Has anybody actually thought about adding a button to winbox to bring up the RouterOS manual?
Or, maybe some sample interface basic configs would be useful to new users.
Take a snapshot of the manual daily and/or weekly, and have it download, or it can open a web window. No need to reinvent the wheel.
Maybe layout (explain) the basic blank config, the default config, and home router config (as in my case of the RB750g3).
Not to be snarky or sarcastic, but the ChatGPT has been more helpful than trying to guess my way thru the Forum or RouterOS manual. I have an old MCSE
and not exactly a noob, but I am out of date. (I'm retired). These routers and winbox are really good powerful tools but are still beyond us that have build networks,
albeit simple ones.
To reiterate, the basic port configurations and configuration requirements for setting them up, would go a long toward visualization of commands and logic. Maybe
by comparing winbox to the command line.
(snark alert) If the goal is to keep users floundering and require the class, its working. I can move on. I wanted the best I could afford. (I got it but cant use it.)
If MikroTik wants more market share, for their simpler products, you need to dumb it down. I even find that remark insulting to such a powerful device and OS.
If you cant get basic(simple) documentation, no one has time to take a 3 credit class. (I wish i could, the rb750g3 is fascinating), but I can't make it work. I've been on
it for days and I am missing something. I know my need is simple and basic. (Just two ports, two networks, connected as one, with no restriction needed. (I dont care,
bridging or routing; all the machines need to get to each other.) The forum and videos are into the more esoteric stuff.
Please, consider this post as I intended, to be constructive.

Or, maybe some sample interface basic configs would be useful to new users.

There is a Quickset: https://wiki.mikrotik.com/wiki/Manual:Quickset

Maybe layout (explain) the basic blank config, the default config, and home router config (

I agree that having default ready-to-use configs is a good thing (Postfix and StrongSWAN have them for example).
There are long-read tutorials though, i.e https://help.mikrotik.com/docs/display/ ... ndamentals

Your point is valid and this was topic of many discussions here on forum but unfortunately i don't think that Mikrotik will ever have simpler and user friendlier interface.

Quickset is "#$%& and i wouldn't use it... First time you do something in your configuration that is out of quickset reach you will probably end up with screwed up configuration...

Quickset should be "one time wizzard" disabling itself when you press "Save configuration" and active only with clean/empty configuration.

Quickset should be "one time wizzard" disabling itself when you press "Save configuration" and active only with DEFAULT configuration.

Small correction.

Small correction to small correction: CLEAN DEFAULT AFTER RESET configuration as each time you start QuickSet the current/running configuration should have been compared (hope tenses are correct ) with stored somewhere the default clean ROS configuration for particular model

Has anybody actually thought about adding a button to winbox to bring up the RouterOS manual?

The only reason I can guess why you'd want that is that you're trying to configure your RouterOS box as your only Internet connection, thus find yourself unable to access the manual when you break things. If so, then I want to introduce you to Safe Mode which, as you will notice, is documented in the Getting Started section of the manual. (Hint.)

There's also value in backing your configuration up at key points, making it easier to go back to when it was working last night before bed and such. My tool for this directly supports this type of workflow by letting you say things like "fossil update 2024-02-15" to roll back to the latest checkin made on yesterday's date, as of this writing.

Or more generically:


Upload the known-working config, reboot, and try again. The tighter you make this feedback loop, the faster you can proceed safely forward.

Maybe layout (explain) the basic blank config, the default config, and home router config (as in my case of the RB750g3).

Done, just for you.

You're welcome.

Just two ports, two networks, connected as one, with no restriction needed.

If they have the same IP address scheme on both sides, you want a bridge. If not, then you can probably get away with a pair of static route rules, with hosts on either side of the network pointing at your new router as the "gateway".

