Community discussions

MikroTik App

Search found 385 matches

  • 1
  • 2
by butche
Wed Sep 04, 2019 7:28 pm
Forum: Scripting
Topic: creating dhcp leases (mac math)
Replies: 1
Views: 2158

creating dhcp leases (mac math)

I am trying to duplicate an issue reported by a customer. The specific issue is that he has about 4k static dhcp leases (written by a billing system) and he cannot export that list for backup. He can VIEW the list (all 4k), but on export, he only gets the first 1000 items in the list. SO...I am tryi...
by butche
Fri Dec 21, 2018 6:52 pm
Forum: SwOS
Topic: CRS112-8P-4S SwOS Version
Replies: 4
Views: 6082

Re: CRS112-8P-4S SwOS Version

I would like to see this answer, too. No response at all from Mikrotik?
by butche
Thu Oct 18, 2018 7:13 pm
Forum: General
Topic: Winbox issue under wine
Replies: 3
Views: 1292

Re: Winbox issue under wine

That's all great, but "it works for me" isn't any help. As I stated in my original post, " it worked for me for YEARS", so if that was the solution, I would not have had to post. I apologize if this sounds rude, but WOW!
by butche
Thu Oct 18, 2018 1:55 am
Forum: General
Topic: Winbox issue under wine
Replies: 3
Views: 1292

Winbox issue under wine

Running wine 3.17. Winbox runs fine for the most part however, when it attempts to connect to a device using IP (v4 or v6), it is unable to do so. The program does not crash, but it doesn't move forward. I can cancel the attempt and the behaviour is what SHOULD happen with cancel (goes back to the c...
by butche
Tue Apr 10, 2018 9:24 am
Forum: Forwarding Protocols
Topic: BGP wierdness?
Replies: 5
Views: 2164

Re: BGP wierdness?

Butche - nice to see you again (over the forums hehe) Good to see you, too, Sam. :-) I have run into this exact problem and am super happy you posted that link - its exactly what I need to do here because ospf just ain't cutting it. I want to read up more on this solution and see if it will help me...
by butche
Mon Apr 09, 2018 10:41 pm
Forum: Forwarding Protocols
Topic: BGP wierdness?
Replies: 5
Views: 2164

Re: BGP wierdness?

MPLS does not simplify what I am trying to accomplish. Thanks anyway.
by butche
Fri Apr 06, 2018 8:40 pm
Forum: Forwarding Protocols
Topic: BGP wierdness?
Replies: 5
Views: 2164

BGP wierdness?

I am building something similar to this: http://www.stubarea51.net/2017/05/27/wisp-design-using-ebgp-and-ospf-transit-fabric-for-traffic-engineering/ Network looks like this: netmap.jpeg In this network, there is OSPF everywhere. OSPF is all the same config (well, nearly so) as follows: /routing osp...
by butche
Fri Mar 30, 2018 5:00 am
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 142377

Re: Urgent security advisory

Why isn't this NPK available for everyone? If winbox, webfig, etc can't show proper indicators of compromise then it's important that we can use CLI tools to verify there are no rogue binaries, especially as the screenshots seem to demonstrate that the updated RouterOS doesn't actually remove persi...
by butche
Thu Mar 29, 2018 11:07 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 142377

Re: Urgent security advisory

Hello, good morning, in case of mass update, more than 320 equipments, is there any script?
I wrote one in perl that can do this sort of thing. There are some example methods on the wiki for how to automate a bunch of this as well.
by butche
Thu May 11, 2017 12:21 am
Forum: The Dude
Topic: Downgrading
Replies: 4
Views: 1410

Re: Downgrading

yeah...I would RATHER upgrade them both, but I cannot. It is not MY service. Maybe you didn't read the full post?
by butche
Wed May 10, 2017 11:08 pm
Forum: The Dude
Topic: Downgrading
Replies: 4
Views: 1410

Downgrading

I have 2 customers running older versions of the Dude. One is running 3.6 and the other 4beta3. The client running version 3.6 needs some work done on a dude server and for various reasons, it is easier to do it from the machine running the 4beta3 client. SO...here is what I would like to do: 1. Imp...
by butche
Sat Mar 25, 2017 8:50 pm
Forum: Scripting
Topic: REGEX
Replies: 3
Views: 4346

Re: REGEX

I realize that is what is matches. That is the issue. What I NEED it to match is a NAME that contains "HT" in the string. What am I missing?
by butche
Sat Mar 25, 2017 7:55 pm
Forum: Scripting
Topic: REGEX
Replies: 3
Views: 4346

REGEX

I have the following test in a script: :if ($"SPEED"~"384k/1M" && !($"NAME"~".*HT*" || $"NAME"~".*CAS*" ) ) do= This correctly matches when the script name is: HTxxx xxHTxxx And other combinations. It ALSO matches for ANY name that ...
by butche
Mon Jan 23, 2012 11:36 am
Forum: General
Topic: Quickset (new in v5.12)
Replies: 76
Views: 54138

Re: Quickset (new in v5.12)

Not for me, but it looks like many will find it useful. Suggestion: Add checkbox option to remove the built-in input firewall on these devices. You may want to go a bit further than that with the firewall, but still that is an option that would be needed.
by butche
Mon May 16, 2011 8:46 pm
Forum: General
Topic: Winbox + Wine = Black Borders
Replies: 20
Views: 13316

Re: Winbox + Wine = Black Borders

[HKEY_CURRENT_USER\Software\Wine\X11 Driver]
"ClientSideWithRender"="N"
Awesome! Where in the world did you find this? I've googled for WEEKS!
by butche
Mon May 16, 2011 8:42 pm
Forum: General
Topic: Winbox + Wine = Black Borders
Replies: 20
Views: 13316

Re: Winbox + Wine = Black Borders

it is a long shot, but if you have Intel card you should try to upgrade your drivers. There are reports of different windows programs having these black artefacts in simple UI interface using wine on different flavours of Linux. check if you are running xf86-video-intel 2.12.0 or newer if so, try t...
by butche
Tue May 10, 2011 10:06 pm
Forum: General
Topic: Winbox + Wine = Black Borders
Replies: 20
Views: 13316

Re: Winbox + Wine = Black Borders

You might find this interesting; http://support.microsoft.com/kb/315338 Perhaps the other files are in there too. I've seen that one as well as the other one you mentioned. I don't have a windows xp (or windows anything for that matter) CD. I don't use Windows, so those are not an option. Thanks fo...
by butche
Tue May 10, 2011 10:01 pm
Forum: General
Topic: Winbox + Wine = Black Borders
Replies: 20
Views: 13316

Re: Winbox + Wine = Black Borders

There is no hope. Cus mikritik said: "winbox and the dude working perfect on wine and you dont need linux native versions". LOL
I don't need a native Linux version. I just need to find the proper fonts.
by butche
Tue May 10, 2011 10:00 am
Forum: General
Topic: Winbox + Wine = Black Borders
Replies: 20
Views: 13316

Re: Winbox + Wine = Black Borders

I think I'm on the track to fixing this issue. When I debug wine as it is loading winbox, it is looking for (and not finding) these font files: vgaoem.fon,vgafix.fon,serife.fon

Anyone have an idea where I can find these?
by butche
Fri Apr 22, 2011 9:27 am
Forum: General
Topic: Winbox + Wine = Black Borders
Replies: 20
Views: 13316

Re: Winbox + Wine = Black Borders

I am seeing this, too. At one time, there was a problem with the fonts (you need msttcorefonts installed). I have installed 2 versions of these fonts and still this problem persists. I just removed my .wine directory to ensure that my wine customizations were not causing this issue. I am using Fedor...
by butche
Tue Feb 01, 2011 3:42 am
Forum: General
Topic: Noob IPv6 question
Replies: 29
Views: 6270

Re: Noob IPv6 question

This firewall is NOT intended as a firewall useful for a public server network. This is a portion of the firewall used on my home/office network where I need just basic IP connectivity OUTBOUND. This simple configuratino will mimic the behavior of NAT. These first 3 rules simply define who can conne...
by butche
Mon Jan 31, 2011 10:07 pm
Forum: General
Topic: Noob IPv6 question
Replies: 29
Views: 6270

Re: Noob IPv6 question

I assume that you have the MT connected right now to the Cox network, along with a private interface on your LAN. Your XP machine would be connected via the LAN interface of the MT. (these are just my assumptions). We also have to assume (I think this is a REALLY good guess) that Cox will be offerin...
by butche
Mon Jan 31, 2011 5:51 pm
Forum: General
Topic: Noob IPv6 question
Replies: 29
Views: 6270

Re: Noob IPv6 question

It is most likely that they are using DHCPv6 PD (prefix delegation). In this way, they do not have to do static routes for each client. Does Cox use DHCP for their v4 network or is it a PPPoE connection? Either way, check out http://forum.mikrotik.com/viewtopic.php?f=2&t=47883 for a bit more inf...
by butche
Mon Jan 31, 2011 6:46 am
Forum: General
Topic: Noob IPv6 question
Replies: 29
Views: 6270

Re: Noob IPv6 question

I dont see support for DHCPv6 in the release notes for 5.0rc... As cox will do what most ISP's are doing for IPv6 it might be a good idea to have a thread or example manual page with a how to on setting up IPv6 for these situations for us noobs. There is no current support for DHCPv6 in MT. They ha...
by butche
Mon Jan 31, 2011 3:58 am
Forum: General
Topic: Noob IPv6 question
Replies: 29
Views: 6270

Re: Noob IPv6 question

I'm not certain how you would go about participating in the Cox trials. I suspect they will use DHCPv6 with prefix delegation. Do you have a link to their trial documentation?
by butche
Mon Jan 31, 2011 12:43 am
Forum: General
Topic: problem : how to control connections for one download?
Replies: 11
Views: 4422

Re: problem : how to control connections for one download?

You may want to incorporate some form at dst-limit in your match. If you want to ensure it is a download, you'll want to be certain to include a packet-size matcher. You can find documentation for dst-limit here: http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter (the others are there, too). ds...
by butche
Sat Jan 29, 2011 7:17 pm
Forum: General
Topic: What is different?!
Replies: 2
Views: 1074

Re: What is different?!

You can use the USB modems from a number of manufacturers. The supported list is here: http://wiki.mikrotik.com/wiki/Supported ... e#3G_cards
Note that that is a user edited list (not MT).
by butche
Fri Jan 28, 2011 10:27 am
Forum: General
Topic: IPv6 TODO
Replies: 54
Views: 15197

Re: IPv6 TODO

- IP Pool support; for PPP and DHCP (to manage networks instead of addresses) This will help. - IPv6 Address auto-configuration from other routers Will this be something that works for all address types or just link-local? If the MT is in router mode, wouldn't this break the specification? Or is th...
by butche
Fri Jan 28, 2011 10:06 am
Forum: General
Topic: Roadmap for IPv6?
Replies: 98
Views: 30706

Re: Roadmap for IPv6?

DHCPv6/PD is really among the most important features needed. I have sent MY request to support@mikrotik.com. If EVERY one of you who want a useful feature would do the same, then perhaps we'd get a little developer time on this. While I think this is important, there are other features that are alm...
by butche
Fri Jan 28, 2011 9:41 am
Forum: General
Topic: how to share 2 different internet connection in LAN
Replies: 2
Views: 942

Re: how to share 2 different internet connection in LAN

One method to share the lines: http://wiki.mikrotik.com/wiki/Manual:PCC Another: http://wiki.mikrotik.com/wiki/Policy_Routing_in_RouterOS_3.x (not an exact solution, but it is what you want) Still another: http://blog.butchevans.com/2008/09/mikrotik-policy-routing-implementation-example/ (a little o...
by butche
Fri Jan 28, 2011 4:25 am
Forum: General
Topic: pptp ppp attack!
Replies: 3
Views: 5182

Re: pptp ppp attack!

There are a number of methods that you could use. I am not vouching for the 100% security of any of them, but some ideas are: 1. Set up a port knocking application that will be required prior to accessing the pptp server (there's an example in the wiki here: http://wiki.mikrotik.com/wiki/Securing_Ne...
by butche
Fri Jan 28, 2011 2:42 am
Forum: General
Topic: pptp ppp attack!
Replies: 3
Views: 5182

Re: pptp ppp attack!

