I am finally ready to seup mikrotik CCR router with home ISP gateway router
trying to seup ip passthrough, but i am not sure where to find the mikrotik public WAN ip address

anyone willing to point to how to navigate to where this ip address will be?

With ISP home gateway in the way it's highly probable that CCR will not ever see true public IP address.

What is your actual objective here?

Trying to do similar thing to this https://forums.att.com/conversations/at ... 546096212e

I need to use router at home and need to connect to ISP gateway router via ip passthrough

I need to use router at home and need to connect to ISP gateway router via ip passthrough

When AT&T's oddball IP passthrough mode is enabled, you don't have two routers. You have a router and a fiber-to-Ethernet media converter, generically called a modem.

It's an important distinction because the AT&T box isn't doing routing any more. Thus, it is not a router. If it were otherwise, you'd be asking about double NAT, which is both a problem and a solution, depending on how you look at it and what your needs are.

I believe what you're asking for is how to make the RouterOS box get a public IP. Assuming you don't have a static IP from AT&T, you have to enable the DHCP client on the WAN-facing interface. RouterOS doesn't blindly solicit IPs and DNS servers and routes and everything else you can get over DHCP out of the box. That would be a potential security disaster. DHCP should transit only the links where it's expected and necessary, but deciding which that is is up to you.

Beware that the road you're going down is dangerous if not done under expert guidance. By putting your ISP modem into that passthru mode, you're exposing everything plugged directly into it to the big bad Internet. RouterOS doesn't ship configured for security. The box ships naked, and it's best set up and tested before you expose it to the Internet, on a private LAN.

I believe what you're asking for is how to make the RouterOS box get a public IP. Assuming you don't have a static IP from AT&T, you have to enable the DHCP client on the WAN-facing interface. RouterOS doesn't blindly solicit IPs and DNS servers and routes and everything else you can get over DHCP out of the box. That would be a potential security disaster. DHCP should transit only the links where it's expected and necessary, but deciding which that is is up to you.

Yup yeah i know the ISP router will no longer do routing after this setup; well aware of that
I do have a static IP block, so how do i setup the mikrotik router to use the static IP i have?

how do i setup the mikrotik router to use the static IP i have?

Here.

how do i setup the mikrotik router to use the static IP i have?

Here.

As @tangent already said, you configure a Public static IP the same way as you would configure any other IP...

When you say static IP block what do you mean? THe ISP is giving you 5 public Static WANIPs ??

yup i have /27 static ipv4 from ISP

So i have now added static ip to the mikrotik
all looks good, i added gateway ip and DNS server and route to internet and i can route to internet
can ping google.com and so on

BUT the ISP router is still working as router. What is going on?
Am i doing something wrong?

I thought the ISP gateway router will no longer function as router anymore and mikrotik router will be the router now
so why is this happening? or am i missing another settings somewhere?

Most networked devices nowdays (wired, wireless, ...) use DHCP protocol to discover network settings (own IP address, gateway, DNS servers) ... and most routers, given out by ISPs, have DHCP server configured (because most users don't know much about networking).

Users who know a bit of networking then change things according to their wishes. Other either use whatever ISP offers or get (hire) somebody to configure things for them.

Most networked devices nowdays (wired, wireless, ...) use DHCP protocol to discover network settings (own IP address, gateway, DNS servers) ... and most routers, given out by ISPs, have DHCP server configured (because most users don't know much about networking).

Users who know a bit of networking then change things according to their wishes. Other either use whatever ISP offers or get (hire) somebody to configure things for them.

How does this refer to my last comment???

Most networked devices nowdays (wired, wireless, ...) use DHCP protocol to discover network settings (own IP address, gateway, DNS servers) ... and most routers, given out by ISPs, have DHCP server configured (because most users don't know much about networking).

Users who know a bit of networking then change things according to their wishes. Other either use whatever ISP offers or get (hire) somebody to configure things for them.

How does this refer to my last comment???

Without you telling us exactly in what way ISP device us still acting as router I'm guessing you set up CCR in parallel to the rest of devices. If that's not the case, then provide us with current network layout and text export of your CCR. And write details about how's your ISP router configured. Some ISP layouts mean that their router at your premises can not be replaced by your own equipment (without them reconfigutring part of their access network).

