHIBA" disabled=yes mac-address=\
00:16:6F:39:80:B3 server=default
add address=160.170.180.195 comment="OLD TOSHIB" disabled=yes mac-address=\
00:16:6F:39:80:B3 server=default
add address=10.20.30.41 client-id=1:a8:34:6a:cb:9a:a comment=Rehab disabled=\
yes mac-address=A8:34:6A:CB:9A:0A server=SteenDHCP
add address=160.170.180.192 comment=Mona disabled=yes mac-address=\
D0:31:69:CD:2A:60 server=GuestDHCP
add address=160.170.180.193 client-id=1:0:a8:9:1:a6:bd comment=tablet \
mac-address=00:A8:09:01:A6:BD server=GuestDHCP
add address=160.170.180.191 client-id=1:c8:3a:35:d1:fe:d2 comment=Reciver \
disabled=yes mac-address=C8:3A:35:D1:FE:D2 server=GuestDHCP
add address=160.170.180.196 client-id=1:94:87:e0:7f:b5:88 comment=FARS \
mac-address=94:87:E0:7F:B5:88 server=GuestDHCP
add address=160.170.180.197 client-id=1:50:da:d6:e5:af:27 comment=Nour \
mac-address=50:DA:D6:E5:AF:27 server=GuestDHCP
add address=10.20.30.50 client-id=1:80:19:34:65:f7:39 comment=HP-LAB \
disabled=yes mac-address=80:19:34:65:F7:39 server=SteenDHCP
add address=10.20.30.42 client-id=1:94:87:e0:7f:b5:88 comment=Fars0 \
mac-address=94:87:E0:7F:B5:88 server=SteenDHCP
add address=192.168.60.49 client-id=1:7c:8b:ca:1:df:71 comment="DELL DESKTOP" \
mac-address=7C:8B:CA:01:DF:71 server=default
add address=10.20.30.43 client-id=1:68:4a:e9:1:13:ef comment="Amgad mobile" \
mac-address=68:4A:E9:01:13:EF server=SteenDHCP
add address=10.20.30.44 client-id=1:40:f3:8:34:2:58 comment=TV-Box \
mac-address=40:F3:08:34:02:58 server=SteenDHCP
add address=192.168.60.47 client-id=1:a8:34:6a:cb:9a:a comment="Rehab M" \
mac-address=A8:34:6A:CB:9A:0A server=default
add address=192.168.60.46 client-id=1:0:90:a9:5e:55:10 comment=\
"WD ShareSpace" mac-address=00:90:A9:5E:55:10 server=default
add address=10.20.30.40 client-id=1:80:19:34:65:f7:39 comment="HP LAPTOP" \
mac-address=80:19:34:65:F7:39 server=SteenDHCP
add address=10.20.30.45 client-id=1:0:90:a9:5e:55:10 comment=SHARESPACE \
mac-address=00:90:A9:5E:55:10 server=SteenDHCP
add address=192.168.60.40 client-id=1:a2:a7:d:13:e3:0 comment=Rep-Reh \
mac-address=A2:A7:0D:13:E3:00 server=default
add address=192.168.60.42 client-id=1:0:22:5f:aa:ec:3d comment="dell lap" \
mac-address=00:22:5F:AA:EC:3D server=default
/ip dhcp-server network
add address=10.20.30.0/24 dns-server=10.20.30.30 gateway=10.20.30.30 netmask=\
24
add address=20.30.40.0/24 gateway=0.0.0.0
add address=160.170.180.0/24 dns-server=160.170.180.190 gateway=\
160.170.180.190
add address=192.168.60.0/32 comment="default configuration" dns-server=\
192.168.60.1 gateway=192.168.60.1 netmask=24
add address=192.168.60.0/24 gateway=192.168.60.1 netmask=24
add address=192.168.60.246/32 comment="\E5\D0\C7 \C7\E1\C3\ED\C8\ED \E3\CB\C8\
\CA \DA\E1\ED \CC\E5\C7\D2 \E6 \ED\C3\CE\D0  \CF\ED \C5\E4 \C5\D3 \CB\C7\
\C8\CA \E6 \E3\CE\CA\E1\DD \DA\E4 \C8\C7\DE\ED \C7\E1\C3\CC\E5\D2\C9" \
dns-server=213.236.32.2,212.76.85.145 gateway=192.168.60.1 netmask=24
/ip dns
set allow-remote-requests=yes servers="163.121.128.134,163.121.128.135,192.168\
.30.1,8.8.8.8,199.85.127.30,199.85.126.30"
/ip dns static
add address=192.168.60.1 name=router
/ip firewall filter
add action=accept chain=input comment="access from we router" dst-port=8291 \
protocol=tcp
add action=accept chain=forward dst-address=192.168.30.100 protocol=tcp
add action=drop chain=forward disabled=yes dst-port=80,443 layer7-protocol=\