Do you have the pptp server running? If so, do you need it? If you do NOT need it, then:
/interface pptp-server server set enabled=no
by butche
Fri Jan 28, 2011 2:13 am
Forum: General
Topic: Layer 7 to match http by IP
Replies: 2
Views: 1648

Re: Layer 7 to match http by IP

Thanks, fewi! I have tried MANY variations without success. I can't believe I missed this one.
by butche
Thu Jan 27, 2011 11:14 pm
Forum: General
Topic: Filtering HTTPS Traffic
Replies: 3
Views: 1190

Re: Filtering HTTPS Traffic

Yes
by butche
Thu Jan 27, 2011 8:43 pm
Forum: General
Topic: FreeRadius+Mikrotik+Option 82
Replies: 10
Views: 10783

Re: FreeRadius+Mikrotik+Option 82

So you have a RouterOS DHCP relay sending option82? I'd be interested to see that config (on the MT side).
by butche
Thu Jan 27, 2011 8:36 pm
Forum: General
Topic: Filtering HTTPS Traffic
Replies: 3
Views: 1190

Re: Filtering HTTPS Traffic

Hotspot is a good way to do this. Just make the hotspot splash page that says something like "The page you are trying to access is not accessible on this network".
by butche
Thu Jan 27, 2011 7:18 am
Forum: General
Topic: Layer 7 to match http by IP
Replies: 2
Views: 1648

Layer 7 to match http by IP

I am trying to build what I thought would be a very simple layer 7 filter. Turns out, it's not so simple (or I'm just too slow). I am trying to build a filter that will match on any attempt to open a website by IP. For example, I am wanting to match http://10.10.10.10. I have tried matching based on...
by butche
Mon Jan 03, 2011 9:42 pm
Forum: General
Topic: Prioritizing Traffic with Unknown Link Capacity
Replies: 20
Views: 5483

Re: Prioritizing Traffic with Unknown Link Capacity

It has been a while since I first posed this question.
Has anybody come up with a solution since?
It works as I showed early on in the thread. At least I can say it works here. I'm not sure what isn't working there. There is still no way to specify speed limits (or reservations) as a percentage.
by butche
Sat Dec 18, 2010 9:03 pm
Forum: General
Topic: PPTP + EoIP on 3 zones / 2 buildings
Replies: 7
Views: 2678

Re: PPTP + EoIP on 3 zones / 2 buildings

The interface facing the other router will need an IP address. This IP is used for the PPtP tunnel. The PPtP tunnel has an IP on both ends (of course) and this IP is used to terminate the EoIP tunnel. The Bridge that is used to bridge the EoIP tunnel and some other interface has an IP for the purpos...
by butche
Fri Dec 17, 2010 8:34 pm
Forum: General
Topic: PPTP + EoIP on 3 zones / 2 buildings
Replies: 7
Views: 2678

Re: PPTP + EoIP on 3 zones / 2 buildings

This has moved beyond what I can offer free support for. Perhaps some others can offer input. FWIW, the configuration you posted looks fine at first glance, other than IP assignments, which belong on the bridge (not the physical interface) The information I offered works here in my lab and in the 4 ...
by butche
Fri Dec 17, 2010 10:43 am
Forum: General
Topic: PPTP + EoIP on 3 zones / 2 buildings
Replies: 7
Views: 2678

Re: PPTP + EoIP on 3 zones / 2 buildings

Yes there is. You simply configure the dhcp server on the appropriate bridge interface. You can refer to the wiki for more information on that.
by butche
Thu Dec 16, 2010 9:14 pm
Forum: General
Topic: PPTP + EoIP on 3 zones / 2 buildings
Replies: 7
Views: 2678

Re: PPTP + EoIP on 3 zones / 2 buildings

One PPtP tunnel will be fine. You will create a unique EoIP tunnel (unique tunnel-id) for each "zone". You will create a unique bridge per "zone" as well. Something like: /interface bridge add name=zoneAbridge add name=zoneBbridge (and so forth) Then, you will add (under /interfa...
by butche
Fri Nov 05, 2010 4:59 am
Forum: General
Topic: Firewall rule
Replies: 18
Views: 5042

Re: Firewall rule

AFAIR, p2p matcher is from http://www.ipp2p.org/ This is correct. At least testing shows approximately the same counts between a standard linux install and MT. Also options look the same. p.s. wow!.. a month ago http://www.opendpi.org/ was integrated into the Linux Netfilter! MT, should we wait for...
by butche
Fri Nov 05, 2010 12:33 am
Forum: General
Topic: Firewall rule
Replies: 18
Views: 5042

Re: Firewall rule

fewi i don't understand!
What is it that you don't understand? The P2P matcher is not perfect. The best approach to "detecting" p2p is to identify all things that are NOT p2p and then assume the remainder IS p2p.
by butche
Thu Nov 04, 2010 4:51 am
Forum: General
Topic: Firewall rule
Replies: 18
Views: 5042

Re: Firewall rule

The built in P2P matcher is old. The better approach is still to not detect P2P and deal with it, but to deal with all protocols you can easily detect and prioritize and shape, and then deal with 'the rest', which will include P2P. FWIW, this is EXACTLY what my QOS does. It really is the only way. ...
by butche
Mon Aug 16, 2010 7:17 pm
Forum: General
Topic: DHCP use Wildcard MAC to select pool?
Replies: 10
Views: 4080

Re: DHCP use Wildcard MAC to select pool?

Just to clarify your post, does the MAC listed in radius have to be specific or can it be done thru a wildcard entry somehow like 0a:00:3e:*:*:*?
This depends on your radius server (not MT).
by butche
Tue Mar 09, 2010 6:36 pm
Forum: Beginner Basics
Topic: Basic router setup guide/tutorial ?
Replies: 97
Views: 42735

Re: Basic router setup guide/tutorial ?

Try manually setting the DNS entry on the PC and see if it works then. That will tell you if the problem is DNS related.
by butche
Mon Mar 08, 2010 10:52 pm
Forum: Beginner Basics
Topic: Basic router setup guide/tutorial ?
Replies: 97
Views: 42735

Re: Basic router setup guide/tutorial ?

Sounds like an IE problem to me. Did you try another browser? If you can get out with other programs, but not IE, then it is not a MT config issue. Try going to other web pages (http://www.google.com for example)
by butche
Mon Mar 08, 2010 9:33 pm
Forum: Beginner Basics
Topic: Basic router setup guide/tutorial ?
Replies: 97
Views: 42735

Re: Basic router setup guide/tutorial ?

Set the out interface on the nat rule to "Internet"
by butche
Mon Mar 08, 2010 9:02 pm
Forum: Beginner Basics
Topic: Basic router setup guide/tutorial ?
Replies: 97
Views: 42735

Re: Basic router setup guide/tutorial ?

Post the information that I requested above (Posted: Fri Mar 05, 2010 7:51 am) and I can try to help.
by butche
Mon Mar 08, 2010 7:27 pm
Forum: Beginner Basics
Topic: Basic router setup guide/tutorial ?
Replies: 97
Views: 42735

Re: Basic router setup guide/tutorial ?

Select this text, copy to clipboard, paste into a notepad. Edit the pppoe username and password. Copy and paste into a new terminal window in winbox: # Remove the portions of the config that may be a problem /interface bridge port remove [find] /interface bridge remove [find] /ip route remove [find]...
by butche
Mon Mar 08, 2010 5:46 pm
Forum: Beginner Basics
Topic: Basic router setup guide/tutorial ?
Replies: 97
Views: 42735

Re: Basic router setup guide/tutorial ?

So what is wrong with my settings? I see several problems. How do you obtain a public IP? Do you use PPPoE? Do you use DHCP-Client? You did not supply all of the information I requested, so it is hard to tell. If you can just answer the question about how you get your public, I can provide you with...
by butche
Fri Mar 05, 2010 7:29 am
Forum: Beginner Basics
Topic: Basic router setup guide/tutorial ?
Replies: 97
Views: 42735

Re: Basic router setup guide/tutorial ?

Zap, You are making this WAY too hard. First, log in by winbox, then click on the "New Terminal" and type the following commands: /ip route print /ip address print /ip firewall nat print /ip dhcp-server print /ip dhcp-server network print /ip dhcp-server lease print After each command, hig...
by butche
Tue Feb 09, 2010 2:38 am
Forum: Beginner Basics
Topic: Masquerade problem private ip to public
Replies: 9
Views: 3057

Re: Masquerade problem private ip to public

/ip hotspot ip-binding add address=172.20.0.0/16 comment="" disabled=no server=hotspot1 add address=0.0.0.0/0 comment="" disabled=no server=hotspot1 type=blocked The second statement (with address=0.0.0.0/0) should NOT be needed, other than it will block any IP space that is not...
by butche
Tue Feb 09, 2010 12:28 am
Forum: Beginner Basics
Topic: Masquerade problem private ip to public
Replies: 9
Views: 3057

Re: Masquerade problem private ip to public

Your rule looks right. If what you have is: hotspot <--> CPE/NAT to 192.168.1.0/24 (bridged interfaces between hotspot and CPE are not relevant) If you have that setup AND you are seeing the 192.168.1.0/24 addresses on the hotspot AND you have the rule you posted on the CPE, then there is a problem ...
by butche
Sun Feb 07, 2010 6:55 am
Forum: Beginner Basics
Topic: new user
Replies: 4
Views: 1320

Re: new user

My blog has several tutorials as well at http://blog.butchevans.com/.
by butche
Sun Feb 07, 2010 6:52 am
Forum: Beginner Basics
Topic: Masquerade problem private ip to public
Replies: 9
Views: 3057

Re: Masquerade problem private ip to public

In you second description: RB433AH(with HotSpot config)----ETH-BRIDGE----AP(COMPEX)=-=-=-=-WIFI=-=-=-=-CLIENT-CPE---------PRIVATE-LAT-ETH ENABLE DHCP 172.20.1.1/24 172.20.1.2 172.20.1.100 MASQ 192.168.1.1/24 ON ETH WLAN ETH You are showing that you are masquerading the 192.168.1.1/24 IP. That isn't ...
by butche
Sun Feb 07, 2010 6:41 am
Forum: Beginner Basics
Topic: 2 MTs, 2 ISP, Dst-nat to 1 local IP
Replies: 3
Views: 1925

Re: 2 MTs, 2 ISP, Dst-nat to 1 local IP

Do separate traffic to the 2 upstreams, you can use policy routing: http://blog.butchevans.com/2008/09/mikrotik-policy-routing-implementation-example/ is one tutorial. You can "automate" the route selection with PCC: http://wiki.mikrotik.com/wiki/PCC or you can use many other methods liste...
by butche
Sat Feb 06, 2010 10:22 pm
Forum: Beginner Basics
Topic: 2 MTs, 2 ISP, Dst-nat to 1 local IP
Replies: 3
Views: 1925

Re: 2 MTs, 2 ISP, Dst-nat to 1 local IP

It is possible to do what you want using various tunnels and such, but why not make it simpler and just put your 2 upstream interfaces on the same Mikrotik? If they are not in the same location, then you will have to build tunnels or use a combination of src-nat and dst-nat (which may be an easier s...
by butche
Mon Jan 25, 2010 4:41 am
Forum: General
Topic: RouterOS v4.5 released
Replies: 92
Views: 28415

Re: RouterOS v4.5 released

Conclusion to me : The solution is increse hw-retries to 10 or 15 slove the case Suggestion : If possible in the upgrade process MK can verify and correct if necessary the hw-retries problem..... My question to Mikrotik is this: If increasing the hw retries is a fix, then WHY is this only a problem...
by butche
Wed Jan 13, 2010 7:08 am
Forum: Beginner Basics
Topic: Router Config Question
Replies: 1
Views: 750

Re: Router Config Question

I have a server with three NIC cards installed and would like to use RouterOS to so I can get rid of two routers I currently have. I'm not sure how to configure RouterOS in this situation, I was thinking about connecting the DSL modem to a switch like I have it now, the connecting two NICs to the s...
by butche
Wed Jan 13, 2010 7:05 am
Forum: Beginner Basics
Topic: Best possible solution for Private IP
Replies: 2
Views: 930

Re: Best possible solution for Private IP

In it's simplest form, adding a pppoe client is: /interface pppoe-client add interface=ether1 user=user password=passwd disabled=no In the above example, ether1 is connected to the dsl modem. As you mentioned, you would have to set the DSL modem up as a bridge to allow your pppoe session to pass thr...
by butche
Tue Jan 12, 2010 8:02 pm
Forum: Beginner Basics
Topic: How to Reset Without Shorting The Mikrotik Board?
Replies: 17
Views: 4330

Re: How to Reset Without Shorting The Mikrotik Board?

