Community discussions

MikroTik App

Search found 315 matches

  • 1
  • 2
by mixig
Tue Dec 05, 2023 9:10 pm
Forum: Forwarding Protocols
Topic: IP/PBX YEASTER WITH RB2011 SIP CONNECTIONS
Replies: 4
Views: 1573

Re: IP/PBX YEASTER WITH RB2011 SIP CONNECTIONS

Invite from outside should come with public IP not private IP of mikrotik.

Can you put mikrotik config here?
by mixig
Wed Nov 22, 2023 7:52 pm
Forum: Forwarding Protocols
Topic: Only one active route from BGP
Replies: 1
Views: 987

Re: Only one active route from BGP

Still nothing, no bgp multipath... Yet

viewtopic.php?t=181007
by mixig
Tue Oct 11, 2022 6:08 pm
Forum: Forwarding Protocols
Topic: BGP 2+ Million Routes [SOLVED]
Replies: 3
Views: 2079

Re: BGP 2+ Million Routes [SOLVED]

You need to go with default route only, if you have only one bgp peer to your upstream provider.
And yes full internet routing table is less then 1 milion prefixes
by mixig
Thu Jul 21, 2022 6:53 pm
Forum: Beginner Basics
Topic: SXT LTE IP Passthrough
Replies: 4
Views: 1390

Re: SXT LTE IP Passthrough

100% your provider is giving you a private IP (NAT OR CGNAT).
Same will be if you are not using Passthrough.
by mixig
Thu Jul 21, 2022 2:27 pm
Forum: Forwarding Protocols
Topic: OSPF over L2TP not discovering routes [SOLVED]
Replies: 2
Views: 2023

Re: OSPF over L2TP not discovering routes [SOLVED]

Ospf is not establish, need to be in "FULL" state, in your case it is in "2-way" state.
by mixig
Sun May 29, 2022 1:44 pm
Forum: General
Topic: DSCP TOS - Unable to mark
Replies: 7
Views: 1398

Re: DSCP TOS - Unable to mark

Provide full config: ip firewall mangle export
by mixig
Thu Apr 28, 2022 6:29 pm
Forum: RouterBOARD hardware
Topic: LACP CCR2004 - Huawei Switch not working
Replies: 4
Views: 2380

Re: LACP CCR2004 - Huawei Switch not working

I know it is not same issue but you can try, who knows maybe will work...

What's new in 7.3beta37 (2022-Apr-25 15:29):

*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
by mixig
Sat Apr 09, 2022 4:40 pm
Forum: Forwarding Protocols
Topic: Can`t open connection to L2tp server via port forwarding
Replies: 3
Views: 2534

Re: Can`t open connection to L2tp server via port forwarding

To allow L2TP w/ IPSec traffic, open UDP ports 500, 1701 & 4500
by mixig
Sat Apr 09, 2022 4:38 pm
Forum: Forwarding Protocols
Topic: Menu Item: /Routing/table missing
Replies: 2
Views: 1425

Re: Menu Item: /Routing/table missing

That help page is for ROS v7. Use old wiki for v6.
by mixig
Sat Jan 15, 2022 7:29 pm
Forum: The Dude
Topic: Dude for 7.1?
Replies: 42
Views: 42820

Re: Dude for 7.1?

Waiting and use v6 dude, even when dude v7 will be available i will usw v6 fir few weeks / months
by mixig
Mon Jan 03, 2022 10:25 am
Forum: RouterBOARD hardware
Topic: Product Request: 48 port SFP switch
Replies: 8
Views: 6127

Re: Product Request: 48 port SFP switch

+1!
by mixig
Mon Dec 27, 2021 4:40 pm
Forum: Forwarding Protocols
Topic: Fault finding OSPF adjacency uptime
Replies: 7
Views: 4205

Re: Fault finding OSPF adjacency uptime

ROS version?
by mixig
Fri Dec 10, 2021 6:42 pm
Forum: RouterBOARD hardware
Topic: My heX S can't power up Unifi 6 Lite [SOLVED]
Replies: 12
Views: 7830

Re: My heX S can't power up Unifi 6 Lite [SOLVED]

I always use 48V adapter for that ourpise, with that I have remote control and ability to shut down port or turn off/on poe if something is wrong with the AP.
With PoE adapter you cant do anything
by mixig
Wed Dec 08, 2021 12:49 am
Forum: RouterBOARD hardware
Topic: Is the hEX reset button always expected to work?
Replies: 4
Views: 4373

Re: Is the hEX reset button always expected to work?

Just try few times, and you will get default config 😀
by mixig
Wed Dec 08, 2021 12:36 am
Forum: General
Topic: Scheduler error [SOLVED]
Replies: 2
Views: 5094

Re: Scheduler error [SOLVED]

Which ROS version do you have?
Maybe it is related with this https://help.mikrotik.com/docs/pages/vi ... evice-mode
by mixig
Wed Dec 08, 2021 12:31 am
Forum: RouterOS beta
Topic: OSPF not working on RouterOS v7.1 between 2 routers
Replies: 4
Views: 7769

Re: OSPF not working on RouterOS v7.1 between 2 routers

ExStart state; in most cases is if different MTU is on the link between routers.
Is there anything in the log?
by mixig
Wed Dec 08, 2021 12:07 am
Forum: SwOS
Topic: New CRS312-4C+8XG-RM Wont Forward DHCP Requests
Replies: 1
Views: 6066

Re: New CRS312-4C+8XG-RM Wont Forward DHCP Requests

Leave default vlan id 1, apply config and test again
by mixig
Tue Dec 07, 2021 11:44 pm
Forum: SwOS
Topic: Configure CSS326-24G-2S+RM
Replies: 2
Views: 5798

Re: Configure CSS326-24G-2S+RM

by mixig
Fri Dec 03, 2021 5:12 pm
Forum: General
Topic: RouterOS Port Security Sticky [SOLVED]
Replies: 6
Views: 2936

Re: RouterOS Port Security Sticky [SOLVED]

It is not supported!
by mixig
Sun Oct 10, 2021 10:05 am
Forum: RouterBOARD hardware
Topic: change from cisco to mikrotik
Replies: 11
Views: 3350

Re: change from cisco to mikrotik

You need to use 48V adapter, not standard 24V which is delivered with hex devices.
by mixig
Tue Oct 05, 2021 2:55 am
Forum: General
Topic: No audio on sip calls over VPN
Replies: 8
Views: 2672

Re: No audio on sip calls over VPN

I assume that maybe some routes are missing in VPN.
If you are using VPN than no NAT is needed if everything is configured properly.
Wireshark dump will tell you more...
by mixig
Fri Oct 01, 2021 10:44 pm
Forum: Wireless Networking
Topic: Mini WISP-like Deployment
Replies: 8
Views: 2481

Re: Mini WISP-like Deployment

Maybe Cambium APs?
by mixig
Sun Aug 15, 2021 10:54 pm
Forum: Wireless Networking
Topic: SXT vs LHG
Replies: 1
Views: 1379

Re: SXT vs LHG

by mixig
Sun Jun 27, 2021 4:16 pm
Forum: RouterBOARD hardware
Topic: RB4011 10G SFP Module Question
Replies: 3
Views: 1936

Re: RB4011 10G SFP Module Question

Post your current config.
/export hide-sensitive file=anynameyouwish
by mixig
Tue May 18, 2021 8:52 am
Forum: RouterBOARD hardware
Topic: Outdoor ap's for public hotspot, wAPac?
Replies: 3
Views: 1312

Re: Outdoor ap's for public hotspot, wAPac?

We are doing all public wifi with cambium and we are very happy with them, specially with poe out on eth2 where we can power up another ap when there is one utp cable outside
by mixig
Fri Mar 05, 2021 10:15 pm
Forum: RouterBOARD hardware
Topic: Is the hEX reset button always expected to work?
Replies: 4
Views: 4373

Re: Is the hEX reset button always expected to work?

Hold this button before applying power then power the mik and wait flashing leds
by mixig
Sat Feb 20, 2021 6:48 am
Forum: Wireless Networking
Topic: PTP 1Gbps
Replies: 2
Views: 1065

Re: PTP 1Gbps

by mixig
Fri Feb 19, 2021 10:39 pm
Forum: Wireless Networking
Topic: PTP 1Gbps
Replies: 2
Views: 1065

PTP 1Gbps

Hi,

2 ptp links, each link has distance up to 300m, what devices to use (60ghz)
by mixig
Tue Feb 09, 2021 9:57 am
Forum: RouterBOARD hardware
Topic: "fcs error on link", every day
Replies: 10
Views: 9044

Re: "fcs error on link", every day

Dont have any info which otdr, we always outsource company which is doing passive part (utp, fiber, etc.) 😁
by mixig
Mon Feb 08, 2021 12:32 pm
Forum: RouterBOARD hardware
Topic: "fcs error on link", every day
Replies: 10
Views: 9044

Re: "fcs error on link", every day

How long is the distance between that two devices?
If distance is less than 10km then i would replace sfp modules.
Also can you check fiber with otdr or any similar equipment?
by mixig
Sun Jan 31, 2021 6:22 pm
Forum: General
Topic: hardware offload (HW) hap ac Lile?
Replies: 5
Views: 1238

Re: hardware offload (HW) hap ac Lile?

Only one bridge can be hw
by mixig
Sun Jan 31, 2021 6:15 pm
Forum: Beginner Basics
Topic: Looking for new Switch (Parameters Below)
Replies: 2
Views: 611

Re: Looking for new Switch (Parameters Below)

As you can see there is no 16 port model.
You will need to use 24 port model.
https://mikrotik.com/products/group/switches
by mixig
Fri Jan 22, 2021 2:09 pm
Forum: Forwarding Protocols
Topic: Ospf number of routes
Replies: 0
Views: 871

Ospf number of routes

Hi,
from your experience can mikrotik handle 6000+ routes in routing table learned through ospf?
Few ccr 1016 and one or two core router ccr 1072.
Each of them will have up to 20 fw rules and mpls enabled.

