:local leaseHostName;
:set leaseHostName $"lease-hostname";
HTH,
:local leaseHostName;
:set leaseHostName $"lease-hostname";
I have an RB2011 that never came back from the upgrade. On-site personnel report the screen is stuck at "loading kernel". Working on serial access now.
Killed my RB2011iL. I managed to downgrade it but it still locks up as soon as a LAN device tries to access WAN.
If I hard reset to factory; will my saved backup config still be there?
Those rules did not work anyway.Sir i have problem
rules p2p block bit torrent its gone...
some one can help me fix then?
dont say downgrade sir... i need solution for renew OS 6.39 thanks you
Hi, I also looking for solution, run FW L7 instead of p2p matcher.Those rules did not work anyway.Sir i have problem
rules p2p block bit torrent its gone...
some one can help me fix then?
dont say downgrade sir... i need solution for renew OS 6.39 thanks you
It is not easy to block such things due to advances in the protocols to avert blocking.
Agree,L7 matching is becoming more and more difficult due to encryption, and the use of random portnumbers
makes it difficult to apply it to a limited part of the traffic. That results in performance problems and
false positives on traffic you did not want to filter.
I know it is an unwelcome message, but "blocking certain traffic" is becoming less and less viable.
So how we should detect p2p traffic now?!) firewall - discontinued support for p2p matcher (old rules will become invalid);
It's great that you think it did it's job, but actually it was not doing anything.So how we should detect p2p traffic now?!) firewall - discontinued support for p2p matcher (old rules will become invalid);
p2p matcher with two-step method (add destination ip to address list and block/prioritize this list) is working very good for me.
It's doing its job pretty well actually.It's great that you think it did it's job, but actually it was not doing anything.
For BitTorrent traffic (sorry for video only -- that's not my content):So how we should detect p2p traffic now?!) firewall - discontinued support for p2p matcher (old rules will become invalid);
p2p matcher with two-step method (add destination ip to address list and block/prioritize this list) is working very good for me.
How about those who DID upgrade to 6.39 and have bricked/bootlooping devices?This is applicable only for users using Webfig.
We have managed to reproduce problem with default configuration after reboot. We will try to fix this as soon as possible.
If you have only used Webfig on specific router and have never used CLI or Winbox on this device, then after upgrade/reboot device will be reset to default configuration.
Instructions to avoid this:
1) Connect to device through CLI or Winbox before upgrade to 6.39;
2) Reject default configuration;
3) Upgrade device.
Personally I haven't found any 100% reliable method without having to do some settings on each torrent client's PC (read bellow).So how we should detect p2p traffic now?
Thanks, i know about layer7 based solutions.
Nobody talk about 100% but please take a look at screenshots in my comment #67 — only three simple rules almost stopped uploads in torrent client. No DSCP, no L7.Personally I haven't found any 100% reliable method without having to do some settings on each torrent client's PC (read bellow).
But I haven't looked into it the last 2-3 years to be honest, so there maybe other solutions now.
My solution does work 100% but it needs for each PC on your network to setup Policy Based QoS via Group Policy editor to apply the DCSP tag.Thanks, i know about layer7 based solutions.
Nobody talk about 100% but please take a look at screenshots in my comment — only three simple rules almost stopped uploads in torrent client. No DSCP, no L7.Personally I haven't found any 100% reliable method without having to do some settings on each torrent client's PC (read bellow).
But I haven't looked into it the last 2-3 years to be honest, so there maybe other solutions now.
RB2011 Does Not BOOT after UpgradeCode: Select allloading kernel... OK setting up elf image... OK jumping to kernel code ERROR: no system package found! Kernel panic - not syncing: Attempted to kill init! Rebooting in 1 seconds.. RouterBOOT booter 3.33 RouterBoard 2011UiAS-2HnD CPU frequency: 600 MHz Memory speed: 200 MHz Memory size: 128 MiB NAND size: 128 MiB Press any key within 5 seconds to enter setup.....
Ok that probably matches most of the cases where I have seen it fail. Good find!This is applicable only for users using Webfig.
We have managed to reproduce problem with default configuration after reboot. We will try to fix this as soon as possible.
If you have only used Webfig on specific router and have never used CLI or Winbox on this device, then after upgrade/reboot device will be reset to default configuration.
FINALLY!*) dhcp-client - added "script" option which executes script on state changes;
# DNS record for DHCP lease
:local topdomain;
# Configure your domain
:set topdomain "yourdomain.com";
:if ($leaseBound = 1) do={
/ip dns static add name=($"lease-hostname" . "." . $topdomain) address=$leaseActIP;
}
# DNS record for DHCP lease
:local topdomain;
:local FullHostName;
:local NoUpdate false;
# Configure your domain
:set topdomain "yourdomain.com";
:if ($leaseBound = 1) do={
:set FullHostName ($"lease-hostname" . "." . $topdomain)
/ip dns static;
:foreach n in [find] do={
# If a static DNS entry is the same as the lease then leave it and mark to not Update it
:if (([get $n name] = $"FullHostName") and ([get $n address] = $leaseActIP)) do={
:set NoUpdate true;
} else={
# If some DNS entry with same fully qualified domain name or same address already exist remove it
:if (([get $n name] = $"FullHostName") or ([get $n address] = $leaseActIP)) do={
:log info ("Removing from Static DNS : " . [get $n name] . " @ " . [get $n address]);
remove $n;
}
}
}
# Add new Static DNS Entry if necessary
:if ($NoUpdate = false) do={
:log info ("Adding to Static DNS : " . $"FullHostName" . " @ " . $leaseActIP);
add name=($"lease-hostname" . "." . $topdomain) address=$leaseActIP;
}
}
Diagnosis: correct - problems with devices configured by WebfigThis is applicable only for users using Webfig.
We have managed to reproduce problem with default configuration after reboot. We will try to fix this as soon as possible.
If you have only used Webfig on specific router and have never used CLI or Winbox on this device, then after upgrade/reboot device will be reset to default configuration.
Instructions to avoid this:
1) Connect to device through CLI or Winbox before upgrade to 6.39;
2) Reject default configuration;
3) Upgrade device.
can confirm with hEX and attached 1 TB USB SSDHAP ac lite - After update I can't create SMB share on external drive (usb). Can somebody confirm that?
Same here on HapACcan confirm with hEX and attached 1 TB USB SSDHAP ac lite - After update I can't create SMB share on external drive (usb). Can somebody confirm that?
also the exisiting shares are inaccessible!
please fix it
Normis it actually worked with unencrypted p2p. That was all I really cared for. What I would be interested to know is how does a L7 filter performer compared to the p2p matcher?It's great that you think it did it's job, but actually it was not doing anything.So how we should detect p2p traffic now?!) firewall - discontinued support for p2p matcher (old rules will become invalid);
p2p matcher with two-step method (add destination ip to address list and block/prioritize this list) is working very good for me.
It was broken for a long time, and was not actually capturing any modern p2p traffic, instead it was breaking some legitimate traffic.
You can make actually working rules with l7 filters:
https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/L7