If you don't know the password, the you need a null modem cable and netinstall. I think there may be a way to do it now all over ethernet (for the 750 at least). Search the forum for the how-to.
by butche
Tue Jan 12, 2010 7:56 pm
Forum: Beginner Basics
Topic: Need help with IP subnet RB433AH
Replies: 6
Views: 2115

Re: Need help with IP subnet RB433AH

Now i have 5 ip adreses, Ether1 uses one of them, how to translate another 4 IP adreses into interface Ether2 and Ether3 Network 10.10.10.176/29 Ether1 is 10.10.10.178/29 I need to translate other IP adreses into Ether2 and Ether3 Ether2 will be 10.10.10.179-180 Ether3 will be 10.10.10.181-182 :( I...
by butche
Mon Jan 11, 2010 10:51 pm
Forum: General
Topic: Bandwidth management x QoS
Replies: 6
Views: 1680

Re: Bandwidth management x QoS

How is the traffic flow between the Queue Trees and the Simple Queues? Does the traffic go first through the Simple Queues or through the Queue Trees? It depends. Simple queues can limit traffic in one or more of global-in, global-out or global-total. See http://wiki.mikrotik.com/wiki/Queue#Simple_...
by butche
Mon Jan 11, 2010 10:43 pm
Forum: General
Topic: security upgrade quote for mik router pay $$$$
Replies: 2
Views: 1038

Re: security upgrade quote for mik router pay $$$$

Contact me at butche@butchevans.com for a quote. (I'm on the consultants list from MT).
by butche
Mon Jan 11, 2010 7:21 pm
Forum: Beginner Basics
Topic: Network suddenly flooded by port 137 & 138 traffic. Help...
Replies: 20
Views: 20267

Re: Network suddenly flooded by port 137 & 138 traffic. Help...

Turns out I left a LAN cable laying around one of the switches, and some idiot cleaning crew thought he somehow dropped it. Hence he plugged it back in. Both ends in the same switch. D'oh! Let the storm begins. Wow! I am glad you found the problem. FWIW, If your switches are capable, this is exactl...
by butche
Mon Jan 11, 2010 5:12 am
Forum: Beginner Basics
Topic: Network suddenly flooded by port 137 & 138 traffic. Help...
Replies: 20
Views: 20267

Re: Network suddenly flooded by port 137 & 138 traffic. Help...

First thing to verify is that the traffic you see in torch, coming from the 192.168.1.210 machine really is coming from that machine. That was the point of the rule I showed you earlier. If it really IS that machine (verify by comparing the mac address and IP from the logs to the actual machine). Se...
by butche
Mon Jan 11, 2010 1:02 am
Forum: Beginner Basics
Topic: Network suddenly flooded by port 137 & 138 traffic. Help...
Replies: 20
Views: 20267

Re: Network suddenly flooded by port 137 & 138 traffic. Help...

You need to add this firewall rule and enable it for just a second or two: /ip firewall filter add chain=input place-before=0 action=log protocol=udp dst-port=137 This will put a filter rule at the top of your input chain that will capture the packet to the local log file. This will show you the mac...
by butche
Mon Jan 11, 2010 12:54 am
Forum: Beginner Basics
Topic: OpenVPN configuration issues
Replies: 3
Views: 2118

Re: OpenVPN configuration issues

You have the local and remote IP configuration on the MT screenshots using the same IP. That may not be the only problem, but that won't work.
by butche
Sun Jan 10, 2010 12:43 am
Forum: General
Topic: Routing Private management IP's
Replies: 6
Views: 2540

Re: Routing Private management IP's

So, you have something like: Network YOU are on <--> Router <--> 169.254.0.0/26 AND some publics for customers Is that correct? If so, you have an IP address that is the gateway for the customers assigned to some interface on the router. You need to add an additional address in the 169.254.0.0/26 ra...
by butche
Sat Jan 09, 2010 11:59 pm
Forum: General
Topic: Mikrotik and OpenVPN
Replies: 2
Views: 1193

Re: Mikrotik and OpenVPN

Are you asking how you can block openvpn? You can block default ports easily, but if they are using different ports, then you can't easily do this. If you are referring to setting speed limits, then you should just use simple queues per customer. Your question doesn't make sense if it is not one of ...
by butche
Sat Jan 09, 2010 11:51 pm
Forum: General
Topic: Routing Private management IP's
Replies: 6
Views: 2540

Re: Routing Private management IP's

IP is IP. You would route the canopy IP space just like you would any other IP space. I don't understand the question apparently, because there is no difference in public/private IP space as far as routing is concerned.
by butche
Sat Jan 09, 2010 11:48 pm
Forum: General
Topic: Question About Load Balancing
Replies: 13
Views: 3316

Re: Question About Load Balancing

I have 4x PPPoE Clients each one on a LAN card, and the 4 PPPoE(s) are from the same provider and having the same gateway. How can i Load Balance between them ?? Search the forums for the PCC thread. Will be there any problems in Browsing , HTTPS , IM (Yahoo! Messenger) ?? PCC will help to alleviat...
by butche
Sat Jan 09, 2010 11:26 pm
Forum: Beginner Basics
Topic: vpn help
Replies: 2
Views: 987

Re: vpn help

Have a vpn running with a cisco pix. The tunnel is up and connected by cannot pass traffic. Not sure what to do on the mikrotik side. The cisco side is pretty cut and dry. I know that is right. I've seen a lot of things about adding firewall rules to the routeros and other things so not sure what I...
by butche
Sat Jan 09, 2010 11:19 pm
Forum: Beginner Basics
Topic: RouterBoard 750, Help needed.
Replies: 3
Views: 1918

Re: RouterBoard 750, Help needed.

You need policy routing. See: http://blog.butchevans.com/2008/09/mikr ... n-example/ for a tutorial.
by butche
Sun Jan 03, 2010 9:47 pm
Forum: General
Topic: Detect Ip conflict with ROS
Replies: 8
Views: 17156

Re: Detect Ip conflict with ROS

feature request!... something like this:

http://ipwatchd.sourceforge.net/
Something like arpwatch would be more useful, IMO.
by butche
Sun Jan 03, 2010 9:46 pm
Forum: General
Topic: Detect Ip conflict with ROS
Replies: 8
Views: 17156

Re: Detect Ip conflict with ROS

Hi! How To Detect and log the mac address of the bad host, which has the same IP with MT ROS. ? Please Help Me, It's urgent. If you have a CURRENT problem, do this: Pick an available IP address in the range that has a suspect/known duplicate Assign the above IP address to the interface on the MT th...
by butche
Sat Jan 02, 2010 7:28 pm
Forum: General
Topic: Motorola VS "Microtik". What's your opinion?
Replies: 11
Views: 3037

Re: Motorola VS "Microtik". What's your opinion?

I agree that the MikroTik is losing focus (or maybe refocusing). Over the past couple of years their focus has been on routing (MPLS, QOS, IPv6, Multicast) while the wireless has stood still, MikroTik is only just starting to get into 11n, while UBNT and other, less popular brands have had working ...
by butche
Sat Jan 02, 2010 7:14 pm
Forum: Beginner Basics
Topic: Turning on interfaces
Replies: 1
Views: 3828

Re: Turning on interfaces

1) If I have the wireless cards disabled but are they actually turned off? I don't want to burn out any components since no antenna is connected. I am fairly certain the cards are turned off when disabled. What's funny is that I can do a frequency scan even tho wlan1 and wlan2 are disabled? Scan is...
by butche
Sat Jan 02, 2010 7:37 am
Forum: General
Topic: Scheduled script to clear proxy cache doesnt work
Replies: 14
Views: 6288

Re: Scheduled script to clear proxy cache doesnt work

I thought there may be another method to do this, but it is not possible. Every option I have tried will run into at least one prompt to confirm an action.
by butche
Sat Jan 02, 2010 7:10 am
Forum: General
Topic: Scheduled script to clear proxy cache doesnt work
Replies: 14
Views: 6288

Re: Scheduled script to clear proxy cache doesnt work

If I run "/system script run ClearCache" in the CLI I need to press "y" (yes) then the scripts REALLY clear the disk and GO to size 0. See: /system script run ClearCache Clear all web proxy cache, yes? [y/N]: y cache will be cleared shortly Questions: This can be the problem? An...
by butche
Sat Jan 02, 2010 3:46 am
Forum: General
Topic: mikrotik policy routing implementation example
Replies: 5
Views: 3609

Re: mikrotik policy routing implementation example

These rules should work. /ip route add gateway=10.4.1.252 routing-mark=adsl1 add gateway=192.168.1.1 routing-mark=adsl2 add gateway=192.168.3.1 routing-mark=adsl3 add gateway=192.168.4.1 routing-mark=adsl4 add gateway=10.4.1.0/24 comment="router Default via adsl1" /ip route rule add dst-ad...
by butche
Sat Jan 02, 2010 3:08 am
Forum: General
Topic: Scheduled script to clear proxy cache doesnt work
Replies: 14
Views: 6288

Re: Scheduled script to clear proxy cache doesnt work

One more thing to try. Run (CLI): /system scheduler set ClearCache policy=ftp,local,password,policy,read,reboot,sensitive,sniff,ssh,telnet,test,web,winbox,write /system script set ClearCache policy=ftp,local,password,policy,read,reboot,sensitive,sniff,ssh,telnet,test,web,winbox,write That gives both...
by butche
Sat Jan 02, 2010 2:58 am
Forum: General
Topic: Scheduled script to clear proxy cache doesnt work
Replies: 14
Views: 6288

Re: Scheduled script to clear proxy cache doesnt work

Please add:
/system script export
Also, try running (from the CLI):
/system script run ClearCache
From your previous post, it seems that it runs when you do that. Is that correct?
by butche
Sat Jan 02, 2010 2:55 am
Forum: General
Topic: Scheduled script to clear proxy cache doesnt work
Replies: 14
Views: 6288

Re: Scheduled script to clear proxy cache doesnt work

Please add:
/system script export
by butche
Fri Jan 01, 2010 10:52 pm
Forum: General
Topic: Bandwidth Controlling
Replies: 1
Views: 749

Re: Bandwidth Controlling

Doing this by mac would be painful. Setting this up by IP would be quite easy. Unless you have a VERY strong compelling reason to use MAC based speed limits, I'd suggest using IP as the classifier.
by butche
Fri Jan 01, 2010 10:49 pm
Forum: General
Topic: add dyndns adress in firewall
Replies: 9
Views: 2252

Re: add dyndns adress in firewall

but now, i need a firewall rule to accept incoming connections from dyndns. i need to accept incoming connections from: sample.dyndns.com to port 4130 on my router but i only can ad ip adresses in firewall (src adsress), not the dyndns name Why not run a script periodically that resolves the IP fro...
by butche
Fri Jan 01, 2010 10:43 pm
Forum: General
Topic: pppoe speed limits doesn't work :(
Replies: 4
Views: 2059

Re: pppoe speed limits doesn't work :(

zelan, "Me, too" posts are rarely useful unless you post details. Please post the details of your configuration. FWIW, I just configured a network in my lab with user manager as the auth server, speed limits of 256k/256k, pppoe server running 3.30 and another at 4.3. It works exactly as it...
by butche
Fri Jan 01, 2010 10:38 pm
Forum: General
Topic: DHCP use Wildcard MAC to select pool?
Replies: 10
Views: 4080

Re: DHCP use Wildcard MAC to select pool?

This is a feature that I've asked for in the past. I'm casting my vote for it here again. :-)
by butche
Fri Jan 01, 2010 10:30 pm
Forum: General
Topic: Scheduled script to clear proxy cache doesnt work
Replies: 14
Views: 6288

Re: Scheduled script to clear proxy cache doesnt work

What version are you running? One thing to check is permissions for the script. Post the output of:
/system scheduler export
You may want to trim that output to just show the specific script
by butche
Fri Jan 01, 2010 10:24 pm
Forum: General
Topic: Can I give a variable to a name of variable?
Replies: 12
Views: 2041

Re: Can I give a variable to a name of variable?

