Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

The Mikrotik RouterOS config, tips and tricks thread

24567

Comments

  • #52
    Tails142
    Registered Users, Registered Users 2 Posts: 2,117 ✭✭✭Tails142


    Got my mikrotik set up there yesterday at last - had problems finding a 3g dongle that would work with it, here's my saga incase it helps anyone out.

    I was using a ZTE MF80 - mifi hotspot, thought it might connect over usb originally but the micro usb port is just for power. OK no probs.

    Had an old Huawei K3765 lying around, couldnt get that to work, it was locked to vodafone, tried a few apps to get it unlocked, wasnt willing to spend any money on paid apps, and I wanted a 21.6mbps dongle so I moved on from that. In hindsight I probably should've stuck with it a bit longer.

    Bought a Huawei E3131 Hi-Link off meteor, I had read about disabling the Hi-Link to show the serial ports believing that this meant it would work with the RouterBoard... WRONG... after a couple days of troubleshooting and not being able to find definite confirmation of the E3131 working with a routerboard despite lots of people pointing out you can disable the Hi-Link to expose the serial ports I gave up, to anyone reading this considering a E3131 as far I can ascertain, its not compatible.

    Next stop was a Huawei E353, devastated me because I had an E353 already and sold it on ebay for next to nothing because I previously thought I would never need it. Bought an unlocked one on eBay, waited for it to arrive in anticipation, disaster, FAULTY modem! For some reason it cant read the sim card, any sim card, looks like the unlock code has been enterred wrong too many times, cant reset the counter without a sim... it can't read any sim... already got a refund through paypal and still trying to get an address out of the seller to return it to him, don't think he's interested.

    Down but not out, bought another E353 this time off an amazon market place seller, arrived yesterday, and here I am writing a boards post over it connected through my Mikrotik =D Perseverance

    Have everything set up as before, 4 IP Cameras, TV, Wii, Linux box - was just too much pressure for the ZTE MF80 which would occassionally crash/overheat when you added in a laptop, tablet and two phones on top. Plus the signal was very weak at either end of the house... no problems now!

    Can't get the hairpin nat working to view the cameras from inside the LAN using the dyndns address but... not a major issue and one I can come back to another day.

    Also, the meteor remaining balance script looks nice but after a bit of troubleshooting I've realised that my modem can't send SMS while it is being used as the PPP connection because the port is already in use? Is there a way to overcome that, should I use a different port? It's registering 4... had a quick try but didnt get an instant result with any of the the other ports. Anyway, also not a major issue because the meteor web account details are not too bad unlike the O2 site which takes about 15 minutes to load, only slight exaggeration.

    Ok now, time to relax and enjoy the bank holiday =D


  • #53
    privilegue
    Registered Users Posts: 71 ✭✭privilegue


    Good stuff and good job on making that work! ;) Just in case anyone wonders. Most RBs come with an unsoldered Serial port near the AC power connection, just solder that up and you can actually change the firmware - just got OpenWRT working on a RB2011L-IN - While routerOS is already very low level, there is certain things that you wont be able to do or you are limited by your license level.

    The hardware I have found to be very reliable and stable - out of so far 100 setup units only 1 has failed with a faulty AC adapter port (bad broken off solder joint). Their hardware specs are certainly over the top!


  • #54
    Sniipe
    Registered Users, Registered Users 2 Posts: 2,932 ✭✭✭Sniipe


    Ah you have me convinced... I'll buy this one: http://www.ebay.de/itm/Mikrotik-Routerboard-RB951Ui-2HnD-5xPORT-LAN-ROUTER-RB-951Ui-2HnD-/161104945917?pt=DE_Computing_Drahtlose_Router&hash=item25829a62fd

    I wonder is the "Ui" any different... €60 is very reasonable.


  • #55
    VenomIreland
    Registered Users, Registered Users 2 Posts: 2,928 ✭✭✭VenomIreland


    My DIR-655 has pretty much died, so now it's become a necessity to get a new router, should I get one of these or spend more and get an ASUS RTN66U or whatever it's called, my concern is wireless performance, how do they compare? Also, my ISP uses PPPOE, is that easy enough set up in RouterOS?


  • #56
    Sniipe
    Registered Users, Registered Users 2 Posts: 2,932 ✭✭✭Sniipe


    VenomIreland wrote: »
    My DIR-655 has pretty much died, so now it's become a necessity to get a new router, should I get one of these or spend more and get an ASUS RTN66U or whatever it's called, my concern is wireless performance, how do they compare? Also, my ISP uses PPPOE, is that easy enough set up in RouterOS?

    You are the exact same as me - my DIR-655 isn't working properly and I was about to buy the ASUS RTN66U (as per this thread). However I just bought this mikrotik router.


