Mikrotik Routers (RouterBoard & RouterOS)

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Networks and Broadband

Bump Topic Add Reply RSS Feed

4 Pages < 1 2 3 4 >Bottom

Outline · [ Standard ] · Linear+

Enterprise Networking Mikrotik Routers (RouterBoard & RouterOS), User and owner discussion group

views

asellus	Nov 11 2013, 06:45 AM Return to original view \| IPv6 \| Post #21
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(mroctopus @ Nov 11 2013, 01:10 AM) hi, i m helping friend to set up a office with 30 pc clients and need to have network bandwidth control for each pc. Unifi provided a router but without such feature. Which router should i get for such purpose, and is there a step-by-step guide on this? sorry i didn't go through the 40 pages long thread in forum perhaps it has mentioned be4. Quick and dirty way to do it. - Get a reasonably powerful routerboard for that amount of users like MikroTik RB2011UAS-2HnD-IN if you need wireless or MikroTik RB2011L-IN if Ethernet-only. - Make sure each PC clients has its own static DHCP entry in routerOS. - Make sure set ARP to reply-only to prevent them from bypassing DHCP. - Make a firewall entry so that they cannot bypass the router when it comes to DNS lookup. - Then make a hierarchical simple queue so that all 30 PCs will only share 1Mb upload and 1Mb download speed while your own hog the 24Mb upload and download speed.
Card PM	Report Top Like Quote Reply

asellus	Nov 13 2013, 01:20 PM Return to original view \| IPv6 \| Post #22
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(jianwei87 @ Nov 13 2013, 12:14 PM) I have change DNS setting to 8.8.8.8 and 8.8.4.4 but once I connected to my wireless network I'm getting this value. Why? What is the IP address of the Mikrotik router?
Card PM	Report Top Like Quote Reply

asellus	Nov 13 2013, 06:05 PM Return to original view \| IPv6 \| Post #23
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(jianwei87 @ Nov 13 2013, 02:58 PM) I'm creating a hotspot service for user. So that is my hotspot IP address. If that's the case then what you have seen is normal.
Card PM	Report Top Like Quote Reply

asellus	Nov 14 2013, 12:47 AM Return to original view \| IPv6 \| Post #24
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(jianwei87 @ Nov 13 2013, 11:57 PM) Possible to change the DNS to display 8.8.8.8 and 8.8.4.4? No, you cannot do that. Just specify that DNS servers in routerOS and all the clients will use them anyway.
Card PM	Report Top Like Quote Reply

asellus	Nov 14 2013, 09:51 AM Return to original view \| IPv6 \| Post #25
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(jianwei87 @ Nov 14 2013, 09:36 AM) I had specify the DNS already in my routerOS but they never display. They will not display, but they will be used.
Card PM	Report Top Like Quote Reply

asellus	Dec 4 2013, 06:45 PM Return to original view \| IPv6 \| Post #26
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(mroctopus @ Dec 4 2013, 02:52 PM) ok.. above sound too technical for me. hahah Is there anyone can configure the router on site? just let me know how much your service charge. Contact CloudComputer, he may be able to help you.
Card PM	Report Top Like Quote Reply

asellus	Dec 5 2013, 12:20 AM Return to original view \| IPv6 \| Post #27
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(gahkin @ Dec 4 2013, 11:29 PM) hi , any can guide me how to block all mac address to limit access internet by group ? i was search online they got guide me to create firewall > address list here create group then only put IP list. but if how can block by mac address then i no need worry user will change ip address to get access internet. sos : http://thinkxfree.wordpress.com/2012/02/08...block-attacker/ Do not block via MAC address; they can be changed. Instead, set the ARP option of the interface where the DHCP server is running to 'reply-only' so that people who set their network interface to static IP address will not have any route to the router at all.
Card PM	Report Top Like Quote Reply

asellus	Aug 14 2014, 11:04 AM Return to original view \| IPv6 \| Post #28
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(seng87 @ Aug 14 2014, 10:10 AM) Sorry... I was wanting to use 192.168.1.1-192.168.2.254 hence the correct network should be 192.168.1.0/23.. Correction in this area. As for the DNS I did untick the use peer dns but it doesn't work.. I'll try again later. Thanks for the reply.. Appreciate your help. But the IP subnetting is giving me some problem. 192.168.1.1-192.168.2.254 is not 192.168.1.0/23. If you want to use that range for DHCP then declare a /22 and then use the said range for your purposes.
Card PM	Report Top Like Quote Reply

