maksimm-avatar
maksimm 10 hours ago
maksimm has registered
Focus: Windows in general - User group: End-user.
Ultramatic-avatar
Ultramatic 2 days ago
7 comments
Comment in: Connect to Windows 10 Share (SMB1 succeeds, SMB2 fails)
Quote from @FordPerfect:
-ash: smbclient: not found
Then you have to install smbclient on your system. What kind of system are you working on (distribution, kernel version, etc.)((uname -a) I am asking because you are working with the ash shell, that usually mean you are working on an embedded or like system where memory is crucial. It could be that this system currently does not support higher SMB Versions as 1.0.

Which SMB dialects your version of CIFS supports, can be read by issuing the following command:
/sbin/modinfo cifs

The output should be similar to this (example from current Archlinux distro)

screenshot

Try to install smbclient via your package manager and use the parameter -d 10 to enable verbose debug messages. (Older versions had a max level of 255 newer ones only 0-10, just try out the values).
smbclient -L //server/share -U <username> -d 10

Also try to add the verbose parameter to the mount command
mount -t cifs --verbose -o user=username,password=passw0rd //server/share /mnt
Regards
FordPerfect-avatar
FordPerfect 2 days ago
7 comments
Comment in: Connect to Windows 10 Share (SMB1 succeeds, SMB2 fails)
Thank you for the tips:

if I try smbclient I get the following error via SSH:


-ash: smbclient: not found

__________________________________________________________

If I try without the "ver=*" Parameter, I get the following error message via SSH:

mount: mounting 192.168.0.220/CROSSROADS on /tmp/test failed: Host is down

__________________________________________________________

How do I find out, which SAMBA version I use?


Thanks
Lochkartenstanzer-avatar
Lochkartenstanzer 3 days ago
7 comments
Comment in: Connect to Windows 10 Share (SMB1 succeeds, SMB2 fails)
Did you try the mount command without a Version Parameter?

lks

Btw: which samba version do you use?

PS: Try if smbclient works.
minhajulquranacademy-avatar
minhajulquranacademy 3 days ago
minhajulquranacademy has registered
Focus: Networks - User group: Marketing.
FordPerfect-avatar
FordPerfect 3 days ago
7 comments
Comment in: Connect to Windows 10 Share (SMB1 succeeds, SMB2 fails)
I checked - it does:

SMB1 ist "False"
SMB2/3 ist "True"


Tested with Powershell
FordPerfect-avatar
FordPerfect 3 days ago
7 comments
Comment in: Connect to Windows 10 Share (SMB1 succeeds, SMB2 fails)
Hey Peter!

ich habe mich nach einem Charakter in meinem Lieblingsbuch benannt - etwas modifiziert, denn er nennt sich "Ford Prefect"

___________________________________________________________________________________

Getestet mit Powershell:

SMB1 ist "False"
SMB2/3 ist "True"


https://learn.microsoft.com/en-gb/windows-server/storage/file-server/tro ...
Lochkartenstanzer-avatar
Lochkartenstanzer 3 days ago
7 comments
Comment in: Connect to Windows 10 Share (SMB1 succeeds, SMB2 fails)
Hi,

I guess, that your smb-server doesn't support newer Versions of SMB. Check Your server.

lks
Pjordorf-avatar
Pjordorf 3 days ago
7 comments
Comment in: Connect to Windows 10 Share (SMB1 succeeds, SMB2 fails)
Hi,

Zitat von @FordPerfect:
"failed: Host is down"
What or who is your SSH host? Not only SMBv1 disabled, but also SMBv2/3 enabled?
https://learn.microsoft.com/en-gb/windows-server/storage/file-server/tro ...

face-smile https://www.automobilwoche.de/agenturmeldungen/ford-verabschiedet-sich-v ... face-smile

Regards,
Peter
FordPerfect-avatar
FordPerfect 3 days ago
Question7 comments
Connect to Windows 10 Share (SMB1 succeeds, SMB2 fails)
Problem description: that mounting SMB1 on a Windows 10 computer works as follows because "SMB1 Support" is enabled:

mount -t cifs -o user=USER,password=USER,vers=1.0 //192.168.1.222/SHARE /tmp/test


When I disable "SMB1 support" on the Windows 10 machine AND type at "vers=2.0 or 2.1", I get the following error message back from the SSH console:

"failed: Host is down"

Can you please help me to find the correct command line to "negotiate" modern SMB2 shares on a modern computing environment?

Thank you very much!
AMem79-avatar
AMem79 4 days ago
AMem79 has registered
Focus: Windows server - User group: Administrator.
PackElend-avatar
PackElend 5 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
ALL DONE!
PackElend-avatar
PackElend 5 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
  • ORANGE BOX
VLAN TAGGED of SOURCE SUBNET
not VLAN TAGGED

  • BLUE BOX
from VLAN host to WAN, very similar to inter-VLAN routing but it is going to the WAN interface instead the other VLAN interface.
In this case, it is assumed that the router has Switch Chip, otherwise in and out
Interfaces are the faded interfaces
On CPU level (as on the original drawing).


slide5
PackElend-avatar
PackElend 5 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
  • LEFT, UPPER ORANGE BOX
Packet is not part of VLAN (subnet) anymore, VLAN tag to be removed.

