Mikrotik Vlan network with DMZ

Example network with DMZ part, using VLANs and trunks.
Tested in my network, but not my current setup.

VLAN 10 – Homenetwork
VLAN 128 – MGT

Modem : fritzbox, is dhcp server for network
CRS: is dhcp server for wlan, home network, management, Also a firewall with NAT is configured here. ( No block examples below, only NAT )
RB: (Routerboard 2011) has no IPs except for a management IP (not in config below)
Server and Reverse proxy are in the network.
(dhcp requests in a dmz vlan (3) get their IP from the modem DHCP pool.

Example ip’s server and PC

server: gets dhcp from modem, gateway DNS
PC: gets dhcp from CRS, gateway DNS

Config CRS

# feb/04/2023 14:55:22 by RouterOS 6.49.5
# software id = xxxx-xxxx
# model = CRS125-24G-1S
# serial number = xxxxxxxxxxxx
/interface bridge
add admin-mac=4C:5E:0C:xx:xx:xx auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=trunk
set [ find default-name=ether3 ] comment=trunk
set [ find default-name=ether9 ] comment=vlan3
set [ find default-name=ether10 ] comment=vlan10
set [ find default-name=ether24 ] comment="MGMT - untagged"
/interface vlan
add interface=bridge name=vlan3 vlan-id=3
add interface=bridge name=vlan10 vlan-id=10
add interface=bridge name=vlan128 vlan-id=128
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=vlan128-pool ranges=
add name=vlan10-pool ranges=
/ip dhcp-server
add address-pool=vlan128-pool disabled=no interface=vlan128 name=mgt-dhcp
add address-pool=vlan10-pool disabled=no interface=vlan10 name=gen-dhcp
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=yes interface=ether1
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether2
add bridge=bridge comment=defconf ingress-filtering=yes interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp1
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether2,ether3,switch1-cpu vlan-id=128
add tagged-ports=ether2,ether3,switch1-cpu vlan-id=10
add tagged-ports=ether2,ether3,switch1-cpu vlan-id=3
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=128 ports=ether2,ether3,ether24
add customer-vid=0 new-customer-vid=3 ports=ether1,ether2,ether3,ether9
add customer-vid=0 new-customer-vid=10 ports=ether10,ether2,ether3
/interface ethernet switch vlan
add ports=ether2,ether3,ether24,switch1-cpu vlan-id=128
add ports=ether2,ether3,ether10,switch1-cpu vlan-id=10
add ports=ether1,ether2,ether3,ether9,switch1-cpu vlan-id=3
/interface list member
add interface=ether1 list=WAN
add interface=bridge list=LAN
/ip address
add address= comment=defconf interface=vlan3 network=
add address= interface=vlan128 network=
add address= interface=vlan10 network=
/ip dhcp-server network
add address= dns-server= gateway=
add address= dns-server= gateway=
add address= gateway= netmask=24
/ip dns
set servers=
/ip firewall nat
add action=masquerade chain=srcnat src-address=
add action=masquerade chain=srcnat src-address= src-address-list=""
/ip route
add distance=1 gateway=
/ip service
set telnet disabled=yes
set ftp disabled=yes
set time-interval=hour
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=crs125
/system ntp client
set enabled=yes primary-ntp= secondary-ntp=

RB2011 config

# software id = xxxx-xxxx
# model = 2011iL
# serial number = xxxxxxxxxxxx
/interface bridge
add name=bridge1
/interface ethernet switch port
set 1 vlan-header=add-if-missing vlan-mode=secure
set 2 default-vlan-id=3 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=128 vlan-header=always-strip vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface ethernet switch vlan
add independent-learning=yes ports=ether2,ether3 switch=switch1 vlan-id=3
add independent-learning=yes ports=ether2,ether4 switch=switch1 vlan-id=10
add independent-learning=yes ports=ether2,ether5 switch=switch1 vlan-id=128

Eleanor Plunkett for Harp

History about this tune:


Arranging this tune for a duet. (Imgard and myself)

This is a work in progress

I’m using Musescore for this typesetting

A Nelly an chuil chraobhaigh
Is a shuil ar dhaith an fheir ghlais
Ag eirghe dhon la,
O! nach breag dham so a radh,
’S gur [tu] do shliocht na bhfear eifeacht
O Ardmacha breige,
Fuair sar-chlu o Ghaodhalaidh
Le trean-neart a lamh.