!you protocol=tcp src-address=10.20.30.0/24 src-address-list=""
add action=accept chain=forward comment="Isolate wlan3 from wlan1" \
dst-address=192.168.60.0/24 src-address=10.20.30.0/24
add action=drop chain=forward comment="Isolate wlan3 from wlan1" dst-address=\
192.168.60.0/24 src-address=160.170.180.0/24
add action=drop chain=forward comment="Isolate wlan3 from wlan2" dst-address=\
10.20.30.0/24 src-address=160.170.180.0/24
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established,related
add action=drop chain=forward comment="unknown mac" src-mac-address=\
F8:D0:AC:D8:C5:77
add action=drop chain=forward comment="\C5\ED\DE\C7\DD \C7\E1\C5\E4\CA\D1\E4\
\CA \E3\E4 \C7\E1\C3\ED\C8\ED\E5\C7\CA \E3\E4 1\C7\E1\ED 39 " disabled=\
yes src-address=192.168.60.1-192.168.60.48
add action=drop chain=forward comment=\
"Stop Internet Between 12 am to 15 pm     for range 41-49" disabled=yes \
src-address=192.168.60.41-192.168.60.49 time=\
0s-15h,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment="DELL PC" disabled=yes src-address=\
192.168.60.49 time=23h-23h59m,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment="DELL PC0" disabled=yes fragment=no \
src-address=192.168.60.49 time=1h-15h,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment=\
"Stop Internet Between 12 am to 20:30 pm     for DELL LAPTOP" disabled=\
yes src-address=192.168.60.40 time=0s-21h30m,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment=\
"Stop Internet Between 16 pm to 12 am   For Range 41-49" disabled=yes \
src-address=192.168.60.41-192.168.60.49 time=\
16h-23h59m,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment=\
"Stop Internet Between 21:30 pm to 12 am   For DELL Laptop" disabled=yes \
src-address=192.168.60.40 time=22h30m-23h59m,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment=\
"\C5\ED\DE\C7\DD \C7\E1\C5\E4\CA\D1\E4\CA \E3\E4 \C7\E1\C3\ED\C8\ED47 " \
disabled=yes src-address=192.168.60.47
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add action=accept chain=forward comment="default configuration" \
connection-state=established,related
add action=accept chain=forward comment="default configuration" \
connection-state=established,related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=reject chain=forward comment="disable int 3" connection-nat-state=\
!dstnat connection-state=new disabled=yes in-interface=ether3-slave-local \
reject-with=icmp-network-unreachable time=\
22h-13h,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward content=youtube disabled=yes dst-port=80,443 \
in-interface=all-ethernet out-interface=all-wireless protocol=tcp
/ip firewall mangle
add action=change-ttl chain=postrouting comment=\
"change ttl to1 This Stop bluetooth sharing" new-ttl=set:1 out-interface=\
bridge-local passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
add action=dst-nat chain=dstnat comment="\CA\E6\CC\ED\E5 \C7\E1\E3\D3\CE\CF\E3\
\ED\E4 \C5\E1\ED \C5\D3\CA\CE\CF\C7\E3 \C7\E1\CF\ED \C5\E4 \C5\D3 \CA\C8\
\DA \E3\ED\DF\D1\E6\CA\DF \CD\CA\ED \E1\E6 \C3\CF\CE\E1\E6\C7 \E6\C7\CD\CF\
\_\C3\CE\D1 \ED\CF\E6\ED\C7 " disabled=yes dst-port=53 protocol=tcp \
to-addresses=192.168.60.1 to-ports=53
add action=dst-nat chain=dstnat comment="\CA\E6\CC\ED\E5 \C7\E1\E3\D3\CE\CF\E3\
\ED\E4 \C5\E1\ED \C5\D3\CA\CE\CF\C7\E3 \C7\E1\CF\ED \C5\E4 \C5\D3 \CA\C8\
\DA \E3\ED\DF\D1\E6\CA\DF \CD\CA\ED \E1\E6 \C3\CF\CE\E1\E6\C7 \E6\C7\CD\CF\
