General • Connection Tracking,
Greetings, colleagues, I want to optimize my connection tracking to lower CPU and active connections without reason. I have a ccr2116 running with fasttrack, 5Gbps of traffic and 217,000 connections...
View ArticleGeneral • Re: Connection Tracking,
I'm not qualified to say anything about the other timeouts, but let me share a piece of advice regarding "tcp-established-timeout".I suggest setting it to 7440 seconds (2 hours 4 minutes) at a minimum...
View ArticleBeginner Basics • persistent traffic accounting
hello community,is there a way of some sort of persistent accounting?not per ip, but only to measure the internet up- and download per month.doing that with simple queue or even queue tree is not...
View ArticleForwarding Protocols • How to set OSPF passive mode interface?
When I'm trying to set up OSFP:Code: routing ospf instance add name=ospf_v2 version=2 router-id=1.2.3.4routing ospf area add name=bkbn_v2 area-id=0.0.0.0 instance=ospf_v2 routing ospf...
View ArticleGeneral • Running DSNAKE protocol over two switches
Has anyone ever supported Allen & Heath mixer boards and attempted to run their DSNAKE protocol over MikroTik switches? Here is an article that states it should be possible.I'm running into slight...
View ArticleGeneral • Re: VXLAN CRS v7.18
The HW-offload VXLAN support is very basic right now. I couldn't get it to pass tagged traffic coming into the same VLAN from other switches, only untagged traffic (from another port) tagged into the...
View ArticleGeneral • Re: Running DSNAKE protocol over two switches
Disclaimer: I don't know a thing about dSNAKE.Once I had a closer look at a pair of USB/DP extender which uses UTP cables between them. They speak ethernet frames, so placing switch in between (with...
View ArticleBeginner Basics • Re: Assistance Needed ASAP
For future reference, when posting a help request, putting something useful in the subject makes it far more likely that you will get some help, and it makes the issue far easier to find in a...
View ArticleBeginner Basics • How to forward port?
I'm replacing a Comcast Business router with an hAP ax2. I have dual WAN failover from ether1 to ether2 with DHCP working, and need to forward TCP/UDP port 81 to cascaded router IP 10.1.10.151. Here's...
View ArticleBeginner Basics • firewall rules and logging ideas
1.I would like to finally take on making my firewall rules, I did something like this with the help of the Internet. Please advise me what I would necessarily have to change. At this point “drop all”...
View ArticleGeneral • Re: How to have more than 8 RTSP services ports
If I am understanding your question, you are setting up the RTSP streams incorrectly in the router. The IP > Firewall > Service ports is services provided by the router itself. Webcam streams...
View ArticleBeginner Basics • Re: How to forward port?
Moving the firewall rules up didn't help:Code: [admin@MikroTik] > /ip firewall filter printFlags: X - disabled, I - invalid; D - dynamic 0 D ;;; special dummy rule to show fasttrack counters...
View ArticleGeneral • Re: Invalid ICMPv6 Neighbor Solicitation Packet emitted by Loopback...
This is the rule I have in place:Code: /ipv6 firewall filteradd action=log chain=input comment="Logging before ipv6-drop-input" dst-address-type=!multicast in-interface-list=!wan6...
View ArticleRouterBOARD hardware • Will LHG-R MIKROTIK 17dBi support 4G LTE Modem Fibocom...
Hi guys.I started looking at 4g/lte mikrotik antennas again. I would like to buy the model without lte modem included and add another by my own. Will that modem work with the mikrotik product? Thank u...
View ArticleBeginner Basics • Re: No Android Push Notifications with Wireguard...
In the hope that someone can help me, here is my complete configuration:Code: # 2025-01-30 21:00:13 by RouterOS 7.17# software id = SVBQ-F015## model = RB5009UPr+S+# serial number = /caps-man...
View ArticleRouterOS beta • Re: Feature request: ND Proxy (RFC 4389)
Going to +1 this as well.Are there any plans regarding this?It is a feature really needed and provided by most other routers. Currently I have to use a seperate OPNsense router just for the IPv6 side...
View ArticleGeneral • Re: How to secure DarkFiber between 2 MikroTik
Go buy a 2nd hand switch starting with Cisco Catalyst 3560X onwards , 4xxx / cisco industrial( IE series) switch as they hardware offload'ed macsec. Even Juniper's got a good collection of macsec...
View ArticleBeginner Basics • Re: firewall rules and logging ideas
When you want to ditch the youtube nonsense, I will be glad to help provide a clean and useful firewall set of rules.However, one must look at the config as a whole, so a complete export is...
View ArticleGeneral • ipv6 address in DDNS
Hi All,I would like to have my server's ipv6 address in the DDNS configuration, as (if I understand ipv6 correctly) there is no NAT/PAT with ipv6 any more. Or is there a best practice to advertise...
View ArticleGeneral • Vlan Setup
Topology : R1 (ether2) <> (ether1) R2 (ether2) <> (ether2) R3Code: --- R1 Config : ---/interface vlan add interface=ether2 name=vlan1111 vlan-id=1111/ip address add...
View Article