asellus	Sep 3 2014, 01:36 PM Return to original view \| IPv6 \| Post #29
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(SupremeSS @ Sep 3 2014, 10:44 AM) How do i make priority network for my pc? Example: 10mbps from maxis home fibre, reserved 7 mbps for my pc..because when i play dota 2, other smart phone loading youtube i will be getting high ping. Use the 'Queues' feature of this.
Card PM	Report Top Like Quote Reply

asellus	Oct 2 2014, 06:20 PM Return to original view \| IPv6 \| Post #30
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	Master port and its slave ports turned those group of ports into an unmanaged switch.
Card PM	Report Top Like Quote Reply

asellus	Jan 29 2016, 12:26 PM Return to original view \| IPv6 \| Post #31
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(soonwai @ Jan 28 2016, 05:45 PM) I've been messing with my firewall so most rules are off the moment. Today I realised that I have about 1000/sec inbound UDP connections from the internet to port 53 (DNS) of my router. Any ideas what that is? It chews up 8-10mbps of my ingoing/outgoing bandwidth. DDOS? Though not very effective since router is still ok. Anyway port 53 filters are back up. This is about 1 min after I enabled the filters. Update: Looks like a DNS amplification attack. Just had my port 53 opened for a few hours and they found it. You should also go ahead and drop all UDP packet that lands on port 123 too to prevent NTP amplification attacks.
Card PM	Report Top Like Quote Reply

asellus	Nov 13 2018, 10:21 PM Return to original view \| Post #32
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(Guardian @ Nov 13 2018, 06:50 PM) Has anyone used Hex Poe before? I plan to use the PoE feature for Ubiquiti UAC-AP-Lite/Cap AC instead of using multiple power adapters, but hard to find review for this particular product. My plan is for the receiving side of the signal (Ubiquiti LiteBeam), connect to Hex PoE, which will connect to one AP downstairs and one AP upstairs, need some recommendations on switch/router for this matter, thanks. hEX PoE is too expensive for what you want to do. Just grab a dumb Gigabit PoE switch and be done with it.
Card PM	Report Top Like Quote Reply

asellus	Jan 11 2019, 09:57 AM Return to original view \| Post #33
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(azmanshah89 @ Jan 10 2019, 04:52 PM) Hello guys, Need some advice here, currently my office using router Asus AC-RT3200. We have connectivity since last year. Already make report to TM more than 50 times but the problem keep repeated. The speed is 100Mbps and now upgraded to 800Mbps but the problem still occur. Sometimes the wifi connected but dont have internet connection. Total users are around 100 devices. 1. What mikrotik router is the best for my situation? 2. I have bought RB2011UiAS-2HnD-IN. Is is sufficient to cater all user with stable connectivity? 3. Does this Asus AC-RT3200 is suitable for office usage? Your help is really appreciated Use RB2011 for routing, and the ASUS as wireless access point. Whether the ASUS is good enough for your office depends on the layout.
Card PM	Report Top Like Quote Reply

asellus	Apr 12 2019, 05:36 PM Return to original view \| Post #34
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(celciuz @ Apr 12 2019, 02:27 PM) I am considering a MikroTik router (read about it having being good bang for the bucks) for my home. I plan to keep the router and CCTV NVR in a data cabinet inside the store room (fiber wall socket will be reallocated there). About 10 Cat6a points (reserved 2 for AP one for ground floor and upstairs) since if I place the wireless router inside metal data cabinet the wifi probably won't work well? Wireless devices I guess probably about 10 or so... phones, tablets, wireless smart switches etc. What models could I start looking at? And also recommended wireless AP? Assuming that you already have done wiring, use this for router in the closet. For AP, use 2 of these then add Raspberry Pi3 so that you can install the god-damn controller software alongside Pi-Hole for DNS-based adblocking.
Card PM	Report Top Like Quote Reply

