My RouterBOARD 952Ui-5ac2nD can't resolve DNS when attempting to update the routerOS. Unlike normis, my LAN is connected to the Internet and I can email, browse, ping, etc. I looked through my firewall rules to see if I am blocking the MikroTik site, but see nothing that applies to the mikrotik.com ...

This condition came up when trying to upgrade from 46. The "Check for Updates" button responds with "could not resolve DNS name." I'm using 8.8.8.8 and two addresses assigned by Verizon via DHCP configured in IP/DNS. From a workstation on a Wi-Fi connection to this router I can p...

It would be wonderful if your previous message were available on the wiki. As you say, the TOC is correct, but to me it is not entirely complete.

The MikroTik document wiki at https://wiki.mikrotik.com/wiki/Manual:TOC mentions "Console" in two places but the word "Terminal" is absent. I'm not allowed to edit, so what would be the right way to get this page updated?

How right you are! Thank you.

Working with Model RouterBOARD 952Ui-5ac2nD Revision Serial Number 71AF097ECE01 Firmware Type qca9531L Factory Firmware 6.42.1 Current Firmware 6.46.1 Upgrade Firmware 6.46.1 Selecting Winbox/Console opens a window with no prompt. Clicked on "+" which opened a new window with two fields: P...

Thanks, mkx, for the quick reply. The procedure is at the command line, right? Not available in winbox or the webconfig?

My site is probed by IPv6 traffic, but I use only IPv4. Looking at the firewall to drop IPv6 packets, but can't find a way to designate all IPv6 on the FORWARD chain. What am I missing?
routerOS 6.43.11 (about to upgrade to current).

Working more on the network, I realize that I didn't describe the configuration fully. Access from the Internet is needed to reach a different subnet (192.168.88.0/24) through a second MikroTik router whose WAN port is 192.168.1.15. The first (gateway) router dst-nat function maps a connection to th...

Thank you, mkx,
That is exactly the clarification I sought.

You need to enable the to port in filter forward chain. Dst nat rule changes packet header but does not allowing the packet to pass the firewall.

To clarify, does this mean that dstnat happens before the firewall rules apply? Do all the NATs apply before the f/w?

A server on the LAN needs access from the Internet via a hAP ac lite (ver 6.45.6). Have created dst-nat entries for several TCP ports (Since it is a dynamic IP address from the ISP, the src address is not used. When attempting to connect, so far I get 'connection refused.' This is true for SSH, Teln...