MikroTik

Marktime87

I think I misread the guide and added in bits that didn't need to be there. I've changed the mangle list to this and it seems to be distributing traffic evenly: /ip firewall mangle add action=mark-connection chain=prerouting connection-state=new in-interface=bridge1 new-connection-mark=odd nth=2,1 p...

Marktime87

I'm trying to load balance with 2 WANs using this guide here: https://help.mikrotik.com/docs/display/ROS/Firewall+Marking#FirewallMarking-Example4:(NTH) I've got internet traffic on everything connected but I can't get traffic to go over ether 2, everything still goes over ether1. I've been running ...

Marktime87

I found the problem. I had put the ether interfaces in a WAN list instead of the PPPoE interfaces so the other 2 lines weren't masquerading properly. All I did from there was: chain=prerouting action=mark-routing new-routing-mark=Workshop passthrough=yes src-address=192.168.13.0/24 log=no log-prefix...

Marktime87

I'm actually having trouble replicating even 2 over 2 right now. I'm just messing about with it in-between installing the infrastructure on the site so I'll get a useable config pasted here soon.

Marktime87

Hi Guys I'm at the limit of my knowledge here. I've successfully done a 2 LAN over 2 WAN setup in the past but I'm struggling to get 6 LAN over 3 WAN working. The goal setup goes like this: LAN 1, LAN 2, LAN 3 -> WAN 1 LAN 4, LAN 5 -> WAN 2 LAN 6 -> WAN 3 WAN 1 is a static IP - Working. WAN 2 and 3 ...

Marktime87

I'd like to set up remote logging for all my production routers. I did implement it a while ago. Set everything up and was happy for 10 minutes before I realised it was all basically unencrypted traffic flying over the internet and swiftly disabled it on all routers. I'm thinking I can use a MT to M...

Marktime87

***FIXED*** I updated the router so that the bridge section had the more in depth Vlan options. I made the bridge, set SFP2 and SFP11 as ports, made Vlan 1001 attached to the bridge interface, entered Vlan 1001 into the Vlan tab of the bridge window and entered SFP2 and SFP11 as tagged ports in ther...

Marktime87

I'm trying to pass a VLAN from another router, through my CCR1016, and then out to another part of the site. Relevant ports to this are SFP2 and SFP11. Both already have management IP addresses and several VLANs attached to them. The VLAN I want to passthrough is id 1001 and it is coming in on SFP2 ...

Marktime87

Hi guys I have a site which has a CCR fibre linked to a unifi poe switch which then daisy chains to another 3 poe switches. I have had several vlans running on there for a year now with no issue. Today I went on site to terminate cables for a newly built office that will be rented out and did the fo...

Marktime87

Hi guys I'm scratching my head over something. In this diagram: https://imgur.com/a/F3Bip I want to prioritise CCTV traffic over the wireless link. Lets assume it is on a vlan away from the other devices. Will Queues on the CCR affect the incoming traffic shaping over the PTP link? Or would this nee...

Marktime87

Well, maybe not so weird because that is probably done by using an established outbound connection from your Synology to the Synology website. Then that connection is used to then re-connect inward when you go to the Synology website from the internet. That's going to bypass some firewall rules sin...

Marktime87

I have an older Synology that works fine. It's attached to a switch under my MikroTik router. I'm reading what "invalid" means in the wiki and it has a strong association with out of order packets or incorrect sequence numbers with NAT. Are you using NAT to talk to it? Does it work from t...

Marktime87

Hi guys This morning I swapped a client over from a Draytek to a Mikrotik for various reasons. Everything went fine apart from not being able to access the Synology. It got a DHCP lease and the router could ping it, but nothing else on the network could ping it or access it. Long story short I found...

Marktime87

Hi Guys I'm planning a large network for a holiday park. I've got everything worked out hardware/costing wise but the client has just informed me that he doesn't want individual SSID/VLANs in each holiday let but rather a site wide SSID. No problemo I thought. I can make a huge DHCP pool for him but...

Marktime87

Hi guys I'm trying to adapt the code in the PCC manual (https://wiki.mikrotik.com/wiki/Manual:PCC) to send different vlans over different WAN interfaces like so: Management network -> WAN1 Data Vlan -> WAN1 VoIP Vlan -> WAN2 From looking about the forums this seems to be the way to go about doing it...

Marktime87

***UPDATE***

It was The Dude Server! I'm an idiot.

Marktime87

Thanks, I've asked on the other UBNT thread what they think.

The latest news I can see of a UBNT worm was early last year, and these points were installed well after that so hopefully it's not a worm. I'm not ruling anything out though.

Marktime87

Here's torch running on management subnet looking for SSH connections

mikrotik ssh.PNG

Marktime87

Thanks The firmware is already up to date, I changed the password but the logs persisted, then I changed the default SSH port and the logs stopped. Does that tell me that it was something externally trying to get in or is it still likely an infected radio? Just to test the router I disabled all but ...

Marktime87

Although that image seems to think the nanostation is trying to establish SSH with the router

Marktime87

Sure, here you go:

unms dropbear.PNG

Marktime87

Hi guys I first posted over on the UBNT forums: https://community.ubnt.com/t5/airOS-Software-Configuration/Tonnes-of-Dropbear-log-entries-from-my-default-gateway/m-p/2148484#M48642 I noticed this when setting up my new UNMS server for AirMax monitoring. After some Torch analysis I say that a lot of ...

Marktime87

I figure out half the problem. One WAN is on an assured connection that we have to use passthrough on the ISP's cisco to the RB3011, except I never emailed them asking for passthrough to be enabled because I'm an idiot. The second WAN isn't receiving anything though, and that's a straight through st...