O Nelly of the back of the wood
With her eye the color of the green grass
Waking with the day,
O what a lie it is of me to say,
And you with your family from a man of import (?)
O lying Ard Macha,
(Nelly? The man? Ard Macha?) Won great fame from relations
With strength of hand

Old and new computer games

Only the ones i’ve played recently or having good memories playing it.
Only noteworthy games

Pyramid Mummy pharaoh thingy ??? One of the first games i remember.
(Besides Pong on a “pong-only” system)

I’ve played a Mummy game in Black/White on a XZ81 or ZX Spectrum, one of the first Computers i had access to. (Richard)
But i can´t find/remember the name.

The Sentinel (1986)



In The Sentinel, the player takes the role of a Synthoid, a telepathic robot who has to take control of a number of surreal, checkered landscapes of hills and valleys, by climbing from the lowest spot, where the hunt begins, to the highest platform, over which the Sentinel looms.

The Synthoid itself cannot move across the level; instead it can look around, accumulate energy by absorbing the objects that are scattered across the landscape, create stacks of boulders, generate inert Synthoid shells and transfer its consciousness from one of these clones to another.

Kings Quest II? (1985)

Played this with my friend Richard on his Atari ST

Few years later, same kind of Game Engine:

Leisure suit larry in the land of the lounge lizards

The Myst series (1993-)


The player races a vehicle against several other computers controlled competitors in various settings, including city, mine, and industrial areas. The player has a certain amount of time to complete each race, but more time may be gained by collecting bonuses, damaging the competitors’ cars, or by running over pedestrians. Unusually for a racing game, checkpoints do not extend the time limit.

7th Guest

The 7th Guest is an interactive movie puzzle adventure game, produced by Trilobyte and originally released by Virgin Interactive Entertainment in April 1993. It is one of the first computer video games to be released only on CD-ROM. The 7th Guest is a horror story told from the unfolding perspective of the player, as an amnesiac. The game received a great amount of press attention for making live action video clips a core part of its gameplay, for its unprecedented amount of pre-rendered 3D graphics, and for its adult content. In addition, the game was very successful, with over two million copies sold. It, alongside Myst, is widely regarded as a killer app that accelerated the sales of CD-ROM drives.

DOOM and Quake

Many many hours i’ve spend playing doom with Mandy on my first network (1995?)
Quake was my Graphics Card Checker, i never made it to level two!


Shadow of the Beast, Super Frog ,The Sentinel, Game of Thrones and Dr Mario

And dual player Stunt Car Racer. We played this before there were networks, using a serial cable!

Simulators and more

I used to have Microsoft Flightsim (the old version) , but my main operating system is Linux so i switched to XPlane (Windows, linux and Mac) See other posts about Flightsims

VR games

We bought VR glasses.
Besides viewing movies in 3D, playing with Blender in 3D, Xplane flightsimulator there are some games i sometimes play.

I expect you to die, WWI Warplanes, Green Hell and Mass Exodus Redux. The last one is great fun together with a PC player.

Android games

Tried several games, non stuck.
I enjoyed “SpaceTeam” the most.
Current (dorment on my phone) : Mekorama, BinaryGrid2 (Yes Nerd), Dice me and 2 Player Reactor (those last two, for playing with friends while traveling)

Arcade games

I only knew Galaga, on a table version in Germany (We played there with the Concord Pipe Band)
The other one was
Hyper Olympics by Konami ( Snackbar “Lunch” when attending school LTS Deventer )

PC Games (Recent)

Uboot, Xplane Flightsimulator,Keep talking and nobody explodes

Switch Games (Recent)

Limbo, Unravel Two, Death Squared,Machinarium,Degrees of Separation, Guacamelee 2
Mostly Co-op

Sidetrack … pinball

I really like the Terminator pinball game.
There is one in Zwolle at https://computermuseum.nl/
(This one i played when i was a soldier in 1992)
I have some test setups for Virtual Pinballs, but its not the same.

“Recent” old Skool games


1942 – https://en.wikipedia.org/wiki/1942_(video_game)

Metal Slug series – https://en.wikipedia.org/wiki/Metal_Slug_2

Escape case work in progress

Making a frame in a aluminum case, using rivets and nut rivets.

The nut rivet tool (suggestion by Duncan) is a superb addition in my tool shed!

