New hEX

[tehfish]

So I got my shiny new hex today, first off what an amazing little machine!

Set it up, with basically just the default configuration out of the box, got winbox up and running and this thing is blazing, ~50% cpu usage at a combined 1000Mbit throughput (500 each way) using torrents, this is simply amazing.

Did some portforwards which was pretty easy, added some graphs for the fun of it and im pretty happy right now.

It "just works" - All the latency issues I had with the ERL is now completely gone, I can play online with no issues, even when the uplink is maxed out im not seeing any real spikes just a steady higher ping of 3-5ms more than when it is not loaded.

So far, pretty nice little device!

 

[sfx2000]

So far, pretty nice little device!

For many - it's a very nice device...

 

[tehfish]

I am really suprised to be honest, as I have already had the Edgerouter X which should be identical software, but this little mikrotik runs loops around it at what a router should do.

Sure, it might not be as fancy, and have a fancy webui etc but it just works, and its stable as hell which is the most important aspect for me in my router.

 

[ma678]

Does hEx r3 worth $30 more over ER-x? Thanks.

Sent from my SM-G935W8 using Tapatalk

 

[System Error Message]

Does hEx r3 worth $30 more over ER-x? Thanks.

Sent from my SM-G935W8 using Tapatalk

they are essentially the same hardware. Mikrotik is better at being a router, ubiquiti is better at being a linux.

 

[ma678]

I actually need a router to pair with my Asus AC 68U and 56U as APs. Winbox seems to be easily configured. I am leaning towards Mikrotik now.

Sent from my SM-G935W8 using Tapatalk

 

[ma678]

Is its case metal or plastic? Thanks.

Sent from my SM-G935W8 using Tapatalk

 

[ma678]

Bought it on eBay last night. Thanks.

Sent from my SM-G935W8 using Tapatalk

 

[paraplu]

Bought it on eBay last night. Thanks.

Sent from my SM-G935W8 using Tapatalk

Enjoy it. IMHO this is the best IPv4 router on the market, value wise, but only when configured properly.
Let's wait for the review from Tim. I already can see some results in the charts...

 

[ma678]

I received it last night and now I am looking for a good configuration. Tried it last night and could not get it working anyway.

Sent from my SM-G935W8 using Tapatalk

 

[System Error Message]

I received it last night and now I am looking for a good configuration. Tried it last night and could not get it working anyway.

Sent from my SM-G935W8 using Tapatalk

you have to understand networking to get it working, otherwise just copy pasting rules doesnt work. You have to know what you're doing.

 

[paraplu]

I received it last night and now I am looking for a good configuration. Tried it last night and could not get it working anyway.

Sent from my SM-G935W8 using Tapatalk

Could you please elaborate your problem?

 

[ma678]

Could you please elaborate your problem?

After I received the router, I reset its configuration without keeping the default one; however, I was unable to get my 3 AP working. I had to reset to default. After that, everything has been working well.

I use it in a pure home office with 3 AP on each floor. No VPN in or out. I don't have too much network knowledge and so far the default settings look okay. My only concern is its firewall policy is secure enough.

Where can I get a better tutorial for a newbie?

Thanks.

Sent from my SM-G935W8 using Tapatalk

 

[System Error Message]

After I received the router, I reset its configuration without keeping the default one; however, I was unable to get my 3 AP working. I had to reset to default. After that, everything has been working well.

I use it in a pure home office with 3 AP on each floor. No VPN in or out. I don't have too much network knowledge and so far the default settings look okay. My only concern is its firewall policy is secure enough.

Where can I get a better tutorial for a newbie?

Thanks.

Sent from my SM-G935W8 using Tapatalk

you can always ask me, i need to renew my tutorial though.

There is a general purpose ruleset though but it wont work with all configurations due to various different ISP kinds. For example some ISPs just use automatic IP, some use PPPOE and some use VLANs, and some use a combination of various.

The first thing you'll want to do is whitelist your DNS and NTP service, then block input and output to everything else. It takes a bit of thinking to figure out and understand what to block and on which interfaces.

I recommend blocking 255.255.255.255 on WAN for both input and output as thats a broadcast, same with ipv6 equivalent.

