same with tutorial video number 31, TKSJa..mikrotik users from the Philippines are always following your tutorials. We are so glad to watch your video sir. we have a group on facebook. most of your videos are linked on our page for the others to watch and learn.Thank you again for sharing your skill and understanding of how to use mikrotik effectively.
@TKSJa
5 жыл бұрын
Wow, I really appreciate it. Thanks
@homercoles8877
5 жыл бұрын
@@TKSJa we should be thankful sir for sharing your knowledge, your tutorial channel is the most comprehensive tutorial. step by step and hooray for the 88 videos! you are so good in teaching us, it's like you are in front of us personally while the video is playing.god bless and more power sir.
@piotr4244 жыл бұрын
Better use chain:forward instead input
@Alexanderarseny3 жыл бұрын
Thanks a lot ! Great tips that are probably impossible to find in the UI or in normal documentation !
@only1devious5 жыл бұрын
THANK YOU, ALWAYS WITH THE GREAT TUTORIALS, PLEASE KEEP THEM COMING !
@TKSJa
5 жыл бұрын
You are welcome.
@mjsun425 жыл бұрын
Thanks ! Have been waiting for this for a long time :-).
@TKSJa
5 жыл бұрын
You are welcome.
@ivarsbriedis41503 жыл бұрын
As others have mentioned it seems that the chain forward is better than input. I could still ping devices between networks when using input chain, but not when changing to forward.
@zoltannagy67105 жыл бұрын
Thanks! This is greet video! Other options (IMHO) isolete guest wifi (or guest network) the VRF
@mtj7703 жыл бұрын
Great tutorial! I had on issue... When I set the Firewall rule (#11 in your video) to drop traffic from guest to LAN as in the video I could still connect from the guest network to a IP cam on the LAN. I modified the rule from Input to Forward and now it works OK. Any thoughts on this?
@birajramtel98955 жыл бұрын
Great video gained a lot of information. One more thing is it possible to block the unauthorized user through mac-filter in Mikrotik router
@zoltanzorgo4 жыл бұрын
In general guest WiFi is considered to allow only internet access and nothing else. In this sense wouldn't it be easier to just add a rule that blocks everything coming from the guest wifi address list and not having as output interface list the WAN? For the negation there is the "!" before the input field.
@gevorggrigoryan1613 Жыл бұрын
Great tutorial!
@clddnc5 жыл бұрын
Thank's man! Respect.
@Avecfort2 жыл бұрын
Can they still access ftp that's located outside (Internet)?
@zivanovic0185 жыл бұрын
Great Tutorial! Can you make a video and explain about the eoip tunnel?
@TKSJa
5 жыл бұрын
You are welcome, added to my list.
@bhi352 жыл бұрын
Any user default quota 10 GB limit setting ?
@abaurre34 жыл бұрын
This is not working, my guest VLAN can still access my modem (WAN), even though I used the protocols and ports shown on connection tab.
@drreality15 жыл бұрын
Thank you so much. But why INPUT rather than FORWARD chain. I've been using forward and it seems working fine
@TKSJa
5 жыл бұрын
input - used to process packets entering the router through one of the interfaces with the destination IP address which is one of the router's addresses. Packets passing through the router are not processed against the rules of the input chain forward - used to process packets passing through the router output - used to process packets originated from the router and leaving it through one of the interfaces. Packets passing through the router are not processed against the rules of the output chain
@pablo6405
5 жыл бұрын
Question: if the packet are coming fron Guest Network to a PC in LAN 192.168.88.x it will be blocked?
@TKSJa
5 жыл бұрын
@@pablo6405 yes
@drreality1
5 жыл бұрын
@@TKSJa thank you sir. I'll try changing my rules and see. Cheers
@kostasanalytis2925
4 жыл бұрын
Hello and thanks for the many interesting videos you make. The proper way to block Network to network traffic is via the FORWARD chain as this is it's role. Under the general tab just select source address : 10.10.10.0/24 and destination addresses: 192.168.88.0/24 Action : drop - I usually do reject with network unreachable
@andreass24015 жыл бұрын
Thanx for your Video Howto
@TKSJa
5 жыл бұрын
You are welcome
@robertmuinde3691 Жыл бұрын
How do I block qr code hotspot quick share on android phones
@efokafui5 жыл бұрын
Hello, thanks very much for this video, Is it possible to queue traffic from LAN to the internet without affecting LAN to LAN, Please assist if there is. I want to be able to queue my LAN network from access to internet but allow unlimited traffic to the LAN Network. Thanks
@TKSJa
5 жыл бұрын
Check out these video on bandwidth management kzread.info/dash/bejne/hH9hk8-Ll7ergMo.html
@danielreinvart3 жыл бұрын
Nah, what about: IP / Services / Available From and select the IP range which can access these ports ? Firewall then can be use to block any device from 10 site, to 192 site . With this settings, you have less firewall rules. :)
@asdfgghfd20415 жыл бұрын
I dont understand. When Guest network has separate adress pool there is no way to access the router. Am i correct ? So why did you block 10.10.10.1 adress ?
@JaZzDeOliveira
5 жыл бұрын
Because the guest users would be able to access the Mikrotik router via the gateway address, so that is why you want to block there attempts to do so.
@Ovidiu2682 жыл бұрын
DOES NOT WORK. I've made the same config and the access from the guest WIFI is in the 192.168.88, I can also access the router admin web page, but the good part is that I can't scan the network. I will research further. Also I want to add that I'm not a NET guy.