Without you telling us exactly in what way ISP device us still acting as router I'm guessing you set up CCR in parallel to the rest of devices. If that's not the case, then provide us with current network layout and text export of your CCR. And write details about how's your ISP router configured. Some ISP layouts mean that their router at your premises can not be replaced by your own equipment (without them reconfigutring part of their access network).

I mentioned already in earlier post
please check from beginning of thread

viewtopic.php?t=184341#p920822

I am trying to understand where the problem is...
If you have a static IP block given to you by your ISP, a /27 as you said ( 32 available addresses from which the first is the network address and the last the broadcast address ) then you assign ( usually ) the second available host address to the ethernet interface connected to your ISP.
And i do say usually because i can't be sure about that... one of the addresses belonging to the /27 is used by your ISPs equipment. You should ask them which address they use, because that address will be used as your Gateway in your default route...
After you assign that address, you will have to masquerade, or even better source-nat ( since you know the IP ) under ip firewall nat...

But, unless i see a topology diagram ( even a simple one ) as @mkx suggested too, and the configuration currently used, i can only make assumptions, which is not that good...

BUT the ISP router is still working as router. What is going on?
Am i doing something wrong?

There are two explanations. Either you've set the public IP address on your Mikrotik's WAN interface in parallel to some other one (you can even have a dhcp client and multiple manually configured addresses attached to the same interface), or the ISP's device indeed has that public subnet at its LAN side, while its own WAN IP address is actually different and the public subnet is routed via that device's WAN IP.

If it is the latter case, it might still be possible to switch the ISP's device to bridge mode, but depending on how the routing of that /27 is configured in the ISP's core, it might be complicated. I've seen ISPs asking the client to advertise the public subnet granted to them using a dynamic routing protocol.

If you can have the public IPs directly on your router and traffic from the internet can reach them, there is no reason to insist on removing the routing functionality from the ISP device.

@Zacharias @sindy

I have assigned static public IP from what i purchased from ISP and i can reach my mikrotik router via the static public ip fine
that is already done, i can pinfg the internet from CCR router fine also
I am already setting up my VLANs and connecting the 2 x CRS switches also

Only thing am not sure about is my ISP router us still working as router, matter of fact i am typing this post via the wireless of the ISP router
so am not sure why people keep saying after IP passthrough is setup i cant access ISP router anymore, i still CAN and i can at the ISP local ip still

So at the moment, am just thinking how to mikrotik private network
I have audience device I will be connecting soon, so maybe i will be able to now be able to get to the mikrotik private network from connecting to the audience device connected to the mikrotik

Extra details on topology

CCR2004 ---> CRS326(need for SFP+ 10G ports) ----> CRS312(need for RJ45 10G ports)

CCR2004 => https://mikrotik.com/product/ccr2004_1g_12s_2xs
CRS326 => https://mikrotik.com/product/crs326_24s_2q_rm
CRS312 => https://mikrotik.com/product/crs312_4c_8xg_rm

I have been able to setup route to internet using the static public IP
CCR2004 can route to internet with the public IP
but the CRS switches are not able to route to internet

I created route to internet using the private IP of management as gateway but still can not route to internet from the CRS switches
I can ping CCR2004 router on IP from management VLAN1 at 192.168.11.254 from CRS switches(192.168.11.253 and 192.168.11.253) and vice versa
but just can not ping internet from the CRS switches

How do i fix this?

Only thing am not sure about is my ISP router us still working as router, matter of fact i am typing this post via the wireless of the ISP router
so am not sure why people keep saying after IP passthrough is setup i cant access ISP router anymore, i still CAN and i can at the ISP local ip still

There are many ways how the ISP may set up things. The "bridge" or "passthrough" mode of the ISP device is only strictly required in cases where the ISP uses PPPoE and you want to run the PPPoE client at your own router rather than at the ISP's one. In your case, it may not be like that, but it's still not clear to me whether, with your current setup, you can see incoming packets to the public IP on your 2004 if you send them from the internet (e.g. by entering that address into a browser on your mobile phone connected via the mobile network, not WiFi). This is the only proof that the public subnet is configured properly at both ends.

An ISPs router can both act as a Router and at the same time having passthrough enabled...
Since you can reach the internet connected to your ISPs wifi obviously it acts as a router too...

Are you sure the IP address space assigned to you by your ISP belongs to the Public IP address space ?

An ISPs router can both act as a Router and at the same time having passthrough enabled...
Since you can reach the internet connected to your ISPs wifi obviously it acts as a router too...