What difference does it make who is on staff? More answers here come from NON staff than staff.
by butche
Fri Jan 01, 2010 8:44 pm
Forum: General
Topic: mikrotik policy routing implementation example
Replies: 5
Views: 3609

Re: mikrotik policy routing implementation example

There are many possible reasons for this. Post the output of:
/ip firewall mangle print
/ip route print detail
/ip route rule print
by butche
Fri Jan 01, 2010 8:11 pm
Forum: Beginner Basics
Topic: Learning Mikrotik...
Replies: 4
Views: 1485

Re: Learning Mikrotik...

As fewi pointed out, the links at the top will take you to the official support options (includes this forum). VERY highly recommended is attendance at a MUM. There are training classes available: http://www.butchevans.com/ for upcoming dates. There is my blog: http://blog.butchevans.com/ There are ...
by butche
Fri Jan 01, 2010 4:57 pm
Forum: Beginner Basics
Topic: Setting up a small WISP
Replies: 13
Views: 7241

Re: Setting up a small WISP

So if you can give a hint on how to go about please do
How to go about what? I provided one link to Mikrotik's wiki regarding use of RADIUS with MT. Perhaps you mean how to set up a radius server for use with Mikrotik? http://lmgtfy.com/?q=mikrotik+radius
by butche
Thu Dec 31, 2009 6:55 pm
Forum: Beginner Basics
Topic: How to block encrypted p2p.
Replies: 26
Views: 13196

Re: How to block encrypted p2p.

What i did to stop p2p completely is to put a firewall(ipcop) between mikrotik and internet. I have installed a addon which i can administrate and controll ports. This "addon" is included in Mikrotik. Not sure why you had to add another device. If you can find a way to allow only needed p...
by butche
Wed Dec 23, 2009 8:43 pm
Forum: General
Topic: Need Help for Bandwidth Management
Replies: 6
Views: 2384

Re: Need Help for Bandwidth Management

I don't know if there is a good example in the wiki regarding bursting, but that is what you are looking for. I don't have any information on my blog, yet, either. I will try to work on something in that regard. Anyone else know of some examples? You may want to search this forum for bursting exampl...
by butche
Wed Dec 23, 2009 8:36 pm
Forum: Beginner Basics
Topic: [solved] NAT on 750 with multiple clients and multiple gw's
Replies: 2
Views: 1092

Re: [solved] NAT on 750 with multiple clients and multiple gw's

For a complete introductory tutorial on policy routing (that's what you did), you can see: http://blog.butchevans.com/2008/09/mikr ... n-example/
by butche
Wed Dec 23, 2009 8:33 pm
Forum: General
Topic: RouterOS 4.4 released
Replies: 40
Views: 10487

Re: RouterOS 4.4 released

Also may want to check system identity. Based on the script, using the system identity can sometimes cause problems if the name contains certain characters. Also, make sure your script permissions are adequate.
by butche
Wed Dec 23, 2009 4:58 am
Forum: General
Topic: Port forward multiple IP's on same interface
Replies: 10
Views: 4524

Re: Port forward multiple IP's on same interface

Ok. Webserver at actual IP of 10.10.10.10. You want it on public IP of 69.69.69.10, you would do: /ip firewall nat add chain=dstnat dst-address=69.69.69.10 protocol=tcp dst-port=80 action=dst-nat to-addresses=10.10.10.10 to-ports=80 (there is no need for src-nat unless you want that, too). When you ...
by butche
Wed Dec 23, 2009 4:29 am
Forum: General
Topic: Port forward multiple IP's on same interface
Replies: 10
Views: 4524

Re: Port forward multiple IP's on same interface

sorry...I'm not sure what I was thinking. It's been a long day. Either way, the syntax all looks correct. Do your rules match when you try to connect to the public IP?
by butche
Wed Dec 23, 2009 3:37 am
Forum: General
Topic: Port forward multiple IP's on same interface
Replies: 10
Views: 4524

Re: Port forward multiple IP's on same interface

I have set up the nat rules. /ip firewall nat add chain=dstnat dst-address=69.69.69.101 protocol=tcp dst-port=80 \ action=dst-nat to-addresses=192.168.2.101 to-ports=80 /ip firewall nat add chain=dstnat dst-address=69.69.69.102 protocol=tcp dst-port=80 \ action=dst-nat to-addresses=192.168.2.102 to...
by butche
Wed Dec 23, 2009 3:32 am
Forum: General
Topic: Mac-telnet for linux
Replies: 20
Views: 9006

Re: Mac-telnet for linux

I know that I would personally LOVE to see a console command that offered mac-telnet from Linux. I have been a strong "defender" of Mikrotik with respect to offering "native" applications in other places, but this particular request isn't one that is easily worked around. I have ...
by butche
Wed Dec 23, 2009 3:06 am
Forum: Beginner Basics
Topic: [ASK] How to separate upload trafic to 1 interface ?
Replies: 9
Views: 2295

Re: [ASK] How to separate upload trafic to 1 interface ?

My suggestion would be to find a consultant that is local to you who is familiar with policy routing and QOS implementations. You can start that search here: http://www.mikrotik.com/consultants.html
by butche
Tue Dec 22, 2009 10:41 pm
Forum: General
Topic: Need Help for Bandwidth Management
Replies: 6
Views: 2384

Re: Need Help for Bandwidth Management

by butche
Tue Dec 22, 2009 10:33 pm
Forum: General
Topic: Winbox For Other OS's
Replies: 82
Views: 26396

Re: Winbox For Other OS's

Cli is not always an option, because in most cases winbox is more simple. That's the opinion not held by everyone, though Anything official that would run on java or native in *nix systems would be good thing. With api we have to adapt software to any new feature that comes with new versions. So i ...
by butche
Tue Dec 22, 2009 7:36 am
Forum: Beginner Basics
Topic: Firewall that blocks all incoming connections
Replies: 4
Views: 4784

Re: Firewall that blocks all incoming connections

I think it's more secure to allow certain things, and then block everything else. On the other hand - you could this way block something that you forgot to allow. This is why there are action=log rules! :-) I agree with Normis, though. Permit specific traffic and drop everything else. Just be sure ...
by butche
Tue Dec 22, 2009 7:25 am
Forum: Beginner Basics
Topic: Quick question and perhaps a dummies wish list addition.
Replies: 2
Views: 1053

Re: Quick question and perhaps a dummies wish list addition.

Could someone explain to me the file types for the different RBs or point to somewhere that does?
winboxtop.png
Just open winbox to the router and look at what version you need.
by butche
Tue Dec 22, 2009 7:19 am
Forum: Beginner Basics
Topic: [ASK] How to separate upload trafic to 1 interface ?
Replies: 9
Views: 2295

Re: [ASK] How to separate upload trafic to 1 interface ?

I should clarify. It is possible to use different paths for your network traffic. It is NOT possible to send traffic that is "upload" our outbound from your network always out one path and all downloads come back in on another path. If you are providing ISP services, this is why it is so b...
by butche
Tue Dec 22, 2009 7:17 am
Forum: Beginner Basics
Topic: [ASK] How to separate upload trafic to 1 interface ?
Replies: 9
Views: 2295

Re: [ASK] How to separate upload trafic to 1 interface ?

It's already possible with Mikrotik. Just not in the way you imagine it can work. DEFAULT traffic out one path, then use policy routing to manually route the REST of the traffic out the other interfaces.
by butche
Mon Dec 21, 2009 6:17 pm
Forum: General
Topic: Firewall and mangle flow questions
Replies: 23
Views: 8769

Re: Firewall and mangle flow questions

Butch, p2p matcher is actually L7 matcher, and I think it have nothing to do with natted addresses... anyway, you cannot detect p2p from the first packet - that's why you cannot redirect p2p to another internet uplink, for example =) It is a layer 7 matcher. The natted address issue exists BECAUSE ...
by butche
Mon Dec 21, 2009 8:54 am
Forum: Beginner Basics
Topic: RouterOS is blocking internet connection sharing
Replies: 5
Views: 3607

Re: RouterOS is blocking internet connection sharing

Just configure the sharing device as a NAT router and it will most likely work. Or talk to the ISP to see what they recommend. They would be familiar with what you have (and what they have) and be in a better position to assist.
by butche
Mon Dec 21, 2009 8:02 am
Forum: Beginner Basics
Topic: mangle...
Replies: 4
Views: 1559

Re: mangle...

by butche
Mon Dec 21, 2009 5:16 am
Forum: Beginner Basics
Topic: RouterOS is blocking internet connection sharing
Replies: 5
Views: 3607

Re: RouterOS is blocking internet connection sharing

maybe I am just missing it, but I don't see where you have the routeros box in this picture.
by butche
Mon Dec 21, 2009 4:41 am
Forum: General
Topic: Firewall rule
Replies: 18
Views: 5042

Re: Firewall rule

hmmm... Butch, have you checked these rules?.. I saw somewhere that rules like "p2p=all-p2p src-address=client_ip" (those who check only one direction of tcp traffic, src-address=xxx) match less p2p traffic than bidirectional rules... if that is true, than the most complete solution will ...
by butche
Mon Dec 21, 2009 1:27 am
Forum: General
Topic: Firewall and mangle flow questions
Replies: 23
Views: 8769

Re: Firewall and mangle flow questions

If you only use the packet-mark (in queue tree) in any case and each new packet get checked anyway (so you don't need to preserve connection-mark across packets), why 'waste' a good connection mark if the following should then also work? (If my understanding is correct): With P2P especially, but wi...
by butche
Sun Dec 20, 2009 8:38 pm
Forum: General
Topic: Firewall and mangle flow questions
Replies: 23
Views: 8769

Re: Firewall and mangle flow questions

1) eg. in postrouting, mangle, if I passthrough=no on a packet, will it still continue to src-nat (next step in postrouting), or jump completely out of whole postrouting process. i.e. jump only out of postrouting mangle, or whole postrouting process? In other words, how can I prevent src-nat except...
by butche
Sun Dec 20, 2009 8:33 pm
Forum: General
Topic: Firewall and mangle flow questions
Replies: 23
Views: 8769

Re: Firewall and mangle flow questions

I've been getting a hang of firewall mangle and filter flow. After years of just copying Mkrotik wikis, I'm forced to learn to write my own rules. After reading manuals and wikis as good as I could, I still have a few unanswered questions: First let me say that I GREATLY appreciate the way this que...
by butche
Sun Dec 20, 2009 5:28 pm
Forum: General
Topic: Firewall and mangle flow questions
Replies: 23
Views: 8769

Re: Firewall and mangle flow questions

Some very good questions. I will be in a place to answer some of these this afternoon. I am posting this message so that I have a "placemarker" to come back and find your post.
by butche
Sun Dec 20, 2009 5:23 pm
Forum: General
Topic: Firewall rule
Replies: 18
Views: 5042

Re: Firewall rule

The following doesn't make sense, since the source & destination address would never be the same, unless you want to connect to yourself which would be silly: /ip firewall filter add chain=forward p2p=all-p2p src-address=!client_ip dst-address=!client_ip action=drop This is the reason I don't u...
by butche
Sun Dec 20, 2009 8:18 am
Forum: General
Topic: Stats needed
Replies: 4
Views: 1174

Re: Stats needed

You could use the "random" matcher with a log action if you want a longer term approach with less traffic. You can simply parse the generated logs to create reports. The "best" solution is to use Chapuka's suggestion of Netflow data.
by butche
Sun Dec 20, 2009 8:13 am
Forum: General
Topic: Example of QOS from wiki
Replies: 1
Views: 1057

Re: Example of QOS from wiki

Did you customize the rules and address lists?
by butche
Sun Dec 20, 2009 5:55 am
Forum: General
Topic: OSPF Redis Default Route prob
Replies: 7
Views: 1967

Re: OSPF Redis Default Route prob

I have a multi-path (all MT) network using OSPF routing and I'm trying to get the Redistribute Default Route function to work properly when set to "if installed". Everything works fine if I set it to "always (as type 1)", but not when I change it to "if installed (type 1)&q...
by butche
Sun Dec 20, 2009 5:52 am
Forum: General
Topic: Firewall rule
Replies: 18
Views: 5042

Re: Firewall rule

src-address=!client_ip dst-address=!client_ip You can do it that way, but when someone asks the type of simple question that was asked, it is very likely that they will not understand that answer. A simpler approach would be: /ip firewall filter add chain=forward p2p=all-p2p src-address=client_ip a...
by butche
Sun Dec 20, 2009 5:30 am
Forum: General
Topic: PPPOE and simple queue not playing nice.
Replies: 5
Views: 2345

Re: PPPOE and simple queue not playing nice.

