MikroTik

Lebzul

So you have no ideas which NAT RUles you didnt create that are there? No idea which nAT rules you made and were modified but not by you?? Not sure how to dissect them. The best move to remove any doubt and breath easiier is download the current config so you have a reference to go from. Then netins...

Lebzul

Look in scripts or schedulers? I think you're close. I have a script running to deactivate the Pi's NAT rules in case it goes down so I can use Mk's DNS server. :local piholeDown [/ip firewall nat get value-name=disabled [find comment="Transparent Pi-hole DNS Redirection #1"]] :local piho...

Lebzul

/ip firewall nat add action=redirect chain=dstnat comment="Transparent Web Proxy" dst-address-type=!local \ dst-port=80 protocol=tcp src-address-list="Allowed LAN" to-ports=8080 add action=dst-nat chain=dstnat comment="Transparent Pi-hole DNS Redirection #1" dst-addres...

Lebzul

Hi there, Is it common to find nat rule changed by admin in log whether I have not changed anything? This is the second time I found this. I use UPnP but I do not have any port forwarding rules to the world. The log registers this in a specific time of the day which I was not even touching my comput...

Lebzul

small bump Ive setup pihole and use it as a DNS for my Mikrotik router (RB4011) only. Clients in LAN use 8.8.8.8 as of now. In a matter of less than 30min Mikrotik sent more than 10000 queries. Is this normal ? Im not allowing remote requests btw Screenshot_2021-01-04 Pi-hole - pihole-ubuntu.png ED...

Lebzul

I want that HTTP requests do not even ENTER into WEB PROXY service for some certain sites (I have a list).

Try this to see:

/ip proxy cache
add action=deny comment="Annoying" dst-host=annoyingsource.com

Lebzul

Hi there guys, I have a basic questions that has been taking me for long. Is there a way to avoid certain URLs to get into Mk's Web Proxy Cache? For example: http://us-b4-p-e-az1.cdn.mdstrm.com/live-stream/5d88dd2229b0890723df2165/media_650_20201209T015850_308278.ts?pid=lmFpLpSsgvzrd8u6VuNIYpRI3JZ4n...

Lebzul

Hi there,

I was wondering if Mikrotik has released (or if planning to) a switch with Rj ports and PoE but that also includes dual power supplies?

Lebzul

comment=$description timeout=1d} on-error={}
Thanks .... I just tested @Shumkov code and it works very nicely .... excellent work.

If this aforementioned line is like that, then the OP has a typo.

Lebzul

Is it normal to have lots of RAM consumption by using this?

Lebzul

If server (with FQDN/IP and port number) is advertised on some gamers' site, then it will get hammered regardless the port ... because gamers' sites are welcome information source for (wannabe) hackers. Changing port number only works if knowledge about that port is not public.

That makes sense.

Lebzul

Is it a standard gaming port, or a common port for something else?? What you can do is a. change your incoming port dyndns.name.url:56432 for example action=dst-nat chain=dstnat in-interface-list=WAN protocol=tcp dst-port=56432 to-addresses=IPgameserver to-ports=11451 (or whatever the port needs to...

Lebzul

Nice Work! I added FireHOL Level2 to the script as well, in case you're interested. Just added this line: $update url=https://raw.githubusercontent.com/ktsaou/blocklist-ipsets/master/firehol_level2.netset description="FireHOL Level2" delimiter=("\n") -zeb Lv1 was working fine an...

Lebzul

Is there a reasonable way of bypassing Mk's limit or another approach? I'm a Mk hardcore user but I'm considering other vendors if they do not apply a better concept to protect our equipments. Nothing wrong with the concept I think. The idea of deploying such huge massive IP-lists and filter agains...

Lebzul

Is there a reasonable way of bypassing Mk's limit or another approach? I'm a Mk hardcore user but I'm considering other vendors if they do not apply a better concept to protect our equipments. BTW, is there a way to have these working? https://github.com/firehol/blocklist-ipsets/blob/master/firehol_...

Lebzul

One of my clients operates a gaming kiosk in Los Angeles that uses MOAB .... they have 26 gaming stations ..... The Router they use is a MikroTik PowerRouter732 .... the LA operation since using MOAB they have zero issues .... before MOAB they has many attacks .... they have been using MOAB now for...

Lebzul

Is it a standard gaming port, or a common port for something else?? What you can do is a. change your incoming port dyndns.name.url:56432 for example action=dst-nat chain=dstnat in-interface-list=WAN protocol=tcp dst-port=56432 to-addresses=IPgameserver to-ports=11451 (or whatever the port needs to...