Thx
by mixig
Fri Jan 22, 2021 1:07 pm
Forum: RouterBOARD hardware
Topic: unavailability in Europe LHGac and DISCac
Replies: 9
Views: 2082

Re: unavailability in Europe LHGac and DISCac

Dear Mr. Normis, please get your company in order. This doesn't look professional at all, I'm sorry.
+1
by mixig
Wed Jan 06, 2021 3:44 pm
Forum: RouterBOARD hardware
Topic: Cube Lite60 - PtP [SOLVED]
Replies: 3
Views: 1514

Re: Cube Lite60 - PtP [SOLVED]

Cube Lite60 is designed to be less visible than a traditional dish CPE, but make no mistake – it’s still a real powerhouse. The effective point-to-point distance between Cube Lite60 units is up to 800 meters, point-to-multipoint – up to 500 meters.
by mixig
Mon Dec 07, 2020 3:04 pm
Forum: Forwarding Protocols
Topic: Local ISP FTTH advice
Replies: 0
Views: 1055

Local ISP FTTH advice

Hi there, I am here to ask you for opinion based on previous experience regarding local ISP, i am not asking how to configure or something similar... There will be project for local regions, only internet access for now (one of the region is the owner of the project). What I know for now there will ...
by mixig
Sun Aug 30, 2020 10:16 pm
Forum: RouterBOARD hardware
Topic: 16 port short depth PoE switch
Replies: 9
Views: 2148

Re: 16 port short depth PoE switch

+1!
by mixig
Sat Aug 01, 2020 7:14 pm
Forum: RouterBOARD hardware
Topic: HEX POE problem
Replies: 8
Views: 3361

Re: HEX POE problem

mAp need 802.3 af to be powered up, so with that you need 48V adapter on hex side.
Ltap as mentioned in post reply, need 12-30V and can be powered with default hex adapter which is 24V oassive PoE.

So no RMA, you need to change adapter on hex side
by mixig
Fri Jun 19, 2020 4:26 pm
Forum: General
Topic: RB4011 powered via POE
Replies: 10
Views: 2983

Re: RB4011 powered via POE

Only if that linksys switch supports 24V passive poe, 4011 cant be powered with 802.3af/at
by mixig
Fri Jun 05, 2020 1:50 am
Forum: Beginner Basics
Topic: Web and Content Filtering
Replies: 3
Views: 2002

Re: Web and Content Filtering

By buying UTM/NGFW product
by mixig
Sun May 31, 2020 2:27 pm
Forum: RouterBOARD hardware
Topic: 48 sfp port switch
Replies: 1
Views: 1048

48 sfp port switch

Are there any indications for a 48 sfp port switch in the near future?
by mixig
Wed Apr 29, 2020 7:38 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 90
Views: 122487

Re: hardware idea for a multiport switch

Almost year and a half from the first post in this topic... Is there any news about multiport switch, maybe something like old Cisco 6500? With modular slots? 😁
by mixig
Thu Apr 09, 2020 9:30 pm
Forum: RouterBOARD hardware
Topic: Cable suggestions
Replies: 2
Views: 2335

Re: Cable suggestions

We are using only UBNT Tough Cable TC-Pro Level 1 FTP Cat5e outdoor.
Sea, solt, wind, it simply lasts...
by mixig
Mon Mar 23, 2020 11:39 pm
Forum: RouterBOARD hardware
Topic: Request for compact cooper 3xx series switch
Replies: 4
Views: 3460

Re: Request for compact cooper 3xx series switch

+1
++1 for PoE version
by mixig
Thu Feb 20, 2020 10:16 pm
Forum: RouterBOARD hardware
Topic: interface warning fcs error on link
Replies: 1
Views: 2831

Re: interface warning fcs error on link

Replace sfp modules on both sides
by mixig
Thu Jan 30, 2020 8:16 pm
Forum: RouterOS beta
Topic: new feature request MLAG!!!
Replies: 33
Views: 16957

Re: new feature request MLAG!!!

+ 1
by mixig
Wed Dec 11, 2019 6:17 pm
Forum: Beginner Basics
Topic: CRS326 InterVLAN Routing by Bridge
Replies: 9
Views: 2870

Re: CRS326 InterVLAN Routing by Bridge

Do you have any firewall rules? When pinging DEVICE from CRS it's output chain, when pinging DEVICE from PC it's forward chain.
Also can you ping from PC ip address of CRS from vlan 10, 192.168.10.1 (input chain).
by mixig
Sat Oct 19, 2019 3:37 pm
Forum: Forwarding Protocols
Topic: VOIP Fritzbox -> Mikrotik does not work, NAT and Firwall rules
Replies: 2
Views: 2911

Re: VOIP Fritzbox -> Mikrotik does not work, NAT and Firwall rules

Can fritzbox do a routing, if yes then there is no need to use NAT. Also if you test with wireshark on MKT side (where phone is pluged) I believe you would see in SIP mesages that IP for sending RTP is wrong (signaling is passing fine but NAT breaks/change attributes in SIP signaling messages).
by mixig
Sun Jun 16, 2019 3:36 pm
Forum: General
Topic: CRS317 dead?
Replies: 1
Views: 816

Re: CRS317 dead?

Try netinstall...
by mixig
Fri Jun 07, 2019 7:05 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 291
Views: 421885

Re: Using RouterOS to VLAN your network

This is great but I have one question regarding this topic (exapmle is from wiki): Add the bridge ports and specify PVID for each access port: /interface bridge port add bridge=bridge1 interface=ether1 add bridge=bridge1 interface=ether2 pvid=20 add bridge=bridge1 interface=ether3 pvid=30 Icon-note....
by mixig
Thu May 09, 2019 8:10 pm
Forum: Beginner Basics
Topic: cant view graphing
Replies: 6
Views: 2906

Re: cant view graphing

Just for test disable your firewall rules (input chain)
by mixig
Tue Feb 12, 2019 6:00 pm
Forum: General
Topic: Time Limit
Replies: 1
Views: 1151

Re: Time Limit

by mixig
Tue Feb 05, 2019 5:55 pm
Forum: Beginner Basics
Topic: MAIL server behind 2 wan ips
Replies: 1
Views: 787

Re: MAIL server behind 2 wan ips

IP firewall mangle, do mark routing, check the wiki for more info
by mixig
Fri Jan 11, 2019 3:52 pm
Forum: Beginner Basics
Topic: Configure VPN (PPTP) connection
Replies: 3
Views: 3943

Re: Configure VPN (PPTP) connection

You must allow GRE protocol and port 1723 from WAN (input chain in ip firewall filter)
by mixig
Tue Dec 11, 2018 10:04 pm
Forum: General
Topic: Brigde VLAN again [SOLVED]
Replies: 13
Views: 2439

Brigde VLAN again [SOLVED]

Hi, I have setup like this (CCR1016) One bridge with port members sfp1-sfp6 3 VLANs, 111,199,200 sfp1 is trunk port with tagged vlans 111,199 sfp6 is trunk port with tagged vlans 111,200 Ports sfp2-sfp5 must be in access vlan 111 I used new way of bridging vlans, router os 6.42.x, it seems to me tha...
by mixig
Tue Nov 06, 2018 9:29 pm
Forum: Useful user articles
Topic: Using RouterOS to QoS your network - 2020 Edition
Replies: 275
Views: 504051

Re: Using RouterOS to prioritize (Qos) traffic for a Class C

I'm a little curious why you have some rules twice /ip firewall mangle add chain=forward action=mark-connection protocol=udp   src-address=192.168.100.5 connection-state=new new-connection-mark="VOIP" comment="IP-PBX" add chain=forward action=mark-packet     passthrough=no conne...
by mixig
Wed Oct 31, 2018 7:22 am
Forum: General
Topic: QoS Internet
Replies: 1
Views: 877

QoS Internet

Hi, can someone check this part of my configuration, there are 3 netoworks (3 VLAN) and all of them are going to Internet via fiber optic 50/50Mbps, I need to share bandwidth 2x15Mbps and 1x20, If there is no congestion on wan then they can use all available bandwidth. Packet are matching in mangle ...
by mixig
Mon Oct 29, 2018 7:18 pm
Forum: Beginner Basics
Topic: Mikrotik 3011 VLAN setup voice + data
Replies: 60
Views: 14711

Re: Mikrotik 3011 VLAN setup voice + data

Try with this: /interface bridge add name=bridge vlan-filtering=no /interface vlan add interface=bridge name=vlan_170 vlan-id=170 add interface=bridge name=vlan_171 vlan-id=171 add interface=bridge name=vlan_172 vlan-id=172 add interface=bridge name=vlan_173 vlan-id=173 /interface bridge vlan add br...
by mixig
Fri Oct 26, 2018 5:13 pm
Forum: General
Topic: How recovery hacked RB2011 via JTAG ?
Replies: 3
Views: 2118

Re: How recovery hacked RB2011 via JTAG ?

Factory reset and then restore backup then change the password?
by mixig
Mon Oct 08, 2018 12:11 pm
Forum: General
Topic: Multiple requests from same port.
Replies: 1
Views: 883

Re: Multiple requests from same port.

Try to use SIP TCP instead UDP
by mixig
Mon Oct 08, 2018 12:09 pm
Forum: General
Topic: RouterOS do not upgrade from 6.34.4
Replies: 7
Views: 2135

Re: RouterOS do not upgrade from 6.34.4

Hello, I got a CRS125-24G-1S in control with 6.34.4. I absolutely cant upgrade or change a routerOS at the board. I tried several versions (include a try to downgrade). I put a package file into the router and reboot. And nothing change. Package still on the disk and i have not any records at log, ...
by mixig
Mon Oct 08, 2018 12:05 pm
Forum: Beginner Basics
Topic: Not allowing one certain IP address to see the rest of the network
Replies: 14
Views: 2388

Re: Not allowing one certain IP address to see the rest of the network

Hey. Just set src-address as your laptop and set dst-address as a prohibited network. or you can set firewall rule like this: /ip firewall filter add action= accept chain=forward dst-address= !192.168.0.0/24 src-address=192.168.0.22 P.S.: don't forget to lift this rule up above common forward rule....
by mixig
Mon Oct 08, 2018 11:59 am
Forum: Beginner Basics
Topic: Problem with DHCP server and virtual AP
Replies: 6
Views: 3621

Re: Problem with DHCP server and virtual AP

Please export the full configuration of your router so that we can see all your settings
by mixig
Thu Oct 04, 2018 7:43 pm
Forum: General
Topic: Mikrotik Router SIP Connection Blocked.
Replies: 79
Views: 62020

Re: Mikrotik Router SIP Connection Blocked.