Are you sure the IP address space assigned to you by your ISP belongs to the Public IP address space ?

I can reach the static public IP of the CCR from anywhere in the universe
So how can i setup the static private IP companion, so i can route all the private networks in the VLANs to the internet?

Normally the router has a public IP and private IP to reach it from public internet and private networks respectively
but i am only able to setup public IP so far, how do i setup the private IP from the management VLAN1 (192.168.11.254)?

how do i setup the private IP from the management VLAN1 (192.168.11.254)?

/ip address
add address=192.168.11.254/24 interface=????

Replace the questionmarks with the name of an interface where you want this address to be placed. As you mention management VLAN 1, the proper interface would be the interface that hosts all your local VLANs, e.g. ether10 (provided you connect your switches in a flat chain rather than a ring topology - for a ring topology, you'd create a bridge with two interfaces as ports, and attach the IP address to that bridge, not to the member interfaces).

how do i setup the private IP from the management VLAN1 (192.168.11.254)?

/ip address
add address=192.168.11.254/24 interface=????

Replace the questionmarks with the name of an interface where you want this address to be placed. As you mention management VLAN 1, the proper interface would be the interface that hosts all your local VLANs, e.g. ether10 (provided you connect your switches in a flat chain rather than a ring topology - for a ring topology, you'd create a bridge with two interfaces as ports, and attach the IP address to that bridge, not to the member interfaces).

Currently i add VLAN1 as the interface
I just changed that to the port interface like eth1 and now the CRS switches can not even ping the IP 192.168.11.254

Remember the VLAN1 is management vlan


I added the route to 0.0.0.0/0 via 192.168.11.254 gateway but i cant reach internet this way
I can only ping the gateway IP but cant reach internet
how do i reach internet from the CRS switches?

I added the route to 0.0.0.0/0 via 192.168.11.254 gateway but i cant reach internet this way
I can only ping the gateway IP but cant reach internet
how do i reach internet from the CRS switches?

Oh boy... Where to begin..

I do have a couple questions.. Why did you pick the CCR2004? The RB____ series with it's default rules, comes to mind that may have been a better choice for you.

A /27 is a fairly large IP block. Are they routing it to you? Or are they being the gateway for all the IPs in the block? This makes a very big difference in setting up your router.

As for your last question, you need to setup NAT rules so your CCR knows what to do with the traffic.

I added the route to 0.0.0.0/0 via 192.168.11.254 gateway but i cant reach internet this way
I can only ping the gateway IP but cant reach internet
how do i reach internet from the CRS switches?

Oh boy... Where to begin..

I do have a couple questions.. Why did you pick the CCR2004? The RB____ series with it's default rules, comes to mind that may have been a better choice for you.

A /27 is a fairly large IP block. Are they routing it to you? Or are they being the gateway for all the IPs in the block? This makes a very big difference in setting up your router.

As for your last question, you need to setup NAT rules so your CCR knows what to do with the traffic.

I needed a true rack router, not a desktop or home based router
This will be used to serve some very mission critical apps/servers
So yes i needed the CCR2004, which is best mikrotik router second to CCR2216 ofcourse

The static IP block i have i am given gateway within the block that i use as next hop to get to the internet
Did i answer your question?

Can you please guide me with the NAT rules? At least we can start with what i want to do
which is to setup private IP for the router that the switches will use to route to internet

Thanks

I needed a true rack router, not a desktop or home based router
This will be used to serve some very mission critical apps/servers
So yes i needed the CCR2004, which is best mikrotik router second to CCR2216 ofcourse

The static IP block i have i am given gateway within the block that i use as next hop to get to the internet
Did i answer your question?

Can you please guide me with the NAT rules? At least we can start with what i want to do
which is to setup private IP for the router that the switches will use to route to internet

Thanks

Just so I follow..

You have said,

home ISP gateway router

I needed a true rack router, not a desktop or home based router

This will be used to serve some very mission critical apps/servers

All of these can't be put together.. 'Very mission critical apps/servers" do NOT go with "home ISP" anything.

So yes i needed the CCR2004, which is best mikrotik router second to CCR2216 ofcourse

No, not 'of course' but that really doesn't matter.. From your posting, the RB5009UG+S+IN, RB4011iGS+RM, or RB3011UiAS-RM would have been better choices for you, especially with their default rules.