Lebzul

Hi there, I set up a game server to be used anywhere but I have been bombarded non-stop. Is there a way to block evil access and let gamers use it? I've seen some Firehol address lists but unfortunately Mk can't accept more than 64KB. What I've been doing is torching them, and analyzing one by one o...

Lebzul

Don't forget to add

{:delay 20};

at the beginning of the script to give time if running after reboot is needed.

Lebzul

Hi there,

I was wondering if there's a way of isolating a device from the network without using VLANs and making only a few others to see it?
My Vizio TV which has Chromecast can be seen from any router in the LAN and I would only like some to cast.

Any ideas will be appreciated.

Regards

Lebzul

I solved my problem. closed topic. Thanks all so much

Solution then?

Lebzul

I made new config file, and no I get new error:
1.png

There's something missing while creating the cert and key

Lebzul

What do you mean by static and dynamic server? Static: The ones you create at PPP>Interfaces Dynamic: The one it appears like <l2tp-l2tp> when you connect with a valid profile but after another one is already on. This one in dynamic/generic. I wanted to know if instead of using a random one, is pos...

Lebzul

Hi there, I would like to receive advise into the fact of using VPN (L2TP or OVPN) for QOS as an interface. I use of have an interface in queue trees in order to have QOS for L2TP and another for OVPN but the problem arises when two connections are on. When two connections are on, one of the client ...

Lebzul

I am sorry for making you be annoyed but right now, if I tell you that I know what is input or forward or how do they work, I would be lying. I might read and maybe understand a few things, but do not comprehend at all most of the time. What I have been doing this year (my profile here says when I s...

Lebzul

/ip firewall filter add action=accept chain=input comment=\ "Accept Established, Related, and Untracked Connection Packets" \ connection-state=established,related,untracked add action=accept chain=input comment="Allow ICMP" protocol=icmp add action=accept chain=input comment=&qu...

Lebzul

It was special made for anav's firewall, to go with the rest of rules where connection-state is included. But otherwise, if you deal with established, related, untracked and invalid, then new is the only one left and you don't have to include it. Yes, I have a rule to accept only established, relat...

Lebzul

/ip firewall filter add chain=input in-interface=PS4_V55 connection-state=new protocol=udp dst-port=1900 action=accept comment="for UPnP" add chain=input in-interface=PS4_V55 connection-state=new protocol=tcp dst-port=2828 action=accept comment="for UPnP" Sob, if I have a rule t...

Lebzul

Thanks fella's for your patience, for some reason I keep forgetting that MT does not do anything extra on the programmers behalf, it all has to be manually programmed and assumes the idiot admin (me) actually knows what he is doing. I am curious though about TCP 2828?? (see below, found it). Thanks...

Lebzul

I wonder what in the words chosen by RouterOS authors, or in my own vocabulary, prevents you from understanding the same thing in multiple cases. Maybe the parameter name to-addresss es ? Yes, to-addresses in the nat rules is a pool, but for each connection, just a single address from that pool is ...

Lebzul

While I was playing with the dsnat I managed to get a TPlink router which is connected to MT LAN (IP 10.50.10.xxx), I was receiving OpenNAT in the game from the private IP (3rd port) of that TPlink router (Like: MT>---10.50.10.xxx--<TPLINK>---<192.168.1.xxx=PS3). I would like to know if by adding th...

Lebzul

Just to be clear, a single console behind the MK as the router, with UPNP on, should provide a full on-line gaming capability (not restricted in any way)?? or does one also need to include a specific destination NAT rule for that IP as well? Well, for my personal console it's like target shooting. ...

Lebzul

Theoretically, you could dst-NAT an incoming unicast packet (i.e. with a destination address matching a single device) to a broadcast address (at which all devices in a whole subnet are supposed to listen). But even if it worked (it actually doesn't because only few processes in the devices' operat...

Lebzul

Actually, I have just simplified to the bare bone what I already wrote weeks ago . Yes, I noted that after I wrote this. Because that day it was too much for my layman's knowledge. Yes, exactly. Only those WISP's clients who have got a public IP can ever have "OpenNAT". I have 2. How can ...

Lebzul

Not only it is too much for RouterOS, it is too much for logic alone. Imagine two packets, both coming from the same address X.X.X.X in the internet to the single public (wan-side) address W.W.W.W of your router. Given that these two addresses are the only pieces of information you can use to decid...