There is place for 4 modules in this “test” case. I need to move the holes for the rivet-nuts, because the modules should go in every position.
(Also 4 rounded corners)

Module example https://www.henriaanstoot.nl/2022/12/20/connect-the-wires-puzzle/


Alumium squares instead of these wooden temporary pieces.
Making a buildin power connector like this.
Think of something to place in the lid!

Mobile Raspberry Access Point with Mqtt and a display

Install Bullseye on a SDCard

Enable wifi country code using raspi-conf
(While you at it, enable I2C for the display

Install and configure an Access Point

# As root
apt update
apt upgrade
apt install hostapd
apt install dnsmasq
systemctl stop hostapd
systemctl stop dnsmasq

cat <<EOF > /etc/hostapd/hostapd.conf

cat <<EOF >> /etc/dnsmasq.conf

cat <<EOF >> /etc/dhcpcd.conf
interface wlan0
nohook wpa_supplicant
static ip_address=
static routers=
static domain_name_servers=

sed -i s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g /etc/sysctl.conf

mkdir /etc/nftables
cat <<EOF > /etc/nftables/nft-stat-ap.nft
flush ruleset

table inet ap {
        chain routethrough {
                type nat hook postrouting priority filter; policy accept;
                oifname "eth0" masquerade

        chain fward {
                type filter hook forward priority filter; policy accept;
                iifname "eth0" oifname "wlan0" ct state established,related accept
                iifname "wlan0" oifname "eth0" accept

chmod +x /etc/nftables/nft-stat-ap.nft
cat /etc/nftables.conf | grep nft-stat-ap.nft || echo 'include "/etc/nftables/nft-stat-ap.nft"' >> /etc/nftables.conf

systemctl unmask hostapd
systemctl enable hostapd
systemctl enable nftables


Blender rigging

Last week i’ve been learning about rigging in blender.
Before that i’ve learned about bumpmapping .. cool stuff


Below is a little shorthand/lab notes/screenshot dump, there are far better tutorials on the interwebs!

First add Rigify Addon

Get a model in T pose, and add armature.
(Not my model, just used for demo purposes)

Kodi push pictures/directory from website

For a new project i’m using parts of my Photo Manager.

UPDATE: Random photo push from directory in one script.

I will post the Minimal code for the following:

  • Caching thumbnail generation
  • Drag and drop image for displaying on a kodi instance
  • Button to start slideshow of a directory
  • Open image in browser with obfuscated image url (not shown in movie)
  • Stop image playing

Json RPC used:

# Playing a single file
curl -H "content-type:application/json" -i -X POST -d '{"jsonrpc":"2.0","id":1,"method":"Player.Open","params":{"item":{"file":"'.$dir2.'"}}}' http://KODI-IP:8080/jsonrpc &';

# Playing a directory
curl -H "content-type:application/json" -i -X POST -d '{"jsonrpc":"2.0","id":1,"method":"Player.Open","params":{"item":{"directory":"/path/'.$dir.'"}}}' http://KODI-IP:8080/jsonrpc &';

# Stop playing (i'm stopping player 1 and 2) You can query which player is active, this works also 
curl -H "content-type:application/json" -i -X POST -d '{"jsonrpc": "2.0", "method": "Player.Stop", "params": { "playerid": 1 }, "id": 1}'';
Kodi enable http control and disable authentication (if you want to use authentication, change the curl commands accordingly)

Below the multiple PHP files, i’ve removed a lot of code specific for my manager.

By the way, I love this trick:

header("HTTP/1.1 204 NO CONTENT");

I’ve you put this in the top of your php script which is linked from the first page, you won’t open this link in your browser, but it gets executed nevertheless!

<!DOCTYPE html>

<div id="dropbox">Drop Image</div><br>
<a href="playpush.php?dir=TEMP/Sake">playdir</a> 
<a href="stoppush.php">stop</a> 