With the above mentioned, plus

Can you please guide me with the NAT rules?

I'm trying to politely saying this, you are not the right person for this job. I strongly suggest hiring someone for a couple/few hours to set this up for you.

Otherwise start here, https://wiki.mikrotik.com/wiki/Manual:I ... Source_NAT

I needed a true rack router, not a desktop or home based router
This will be used to serve some very mission critical apps/servers
So yes i needed the CCR2004, which is best mikrotik router second to CCR2216 ofcourse

The static IP block i have i am given gateway within the block that i use as next hop to get to the internet
Did i answer your question?

Can you please guide me with the NAT rules? At least we can start with what i want to do
which is to setup private IP for the router that the switches will use to route to internet

Thanks

Just so I follow..

You have said,

home ISP gateway router

I needed a true rack router, not a desktop or home based router

This will be used to serve some very mission critical apps/servers

All of these can't be put together.. 'Very mission critical apps/servers" do NOT go with "home ISP" anything.

So yes i needed the CCR2004, which is best mikrotik router second to CCR2216 ofcourse

No, not 'of course' but that really doesn't matter.. From your posting, the RB5009UG+S+IN, RB4011iGS+RM, or RB3011UiAS-RM would have been better choices for you, especially with their default rules.

With the above mentioned, plus

Can you please guide me with the NAT rules?

I'm trying to politely saying this, you are not the right person for this job. I strongly suggest hiring someone for a couple/few hours to set this up for you.

Otherwise start here, https://wiki.mikrotik.com/wiki/Manual:I ... Source_NAT

I'm trying to politely saying this, you are not the right person for this job. I strongly suggest hiring someone for a couple/few hours to set this up for you.

Otherwise start here, https://wiki.mikrotik.com/wiki/Manual:I ... Source_NAT

Networking is not rocket science; you guys make it seem like it is some rocket science
I have majority of stuffs done already, just a few configs here and there, i must get a consultant
No i want to setup myself, I am here to get some help from you guys

Try to help with what you can, if i could get a consultant, then i won't be on the forums at all
You guys try to be helpful some times, I am not a grandma that know nothing
Just a few steps here and there i will be done with the setup i want and need
And then will know how things work even better and be able to support myself always

Get a consultant and then when issue arises get a consultant and when upgrades come get a consultant
Now one or more consultants know your network, and when you get hacked you wonder why

Networking is not rocket science; you guys make it seem like it is some rocket science
I have majority of stuffs done already, just a few configs here and there, i must get a consultant
No i want to setup myself, I am here to get some help from you guys

Try to help with what you can, if i could get a consultant, then i won't be on the forums at all
You guys try to be helpful some times, I am not a grandma that know nothing
Just a few steps here and there i will be done with the setup i want and need
And then will know how things work even better and be able to support myself always

Get a consultant and then when issue arises get a consultant and when upgrades come get a consultant
Now one or more consultants know your network, and when you get hacked you wonder why

Yes, not rocket science but it also isn't hard to find the information on setting up NAT..

Hire a consultant to set this up for you, then you will have a good working configuration to work with. If issues arrive, figure them out yourself, if you can't, sure, hire them again.

If you are getting hacked because you hired a consultant or two... Something is seriously wrong with the consultants you choosing to hire...

Which part of the NAT configuration are you having issues with?

Which part of the NAT configuration are you having issues with?

I think first i want to understand what i need to do
Like i said router can be reached via public IP address and can route to internet using the public IP gateway of third to the last IP in the CIDR block i purchased from ISP

Now i want the devices connected in VLANs to also route to the internet using the private IP of the router which I want to set to 192.168.11.254 which is VLAN1, management VLAN
So just want to understand what i need to do
If i need NAT, what type of NAT? and on VLAN1 or on the bridge created or on the specific interface
Will the NAT be setup from IP => Firewall => NAT?
or from Bridge => NAT?

Just explanations of what need to do in like a sentence or 2 will be much appreciated

I am seeing the following IP 186.148.224.203 in my CCR router under ip => firewall => connections tab and not sure if am hacked or something


Anyone know steps to close all connections and see this IP continue to show up?

Click on the connection and then the red - button in the top left.

Also be aware that there is a LOT of "harmless" traffic.. There are many groups that scan the entire internet hourly.

Click on the connection and then the red - button in the top left.

Also be aware that there is a LOT of "harmless" traffic.. There are many groups that scan the entire internet hourly.