  • #57
    gouche
    Registered Users, Registered Users 2 Posts: 416 ✭✭gouche


    VenomIreland wrote: »
    My DIR-655 has pretty much died, so now it's become a necessity to get a new router, should I get one of these or spend more and get an ASUS RTN66U or whatever it's called, my concern is wireless performance, how do they compare? Also, my ISP uses PPPOE, is that easy enough set up in RouterOS?

    Wireless performance is great. Comes with a 1W radio - that's 1000mW!
    Option to add an external antenna as will if you want.

    I have Vodafone DSL. Using an old Netopia as a Bridge the RB dials up the PPPoE connection and does everything else. Relatively straightforward, the hardest part is probably setting the DSL router in bridge mode.


  • #58
    VenomIreland
    Registered Users, Registered Users 2 Posts: 2,928 ✭✭✭VenomIreland


    gouche wrote: »
    Wireless performance is great. Comes with a 1W radio - that's 1000mW!
    Option to add an external antenna as will if you want.

    I have Vodafone DSL. Using an old Netopia as a Bridge the RB dials up the PPPoE connection and does everything else. Relatively straightforward, the hardest part is probably setting the DSL router in bridge mode.

    After reading some guides it seems to be pretty straightforward. I think I'll order one when I have the money, running off a spare router from a friend atm.


  • #59
    Sniipe
    Registered Users, Registered Users 2 Posts: 2,932 ✭✭✭Sniipe


    I just got my Mikrotik router. I'm using webfig v5.25.

    I've got the pppoe cable connected to my UPC router. I can get to the config page on 192.168.88.1 however I've no internet access.

    I can see on the page that my Quick set is as "AP" (other options are CPE, Home AP, PTP Bridge)
    I can also see that my address acquisition is DHCP however I have no WAN address.
    Also my DHCP server is unchecked - I imagine once I get internet I will want this selected.

    Any hints on what I'm missing, I thought UPC didn't have PPPOE.


  • #60
    gouche
    Registered Users, Registered Users 2 Posts: 416 ✭✭gouche


    Sniipe wrote: »
    I just got my Mikrotik router. I'm using webfig v5.25.

    I've got the pppoe cable connected to my UPC router. I can get to the config page on 192.168.88.1 however I've no internet access.

    I can see on the page that my Quick set is as "AP" (other options are CPE, Home AP, PTP Bridge)
    I can also see that my address acquisition is DHCP however I have no WAN address.
    Also my DHCP server is unchecked - I imagine once I get internet I will want this selected.

    Any hints on what I'm missing, I thought UPC didn't have PPPOE.

    First, you need to set your UPC router to Bridge mode.
    There should be an option for this in the router settings somewhere.
    Basically, you're disabling DHCP and Wireless and the router is just acting as a bridge between the UPC connection and the MikroTik. It doesn't dial in with PPPoE login details or anything like that - that's all done on the MikroTik.

    Then, on your MikroTik, you need to create a PPPoE client with the login details for your connection.

    You'll then need to configure your DHCP and firewall.

    Here's a link to the MikroTik wiki for doing this.

    I think UPC do use PPPoE but I'm open to correction!

    If they use DHCP there's a section in that wiki for that also.

    EDIT:
    Just one other thing, you might find it easier to use Winbox for configuration.
    I find it easier to use than Webfig.
    You can download from www.mikrotik.com.


  • Advertisement
  • #61
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    First of all, get the latest 6.4 RouterOS on it, available here: http://www.mikrotik.com/download

    Much easier than that, you'd be as well get the Winbox utility, it's much more powerful than the web login but makes some things much easier (you can always use both). When you login on Winbox go to system->packages and check for updates, it should give you the option to install 6.4 and reboot.

    Then after reboot you need to update the firmware, go to system->routerboard and click update. Then go to system and select reboot.

    What make UPC modem do you have, you're going to need to search Boards for info regarding setting it in bridge mode, there have been posts and guide here before


  • #62
    privilegue
    Registered Users Posts: 71 ✭✭privilegue


    Are non SME UPC lines PPPoE ? I am asking since I only have an SME line with 5 statics so just curious.

    edit:: my upc cisco modem is in bridge for the past 6 years.


  • #63
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    When you get it upgraded, it may be best to reset it to default (system->reset config) and then login to Winbox and accept the installing default config on first boot which is pretty much what you need (other than adding pppoe if needed)


  • #64
    Sniipe
    Registered Users, Registered Users 2 Posts: 2,932 ✭✭✭Sniipe


    Cheers guys - I've set my UPC (EPC3925) router to bridge mode and turned off the wireless mode. Its IP is 192.168.100.1 when in bridge mode.
    I'll upgrade my Mikrotik and reset it. I don't think UPC is PPPOE according to this boards post; it uses the mac address...


  • #65
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    Sniipe wrote: »
    I'll upgrade my Mikrotik and reset it. I don't think UPC is PPPOE according to this boards post; it uses the mac address...