# Here i have a generated part to list my photoalbum photos in this format

<a href='getimg.php?imagepath=/mnt/fileserver/TEMP/1.jpg'><img src='getimg2.php?imagepath=/mnt/fileserver/TEMP/1.jpg' width=300 title='1.jpg'></a>
<a href='getimg.php?imagepath=/mnt/fileserver/TEMP/2.jpg'><img src='getimg2.php?imagepath=/mnt/fileserver/TEMP/2.jpg' width=300 title='2.jpg'></a>

getimg.php - Displays photo in browser (forgotten in movie)
Header("Content-Type: image/jpeg"); 
$file = $_GET['imagepath'];
$file = str_replace("%20", "\ ", $file);
$file = str_replace("(", "\(", $file);
$file = str_replace(")", "\)", $file);
$log =  'imggetlog';
file_put_contents($log, $file, FILE_APPEND);
file_put_contents($log, "\n\r", FILE_APPEND);
header('Content-Length: ' . filesize($file));

getimg2.php - makes a caching thumbnail 
/long/image/path/to/photo.jpg -> cachedir/longimagepathtophoto.jpg
Header("Content-Type: image/jpeg"); 
$file = $_GET['imagepath'];
$file = str_replace("%28", "\(", $file);
$file = str_replace("%29", "\)", $file);
$file = str_replace("%20", "\ ", $file);

$cachename = str_replace("/", "", $file);
$cachename = str_replace(" ", "", $cachename);
$cachename = "cachedir/$cachename";
$log =  'imggetlog';
file_put_contents($log, $file, FILE_APPEND);
file_put_contents($log, "\n\r", FILE_APPEND);
if (!file_exists("$cachename")) {

exec("convert -resize 300x300 \"$file\" \"$cachename\"");
header('Content-Length: ' . filesize("$cachename"));

playpush.php - Pushes DIRECTORY play to Kodi
header("HTTP/1.1 204 NO CONTENT");

header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP 1.1.
header("Pragma: no-cache"); // HTTP 1.0.
header("Expires: 0"); // Proxies.


$command='nohup curl -H "content-type:application/json" -i -X POST -d \'{"jsonrpc":"2.0","id":1,"method":"Player.Open","params":{"item":{"directory":"/mnt/fileserver/'.$dir.'"}}}\' http://IPKODI:8080/jso
nrpc &';
exec($command, $output, $retval);

stoppush.php - stops displaying
header("HTTP/1.1 204 NO CONTENT");

header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP 1.1.
header("Pragma: no-cache"); // HTTP 1.0.
header("Expires: 0"); // Proxies.

$command='curl -H "content-type:application/json" -i -X POST -d \'{"jsonrpc": "2.0", "method": "Player.Stop", "params": { "playerid": 1 }, "id": 1}\' http://IPKODI:8080/jsonrpc';
exec($command, $output, $retval);
$command='curl -H "content-type:application/json" -i -X POST -d \'{"jsonrpc": "2.0", "method": "Player.Stop", "params": { "playerid": 2 }, "id": 1}\' http://IPKODI:8080/jsonrpc';
exec($command, $output, $retval);
function getAllElementsWith(tag, attribute, value)
  var matchingElements = [];
  var allElements = document.getElementsByTagName(tag);
  for (var i = 0; i < allElements.length; i++)
    if (value.indexOf(allElements[i].getAttribute(attribute)) != -1)
      // Element exists with attribute. Add to array.
  return matchingElements;

// onDrop
function onDrop(evt) {
    var imageUrl = evt.dataTransfer.getData("URL");
    var links = getAllElementsWith("a", "href", imageUrl);
    var image;
     console.log(links, evt);
        image = links[0].getElementsByTagName("img");
            imageUrl = image[0].getAttribute("src");
            imageUrl = "#no-image";
///    alert(imageUrl);
var res = imageUrl.replace(/getimg/, "pushplay2");

location.href = (res);


// onDragOver
function onDragOver(evt){

var dropbox = document.getElementById('dropbox');
dropbox.addEventListener('drop', onDrop);
dropbox.addEventListener("dragover", onDragOver, false);

Random picture push

file=$(find /mnt/fileserver/examples -type f  | shuf | head -1)
curl --user user:pass  -H "content-type:application/json" -i -X POST --data "${post_data}" http://KODI-IP:8080/jsonrpc

Below a example of what your can do with the code above

Quick previewing negatives using OBS

I’m using a camlink to connect a Nikon camera to my PC, but you could use your webcam also for this trick.

Now i can activate the full screen projector in OBS to preview and sort the negatives on a big screen. (right click on you preview screen)

When connecting a camera to OBS you initially have a “negative” image.

Below trick inverts your image, after that you can use your camera controls or OBS colour correction filter to adjust.

I’m using gimp to invert the LUT png image, but most image editors can invert an image.