That is remove though, I dont want to remove
I want to find ways to detect what the IP is doing, it has been there for a while
Also what is the connections tab meant for? All connections to router or requests to router?

So just want to understand what i need to do
If i need NAT, what type of NAT? and on VLAN1 or on the bridge created or on the specific interface
Will the NAT be setup from IP => Firewall => NAT?
or from Bridge => NAT?

Just explanations of what need to do in like a sentence or 2 will be much appreciated

Did you read the NAT manual page I linked to? What questions do you still have about NAT?

You talk about needing to host "mission critical" applications from home... You don't seem to understand what kind of NAT you need, after reading the page about all types of NAT, and your nickname is uberwebguru.

Networking isn't rocket science, you are correct, but it isn't simple either. Do you understand computer networks uberwebguru?

That is remove though, I dont want to remove
I want to find ways to detect what the IP is doing, it has been there for a while
Also what is the connections tab meant for? All connections to router or requests to router?

What do you think closing means then?

"Connections" is all traffic. Input, Through, and Output.

If you want that information, you will need to analyze it. Wireshark is a good tool for this.

That is remove though, I dont want to remove
I want to find ways to detect what the IP is doing, it has been there for a while
Also what is the connections tab meant for? All connections to router or requests to router?

What do you think closing means then?

"Connections" is all traffic. Input, Through, and Output.

If you want that information, you will need to capture it.

So confirmed connection, means it connected to the router?
This is why am asking to confirm, so means i have been hacked then?
Conneted and making requests is two different things

Conneted and making requests is two different things

They are?

RouterOS (and Mikrotik routers) are real routers. They are not ment for beginners.

Conneted and making requests is two different things

They are?

Successful SSH login and SSH command to login are the same?

Ok i have setup the destination NAT in ip => firewall => NAT
Followed these steps




Issue now is i am able to route to internet using the gateway public IP for the router
but what will be the gateway ip to route to internet for the switches?
this is where am not getting how this will work

but what will be the gateway ip to route to internet for the switches?
this is where am not getting how this will work

https://wiki.mikrotik.com/wiki/Manual:I ... Source_NAT

what will be the gateway ip to route to internet for the switches?

This is the kind of question that gets people wondering if you're capable of implementing this plan safely.

The CCR is the gateway for the things inside its envelope. Therefore, the gateway IP is the gateway's IP. This is positively elementary.

Lookit, I'm not going to tell you you're an idiot or clueless. I have no idea, and short of making you take some sort of test, I wouldn't really know. What I can say is that you are failing to publicly demonstrate a clueful stance, which is causing some people here to treat you as clueless.

Demonstrate cluefulness and people will treat you as clueful. Demonstrate that you're learning, and people will treat you as capable of learning more.

Mainly what I'm seeing is a lot of spoon-feeding. If you want that impression to change, pick the adult fork up and start feeding yourself.

I'm not saying "don't ask questions." I am saying "Ask questions the smart way."

They are?

Successful SSH login and SSH command to login are the same?

You tell me when you find out. Site a source and reason why they are or are not the same.

I am trying to only keep necessary services on only
Since the rack will be couple of feet away from me
I can turn them on when i need them, as part of security

Please let me know what services i need on and if this is a good idea
Thanks

Please let me know what services i need on and if this is a good idea

You need the services on that you plan to use.

We can't answer that for you.

Please let me know what services i need on and if this is a good idea

You need the services on that you plan to use.

We can't answer that for you.

What am asking is about essential services that MUST be on for things to work
Maybe api is needed for basic routing, am not sure
Again what MUST be on, i need winbox to manage, so i have that on because i need
Others i believe i dont need, but am asking for anyone to point me if i may be doing what i should not

It is simple man, cheer up a little and be a nice when helping
Am a brand new mikrotik user and also not a network engineer by profession
I manage Juniper SRX router for 8 years and most of the setup were done for me, this time i want to understand the setup myself
So be a bit considerate there, i may ask stupid question, but i rather ask so i know than to continue to be ignorant

What am asking is about essential services that MUST be on for things to work

None of them are needed for things to work.

System-Packages, if you mess with those, then stuff will break.

What am asking is about essential services that MUST be on for things to work

None of them are needed for things to work.

System-Packages, if you mess with those, then stuff will break.

