See last post!

not correct, not right

there is a link in the download page, in the right side, which specifically talks about UPGRADES.

http://wiki.mikrotik.com/wiki/Upgrading_RouterOS

Netinstall is for reinstalling, and you don't need that

simply upload new NPK file and reboot

Dude, Thanks!

Do I need to do anything now, anything with the license?

you probably already have the new license from the factory. after upgrading to v4.5, connect with winbox and see if it will display any messages. if not - you are fine.

It did not show any message!

But when checking license it shows this:


Does this mean as it shows, that I can upgrade to v5 ?
Any benefits with that?

it means you "can", not that there is such version yet

everything is fine with your license

Thank you very much for helping me!

Now I am confused how to open ports...
Need to ports open for HFS (HTTP File Server ) and for µtorrent.

If curious http://www.rejetto.com/hfs (using it instead of FTP)

Do I risk anything if I open ports 49587 and 48547 ?

incorrect terminology. ports are already open on the router, ie. nothing is blocking them. what you need is Network Address Translation (NAT) to REDIRECT requests to certain ports, to a certain machine in the internal network.

if you want to NAT a whole IP to some internal server, this is the tutorial:
http://wiki.mikrotik.com/wiki/How_to_li ... Local_ones

if only certain ports, it's the same, but you specify port, not IP

But when I test on µtorrent, it shows that port is closed...
So the port is not open.

like I said, terminology conflict. you _need_ NAT or uPnP enabled. actually for uTorrent uPnP is much simpler. It's an automatic NAT rule, based on what uTorrent requests. simply turn it on:

Yes but then I get another conflict, HFS does not have UPnP

I'll repeat the question, do I risk any security if I open ports 49587 and 48547 ?
It was dead simple on my DLink DIR 655...

Is RB750G more powerful than DIR-655?

of course it is more powerful you need to do this:

Ok, where exactly, in new terminal?

I tried UPnP on µtorrent but didn't work...
UPnP service in enabled.

Do I change dst-port=1234 to 49587 and to-address=192.168.1.1 to 192.168.88.1 ?

192.168.88.1 is my log in for the router...

Will NAT protect me even if I open these ports?
I guess I needed to rephrase the question

no, "to-address" is the internal computer's ip. it's where you want to redirect the connections.

NAT will redirect all connections for the specified port, to the specified machine. nothing else. so "protect" is not the right word to use. basically it won't do anything you don't want it to do.

yes, in new terminal. you can also use the winbox interface, in that case you need to click on menus that are mentioned in that command line I pasted.

Ie. click on "IP", then on "Firewall", then on "NAT" etc.

like this then?

if 192.168.1.1 is that windows machine that's running the software, then yes

Where do I check that ?

Check if the counter is increasing when you run your program:

not by much

Did you mean internal IP by 192.168.1.1 ?
192.168.88.254 is the internal address, do I use that instead?

it doesn't need to be much, if it's more than 0 then it means it's working

it has to be the IP address of the Windows PC. there is usually only one IP on Windows PCs. you can see it in the control panel

Yes but I haven't done it yet!

Does 192.168.1.1 represent the internal IP?

it has to be the IP address of the Windows PC. there is usually only one IP on Windows PCs. you can see it in the control panel

Ok but if I do this without the code command, how do I do it?



/ip firewall nat add chain=dstnat dst-port=49587 action=dst-nat protocol=tcp to-address=192.168.88.254 to-port=49587

Did not work in new terminal, µtorrent still shows as port closed
restarted µtorrent and the router

OK, I connected a RB750G to my PC right now, and installed uTorrent, just to show you how to configure it

I simply enabed uPnP in both the router, and the uTorrent program, added internal and external interfaces to uPnP configuration, and voila - I can see the "dummy" NAT rules created in the NAT menu:



try to replicate what you see above

Still this does not help me!

I need to open that port because I need to open a port for HFS also, which does not have UPnP
I just need to open the port, no UPnP.

upnp is just a shortcut to the same thing. essentially your NAT rule must look like this:

but replace the IP and the port to whatever you need

Here is how I did it.


Looks the same, it did not work...

Have no software firewall installed, even the service is disabled...
UPnP servie is running...

OS is Win7 x64


Is there a guide for RB750G to open ports?

when uTorrent will begin downloading, only then the rules will be created.

I'm the guide here, isn't it obvious

RouterOS is a really complex system rivalling those that cost several thousands of dollars. I'm sorry to say, but it currently lacks a beginner friendly interface. Right now it's more targeted at experienced routing specialists. But don't worry, we are working on it.