Guys! Thank-you for your responses! This post has sorta morphed (in a good way) from the RouterOS manual ideas. However, I am in fact trying to make this router work! Alas, the learning curve is steep and the "how to" step by step is not forth coming, There are tons of posts and videos Each in a niche. Hence, a three day class on basics.
As a retired Joe Shmuck I can't justify or afford a 4 day out of state trip for a 3 day class on a $60 router, that I need to step up maybe only one time.(not complaining, it would be a fun class to do). You forum gurus hold the keys. We (I) need to be able to ask the right questions. Tangent-- thank-you for the explanation of safemode. I will be able use it, if this thing can ever work the first time.
I have a stable working internet, (for at least 10 years now), with my main "192net" working just fine. I also have a "10net" for my camera network. I have a NVR server straddling the networks. It can't route. So, to update the cameras I need a way to the internet. So, I thought a router with just 2 ports could connect the 10net and 192net. Seemed like a simple enough idea. The RB750Gr3 should be overkill and I think it is. It's an amazing little box and the RouterOS is a masterpiece. Unfortunately you need to be a master to create a master piece. I am certainly not a master but have a working knowledge and have done this kind of thing before. A long time ago, and not often.
I've tried exporting the config ( >export file=defaultconfig.txt) and opening it to see the basics of organization, then poking in my ideas. Been finding my way around, but still don't get it. I am not a purest, so I don't care if the networks route or bridge. So far, ChatGPT has been very helpful with me learning, but doesn't have an answer.
***(snark alert next) I bought this through Amazon, there is a notation that configuration help is a feature they can provide - yeah right, try it! I tried going the MikoTik support route and was summarily blown off, (albeit nicely). (end of snark)***
You forum gurus are the answer and have the answers. Thank-you for your time doing this. I'm not trying to bite the hand that feds me. Guys assume we (with old resume's) know the winbox app, syntax, and process. I'm open to being schooled if some one has the time. again, sincerely, thank-you. .bwj...

Here is my config:
I think that's basic. What's missing?
The actual gwy to the internet is at 192.168.1.1 . That's all I know..... .bwj...

This post has sorta morphed (in a good way) from the RouterOS manual ideas.

Naturally. The only people who could agree to your request to clone the manual into WinBox for offline use are MikroTik themselves, but this is a user-to-user forum. The direct user-to-MikroTik feature request channel is elsewhere.

Personally, I think they should export it all to Markdown, then republish it via Fossil so that I can clone it locally. That would not only let me open it in a web browser while offline, it would let me keep it updated with the sync protocol. I don't see that happening, though.

Alas, the learning curve is steep

Yes, but not maliciously so. Keep in mind, network engineering is a career for some. This is a deep, deep pool you've plunged into. Your immediate project is nearly trivial when put up against the scale of what is possible, but at the same time, you can't expect free private consultation from working professionals every time you have a question. If they were to bill you at their hourly rate, you'd "nope" right on out of that deal for the same reason you're rejecting in-person training.

As a retired Joe Shmuck I can't justify or afford a 4 day out of state trip for a 3 day class on a $60 router

How about a $13 class that you can do from your place of retirement, then?

The one I've linked is overkill for your purposes, but it's the closest match I can find to your immediate needs. I got my own start in RouterOS from Maher Haddad. If you can get past the strong accent, he knows what he's talking about. After a time, I found the quirks of his approach to English becoming somewhat charming.

On the course price, do realize that nearly everything at Udemy is on sale all the time. Don't believe them when they say it's normally a $60 course or whatever. If it is currently full-price when you visit, wait a day or two, and it'll be back down into the $9-15 range again.

You forum gurus hold the keys.

That implies that we're jealously withholding our knowledge. The fact is, our time on this planet is finite, and a good many of us have found someone who will pay us enough that we could buy multiple hEX routers every day. The expensive bit isn't the hardware, it's human working time. Places like Udemy amortize that cost across thousands of people, asynchronously, so that we do not have to pay full-rate for training.

Tangent-- thank-you for the explanation of safemode. I will be able use it, if this thing can ever work the first time.

I gave you rather more than that. I spent roughly 6 hours writing that article for you, in direct response to this thread. Where's my check for 6×$RATE for personal training?

I'm not being literal, but I do want you to value what you're getting here. It wasn't "free." Someone (me, in this case) spent a lot of time trying to help you several moves up the learning cliff, and now you're exhibiting signs that you didn't do more than skim it, if that.

What I want from you in return is effort. If you show us that you're trying to learn, and progressing, you'll increase the chances of getting more of this "free" training. If not, then why would any of us expend more of our finite time on this away mission to Planet Earth?

I don't care if the networks route or bridge.

Why not put them all onto your "192net," then? That would be the simplest solution; it would have allowed the default bridge to do everything you asked for above.

Mind you, I'm not advising that; I'm asking you to give us your justification for having the split in the first place.

By putting the two sides of the networks on different IP ranges, you require routing. Bridging isn't even an option now.

(Not a clean option, anyway. You could multi-home everything that needs to see both sides over a single bridge, but ick.)

So far, ChatGPT has been very helpful with me learning

Please stop saying that; you're making people here cringe. ChatGPT can, at best, regurgitate other humans' knowledge for you on demand. At worst, it makes up utter horse hockey that merely sounds correct. Your ability to distinguish the two cases is minimal at this point, putting you at serious risk of being misled.

