MikroTik

TyBermea

https://www.thedailybeast.com/exclusive ... ian-botnet

TyBermea

This worked for me as well.

TyBermea

Can you post a config?

TyBermea

https://rbgeek.wordpress.com/2014/09/10 ... -routeros/

TyBermea

If only HTTPS traffic is having a problem, it could be MSS issues. Suggest you try this: (replace ether1 with your WAN interface) /ip firewall mangle add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=ether1 \ passthrough=no protocol=tcp tcp-flags=syn tcp-mss=1453-65535 add acti...

TyBermea

I'm thinking this is faulty hardware... I've got a handful of these at work that have been sitting around, so I'm going to see if those work better.

Sounds like a good idea to me.

TyBermea

Can you post a config? We would need more info to help.

TyBermea

Ports you can find in 'system', 'ports'. If there's a usb assigned one I reckon it would be there. Not sure about the other parts, however I'm pretty certain LTE isn't supported in the current mikrotik version (although I believe it should be in version 7?) LTE has been supported for years. The pro...

TyBermea

Looks like you may have a hardware problem?

TyBermea

I've had this problem in the past and I had to change the mac address on the interface of my Mikrotik connected to the cable modem.

/interface ethernet set ether1 mac-address=xxx

Change the mac, restart the modem and make sure you have DHCP client set to the correct interface.

TyBermea

Try using 1:1 NAT. It allows all ports to flow in both directions.

/ip firewall nat add chain=dstnat dst-address=11.11.11.1 action=dst-nat to-addresses=192.168.2.1

/ip firewall nat add chain=srcnat src-address=192.168.2.1 action=src-nat to-addresses=11.11.11.1

TyBermea

Remove this rule add action=drop chain=input comment="defconf: drop all from WAN" \ in-interface=ether1 ...it is dropping traffic before DST NAT can be applied. Notice that this rule add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-...

TyBermea

You could try this (or some netflow alternative).

/system logging action
add name=syslog remote=1.2.3.4 target=remote

/system logging
add action=syslog topics=firewall
add action=syslog topics=dhcp

/ip firewall nat
add action=log chain=srcnat
add action=log chain=dstnat

TyBermea

Here is an example of destination NAT (port forwarding): /ip firewall nat add action=dst-nat chain=dstnat comment="Unifi Video" dst-port=7443,7446 protocol=tcp to-addresses=10.11.43.4 add action=dst-nat chain=dstnat comment="RDP" dst-port=3389 protocol=tcp to-addresses=10.11.43.2...

TyBermea

Rules are processed in order. You'll need to add action allow rules for each service above the drop rule. /ip firewall filter add action=accept chain=input comment="accept established,related" connection-state=established,related add action=accept chain=input comment=SSTP dst-port=443 prot...

TyBermea

Post your config.

TyBermea

It sounds like what they were telling you is that you need to create a bridge called WAN. And then connect the interfaces to that bridge (sfp1 and ether1). You will need to set your DHCP client or static IP address to the WAN bridge instead of a specific interface. Also your src nat masq. rule will ...

TyBermea

So are you wanting all utorrent traffic to go through the VPN and not out to your ISP? Post your config for help.

TyBermea

You could add the vlans to the master interface and slave the other interfaces to it or you could have each port with no master and create a vlan on each interface and then bridge them together individually. First method is probably better because it uses hardware. I haven't tried this so curious to...

TyBermea

http://wiki.mikrotik.com/wiki/Load_Balancing

TyBermea

I have used vlan tagging with Unifi to accomplish a similar goal. Each vlan will be a separate broadcast domain and you can then use ip firewall filter rules in the forward chain to drop traffic between the vlans. Remove the bridges and associated filter rules Set up vlans on the appropriate etherne...

TyBermea

I would have to look at your config, but the problem may not be the router. Some malware can cause problems like that.

TyBermea

Can you be more specific about what you are trying to accomplish? Your screenshot indicates service is disabled and you have drop rules in three filter chains...?

TyBermea

I would have to look at your config, but did you change interface 5 so that it is not using interface 2 as it's master port? When you add interfaces to a bridge, you should adjust the related IP addresses to the bridge, and that also applies to src nat masq. out interface too.

TyBermea

It's somewhat confusing to me what your are trying to accomplish. I suggest posting a network diagram and device configs to get help.

TyBermea

Post your config and I may be able to help.

TyBermea

1:1 Nat may be easier for you

TyBermea

Sounds like you need to set your phone to use the default gateway on your home network. PPTP clients typically do this by default.

TyBermea

Sounds like you need to use the default gateway on your home network (PPTP typically does this by default).

Search found 29 matches

Re: VPNFilter malware [SOLVED]

Re: Problem with PureVPN setup - ICMP workls, HTTP does not

Re: Setup of ntop

Re: OpenVPN Help on Settings

Re: LTE / SSL Firewall problem

Re: New RB952Ui - No wlan interface

Re: blocked nano m2

Re: 4G USB + WiFi Hotspot

Re: Unable to reset router

Re: Router cannot get IP Address

Re: Port forwarding

Re: MicroTik RB951G-2HnD port forwarding

Re: Log Nat translations

Re: port forwarding

Re: Router Security

Re: Mikrotik hEX + UniFi AP AC LR. Can't SSH into AP.

Re: mikrotik setup for patton isdn

Re: PPTP VPN Port Forwarding

Re: How to connect two switch groups. Cable vs Software Bridge RB2011iL

Re: How to set load balancing with 2 or more USB Modem?

Re: Please help 2 LAN with 1 AP with mikrotik not working

Re: Can't open webpages

Re: Forbid / block SNMP

Re: 2 ports for WAN and the rest can be LAN and wifi

Re: How to connect two switch groups. Cable vs Software Bridge RB2011iL

Re: NAT rules

PORT FORWARDING TO INNER NETWORK

Re: L2TP VPN - need help

L2TP VPN - need help