    That's what I thought, but I'm not with UPC. The default config is what you need then so. It sets the router up as a standard residential gateway router, port 1 as Wan that accepts DHCP (dhcp client so you get an ip from UPC), lan ports 2-5 will be switched with bridge between lan and wifi and giving out DHCP (dhcp server) on the bridge. It also adds a NAT rule (masquerde rule in ip->firewall->Nat) and a very basic firewall dropping random packets from the Wan (ip->firewall->filter)


  • #66
    Sniipe
    Registered Users, Registered Users 2 Posts: 2,932 ✭✭✭Sniipe


    Oh - so you are saying that it should work when I plug the upc router (ethernet port 1) into the WAN port on the mikrotik? Thats what I thought would happen as I didn't have to do anything for my previous router (DIR655). Its strange then that it didn't work when I tried it the first time.

    I'll let you know how I get on when I try it after work. thanks


  • Advertisement
  • #67
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    Sniipe wrote: »
    Oh - so you are saying that it should work when I plug the upc router (ethernet port 1) into the WAN port on the mikrotik? Thats what I thought would happen as I didn't have to do anything for my previous router (DIR655). Its strange then that it didn't work when I tried it the first time.

    I'll let you know how I get on when I try it after work. thanks

    Yes, but you need to accept the default script. I don't use the web gui so I've no idea if this script is offered. The UPC modem needs to be in bridge mode, so you're not routing twice (double nat)


  • #68
    Sniipe
    Registered Users, Registered Users 2 Posts: 2,932 ✭✭✭Sniipe


    Thanks for your help smee_again. I'm now online and I've my wifi working. I used one of the scripts to get my dns working which is fantastic. Webfig 6.4 looks pretty much the same as the winbox 6.4 Got my NTP working so I've good times.

    A few questions to get me on the road:
    1) How do I increase the wirless power?
    2) Is there a way to reserve IP addresses for given mac addresses?
    3) I'm able to get to a site internally http://192.168.88.248:5100 however I cannot gain access to it externally. I thought opening ports would be the same as forwarding them. I can access my webfig externally 
    /ip firewall nat
add action=dst-nat chain=dstnat comment="sample udp from port 5100 to 5100 (lan ip 192.168.1.248)" dst-port=5100 protocol=udp to-addresses=192.168.88.248 to-ports=5100
add action=dst-nat chain=dstnat comment="sample tcp from port 5100 to 5100 (lan ip 192.168.1.248)" dst-port=5100 protocol=tcp to-addresses=192.168.88.248 to-ports=5100
    5) Is there a place to view the MAC addresses, IP addresses with the device name?


  • #69
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    Sniipe wrote: »
    Thanks for your help smee_again. I'm now online and I've my wifi working. I used one of the scripts to get my dns working which is fantastic. Webfig 6.4 looks pretty much the same as the winbox 6.4 Got my NTP working so I've good times.

    A few questions to get me on the road:
    1) How do I increase the wirless power?
    2) Is there a way to reserve IP addresses for given mac addresses?
    3) I'm able to get to a site internally http://192.168.88.248:5100 however I cannot gain access to it externally. I thought opening ports would be the same as forwarding them. 
    /ip firewall nat
add action=dst-nat chain=dstnat comment="sample udp from port 5100 to 5100 (lan ip 192.168.1.248)" dst-port=5100 protocol=udp to-addresses=192.168.88.248 to-ports=5100
add action=dst-nat chain=dstnat comment="sample tcp from port 5100 to 5100 (lan ip 192.168.1.248)" dst-port=5100 protocol=tcp to-addresses=192.168.88.248 to-ports=5100
    4) I'm trying to open my bit torrent port 6881 however the following doesn't seem to work 
    /ip firewall nat
add action=dst-nat chain=dstnat comment="sample udp from port 6881 to 6881 (lan ip 192.168.1.248)" dst-port=6881 protocol=udp to-addresses=192.168.88.248 to-ports=6881
add action=dst-nat chain=dstnat comment="sample tcp from port 6881 to 6881 (lan ip 192.168.1.248)" dst-port=6881 protocol=tcp to-addresses=192.168.88.248 to-ports=6881
    5) Is there a place to view the MAC addresses, IP addresses with the device name?

    1. It should be set to max power, in wireless select advanced and set it to 20/40Mhz HT above and in advanced tab set distance to indoors. I find these routers work best on channel 6 (2437 Mhz), use it if it's not congested in your house.
    2. Yes, easy. In ip->dhcp server->leases select the device and click make static. you can also add a comment
    3. your firewall rules are wrong, you have the wrong lan IP, they should be 192.168.88.x
    4. as above
    5. ip-> dhcp server will give you this

    How are you finding it? Bit of a learning curve but worth it.