I can confirm that from version 4.x till now 6.4x same thing if PPP interface is in use so I use this one as a script and no more reports from customer:
/ip firewall connection remove [/ip firewall connection find where connection-type=sip and assured=no]
by mixig
Fri Jan 19, 2018 10:07 pm
Forum: General
Topic: winbox for ubuntu
Replies: 37
Views: 51398

Re: winbox for ubuntu

Any update regarding this topic?

BR,
Mixig
by mixig
Sun Feb 16, 2014 3:50 pm
Forum: Beginner Basics
Topic: QOS Verify setup
Replies: 3
Views: 2015

Re: QOS Verify setup

Your mikrotik routers prioritise nothing with the current configuration
by mixig
Mon Dec 09, 2013 3:53 pm
Forum: General
Topic: option 66 ROS 6.7
Replies: 3
Views: 1304

Re: option 66 ROS 6.7

works as expected: http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server#DHCP_Options you have to set 'random text' (note the quotes) if you want to send a string over as an option value. when everything is set up you can check actual raw value what is going to be sent over. Hi, i put the qoutes and ...
by mixig
Mon Dec 09, 2013 3:32 pm
Forum: General
Topic: option 66 ROS 6.7
Replies: 3
Views: 1304

option 66 ROS 6.7

Hi,

i have option 66 for my phones:

http://192.168.10.1:5000/provisioning

on 5.26 it works, on 6.7 i get error (attach)... to resolve my problems I need to downgrade all my router boards??
by mixig
Sun Dec 01, 2013 4:24 pm
Forum: Beginner Basics
Topic: Forward Mail Traffic
Replies: 2
Views: 1245

Re: Forward Mail Traffic

Cab you share with us your Firewall (Filter/NAT) config?
by mixig
Wed Nov 20, 2013 10:27 pm
Forum: Beginner Basics
Topic: IPSEC tunnel between RB912 and Sonicwall UP but no packets
Replies: 7
Views: 4669

Re: IPSEC tunnel between RB912 and Sonicwall UP but no packe

Hi, this is from your MKT: [admin@MikroTik] /ip ipsec policy> 0 src-address=1.254.0.0/24 src-port=any dst-address=172.16.0.0/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=213.27.221.220 sa-dst-address=95.126.72.72 proposal=default priority=0 ...
by mixig
Wed Nov 06, 2013 10:38 pm
Forum: General
Topic: Simple queue comparation
Replies: 1
Views: 717

Simple queue comparation

Hi,
can someone check my two config examples and explain me is there any difference between this two setups? (Priorities are different for each client)

Thanks
by mixig
Thu Aug 22, 2013 7:32 pm
Forum: General
Topic: Winbox search option
Replies: 3
Views: 2028

Winbox search option

Hi,

it would be nice in Winbox to have some search field (which will look for ip address or note value) so that we dont need to scroll through the list (each day i need to connect to some of mkt and each time i must spend some time to find it on the list

Thanks
by mixig
Fri Aug 16, 2013 4:46 pm
Forum: General
Topic: PCC vs ECMP load balancing
Replies: 1
Views: 2439

Re: PCC vs ECMP load balancing

From wiki for ECMP: Known Issues DNS issues ISP specific DNS servers might have custom configuration that treats specific requests from ISP's network differently than requests from other network. So in case connection is made via other gateway those sites will not be accessible. To avoid that we sug...
by mixig
Fri Aug 16, 2013 4:42 pm
Forum: General
Topic: simple firewall question
Replies: 2
Views: 1128

Re: simple firewall question

no, because last rule is general, so invalid connections will also be in that rule
by mixig
Mon Jul 15, 2013 6:41 pm
Forum: Scripting
Topic: check port status on another machine
Replies: 0
Views: 1013

check port status on another machine

Hi, is there any way how I can check is other machine is listening od specific port? If yes do nothing, if not send an email. WIth netwatch I am monitoring the all machinem but i need to monitor specific services: e.g. with telnet command? step 1 -> system telnet 10.160.250.130 1234 (if port is ok m...
by mixig
Tue Jul 09, 2013 6:45 pm
Forum: General
Topic: RB 1200 temperature
Replies: 0
Views: 642

RB 1200 temperature

Any experience for how long can it works with this temperature? :D
by mixig
Thu Jul 04, 2013 10:24 pm
Forum: General
Topic: ping problem
Replies: 10
Views: 2926

Re: ping problem

First solved issues with ip addressing....
by mixig
Sun Jun 30, 2013 5:50 pm
Forum: General
Topic: Firewall filter content
Replies: 9
Views: 8554

Re: Firewall filter content

I added addresses list "Facebokk" and block everything with destination address list, every month or two i go and check is there any new subnet : http://bgp.he.net/search?search[search]=facebook&commit=Search /ip firewall address-list add address=74.119.76.0/22 disabled=no list=Faceboo...
by mixig
Fri Jun 28, 2013 9:42 am
Forum: General
Topic: Accessing internal IPs after connecting via VPN
Replies: 2
Views: 1055

Re: Accessing internal IPs after connecting via VPN

Go to your LAN interface (192.168.88.0/24) and search ARP then select proxy-arp
by mixig
Wed Jun 19, 2013 12:27 pm
Forum: General
Topic: dst-nat change source ip address
Replies: 1
Views: 3677

dst-nat change source ip address

Hi, is it posssible to to dst nat from outisde to some local ip but with changing public ip address to local, so that device on lan see that packet as not public ip? with classic port forward i must NAT public ip which came to mikrotik to private ip and send to local machine I found that possibilty ...
by mixig
Mon Jun 17, 2013 7:20 pm
Forum: General
Topic: Route all traffic via VPN
Replies: 9
Views: 70416

Re: Route all traffic via VPN

Step one, if you want push public traffic through VPN create three address list (private ip addresses): /ip firewall address-list add address=10.0.0.0/8 disabled=no list="Local subnet" add address=172.16.0.0/12 disabled=no list="Local subnet" add address=192.168.0.0/16 disabled=n...
by mixig
Fri May 31, 2013 1:10 pm
Forum: General
Topic: How to by pass 1 user or IP in web proxy - RB2011UAS
Replies: 4
Views: 3098

Re: How to by pass 1 user or IP in web proxy - RB2011UAS

do that in ip firewall nat instead ip firewall mangle
by mixig
Fri May 31, 2013 1:09 pm
Forum: General
Topic: How to by pass 1 user or IP in web proxy - RB2011UAS
Replies: 4
Views: 3098

Re: How to by pass 1 user or IP in web proxy - RB2011UAS

example:

/ip firewall mangle
add action=accept chain=prerouting disabled=no in-interface=ether1-LAN src-address=192.168.0.100

change in-interface=your lan interface
change ip address

put that rule at athe top of the mangle
by mixig
Thu May 16, 2013 4:45 pm
Forum: Beginner Basics
Topic: 2 WAN interfaces
Replies: 2
Views: 1303

Re: 2 WAN interfaces

by mixig
Tue Apr 30, 2013 7:35 pm
Forum: General
Topic: need helpe
Replies: 3
Views: 979

Re: need helpe

by mixig
Tue Apr 30, 2013 7:30 pm
Forum: General
Topic: IPsec site-to-site VPN
Replies: 1
Views: 951

Re: IPsec site-to-site VPN

Try with this link:

http://gregsowell.com/?p=1290
by mixig
Wed Apr 17, 2013 9:09 pm
Forum: Beginner Basics
Topic: Redirect HTTP traffic
Replies: 3
Views: 1320

Re: Redirect HTTP traffic

Does traffic is passing through that rule (look at the counter on the right side od the rule) Also does you Mikrotik know how to get to proxy cache? Do you see any traffic on your proxy?
by mixig
Thu Apr 11, 2013 11:42 pm
Forum: General
Topic: WAN with multiple static address; force LAN SUBNET traffic
Replies: 2
Views: 1269

Re: WAN with multiple static address; force LAN SUBNET traff

try this:
add action=src-nat chain=srcnat comment="" disabled=no out-interface=WAN_INTERFACE src-address=YOUR_LAN_SUBNET to-addresses=YOUR PUBLIC_IP
by mixig
Thu Apr 11, 2013 9:50 pm
Forum: General
Topic: RB2011UAS
Replies: 5
Views: 1462

Re: RB2011UAS

by mixig
Wed Apr 03, 2013 12:10 pm
Forum: General
Topic: Multiple L2TP IPsec Users
Replies: 1
Views: 1747

Re: Multiple L2TP IPsec Users

From presentatio: http://mum.mikrotik.com/presentations/HR13/kirnak.pdf

You can not have more then one 0.0.0.0/0 peer. If you configure multiple, only one will work.
–Use certificates to solve problems with one PSK for all peers.
by mixig
Wed Apr 03, 2013 11:28 am
Forum: General
Topic: IPSEC / Nat issue
Replies: 3
Views: 2927

Re: IPSEC / Nat issue

IPSec traffic must be excluded from NAT (masquerade), can you please also put ipsec configuration here?
by mixig
Mon Apr 01, 2013 7:56 pm
Forum: Beginner Basics
Topic: RB2011L level 4 - blocking the connections between networks
Replies: 1
Views: 1351

Re: RB2011L level 4 - blocking the connections between netwo

check this settings, if that option is not enabled you firewall rules will not work for bridged traffic
by mixig
Mon Apr 01, 2013 7:49 pm
Forum: Beginner Basics
Topic: VPN Problem
Replies: 8
Views: 3823

Re: VPN Problem

Maybe firewall issue?
by mixig
Thu Mar 28, 2013 4:54 pm
Forum: Beginner Basics
Topic: Newbie questions
Replies: 1
Views: 914

Re: Newbie questions

by mixig
Thu Mar 28, 2013 4:53 pm
Forum: Beginner Basics
Topic: Newbie Questions
Replies: 4
Views: 1597

Re: Newbie Questions

All routerboards have the same RouterOS so they all have the same features, you can take 750/751/951/450, they all have 5 eth ports + wlan interface (except 450 which doesnt have WLAN)...
by mixig
Thu Mar 28, 2013 4:44 pm
Forum: Beginner Basics
Topic: RB450 DHCP + AP = only one wireless client.
Replies: 2
Views: 1047

Re: RB450 DHCP + AP = only one wireless client.