A LUTs is a LookUp Table. Color presets/filters for adjusting the image.

Hardcore method .. command line

convert input.png -channel RGB -negate invert.png


See also

Potmeter needs some tweaking

New code

#include <Keypad.h>
int buzzer=9;
int lastsensorread;
int prevkey;
int push=450;
int pull=550;

const byte ROWS = 8; //four rows
const byte COLS = 3; //three columns
char keys[ROWS][COLS] = {
byte rowPins[ROWS] = {5, 6, 7, 8, 10, 11, 12, 13}; //connect to the row pinouts of the keypad
byte colPins[COLS] = {2, 3, 4 }; //connect to the column pinouts of the keypad

Keypad keypad = Keypad( makeKeymap(keys), rowPins, colPins, ROWS, COLS );

void setup(){

void loop(){
  char key = keypad.getKey();
//  if (key == NO_KEY){
 //   key = prevkey;
   //   }
 // if (key != NO_KEY){
    int freq = 0;
    int sensorValue = analogRead(A0);
    //sensorValue = ((sensorValue+4)/5)*5;

    if (sensorValue > push && sensorValue < pull   ) {
    // Serial.println("No pull or push");
    else if (key == NO_KEY){
      switch (keypad.getState()){
            case RELEASED:
    if (key == '1' && sensorValue < push ) { tone(buzzer,415); }; // G push
    if (key == '1' && sensorValue > pull ) { tone(buzzer,466); }; // A pull
    if (key == '2' && sensorValue < push ) { tone(buzzer,392); }; // G push
    if (key == '2' && sensorValue > pull ) { tone(buzzer,440); }; // A pull
    if (key == '3' && sensorValue < push ) { tone(buzzer,587); }; // G push
    if (key == '3' && sensorValue > pull ) { tone(buzzer,659); }; // A pull
    if (key == '4' && sensorValue < push ) { tone(buzzer,440); };
    if (key == '4' && sensorValue > pull ) { tone(buzzer,392); };
    if (key == '5' && sensorValue < push ) { tone(buzzer,329); };
    if (key == '5' && sensorValue > pull ) { tone(buzzer,349); };
    if (key == '6' && sensorValue < push ) { tone(buzzer,493); };
    if (key == '6' && sensorValue > pull ) { tone(buzzer,523); };
      //8l f/e
    if (key == '8' && sensorValue < push ) { tone(buzzer,261); };
    if (key == '8' && sensorValue > pull ) { tone(buzzer,587); };

    if (key == 'A' && sensorValue < push ) { tone(buzzer,783); };
    if (key == 'A' && sensorValue > pull ) { tone(buzzer,739); };
    if (key == 'B' && sensorValue < push ) { tone(buzzer,523); };
    if (key == 'B' && sensorValue > pull ) { tone(buzzer,493); };

    if (key == 'D' && sensorValue < push ) { tone(buzzer,987); };
    if (key == 'D' && sensorValue > pull ) { tone(buzzer,880); };
    if (key == 'E' && sensorValue < push ) { tone(buzzer,659); };
    if (key == 'E' && sensorValue > pull ) { tone(buzzer,587); };

    if (key == 'H' && sensorValue < push ) { tone(buzzer,783); };
    if (key == 'H' && sensorValue > pull ) { tone(buzzer,698); };
 //   lastsensorread = sensorValue;
    prevkey = key;
 // }

Wanted to make a mini Sid Player, and failed

I’ve got an old Speaker Phat, and a Raspberry Zero

An audio add-on board for Raspberry ( same size as the Zero )

My initial idea was to have the “High Voltage Sid Collection” (Downloaded the 55000 pack)
On a mini device, battery operated and with a little keypad.

On the keypad i can select the Sidtune to play, or pressing
A and a number the Sids from a certain artist.

The display gives you information about the tune being played.
( The display has an I2C hat to convert 8bits to I2C )

See pinout phat above.
I’ve got three choices for I2C connection (green/blue to the Phat)

  • Direct connect and use different addresses
  • Use a I2C hub and different addresses
  • Define a secondary I2C on the raspberry

So I made the first test setup …

Underrun occurred .. So back to the drawingboard.
I probably need a better Audio Hat.
First to try .. Zero fast enough for sidplay2?
Maybe audio over hdmi works??

"If something is worth doing, it's worth overdoing."