  • #70
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    If you have consoles you may need to enable uPnP. To do this open a terminal (it opens a telnet connection to the router) and paste in the following
    /ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=ether1-gateway type=external

    You will see, winbox is laid out in the order you apply commands so it's pretty easy to follow the code to see what it does. You will see uPnP firewall rules getting added in ip->firewall->filter


  • #71
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    Right, looking at the firewall port forwards, the ip is right, it's just in the ip in the comment that's wrong (you can change this comment to anything). There is no enable=yes in the commans therefore they will not be enabled and will be added but disabled. Select them in ip->firewall->nat and enable them


  • Advertisement
  • #72
    Sniipe
    Registered Users, Registered Users 2 Posts: 2,932 ✭✭✭Sniipe


    I like the interface - there is just so much detail in it. I imagine I'll get used to finding things quicker. I can see the script go in and I can then confirm it by looking at the GUI. Is there a way to export a GUI rule into script?

    Also that 5100 port that I want to access, its now enabled however it still doesn't work. When I try go to the website I can see packets arrive on the statistics window for the rule... so it seems as if I'm missing something else small with it.

    I think I'll be recommending Mikrotik in future to friends. I like it so far. I'm going to look at VPN's next; I'd like to browse at work using my home network...


  • #73
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    Sniipe wrote: »
    I like the interface - there is just so much detail in it. I imagine I'll get used to finding things quicker. I can see the script go in and I can then confirm it by looking at the GUI. Is there a way to export a GUI rule into script?

    Yes, to export the firewall nat rules just go "ip firewall nat export", same for any config you want to export
    Sniipe wrote: »
    Also that 5100 port that I want to access, its now enabled however it still doesn't work. When I try go to the website I can see packets arrive on the statistics window for the rule... so it seems as if I'm missing something else small with it.

    As above, do an export so I can see it
    Sniipe wrote: »
    I think I'll be recommending Mikrotik in future to friends. I like it so far. I'm going to look at VPN's next; I'd like to browse at work using my home network...

    Yes, there is so much possible with them. Be sure the dns cache is enabled and give devices on your lan the 192.168.88.1 addresss as dns (if not using DHCP). It really makes a great job of regular lookups speeding up browsing.


  • #74
    Sniipe
    Registered Users, Registered Users 2 Posts: 2,932 ✭✭✭Sniipe


    Thats very cool that I can export. 
    [admin@MikroTik] > ip firewall nat export   
# sep/19/2013 09:47:51 by RouterOS 6.4
# software id = L1GL-8BGH
#
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway
add action=dst-nat chain=dstnat comment=\
    "sample udp from port 6881 to 6881 (lan ip 192.168.88.248)" dst-port=6881 \
    protocol=udp to-addresses=192.168.88.248 to-ports=6881
add action=dst-nat chain=dstnat comment=\
    "sample tcp from port 6881 to 6881 (lan ip 192.168.88.248)" dst-port=6881 \
    protocol=tcp to-addresses=192.168.88.248 to-ports=6881
add action=dst-nat chain=dstnat comment=\
    "sample udp from port 5100 to 5100 (lan ip 192.168.88.248)" dst-port=5100 \
    protocol=udp to-addresses=192.168.88.248 to-ports=5100
add action=dst-nat chain=dstnat comment=\
    "sample tcp from port 5100 to 5100 (lan ip 192.168.88.248)" \
    connection-type="" dst-port=5100 port="" protocol=tcp to-addresses=\
    192.168.88.248 to-ports=5100

    I see from other forums that the issue may be that I need to define a "dst-address" - however I use dyndns for dynamic addresses. Or it could be post 5 in this thread...

    [edit]
    I got it working with this - however it probably won't work the next time the IP address changes (need to get my dynamic dns in there some how??) : 
    add action=dst-nat chain=dstnat dst-address=46.7.147.184 dst-port=5100 \
    protocol=udp to-addresses=192.168.88.248 to-ports=5175
add action=dst-nat chain=dstnat dst-address=46.7.147.184 dst-port=5100 \
    protocol=tcp to-addresses=192.168.88.248 to-ports=5100


  • #75
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    Can you post the output of ip firewall nat print. The export doesn't say enabled=yes so looks like they're not enabled.

    Hairpin nat only affects you when coming from inside lan, use 3g to test it works from outside

    Edit, sorry, didn't see your edit


  • #76
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    You don't add your public ip to a firewall config, what you got there is completely wrong.
    add action=dst-nat chain=dstnat comment="my comment" dst-port=5100 protocol=tcp to-addresses=192.168.88.248 to-ports=5100
add action=dst-nat chain=dstnat comment="my comment udp" dst-port=5100 protocol=udp to-addresses=192.168.88.248 to-ports=5100

    This says that all packets arriving at the router with a destination port of 5100 gets forwarded to 192.168.88.248 port 5100

    BTW, every single packet arriving at your router from the internet will have your public ip as destination address, you do not need to specify this


  • #77
    Sniipe
    Registered Users, Registered Users 2 Posts: 2,932 ✭✭✭Sniipe


    smee again wrote: »
    add action=dst-nat chain=dstnat comment="my comment" dst-port=5100 protocol=tcp to-addresses=192.168.88.248 to-ports=5100
add action=dst-nat chain=dstnat comment="my comment udp" dst-port=5100 protocol=udp to-addresses=192.168.88.248 to-ports=5100

    For some reason this doesn't work. I can see on the statistics table that some packets are coming in however I cannot see the web site externally.


