Fractal 3000

## ## Automatically upgrade RouterOS and Firmware ## https://github.com/massimo-filippi/mikrotik ## ## script by Maxim Krusina, maxim@mfcc.cz ## based on: http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS ## created: 2014-12-05 ## updated: 2015-12-09 ## tested on: RouterOS 6.33.1 / multiple HW devices, won't work on 6.27 and older (different update process & value naming) ## ########## Set variables ## Notification e-mail :local email "your@email.com" ########## Do the stuff ## Check for update /system package update set channel=current check-for-updates ## Waint on slow connections :delay 15s; ## Important note: "installed-version" was "current-version" on older Roter OSes :if ([get installed-version] != [get latest-version]) do={ ## New version of RouterOS available, let's upgrade /tool e-mail send to="$email" subject="Upgrading RouterOS on router $[/system identity get name]" body="

General Information Summary Bandwidth Control is a set of mechanisms that control data rate allocation, delay variability, timely delivery, and delivery reliability. The MikroTik RouterOS supports the following queuing disciplines: PFIFO - Packets First-In First-Out BFIFO - Bytes First-In First-Out SFQ - Stochastic Fairness Queuing RED - Random Early Detect PCQ - Per Connection Queue HTB - Hierarchical Token Bucket Specifications Packages required: system License required: Level1 (limited to 1 queue) , Level3 Submenu level: /queue Standards and Technologies: None Hardware usage: significant Description Quality of Service (QoS) means that the router should prioritize and shape network traffic. QoS is not so much about limiting, it is more about providing quality service to the network users. Some features of MikroTik RouterOS traffic control mechanism are listed below: limit data rate for certain IP adresses, subn

Do you play online games? Of course you do. Have you experienced lag? Very likely. No matter how fast your internet connection is, if another program or person on your network competes for bandwidth, the packets will be processed at the same priority, resulting in increased latency (or worse, packet loss) for your game or other interactive applications. Whether you share an internet connection with roommates or operate a gaming house, LAN center, etc, this can quickly become a problem. Thankfully there's a cheap and relatively easy way to solve this in the form of a decent router - the Mikrotik RouterBOARD. Many people are familiar with the trouble consumer grade routers can cause. It's not a surprise that the number one go to troubleshooting technique is a simple reboot - consumer routers are designed to be low price and thus operate on cheap hardware with limited memory which can easily cause problems. From NAT table overflows to DHCP server crashes, your

Managing Mikrotik firewall through CLI/SSH interface Change firewall rule order One of the bad things in Mikrotik firewall is that when you add new rule, it’s automatically applied at the end of the chain, which in most of the times has NO EFFECT . So you need to fine-tune your rule position in order to make it work as supposedd First print the current rules /ip firewall filter print without-paging Now change the order, for example make rule number 18 to be number 1 : /ip firewall filter move 18 1 You MUST do /ip firewall filter print before actually moving the rule. Useless to say it's annoying when running batches with dsh or putty. So you rsc would be: /ip firewall filter print /ip firewall filter move [find where comment ="blabla"] destination=32 Or in a single line: '/ip firewall filter print; /ip firewall filter move [find where comment ="blabla"] destination=32'     

My wireless ISP (WISP) uses the Mikrotik hotspot feature with RADIUS on the back end to authenticate our users. This implements a captive portal that redirects all DNS requests so that the user is taken to a login page if they’re not logged in. Once they log in once, the system associates their radio with their account, and they don’t have to log in anymore under normal circumstances. However, once logged in, users still have all their DNS requests proxied through the routers. A lot of users want to use their own DNS (like OpenDNS or Google Public DNS), and that’s fine with me, but a user ran the namebench utility and found that their DNS was being forcibly proxied. It took some hunting, but I finally found this post on the Mikrotik forums which details how to get around this. Basically: The hotspot adds dynamic DNS redirect rules. If you go to /ip firewall nat and just print , these rules don’t show up. If you do print dynmic they do. The relevant lines are: 2 D ch

Mikrotik new version software stops blocking torrents and p2p with the error P2P matcher is obsolete please use layer7 matcher instead - MikroTik Here are the new and revise configuration steps that will block torrents and p2p traffic from mikrotik router. /ip firewall layer7-protocol add comment="Block Bit Torrent" name=layer7-bittorrent-exp regexp="^(\\x13bitt\ orrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?inf\ o_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[\ RP]" /ip firewall filter add action=add-src-to-address-list address-list=Torrent-Conn \ address-list-timeout=2m chain=forward layer7-protocol=\ layer7-bittorrent-exp src-address=192.168.2.0/24 src-address-list=\ !allow-bit add action=drop chain=forward dst-port=\ !0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=tcp \ src-address-list=Torrent-Conn add action=drop chain=forward dst-port=\ !0-1024,8291,5900,