MikroTik

paulz

All public IPs in WAN -1- and WAN -2- have the same gateway. I will soon ask some questions here as I am actively searching for a similar goal. In my case, I think I need to tinker more with the routes, and I will use yours now as inspiration, but I have the same "problem" as you. The pub...

paulz

Responding to my own post, it seems that this is no longer CLI only, I think newer Winbox versions matches this option in DNS, ability to select VRF. Someone please correct me, maybe there is more to it. I would very much like DNS to work on any VRF, not only main or whatever I (single only) select ...

paulz

Hello,

Soo... just barging in..
Can someone please explain below (how it works if possible):
*) dns - added VRF support (CLI only);
(taken from some change-logs of a recent ROS version)

Thanks and regards,
Paul

paulz

Hello, I will start with a: Wouldn't it be nice to have Winbox filter set? Nice to have: When I press fiIter button (or having them near it) some sets to appear containing various filters for specific windows, one click filtering. Every time we go to another section we lose the filtering (that is no...

paulz

StevenBlack's list is wonderful pihole dream but occasionally it can block false positive. The entries are not perfect. Yes, you can have a file AND url (not tested) but when it comes to substraction/ignore entry from the two variants it would be nice to have a third entry like: always ignore this m...

paulz

This function is still being finalized, so the functionality will be expanded in the future. Which one exactly? Then we'll find out) This would be a simple: log on DNS Adlist entry match. Even simpler: log on match. And for the system logging a nice adition would be dns-info-adlist in order to have...

paulz

Hello, I like the new DNS Adlist functionality but I want more info out of it. I mean that I want to know the IP matches in some form. There is no option to do that, yet. I wonder if there will be an option, enabling it it's up to your peace of mind and... hardware. :wink: Is there something already...

paulz

Hello, Maybe it was answered already in various topics but I want to know if there is a plan to revert the HW version, offering again USB for the CCR2004-16G-2S+. I mean the active cooling version (2PS) and not the PC (Passive Cooling) or PCI-X version... Also, what is the next step in the evolution...

paulz

I wish you could have tested also by simple downgrade of the speed in connecting device interface as 10/100 does not have auto negotiation restriction but I am glad it worked by woobm-usb, I just found a few days ago on the forum that it was discontinued. :( You can mark this as solved. Kind regards.

paulz

Thank you for the info. Good to know about the new bundles, I hope it will stay like this for stable, not just RCs (testing). So, ac2 will become usable again for some. Right now after depleting the storage is uses somehow ram... and there are three variants: 1) no boot anymore, 2) recent configurat...

paulz

Is there a way to alter the bundle package and disable not used packages like in ancient times? This way you could save some space. I have one AC2 that lies dormant and -ahem- would gladly delete wifi packages :roll: :roll: and use it as a wired router if that will not eat up storage. BTW: I have th...

paulz

dhcp_primary offering lease 192.168.0.5 for C4:AD:34:F4:36:4F without success

Have you identified the device? Is it yours? Silly question but valid.
If not, according to the mac it is also a Mikrotik and maybe that is running a DHCP client.

Regards.

paulz

Recently, I disabled auto negotiation on ether1 but forgot to use the safe mode. Unfortunately, ether1 was the only port through which I was able to access the router. I attempted to connect another MikroTik router to it, trying every possible speed combination, but nothing worked. Hello, I am tryi...

paulz

If I understand MQS right, then it requires a working IP port (possibly it allows MAC access so port on connected RB needs to allow that as well). Which makes it usable, but much less usable than woobm (but woobm requires USB port on device and that is not guaranteed on newer models). Not usable if...

paulz

Basic functionality of woobm has nothing to do with drivers on ROS device. In principle it acts as AP itsrlf, one uses a wifi device to connect to it and then use web browser to open woobm pages. One of features, available on woobm's web page, is terminal window. My favourite conspiracy theory abou...

paulz

So you can enter the router via the USB device? Just curious, how do you type on the usb device? small keyboard? You clearly do not know this MT product. You plug it in the USB, it is powered and becomes a hotspot. You can then connect with anything from a phone, tablet or any PC or laptop that has...

paulz

Connect via wifi. But I see it has been discontinued ? https://mikrotik.com/product/woobm So is MQS ? Thank you holvoetn for pointing me to the MQS, pricewise is very close. Maybe I can still get one of those. I am sure that you are not spamming here, right? :wink: :wink: But -flame-on-me- it is no...

paulz

Thank you mkx . It is unbelievable, flamed for recommending a Mikrotik product on a Mikrotik forum. Anav is refering to one post in another topic, I recommended this device (not promote!@??!) also there and I said that I do not recommend a specific MT router without USB just because you cannot use i...

paulz

Is there a useful way to extend the storage using an USB stick? As far as I know there is a way to extend some things. Can we extend somehow the log storage at least? A long-long-long-long-long time ago I even used the Dude but now it a beautiful impossible dream. Can only be used as APs now for 5, ...

paulz

Another approach would be to have your second address assigned in IP/Address right to the same interface (but do try before to set up your second network DHCP anyway to avoid a manual IP address on the accessing device) according to https://wiki.mikrotik.com/wiki/Manual:IP/Address saying "It is...

paulz

Sorry, I just stumbled on this old topic because I am suddenly interested in this comparison because I am on a budget. Now there is the All POE version of the RB5009 which I do recommend, also there is the CCR2004 around not so far price-wise (but do not go for the fan-less version). Two things that...

paulz

You helped me a lot! Wow, I can search inside for device name! Thank you. I understand. My backup naming convention is 20230322_1340 (but no description) for example and I put the files in folders, but when I am in a hurry I tend to have nested "New Folder"s... which lay for a while until ...

paulz

Hello, I know there are no converters from backup to human readable but I want to know if there is a way to know the model (or serial number) of the MT that made the backup. I am not a tidy keeper, I tend to forget and I ended up with many-many folders for 5 different MTs, reused or migrated from on...

paulz

What he asked is a way to shoot down before knocking on the door. But actually that expression is generated as reply to knocking on the (postfix or whatever) door. An aggressive fail2ban after 1 retry with that user and pass in particular is the way to go. And yes, all this is useless because they n...

paulz

Hello,

Still no response I see. I think this has to do with the very SASL encryption that renders the MT layer 7 filtering worthless (I presume).