  • #78
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    Sniipe wrote: »
    For some reason this doesn't work. I can see on the statistics table that some packets are coming in however I cannot see the web site externally.

    Post the output an export of your firewall nat rules


  • #79
    Sniipe
    Registered Users, Registered Users 2 Posts: 2,932 ✭✭✭Sniipe 


    add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway
add action=dst-nat chain=dstnat comment=\
    "sample udp from port 6881 to 6881 (lan ip 192.168.88.248)" dst-port=6881 \
    protocol=udp to-addresses=192.168.88.248 to-ports=6881
add action=dst-nat chain=dstnat comment=\
    "sample tcp from port 6881 to 6881 (lan ip 192.168.88.248)" dst-port=6881 \
    protocol=tcp to-addresses=192.168.88.248 to-ports=6881
add action=dst-nat chain=dstnat dst-address=46.7.147.184 dst-port=80 \
    protocol=udp to-addresses=192.168.88.1 to-ports=80
add action=dst-nat chain=dstnat dst-address=46.7.147.184 dst-port=80 \
    protocol=tcp to-addresses=192.168.88.1 to-ports=80
add action=dst-nat chain=dstnat dst-port=5100 protocol=tcp to-addresses=\
    192.168.88.248 to-ports=5100
add action=dst-nat chain=dstnat dst-port=5100 protocol=udp to-addresses=\
    192.168.88.248 to-ports=5100


  • #80
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    Why have you your public ip in there? That isn't the way to go about things for a start.
    Also, you have port 80 forwarded to 192.168.88.1 (the router), the web admin of the router is on port 80. You enable/disable or change the port of web login in ip->services, does not need a rule. if you are trying to host something on port 80 behind the firewall you will need to change the web login to another port.

    Explain what rules you need and we can start again from scratch. It's best to delete or disable all rules except the nat rule


  • #81
    Sniipe
    Registered Users, Registered Users 2 Posts: 2,932 ✭✭✭Sniipe


    smee again wrote: »
    Why have you your public ip in there? That isn't the way to go about things for a start.
    Also, you have port 80 forwarded to 192.168.88.1 (the router), the web admin of the router is on port 80. You enable/disable or change the port of web login in ip->services, does not need a rule. if you are trying to host something on port 80 behind the firewall you will need to change the web login to another port.

    Explain what rules you need and we can start again from scratch. It's best to delete or disable all rules except the nat rule

    Sorry I did a ninja edit on the rules.

    I need a rule for torrents on 192.168.88.248:6881 which seems to be working already.
    I need a rule for web access on 192.168.88.248:5100 which doesn't work.
    I need a rule for 192.168.88.1:8080 which doesn't work - access to my mikrotik router.

    The other rules I could disable. Except for the NAT one as you pointed out.


  • Advertisement
  • #82
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    For starters, change the port of web admin of the Mikrotik in ip->services, change it to port 8080. Then add the following filters so you can access the Mikrotik from outside.
    /ip firewall filter
add chain=input comment="allow winbox" dst-port=8291 protocol=tcp
add chain=input comment="allow web admin" dst-port=8080 protocol=tcp
    Leave nat rule and the 2 working rules for utorrent as they are working and delete the rest.

    Then add the firewall rule I posted above which should work for web access on port 5100
    /ip firewall nat
add action=dst-nat chain=dstnat comment="my comment" dst-port=5100 protocol=tcp to-addresses=192.168.88.248 to-ports=5100
add action=dst-nat chain=dstnat comment="my comment udp" dst-port=5100 protocol=udp to-addresses=192.168.88.248 to-ports=5100
    If working you will then be able to access the web server on http://yourpublicip:5100. If you can't it's most likely related to the web application, not the firewall. maybe it's not containing all traffic to port 5100, uses port 80?


