lagrace.blogg.se - Layer7 mikrotik

But nor the mikrotik or clients get DNS answer from the new PiHole. In DHCP I only switch from my "old" PiHole to my "new" PiHole which is in the Mikrotik container and then stops working.Ĭlients in this case are always asking mikrotik for DNS. I set my DNS IP to be the Mikrotik it self so that my core mikrotik has all of the DNS records. As explained in the official MikroTik Wiki page, Layer7 protocol on MikroTik is one of the options used for the purpose of blocking access to certain websites. It is not recommended to use the L7 matcher for generic traffic, such as for blocking webpages. Use this feature only for very specific traffic. The L7 matcher is very resource-intensive.

DNS IP is new Pi-hole and that Pi-hole in configuration doesn't have upstream DNS IP of MT DNS, maybe some public like 8.8.8.8 Layer7-protocol is a method of searching for patterns in ICMP/TCP/UDP streams.

DNS IP is of old Pi-hole and that Pi-hole in configuration have upstream DNS IP of new Pi-hole instead MT DNS and new Pi-hole doesn't have upstream DNS IP of MT DNS (+ chaining Pi-holes doesn't make much sense).

Possibilities depending on client's DNS IP: Which DNS IP address clients receive? Assuming that is set over DHCP, not manually.

With that, wifi clients can see IP address of cnmaesteo in that URL and with that thay can get the login page of the controller (they see IP adress in URL).0 R name="veth1" address=172.17.0.2/24 gateway=172.17.0.1Ĭhain=srcnat action=masquerade src-address=172.17.0.0/24 out-interface=ISP log=no log-prefix=""Ġ name="4b45ab04-2116-4008-9254-93fe8251fc5e" tag="pihole/pihole:latest" os="linux" arch="arm" interface=veth1Įnvlist="pihole_envs" root-dir=disk1/pihole mounts=etc_pihole,dnsmasq_pihole dns="" status=errorĬolumns: SLOT, MODEL, SERIAL, INTERFACE, SIZEĠ b disk1 Generic USB Storage 000000000272 USB 2.00 480Mbps 62 537 072 640Ġ name="pihole_envs" key="TZ" value="Europe/Zagreb"ġ name="pihole_envs" key="WEBPASSWORD" value="xxxxxxxxxx"Ģ name="pihole_envs" key="DNSMASQ_USER" value="root"Ġ name="etc_pihole" src="/disk1/etc" dst="/etc/pihole"ġ name="dnsmasq_pihole" src="/disk1/etc-dnsmasq.d" dst="/etc/dnsmasq.d"īut I can see the requests in the new PiHole which is really strange - my DNS cash is not filling up in mikrotik The mikrotik firewall has a very extensive feature set and has the ability to perform functions such as network address translation (NAT), web filtering. Problem is that in URL of captive portal is visible IP address of cnmaestro (plus the rest of the string…).

Select the + sign, then fill in as a blockable site. Go to IP> Firewall> Layer 7 Protocols menu. We support all Grandstream, DrayTek, Obihai, Poly, Ubiquiti, MikroTik, Extreme. If you still can, next is blocking on the Youtube site. How to effortlessly implement layer 7 firewall rules using Ubiquitis.

We decided to start using captive for our clients. Following are the steps to block the website using the Mikrotik Youtube regex method: Check first by opening whether you can or not.