From the manual here: http://wiki.mikrotik.com/wiki/Queue#Simple_Queues If neither value of target-addresses nor of interface is specified, the queue will not be able to make difference between upload and download, and will limit all traffic twice. You are setting a dst-address value when that SHOUL...
by butche
Sun Dec 13, 2009 4:15 am
Forum: Beginner Basics
Topic: Identify Virus Ip Location help !!
Replies: 6
Views: 1775

Re: Identify Virus Ip Location help !!

First, if you are not already dropping traffic to/from the netbios ports, you should do that. /ip firewall filter add chain=forward protocol=udp port=445,135-139 action=drop add chain=forward protocol=tcp port=445,135-139 action=drop If it is some virus that does not spread using netbios, then you s...
by butche
Fri Dec 11, 2009 10:42 am
Forum: General
Topic: Mikrotik PPTP and xp/vista shares
Replies: 3
Views: 2287

Re: Mikrotik PPTP and xp/vista shares

I setup an RB750 as a gateway router with a firewall/nat/pptp server per the wiki articles. I don't mean to be rude, but you installed something from a wiki without understanding it at all? I type in windows explorer \\192.168.1.200 (NAS) and windows reports that it cannot contact the device. Let's...
by butche
Fri Dec 11, 2009 10:17 am
Forum: Beginner Basics
Topic: Setting up a small WISP
Replies: 13
Views: 7241

Re: Setting up a small WISP

http://wiki.mikrotik.com/wiki/RADIUS_Client There's a brief list. Most experts (and even most not-so-expert) do prefer that those asking questions at least be willing to TRY to learn on their own.
by butche
Fri Dec 11, 2009 10:01 am
Forum: Beginner Basics
Topic: [PPPoE Server] How to provide a different IP on each connect
Replies: 6
Views: 3750

Re: [PPPoE Server] How to provide a different IP on each connect

If it's that important to you, why don't you set up a radius server. FreeRadius allows for a pool management script. You can allow freeradius to manage the pool and alter the script to ensure it gives a different IP to a user. I don't see why something so simple as giving the same IP would cause you...
by butche
Fri Dec 11, 2009 8:03 am
Forum: Beginner Basics
Topic: How to block encrypted p2p.
Replies: 26
Views: 13196

Re: How to block encrypted p2p.

I have been working for a very long time on a QOS implementation that has been seeing GREAT results. This implementation is not free, but is ANYTHING that is worthwhile free? See a description here: http://blog.butchevans.com/2009/11/140/ For what it's worth, my approach does not block this traffic....
by butche
Fri Dec 11, 2009 6:03 am
Forum: General
Topic: I have issue in nstream dual ????
Replies: 5
Views: 1628

Re: I have issue in nstream dual ????

What version of RouterOS are you running? Several users have reported problems with 4.x and nstreme. If you are running nstreme with version 4.x and are having trouble, do the following: 1. Create a supout.rif 2. Download that supout.rif to your computer 3. Downgrade to 3.30 4. Test the link again 5...
by butche
Tue Dec 08, 2009 12:14 am
Forum: General
Topic: Help! NAT with dynamic IP...
Replies: 19
Views: 3603

Re: Help! NAT with dynamic IP...

If we assume that the DHCP server on the ether1 side of this router will provide DHCP services correctly AND that it provides a DNS server to your router, then this configuration looks like it should work. Your DHCP client (on your laptop or whatever) should be getting a dhcp assigned dns server add...
by butche
Mon Dec 07, 2009 11:22 pm
Forum: Beginner Basics
Topic: routerboard AP + NanoStation clients - PPPoE...?
Replies: 8
Views: 4227

Re: routerboard AP + NanoStation clients - PPPoE...?

There are several methods. You could route a /30 to them (even over their pppoe). You can set up a small subnet and not do pppoe for that client. You can do WDS station for that client. There are MANY ways to handle that scenario.
by butche
Mon Dec 07, 2009 7:04 am
Forum: General
Topic: Prioritizing Traffic with Unknown Link Capacity
Replies: 20
Views: 5483

Re: Prioritizing Traffic with Unknown Link Capacity

Yes, downstream would be the name of an interface. If you have 10M download capability, then downstream would be the side facing the computers. If this is a bridge interface, then we have to adjust the rules and mangles.
by butche
Mon Dec 07, 2009 3:53 am
Forum: General
Topic: More infos on "/ip firewall service-port" and NAT helpers
Replies: 5
Views: 1643

Re: More infos on "/ip firewall service-port" and NAT helpers

You can very likely find the source code for these helper apps by looking at the iptables sources. MT is a linux kernel and the firewall is based on iptables.
by butche
Mon Dec 07, 2009 1:18 am
Forum: General
Topic: Prioritizing Traffic with Unknown Link Capacity
Replies: 20
Views: 5483

Re: Prioritizing Traffic with Unknown Link Capacity

CRAP! I just saw my error. I have the parents wrong (which is why it isn't working for you). Try THIS one. /queue tree add name=Total parent=downstream max-limit=10M add name=download_A limit-at=5M max-limit=10M parent=Total priority=1 packet-mark=comp1 add name=download_B limit-at=2M max-limit=10M ...
by butche
Mon Dec 07, 2009 1:13 am
Forum: General
Topic: Prioritizing Traffic with Unknown Link Capacity
Replies: 20
Views: 5483

Re: Prioritizing Traffic with Unknown Link Capacity

Needed - maybe not. At least the parent needs to know the total available bandwidth. I just did a test on 3.30 with this exact configuration and it works just right. I don't know what part is not working in your config, or which version you are using, but I do not experience a "broken" lim...
by butche
Mon Dec 07, 2009 12:38 am
Forum: General
Topic: this problem after installing Mikrotik
Replies: 1
Views: 748

Re: this problem after installing Mikrotik

Oh, yeah, we see that problem after every Mikrotik install. :? Please post some detail on how you installed Mikrotik if you need assistance. There is no possible way to determine what the problem is based on just a picture. Start with at least a description of the network as well as the output of th...
by butche
Mon Dec 07, 2009 12:35 am
Forum: General
Topic: BGP Configuration in Mikrotik-X86
Replies: 5
Views: 1535

Re: BGP Configuration in Mikrotik-X86

Also want to know whether " Loopback - IP " & " Route Maps " Configuration is possible in Mikrotik ie the terminology as I am aware of Cisco and Juniper. Loopback IP is configured by creating a null bridge and adding an IP to it. Route Maps are simply policies applied to inc...
by butche
Mon Dec 07, 2009 12:32 am
Forum: General
Topic: Help! NAT with dynamic IP...
Replies: 19
Views: 3603

Re: Help! NAT with dynamic IP...

Post the output of:
/ip firewall nat print
/ip dhcp-client print
/ip dhcp-server export
/ip pool print
/ip address print
/ip route print
/system routerboard print
That will be enough information to answer your questions
by butche
Mon Dec 07, 2009 12:27 am
Forum: General
Topic: More infos on "/ip firewall service-port" and NAT helpers
Replies: 5
Views: 1643

Re: More infos on "/ip firewall service-port" and NAT helpers

I'm not Mikrotik staff, but what, specifically, are you looking for?
by butche
Sun Dec 06, 2009 9:44 pm
Forum: Beginner Basics
Topic: Routing something/32
Replies: 2
Views: 1476

Re: Routing something/32

On linux i used this: ip addr add 10.0.0.50/32 dev eth0 ip link set eth0 up ip route add 10.0.0.1/32 dev eth0 ip route add default via 10.0.0.1 I can't believe this could possibly work. If it did, then there is a lot of "understanding" given in the linux system you are using. The fact is ...
by butche
Sun Dec 06, 2009 9:36 pm
Forum: Beginner Basics
Topic: Remove Mikrotik word from ERROR: Gateway Timeout
Replies: 28
Views: 10835

Re: Remove Mikrotik word from ERROR: Gateway Timeout

Obviously, we have a different understanding of "Quality of Software". RoS is a software product, with documented functionaliyt. At least, supposed to be. Not a "secret" to be explored. Not a "secret" to be known only by "adepts". You are missing my point. I ...
by butche
Sun Dec 06, 2009 5:25 pm
Forum: Beginner Basics
Topic: Setting Burstable Speed
Replies: 5
Views: 1686

Re: Setting Burstable Speed

Yep. I kept in the format I did because that is more clear. Just to follow the way his quote from the documentation was formatted.
by butche
Sun Dec 06, 2009 5:19 pm
Forum: Beginner Basics
Topic: routerboard AP + NanoStation clients - PPPoE...?
Replies: 8
Views: 4227

Re: routerboard AP + NanoStation clients - PPPoE...?

As I've never used WDS before - I thought WDS will only be big issue when connecting APs... Is it really an issue for one AP in WDS mode and 20 WDS-stations (WDS APs would be RB450G routing between these APs and the rest of the network)...? Not sure it's a "big issue", but you will have a...
by butche
Sun Dec 06, 2009 5:13 pm
Forum: Beginner Basics
Topic: mangle rule
Replies: 23
Views: 4999

Re: mangle rule

You can point customers to the mikrotik for DNS. Then add dns to the mt with:
/ip dns set primary-dns=x.x.x.x secondary-dns=y.y.y.y allow-remote-requests=yes
by butche
Sun Dec 06, 2009 5:10 pm
Forum: General
Topic: Prioritizing Traffic with Unknown Link Capacity
Replies: 20
Views: 5483

Re: Prioritizing Traffic with Unknown Link Capacity

This is a difficult task. The way to do this, would be to set limit-at values. [...] I tried "limit-at" in 3.30 but it seems to do nothing at all. Any ideas if it works in older or newer versions? As for the "max-limit" settings in your queue, what is the point? Am I not going t...
by butche
Sun Dec 06, 2009 10:00 am
Forum: Beginner Basics
Topic: Setting Burstable Speed
Replies: 5
Views: 1686

Re: Setting Burstable Speed

I'm trying to set a speed of 768k/768k and a burst speed of 1MB/1MB for 5 seconds. Can someone tell me how to enter this properly?
768k/768k 1M/1M 760k/760k 10/10
that should do it.
by butche
Sun Dec 06, 2009 6:58 am
Forum: General
Topic: Prioritizing Traffic with Unknown Link Capacity
Replies: 20
Views: 5483

Re: Prioritizing Traffic with Unknown Link Capacity

Not many choices here. The queue structure I showed is really the best approach and it will work for what you want. I only presented the option of the speedtest since we were playing with scripting. :-)
by butche
Sun Dec 06, 2009 4:41 am
Forum: Beginner Basics
Topic: routerboard AP + NanoStation clients - PPPoE...?
Replies: 8
Views: 4227

Re: routerboard AP + NanoStation clients - PPPoE...?

I'd like to use Nanostatio5 as clients (CPE) but I'd like customer PC to use PPPoE (so Nanostations would just become simple bridge). As far as I know Nanostation does not support station-pseudobridge mode (just station or station WDS) so it won't forward PPPoE packets in station mode. ANY 802.11 c...
by butche
Sun Dec 06, 2009 4:30 am
Forum: Beginner Basics
Topic: Remove Mikrotik word from ERROR: Gateway Timeout
Replies: 28
Views: 10835

Re: Remove Mikrotik word from ERROR: Gateway Timeout

@namo: According to your logic, MT can also omit to create/fill up the complete /hotspot folder during the installation. And in case, some users complain, that their hotspots do not work, then everybody has to browse this forum to find the solution: /IP hotspot reset-html You were joking, weren't y...
by butche
Sun Dec 06, 2009 4:20 am
Forum: General
Topic: GPS recommendation
Replies: 4
Views: 1309

Re: GPS recommendation

Well, maybe I asked the wrong question.
Does Mikrotik support GPS timing when configured as an AP?