BTW: did you know 'UGFzc3dvcmQ6' is 'Password' encoded in base64, same for 'VXNlcm5hbWU6' which is 'Username'

Regards,
Paul

paulz

Thanks for the suggestions, you are right in all aspects, blacklists are dangerous in many ways, this is why I need to keep looking at them from time to time, IPs are there, I populate them in comments manually (the critical ones). For years I used pfSense with Snort and DaNSguardian and that kept m...

paulz

Now, it seems that I am also greedy not only lazy. You are right about whois, I was just giving an "example function", not even whoisrws does not give a hostname, maybe some domain at least. And let's not forget about a huge list of subs that can be proxied from an IP. Ex: https://www.abus...

paulz

Do you have a "drop everything else" kind of rule in the final? If you have, why bother?

BTW: You should be the happiest by being the owner of a RB5009, not just "quite happy".

paulz

I think you are in a loop here. It is like when you cannot access/test the local VPN by dialing the VPN from local. Even if that is not the case, When you are in Rome... act like a roman, meaning when you are local address, access the forwarded services from their local IPs... You are local going to...

paulz

[...] I need to script whois from an external source. [...] For obtain what exactly? I said that in post #3 What I need is a quick way to "color" my blacklist address-lists and I was lazy for a miracle "resolve". Meaning resolve the list to hostnames. Right now I have some black...

paulz

:global reverse do={ :global testrev "" ; :execute ":global testrev; :set testrev [:resolve $1]" ; :delay 2s; :return $testrev} :put [$reverse 8.8.8.8] :put [$reverse 10.4.5.8] I do not understand this post. Thank you for the script. It is a nice script that helps me learning (l...

paulz

:foreach a in=[/ip firewall address-list find list=blacklist] do={/ip firewall address-list set $a comment=[:resolve [/ip firewall address-list get $a address]]}} on-error={} This is what I am talking about. But this is reverse lookup and not whois resolve. Some guy posted something, but I did not ...

paulz

I was just called by a supplier that RB4011 entered his stock, but depends on where you live. Europe? Go for it! https://www.ght-net.ro/router-mikrotik-rb4011igs-rm-10-x-rj45-gigabit-1-x-sfp-10-gigabit.html He was actually excusing himself for the lack of 5009s by presenting this. In the mean time I...

paulz

Yes, you are right, reverse lookup (reverse PTR) and whois are not the same, one is searching for DNS record publication and the other search for record information stored, based on ARIN for example and cross referenced to existing IP databases. I presume Mikrotik resolve uses DNS reverse lookup and...

paulz

Hello, I was wondering what is the :resolve mechanism for the reverse IPs. For a direct hostname it is natural, for reverse IP I am asking: put [:resolve dns.google] result is 8.8.8.8 this is normal DNS put [:resolve 8.8.8.8] result is dns.google but from where? Not all IPs are (re)solved by Mikroti...

Search found 35 matches

Re: Problem with Two Separate WAN Connections on MikroTik CCR2004

Re: VRF-support for DNS is broken?

Re: VRF-support for DNS is broken?

Winbox feature request: Filter sets

Re: DNS Adlist logging

Re: DNS Adlist logging

DNS Adlist logging

CCR2004-16G-2S+ and next step in evolution

Re: Locked Out of CCR1009 After Disabling Auto Negotiation [SOLVED]

Re: hAP ac^2 Store Full no boot

Re: hAP ac^2 Store Full no boot

Re: RB5009 offering DHCP leases to other switches

Re: Locked Out of CCR1009 After Disabling Auto Negotiation [SOLVED]

Re: Unable to change default IP on RB5009

Re: Unable to change default IP on RB5009

Re: Unable to change default IP on RB5009

Re: Unable to change default IP on RB5009

Re: Unable to change default IP on RB5009

Re: hAP ac^2 Store Full no boot

Re: Unable to change default IP on RB5009

Re: Good switch for home use or RB4011 RB5009?

Re: see MT model from a non-encrypted backup

see MT model from a non-encrypted backup

Re: Block "SASL LOGIN authentication failed: UGFzc3dvcmQ6"

Re: Block "SASL LOGIN authentication failed: UGFzc3dvcmQ6"

Re: What is the :resolve mechanism for reverse IP? [SOLVED]

Re: What is the :resolve mechanism for reverse IP? [SOLVED]

Re: The order of firewall rules

Re: Cannot access WAN IP from LAN

Re: What is the :resolve mechanism for reverse IP? [SOLVED]

Re: What is the :resolve mechanism for reverse IP? [SOLVED]

Re: What is the :resolve mechanism for reverse IP? [SOLVED]

Re: RB5009UG+S+IN availability

Re: What is the :resolve mechanism for reverse IP? [SOLVED]

What is the :resolve mechanism for reverse IP? [SOLVED]