Check is the mode on wireless interface set to "ap-bridge"
by mixig
Thu Mar 28, 2013 9:50 am
Forum: Beginner Basics
Topic: Cannot Ping outside of LAN
Replies: 10
Views: 8469

Re: Cannot Ping outside of LAN

go to IP-Routes:

0.0.0.0/0
select your g1 interface to be gateway
by mixig
Wed Mar 27, 2013 11:20 pm
Forum: Beginner Basics
Topic: No access to LAN over PPTP VPN
Replies: 5
Views: 15840

Re: No access to LAN over PPTP VPN

could you post your firewall configuration?
by mixig
Wed Mar 27, 2013 10:11 pm
Forum: Beginner Basics
Topic: Dual Wan IP Addressess
Replies: 2
Views: 1501

Re: Dual Wan IP Addressess

if you have more than one ip address on port you may have trouble with traffic from outside because of the preferred source.. you will need to do some mangling

http://forum.mikrotik.com/viewtopic.php?f=2&t=71173
by mixig
Wed Mar 27, 2013 10:06 pm
Forum: Beginner Basics
Topic: Cannot Ping outside of LAN
Replies: 10
Views: 8469

Re: Cannot Ping outside of LAN

do you have default route in your routing table??? is your gateway to outside g1 interface?
by mixig
Wed Mar 27, 2013 9:53 pm
Forum: General
Topic: Block PC to access another device in LAN
Replies: 4
Views: 11451

Re: Block PC to access another device in LAN

Hi, if you are using bridge there are 2 ways, on bridge port you can enable IP firewall so with that you can block traffic between that two devices (forward chain), or you can use horizon under the ports which are in the bridge (devices which are on the ports with the same horizon number CAN NOT com...
by mixig
Wed Mar 27, 2013 7:51 pm
Forum: Beginner Basics
Topic: Triple Wan - Dual DHCP, default routes
Replies: 2
Views: 1439

Re: Triple Wan - Dual DHCP, default routes

for 3G modem in firewall nat section you can put source nat only for DHCP1 LAN, so DHCP2 address will not get to the internet (it will but the internt would not work), or you can block them in firewall (better solution), src add=LAN_DHCP2 out. interface = 3g modem and also src add=LAN_DHCP2 out. int...
by mixig
Wed Mar 27, 2013 3:42 pm
Forum: General
Topic: Images not showing when using webproxy
Replies: 1
Views: 1197

Re: Images not showing when using webproxy

Do you have some rules like this in web proxy:

/ip proxy access
add path=*.jpg action=deny
add path=*.jpeg action=deny
add path=*.png action=deny
add path=*.gif action=deny
?
by mixig
Mon Mar 25, 2013 1:50 pm
Forum: General
Topic: IPSec VPN Tunnel between RG750G and ASA5520
Replies: 3
Views: 1857

Re: IPSec VPN Tunnel between RG750G and ASA5520

Maybe this video will help:

http://gregsowell.com/?p=1290
by mixig
Mon Mar 25, 2013 9:54 am
Forum: General
Topic: VRRP with VLANs
Replies: 4
Views: 1861

Re: VRRP with VLANs

Just to confirm... working very nice :)
by mixig
Mon Mar 25, 2013 9:44 am
Forum: General
Topic: Block PC to access another device in LAN
Replies: 4
Views: 11451

Re: Block PC to access another device in LAN

They are in the same subnet so traffic between is not passing through the Mikrotik, you can configure bridge on Mikrotik, with that you can accomplish your task
by mixig
Sun Mar 24, 2013 8:15 pm
Forum: Beginner Basics
Topic: Mikrotik RB750 can't access Internet
Replies: 5
Views: 1990

Re: Mikrotik RB750 can't access Internet

in winbox: new terminal-> ip route export

paste routing table here...
by mixig
Sun Mar 24, 2013 9:04 am
Forum: Beginner Basics
Topic: Mikrotik RB750 can't access Internet
Replies: 5
Views: 1990

Re: Mikrotik RB750 can't access Internet

Do you have default route in your routing table?
by mixig
Sat Mar 23, 2013 10:00 pm
Forum: Beginner Basics
Topic: RB2011L-IN - Dual WAN Connections?
Replies: 1
Views: 1218

Re: RB2011L-IN - Dual WAN Connections?

All ports are just a regular ports.. there is no WAN or LAN ports, you can use any port for LAN or WAN
by mixig
Thu Mar 21, 2013 11:00 pm
Forum: Beginner Basics
Topic: WLAN problem on RB751U-2HnD
Replies: 3
Views: 1134

Re: WLAN problem on RB751U-2HnD

you can post firewall settings from mikrotik here... but did you try turning off thr firewall on that devices (windows OS ?)
by mixig
Thu Mar 21, 2013 8:59 pm
Forum: Beginner Basics
Topic: Port forwarding on Load balancing
Replies: 3
Views: 1225

Re: Port forwarding on Load balancing

Hi, you can do routing mark for that server (marking by local ip address of that server), and create default route for that marked traffic to go outside through one of your links, and create destination nat -> evertything which came on that particular link from outisde by port "xy" forward...
by mixig
Thu Mar 21, 2013 8:44 pm
Forum: General
Topic: CCR rc10 pptp
Replies: 2
Views: 1568

Re: CCR rc10 pptp

by mixig
Tue Mar 19, 2013 11:09 pm
Forum: General
Topic: UTM
Replies: 1
Views: 2307

Re: UTM

IMO it will never happen...
by mixig
Mon Mar 18, 2013 3:18 pm
Forum: General
Topic: How to winbox more than one router over the internet?
Replies: 3
Views: 1062

Re: How to winbox more than one router over the internet?

Thanks for your reply. How do I go about setting up a VPN connection for this?
Mikrotik has few solutions for VPN, take a look on http://wiki.mikrotik.com/wiki/Manual:TOC (L2tp/ispec, pptp, sstp, open VPN)...
by mixig
Sun Mar 17, 2013 8:29 pm
Forum: General
Topic: How to enable wireless on RB951-2n
Replies: 3
Views: 3333

Re: How to enable wireless on RB951-2n

I've never needed to use the wireless feature on the RB951-2N router board i purchased. but now my dLink will be going offline and so i want to use the wireless feature for a couple of days. when i activate the wireless, it bradcasts the SSID alright but i can't get any machine to connect to it sin...
by mixig
Sun Mar 17, 2013 8:23 pm
Forum: General
Topic: VRRP with VLANs
Replies: 4
Views: 1861

Re: VRRP with VLANs

VRRP and Vlans work perfectly.
Just don't forget to put an ip address on the VRRP interface and on the physical interfaces (vlan xx) as well.

Thanks...
by mixig
Sun Mar 17, 2013 12:09 pm
Forum: General
Topic: VRRP with VLANs
Replies: 4
Views: 1861

VRRP with VLANs

Hi,

i read old topics and documentation which said taht vrrp doesnt work with vlan interfaces (v2.9/3.0). Is this fixed in version 5.x/6.x?

I will have trunk between mikrotik and cisco switch...

Thanks
by mixig
Tue Mar 05, 2013 8:35 pm
Forum: General
Topic: 1 wan 2 LAN (wan dhcp ip assigned to LAN devices)
Replies: 10
Views: 5740

Re: 1 wan 2 LAN (wan dhcp ip assigned to LAN devices)

you also have ip address on eth2 and wlan?????? they are in bridge, try remove that ip addresses... your nar rule says masquarade src address 172.20.0./24 and you have 172.18/172.19 on eth2 and wlan
by mixig
Tue Mar 05, 2013 8:32 pm
Forum: General
Topic: 1 wan 2 LAN (wan dhcp ip assigned to LAN devices)
Replies: 10
Views: 5740

Re: 1 wan 2 LAN (wan dhcp ip assigned to LAN devices)

from your computer try ping: www.google.com and 4.2.2.2 also from mikrotik too
by mixig
Tue Mar 05, 2013 6:37 pm
Forum: General
Topic: 1 wan 2 LAN (wan dhcp ip assigned to LAN devices)
Replies: 10
Views: 5740

Re: 1 wan 2 LAN (wan dhcp ip assigned to LAN devices)

you can try ping your default gateway (ISP side) from mikrotik
by mixig
Tue Mar 05, 2013 4:08 pm
Forum: General
Topic: 1 wan 2 LAN (wan dhcp ip assigned to LAN devices)
Replies: 10
Views: 5740

Re: 1 wan 2 LAN (wan dhcp ip assigned to LAN devices)

Do you have default route on mikrotik which is pointing to your ISP?
by mixig
Tue Mar 05, 2013 12:50 pm
Forum: General
Topic: 1 wan 2 LAN (wan dhcp ip assigned to LAN devices)
Replies: 10
Views: 5740

Re: 1 wan 2 LAN (wan dhcp ip assigned to LAN devices)

Do not bridge WAN and LAN ports together, your WAN interface is dhcp client and it gets public ip from your ISP. After that you create bridge interface and put eth2, eth3 and wlan to that bridge interface, put the ip addres to BRIDGE interface from subnet 172.20.0.0/24, enable dhcp server for BRIDGE...
by mixig
Mon Mar 04, 2013 2:23 pm
Forum: General
Topic: IPSec Tunnel not working
Replies: 7
Views: 2861

Re: IPSec Tunnel not working

Also alow UDP 500 on your firewall (input chain), be sure that your nat rule for local networks are above the masquerade rule in ip firewall nat
by mixig
Sat Feb 23, 2013 12:26 am
Forum: Beginner Basics
Topic: vpn not seeing other computers
Replies: 6
Views: 2052

Re: vpn not seeing other computers

L2TP does not require IPSec, IPSec is used to encrypt the traffic
by mixig
Sat Feb 16, 2013 9:15 am
Forum: General
Topic: Which model to select?
Replies: 2
Views: 972

Re: Which model to select?

