I've been using my CRS125-24G-1S for a few years now and I was usually getting up to 64Mbps but recently it's dropped to 30-40Mbps. I had not changed anything in my configuration. I tried updating to the latest firmware (currently 6.46.2) with no change. I now added FastTrack and can get up to 125Mb...

Ok, Plex is completely frustrating... I gave up last night and now that I'm sitting here drinking my morning coffee everything decided to work including my iPhone when I didn't change anything... I think a lot of this has to do with the Plex side and perhaps waiting for tokens to update or something...

But how then does IP NAT rule work if one wants to limit external IP address or addresses (by list if more than one) to access the LAN Server (port(s)?? Do we need a separate FW rule on the forward chain? In other threads it seems to be indicated that we can simply specific the source address(es) i...

Thanks, that helps. I had done some more (re)reading and was begging to come to that conclusion. So basically, for my simple SOHO router situation, a packet is either destined for the router itself (ping, port scan attempts, etc) which "input" would apply to, or it's dst-nat'ed in which ca...

That helps a little bit, but I'm basically running a home/SOHO network so I have one WAN interface (port 24) and everything else is internal or "switched" so for my particular setup it sounds like my assertion is correct.

Thanks,
Richard

I think part of what's confusing to people is when to use chain=input and when to use chain=forward because I see similar rules with both. I know it's very complicated and the pictures make it worse not better :) So when does NAT apply? So is it really going through the firewall twice? Once for the ...

I was having problems with the router bogging down and stop accepting connections so I reverted to a known good configuration: Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Accept established connection packets chain=input action=accept connection-state=established log=no log-prefix="&quo...

I think the fault seems to be with Plex. When I click "retry" after making a chance it always fails, but if I reload Plex from the web browser it shows green and I have been able to stream a movie to my phone after turning off wifi. That fixes that problem but I would still like to underst...

The NAT part is pretty straightforward. I have dstnat set on a non-standard port forwarding to my server on 32400.

Thanks,
Richard

I've been working for hours this morning to get Plex available from the internet. I've googled a ton, and what I figured out is that even with NAT working correctly some packets are being dropped that it needs to work. I briefly had success when I added a rule for connection-nat-state=dstnat in fron...

I have pieced together a working script but I'm sure it could still use some improvement. It uses the recommended https method[1] instead of the legacy http method so not only are you not transmitting your password in plain text, but it uses an API token which only allows update of the IP address. I...

THANK YOU!

That got it.

I have an almost working script that updates the IP for Dyndns using the https method instead of the legacy http method. It also uses an API token instead of your password. The problem is there's some sort of error I can't figure out. /system script print highlights the brace in front of the last el...

I've gotten it work EXCEPT I'm getting some kind of syntax error I can't track down in the last if/else statement... ### Settings ### :global ddnsuser <username> :global ddnstoken "<token>" :global ddnshost <fqdn> :global theinterface "<wan-interface>" ### Script Begins ### :glob...

I'm also trying to use the new URL method with https rather than http for two reasons, it uses a token instead of my actual password and it's encrypted... I don't know why this didn't work from the script but by hand I finally found a method that works: /tool fetch url="https://<user>:<token>@m...

I've googled the heck out of this problem and none of the scripts I've found from the forums or the wiki seem to work. I've tried just about eveything I can think of and it seems no matter what I try the result is "404 Not Found" yet I've gotten curl and wget to work from my linux box. My ...

I would expect to see at least some sort of warning here, but the documentation is very sparse, especially around the "allow remote requests" option. http://wiki.mikrotik.com/wiki/Manual:IP/DNS Now that I know what to search for I can find several instances of this problem/question on the ...

I'm very glad I found this thread, apparently I've chewed up 270GB of my 300GB Comcast internet in about 6 days... I guess the family will be playing with wood blocks for the rest of the month. Why does this happen? I understand that this is a fairly complicated piece of equipment but the documentat...

Ok, just got back from a 3 day canoe trip so I could implement your suggestion. I went ahead and made port 24 "ether24-wan" so I didn't have to change the master port. Swapped the DNS client to that interface and change the Firewall NAT masquerade to that interface an now everything seems ...

Ok, that makes me feel a bit better. Now, if I keep ether1 as master then I have to change ether2 to none and then have 3-24 master off of ether2. Is there a shorthand way of doing this through the CLI? Or I can move the WAN connection to port 24 like I was planning on before I found out it defaulte...

Ok, I think I'm starting to understand the problem but don't want to experiment with changing settings until I understand. My assumption (which may very well be bad) is that QuickSet at least knows what it's doing. I used it to get an IP from my Comcast cable modem and set the internal address to 19...

Dstnat only changes destination address and srcnat changes source address. If you have just those two NAT rules you posted and no others, source address will be changed only if packet goes out through ether1-master-local. But from your dstnat rule, ether1-master-local looks more like WAN, so packet...

Ok, I guess it's worth braking this down into two issues: 1. How do I get it to act like a regular stand alone router so the originating IP get's passed to the internal server. 2. The 75.64.26.0/23 destination setting is my attempt to not have to worry about Comcast changing my IP and not having to ...

Pre-story: I was going crazy trying to figure out why when I was setting up port forwarding just like the wiki was showing that I could sometimes remote ssh in and other times the connection was refused until on a whim I decided to look at my fail2ban log. I use fail2ban on the only computer I allow...

But I still can't ssh out or get to the router....

Never mind... It looks like sourceforge svn+ssh access is down right now.

Thanks,
Richard

But I still can't ssh out or get to the router....

Well, now ssh'ing from an external network is working...

I am trying to forward port 22 to a local computer (192.168.0.2) and I'm following the example, http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Port_mapping.2Fforwarding pretty much to a T but not only does it not work on incomming connections but it breaks ssh'ing to the switch from inside. [a...

I'm trying to setup my new CRS125-24G-1S-RM up as a SOHO router+switch. I currently have a spare laptop connected to port 2 to do Webfig since I run linux and I don't really need much in the way of advanced configuration. When trying to setup things using the Quick Set option I found that if I leave...