Lebzul

Retaking this unfinished threat: If I do: add action=dst-nat chain=dstnat comment=Console dst-port=1-65535 in-interface=WAN1 \ protocol=tcp to-addresses=10.50.10.245 to-ports=3074 add action=dst-nat chain=dstnat dst-port=1-65535 in-interface=WAN1 protocol=udp \ to-addresses=10.50.10.245 to-ports=307...

Lebzul

Never never NEVER actviate Winbox on your internet-facing interface! But it is the only thing activated in services. If I turn it off, will I be able to log in again? Ah game consoles... there probably lies the cause of your DDoS. (or better: not in the game consoles, but in the kids that operate t...

Lebzul

If your MT device is being attacked directly then all traffic should be dropped by your default input DROP rule. You're not exposing RouterOS services to the internet right? :). I just have Winbox activated. But what I use is UPnP just for game consoles to have open ports. I also have a WebProxy an...

Lebzul

It's a mistake. Tik's are not supposed to be the DDoS shield, so you better to buy special equipment from DDoS protection ISP and be free from these fears. Or just transfer your service to cloud ddos protected server. I see. I though it could have been. Nonetheless, that wiki was prepared long ago....

Lebzul

The current RouterOS is based on an old kernel and deployed on routers that are fairly CPU limited. IMO it's best to let it pass through packets and the target device can be responsible for its own DoS protection. By trying to do DoS protection in RouterOS, the router itself becomes vulnerable to D...

Lebzul

Hi,

Checking the wiki, I have some doubts:
https://wiki.mikrotik.com/wiki/DoS_attack_protection

First: In the SYN FIltering part, it says to have disabled the first rule. Is this necessary or it's a mistake?

Second: Is this the best approach in RouterOS to protect against DoS attacks?

Lebzul

I made some corrections. I think the "restore" function messed the Mac Addresses (you were right Sindy). I managed to go to the Terminal option and worked better this time. At least, the clients connected directly to the switch worked but the routers (Tplink with OpenWRT) did not. There ar...

Lebzul

Yeah, that may be one of the routes. People at OpenWRT forum say that a DumbAP would be a fast solution. Maybe we have to wait some more.

Lebzul

You have to accept that even "simple NAT case" is something unusual. Everything is made for client device connected directly to router (in same subnet) where it wants to open ports. Another router in the way breaks the thing. Out of curiosity, I tested the program I found previously (http...

Lebzul

I see. I read the post but I think that this is not so complicated. It is just a simple NAT case. MT (Public IP) > OpenWRT Router (Receiving IP from MT LAN) > PS3 (Private IP 192.168.x.x from OpenWRT) Just to take UPnP requests up to MT from the PS3. I've been spending days into this without getting...

Lebzul

The simplest explanation is that OpenWRT isn't sending anything to MT, and it would not be surprising at all, because that's normal behaviour. What you're looking for is some special kind of UPnP server, something like I found last time . I knew your name was familiar. ;) Hehehe. I've forgotten tha...

Lebzul

Something like this. But this same port usually appears in ip/firewall/nat when PS3 in connected directly to MT.
MT is not detecting port request from a router like this one. I've tried to accept in filter, but without luck.

Lebzul

But are there any UPnP requests from OpenWRT to MT?

I can see them within the OpenWRT router but none of them reach MT. That's the thing.
There should be a way in which the PS3 requests a port, then OpenWRT calls for it and then, MT communicates.

Lebzul

Either OpenWRT acts as transparent AP (simple bridge), then it shouldn't do anything with UPnP (it should be disabled) and all requests from PS3 will go directly to MT's UPnP. Or OpenWRT acts as router (PS3 is in different subnet) and then you'd need UPnP on OpenWRT act as proxy and forward request...

Lebzul

Hi there, I am looking for some advice to have working a PS3 in OpenNAT. The setup is the following: MT ----- Switch ----- OpenWRT Router > PS3 MT has UPnP activated and it is receiving Public IP. OpenWRT is just normally configured as an AP and has UPnP activated with IGDv1 checked (so PS3 can requ...

Lebzul

Sometimes you need to use multiple rules to achieve desired result. If you have something like: add action=deny dst-address=192.168.100.1 src-address=!10.50.10.120 add action=deny dst-address=192.168.100.1 src-address=!10.50.10.121 and expect access to be allowed from both addresses, then of course...

Lebzul

You can take a hint and choose what you like better, either: a) Try with proxy config. I don't use it much, but this should work: /ip proxy access add action=deny dst-address=192.168.100.1 b) Re-evaluate if the proxy really does anything useful for you. And in case you find it doesn't, remove it an...