For central site I'll suggest 1100AHx2: 50$ difference is not so much if you have 70 remote locations. will be pratical not in used... on remote locations will be 1-2 phones.. I don't understand well... you mean there will be little traffic? Sure I'ts true, but don't forget to prioritize it. yes, t...
by mixig
Fri Feb 15, 2013 10:12 pm
Forum: General
Topic: Which model to select?
Replies: 2
Views: 972

Which model to select?

Hi, 1 central location + 60-70 remote locations... all remote locations will have 2 PPTP tunnels to the central MKT (arround 120-140 PPTP tunnels on central MKT), half of that tunnels are for voip and there will be pratical not in used... on remote locations will be 1-2 phones.. other half of the tu...
by mixig
Thu Jan 31, 2013 7:45 pm
Forum: Beginner Basics
Topic: how to set QOS on RB750
Replies: 1
Views: 1124

Re: how to set QOS on RB750

Router OS is the same for all models, each of them have ability for QoS, check the official mikrotik wiki
by mixig
Wed Jan 30, 2013 11:27 pm
Forum: Beginner Basics
Topic: how to redirect http traffic to another gateway on Mikrotik
Replies: 10
Views: 11895

Re: how to redirect http traffic to another gateway on Mikro

ok, first thing, your wan2 has wrong gateway, it`s not in the same network as your wan2 interface...
by mixig
Tue Jan 29, 2013 3:02 pm
Forum: Beginner Basics
Topic: how to redirect http traffic to another gateway on Mikrotik
Replies: 10
Views: 11895

Re: how to redirect http traffic to another gateway on Mikro

ip firewall mangle export

ip route export

copy/pase the config
by mixig
Mon Jan 28, 2013 10:31 pm
Forum: Beginner Basics
Topic: Firewall configuring
Replies: 2
Views: 1146

Re: Firewall configuring

The best way is prevent duplicate mac address at the start-> managed switches with port security is the best option
by mixig
Mon Jan 28, 2013 10:18 pm
Forum: General
Topic: marking connections and packets
Replies: 2
Views: 777

Re: marking connections and packets

A connection mark is a mark that is automatically applied to all packets of a connection. You mark the connection on one packet, and all other packets in the same connection will have the same mark. Packet marks only are applied to one packet, and do not propagate to other packets in the same connec...
by mixig
Mon Jan 28, 2013 10:14 pm
Forum: General
Topic: PCC - Src-Address method.
Replies: 2
Views: 3174

Re: PCC - Src-Address method.

I am using PCC with source address method (about 100 users), it`s not the best method but it works, before that i used src and dst address but there were problems with https/internet banking... with src method more then a year everything is working normally, not 50:50 ratio but ok for me (I enabled ...
by mixig
Mon Jan 28, 2013 9:57 pm
Forum: Beginner Basics
Topic: how to redirect http traffic to another gateway on Mikrotik
Replies: 10
Views: 11895

Re: how to redirect http traffic to another gateway on Mikro

you can see in torch, or you can open the browser and go to www.whatismyip.com

if your address is ip address from WAN2 then it works
by mixig
Sun Jan 27, 2013 11:42 am
Forum: Beginner Basics
Topic: how to redirect http traffic to another gateway on Mikrotik
Replies: 10
Views: 11895

Re: how to redirect http traffic to another gateway on Mikro

Hi, if I understood you have two wan ports on MKT (WAN1, WAN2), WAN1 is default route in our scenario, WAN2 will be used for HTTP traffic which will be coming from local computers. 1) we must mark web traffic which is coming to mikrotik (ip firewall mangle)- put that rule on the top of the mangle (c...
by mixig
Wed Jan 23, 2013 9:11 pm
Forum: General
Topic: DHCP Options
Replies: 1
Views: 762

Re: DHCP Options

My example:

/ip dhcp-server option
add code=66 name=option66 value=http://192.168.0.56/


/ip dhcp-server network
add address=192.168.1.0/24 comment="" dhcp-option=option66 dns-server=4.2.2.2,8.8.8.8 gateway=192.168.1.1
by mixig
Mon Jan 21, 2013 3:49 pm
Forum: Beginner Basics
Topic: VoIP problems
Replies: 4
Views: 2098

Re: VoIP problems

Usual problem when we are having SIP/RTP and NAT in the same story. I will start the packet sniffer on mikrotik: Packet sniffer settings->select proper interface, Streaming: ip of local computer which has Wireshark. Then start the wireshark (select proper interface), then start packet sniffer Now wh...
by mixig
Mon Jan 21, 2013 2:42 pm
Forum: General
Topic: CPU load
Replies: 2
Views: 915

Re: CPU load

by mixig
Mon Jan 21, 2013 9:49 am
Forum: Beginner Basics
Topic: Creating groups of address lists
Replies: 4
Views: 4350

Re: Creating groups of address lists

Hi,

after you create address list you can configure only one rule for those servers
by mixig
Sun Jan 20, 2013 1:13 pm
Forum: General
Topic: Mark traffic on wan interface
Replies: 8
Views: 2510

Re: Mark traffic on wan interface

What i ask post above is, when local traffic is going through the internet (there isnt any marking, not using PCC), traffic will go through WAN3 (pppoe-defulat route), but one of the server is mail server and it must be use WAN2 as his default gateway. Mark routing in mangle will do the trick? mangl...
by mixig
Sun Jan 20, 2013 12:37 pm
Forum: General
Topic: Mark traffic on wan interface
Replies: 8
Views: 2510

Re: Mark traffic on wan interface

Hi, i follow the example and it seems that everything is working fine now, thanks :) Just one thing, i will have mail server in LAN at it must be bind with WAN2 ip address (because mx record, srv record), it will be enough to put one rule on the top of the mangle? src-address=ip_of_mail_server src-p...
by mixig
Sun Jan 20, 2013 3:18 am
Forum: General
Topic: cant get dual WAN to work with proxy
Replies: 6
Views: 3142

Re: cant get dual WAN to work with proxy

On further playing around it looks like the Web Proxy strips the routing mark. If I add an additional gateway that does not have a routing mark, browsing then works again through that gateway. Is there a way I can force traffic from the proxy to another gateway, while not forcing the rest of the tr...
by mixig
Sun Jan 20, 2013 3:14 am
Forum: General
Topic: Transparent proxy with Squid.
Replies: 5
Views: 2013

Re: Transparent proxy with Squid.

in your rule you have disabled=yes mistake?
by mixig
Sat Jan 19, 2013 5:28 pm
Forum: General
Topic: Mark traffic on wan interface
Replies: 8
Views: 2510

Re: Mark traffic on wan interface

picture in the attach
by mixig
Sat Jan 19, 2013 5:13 pm
Forum: General
Topic: Mark traffic on wan interface
Replies: 8
Views: 2510

Re: Mark traffic on wan interface

Hi, thanks for the reply i already take a look your link, i see that that example is using PCC for marking local trafiic, which will load balancing local traffic through two links. in my situation i need that all local traffic is go outisde through WAN3 (pppoe), no need for PCC (i think), only traff...
by mixig
Sat Jan 19, 2013 11:07 am
Forum: General
Topic: Mark traffic on wan interface
Replies: 8
Views: 2510

Re: Mark traffic on wan interface

I alos try this

http://home.swkls.org/mikrotik-dual-wan ... cket-flow/

but device which i want reach (dst-nat) doesnt work, its working only if traffic is for mikrotik, not some forward to local device behind it
by mixig
Sat Jan 19, 2013 10:48 am
Forum: General
Topic: Mark traffic on wan interface
Replies: 8
Views: 2510

Mark traffic on wan interface

Hi, i have wan links on mirkotik, two links with static ip, and the third is pppoe (dynamic ip), default route is over pppoe. what i want is when something came to mirkotik on WAN1 or WAN2 i want that that traffic is going back the same side its came. i did some mangle and routing mark, nad when i c...
by mixig
Tue Jan 15, 2013 3:54 pm
Forum: Beginner Basics
Topic: Port forwarding not working for me on RB411 / 6.0
Replies: 6
Views: 1656

Re: Port forwarding not working for me on RB411 / 6.0

When you are trying 3389 from outside to your routerboard, in firewall/nat on mikrotik do you see on your dst rule for 3389 that the counter is growing? if not traffic is not coming to your mikrotik (also you said that in torch there is no that traffic)
by mixig
Mon Jan 14, 2013 4:47 pm
Forum: General
Topic: how to block certain sites
Replies: 6
Views: 1488

Re: how to block certain sites

by mixig
Fri Jan 11, 2013 2:13 pm
Forum: SwOS
Topic: Swos download section
Replies: 0
Views: 2387

Swos download section

There is a wrong date...
by mixig
Tue Jan 08, 2013 10:17 pm
Forum: General
Topic: Block IP Range (facebook)
Replies: 13
Views: 21986

Re: Block IP Range (facebook)

Hi Guys, until yesterday this rules were working for me: > add action = accept chain = forward src-address-List = Facebook_allow dst-address = 66.220.1.0/20 > add action = accept chain = forward src-address = Facebook_allow dst-address = 69.63.176.0/20 > add action = accept chain = forward src-addr...
by mixig
Tue Jan 08, 2013 9:57 pm
Forum: General
Topic: Port forwarding not working, please help
Replies: 8
Views: 7264

Re: Port forwarding not working, please help

Does your PC 192.168.88.237 have access to the Internet? Can you for this rule:

chain=dstnat action=dst-nat to-addresses=192.168.88.237 to-ports=3000 protocol=tcp dst-port=3000

add "in-interface = pppoe-out1" and try again
by mixig
Tue Jan 08, 2013 5:01 pm
Forum: General
Topic: Port forwarding not working, please help
Replies: 8
Views: 7264

Re: Port forwarding not working, please help

Counters on that dst-rule in firewall/NAT rule (look the attach, on right side), clear the counters then try telnet from outside and see is your traffic hits that rule, if does that traffic is forwarded to you local ip. Default gateway on that local computer is mikrotik?
by mixig
Tue Jan 08, 2013 2:16 pm
Forum: General
Topic: Port forwarding not working, please help
Replies: 8
Views: 7264

Re: Port forwarding not working, please help

Does the counter on your firewall rule for dst-nat is growing?
by mixig
Tue Jan 08, 2013 9:25 am
Forum: Beginner Basics
Topic: Help with Site to Site VPN
Replies: 9
Views: 7256