  • LEFT, MIDDLE ORANGE BOX
VLAN interfaces, are not considered as part of the bridge in this context.

  • LEFT, LOWER ORANGE BOX
VLAN Interface of the bridge as it is tagged traffic, see Bridge vs VLAN Interface

  • RIGHT, LOWER-END, ORANGE BOX
New VLAN (subnet), VLAN tag to be added.

  • MIDDLE, LOWER-END, ORANGE BOX
VLAN TAGGED of SOURCE SUBNET
not VLAN TAGGED
VLAN TAGGED of TARGET SUBNET


  • BLUE BOX
Inter VLAN routing (excluding L3 Hardware offload), VLAN tagged removed when leaving VLAN, forwarded as normal IP packet on L3, retagged, when entering target VLAN, e.g from VLAN ID 120 (User 2) to VLAN ID 100 (Common Services).


slide4
PackElend-avatar
PackElend 5 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
  • ORANGE BOX
Bridge VLAN Table - RouterOS - MikroTik Documentation--> CPU port

  • BLUE BOX
If there are bridge ports, which are not connected to the Switch Chip, traffic must be allowed to flow to CPU (software), this is done by adding the bridge itself as a port. Otherwise, traffic will be dropped at the SWITCHING DECISION.
An example can be an hEX S where the SFP port acts an uplink and all ports are members of the same bridge.
VLAN tag is handled by Switch Chip VLAN Table and Bridge VLAN Table


slide3
PackElend-avatar
PackElend 5 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
here is what is written in the image

  • LOWER LEFT
IMHO, "Switching Decision" is a bit irritating when it comes to packet flow description, as a switch only forwards packets between ports (+ …casting).
In the case of VLAN awareness, it alters VLAN tag as well.
More details see Packet Flow in RouterOS - RouterOS - MikroTik Documentation --> switching decision & switch-cpu port --> So,
Input: to Switch-CPU Port
Output: from Switch-CPU Port

  • ORANGE BOX
VLAN tag is handled by Switch Chip VLAN Table:
“VLAN ID-based forwarding takes into account the MAC addresses dynamically learned or manually added in the host table. QCA8337 and Atheros8327 switch-chips also support Independent VLAN Learning (IVL) which does the learning based on both - MAC addresses and VLAN IDs, thus allowing the same MAC to be used in multiple VLANs.”

  • BLUE BOX
ANY TRAFFIC BETWEEN THE BRIDGE PORTS AS THEY ARE ALL HARDWARE OFFLOADED. CONFIGURATION FOLLOWING Bridge VLAN Table (standard as from ROS v6.41 )

slide2
PackElend-avatar
PackElend 5 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
Hello again,
I may have THE answer, hope you confirm, fingers are crossed.

My credits go to

I'm still searching for a good reference for what ChatpGPT said so well
Logical interfaces, such as VLAN interfaces, are separate interfaces that operate at Layer 3 and are not considered part of the bridge for packet flow decisions. They handle the IP configuration and routing for specific VLANs but do not directly influence the packet forwarding decisions within the bridge.

I will go from switching to briding to routing post by post, adding more details picture by picture
The entire PowerPoint (source of the pictures) can be shared on request.
May I get a response from rickfreyconsulting to update the drawing with the switch chip.

slide1
syedqurancenter-avatar
syedqurancenter 8 days ago
syedqurancenter has registered
Focus: Development - User group: Manager.
andrej2-avatar
andrej2 8 days ago
andrej2 has registered
Focus: Server in general - User group: End-user.
mirrayhan08-avatar
mirrayhan08 10 days ago
mirrayhan08 has registered
Focus: Networks - User group: Researcher.
JordanSanders-avatar
JordanSanders 10 days ago
JordanSanders has registered
Focus: Development Databases - User group: Developer.
simbl1-avatar
simbl1 13 days ago
simbl1 has registered
Focus: Server in general - User group: Administrator.
PhoenixKatz-avatar
PhoenixKatz 13 days ago
PhoenixKatz has registered
Focus: Other systems - User group: Consultant.
usgermantrans-avatar
usgermantrans 14 days ago
usgermantrans has registered
Focus: Other systems - User group: Consultant.
55al1h-avatar
55al1h 15 days ago
55al1h has registered
Focus: Server in general - User group: Administrator.
Ultramatic-avatar
Ultramatic 17 days ago
1 comment
Comment in: Python Script Referencing
Sample:
# first.py
def foo(): print("foo")
def bar(): print("bar")


# second.py
import first

first.foo()    # prints "foo"
first.bar()    # prints "bar"
Now all clear face-wink ?

Just read the instructions 😋

Regards
rahuljain-avatar
rahuljain 17 days ago
Question1 commentSolved
Python Script Referencing
I have 2 python files (.py) named file1 and file2.