Ok so I can only download at full speed but not upload at full speed?

Upload is just as important as download for me...
So I can't use that when µtorrent is only downloading.

I just need to open these ports.

I'm on 100/100MBit, I really need this to work

it doesn't have anything to do with speed i'm sorry for saying 'downloading', I meant to say "have active torrents". ie. uploading OR downloading

I know it doesn't have anything to do with speed, I just pointed out, I need my speed!

This did not work, utorrent check shows the port as closed.

How do I open the port without UPnP

Step by step please.

see my post above, where I already showed you:
http://forum.mikrotik.com/viewtopic.php ... 35#p190935

I'm trying

What are these check marks?

do NOT check them, because they mean "NOT" (except).

also in your case, don't specify any TO address like you have in the picture. just click on the small triangle next to it, to close this entry field (make it gray again)

TO address is the Dst address?


This is not working

show me again both the general and the action tabs of your new rule

I can not choose the same as you on Protocol.. 17 (udp)

Do I enter 192.168.88.254 in Dst Address or same as you?

choose protocol TCP instead. don't enter anything in DST-ADDRESS

yess! and now add another one, with protocol UDP and the rest the same

Edit!

I just realized what it was



Protect LAN was checked

Sorry!

I don't need that, right?
Only one PC connected to it.

yes, and also - try not to use the web interface if you will also use winbox. webinterface sometimes (like in this case) makes additional configuration that is not obvious from winbox.

Thanks a lot and thanks for putting up with my stupid questions

How long is the warranty?

no problem, I'm glad I helped

one year

Then it doesn't matter really if I change to bigger heatzink and put on some better cooling paste?
Maybe any of these:
https://www1.elfa.se/elfa~eu_en/b2b/cat ... ab=catalog

Yes I know, void of warranty, doesn't really matter to me...

Or can expect it to work many years to come?

if you will use it in normal indoor environment, there is no reason to change heatsink. only if you will put it into unreasonably hot place.

Ok, I just thought because my old DLink couldn't handle many open connections on µtorrent.

How is this for RB750G

this device can handle much more than that

up to 573,2Mbit thoughput or 91500pps depending on packet size and settings

Ok so whats the recommend packet size and settings?

I imagine that my network cards settings are important too?


Any recommendations?

The first and unseen on the top is energy star, to use less energy, disabled

This has been a informative thread for newbies using a 750G, like me..

Quick stupid question, if I upgrade does it preserve my configs ?

Also. Should I upgrade to 4.5 ? 3.31 seems very stable. Im just using it as a home router.

Upgrading preserves configuration, but as with all maintenance it would be a good idea to backup the system before the upgrade and to transfer the resulting backup file to an outside system.

If you're stable on 3.31 and don't require any of the new features on 4.x I guess you can stay on that version. All new development is done on 4.x.

Thanks,

Can you point me to a link with the new features compared to 3.31

What about security updates ? is 3.31 updated for security issues ? Will it be in the future ?

http://www.mikrotik.com/download/CHANGELOG_3
http://www.mikrotik.com/download/CHANGELOG_4

v3.31 contains no changes except support for RB750 added. There will be no more v3 releases, v4 has replaced it.

Ok I changed Jumbo Packet to 9014 bytes
Don't notice anything except that maybe web pages load a bit faster, but it can very well be placebo

Should I keep this?


How do I block certain sites?

example:
livejasmin.com
awempire.com

1. RB750G doesn't support jumbo frames, so effectively nothing will change

2. to block access to certain websites you have two approaches:

a. firewall, but you block by IP address here (have to find out the IPs of your blockable sites)
b. use webproxy (transparent mode) for your users, and then use simple access rules for certain domains, or parts of the link

Ok, how do I convert a site to IP address?

You look it up in DNS.

This raises even more questions, how do I do that?

1. RB750G doesn't support jumbo frames, so effectively nothing will change

2. to block access to certain websites you have two approaches:

a. firewall, but you block by IP address here (have to find out the IPs of your blockable sites)
b. use webproxy (transparent mode) for your users, and then use simple access rules for certain domains, or parts of the link

So how do I do 2b ?

No jumbo frames in 750G ?

Hmmm.....

Im in a area where the cable co offers DOCSIS 3 and tested 70Mb/s down with a gigabit port on the cable modem. http://www.cisco.com/web/consumer/produ ... c3000.html

I think I need jumbo frame support to get the maximum benefit from this modem ?