I bought this through Amazon, there is a notation that configuration help is a feature they can provide - yeah right, try it! I tried going the MikoTik support route and was summarily blown off, (albeit nicely).

They told you that right up front. Point 6, here: "Technical support does not include training on TCP/IP." That's what you're asking for here: for someone to train you in basic networking. That's what the manual is for, and failing that, professional trainers like Mr. Haddad.

Code: Select all

/ip route
add distance=1 gateway=ether5
add distance=1 gateway=ether2
add distance=1 dst-address=192.168.1.2/32 gateway=ether5

I told you above that I believe you can do this with a pair of static routes. You've got three here, one of which shadows the third.

The first static route you've defined tells the router that the default route is toward the camera network. This is simply wrong. The only traffic that should be going that direction is that which needs to get to your "10net".

The second rule corrects this, telling the router the truth, that the default route is toward ether2, which presumably connects to your Internet router.

But then your third rule goes and tells the router that the direction to your "192net" is toward the camera network again! No wonder it doesn't work.

I haven't tried this here, but what I believe you want is something more like this:


Atop that, everything in the "10net" needs to be told that their gateway is 10.1.1.1, the "10net" side of the router that knows how to get traffic onto the "192net" and from there out to the Internet.

I gave both routes for the purposes of explanation, but in fact, the second static route should be implicit from the "/ip/address/add 10…" rule above. Check it with "/ip/route print", and if I'm right, you only need the first rule. Presumably you had it in that configuration at one point, but you were doubtless missing the "10net" gateway on all the "10net" devices, explaining why it didn't work with the single default route configuration.

It is quite possible I've missed something in all this. I'm no routing expert, and if I had to do something like what you're proposing, I'd set it up with VLANs instead. I'm not recommending that to you, however; the requirements for doing that would blow your mind at this stage. Get something basic working, rebuild your confidence, and only then decide if you want to do this the fancy way professional network engineers prefer.

@tangent
When I saw your linked basic config document I snaffled the link immediately, despite the fact I have already set up a few Mikrotiks and have other bookmarks in my "Basic setup" folder. My problem is simply that as a home user I rarely need to touch them so a quick re-orientation course is very useful to have standing by. It is clearer than others I have seen.

Thank you.

I snaffled the link immediately

I thank you for saying so. Nothing is more demotivating than realizing that no one is interested in one's work.

To pull this back around to the start of this thread, you could maintain a local clone of that repo and then be able to read my article while offline by pulling it up in "fossil ui".

And, when the article changes, a quick "fossil up" will get you the latest version. This one changed a few hours ago when I realized I hadn't covered the default auto-mac and STP settings on the bridge.

If you see any more holes in the presentation, do let me know.

I did read the post from your link right away when I saw it.
Excellent post !!
Quite nice to see it being presented this way and IMHO a HUGE help for newcomers.

I'm not a good writer but I'm a pretty good reviewer, I like to think (years and years of reviewing electronic design specifications as test engineer thought me that).
Is there a way to provide comments on your environment ? I did register, especially for you

Because:
I am a little bit waiting for the teaser which was left there (first rule on input chain of firewall):

We’re going to skip over this one for now, but do realize it has to be high up in the list of rules for it to take effect.

Excellent post !!

Thanks!

Is there a way to provide comments

There's the forum.

(And don't worry, I have zero intention to try and split this forum's community. It's for discussing my MikroTik Solutions repo, only.)

There's also the option to set up a private chat area in Fossil, but I don't see there being enough traffic to be worth keeping a tab open to monitor it. I could easily set it up for funzies, but it'd die off for lack of attention soon after. It's a feature best used to coordinate work among multiple active contributors.

I am a little bit waiting for the teaser which was left there (first rule on input chain of firewall):

I did indeed let that thread drop. Thank you for calling it out. Here is a direct link to the new material. There have been improvements to the rest as well.

@tangent can I link your article in post where I did quick tutorial on config export for beginners ? This is really great stuff and I think it will be useful for them.

You did something that Mikrotik wiki lacks, explanations.

@tangent can I link your article in post where I did quick tutorial on config export for beginners ?

I’m having difficulty imagining how I could stop you.

But sure, go ahead, and thanks for asking.

Awesome, my favourite line.........

Quote: " What I want from you in return is effort. If you show us that you're trying to learn, and progressing, you'll increase the chances of getting more of this "free" training. If not, then why would any of us expend more of our finite time on this away mission to Planet Earth? " unquote.

Pure gold, I too did a few of the udemy courses, read through countless MUMs, picked brains, made an ass of myself learning wireguard etc etc etc....
It takes persistence, especially when one has no background in networking. There are no shortcuts when you dont understand the fundamentals yet. Thus, it really has to become a hobby of sorts.