Re: Help with Site to Site VPN

What excatly is not working? Did you allow UDP 500 and esp protocol on both side on mkt firewall (input chain)? What the log says (you can turn on ipsec log, System-Logging section)?
by mixig
Mon Jan 07, 2013 8:05 pm
Forum: Beginner Basics
Topic: Two Gateways failover
Replies: 3
Views: 2446

Re: Two Gateways failover

if your traffic is marked with routing mark e.g. WAN 1 (subnets 192.168.1.0/24, 192.168.2.0/24), and you have default route which has routing mark WAN1 which has exit over pppoe1 and WAN1 is down, your marked traffic will go outiside automatically through some other default route. Rule says if there...
by mixig
Mon Jan 07, 2013 6:03 pm
Forum: General
Topic: Bandwidth management help
Replies: 3
Views: 1055

Re: Bandwidth management help

Well, you can accomplished that with two method, as example is showing, step 1 and step 2 if you are using step 2 you can skip step 1. Why? Because in step one we are marking out interesting traffic. How? By selecting the Interface where we want to do "action". In this case this is LAN int...
by mixig
Mon Jan 07, 2013 12:25 pm
Forum: General
Topic: Bandwidth management help
Replies: 3
Views: 1055

Re: Bandwidth management help

Read this first:
http://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ

and after that try with this setup (change the subnet when configuring target addresses):
http://wiki.mikrotik.com/wiki/Manual:Qu ... Q_Examples
by mixig
Mon Jan 07, 2013 12:21 pm
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 11634

Re: Cant connect to internet with pppoe client

Make sure that your masquerad rule is on the top, that firewall is not blocking the traffic (you can export firewall and mangle rules here), try to ping some internet ip address but with src address of the mikrotik lan ip address
by mixig
Mon Jan 07, 2013 11:22 am
Forum: Beginner Basics
Topic: Two Gateways failover
Replies: 3
Views: 2446

Re: Two Gateways failover

In firewall mangle you can marking your voip traffic based on src address or port number , DSCP value, what ever and to that traffic give a routing mark, e.g. routing mark=VOIP. Then in ip->routes create defult route 0.0.0.0/0, routing mark=VOIP. p.s. when creating mangle be sure that rule which is ...
by mixig
Sun Jan 06, 2013 8:29 pm
Forum: Beginner Basics
Topic: mangle rule to bypass load balancing with address list
Replies: 1
Views: 2317

Re: mangle rule to bypass load balancing with address list

Create address list with your local ip addresses that you want exclude from load balancing, then in mangle in prerouting chani put that address list in src address list and put the routing mark, passthrough set to "NO". Also important is that you must put that rule on the top in mangle. Th...
by mixig
Sat Jan 05, 2013 11:56 pm
Forum: Beginner Basics
Topic: Very Simple,Functional QoS Setup For Begginers
Replies: 5
Views: 8861

Re: Very Simple,Functional QoS Setup For Begginers

go to tiktube and take a look videos from janis megis from 2009 and 2011 and Valens Riyadi 2009 (HTB, QoS)
by mixig
Sat Jan 05, 2013 11:29 pm
Forum: Beginner Basics
Topic: Very Simple,Functional QoS Setup For Begginers
Replies: 5
Views: 8861

Re: Very Simple,Functional QoS Setup For Begginers

Prioritization without set limits not doing absolutely nothing exept the counter is growing...

so, all that for nothing...
by mixig
Mon Dec 31, 2012 11:57 am
Forum: Beginner Basics
Topic: Reaching only one PC in other subnet
Replies: 15
Views: 4322

Re: Reaching only one PC in other subnet

lan1 and lan2 dont have communication between each other (i assume firewall is blocking that traffic), add this rules before that rule which is blocking LAN1 and LAN2: /ip firewall filter add action=accept chain=forward comment="" disabled=no dst-address=10.10.10.5 src-address=192.168.149....
by mixig
Sun Dec 30, 2012 1:08 pm
Forum: General
Topic: What is the best Load Balancing in my case
Replies: 3
Views: 1354

Re: What is the best Load Balancing in my case

i think it will be better if not using NAT on mikrotik and put the 192.168.1.0/24 is coming to upstream router, you can get better load balancing. Right now you are doing LB whit which parameters, dst address, port numbers? i am using src address for LB, it is not pure and equal but with another par...
by mixig
Sun Dec 30, 2012 11:48 am
Forum: Beginner Basics
Topic: Mikrotik L2TP IPSEC Client
Replies: 3
Views: 16233

Re: Mikrotik L2TP IPSEC Client

is there any example / tutorial for /ip Ipsec setting?
is it possible to connect mikrotik client to windows server (ipsec configured on win server).?
tnx for reply
L2TP/IPSec
http://gregsowell.com/?p=4389

IPSec
http://gregsowell.com/?p=1290
by mixig
Fri Dec 28, 2012 11:01 am
Forum: Beginner Basics
Topic: about subnet and range
Replies: 6
Views: 3163

Re: about subnet and range

hello :- ihave proplem in subnet (/?) i try more and more but i can`t understand as example ihave range x.x.x.5-x.x.x.10 what subnet i must put and why ? anyone have topic or something give me it i search about it but didn`t found this thing I assume that x.x.x.5-x.x.x10 are usable ip addresses, wi...
by mixig
Wed Dec 26, 2012 11:12 am
Forum: Beginner Basics
Topic: SXT CPE 169.254.x.x
Replies: 2
Views: 1325

Re: SXT CPE 169.254.x.x

Hi,
if you put ip address manually? Is there connectivity then?

169.254.x.x is APIPA, dhcp server works?
by mixig
Sat Dec 22, 2012 11:39 am
Forum: Beginner Basics
Topic: PPTP Client not pingable
Replies: 1
Views: 797

Re: PPTP Client not pingable

Maybe your ISP is blocking ICMP traffic, if not check your firewall on 2011 (input chain)
by mixig
Thu Dec 20, 2012 11:49 am
Forum: Beginner Basics
Topic: Dual WAN - DNS not resolve
Replies: 10
Views: 6458

Re: Dual WAN - DNS not resolve

Hi, in your routing table you have two default routes, each route is default route for packets that has routing mark (my, and small), wehn your are pinging from mikrotik that ping packet doesnt have routing mark because it is not defined in the mangle (mikrotik address is not in you src address list...
by mixig
Wed Dec 19, 2012 3:11 pm
Forum: Beginner Basics
Topic: Dual WAN - DNS not resolve
Replies: 10
Views: 6458

Re: Dual WAN - DNS not resolve

Just for test, in firewall put the output and input chain allow
by mixig
Tue Dec 18, 2012 9:18 pm
Forum: Beginner Basics
Topic: Dual WAN - DNS not resolve
Replies: 10
Views: 6458

Re: Dual WAN - DNS not resolve

put the some public dns servers on mikrotik and/or on your PC˙s
by mixig
Thu Dec 13, 2012 3:57 pm
Forum: Beginner Basics
Topic: users cant get internet easy
Replies: 1
Views: 758

Re: users cant get internet easy

you have installed router os on pc? what is the CPU usage? what is your link bandwith? Is your link out of free bandwith?
by mixig
Mon Dec 10, 2012 11:35 pm
Forum: Beginner Basics
Topic: Copy Address Entrys to Second Router
Replies: 7
Views: 3943

Re: Copy Address Entrys to Second Router

i am not familiar with scripting can anyone help me out.
Try to ask here:
http://forum.mikrotik.com/viewforum.php?f=9
by mixig
Wed Dec 05, 2012 10:35 pm
Forum: Beginner Basics
Topic: Connect two Subnets / two internet providers, one fileserver
Replies: 3
Views: 1196

Re: Connect two Subnets / two internet providers, one filese

your cisco and mikrotik are connected through switch, there is no layer 3 connectivity, cisco is on one subnet and mikrotik on another subnet but they need to be connected somehow...
by mixig
Wed Dec 05, 2012 10:32 pm
Forum: General
Topic: SIP protocol: I am not able to let it work.
Replies: 9
Views: 3718

Re: SIP protocol: I am not able to let it work.

Could you try with this command:

ip firewall service-port set sip ports=5060,5061 disabled=yes
by mixig
Wed Dec 05, 2012 4:01 pm
Forum: Beginner Basics
Topic: Connect two Subnets / two internet providers, one fileserver
Replies: 3
Views: 1196

Re: Connect two Subnets / two internet providers, one filese

It seems that your link is broken
by mixig
Sun Dec 02, 2012 10:45 pm
Forum: Beginner Basics
Topic: firewal mark packet to simple queue
Replies: 3
Views: 2917

Re: firewal mark packet to simple queue

Hi All, I am new to RouterOS, actually just got RB2011 (5.21) as my SOHO gateway. I was experimenting with marking packets by firewall: [admin@Border1] > /ip firewall mangle print Flags: X - disabled, I - invalid, D - dynamic 0 chain=prerouting action=mark-packet new-packet-mark=voip-sip passthroug...
by mixig
Sun Dec 02, 2012 9:33 pm
Forum: General
Topic: Link aggregation of ports to increase bandwidth
Replies: 2
Views: 2199

Re: Link aggregation of ports to increase bandwidth

I have a managed L2 switch, and currently running a 802.1Q trunk (with about 6 VLANs on this) between the switch and Mikrotik's port number 10. I would like to increase bandwidth between the switch and Mikrotik, but still have VLANs. Any advice on how can I do this please? Create bonding interface ...
by mixig
Thu Nov 29, 2012 9:26 pm
Forum: General
Topic: Mikrotik Graphs
Replies: 1
Views: 996

Re: Mikrotik Graphs

only security what i know is to setup ip address or subnet which will be allowed to access to web server/graphs
by mixig
Sun Nov 25, 2012 11:23 pm
Forum: General
Topic: Panasonic SIP working with Mikrotik VPN
Replies: 3
Views: 2208

Re: Panasonic SIP working with Mikrotik VPN

it is works without any problem, on the remote side try to install some softphone on PC on the subnet where is panasonic phone right now (but reading the post once again pc and phone are on the same subnet?) and start the wireshark.. you will see what is happeing with SIP REGISTAR mesage.. also on s...
by mixig
Sun Nov 25, 2012 10:34 pm
Forum: General
Topic: 2 LAN and 2 WAN
Replies: 4
Views: 3090