  • #83
    Sniipe
    Registered Users, Registered Users 2 Posts: 2,932 ✭✭✭Sniipe


    Thanks smee_again - this worked. It initially didn't work, but I've just checked it the next day from work and it did work thanks.
    I also set up my second Mikrotik as an AP. It was surprisingly easy with the Quickset rules.

    edit - I still can't connect at home, but outside of home I can connect to http://mypublicip:5100 (my workaround at home is to use my internal IP address, but its strange that I can't use the public one)


  • #84
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    To connect from inside your lan using your public IP you need to add a hairpin nat rule, set your dst-address to the IP of your device and place it after the main masquerade rule
    /ip firewall nat
add action=masquerade chain=srcnat comment="hairpin nat rule" disabled=no dst-address=192.168.88.248 src-address=192.168.88.0/24

    http://www.boards.ie/vbulletin/showpost.php?p=80067771&postcount=5


  • #85
    eddiem74
    Registered Users, Registered Users 2 Posts: 2,027 ✭✭✭eddiem74


    smee again wrote: »
    First of all, get the latest 6.4 RouterOS on it, available here: http://www.mikrotik.com/download

    Much easier than that, you'd be as well get the Winbox utility, it's much more powerful than the web login but makes some things much easier (you can always use both). When you login on Winbox go to system->packages and check for updates, it should give you the option to install 6.4 and reboot.

    Then after reboot you need to update the firmware, go to system->routerboard and click update. Then go to system and select reboot.

    OK so am in the process of setting up my new RB951G-2HnD. :D I am new to this so please bear with me. :o

    I followed the above steps but it only upgraded me to V5.26, not version 6.4.

    Any ideas?

    Also, if I add the firewall rules via terminal from the 1st post will that allow PS3 access, etc... to the internet or? As although my son's PS3 is connected via cat6 to router he is not able to sign in to playstation network now. :confused:


  • #86
    eddiem74
    Registered Users, Registered Users 2 Posts: 2,027 ✭✭✭eddiem74


    eddiem74 wrote: »
    OK so am in the process of setting up my new RB951G-2HnD. :D I am new to this so please bear with me. :o

    I followed the above steps but it only upgraded me to V5.26, not version 6.4.

    Any ideas?

    Also, if I add the firewall rules via terminal from the 1st post will that allow PS3 access, etc... to the internet or? As although my son's PS3 is connected via cat6 to router he is not able to sign in to playstation network now. :confused:

    OK update to 6.4 completed after downloading, copying to winbox file list and rebooting. :o

    Running the basic default configuration at the minute, have wireless working.

    Set-up for PS3 and uTorrent probably next and this is where I need help.


  • #87
    eddiem74
    Registered Users, Registered Users 2 Posts: 2,027 ✭✭✭eddiem74


    eddiem74 wrote: »
    OK update to 6.4 completed after downloading, copying to winbox file list and rebooting. :o

    Running the basic default configuration at the minute, have wireless working.

    Set-up for PS3 and uTorrent probably next and this is where I need help.

    PS3 somewhat sorted now, forgot I had set a static IP with previous router :o, so set everything on PS3 to automatic as a temporary fix and connection worked. :)


  • #88
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    eddiem74 wrote: »
    PS3 somewhat sorted now, forgot I had set a static IP with previous router :o, so set everything on PS3 to automatic as a temporary fix and connection worked. :)

    You may need to enable uPnP (plug and play) to get the best use of the PS3 (and Skype, uTorrent etc), they will then open their own ports in the firewall

    /ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=ether1-gateway type=external

    If you are using PPPoE change the external interface above to the PPPoE interface


  • #89
    Agueroooo
    Site Banned Posts: 4,925 ✭✭✭Agueroooo


    I forked out some serious money on a Asus Ac66u, but as I said I wish I had seen this thread first, but whats done is done.

    I could do with a wifi repeater somwere on the landing to increase coverage upstairs..would it be overkill to buy one of these to use just as a repeater for my Asus?
    And would it be difficult to config ?


  • #90
    eddiem74
    Registered Users, Registered Users 2 Posts: 2,027 ✭✭✭eddiem74


    smee again wrote: »
    You may need to enable uPnP (plug and play) to get the best use of the PS3 (and Skype, uTorrent etc), they will then open their own ports in the firewall

    /ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=ether1-gateway type=external

    If you are using PPPoE change the external interface above to the PPPoE interface

    So I tried utorrent this morning via a wired connection without making this change and it was able to download without issue using default router settings.

    Additionally I did not set-up PPPoE as when I connected the Eircom router to ether1 port it connected me to the internet and wireless also worked out of the box so to speak.

    Only default changes I made so far were the wireless password and wireless channel, am using channel 4 as after a freq scan that seem less used.

    I would like to have the fastest wireless possible, so I seen mention of caching. I this something the router itself can do or do I need a separate server? I 'think' I need to look at a web proxy using a transparent configuration perhaps. :confused:

    Guidance welcome on the next things I should check / look at.


  • Advertisement
  • #91
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    If you just plugged it in to another modem or router, it means you did not set it up right. Whatever port forward rules you add on this Mikrotik will mean nothing as you will be double Natting (routing to a new subnet twice). Consoles will find the ports they open are blocked by the modem. It will work, but it will only work for connections originating from inside your lan, any connections coming from the internet will be dropped by the gateway modem/router as it will not know what to do with them.