 

[paraplu]

The following wiki gives an introduction on routeros security: https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router

 

[ThatITGuy]

you can always ask me, i need to renew my tutorial though.

There is a general purpose ruleset though but it wont work with all configurations due to various different ISP kinds. For example some ISPs just use automatic IP, some use PPPOE and some use VLANs, and some use a combination of various.

The first thing you'll want to do is whitelist your DNS and NTP service, then block input and output to everything else. It takes a bit of thinking to figure out and understand what to block and on which interfaces.

I recommend blocking 255.255.255.255 on WAN for both input and output as thats a broadcast, same with ipv6 equivalent.

Before I start trying to play with this, I want to make sure I understand some things. I will have the router hooked up to the surfboard 6141 cable modem (Comcast internet). From there I will have 2 main splits, one will run upstairs to a wireless access point (converting current wireless router) which will be used by kids pc/phone and the upstairs Roku. Basically anything that gets terrible signal because its on the 2nd floor and my "closet" is in the basement. The other split includes my wired network. This is 2 unmanaged switches (eventually wanted to get 1 managed) spread out across the basement to support all of my devices, plus a wireless AP to support any wireless devices.
I have one of my PCs currently set up as a PLEX Server, that i use to stream to the various tablets and Roku devices throughout the house. My work PC would need to be able to connect using Cisco VPN to our work network.
I am not too concerned with QOS at this point, though with an 11yr old and 14 year old, I do like being able to kill internet after 10PM automatically and control their connectivity (throttling speeds, etc), but that can be manged manually for now. I am sure I will likely try out additional things as I get more comfortable.such as keeping the kids from being able to access the basement network. Currently, it is apparently too tempting for the 14 yr old to not "Airplay" from her phone to the AV Receiver. It being stuck in a closet, I use the receiver app to manage inputs and change settings, so I don't want to unplug it.

Assuming I follow your rules from the Mikrotik configuration post, any watchouts? Anything you can point me to that I need to read and try to understand (and likely ask questions on) due to the things I am trying to do above?

 

[System Error Message]

Before I start trying to play with this, I want to make sure I understand some things. I will have the router hooked up to the surfboard 6141 cable modem (Comcast internet). From there I will have 2 main splits, one will run upstairs to a wireless access point (converting current wireless router) which will be used by kids pc/phone and the upstairs Roku. Basically anything that gets terrible signal because its on the 2nd floor and my "closet" is in the basement. The other split includes my wired network. This is 2 unmanaged switches (eventually wanted to get 1 managed) spread out across the basement to support all of my devices, plus a wireless AP to support any wireless devices.
I have one of my PCs currently set up as a PLEX Server, that i use to stream to the various tablets and Roku devices throughout the house. My work PC would need to be able to connect using Cisco VPN to our work network.
I am not too concerned with QOS at this point, though with an 11yr old and 14 year old, I do like being able to kill internet after 10PM automatically and control their connectivity (throttling speeds, etc), but that can be manged manually for now. I am sure I will likely try out additional things as I get more comfortable.such as keeping the kids from being able to access the basement network. Currently, it is apparently too tempting for the 14 yr old to not "Airplay" from her phone to the AV Receiver. It being stuck in a closet, I use the receiver app to manage inputs and change settings, so I don't want to unplug it.

Assuming I follow your rules from the Mikrotik configuration post, any watchouts? Anything you can point me to that I need to read and try to understand (and likely ask questions on) due to the things I am trying to do above?

You can use the scheduler to enable/disable rules, this can be used to turn off internet or block internet. The best way to do it is to add addresses to a list (and use the not in your forward and NAT rules) or to use layer 2 to block mac (cant be bypassed unless they know how to change the mac address). Incase your kids are smart, you could always turn on hotspot and place an exception for yourself and set hotspot to turn on using the scheduler at a certain time and turn off at a certain time. Make sure not to allow router logins to be used in hotspot.

Regarding the rules i placed in my past posts, i strongly suggest you ignore the forward drops because its way too sensitive (even blocks google and facebook).

 

[thiggins]

Product review posted. Discussion thread is here.