Re: 2 LAN and 2 WAN

your LAN subnets will be marked in mangle with wan1 and wan2 because you are mangleing only by source address, so when mirkotik need to decide where to route the traffic it will look into the routnig table and search the right routing mark, and it will pass to wan1 or wan2... you must exclude traffi...
by mixig
Sun Nov 25, 2012 10:24 pm
Forum: General
Topic: SIP protocol: I am not able to let it work.
Replies: 9
Views: 3718

Re: SIP protocol: I am not able to let it work.

i would try to figure out where is a problem with wireshark, first yu can install softphone on PC behind 2011 MKT and see what is happening, after that run packet sniffer on mkt which will sent you a copy of traffic to your PC which has wireshark... After that try to see where is the problem
by mixig
Sun Nov 25, 2012 10:19 pm
Forum: Beginner Basics
Topic: Route specific IP address ranges through either WAN1 or 2
Replies: 8
Views: 5814

Re: Route specific IP address ranges through either WAN1 or

no i am just guessing, so traffic is passing through that rule, passthrough is set to no, so traffic is not moving through the manlge, it get to the routing decision... you get timeout... i would say dns is the problem (second provider is using another dns then first provider) but i see that you are...
by mixig
Sun Nov 25, 2012 3:22 pm
Forum: Beginner Basics
Topic: Route specific IP address ranges through either WAN1 or 2
Replies: 8
Views: 5814

Re: Route specific IP address ranges through either WAN1 or

add action=mark-routing chain=prerouting comment="Forced Test Route To WAN2" disabled=no dst-address-list=TEST \
    new-routing-mark=SMALLNETBLDER passthrough=no src-address=192.168.68.0/24
Does this rule has matching traffic, does the counter is growing?
by mixig
Sat Nov 24, 2012 2:45 pm
Forum: General
Topic: Timed Proxy Server
Replies: 2
Views: 1104

Re: Timed Proxy Server

Hi, ip firewall nat rule where you redirecting web traffic to web proxy under the Extra tab you can put time when this rule be active, you can put in your case 8-5pm monday-friday, so the rule will be always in your config but it will be active only for the time you specified, when it is inactive yo...
by mixig
Sat Nov 24, 2012 1:24 pm
Forum: Beginner Basics
Topic: Route traffic to one IP through specific gateway
Replies: 6
Views: 19738

Re: Route traffic to one IP through specific gateway

in your mangle put at the top this: add action=accept chain=prerouting disabled=no dst-address=92.11.11.200 With the command above you will exclude traffic designated for that address from the PCC, it will just pass through the mangle without adding and mark... and then put static route for that ip ...
by mixig
Sat Nov 17, 2012 1:25 pm
Forum: Beginner Basics
Topic: Allow some users for complete internet access
Replies: 11
Views: 3460

Re: Allow some users for complete internet access

[admin@MikroTik] > ip proxy access print Flags: X - disabled # DST-PORT DST-HOST PATH METHOD ACTION HITS 0 www.facebook.com, www.yahoo.com deny 0 1 www.youtube.com deny 0 it does`t put any syntax error when putting multiple dst.host, just try and see is it working...
by mixig
Fri Nov 16, 2012 12:37 pm
Forum: Beginner Basics
Topic: IP TUNNEL
Replies: 3
Views: 1590

Re: IP TUNNEL

From wiki: GRE the same as IPIP and EoIP were originally developed as stateless tunnels. Meaning that if remote end of the tunnels goes down all traffic that was routed over the tunnels gets blackholed. To solve this problem RouterOS have added keepalive feature for GRE tunnels. You could try with g...
by mixig
Mon Nov 12, 2012 11:28 am
Forum: Beginner Basics
Topic: pptp source address
Replies: 1
Views: 1163

pptp source address

Hi, pptp vpn between two mikrotik. server mirkotik has 172.16.10.1 for pptp interface and pptp client mirkotik has 172.16.10.2. On server side there is a netwrok 192.168.100/24 and on the clinet side is 192.168.200.0/24. Static routes are added to route traffic for remote network through pptp tunnel...
by mixig
Sun Nov 11, 2012 4:37 pm
Forum: Beginner Basics
Topic: Understanding IPSec VPN. Send initial contact or no?
Replies: 22
Views: 10733

Re: Understanding IPSec VPN. Send initial contact or no?

create static route on each mkt for remote network, or put default route (your wan interface), right now your router doesn t know where to send packet for remote network (in routing table you have only directly connected networks)
by mixig
Sat Nov 10, 2012 12:48 pm
Forum: General
Topic: SIP Issue
Replies: 2
Views: 1055

Re: SIP Issue

Are you using some PBX behind the NAT? or you are just using some sip account on your pc-softphone or something... if you are using pbx you must do static nat on your router, 5060 (SIP) and udp for RTP. input chain allowed udp what you did it is not needed because voip traffic must pass through the ...
by mixig
Sat Nov 10, 2012 12:38 pm
Forum: Beginner Basics
Topic: Allow some users for complete internet access
Replies: 11
Views: 3460

Re: Allow some users for complete internet access

I cannot see any allow rule in there.

Create the required allow rule and place it ahead of the facebook deny rule.
The image above is just help for Latif123 , it is my web proxy not his :)
by mixig
Sat Nov 10, 2012 9:46 am
Forum: Beginner Basics
Topic: Allow some users for complete internet access
Replies: 11
Views: 3460

Re: Allow some users for complete internet access

Dear ,

I am sorry, I dont understand (/ip proxy access print) command. Could you please guide me in slight simple way ,

I know the /ip proxy access command. but dont now ( print) command.
by mixig
Wed Nov 07, 2012 7:22 pm
Forum: Beginner Basics
Topic: How to insert new line in log files?
Replies: 2
Views: 1523

Re: How to insert new line in log files?

Hi,

can you try to open log file with notepad++. Windows notepad doesn`t display unix newline
by mixig
Mon Nov 05, 2012 9:54 pm
Forum: Beginner Basics
Topic: VPN help
Replies: 5
Views: 1776

Re: VPN help

End of course this video below:

http://gregsowell.com/?p=1290 :D
by mixig
Mon Nov 05, 2012 9:51 pm
Forum: Beginner Basics
Topic: Default Route Interface
Replies: 6
Views: 1833

Re: Default Route Interface

what is on ethernet 1? maybe you get default route from antoher side of eth1, maybe ether 2 is not running yet after reboot... do ip route print and c/p
by mixig
Mon Nov 05, 2012 9:44 pm
Forum: General
Topic: Bandwidth shapping problem
Replies: 1
Views: 796

Re: Bandwidth shapping problem

Does ether 2 has two ip addresses? local and public? can you put some topology?
by mixig
Mon Nov 05, 2012 9:06 pm
Forum: General
Topic: Excluding one IP from PCQ Queues
Replies: 2
Views: 3786

Re: Excluding one IP from PCQ Queues

hi,

you can do two rules in mangle, first for ip that you want exclude (passthrough=no, action accept), then second rule your all subnet, so basically your excluded ip will never reach the second rule if you set passthrough=no on the first rule
by mixig
Thu Nov 01, 2012 1:03 pm
Forum: General
Topic: PPPoE Client problem (some pages are slow)
Replies: 4
Views: 2574

Re: PPPoE Client problem (some pages are slow)

sry, which router do you mean?

the mikrotik or adsl router one?

Connect your PC directly to your adsl router, and than ping the same pages, what are the results?
by mixig
Thu Nov 01, 2012 12:56 pm
Forum: General
Topic: Limiting users download speed after certain cap is reached
Replies: 2
Views: 1303

Re: Limiting users download speed after certain cap is reach

http://www.tiktube.com/video/mJeK3iHGhLKLIKImpnCsFrHvnlIomlpG= http://www.tiktube.com/video/JpcD3eCChqGnDlJFJEEsCvExClIoEKDH= http://www.tiktube.com/video/LGcm3foDdlKIoHImKoHwDulxLlColHEJ= and wiki has some material about that, also there are some good examples, note: use official wiki (http://wiki....
by mixig
Thu Nov 01, 2012 12:51 pm
Forum: General
Topic: Multi WAN load balancing. can't login to some website.
Replies: 1
Views: 1272

Re: Multi WAN load balancing. can't login to some website.

Hi, for "Per Connection Classifier" in mangle what do you use? Try to use only src-address, so you will always go through the same wan interface, hash algorithm will get always the same result. It is not best option for the load balancing but everything will work http://www.tiktube.com/vid...
by mixig
Thu Nov 01, 2012 12:42 pm
Forum: Beginner Basics
Topic: RouterBoard 750 GL
Replies: 4
Views: 2276

Re: RouterBoard 750 GL

Best way you can do is load balancing

http://www.tiktube.com/video/GEfq3hCljL ... uIlGopKGp=

and pdf from that video is here http://mum.mikrotik.com/presentations/US12/steve.pdf
by mixig
Tue Oct 30, 2012 6:51 pm
Forum: General
Topic: I lose time, date, and graph data when i reboot RB450G
Replies: 3
Views: 1556

Re: I lose time, date, and graph data when i reboot RB450G

For graphing you can choose to save to disk instead memory so after reboot you will still have your data information
by mixig
Tue Oct 30, 2012 5:10 pm
Forum: General
Topic: IPsec site to site problem
Replies: 4
Views: 1912

Re: IPsec site to site problem

I also have one situation mikrotik-mikrotik, and only one side can trigger ipsec tunnel, i also solved that with ping count=x :)
by mixig
Tue Oct 30, 2012 9:22 am
Forum: General
Topic: IPsec site to site problem
Replies: 4
Views: 1912

Re: IPsec site to site problem

Hi,

didi you allow port 500 udp and esp protocol on both mikrotik (input chain)?
by mixig
Mon Oct 29, 2012 11:06 pm
Forum: General
Topic: IPSec Tunnel Creation
Replies: 8
Views: 49773

Re: IPSec Tunnel Creation

Ah I have not. Can I allow it from only the external interfaces of both sites?
yep