  1. file 1 has the following codes:

import Pandas as pd
x = input (x)
z = input (y)
y = x + z

if y == 8:
    fileB() 
# Call or run file 2
# ::::::::::::::::::::::::::::::::::::::::::::::::::::
# file B has the following codes:
# x and y are from file 1
a = x + y     
c = a + z
print (c)
Question: I want to import file 2 into 1 and run file 1

# I have tried to use the following:

# into file 1
from  fileB import* 

# and also from fileA import* #
# into file B so I can use some variables in file 1.

# But I get errors as name x and y are not defined for file2
SimonCiolkowski-avatar
SimonCiolkowski 17 days ago
SimonCiolkowski has registered
Focus: Security - User group: Manager.
PackElend-avatar
PackElend 18 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
I would like to finish it with marking all up in copies of the the referenced pictures.
should happen tomorrow still work in progress there has been to much to do today
Ultramatic-avatar
Ultramatic 18 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
If that's all, please mark this thread as solved. Thanks.
alvena43-avatar
alvena43 18 days ago
alvena43 has registered
Focus: Design/Media - User group: Developer.
rahuljain-avatar
rahuljain 19 days ago
rahuljain has registered
Focus: Development - User group: Developer.
Ultramatic-avatar
Ultramatic 19 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
Zitat von @PackElend:
Before it hits the VLAN interface it is going to be decapsulated (VLAN tag removed)?

Yes. The first image shows it clearly. Traffic is assigned to the logical interface inside
the router (vlanX) after decapsulation.
Ultramatic-avatar
Ultramatic 19 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
Zitat von @PackElend:
Before it hits the VLAN interface it is going to be decapsulated (VLAN tag removed)?

Yes.
PackElend-avatar
PackElend 20 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
What I expected but only once from VLAN interface to WAN interface, then directly to my ISP.

Before it hits the VLAN interface it is going to be decapsulated (VLAN tag removed)?
Ultramatic-avatar
Ultramatic 20 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
Zitat von @PackElend:
How is the flow for the first package, the one with the state NEW?
As described in the OP?

It's going the "forward" path, because it's not a packet for the router itself ...

678e58e6ad06e245331d8ef0dc181678~2
PackElend-avatar
PackElend 20 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
Thx a lot @Ultramatic, your explanation is likely to be a better explanation than anything out there, simple, short, clear.

I have rules in place and CONNTRACK table settings are default.

How is the flow for the first package, the one with the state NEW?
As described in the OP?
Ultramatic-avatar
Ultramatic 20 days ago
14 comments
Comment in: Packet flow from VLAN Host to www - how often routing decision is made?
If it's a new paket wich cannot be matched by the connection tracking table then routing decision has to be made first, otherwise the packet belongs to an existing connection so it flows through the connection tracking process and is forwarded directly without further evaluation (excluding IPsec decapsualtion which has always to be done of course, also SRCNAT and DSTNAT have their own tables and processing takes place in PREROUTING(DSTNAT) and POSTROUTING(SRCNAT)).
This is called a statefull firewall. All modern firewalls use connection states, so you only have to define rules in one direction, the way back will then be allowed automatically by the connection tracking table.
With Mikrotik you have to setup a statefull firewall by your own rules! So you need to define at least two rules for INPUT and FORWARD chains wich have to evaluate the connection states "established,related, untracked" in their settings.
How long connections can stay open when there is no traffic for a period of time or the connection breaks unexpectedly without normal TCP FIN, can be defined in your firewall setup in the CONNTRACK table settings. Here you can define different settings for TCP, UDP, ICMP and so on.

Regards
PackElend-avatar
PackElend 20 days ago
Question14 commentsSolved
Packet flow from VLAN Host to www - how often routing decision is made?
Hi there,
it has been a while
I'm reviewing my firewall rules and have some hiccups grasping all again.

I asked myself quite a basic question but my mind was filled with other things, so I would like to have a second opinion on it.
How often will a package flow through this before it hits www (or my ISP) if I have VLANs and Bridge
If I combine
routing packet flow diagram scenario vlan
from Manual:Packet Flow - MikroTik Wiki | 4.3 Vlan Untagging/Tagging in the bridge interface and the Routing Packet Flow Diagram from firewall vs nat packet flow - MikroTik
mikrotik_packetflow_routing24
it is only once, isn't it?

Simplified it is:
  • From host to Interface on router (VLAN trunk / tagged port is the physical in)
  • Then Decapsulation takes place
  • Afterwards it goes to the Logical In Interface, the respective VLAN Interface
  • Then, it is forwarded to the physical WAN interface where it leaves the router with any other processing on the router anymore
nimbleappgenie-avatar
nimbleappgenie 21 days ago
nimbleappgenie has registered
Focus: Android/ChromeOS - User group: Administrator.
bartg1999-avatar
bartg1999 22 days ago
bartg1999 has registered
Focus: Internet in general - User group: Marketing.
tiffanymarsh-avatar
tiffanymarsh 24 days ago
tiffanymarsh has registered
Focus: Development - User group: Developer.
BrucklynBoy-avatar
BrucklynBoy 29 days ago
BrucklynBoy has registered
Focus: Development - User group: Developer.
Zolo.N-avatar
Zolo.N 29 days ago
Zolo.N has registered
Focus: Windows server - User group: Administrator.