Well it's not my material but I wanted to add it so beginners can see it. But before that i think that it's proper thing to ask for permission

It would be a shame that this fade out when this topic is solved and pushed down.

Tangent, I'd like to publicly thank-you for your efforts. I want to apologize for poking what seem to be sore spots in the industry. Most sincerely, thank-you for your hard work.
I did not realize the professional tutorial you wrote was for me. I am flattered and very glad that others on this forum have seen more clearly the value. I went back and reread it, as I surely should(several more times). The complexity, need, and nuance of the todays available protocols was not something I dealt with in the 80's. I got an MCSE in the win2000 era. I didn't know Udemy existed, they didn't before I retired. (Udemy circa 2010).
My info as to a refresh and continue my education was about a MikroTik seminar in Oklahoma City for $900. Of, course my pursuit will be in the Udemy direction. (I considered a class at a community college that is near me, but it isn't offered again until the fall).

Again, info I didn't have that you did. Thank-you again! I'm learning more than just the technical stuff.

I'm not going to try to respond point by point. That will sound like excuses. Simply, don't have the keys you gurus have. No one has forced you to be on the forum, that comes from a good place inside you. No comment I made was or is intended to criticize, demean, or belittle your work. Any of you. I'm somewhat dismayed at your assumption that I wasn't trying when you had no idea. However, even after the perceived insult, you rose above that to continue to clarify your points and are enormously helpful. I hope your tutorial will find it's way into where guys at my level can find it. I never expected the level of response given - I didn't understand, that hasn't been my experience. I didn't expect your level of professionalism and sensitivity. I was thinking a friendly chat to exchange ideas. "Free" consultation wasn't my intent. I get it. This forum, and any other you may do, needs your expertise.(I'm not sucking up, we do need you, just a fact.)
What are user forums for if not learning, you get that. If I were actually a networking guy I'd be embarrassed by my lack. Clearly my communications skills are also lacking. You got passed it.

One more comment, also from a lack of understanding, ChatGPT is totally new to me. Didn't understand the industry sensitivity. My grand daughter, in college, suggested it. I can
see where that makes people feel devalued. It dutifully responded as best it could to my apparently inane questions very patiently - that's good and bad, no passion. Good learning tool, it didn't solve my problem.

Again, and sincerely, Thank-you Tangent. Your efforts are needed by people like me. For me this IS a hobby, and extension of who I am, and what I was...I can't run or do karate anymore, I'm staring my mortality in the face, working my bucket list. (skydiving, motorcycle license, landscaping type yard, fabricating things (using the tools I've acquired over the years). In essence, trying to have a life. I'm in my seventies and loosing it...not complaining - happens to everybody. I'm sure my network will go when I do, but in the meantime........

I'm somewhat dismayed at your assumption that I wasn't trying when you had no idea.

You're right, I assumed, but I did it out of protective reflex. There are scars backing it.

It's based in a phenomenon often seen on technical forums (not just this one) where people throw out question after question without considering the cost it incurs on the other end. We call it spoon-feeding here, and I wanted to cut that off early if it was going to happen in this thread yet again. Hold up your end, and we'll be fine.

This isn't limited to user support forums, either. You see it in all types of mentoring. If you want 1:1 teaching, that costs. The efficient path is one-to-many distribution of knowledge, amortizing to near-zero per student.

That's why I post articles, write docs, etc. My six hours (or more like nine now) on that article should help many people now. The problem comes when each questioner wants 1:1 tutoring, tailored to their exact situation, rather than putting in the effort to apply preexisting material to it.

When someone points you to the docs, demonstrate that you have read it if you don't want to be accused of wanting to have it spoon-fed to you. Sorry to be blunt, but that's how it is.

ChatGPT is totally new to me. Didn't understand the industry sensitivity.

It doesn't help that I'm a moderator, tasked in part with squishing LLM-generated spam every day I show up to contribute some time to beating back the encroachment. It's relentless; computers don't sleep.

I can see where that makes people feel devalued.

That isn't it, really. I don't mind tools to help people. The problem is, current LLMs are BS-spinners of the highest order. We've had national-level politicians with less skill in this art. Computers have no shame, not even when they tell you they're "sorry" for misleading you.

Using such LLMs is fine with me if you have the knowledge to catch them on their BS, but when you're new to a topic, everything they say looks "correct." Be warned.

I totally agree. Ain't no such thing as a free lunch.
Please keep up the good work.
This is the first forum I've been on in years, It's different now apparently. In general, I'm typically the helper not the helpee. Not comfortable here.
Thank-you again.