Lebzul

I think I see it. You're connecting to http://192.168.100.1, i.e. to default port 80, right? Then it's this rule, it redirects those connections to local web proxy and they are no longer going through forward chain: /ip firewall nat add action=redirect chain=dstnat comment="Web Cache Redirecti...

Lebzul

/ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADS 0.0.0.0/0 PUBLICIP 1 1 ADC 10.50.10.0/24 10.50.10.1 LAN 0 2 ADC PUBLICIP/22 PUBLICI...

Lebzul

Still not helpful. Let's try this: 1) What's the IP address of device you test it from? I mean some that should not be allowed to access the modem? 2) Can you show the output "/ip address print" from RB? You can censor public addresses if there are any, but keep the private ones untouched...

Lebzul

Thanks Erfan, are you saying I can attach my pi-hole to a port on my MT router and have it act as my wifeguard server (and then connect to it from my iphone for example)? I hope the pi-hole works better on this then it did for me on DNS. I ended up bypassing the pi-hole and router DNS and now stric...

Lebzul

It doesn't really tell me where the modem is. It's connected to this router, right? To which port? Does the router get some address (I'd assume some other 192.168.100.x) from it using dhcp? Try to describe everything in a way that even someone who doesn't see it can understand it. ISP > Modem > Mk ...

Lebzul

So where exactly is 192.168.100.1? I assumed connected to WAN1 PoE, but it doesn't seem to be the case.

That address is the local page of the Modem. It is like 192.168.1.1 for routers to config. This modem has 4 WANs.

Lebzul

It does not log anything at all. Not even the bytes countered.

Lebzul

# model = RB450Gx4 # serial number = /interface pptp-server add name="PPTP Server" user=PPTP /interface ethernet set [ find default-name=ether1 ] name=LAN set [ find default-name=ether5 ] name="WAN1 PoE" poe-out=off set [ find default-name=ether2 ] disabled=yes name=WAN2 set [ f...

Lebzul

You can choose if you identify source by interface or subnet. So either: /ip firewall filter add chain=forward action=reject dst-address=192.168.100.1 reject-with=icmp-admin-prohibited in-interface=<LAN> or: /ip firewall filter add chain=forward action=reject dst-address=192.168.100.1 reject-with=i...

Lebzul

What about simply blocking access from LAN subnet to 192.168.100.1?

That might be the one. I problem is that I am not an expert in this field. If you could provide me an example, I'll try right away.

Lebzul

Do you want to restrict the access to the Mikrotik Web Administration? If so, you can create firewall rules for that purpose, without layer7 stuff.

Not exactly. I want to restrict access to the webpage of the modem. The one from Arris devices.

Lebzul

Hi guys,

I've been wondering about how to block the main webpage of the modem (usually 192.168.100.1) from within Mk so any device can't see it (except the ones I want). I've reading a lot but haven't figure it out yet.
People suggest L7 or address list but none of them worked for me.

Any ideas?

Lebzul

Can you share some configs for those spam and virus rules? https://www.howtoforge.com/amavisd_postfix_debian_ubuntu https://www.akadia.com/services/postfix_amavisd.html https://blog.tinned-software.net/setup-amavisd-new-with-spamassassin-and-clamav-with-postfix/ (first three hits on Google) Thanks ...

Lebzul

Hmm..
spam & virus blocking I do with a combination of Postfix regex, amavisd-new and SpamAssassin
and not with firewall rules.

Can you share some configs for those spam and virus rules?

Lebzul

stop using PPTP - it provides no actual security and no known advantage as compared to L2TP, except that recent updates of Windows 10 have broken L2TP/IPsec functionality whilst PPTP seems tto have survived Yes, I had it there because of Windows. For others, I use L2TP. [*]to post configurations, p...

Lebzul

I did everything suggested but it is not working properly. Some routers (Openwrt) receive their leases fine but the following happens. I can ping them a few seconds after the Tik reboots but I get timeouts after a few seconds of receiving the lease. Openwrt receive default VRRP gateway and DNS fine....

Lebzul

Attach the DHCP servers at both machines to the VRRP interface rather than the "physical" interface. The client remembers the IP address of the DHCP server from which it got the lease so it asks it for renewal using DHCPREQUEST to its individual (unicast) address before reverting to broad...