    You need to bridge the modem and add PPPoE to the Mikrotik.


  • #92
    eddiem74
    Registered Users, Registered Users 2 Posts: 2,027 ✭✭✭eddiem74


    smee again wrote: »
    If you just plugged it in to another modem or router, it means you did not set it up right. Whatever port forward rules you add on this Mikrotik will mean nothing as you will be double Natting (routing to a new subnet twice). Consoles will find the ports they open are blocked by the modem. It will work, but it will only work for connections originating from inside your lan, any connections coming from the internet will be dropped by the gateway modem/router as it will not know what to do with them.

    You need to bridge the modem and add PPPoE to the Mikrotik.

    My eircom router/modem was in bridge mode when I connected it to the Mikrotik ether1. I reviewed the online guide for initial configuration and it did not mention PPPoE so I did not add it as things appeared to be working. I will look into adding PPPoE.

    What about my query on caching?


  • #93
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    eddiem74 wrote: »
    My eircom router/modem was in bridge mode when I connected it to the Mikrotik ether1. I reviewed the online guide for initial configuration and it did not mention PPPoE so I did not add it as things appeared to be working. I will look into adding PPPoE.

    PPPoE is the protocol being used to get your public IP on the Eircom modem, you need to add it on the Mikrotik so it gets your public IP, not the Eircom modem
    eddiem74 wrote: »
    What about my query on caching?

    Caching what? To cache web pages you'll need a pc and a lot of configuring and transparent redirecting, it's probably not worth the hassle. Enable the DNS cache to cache DNS requests so regular domains are not looked up each time, but returned from the router. Also, make sure the DHCP server is giving out the routers IP address as DNS in it's leases


  • #94
    eddiem74
    Registered Users, Registered Users 2 Posts: 2,027 ✭✭✭eddiem74


    smee again wrote: »
    PPPoE is the protocol being used to get your public IP on the Eircom modem, you need to add it on the Mikrotik so it gets your public IP, not the Eircom modem



    Caching what? To cache web pages you'll need a pc and a lot of configuring and transparent redirecting, it's probably not worth the hassle. Enable the DNS cache to cache DNS requests so regular domains are not looked up each time, but returned from the router. Also, make sure the DHCP server is giving out the routers IP address as DNS in it's leases

    Thanks again for you time and patience Smee, I really appreciate it! :)

    Added PPPoE, was not sure about DNS Cache? When I checked IP->DNS it looked like caching was happening? :o Also is there a test I can do to confirm double NAT is not happening?

    Here's my current config from using 'export compact' does it look ok? Where should I look to improve things now? :confused:
    # oct/13/2013 10:03:32 by RouterOS 6.4
# software id = CCB8-P1HX
#
/interface bridge
add admin-mac=D4:CA:6D:BE:8D:FD auto-mac=no l2mtu=1598 name=bridge-local protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=indoors frequency=2427 ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=ap-bridge ssid=MikroTik-BE8E01
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway max-mru=1484 max-mtu=1484 name=eircom-pppoe-out1 password=broadband1 use-peer-dns=yes user=eircom@eircom.net
/ip neighbor discovery
set wlan1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys wpa-pre-shared-key=REMOVED wpa2-pre-shared-key=REMOVED
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=wlan1 network=192.168.88.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=eircom-pppoe-out1 to-addresses=0.0.0.0
/ip service
set api disabled=yes
/system clock
set time-zone-name=Europe/Dublin
/system leds
set 0 interface=wlan1
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local


  • #95
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    That looks good, to test you don't have double Nat do "ip address print" and you should see a public ip address marked D (dynamic) assigned to the eircom-pppoe-out1 interface, (a public ip is one that doesn't start with 192.168.x.x). Also if you do a traceroute (tracert on windows) to www.boards.ie on your pc it will show you the hops. Be sure to disable wireless and pppoe on the Eircom modem.

    The DNS cache is enabled and DHCP is giving out the router ip as DNS.


  • #96
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    Handy that you posted your config, will work perfect for anyone with Eircom once they bridge their modem. Only thing they'd need to edit is the wireless SSID, security key, set their desired channel and set a router password


  • Advertisement
  • #97
    eddiem74
    Registered Users, Registered Users 2 Posts: 2,027 ✭✭✭eddiem74


    smee again wrote: »
    That looks good, to test you don't have double Nat do "ip address print" and you should see a public ip address marked D (dynamic) assigned to the eircom-pppoe-out1 interface, (a public ip is one that doesn't start with 192.168.x.x). Also if you do a traceroute (tracert on windows) to www.boards.ie on your pc it will show you the hops. Be sure to disable wireless and pppoe on the Eircom modem.

    The DNS cache is enabled and DHCP is giving out the router ip as DNS.