asellus	Dec 16 2019, 09:57 PM Return to original view \| Post #35
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(th3game @ Dec 16 2019, 09:08 PM) hi sifus, finally I got my hands with MikroTik HAP AC2. I tried to setup with Unifi and followed the steps on the web. vlan500 n vlan600 etc. etc... and the Hypptv works. And the internet was not working when I connect to the wireless AC 5ghz or 2.4Ghz But when I tried to ping the google.com in the Mikrotik terminal, I got the pinging. weird.. dunno what was wrong during config from my mac connect wirelessly to the MikroTik, I can ping the gateway (192.168.1.1) and can ping google.com also but when to access the internet using the Safari, there was no internet. try to disconnect and reconnect back, still no luck. pls help ether 1 - connect to Unifi BTU ether 5 - connect to Hypptv stb below is my export config file » Click to show Spoiler - click again to hide... « CODE # jan/02/1970 01:48:44 by RouterOS 6.44.4 # software id = XXXXX # # model = RBD52G-5HacD2HnD # serial number = XXXXX /interface bridge add admin-mac=74:4D:28:F5:E6:EB auto-mac=no comment=defconf name=bridge add name=bridge.iptv /interface vlan add interface=ether1 name=vlan500 vlan-id=500 add interface=ether1 name=vlan600 vlan-id=600 /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\ dynamic-keys supplicant-identity=MikroTik add authentication-types=wpa-psk,wpa2-psk eap-methods="" \ management-protection=allowed mode=dynamic-keys name=profile1 \ supplicant-identity="" /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ country=malaysia disabled=no distance=indoors frequency=auto mode=\ ap-bridge security-profile=profile1 ssid=MikroTik wireless-protocol=\ 802.11 set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\ 20/40/80mhz-XXXX country=malaysia disabled=no distance=indoors frequency=\ 5765 mode=ap-bridge security-profile=profile1 ssid=MikroTik-5G \ wireless-protocol=802.11 /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=dhcp-pool-lan ranges=192.168.1.10-192.168.1.254 /ip dhcp-server add address-pool=dhcp-pool-lan disabled=no interface=bridge name=defconf /interface pppoe-client add add-default-route=yes disabled=no interface=vlan500 name=pppoe-out1 \ profile=default-encryption use-peer-dns=yes user=shafuanrazak@unifi /interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge.iptv comment=defconf interface=ether5 add bridge=bridge comment=defconf interface=wlan1 add bridge=bridge comment=defconf interface=wlan2 add bridge=bridge.iptv interface=vlan600 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 list=WAN add interface=pppoe-out1 list=WAN /ip address add address=192.168.1.1/24 comment=defconf interface=bridge network=\ 192.168.1.0 /ip dhcp-client add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\ ether1 /ip dhcp-server network add address=10.10.30.0/24 gateway=10.10.30.1 add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24 /ip dns set allow-remote-requests=yes /ip dns static add address=192.168.1.1 name=router.lan /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN CODE /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN Try changing your NAT masquerade entry to explicitly use ether1?
Card PM	Report Top Like Quote Reply

asellus	Dec 16 2019, 10:07 PM Return to original view \| Post #36
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(th3game @ Dec 16 2019, 10:05 PM) don't have option for ether1 Disable 'Out Interface List' and use 'Out Interface' pulldown menu instead.
Card PM	Report Top Like Quote Reply

asellus	Dec 16 2019, 10:15 PM Return to original view \| Post #37
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(th3game @ Dec 16 2019, 10:05 PM) u mean this right?...sorry noob here Damn, I forgot, use the pppoe interface name instead.
Card PM	Report Top Like Quote Reply

asellus	Dec 16 2019, 10:34 PM Return to original view \| Post #38
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(th3game @ Dec 16 2019, 10:27 PM) done changeNAT out. interface to to ppoe-out1 but how about DHCP Client..should be ether1? I don't think you need to run a DHCP client on ether1 or the pppoe connection. On the other hand, you should run a DHCPv6 client on the pppoe connection instead.
Card PM	Report Top Like Quote Reply

asellus	May 1 2020, 08:05 AM Return to original view \| Post #39
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	Major difference looks like to be the LTE6 modem and the brand new casing. It has 5 1Gbe ports, not 5Gbe ports. I don't think Mikrotik has 5GBe ports outside SFP cages.
Card PM	Report Top Like Quote Reply