\_\C3\CE\D1 \ED\CF\E6\ED\C7 " disabled=yes dst-port=53 protocol=udp \
to-addresses=192.168.60.1 to-ports=53
add action=dst-nat chain=dstnat comment=NVR disabled=yes dst-port=80 \
in-interface-list=WAN protocol=tcp to-addresses=192.168.30.100 to-ports=\
80
/ip proxy
set enabled=yes max-cache-size=none
/ip proxy access
add action=deny comment="this is not working with https sites" path=*.mov \
src-address=192.168.60.49
add action=deny path=*.apk src-address=192.168.60.49
add action=deny path=*.bin src-address=192.168.60.49
add action=deny path=*.vcd src-address=192.168.60.49
add action=deny path=*.nrg src-address=192.168.60.49
add action=deny path=*.iso src-address=192.168.60.49
add action=deny path=*.daa src-address=192.168.60.49
add action=deny path=*.dat src-address=192.168.60.49
add action=deny path=*.rmvb src-address=192.168.60.49
add action=deny path=*.ram src-address=192.168.60.49
add action=deny path=*.mp3 src-address=192.168.60.49
add action=deny path=*.rm src-address=192.168.60.49
add action=deny path=*.wav src-address=192.168.60.49
add action=deny path=*.flv src-address=192.168.60.49
add action=deny path=*.avi src-address=192.168.60.49
add action=deny path=*.mkv src-address=192.168.60.49
add action=deny path=*.mpg src-address=192.168.60.49
add action=deny path=*.mpeg src-address=192.168.60.49
add action=deny path=*.asf src-address=192.168.60.49
add action=deny path=*.wmv src-address=192.168.60.49
add action=deny path=*.cab src-address=192.168.60.49
add action=deny path=*.7z src-address=192.168.60.49
add action=deny path=*.rar src-address=192.168.60.49
add action=deny path=*.zip src-address=192.168.60.49
add action=deny path=*.exe src-address=192.168.60.49
add action=deny path=*.mp4 src-address=192.168.60.49
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.30.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=7256
set ssh port=9576
set api disabled=yes
set winbox port=3958
set api-ssl disabled=yes
/routing bfd configuration
add disabled=no
/system clock
set time-zone-name=Africa/Cairo
/system clock manual
set time-zone=+03:00
/system leds
set 0 interface=wlan1
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=45.33.53.84
add address=204.17.205.8
add address=162.159.200.123
add address=157.230.199.132
add address=44.190.40.123
/system routerboard settings
set auto-upgrade=yes
/system scheduler
add disabled=yes interval=1d name=RSTQUE on-event=RstQueues policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
2018-04-21 start-time=06:00:00
add disabled=yes interval=1d name=RSTCOUN on-event=ResetAllCounters policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
2018-04-21 start-time=06:00:00
add disabled=yes interval=5m name=Over300Mb4 on-event=BW300MB4 policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2020-05-09 start-time=20:33:26
add disabled=yes interval=1s name=DS15MB on-event=DS15MB policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2020-05-09 start-time=20:54:43
add interval=5m name=Dis-Old-PC on-event=Dis-Old-PC policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2020-05-09 start-time=22:52:13
add comment="Disable the interface at1" disabled=yes interval=1d name=\
"Disable Ether1 at 1:00" on-event=\
"[/interface set ether2-master-local disabled=yes]" policy=\
read,write,policy,test start-date=2021-02-22 start-time=01:00:00