If I have multiple AP's on a single tower, will this help reduce interference between them?
Nope...you asked the right question. This is the question I was answering. :-(
by butche
Sun Dec 06, 2009 1:34 am
Forum: Beginner Basics
Topic: Routing marks, overriding default route
Replies: 8
Views: 8456

Re: Routing marks, overriding default route

Glad I could be of assistance. Please let me know if there are other things you may need. My contact info is below.
by butche
Sun Dec 06, 2009 1:20 am
Forum: General
Topic: Prioritizing Traffic with Unknown Link Capacity
Replies: 20
Views: 5483

Re: Prioritizing Traffic with Unknown Link Capacity

You could use some variation on: :local "tx-total-average"; :local speed 0; /tool bandwidth-test address=192.168.5.1 user=admin password=**** protocol=tcp duration=4s direction=both do={ :set speed $"tx-total-average"; :if ($"speed" < 9000000 ) do={ /queue tree set [fin...
by butche
Sun Dec 06, 2009 12:47 am
Forum: General
Topic: Prioritizing Traffic with Unknown Link Capacity
Replies: 20
Views: 5483

Re: Prioritizing Traffic with Unknown Link Capacity

While I agree that the latency test may be a usable approach, it is not, by itself, a good test. This test would fail, for example, if the link was at full 10M capacity and utilization was at that rate as well.
by butche
Sat Dec 05, 2009 11:28 pm
Forum: General
Topic: Prioritizing Traffic with Unknown Link Capacity
Replies: 20
Views: 5483

Re: Prioritizing Traffic with Unknown Link Capacity

This is a difficult task. The way to do this, would be to set limit-at values. This is something that I address directly in my training on QOS (coming up this week - http:///www.butchevans.com/ for details). You could do queue trees something like: /queue tree add name=Total parent=downstream max-li...
by butche
Sat Dec 05, 2009 10:06 pm
Forum: General
Topic: Loop-Back IP Configuration in Mikrotik
Replies: 4
Views: 10825

Re: Loop-Back IP Configuration in Mikrotik

Yes. I do this all the time. /interface bridge add name=Loopback1 /ip address add interface=Loopback1 address=10.10.10.10/32 That gets you the loopback IP. Then, you can set the update-source property for a peer to be your 10.10.10.10 address. Of course, you can use a larger network than a /32, but ...
by butche
Sat Dec 05, 2009 11:34 am
Forum: Beginner Basics
Topic: mangle rule
Replies: 23
Views: 4999

Re: mangle rule

If I want to work with the same way you disscused in your page
http://blog.butchevans.com/2008/09/mikr ... n-example/
what I need else
Turn off web proxy and the nat rules that redirect traffic to the web proxy.
by butche
Sat Dec 05, 2009 10:18 am
Forum: Beginner Basics
Topic: mangle rule
Replies: 23
Views: 4999

Re: mangle rule

This configuration is not designed to work with web proxy. I overlooked that in your config. You can use the new PCC option for the mangle section, which is discussed in great detail here: http://forum.mikrotik.com/viewtopic.php?f=2&t=31415 In order to load balance with web proxy, you have to ma...
by butche
Sat Dec 05, 2009 7:55 am
Forum: Beginner Basics
Topic: What is a good training topic?
Replies: 2
Views: 996

Re: What is a good training topic?

Thank you very much for your feedback. It just so happens, that I am teaching a QOS course next week!
by butche
Sat Dec 05, 2009 7:51 am
Forum: Beginner Basics
Topic: mangle rule
Replies: 23
Views: 4999

Re: mangle rule

Did you even look to see if the Mikrotik documentation would help you with this? I have given you a COMPLETE script to load balance. I don't mean to be short with you here, but don't you agree that it would be better if you UNDERSTOOD your own network? /ip firewall nat add chain=srcnat out-interface...
by butche
Sat Dec 05, 2009 1:04 am
Forum: Beginner Basics
Topic: Routing marks, overriding default route
Replies: 8
Views: 8456

Re: Routing marks, overriding default route

Yes actually, the route label goes blue and both the routes (Default route and Test route as they are the same pppoe) are marked unreachable. This is because it is no longer a reachable route, since the interface is down. :-) Do you mean that as far as the route is unreachable the routing mark does...
by butche
Sat Dec 05, 2009 12:01 am
Forum: Beginner Basics
Topic: Routing marks, overriding default route
Replies: 8
Views: 8456

Re: Routing marks, overriding default route

Wait! If pppoe-out1 is disabled (or goes down), then the route you put there that uses that interface goes invalid (it'll turn blue). You can do something like this: /ip route add gateway=BOGUS.IP.ADDRESS dst-address=209.131.36.159 distance=100 The "BOGUS.IP.ADDRESS" does not have to exist...
by butche
Fri Dec 04, 2009 10:11 pm
Forum: Beginner Basics
Topic: Routing marks, overriding default route
Replies: 8
Views: 8456

Re: Routing marks, overriding default route

Set passthrough=no on the mangle rule
by butche
Fri Dec 04, 2009 10:09 pm
Forum: Beginner Basics
Topic: mangle rule
Replies: 23
Views: 4999

Re: mangle rule

/ip firewall nat add action=masquerade chain=srcnat comment="" disabled=no out-interface=\ !ISPONE add action=redirect chain=dstnat comment="" disabled=no dst-port=80 \ in-interface=Internal protocol=tcp to-ports=8080 add action=redirect chain=dstnat comment="" disable...
by butche
Fri Dec 04, 2009 10:07 pm
Forum: Beginner Basics
Topic: mangle rule
Replies: 23
Views: 4999

Re: mangle rule

This looks like your NAT rules are not correct.
by butche
Thu Dec 03, 2009 5:23 pm
Forum: General
Topic: serial consol
Replies: 1
Views: 738

Re: serial consol

I have not played a lot with the gps features. I believe, however, that you can log data coming from a serial GPS unit. If you CAN, indeed, log that data, it is fairly trivial to turn logging of the gps data on and off depending upon whether the wireless card is connected or not. This would be a &qu...
by butche
Thu Dec 03, 2009 2:41 pm
Forum: General
Topic: HUGE PROBLEM extensive data loss 3,30->4,2
Replies: 24
Views: 7159

Re: HUGE PROBLEM extensive data loss 3,30->4,2

Additional INFO : The problem only occurs in BRIDGE MODE on witeless, when the interface is in station or station wds mode the problem not occurs.. This is not what I see. Any nstreme with 4.1 or 4.2 (and, it seems 4.3, though I haven't tested it as completely) suffers DRAMATICALLY when compared to...
by butche
Thu Dec 03, 2009 12:09 pm
Forum: General
Topic: MERGE 3 DSL
Replies: 5
Views: 1489

Re: MERGE 3 DSL

You can find an example and explanation of policy routing on my blog here: http://blog.butchevans.com/ (do a search for "policy routing")
by butche
Thu Dec 03, 2009 11:35 am
Forum: General
Topic: Why I can't log on winbox after reinstalled the windows OS?
Replies: 7
Views: 4481

Re: Why I can't log on winbox after reinstalled the windows OS?

See my earlier post. I described it. :-)
by butche
Thu Dec 03, 2009 11:29 am
Forum: Beginner Basics
Topic: What is a good training topic?
Replies: 2
Views: 996

What is a good training topic?

Many of you know me, but some do not. I have been training people how to use Mikrotik's RouterOS since before Mikrotik had it's first training class (at least in the US) back in 2004. In those early days, we could not hold enough classes to satisfy the needs of the user base. We were turning people ...
by butche
Thu Dec 03, 2009 11:11 am
Forum: General
Topic: Why I can't log on winbox after reinstalled the windows OS?
Replies: 7
Views: 4481

Re: Why I can't log on winbox after reinstalled the windows OS?

1. Open winbox loader (the screen you show in your first post). 2. Click the button with 3 dots just to the right of "connect to" 3. If you see the router you want to connect to, do one of 2 things: a. Click the IP address if it shows an actual IP and NOT 0.0.0.0 b. Click the MAC address 4...
by butche
Thu Dec 03, 2009 11:07 am
Forum: General
Topic: Why I can't log on winbox after reinstalled the windows OS?
Replies: 7
Views: 4481

Re: Why I can't log on winbox after reinstalled the windows OS?

OR, click the MAC address instead of the IP address in the list.
by butche
Thu Dec 03, 2009 5:39 am
Forum: General
Topic: http/banking
Replies: 1
Views: 771

Re: http/banking

http://blog.butchevans.com/2008/09/mikr ... n-example/ will explain how to do what you are wanting.
by butche
Thu Dec 03, 2009 5:36 am
Forum: Virtualization
Topic: Please, I need your help. Metarouter looses its config
Replies: 7
Views: 3503

Re: Please, I need your help. Metarouter looses its config

Nstreme doesnt work.
So far thats the only problem Ive found with it.
Doesn't work, or works poorly as in earlier 4.x? I have found that nstreme works pretty well with 3.30 and wireless-test, but for some reason, 4.x gives really poor performance.
by butche
Thu Dec 03, 2009 5:23 am
Forum: General
Topic: GPS recommendation
Replies: 4
Views: 1309

Re: GPS recommendation

Mikrotik does not have support for GPS Sync.
by butche
Thu Dec 03, 2009 3:51 am
Forum: General
Topic: Wish: RB1000 more ports, SFP-Ports
Replies: 24
Views: 5819

Re: Wish: RB1000 more ports, SFP-Ports

I mentioned PowerRouter @ http://www.mikrotikrouter.com Check them out. They are NOT official Mikrotik boards, but have all your needs covered. If you wish to purchase that hardware, why pay that price? http://store.wispgear.net/Complete-Systems-Mikrotik/c30_36/p218/MikroCore-7,-Dual-Core-2.2-GHz,-...
by butche
Wed Dec 02, 2009 11:36 am
Forum: Beginner Basics
Topic: Need a Network architecture plan
Replies: 7
Views: 1494

Re: Need a Network architecture plan

@Butche,Tanx U got me write.Further suggestion welcome. Best suggestion is: http://www.mikrotik.com/consultants.html and pay for good help. It sounds like you need real assistance and not just rely on forum for free support. The forum is not designed to enable complete network engineering, but for ...
by butche
Wed Dec 02, 2009 11:21 am
Forum: General
Topic: Winbox For Other OS's
Replies: 82
Views: 26396

Re: Winbox For Other OS's

What are you opinions on a complete Web-GUI? As I mentioned, it looks like Mikrotik's already using AJAX in most of their web gui's already. My opinion? I think everyone should use CLI as I do for most things. :-) In all seriousness, I am a professional networker. In order to do my job, I need cert...
by butche
Wed Dec 02, 2009 10:57 am
Forum: Beginner Basics
Topic: Basic router setup guide/tutorial ?
Replies: 97
Views: 42735

Re: Basic router setup guide/tutorial ?

hy. I have a rb750 want to separate via vlans network, can someone help me ?
Please start another thread. This question is not the same subject. thank you
by butche
Wed Dec 02, 2009 9:31 am
Forum: Beginner Basics
Topic: Need a Network architecture plan
Replies: 7
Views: 1494

Re: Need a Network architecture plan

I was thinking of breaking the network into subnets,But I want to ask is it feasible using MikroTik RoS(with Level 4 lic) on x86 sytem and still be able to share files and other resources.if yes How do I go about it. Is it feasible to configure RouterOS as a router? Yes it is. I don't think it is l...
by butche
Wed Dec 02, 2009 9:25 am
Forum: Beginner Basics
Topic: basic pptp setup help guide?
Replies: 3
Views: 1328

Re: basic pptp setup help guide?

The first half of this article shows (and explains) setting up a pptp tunnel between 2 Mikrotik RouterOS boxes:
http://blog.butchevans.com/2008/09/mikr ... pptp_eoip/
by butche
Wed Dec 02, 2009 9:18 am
Forum: Beginner Basics
Topic: Adding vlan tags
Replies: 4
Views: 1705

Re: Adding vlan tags

I must be missing something. Just to test I want to add vlan tag 34 to anything coming in port 2 that is not tagged and and treat port1 like a trunk port.What am I missing? How do I add vlan tags to packets? ether1 = trunk for vlan34 ether2 = traffic untagged leaving there, but "connected"...
by butche
Wed Dec 02, 2009 8:58 am
Forum: General
Topic: Winbox For Other OS's
Replies: 82
Views: 26396

Re: Winbox For Other OS's

bottom of this page has screenshots :) http://www.mikrotik.com/documentation/manual_2.4/Basic/Basic_Setup_Guide.html LOL...PLEASE DON'T GO BACK. :-) For MOST people, the winbox under wine is fine. The only thing that is difficult to deal with is the lack of support for drag/drop. For me, that doesn...
by butche
Mon Nov 23, 2009 1:30 am
Forum: RouterBOARD hardware
Topic: Can I unlock a Crossroads locked to a regulatory domain?
Replies: 10
Views: 3247

Re: Can I unlock a Crossroads locked to a regulatory domain?