Is this a hardware or software limitation ? If software limitation is it being addressed ?

What Mikrotik hardware/software supports Jumbo Frames ?

1. RB750G doesn't support jumbo frames, so effectively nothing will change

2. to block access to certain websites you have two approaches:

a. firewall, but you block by IP address here (have to find out the IPs of your blockable sites)
b. use webproxy (transparent mode) for your users, and then use simple access rules for certain domains, or parts of the link

So how do I do 2b ?

http://wiki.mikrotik.com/wiki/IP/Proxy

Sorry!

I don't need a proxy, just to block these two sites...

So I need a not b

http://wiki.mikrotik.com/wiki/Firewall_filter

so I do this in new terminal in winbox?

Hello Normis,

I am trying to get your attention on this and I need you to assist me.

I am running RouterOS 3.15 and I have this big problem. I have noticed that at times, the network become unusable, very slow and yet, the graph showed that our capacity unused.

However in the process of troubleshooting I noticed that some particular clients' computers send a lot SYN requests (ip firewall connections) to some strange IP addresses on port 445. If however I block such clients using IP binding, the browsing normalizes.

I have tried some firewall rules I found on the wiki and none seems to work. I have confirmed those clients have some issues with viruses but could not convince them to format their computers.

Any clue as to how to block such SYN requests?

Normis, just RB750G has routeros 3.31 ?

[admin@MikroTik] > /system resource print
uptime: 25m35s
version: "3.31"
free-memory: 53276kB
total-memory: 62440kB
cpu: "MIPS 24K V7.4"
cpu-count: 1
cpu-frequency: 680MHz
cpu-load: 0
free-hdd-space: 30980kB
total-hdd-space: 61440kB
write-sect-since-reboot: 573
write-sect-total: 573
bad-blocks: 1
architecture-name: "mipsbe"
board-name: "RB411AH"
[admin@MikroTik] > /system routerboard print
routerboard: yes
model: "411AH"
serial-number: "1FC5019315C6"
current-firmware: "2.23"
upgrade-firmware: "2.23"

Am I wrong ?

The only reason to release v3.31 was to introduce the Bootloader version 2.23,
which adds support for some new hardware (ie RB750). This only is needed for
those devices who come with v3.31 by default, other devices do not benefit
from these upgrades.

Code: Select all

/ip firewall filter
add chain=forward dst-address=[ip address or network you want to block] action=drop

http://wiki.mikrotik.com/wiki/Firewall_filter

/ip firewall filter
add chain=forward dst-address=109.71.160.200 action=drop

/ip firewall filter
add chain=forward dst-address=80.77.126.98 action=drop


Is this correct?
How do I add 2 lines in new terminal?

Or maybe I should do this manually?

Those two lines would drop all traffic flowing through the router destined to those IPs, yes.

You open up the terminal and paste those lines in. Or use Winbox to construct them. Play around a bit.

Play around is what I am trying to avoid!

So where do I check if I did it right?

You're not going to learn the product if you're unwilling to experiment. All of the things you're asking are documented very clearly on the Wiki.

"/ip firewall filter print" shows the currently installed rule set.

ah well, it isn't working!
I don't need anything else than to know how to open ports and block certain sites...

Don't have the time to check everything, that takes time...

I dont want to sound rude but in the time this thread has talked about how to do what you want you could have read most of the good examples of how to do this in the FAQ's or in the wiki..

It would have been quicker and then you would really understand this better.

To use this product your gonna need to understand these things.

HOWEVER...

As a 750G is dirt cheap and very powerful I can see it being adopted by many people with no experience or interest in learning any networking. SO I think having a web interface that mimics a typical retail consumer router like a linksys would be a VERY good idea to lessen the amount of support on the forum that will be required to get very basic stuff like what he has asked to do to work. Port forwarding, web site blocking - by time and IP, DDNS, etc....

I personally think this is fundamentally very important to do or the forum will constantly have people asking the same questions. If the 750G gets really popular this might become overwhelming. I think having a good web gui will also help sales of the unit.

It isn't made simple for the simple consumer...
Ok, the router is not for the simple consumer, but that isn't mentioned anywhere before purchase.
Why, because anyone can buy it! Of course this is the case for any company selling a product, the more the better...
If someone needs help, the layout is different than other brands, not mention that most of these have bad similar answers.
It's sad to see that this type of sale is either made by a salesman or a specialist, neither focus on the simple users.
And since this is new for what consumers are used to, simple questions need short answers.