add comment="Enable the interface at the specified time" disabled=yes \
interval=1d name="Enable ether1 at 24:59" on-event=\
"[/interface set ether2-master-local disabled=no]" policy=\
read,write,policy,test start-date=2021-02-22 start-time=00:59:00
add comment="Enable ether1" disabled=yes interval=1d name="disable ether1 23" \
on-event="[/interface set ether2-master-local disabled=yes]" policy=\
read,write,policy,test start-date=2021-02-22 start-time=23:00:00
add comment="Enable the interface at 12 am" disabled=yes interval=1d name=\
"enable ether1" on-event=\
"[/interface set ether2-master-local disabled=no]" policy=\
read,write,policy,test start-date=2021-02-22 start-time=12:50:00
/system script
add dont-require-permissions=no name=RstQueues owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local \
qqueue;\r\
\n:foreach qqueue in=[/queue simple find] do={\r\
\n  /queue simple set \$qqueue max-limit=0/0\r\
\n}"
add comment="Decrease speed when reaches 15MB For user1" \
dont-require-permissions=no name=DS15MB owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local qqueue;\r\
\n  :set qqueue [/queue simple find target=192.168.60.43/32];\r\
\n  :if ([:len \$qqueue]>0) do={\r\
\n    :if ([/queue simple get \$qqueue total-bytes]>15728640) do={\r\
\n         :log info (\"Setting queue limit for 192.168.60.43/32\");\r\
\n        /queue simple set user1 max-limit=64000/64000}\r\
\n  }\r\
\n}"
add dont-require-permissions=yes name="set queue limit" owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"/queue simple set user1 max-limit=10M/10M"
add comment="Disable OldPc when reaches 3GB" dont-require-permissions=no \
name=Dis-Old-PC owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local qqueue;\r\
\n  :set qqueue [/queue simple find target=192.168.60.45/32];\r\
\n  :if ([:len \$qqueue]>0) do={\r\
\n    :if ([/queue simple get \$qqueue total-bytes]>3221225472) do={\r\
\n         :log info (\"Setting queue limit for 192.168.60.45/32\");\r\
\n        /interface wireless access-list disable 14}\r\
\n  }\r\
\n}"
add dont-require-permissions=no name="OLD TOSHIBA" owner=steen policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
""
/tool graphing queue
add
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool romon port
add

mkx · September 25, 2023, 8:53am

OK, so you have NTP client configured. And nothing should be blocking UDP traffic with DST port 123 towards internet.

What does /system/ntp/client show?

Anecdote: a short while ago I added a new switch into my network … and NTP clients on ROS (and Linux) had problems synchronizing time to external NTP servers. It turns out that switch (which is a normal L2 managed switch) has some “Security” features … which blocked NTP traffic when “client” also used privileged port (UDP 123 is standard fro NTP). After I disabled that BS of a security, things started to work again. If client used non-privileged port (i.e. random high number), then it could get synchronization data just fine.
Meaning that you should check how NTP traffic is handled by upstream devices, most likely that means your ISP.

amsteen · September 27, 2023, 12:36pm

the status for /system/ntp/client was waiting
but today I check it becomes synchronized
And dat and time becomes right
I do not do any thing

holvoetn · September 27, 2023, 5:32pm

The Good Fairy solved it ?

amsteen · September 28, 2023, 12:41pm

Thanks for every one here