Id recommend everyone tarpit and blacklist IPs of anyone trying to access port 8291, otherwise you are just gonna get DDOSd. This recent collapse of security really making me question these open source routers.

I blame, Trump.

I have recently noticed connections made directly to our cisco switch are showing up in our interface and in torch. The Rx rate on my vlan5 started jumping from a consistent couple hundred kb to several mb, which prompted me to torch the connection. There is no packets being transmitted in response ...

I dont know if this is considered easier, but it can be done with scripting;

http://wiki.mikrotik.com/wiki/Improved_Netwatch_II

The only thing that wasnt specified in the wiki was to set a static route to force the ping through your "Default Route" interface.

I tried the horizon=1 on all 120 ports. It cuts down the amount of packets the bridge filter drops, however the filter still has activity on my one rule.

Did you figure out why your ports were showing up as unknown under hotspot hosts? Mine are showing up as unknown on my bridged hotspot w. 4.1, upgraded to 4.9 to find same results. Not knowing what vlan hotspot users are on doesnt bother me, but may indicate an incorrect setup by chance? Cant figure...

You can try smtp port redirecting to put it on an unauthenticated smtp server. This will have to be set up yourself, as most isp provide secure smtp that is only accessable to local address pools of the provider itself with proper authentication. (i.e. users from one isp using a different isp networ...

Try the following, i use masquerade, so that is why im using global_out as my downstream parent. Im not 100% positive it is set up correctly.. and sorry for no comments. Maybe someone can spot check the queues and mangle rules and confirm that priority will work... packets flow through fine, so i as...

exchange "ether2" for "eth1", may make it work.

this might be what you want:

/ip firewall address-list add list=safe address=x.x.x.x

e1000 link shows down under /interface ethernet monitor 0, I have managed to get a "status link-ok" one time that i remember with the e1000 drivers... it was a fresh install of Ros 4.1, and link went down after first system shutdown.

maybe try the bridge firewall, for some reason i couldnt get the ip firewall to filter bridge packets.

I would remove your routes that arent dynamic. Under dhcp client, where u tell the ether2 device that u want to obtain your gateway address, choose "add default route"... This will make sure your current gateway is that of your ether2 assigned card, since dynamic addresses may possibly cha...

Dont install the xen package, it did the same thing for me on the demo install.

What virtual driver are you using for your network? It was my understanding the e1000 driver hasnt been working since Ros 3.23.

Linux ubuntu 9.04 desktop comes with a usb-creator package that allows one to put an iso onto usb drive for booting. As for vmware, my first install of RouterOS 4 network didnt work... adapters did show fine, but seemed like wmware didnt bridge the adapters properly, as pings gave no response. Ran v...

Maybe a way to add vpn destination ip to list, and if it matches another vpn connection push the tunnel out a different ip address with a mangle rule somehow? Somewhat similiar to the iNAT function of nomadix: iNAT is important to public access network operators and venue owners because it allows tw...

yes magic bridge filter is the vital piece to this setup. its very busy as you will see.

Its possible, i would start from a fresh install. Script to make vlans :for i from 101 to 220 do={/interface vlan add interface=lan vlan-id=$i name=("vlan" . $i) disabled=no} /interface bridge add Script to add ports to bridge1 :for i from 101 to 220 do={/interface bridge port add bridge=b...

I put the drop rule under bridge filter, and network started working...

Im guesing there was constant packet loops due to my filter being in the wrong spot, and that was making the hardware quit working.

Hello mikrotik community, I am having issues getting a running ros config going. The end goal is to setup vlan core/trunk on ether1, and have my gateway on ether2. * VLAN100-200 are seperated for isolated hardwired access for hotel guests in there room. The goal here is to get the hotspot running on...