@pogz20212 жыл бұрын
its useless if that user change mac addres and ip address
@Mi_Fa_Volare4 жыл бұрын
What if I want to block 192.168.0.0/16?
@ahmedbamatraf29435 жыл бұрын
thank you > can your facebook
@TKSJa
5 жыл бұрын
You are welcome.
@ahmedbamatraf2943
5 жыл бұрын
I need best loadbalance for 3 or 4 adslline wan ? I have tp link loadbalance but only if download is ok but brows or KZread only from it work 1 line only
Пікірлер: 41
same with tutorial video number 31, TKSJa..mikrotik users from the Philippines are always following your tutorials. We are so glad to watch your video sir. we have a group on facebook. most of your videos are linked on our page for the others to watch and learn.Thank you again for sharing your skill and understanding of how to use mikrotik effectively.
@TKSJa
5 жыл бұрын
Wow, I really appreciate it. Thanks
@homercoles8877
5 жыл бұрын
@@TKSJa we should be thankful sir for sharing your knowledge, your tutorial channel is the most comprehensive tutorial. step by step and hooray for the 88 videos! you are so good in teaching us, it's like you are in front of us personally while the video is playing.god bless and more power sir.
Better use chain:forward instead input
Thanks a lot ! Great tips that are probably impossible to find in the UI or in normal documentation !
THANK YOU, ALWAYS WITH THE GREAT TUTORIALS, PLEASE KEEP THEM COMING !
@TKSJa
5 жыл бұрын
You are welcome.
Thanks ! Have been waiting for this for a long time :-).
@TKSJa
5 жыл бұрын
You are welcome.
As others have mentioned it seems that the chain forward is better than input. I could still ping devices between networks when using input chain, but not when changing to forward.
Thanks! This is greet video! Other options (IMHO) isolete guest wifi (or guest network) the VRF
Great tutorial! I had on issue... When I set the Firewall rule (#11 in your video) to drop traffic from guest to LAN as in the video I could still connect from the guest network to a IP cam on the LAN. I modified the rule from Input to Forward and now it works OK. Any thoughts on this?
Great video gained a lot of information. One more thing is it possible to block the unauthorized user through mac-filter in Mikrotik router
In general guest WiFi is considered to allow only internet access and nothing else. In this sense wouldn't it be easier to just add a rule that blocks everything coming from the guest wifi address list and not having as output interface list the WAN? For the negation there is the "!" before the input field.
Great tutorial!
Thank's man! Respect.
Can they still access ftp that's located outside (Internet)?
Great Tutorial! Can you make a video and explain about the eoip tunnel?
@TKSJa
5 жыл бұрын
You are welcome, added to my list.
Any user default quota 10 GB limit setting ?
This is not working, my guest VLAN can still access my modem (WAN), even though I used the protocols and ports shown on connection tab.
Thank you so much. But why INPUT rather than FORWARD chain. I've been using forward and it seems working fine
@TKSJa
5 жыл бұрын
input - used to process packets entering the router through one of the interfaces with the destination IP address which is one of the router's addresses. Packets passing through the router are not processed against the rules of the input chain forward - used to process packets passing through the router output - used to process packets originated from the router and leaving it through one of the interfaces. Packets passing through the router are not processed against the rules of the output chain
@pablo6405
5 жыл бұрын
Question: if the packet are coming fron Guest Network to a PC in LAN 192.168.88.x it will be blocked?
@TKSJa
5 жыл бұрын
@@pablo6405 yes
@drreality1
5 жыл бұрын
@@TKSJa thank you sir. I'll try changing my rules and see. Cheers
@kostasanalytis2925
4 жыл бұрын
Hello and thanks for the many interesting videos you make. The proper way to block Network to network traffic is via the FORWARD chain as this is it's role. Under the general tab just select source address : 10.10.10.0/24 and destination addresses: 192.168.88.0/24 Action : drop - I usually do reject with network unreachable
Thanx for your Video Howto
@TKSJa
5 жыл бұрын
You are welcome
How do I block qr code hotspot quick share on android phones
Hello, thanks very much for this video, Is it possible to queue traffic from LAN to the internet without affecting LAN to LAN, Please assist if there is. I want to be able to queue my LAN network from access to internet but allow unlimited traffic to the LAN Network. Thanks
@TKSJa
5 жыл бұрын
Check out these video on bandwidth management kzread.info/dash/bejne/hH9hk8-Ll7ergMo.html
Nah, what about: IP / Services / Available From and select the IP range which can access these ports ? Firewall then can be use to block any device from 10 site, to 192 site . With this settings, you have less firewall rules. :)
I dont understand. When Guest network has separate adress pool there is no way to access the router. Am i correct ? So why did you block 10.10.10.1 adress ?
@JaZzDeOliveira
5 жыл бұрын
Because the guest users would be able to access the Mikrotik router via the gateway address, so that is why you want to block there attempts to do so.
DOES NOT WORK. I've made the same config and the access from the guest WIFI is in the 192.168.88, I can also access the router admin web page, but the good part is that I can't scan the network. I will research further. Also I want to add that I'm not a NET guy.
its useless if that user change mac addres and ip address
What if I want to block 192.168.0.0/16?
thank you > can your facebook
@TKSJa
5 жыл бұрын
You are welcome.
@ahmedbamatraf2943
5 жыл бұрын
I need best loadbalance for 3 or 4 adslline wan ? I have tp link loadbalance but only if download is ok but brows or KZread only from it work 1 line only