I have a transparent web proxy set up, using dstnat to redirect any port 80 traffic to the local web proxy. This proxy in turn forwards traffic to a parent proxy (although I don't think that detail is relevant). My question is, how will this affect the information that is logged by traffic flows? Wh...

I couldn't find anything dealing with this issue specifically, although in this thread: http://forum.mikrotik.com/viewtopic.php?f=9&t=1957 some working code is given as an example. The solution is to add: $methods = array( 'kex' => 'diffie-hellman-group1-sha1' ); $connection = ssh2_connect($serv...

In case it's any use to anyone, I've managed to capture a libssh debug log of the process failing:

http://gist.github.com/615074

I was trying to write a PHP script to manage a RouterOS box, and I hit a problem that PHP SSH can't seem to connect to RouterOS, though it can connect to other SSH servers. I've narrowed the problem down as far as discovering it's nothing to do with PHP - libssh2 can't connect to RouterOS, though it...

Since nobody's pointed out any obvious flaws in my thinking, I'm going to assume the answer is that this is impossible.

Is there any way to get traffic flow reporting (netflows) via a bridged connection? I have enabled traffic flows and all I see are multicast and broadcast packets (and presumably packets sent directly to the mikrotik itself, though I haven't verified that). I've got my bridged connection going throu...

Thanks for clarifying. Is there a good way of applying a batch of commands like this, other than FlashFig? I'll probably use FlashFig for bulk configuration of routers in a live setup, but for the moment I just want a quick way of applying a batch of commands from the command-line while I'm developi...

Thanks for the suggestion, but braces don't seem to help. I get a 'missing closing brace' error in addition to the 'bad command name' errors if I put braces round it.

FWIW, we are intending to do the filtering on the CPE side of the link. The aim is to have a box that we can install on the customer's network that will do the filtering, and is cheap enough that we can afford to provide this as part of the network connection bundle. Thanks for all the other suggest...

I'd like to be able to make changes to my configuration in an automated way via an SSH connection. I have a file with the following content: /ip firewall mangle add chain=whatever blah blah add chain=whatever blah blah If I type something like this at the command line it works fine. If I connect via...

Thanks for the suggestion. I'd just got round to thinking that whitelisting will be a better approach for what I want to do, what you suggest sounds sensible. Briefly, the reason I'm trying to block / limit / deprioritise P2P is that I work for an ISP for whom external bandwidth costs are substantia...

I have a routerOS set up with NAT, and I've been able to do simple blocking by port. I was hoping to be able to detect and block (or ideally, throttle) P2P protocols, and I started with BitTorrent. I've added a rule /ip firewall filter add chain=forward p2p=all-p2p action=drop I tested this with a d...