asellus	May 7 2020, 09:29 AM Return to original view \| Post #40
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(PC_CHEAH @ May 6 2020, 09:46 PM) Hi, I tried to setup ikev2 vpn for surfshark vpn. the connection from router to their server is established but things are not working as expected. I only want my phone (192.168.0.5) to connect to vpn but the tunnel doesn't hide my true IPv6 and it is not using the VPN DNS. .... When I IPLeak test the connection for my device, ipv4 vpn ip is detected, but ISP ipv6 are also detected. The DNS detected are google dns, not the VPN dns. (ip leaked) Then, I disabled ipv6 in the router, my device (vpn) could not get any internet anymore. I also excluded ipsec from fasttrack and added mark connections in mangle I doubt there are something to do with the DNS settings, or firewall, not sure. and is there any ways that I can automatically disable ipv6 to the clients when using the VPN without actually disable IPv6 in the router? I also posted to MikroTik forum: https://forum.mikrotik.com/viewtopic.php?f=...533c653e64a12fa any mikrotik sifu can look into my config » Click to show Spoiler - click again to hide... « CODE # apr/24/2020 00:01:14 by RouterOS 6.46.5 # software id = KFRD-V8Q1 # # model = RBD52G-5HacD2HnD # serial number = ******** /interface bridge add name=TMNETUNIFI.IPTV add admin-mac=74:4D:28:CB:14:22 auto-mac=no comment=defconf name=bridge /interface wireless set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=20/40mhz-XX country=malaysia distance=\ indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-CB1426 wireless-protocol=802.11 set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=malaysia distance=indoors \ frequency=auto installation=indoor mode=ap-bridge ssid="AMPHAC\C2\B2" wireless-protocol=802.11 /interface vlan add interface=ether1 name=vlan500 vlan-id=500 add interface=ether1 name=vlan600 vlan-id=600 /interface pppoe-client add add-default-route=yes disabled=no interface=vlan500 name=pppoe-tmunifi service-name=TMNET_UNIFI_VDSL2 user=\ ******* /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \ supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip ipsec mode-config add name=SSVPN responder=no src-address-list=vpnc /ip ipsec policy group add name=SSVPN /ip ipsec profile add name=SSVPN /ip ipsec peer add address=lv-rig.prod.surfshark.com disabled=yes exchange-mode=ike2 name=SSVPN profile=SSVPN /ip ipsec proposal add name=SSVPN pfs-group=none /ip pool add name=dhcp ranges=192.168.0.20-192.168.0.60 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=DHCP /interface bridge port add bridge=TMNETUNIFI.IPTV comment="iptv bridge to Eth 2" interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=ether5 add bridge=bridge comment=defconf interface=wlan1 add bridge=bridge comment=defconf interface=wlan2 add bridge=TMNETUNIFI.IPTV comment="vlan 600 bridge to iptv bridge" interface=vlan600 /ip neighbor discovery-settings set discover-interface-list=LAN /interface detect-internet set detect-interface-list=all /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf disabled=yes interface=ether1 list=WAN add interface=pppoe-tmunifi list=WAN /ip address add address=192.168.0.250/24 comment=defconf interface=ether4 network=192.168.0.0 /ip cloud set ddns-enabled=yes ddns-update-interval=5m /ip dhcp-client add comment=defconf interface=ether1 /ip dhcp-server lease add address=192.168.0.251 client-id=1:10:62:eb:a3:e7:73 mac-address=10:62:EB:A3:E7:73 server=DHCP add address=192.168.0.5 client-id=1:c:98:38:d2:fc:63 mac-address=0C:98:38:D2:FC:63 server=DHCP add address=192.168.0.1 client-id=1:9c:5c:8e:7b:c1:23 mac-address=9C:5C:8E:7B:C1:23 server=DHCP /ip dhcp-server network add address=192.168.0.0/24 comment=defconf gateway=192.168.0.250 netmask=24 /ip dns set servers=8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844 /ip dns static add address=192.168.0.250 comment=defconf name=router.lan /ip firewall address-list add address=bef00a0a78c5.sn.mynetname.net list=WAN-IP add address=192.168.0.5 list=vpnc add address=192.168.0.1 disabled=yes list=vpnc /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=accept chain=input comment="WINBOX REMOTE ACCESS" dst-port=8291 protocol=tcp add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related \ disabled=yes add action=fasttrack-connection chain=forward comment="FastTrack w !ipsec" connection-mark=!ipsec connection-state=\ established,related add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall mangle add action=mark-connection chain=forward comment="Mark IPsec" ipsec-policy=in,ipsec new-connection-mark=ipsec