Is there any other way to do it without a serial connection?deckard
Netinstall? No. The instructions are pretty clearly given for netinstall on the website/wiki
by butche
Thu Nov 12, 2009 6:55 am
Forum: General
Topic: Sample Hotspot Page - Sticky Please
Replies: 369
Views: 358002

Re: Sample Hotspot Page - Sticky Please

pls can some help me on how to edit my login page? Transfer the login.html page from routeros box, open it in vi (or notepad or whatever Windows has for text editing), and you change the html. It is quite simple, really. There are a FEW things that are good to leave alone, but for the most part, it...
by butche
Sat Sep 27, 2008 9:57 pm
Forum: The User Manager
Topic: i hacked my friend wisp - he use user manager 3.13
Replies: 8
Views: 10082

Re: i hacked my friend wisp - he use user manager 3.13

my friend have wisp using mikrotik user manager 3.13 and he asked me to try to hack the wisp frist i open netcut and take one cilent data -ip address and mac address and change my ip and mac to the same this client first i write the ip address manauly and then change the mac when i do that i haked ...
by butche
Fri Sep 12, 2008 11:11 pm
Forum: General
Topic: bonding performance issues
Replies: 16
Views: 7360

Re: bonding performance issues

Another approach that works a little better (just a little, mind you) is to do the round robin routing manually. I've done this and it works very well. I won't write the whole script for you, but here is the approach: | | -> link1 <- | | LAN -> | MT1 | | MT2 | <- Other LAN | | -> link2 <- | | Forgiv...
by butche
Fri Sep 12, 2008 10:41 pm
Forum: General
Topic: I need a solution with ARP and sniffer attacks
Replies: 4
Views: 1501

Re: I need a solution with ARP and sniffer attacks

"solution with attacks"? =) p.s. use static ARP entries Yes, of course. But, the usefulness of this depends on the network architecture and devices. Not all devices are capable of static ARP entries. Therefore, I mentioned the need to control communications between devices on the network....
by butche
Fri Sep 12, 2008 7:30 am
Forum: General
Topic: I need a solution with ARP and sniffer attacks
Replies: 4
Views: 1501

Re: I need a solution with ARP and sniffer attacks

I need a solution with ARP and sniffer attacks from the local users !!! :shock: What does this mean? You need to explain what, exactly, you are trying to protect from. You can't stop someone from sniffing the network. ARP poisoning is difficult to fix, unless you limit communications between the us...
by butche
Tue Sep 09, 2008 7:24 pm
Forum: General
Topic: Help Needed: Multiple WAN but 1 gateway
Replies: 12
Views: 2613

Re: Help Needed: Multiple WAN but 1 gateway

I'm confused :? are you? :D
Don't be confused....read and understand. ;-)
http://blog.butchevans.com/2008/07/mikr ... ng-option/
by butche
Tue Sep 09, 2008 7:17 pm
Forum: General
Topic: MicroTik RouterOS 3.13 SNMP write vulnirability
Replies: 37
Views: 14956

Re: MicroTik RouterOS 3.13 SNMP write vulnirability

so SNMP-write IS SUPPORTED, but not yet added to manual (as you know, v3 manual is not ready) Normis, What other MIBs are writable? This can be a critical vulnerability if it's not documented anywhere. Is that the only place we can SNMP-write? This DOES affect (potentially) more than just the sytem...
by butche
Tue Sep 09, 2008 6:20 am
Forum: Beginner Basics
Topic: Can i Setting 2 hotspot on 1 RouterOS
Replies: 5
Views: 2257

Re: Can i Setting 2 hotspot on 1 RouterOS

i`m sorry can u explain about The only limit is 1 per interface. Sure, but not sure how else to say it. so if i have 5 LANCARDs ... and use 3 of them as hotspot , can i do this ? Sure...that's not more than 1 hotspot per interface, so yes, it'll work so if 1 lancard support up to 200 clients ( my r...
by butche
Mon Sep 08, 2008 9:24 pm
Forum: General
Topic: Forwarding Ports
Replies: 9
Views: 2137

Re: Forwarding Ports

That configuration is correct. If it's still not working, then upgrade to the latest MT version. If it doesn't work after that, then submit a supout.rif to support@mikrotik.com
by butche
Mon Sep 08, 2008 9:22 pm
Forum: General
Topic: Help Needed: Multiple WAN but 1 gateway
Replies: 12
Views: 2613

Re: Help Needed: Multiple WAN but 1 gateway

MODEM 1 LAN IP 192.168.1.1 ----> ROUTER 192.168.1.2 LAN
MODEM 2 LAN IP 192.168.2.1 ----> ROUTER 192.168.2.2 LAN
MODEM 3 LAN IP 192.168.3.1 ----> ROUTER 192.168.3.2 LAN
MODEM 4 LAN IP 192.168.4.1 ----> ROUTER 192.168.4.2 LAN


Is that correct?
That would work.
by butche
Mon Sep 08, 2008 7:32 pm
Forum: General
Topic: Forwarding Ports
Replies: 9
Views: 2137

Re: Forwarding Ports

add action=dst-nat chain=dstnat comment="" disabled=no dst-port=5631-5632 \ protocol=tcp to-addresses=192.168.1.190 to-ports=5631-5632 add action=dst-nat chain=dstnat comment="" disabled=no dst-port=5631-5632 \ protocol=udp to-addresses=192.168.1.190 to-ports=5631-5632 I only te...
by butche
Mon Sep 08, 2008 6:44 pm
Forum: General
Topic: MicroTik RouterOS 3.13 SNMP write vulnirability
Replies: 37
Views: 14956

Re: MicroTik RouterOS 3.13 SNMP write vulnirability

Thanks, Sam. I was not able to view the rapidshare link. :-(
by butche
Mon Sep 08, 2008 6:30 pm
Forum: General
Topic: Help Needed: Multiple WAN but 1 gateway
Replies: 12
Views: 2613

Re: Help Needed: Multiple WAN but 1 gateway

It is not possible to have the same network address on more than one interface. You must change the LAN side of the modems to provide unique address ranges to your 4 ethernet ports.
by butche
Mon Sep 08, 2008 6:10 pm
Forum: General
Topic: Forwarding Ports
Replies: 9
Views: 2137

Re: Forwarding Ports

The only thing I did not have is the in-interface, but that also did not make a difference. Any other ideas? Some ideas: 1. Post your configs as they are now. (just "/ip firewall nat export" will do) 2. Ensure you can ping from the router that does the NAT to the private device you are fo...
by butche
Mon Sep 08, 2008 5:43 pm
Forum: General
Topic: OpenVPN and certificates
Replies: 6
Views: 3235

Re: OpenVPN and certificates

ARGH!! I had done this, but mistyped the address for the ntp server on one router (the server). I didn't notice that the time was off by about 18 years until I saw your post. This is now working, but there is no debug information that will confirm that it is actually using the CA certs for auth (pre...
by butche
Mon Sep 08, 2008 4:59 am
Forum: General
Topic: How to nat local dynamic IP addresses
Replies: 10
Views: 2572

Re: How to nat local dynamic IP addresses

You have to create the bridge named "loopbackiface" first.
by butche
Mon Sep 08, 2008 4:58 am
Forum: Beginner Basics
Topic: Can i Setting 2 hotspot on 1 RouterOS
Replies: 5
Views: 2257

Re: Can i Setting 2 hotspot on 1 RouterOS

1 profile per hotspot, 1 hotspot per interface. As many hotspots (with or without unique profiles) as you want per router. The only limit is 1 per interface.
by butche
Mon Sep 08, 2008 4:56 am
Forum: Beginner Basics
Topic: How to make load balancing with 1 ISP = 2 PPPOE
Replies: 1
Views: 1136

Re: How to make load balancing with 1 ISP = 2 PPPOE

There's 2 or 3 good examples here: http://wiki.mikrotik.com/wiki/Routing

wiki, documentation, search forums, forum question

Above is the order you should use to find answers regarding mikrotik. You can add support@mikrotik.com or a consultant anywhere in the above search order and be ok.
by butche
Sun Sep 07, 2008 9:12 pm
Forum: Beginner Basics
Topic: How can i create Network on TelePhone Line Like DSL
Replies: 2
Views: 1301

Re: How can i create Network on TelePhone Line Like DSL

If you are looking to build a DSL network over actual telephone lines, then you will need a DSLAM. If you just want to build a point to point network over a copper pair (called "dry loop") from the telco, then something like this:
http://www.dlink.com/products/?pid=562
by butche
Sun Sep 07, 2008 12:41 am
Forum: General
Topic: explain how to test QOS
Replies: 2
Views: 1703

Re: explain how to test QOS

by butche
Sat Sep 06, 2008 9:23 pm
Forum: General
Topic: Forwarding Ports
Replies: 9
Views: 2137

Re: Forwarding Ports

The rules have not changed between 2.9.x and 3.x for nat. There are some additional options, but nothing else has changed. For example, to forward port 80 on the public interface to port 80 on 192.168.1.1, you'd use: /ip firewall nat add chain=dstnat in-interface=PUBLIC protocol=tcp dst-port=80 acti...
by butche
Sat Sep 06, 2008 8:24 pm
Forum: General
Topic: MicroTik RouterOS 3.13 SNMP write vulnirability
Replies: 37
Views: 14956

Re: MicroTik RouterOS 3.13 SNMP write vulnirability

Don't worry. This exploit is not malicious or harmful, just proof of concept code. This is feauture, not a bug in the clear way=) This is really the kicker, huh? :) BTW you can specify hardguessing snmp community and filter requests with L7 filter: /ip firewall layer7-protocol add comment="snm...
by butche
Sat Sep 06, 2008 8:20 pm
Forum: General
Topic: MicroTik RouterOS 3.13 SNMP write vulnirability
Replies: 37
Views: 14956

Re: MicroTik RouterOS 3.13 SNMP write vulnirability

First thing to do here is set reasonable community strings. Use of "public" or a dictionary word as a community string is akin to leaving your door unlocked when you go on vacation. That's the "best" advice. The next thing is to control access to UDP/161 at the border. Just two r...
by butche
Sat Sep 06, 2008 8:04 pm
Forum: General
Topic: Migrating Bridged to Routed network
Replies: 2
Views: 1882

Re: Migrating Bridged to Routed network

Now that we are using routerboards in nearly every network device and since I have recently had the request from a customer that wants to vpn from one office to another through the network (which they obviously can't do at this point because I am blocking client<->client traffic) I am looking into ...
by butche
Sat Sep 06, 2008 7:42 pm
Forum: General
Topic: RB133 wont save any changes after reboot.. Please HELP!
Replies: 1
Views: 844

Re: RB133 wont save any changes after reboot.. Please HELP!