I will try it when I get home and let you know how it goes.
ok
by mixig
Mon Oct 29, 2012 10:46 pm
Forum: SwOS
Topic: Ping time very strange - SOLVED
Replies: 5
Views: 4320

Re: Ping time very strange

It should be 0ms, maybe bad cable? Tried with different computer?
by mixig
Mon Oct 29, 2012 10:43 pm
Forum: Beginner Basics
Topic: Route specific IP address ranges through either WAN1 or 2
Replies: 8
Views: 5814

Re: Route specific IP address ranges through either WAN1 or

can you copy/paste mangle and ip route config?
by mixig
Mon Oct 29, 2012 10:31 pm
Forum: General
Topic: Public ip tunnel
Replies: 3
Views: 1104

Re: Public ip tunnel

Why are you using public ip addresses in pptp profile? Also when you have ip address for pptp client which is in the same subnet as some port on pptp server you must put proxy-arp under that interface on pptp server. Also if you want to go to internet over the pptp server you can set that option in ...
by mixig
Mon Oct 29, 2012 8:12 pm
Forum: General
Topic: IPSec Tunnel Creation
Replies: 8
Views: 49773

Re: IPSec Tunnel Creation

Hi,

did you allow port 500 udp and esp on both mikrotiks (input chain)?
by mixig
Mon Oct 29, 2012 12:00 pm
Forum: General
Topic: Public ip tunnel
Replies: 3
Views: 1104

Re: Public ip tunnel

What exactly is not working? Did you allow PPTP from outside to the router? if not allow tcp port 1723 to the router (input chain).You can use your home rpouter as a clinet and another one as a server because it ha fixed public IP
by mixig
Mon Oct 29, 2012 11:51 am
Forum: General
Topic: SIP TLS problem
Replies: 0
Views: 1004

SIP TLS problem

Hi, I have a strange problem with passing SIP TLS through mikrotik. On mikrotik i have bridge port (eth1 and eth2). On that bridge port I have public ip addresses from my provider (/24). Some of them are on the bridge port some of them are on the comupter. One of the public IP addresses are on the V...
by mixig
Mon Oct 29, 2012 9:49 am
Forum: Beginner Basics
Topic: QOS basics
Replies: 1
Views: 1020

Re: QOS basics

QoS is locally significant for that router, waht you can do is marking the traffic and do QoS on each router through the packet will pass
by mixig
Mon Oct 29, 2012 9:47 am
Forum: Beginner Basics
Topic: P2P Backbone on hilly terrain
Replies: 6
Views: 1613

Re: P2P Backbone on hilly terrain

Hi,

I am not wireless expert but SXT will solve your problems, you can build transparent wireless links with them... check on tiktube, there is a workshop for point-to-point wireless links with SXT
by mixig
Mon Oct 29, 2012 9:42 am
Forum: Beginner Basics
Topic: need help in simple portforwarding rules
Replies: 2
Views: 1156

Re: need help in simple portforwarding rules

Hi,

when you were configured your port forwarding from outside to inside did you add incoming interface (your public interface) for that rule? If no the rule will be global so every traffic for dst port 3389 will forward back to your inside computer.
by mixig
Thu Oct 25, 2012 11:21 pm
Forum: General
Topic: webfig access via public ip
Replies: 25
Views: 46964

Re: webfig access via public ip

@paka

disable http an d www and https command

ip service disable numbers=2,4


http://wiki.mikrotik.com/wiki/Manual:IP/Services
by mixig
Thu Oct 25, 2012 10:57 pm
Forum: General
Topic: Need secure tunnel on existing bridge
Replies: 2
Views: 932

Re: Need secure tunnel on existing bridge

need secure tunnel on existing bridge......

Eoip, gre, ipip totally unsecured.... but gre with ipsec...
by mixig
Thu Oct 25, 2012 10:53 pm
Forum: General
Topic: Move from ECMP to PCC load balancing
Replies: 16
Views: 4361

Re: Move from ECMP to PCC load balancing

yep, need to adjust that passthrough=yes on some places

also check this and you will be ready to go with PCC


http://www.tiktube.com/video/GEfq3hCljL ... uIlGopKGp=

and pdf from that video is here http://mum.mikrotik.com/presentations/US12/steve.pdf
by mixig
Thu Oct 25, 2012 10:49 pm
Forum: General
Topic: Create IPsec VPN secure channel
Replies: 7
Views: 2796

Re: Create IPsec VPN secure channel

in policy you put src-address=152.21.XXX.0/24 and dst-address=152.12.100.1/32 , on the cisco side must be mirror of that... also check proposals again for phase 2 in first post before editing you was talkin about 169.x.x.x networks, in the picture there are 192.168.x.x networks, now in last post ano...
by mixig
Tue Oct 23, 2012 6:14 pm
Forum: General
Topic: VRRP tracking interface
Replies: 4
Views: 4551

Re: VRRP tracking interface

I am on DHCP so i cant ping gateway, script which will be ping outside ip it must always be active and even with that it will not automaticaly low priority (if ping is setup e.g. every 10 sec, and there is an extra overhead on mikrotik) on the master mikrotik. So pppoe status will be good, if it is ...
by mixig
Tue Oct 23, 2012 1:30 pm
Forum: General
Topic: VRRP tracking interface
Replies: 4
Views: 4551

VRRP tracking interface

Hi, two mikrotik routers on the same lan segment, one master, the second one backup, in lan area it`s working how it should be. How to configured mikrotik to low priority if wan interface is done, or if some ip address from the internet is not up (in cisco in hsrp we can do tracking interface using ...
by mixig
Mon Oct 22, 2012 7:07 pm
Forum: General
Topic: Create IPsec VPN secure channel
Replies: 7
Views: 2796

Re: Create IPsec VPN secure channel

Watch this video...

http://gregsowell.com/?p=1290

after that you will know how to setup ipsec :D
by mixig
Mon Oct 22, 2012 7:05 pm
Forum: General
Topic: Deny DHCP to issue the same ip
Replies: 7
Views: 1845

Re: Deny DHCP to issue the same ip

Can you create no-ip or dyndns account and put the script which will update your account with currnet public ip, for that you also need to create schedule. so after that you can you your domain name e.g. xxyyy.no-ip.org and that will be pointing to your public ip, to your mikrotik...
by mixig
Mon Oct 22, 2012 6:58 pm
Forum: Beginner Basics
Topic: RB750G WEBFIG 5.21 need to set STATIC internet connection
Replies: 3
Views: 1515

Re: RB750G WEBFIG 5.21 need to set STATIC internet connectio

Choose one of your lan ports (port 1 e.g.) on mikrotik and put ip address : xx.xx.xx.53, subnet mask is : 255.255.255.248 which is equal /29, so your ip address on mikrotik will be xx.xx.xx.53/29 then go to : IP-Routes add new route and put destination 0.0.0.0/0 , and below put gateway: xx.xx.xx.49 ...
by mixig
Mon Oct 22, 2012 4:38 pm
Forum: General
Topic: Create IPsec VPN secure channel
Replies: 7
Views: 2796

Re: Create IPsec VPN secure channel

Did you allow in input chain protocol 500 and protocol esp on your mikrotik ? your proposal must be mirroring your lan as source another side lan dst address: mkt: src-add 169.24.xxx.0/24 dst-add 169.12.xxx.0/24 also you must exclude that traffic from NAT, put this command on the top of your NAT sec...
by mixig
Fri Oct 19, 2012 2:25 pm
Forum: General
Topic: [SOLVED]PPTP VPN on RB750
Replies: 4
Views: 1280

Re: PPTP VPN on RB750

yep, if your lan is on ether3, go to the interface menu and select that interface and change ARP:Enabled to ARP: Proxy-arp
by mixig
Fri Oct 19, 2012 1:46 pm
Forum: General
Topic: [SOLVED]PPTP VPN on RB750
Replies: 4
Views: 1280

Re: PPTP VPN on RB750

go to your lan interface and in general tab select ARP: proxy-arp, by default is : Enabled

then try pinging that computer again
by mixig
Thu Oct 18, 2012 11:20 pm
Forum: Beginner Basics
Topic: Remove default bridge so each port is seperate.
Replies: 4
Views: 6471

Re: Remove default bridge so each port is seperate.

ok. Last question. Can you explain to me after i have removed the ports from the bridge and deleted the bridge. How do set up the wireless connection on its own port ? I will be using winbox and i wil be setting up each port so it is independent of the other ports and giving it access thru my modem...
by mixig
Thu Oct 18, 2012 11:15 pm
Forum: General
Topic: access to local mkt when route all traffic to ipsec
Replies: 1
Views: 669

access to local mkt when route all traffic to ipsec

Policy based ipsec, all remote locations are having mkt and they are routing ALL traffic into the ipsec tunnel and traffic is going to the central location. Everything is working but the problem is that i cannot access or ping my mikrotik from local network (remote locations). From central location ...
by mixig
Thu Oct 18, 2012 12:09 pm
Forum: General
Topic: Route based IPSec MKT-Sonicwall
Replies: 3
Views: 2234

Re: Route based IPSec MKT-Sonicwall

I also find this one: Feature/Application: How to Configure a Tunnel Interface VPN (Route-based VPN) between two SonicWALL UTM appliances. Background: The advantages of Tunnel Interface VPN (Route-Based VPN) between two SonicWALL UTM appliances include: 1) the network topology configuration is remov...
by mixig
Thu Oct 18, 2012 12:02 pm
Forum: General
Topic: Route based IPSec MKT-Sonicwall
Replies: 3
Views: 2234

Route based IPSec MKT-Sonicwall

Hi, currently we have policy based ipsec between sonicwall and MKT. Now we want to changed that with route based. Is any of you done this kind of the setup? MKT support gre and ipip and sonicwall in my opinion doesnt support that features, i found only this for sonicwall: Do SonicWALL security appli...
by mixig
Tue Oct 16, 2012 11:52 pm
Forum: General
Topic: All traffic into ipsec
Replies: 0
Views: 553

All traffic into ipsec

Hi, MKT is remote office, the goal is route all users traffic via ipsec to central location. Central location isn`t a MKT and has static public IP. Assume that MKT on remote office has 192.168.10.0/24 network. How does the config is look like for IPsec on that MKT? What would be the src address and ...
  • 1
  • 2