Lebzul

What I can see is that you now only deal with the static leases (as the parameter address-pool of /ip dhcp-server is set to the default value static-only ), so the fact that the pools for dynamic leases are the same at both routers does not cause any trouble now. Yes, I use static to avoid messing ...

Lebzul

Here it is:
https://www.dropbox.com/s/6zaybsjogvr00 ... .docx?dl=0

Lebzul

I haven't found a solution yet.
Any help will be appreciated.

Lebzul

It must be something related to the VRRP and the DHCP.

Lebzul

OK, so not in the sense that you wouldn't have to re-establish the TCP connections. Yes. So both the tablet and the mobile phone are connected to a wireless AP which just "translates wireless to Ethernet", but already the DHCP is running on the Tik. And there is a switch between the AP an...

Lebzul

I managed to make my PC hold connection but not in my table or cellphone. Now wait. What means "hold connection", and what means "table" - a VoIP phone or a desktop PC? If the cellphone is connected using wireless as I suppose, there is not just the DHCP and gateway part, there ...

Lebzul

Thanks for the clarification. Even though, my main reason using VRRP is to have active connections to the clients at home while "rebooting, moving or upgrading the main MK". The rest could wait. So far, I haven't been able to make it work. It even tried lowering the lease time so MK2 could...

Lebzul

First of all, I thank your for your dedication explaining all of these. I beg pardon first and foremost because I struggling figuring everything out (I am a Teacher. Nothing related to Networking). You can do either an import of .rsc file (which is a plaintext script) or a restore of .backup file (w...

Lebzul

If you have really restored a backup rather than imported an export , you have cloned also the MAC addresses, so this is the first point to clarify. Well, I did that. Export the Master backup, restore that backup using import from PC. Both RBs show their respective MAC addresses at Winbox. I know t...

Lebzul

Not clear.
Can you explain a little bit?

Lebzul

Hey there, I need some help from you guys. I am trying to set up a simple VRRP between two RBs. The problem is that when master drops, slave comes into play but does not make clients to be up. Slave can ping out. I am not sure why this does happen. Master: 10.50.10.1/24 Slave: 10.50.10.2/24 VRRP LAN...

Lebzul

So there is no chain=dstnat action=dst-nat in-interface=WAN1 to-addresses=the.ip.of.the.console rule in /ip firewall nat ? If I do that, the rule only works for one of the two consoles when connected directly to MT. If I want both, I need to activate UPnP. But, the problem is when I have the consol...

Lebzul

I think it is time you pride the config, in terminal window, Export file=YourFileName hide-sensitive and either attach the file here or copy and paste the contents between source code brackets Modem > MT > Switch UPnP: On NAT chain=srcnat action=masquerade out-interface=WAN1 PoE log=no log-prefix=&...

Lebzul

https://ibb.co/rw50dGW
Even if the Xbox is statically connected and with all ports "open", it still shows NAT restricted at the console level.

Lebzul

How can we have all ports open for a given client? That's the issue. That's why I talked about a single PS4 connected directly on Mikrotik's LAN (and with UPnP disabled); if it works to your satisfaction, Mikrotik's handling of 1:1 NAT is not the issue. Have you tried this simplified scenario as a ...

Lebzul

If you'd have: MT>Router>(PS4#1,PS4#2,...) then NAT 1:1 from MT to Router and UPnP on Router should work fine (edit: although maybe not, I'm not sure if client gets public address from UPnP server, it wouldn't be public in this case, if it does). But if it would be anything like: MT>Router1>PS4#1 M...

Lebzul

Can this be bypassed by having an address list to DMZ? If you mean an address list of the sources in the internet, then yes. You can forward packets for wan.add.re.ss:port to private.add.ress.1:port if they come from a source on address-list "list1", and to private.add.ress.2:port if they...

Lebzul

Introducing a second router in the mix is I suspect going to be problematic regardless of which user console is going to be used.......... Have you tried connecting the consoles directly to the MT router?? That router is remotely connected through a wireless CPE so, it is necessary to have a router...

Lebzul

The problem is when I need more than one client in DMZ. That is why I asked about two PS4s used simultaneously. You said you need just one PS4 but at the same time you say you need two clients in DMZ. In NAT environment, 1:1 NAT is the best approximation of a DMZ you can get. When a device on a pri...

Lebzul

So you want Mikrotik to forward packets coming to its public address to the private one of the console on the LAN, but choose the right one depending on which console is connected at the time? Because the DMZ approach (1:1 NAT) should be enough to make the console think that the NAT is the "op...