Cool then, then disabling all those services and only leaving winbox on is huge security settings
now i no longer see those crappy hack attempts at the router in logs

It is simple man, cheer up a little and be a nice when helping
Am a brand new mikrotik user and also not a network engineer by profession
I manage Juniper SRX router for 8 years and most of the setup were done for me, this time i want to understand the setup myself
So be a bit considerate there, i may ask stupid question, but i rather ask so i know than to continue to be ignorant

It may seem to you like people are not helpful, but a little knowledge is a dangerous thing when setting up an internet facing router. Either accept the quickset config (it appears I don't know what I am talking about, because evidently the CCR assumes you know what you are doing and doesn't have a quickset option. Edit 2. Maybe it does, but you won't be able to get the functionality you would expect using quickset) Maybe read this: Mikrotik Cloud Core Router (CCR) Setup and Configuration first time, or spend some time learning when your router is not your primary connection to the internet. Otherwise your router is likely to be quickly compromised. You can set up your router behind your existing router; it will then use your ISP router for the CCR's "internet connection", and I would not turn on "passthrough" mode on the ISP router until you learn more about the CCR router in a "lab" environment. Then mistakes don't leave you exposed to the wild wild web.

You need to understand some networking fundamentals, then learn about how RouterOS is configured. Those are two different things, and in my opinion, you should understand networking before you start playing with the router connected directly to the internet.

Spend some time reading the MikroTik docs. Start here: Getting started

There are also some "Help for New Users" threads, like this one:

And if you like videos, there are youtube videos as well.

You need to understand some networking fundamentals, then learn about how RouterOS is configured. Those are two different things, and in my opinion, you should understand networking before you start playing with the router connected directly to the internet.

Spend some time reading the MikroTik docs. Start here: Getting started

There are also some "Help for New Users" threads, like this one:

And if you like videos, there are youtube videos as well.

Am almost done with my setup, a few more settings here and there and am done
No need to start with 101 type stuffs, am way past that
yeah it may seem i miss basic stuffs, but that happens sometimes even to veterans when things not working, you try to look everywhere and you may miss basic stuffs at times
either way, am almost done

this setup is not a easy one as i have home router to go with and so on, so not a usual setup
but am almost done, and security tightening will come
Got enough time to learn things before going to adding critical stuffs

Gurus are at knowledge level 100
Experienced are at level 50
Noobs are at level 5

Veterans (like me) can be honestly at level 20 as well at level 90 (I'm at 20 indeed )
It doesn't matter how long you're involved in...

Your setup is not an easy one, it depends from WHICH point of view..... Elmers or Noobs.....

Spend some time reading the MikroTik docs. Start here: Getting started

Almost done with my config!!!
I even got wireguard from laptop to CCR2004 router working like a charm!!!
Can access the private IP of CCR, tested webfig and so on
All these in like 2 weeks? With no consultant, except for the forums!!!
Able to connect to specific VLANs
CRS switches can reach internet, CCR can reach internet
All looking good, just a few other settings here and there, and I will be close to an expert with RouterOS/Mikrotik!!!

Next is to setup Audience so i can have dedicated wifi to CCR router from Audience AP
So i can connect to private networks on CCR without going to the internet
Wireguard goes through the internet, so the wifi will be for direct access
Now tell me that is not an advanced level setup, tell me please

So thanks but no thanks with the getting started guide advice

P.S.

By the time am done, the security will be so tight that, you will have to physically access the router/switches to hack me
Send me the best hacker in the world, they wont get anywhere!!!
So much for a newbie asking dumb questions
Stay tuned!!!

just a few other settings here and there, and I will be close to an expert with RouterOS/Mikrotik!!!

P.S.

Send me the best hacker in the world, they wont get anywhere!!!

Well at least you posted this on the correct day of the year (April 1).

But I do think this and this apply.

By the time am done, the security will be so tight that, you will have to physically access the router/switches to hack me
Send me the best hacker in the world, they wont get anywhere!!!
So much for a newbie asking dumb questions

Oh.. *shaking my head*

But I do think…

The thing about Dunning-Kruger is that it's a side-effect of the ignorant being unable to see how ignorant they are. Those that learn to recognize the effect in action end up on the other side of the curve.

But hey, what do I know? Let's let the "close to an expert" teach the rest of us for a change!

common folks, just a joke
yeah couple of exaggerations there
but point am trying to make is making big progress
i am as humble as they come

i am as humble as they come

We could tell by your forum username