    I think we are good?
    [admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                
 0   ;;; default configuration
     192.168.88.1/24    192.168.88.0    wlan1                                    
 1 D 95.45.108.211/32   95.45.108.1     eircom-pppoe-out

    275652.JPG


  • #98
    smee again
    Closed Accounts Posts: 552 ✭✭✭smee again


    Spotted a mistake, you have 192.168.88.1/24 applied to wlan1, it should be bridge-local (which is wlan1 and the lan ports 2-5)


  • #99
    eddiem74
    Registered Users, Registered Users 2 Posts: 2,027 ✭✭✭eddiem74


    smee again wrote: »
    Handy that you posted your config, will work perfect for anyone with Eircom once they bridge their modem. Only thing they'd need to edit is the wireless SSID, security key, set their desired channel and set a router password

    Actually I think there was an error in that, incoming traffic was working but I could not connect to internet, seems I needed to disable the DHCP Client for ether1, now seems all good.

    Should I now consider setting up UPnP?

    Updated Config.
    # oct/13/2013 11:54:11 by RouterOS 6.4
# software id = CCB8-P1HX
#
/interface bridge
add admin-mac=D4:CA:6D:BE:8D:FD auto-mac=no l2mtu=1598 name=bridge-local \
    protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=\
    indoors frequency=2427 ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=\
    ap-bridge ssid=MikroTik-BE8E01
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway max-mru=1484 \
    max-mtu=1484 name=eircom-pppoe-out1 password=broadband1 use-peer-dns=yes \
    user=eircom@eircom.net
/ip neighbor discovery
set wlan1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys wpa-pre-shared-key=REMOVED wpa2-pre-shared-key=REMOVED
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=wlan1 \
    network=192.168.88.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
    ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=eircom-pppoe-out1 to-addresses=0.0.0.0
/ip service
set api disabled=yes
/system clock
set time-zone-name=Europe/Dublin
/system leds
set 0 interface=wlan1
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local


  • #100
    eddiem74
    Registered Users, Registered Users 2 Posts: 2,027 ✭✭✭eddiem74


    smee again wrote: »
    Spotted a mistake, you have 192.168.88.1/24 applied to wlan1, it should be bridge-local (which is wlan1 and the lan ports 2-5)

    Thanks, updated config:
    # oct/13/2013 12:03:12 by RouterOS 6.4
# software id = CCB8-P1HX
#
/interface bridge
add admin-mac=D4:CA:6D:BE:8D:FD auto-mac=no l2mtu=1598 name=bridge-local protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=indoors frequency=2427 ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=ap-bridge ssid=MikroTik-BE8E01
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway max-mru=1484 max-mtu=1484 name=eircom-pppoe-out1 password=broadband1 use-peer-dns=yes user=eircom@eircom.net
/ip neighbor discovery
set wlan1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys wpa-pre-shared-key=REMOVED wpa2-pre-shared-key=REMOVED
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=bridge-local network=192.168.88.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=eircom-pppoe-out1 to-addresses=0.0.0.0
/ip service
set api disabled=yes
/system clock
set time-zone-name=Europe/Dublin
/system leds
set 0 interface=wlan1
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local


  • #101
    eddiem74
    Registered Users, Registered Users 2 Posts: 2,027 ✭✭✭eddiem74


    smee again wrote: »
    You may need to enable uPnP (plug and play) to get the best use of the PS3 (and Skype, uTorrent etc), they will then open their own ports in the firewall

    /ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=ether1-gateway type=external

    If you are using PPPoE change the external interface above to the PPPoE interface

    Updated config after adding UPnP:
    # oct/13/2013 12:36:30 by RouterOS 6.4
# software id = CCB8-P1HX
#
/interface bridge
add admin-mac=D4:CA:6D:BE:8D:FD auto-mac=no l2mtu=1598 name=bridge-local protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=indoors frequency=2427 ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=ap-bridge ssid=MikroTik-BE8E01
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway max-mru=1484 max-mtu=1484 name=eircom-pppoe-out1 password=broadband1 use-peer-dns=yes user=eircom@eircom.net
/ip neighbor discovery
set wlan1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys wpa-pre-shared-key=REMOVED wpa2-pre-shared-key=REMOVED
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=bridge-local network=192.168.88.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=eircom-pppoe-out1 to-addresses=0.0.0.0
/ip service
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=eircom-pppoe-out1 type=external
/system clock
set time-zone-name=Europe/Dublin
/system leds
set 0 interface=wlan1
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local

    Why not have the dummy rule and allow disable external interface = Yes?
    [admin@MikroTik] ip upnp> print
           		     enabled: yes
    allow-disable-external-interface: [B]yes[/B]
                     show-dummy-rule: [B]yes[/B]
[admin@MikroTik] ip upnp>


  • Advertisement
Advertisement