Step 1, 2, 3, 4 and you're done!

Everything is set up so you have to read the whole documentation to know the simple tasks.
Things like opening ports and blocking certain IP's is what should be simple!

Not to mention the upgrade process, as normis said it, that's simple!

If you buy a car, do you want to know every part, how it works?
Well maybe you do, but most people do not have the time nor the will.

Not everyone is a specialist in network configuration!

In my case I need the full speed of 100Mbit and not many routers offering this in a €100 price range.

I would happily rewrite my first post if I got an answer.
To use it as a simple guide for others, for these "stupid" questions!

What fewi suggested did not work.
Instead of correcting me, he would have me read a whole document.
If the answer is so simple why not have a head topic that covers these simple questions.

The FAQ is like, read the hole thing and understand it, or go f**k yourself...
Well thats the indirect message!

I was trying to avoid your getting upset. Looks like I didn't do too well

I personally don't know the answers to your questions, I am still learning and playing with the router. Before i bought it I looked at Winbox and knew it was going to be a challenge. I am a bit different I suppose from others, I am enjoying learning RouterOS.

I think something to keep in mind is that RouterOS is VERY powerful and insanely flexible and configurable. While VERY impressive and cool, that comes at a price, complexity. Its sorta unavoidable. The RouterOS thats in the 750G is the same as the one in the RB1000 or the ones used in stand alone PCs.

The way you configure this router is very much like the professional products like Cisco. As a layperson your not gonna just walk up and be able to configure a cisco router to do anything without taking some courses first.

However as you point out, the 750G is a awesome device at its price and this will cause many laypeople into purchasing it without realizing its very complex to configure. I think a easy consumer friendly web GUI like a retail linksys is the way to go to solve this issue.

As a new Mikrotik user, I'll jump in here. I received my RB750G about a month ago, after I grew completely disgusted with the consumer SOHO routers. I knew almost nothing about Mikrotik, but I taught myself quite a bit by reading the Wiki, this forum, by watching the excellent training videos produced by Greg Sowell, and by just experimenting.

I agree that this router is not necessarily for "newbies" like myself. However, I do believe that there are many out there who know little about routers and have grown tired/frustrated with the SOHO routers, such as Netgear, Linksys, and the others.

Mikrotik would be an excellent alternative, provided it were easier to configure. However, Mikrotik is not a simple device, designed for the newbie crowd. But for Newbies, they don't need all the features. For these folks, perhaps Mikrotik could expand the features of the web GUI to include the features needed by most SOHO users. For more advanced users, they could continue to use Winbox for more advanced configuration.

Once the SOHO users currently using Netgear, Linksys, etc. discover MIkrotik, they will never look back. I certainly won't...

Yeap... I will never look back....

Those were my thoughts as well, the web GUI becomes a linksys type SOHO interface and winbox / terminal are foir advanced users. You get both markets. This idea would work on ALL the RouterOS supported devices. An easy newbie style GUI for a RB1000 or PC...

It would expand sales. Its a feature that Cisco and other advanced routers dont have.

This idea would work on ALL the RouterOS supported devices. An easy newbie style GUI for a RB1000 or PC...

What features are missing from webbox that keep you from feeling it's ready for that kind of usage?

ok, iļl have a stab at explaining how blocking pages using transparent proxy works, when you do not need anything to proxy.

now, this page covers the words "transparent proxy" part:
http://wiki.mikrotik.com/wiki/How_to_ma ... _web_proxy

after that you have NAT rule to redirect your port #80 traffic to your proxy and proxy is enabled.

By default, it will use resources to proxy some traffic, to make sure you will not waste resources, set up these settings
max-cache-size=none cache-on-disk=no
CLI comand now, lets focus on the blocking of pages part:
from manual it is this section:
http://wiki.mikrotik.com/wiki/IP/Proxy#Access_List
example CLI command that will add rule that will block gogle read the manual about that field. and remember that is host not the path after the host name.

hope this helps

I tried with support, they don't seem to know either...
It worked before but this time it doesn't work.

On RouterOS 4.5 it worked.
I played around a bit and upgraded to 4.9 and even with the default settings it doesn't work.



I can't get any traffic to the specific port.
What am I doing wrong here?
UPnP is working but can't manually open ports.
I checked and rechecked this topic again and no matter what I do it does not work.