add action=mark-connection chain=forward comment="Mark IPsec" ipsec-policy=out,ipsec new-connection-mark=ipsec /ip firewall nat add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=192.168.0.0/24 src-address=192.168.0.0/24 add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN add action=dst-nat chain=dstnat comment="MC Server 25565" dst-address-list=WAN-IP dst-port=25565 protocol=tcp \ to-addresses=192.168.0.1 to-ports=25565 add action=dst-nat chain=dstnat comment="MC Server 25566" dst-address-list=WAN-IP dst-port=25566 protocol=tcp \ to-addresses=192.168.0.1 to-ports=25566 /ip ipsec identity add auth-method=eap certificate=surfshark_ikev2.crt_0 eap-methods=eap-mschapv2 generate-policy=port-strict \ mode-config=SSVPN peer=SSVPN policy-template-group=SSVPN username=******* /ip ipsec policy add action=none dst-address=192.168.0.0/24 src-address=0.0.0.0/0 set 1 disabled=yes add group=SSVPN proposal=SSVPN template=yes /ipv6 address add from-pool=pppoev6 interface=bridge /ipv6 dhcp-client add add-default-route=yes interface=pppoe-tmunifi pool-name=pppoev6 request=prefix use-peer-dns=no /ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" list=bad_ipv6 add address=::1/128 comment="defconf: lo" list=bad_ipv6 add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6 add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6 add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6 add address=100::/64 comment="defconf: discard only " list=bad_ipv6 add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6 add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6 add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6 add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6 add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6 add address=::/104 comment="defconf: other" list=bad_ipv6 add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6 /ipv6 firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6 add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp \ src-address=fe80::/10 add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6 add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6 add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6 add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6 add action=accept chain=forward comment="defconf: accept HIP" protocol=139 add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN /system clock set time-zone-name=Asia/Kuala_Lumpur /system identity set name=AMPHAC2 /system ntp client set enabled=yes primary-ntp=203.95.213.129 secondary-ntp=162.159.200.123 server-dns-names="" /system scheduler add interval=5m name=DynDNS on-event=DynDNS policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup /system script add dont-require-permissions=no name=DynDNS owner=amph policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global ddnsuser \"*********\"\r\ \n:global ddnspass \"**********\"\r\ \n:global theinterface \"pppoe-tmunifi\"\r\ \n:global ddnshost \"*********\" \r\ \n:global ipddns [:resolve \$ddnshost];\r\ \n:global ipfresh [ /ip address get [/ip address find interface=\$theinterface ] address ]\r\ \n:if ([ :typeof \$ipfresh ] = nil ) do={\r\ \n :log info (\"DynDNS: No ip address on \$theinterface .\")\r\ \n} else={\r\ \n :for i from=( [:len \$ipfresh] - 1) to=0 do={ \r\ \n :if ( [:pick \$ipfresh \$i] = \"/\") do={ \r\ \n :set ipfresh [:pick \$ipfresh 0 \$i];\r\ \n } \r\ \n}\r\ \n \r\ \n:if (\$ipddns != \$ipfresh) do={\r\ \n :log info (\"DynDNS: IP-DynDNS = \$ipddns\")\r\ \n :log info (\"DynDNS: IP-Fresh = \$ipfresh\")\r\ \n :log info \"DynDNS: Update IP needed, Sending UPDATE...!\"\r\ \n :global str \"/nic/update\\\?hostname=\$ddnshost&myip=\$ipfresh&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG\"\r\ \n /tool fetch address=members.dyndns.org src-path=\$str mode=http user=\$ddnsuser \\\r\ \n password=\$ddnspass dst-path=(\"/DynDNS.\".\$ddnshost)\r\ \n :delay 1\r\ \n :global str [/file find name=\"DynDNS.\$ddnshost\"];\r\ \n /file remove \$str\r\ \n :global ipddns \$ipfresh\r\ \n :log info \"DynDNS: IP updated to \$ipfresh!\"\r\ \n } else={\r\ \n :log info \"DynDNS: dont need changes\";\r\ \n }\r\ \n} " /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN Have you marked your connection in /ipv6 firewall mangle? Did surfshark vpn even support IPv6 on the VPN?
Card PM	Report Top Like Quote Reply

« Next Oldest · Networks and Broadband · Next Newest »

4 Pages < 1 2 3 4 >Top

Add Reply Options

Change to:

0.0330sec

0.54

7 queries

GZIP Disabled
Time is now: 28th November 2025 - 03:19 AM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.