Lebzul

Good question Sindy, are you trying to establish if one gaming console is being used or two being used at the same time? Q1: Does one gaming console work with normal consumer router to modem (or isp supplied combo router/modem)? Q2: Do two gaming consoles work at the same time with normal consumer ...

Lebzul

Do you say that when you connect two consoles to the modem directly (i.e. without Mikrotik in between the modem and the consoles) at the same time , both consoles indicate the same NAT type "open" and you can use both simultaneously (with two players playing the same online game each on o...

Lebzul

edit removed Good question, what is going on with MT NAT that is different from a consumer router that just works for this scenari0? I am thinking the extra granularity of MT should provide a config that works!! The thing is that I cannot open all ports to a few clients. If I assign Netmap to a cli...

Lebzul

I understand what you want. But think about poor router. It has one external address, let's say 1.2.3.4. If a new connection comes to e.g. 1.2.3.4:5678, how can it know if it should send it to internal 192.168.88.10, 192.168.88.20, or some other one? It can't. It's like wanting to hit two completel...

Lebzul

NAT hides multiple addresses behind one and it works for outgoing connections. But if there's incoming connection to external address, router must decide where to send it. With NAT 1:1, everything to external address is sent to one internal address. Ports stay the same, only destination address cha...

Lebzul

Hi there, I have been looking exhaustively for information regarding to have Open Nat at "multiple clients". I've seen UPnP, 1:1 (which I am doing to one client) with netmap. But what I am looking is to open full ports so my devices could have Open Nat while playing online. So far, I know ...

Lebzul

well you can block access to port 80 to the modem ip from all ips in your subnet and add an allow rule over the drop one only for the ips you want to access it

Thanks for the insight. Could you please give me an example based on the web (192.168.100.1)?

Lebzul

Any other suggestions?

Lebzul

You can create and account and use OpenDNS Home version for blocking specific or a group of web pages with the same purpose, such as group of web pages labeled as Video Sharing, News, Porn, etc. I prefer this solution than making a bunch of L7 rules, because in my experience it makes the subnet con...

Lebzul

Hi there,

I was trying and testing without success to block the webpage from my modem to a certain range of IPs except my devices.
Is that possible without L7 o marking?
Regards

Lebzul

I can't tell you why your setup is not working. But what it does struck me weird is your dstnat rules. You have two, one for UDP and one for TCP, and the only action is adding DST address to a list ... and when talking about dstnat, DST address (before DST NAT does anything) is router's WAN address...

Lebzul

Any clues?

Lebzul

Also your /ip firewall layer7-protocol rules probably don't work? As far as I know, now that https is everywhere the layer 7 stuff doesn't work any more because it's encrypted. You can create an address-list with the youtube and netflix dns addresses and then create a firewall filter rule to drop t...

Lebzul

Hi there, I've experiencing some troubles that I'd like to receive some advice. My setup is the following: RB 1: RB750Gr3 (only Load balancer) 4 WAN used for PCC. IP: 10.50.5.x RB 2: RB450Gx4 (DHCP for client management, bandwidth, QoS). IP: 10.50.10.x I would like to know if possible to: 1- "S...

Lebzul

Not even an advice

Lebzul

Hi guys, I am a noob in regards to the world of Mikrotik and I have been implementing little by little configurations to my Rb. I have been using L7 for the management of YouTube so my devices could use specific bandwidth and the rest of the clients use a specific amount of shared bandwidth. Everyth...

Lebzul

I see. I was asking that because I saw in a local University campus that their Wi-Fi had in speedtest.net another University as an ISP. I was wondering if that is possible with Mikrotik devices. Is that done through Cisco's?

Lebzul

If you mean some external speedtest, then the answer is "no". If it shows name of your ISP, it's because connection came from there and it will happen as long as you use this ISP. And if you switch to another one, it will show name of the new ISP. In short, you can't hide on internet and ...

Lebzul

Hi there, I was wondering if it is possible to mask the ISP shown in the speedtest webpages? For example, to hide "Charter" and put my own but without dealing with public IPs, tables, rules, etc. It would be great to have a simple option in RouterOS to change that without affecting the ser...

Lebzul

No one knows?

Lebzul

Hi, I was wondering if there a way to have NAT Type 2 on PS4/PSVITA? I have a RB750gr3 which is set up like this: ISP modem > TP-Link load balancer > Mikrotik > Switch > PS4 I have opened (Srcnat) all ports (Literally) to the static IP of the PS4 with no avail. Sometimes says NAT3 and plays to a ce...

Search found 110 matches