Marktime87

Hi guys. Super weird one here. I've been messing around with the Dude on my office router today and wanted to carry on playing from home. I tried to connect with the Dude client from my house but it wouldn't work. Then Winbox, nothing. Teamviewered on to my work PC and disabled all firewall rules an...

Marktime87

Actually you guys are right. allvlans as the in and out interface seems to work. Thanks a lot guys.

Marktime87

Pretty sure you could just do this ip firewall filter add in-interface=all-vlan out-interface=all-vlan action=drop Wouldn't that block a vlan from itself though? I was thinking one of these for each VLAN: chain=forward action=drop in-interface=Data VLAN out-interface-list=!WANs log=no log-prefix=&q...

Marktime87

Hi guys I have a site with quite a few Vlans set up and I only just realised that I can ping IP's across different Vlans. I'd like to block and traffic between all vlans like what OP wanted here: https://superuser.com/questions/1021136/how-to-isolate-networks-with-a-mikrotik-router There are 32 Vlan...

Marktime87

Problem solved guys. Turns out I had the right idea but when I was doing it I was trying to route to my static IP on WAN 1 instead of the gateway because I'm an idiot. So in summary: Set your WANs up Set your local networks up Set your Masquerades Do this for both networks: /ip firewall mangle chain...

Marktime87

Hi Guys So I just finished redoing my units network here with the idea of clearing out 3 cabinets that looked like they were about to become sentient tentacle monsters, and streamlining it into 2 neat and tidy cabs. That part was easy enough, everything is up and running but I cannot figure out how ...

Marktime87

Thanks Strods

Following the Wiki: I already had the masquerade rule in place, I have set up the forward rule for dstnat connection state but it still isn't working

Marktime87

Would that of been in the default conifg? Do you have a CLI example I can see?

Marktime87

Hi guys So I've got a production router that I need to open some ports on for a Vodafone Sure Signal unit. Thought I'd done everything right but it still didn't work so I decided to remove Vodafones IP and do some basic port tests with www.yougetsignal.com/tools/open-ports/ I see the packets registe...

Marktime87

Thanks guys. You were right. I just removed all dhcp servers and addresses, bridged the two interfaces and reassigned the client to the bridge. Problem solved :) I guess this will work if I set the wifi to connect to another ssid then feed ethernet to my laptop? (like if i set the mAP up miles away ...

Marktime87

Hey guys and gals I wasn't sure how to word the title for this question. Essentially what I want to do is plug an mAP lite into a network and receive dhcp from the main network, not the mAP. I was about to type out some initial thoughts on how to do it but my mind was just coming up with potential p...

Marktime87

Cheers guys. Kamillo - I changed the port to 4001 as the server used to be on 3389. Also I'm connecting via "public ip":4001 so it will try to rdp on that port and not 3389 anyway. The firewall has the port open, everything was working for years until the RB install. Sent from my SM-G920F ...

Marktime87

Hi Guys I'm running an RB3011 for a client, everything is fine except the one RDP connection they a staff member uses. No other machines are using RDP at the moment. So the below code is what I have in place for her RDP: chain=dstnat action=dst-nat to-addresses=192.168.1.252 to-ports=4001 protocol=t...

Marktime87

So the girl I'm dating just said "did you try turning it off and on again, lololol"
I rebooted the server..... it works....

Marktime87

Hi Guys As the title suggests I've got a Server 2012 machine sitting behind a Mikrotik RB3011 that I installed over the weekend. I port forwarded 443 to the server to get the SSTP VPN working, which I tested and it worked. "Great, job done" I thought. I've been contacted by one of the clie...

Search found 38 matches

Re: No traffic over 2nd WAN when Load Balancing With NTH

No traffic over 2nd WAN when Load Balancing With NTH

Re: 6 LAN over 3 WAN

Re: 6 LAN over 3 WAN

6 LAN over 3 WAN

Is it possible to use remote log server over Mikrotik to Mikrotik SSTP VPN?

Re: Having trouble bridging VLANs (VLAN pass through)

Having trouble bridging VLANs (VLAN pass through)

Mikrotik/Unifi combo - DHCP not working on 1 vlan

Question about QoS (queues) further into the LAN

Re: Mikrotik detecting all traffic to Synology as invalid connections

Re: Mikrotik detecting all traffic to Synology as invalid connections

Mikrotik detecting all traffic to Synology as invalid connections

Client want's site wide wireless network with single SSID. How can I prevent users from seeing each other?

Advice on PCC commands

Re: Lots of weird traffic from CCR1009 to UBNT Nanostation

Re: Lots of weird traffic from CCR1009 to UBNT Nanostation

Re: Lots of weird traffic from CCR1009 to UBNT Nanostation

Re: Lots of weird traffic from CCR1009 to UBNT Nanostation

Re: Lots of weird traffic from CCR1009 to UBNT Nanostation

Re: Lots of weird traffic from CCR1009 to UBNT Nanostation

Lots of weird traffic from CCR1009 to UBNT Nanostation

Re: Can't log in from offsite. No traffic even being detected coming in?

Can't log in from offsite. No traffic even being detected coming in?

Re: Blocking interVLAN traffic

Re: Blocking interVLAN traffic

Blocking interVLAN traffic

Re: Need help sending 2 subnets over 2 different WAN interfaces

Need help sending 2 subnets over 2 different WAN interfaces

Re: Port Forwarding - Rule receiving packets but port still showing as closed

Re: Port Forwarding - Rule receiving packets but port still showing as closed

Port Forwarding - Rule receiving packets but port still showing as closed

Re: Forwarding source dhcp server through another interface.

Forwarding source dhcp server through another interface.

Re: RDP Problem behind Mikrotik

RDP Problem behind Mikrotik

Re: Microsoft SSTP behind Mikrotik - Can't access network resources

Microsoft SSTP behind Mikrotik - Can't access network resources