There is a jumper that resets configuration on reboot. I can't recall which on it is, but that's the problem. Look for the RB133 manual pdf on routerboard.com for the details.
by butche
Sat Sep 06, 2008 12:55 am
Forum: General
Topic: How to nat local dynamic IP addresses
Replies: 10
Views: 2572

Re: How to nat local dynamic IP addresses

I am not sure how you have this set up. Is the challenge just the device needs dhcp rather than setting a static IP? If the device that provides the dhcp server service is a MikroTik box, you can make a dynamic lease a static lease. It is still dhcp, but It always gets the same IP. Then you can poi...
by butche
Fri Sep 05, 2008 10:09 pm
Forum: General
Topic: How to nat local dynamic IP addresses
Replies: 10
Views: 2572

Re: How to nat local dynamic IP addresses

10.10.10.10 address is dynamic IP ????? i think is manual! You are correct in this statement, however, the "problem" is in how to create a NAT to a device that has a dynamic address., which the posted solution does. If you want, I can create for you a script that WILL create this NAT to a...
by butche
Fri Sep 05, 2008 10:58 am
Forum: General
Topic: could not connect to console, try rebooting the router
Replies: 6
Views: 2170

Re: could not connect to console, try rebooting the router

I checked every change from 3.0 to 3.13, and there is no fix for anything similiar.
Since when has the changelog been complete? :-)

Upgrading from 3.0 is still a good idea. There are many fixes, including updated firmware if you are using a Routerboard.
by butche
Fri Sep 05, 2008 10:30 am
Forum: General
Topic: How to nat local dynamic IP addresses
Replies: 10
Views: 2572

Re: How to nat local dynamic IP addresses

AOA i think is not possible au contraire... You CAN do this, but it's not quite like was originally asked. Try this for an option: On the CLIENT (the router you want to do NAT for) do this: /interface bridge add name=loopbackiface /ip address add interface=loopbackiface address=10.10.10.10/32 This ...
by butche
Fri Sep 05, 2008 9:45 am
Forum: General
Topic: OpenVPN and certificates
Replies: 6
Views: 3235

OpenVPN and certificates

According to the wiki, there is currently no way to implement a full PKI with OpenVPN. Is this something that is coming, or if it has changed, can anyone provide some assistance in getting it working? I have the following configs (SERVER): [admin@AWAY-CLIENT] /certificate> print Flags: K - decrypted...
by butche
Fri Mar 28, 2008 5:49 am
Forum: RouterBOARD hardware
Topic: RB not rebooting
Replies: 4
Views: 1535

Re: RB not rebooting

Easier said than done! If I remembered that, I would remember not to lock myself out! And then, if the changes did not take effect because the safe mode reverted them back, I would be a little more than just irritated. And somehow it does make me feel better knowing it locks me out. Lets me know it...
by butche
Mon Mar 24, 2008 7:09 am
Forum: RouterBOARD hardware
Topic: RB not rebooting
Replies: 4
Views: 1535

Re: RB not rebooting

I am notorious for locking myself out of my own boxes with my firewall, and must use the serial port to unlock it. Not related to the original topic, but why not use "safe mode" when updating firewalls? If you are in an ssh/telnet/serial terminal, just do "CTRL-X" to toggle safe...
by butche
Fri Mar 07, 2008 6:50 pm
Forum: General
Topic: FEATURE REQUEST: MLPPP
Replies: 25
Views: 7477

Re: FEATURE REQUEST: MLPPP

if somebody can give us access to a client whos ISP supports these features, we can try to add them For just one example, BellSouth supports this with their business DSL. But I am personally just as interested to see MT support this both as a client AND server side. It would be a good thing to be a...
by butche
Fri Mar 07, 2008 5:23 am
Forum: General
Topic: FEATURE REQUEST: MLPPP
Replies: 25
Views: 7477

Re: FEATURE REQUEST: MLPPP

MLPPP is defined in RFC 1990 (PPP Multilink Protocol, August 1996). It is an extension to the PPP (Point-to-Point Protocol). See "PPP (Point-to-Point Protocol)" for information about the basic protocol. Microsoft Windows, Linux, and other operating systems support multilink. Many routers ...
by butche
Fri Feb 08, 2008 10:45 pm
Forum: Beginner Basics
Topic: How to make this network
Replies: 9
Views: 2933

Re: How to make this network

The "how to" configure part is in the documentation. Please what section of manual or can you post the link? Your configuration request is from all over the manual... Adding IPs, hotspot, firewall (for the NAT) and likely others... The manual is located here (for 2.9): http://www.mikrotik...
by butche
Mon Feb 04, 2008 7:36 pm
Forum: Scripting
Topic: Send Mail with script or netwatch Things to Look out for!!
Replies: 1
Views: 2937

Re: Send Mail with script or netwatch Things to Look out for!!

I ran into this issue one time before, but it was on a customer network where I didn't have access to the mail server. I am glad to see that someone was able to track it down, as I made it work with another workaround. Thanks for your post.
by butche
Sat Feb 02, 2008 9:13 pm
Forum: Beginner Basics
Topic: pppoe-clients disconnects
Replies: 14
Views: 8736

Re: pppoe-clients disconnects

it's happening again? What version of RouterOS are you using? If you are not running the latest version, upgrade to 2.9.50 or 3.2 (if you are already running 3.x).
by butche
Tue Jan 15, 2008 3:48 am
Forum: General
Topic: Problem with firewall filter to dst-address?
Replies: 14
Views: 7432

Re: Problem with firewall filter to dst-address?

to forbid access to certain proxied websites, use proxy rules, and do not deal with IPs =) Certainly. It is my understanding, however, that he wants to redirect traffic from one IP to another IP. This can certainly be done via the proxy rules, but that is not what was asked. Perhaps you can post an...
by butche
Mon Jan 14, 2008 9:57 am
Forum: General
Topic: Problem with firewall filter to dst-address?
Replies: 14
Views: 7432

Re: Problem with firewall filter to dst-address?

Why doesn't work with forward?? as normis said, his advice is use forward, then set the dst-address I just curious.. Because you are natting (redirect to local proxy service) and that happens before forward. Once that has happened, the forward chain will no longer effect the packet, since it is a p...
by butche
Mon Jan 14, 2008 9:50 am
Forum: General
Topic: Ip Firewall
Replies: 8
Views: 1953

Re: Ip Firewall

/ip firewall nat add chain=dstnat src-address=x.x.x.x protocol=tcp dst-port=80 action=dst-nat to-addresses=y.y.y.y to-ports=80 I test your advice, but why doesn't work: [admin@MikroTik] > ip firewall nat print Flags: X - disabled, I - invalid, D - dynamic 0 chain=dstnat src-address=172.16.100.199 p...
by butche
Fri Jan 11, 2008 5:18 pm
Forum: General
Topic: Help: Collecting Client Data (using freeradius + myslq)
Replies: 5
Views: 1434

Re: Help: Collecting Client Data (using freeradius + myslq)

Is there a way i can use my current setup (Mikrotik + Freeradius + Mysql) to store user imput? For example, and one text box for email on the logging page, and save it as another user atribute in the mysql database. Just as radius stores the stadistics there must be a simple way to store user gener...
by butche
Fri Jan 11, 2008 4:39 pm
Forum: Beginner Basics
Topic: basic question for routing --need help
Replies: 6
Views: 1814

Re: basic question for routing --need help

thanx both of u ashish and butche according to ur conversation i have to add 3 routes at BASE STATION dst-add=192.168.10.0/24 gateway=10.10.1.1 dst-add=192.168.20.0/24 gateway=10.20.1.1 dst-add=192.168.30.0/24 gateway=10.30.1.1 am i right? Yes, the base station needs all 3 of these routes. This is,...
by butche
Fri Jan 11, 2008 4:30 am
Forum: General
Topic: ip redirect
Replies: 2
Views: 1228

Re: ip redirect

How do we redirect a particular LAN IP address or block or set of IP address with UDP port to a particulate destination address? IP address of the block 192.168.112.0/24 or 192.168.112.10 or multiple IP's Protocol: UDP Port: 53 dst address: 67.138.54.100 (This was referred form a previous post rega...
by butche
Fri Jan 11, 2008 4:24 am
Forum: Beginner Basics
Topic: basic question for routing --need help
Replies: 6
Views: 1814

Re: basic question for routing --need help

James,
If you want a basic routing course, check out some of the tutorials available at http://www.learntcpip.com/.

In order to add a route, you can do as ashish has suggested. You need 3 routes added in the router at the ap in your diagram. One route for each of your 192.168.x.x networks.
by butche
Fri Jan 11, 2008 2:00 am
Forum: General
Topic: Help: Collecting Client Data (using freeradius + myslq)
Replies: 5
Views: 1434

Re: Help: Collecting Client Data (using freeradius + myslq)

It sounds like you need a hotspot backend. The User Manager is made for this, there are a multitude of others out there (I have one available). If you want just a frontend to your current setup, you need to find a programmer who understands how to build the web application you need.
by butche
Fri Jan 11, 2008 1:42 am
Forum: General
Topic: How to log link status ?
Replies: 9
Views: 6289

Re: How to log link status ?

I threw this together a long time ago to debug a client but I don't remember if it works or not.. :if ( [:len($linkstate1)] = 0 ) do={ /int ethernet monitor ether1 once do={:global linkstate1 $status;} } :if ( [:len($linkstate2)] = 0) do={ /int ethernet monitor ether1 once do={:global linkstate1 $s...
by butche
Thu Jan 10, 2008 7:39 pm
Forum: General
Topic: How to log link status ?
Replies: 9
Views: 6289

Re: How to log link status ?

However Link UP , and Link down is part of kernel messages under linux , that’s why I thought that put a such kind of message into log should not be a big problem. These are available with the debug messages that I quoted above. From other side I’d tried to setup logging via netwatch /tool netwatch...
by butche
Thu Jan 10, 2008 7:20 pm
Forum: Beginner Basics
Topic: pppoe-clients disconnects
Replies: 14
Views: 8736

Re: pppoe-clients disconnects

That part of the configuration looks ok. Do you see anything in the log when these are failing? Is it specific customers who are failing, or is it "random" customers? How many people are connected when this starts? What is the hardware platform? One other thing, you may try turning off &qu...
by butche
Thu Jan 10, 2008 10:21 am
Forum: General
Topic: How to log link status ?
Replies: 9
Views: 6289

Re: How to log link status ?

SNMP is not exactly what I want. “/system logging add topics=wireless,debug action=memory” looks good, but I need the same for Ethernet interfaces :(. SNMP is not the best answer, but I only gave you the options that were currently available in Mikrotik, which, I assumed, was your question. For the...
by butche
Thu Jan 10, 2008 10:18 am
Forum: General
Topic: PPPoE Sharing
Replies: 14
Views: 3220

Re: PPPoE Sharing

well, there ya' go! I had forgotten that 3.x had interface routing.
by butche
Thu Jan 10, 2008 4:49 am
Forum: General
Topic: Dont see "Upload rate" and "Download rate" in v.3RC13
Replies: 3
Views: 2025

Re: Dont see "Upload rate" and "Download rate" in v.3RC13

No problem...it took me a while to find this, too. ;-)
by butche
Thu Jan 10, 2008 4:44 am
Forum: General
Topic: PPPoE Sharing
Replies: 14
Views: 3220

Re: PPPoE Sharing

Hi guys, is there any tutorial for PPPoE for the same gatewy?? I Mean if I take 2 ADSL connection from 1 ISP and 1 Gateway, is there any solution?? Link, referer or something else maybe.... ofcourse it's for MikroTik I've never had this scenario, but I can imagine the trouble it could cause. I can'...
by butche
Thu Jan 10, 2008 4:39 am
Forum: General
Topic: How to log link status ?
Replies: 9
Views: 6289

Re: How to log link status ?

HI. 1)Is it possible to log link up/down status and speed/duplex mode? Im asking because it's not a problem to get such kind of information under Linux. You can do this in several ways. You can use SNMP to gather some of this information. You can cause the actual logging of this information (syslog...
by butche
Thu Jan 10, 2008 2:20 am
Forum: General
Topic: Ip Firewall
Replies: 8
Views: 1953

Re: Ip Firewall

hello, i have made a web server and in Nat Firewall i have redirect ip client to this ip web server, but what is the different of the Protocol..for example what happen when i chose 1(icmp),2 igmp,6(tcp),17 udp etc..etc, dont forget something, im wanna redirect this client, and stop the internet wor...
by butche
Thu Jan 10, 2008 12:49 am
Forum: General
Topic: Dont see "Upload rate" and "Download rate" in v.3RC13
Replies: 3
Views: 2025

Re: Dont see "Upload rate" and "Download rate" in v.3RC13

right-click on a queue. You will see the option to add these display columns
by butche
Thu Jan 10, 2008 12:37 am
Forum: Beginner Basics
Topic: pppoe-clients disconnects
Replies: 14
Views: 8736

Re: pppoe-clients disconnects

Isn't this a little like telling a mechanic "my car won't start...what is the problem?"

You need to provide some configuration detail in order to get some help.
/ppp export
/ip pool export
If you are doing radius auth:
/radius export

Those are a start.
by butche
Thu Jan 10, 2008 12:32 am
Forum: General
Topic: XBOX Live and ROS 3.0RC13
Replies: 71
Views: 34138

Re: XBOX Live and ROS 3.0RC13

" SRCNAT " seems to work. IE 69.39.12.12 NATd to 10.0.0.3 works. BUT 69.39.12.12 with a MASQURADE to a device (With a DST NAT by port) does not work. The differance seems to be between the function of a SRC NAT vs MASQURADE.. My end user has 1 "Public IP" address (that changes)....
by butche
Wed Jan 09, 2008 7:13 pm
Forum: General
Topic: OSPF - PPPOE
Replies: 5
Views: 1676

Re: OSPF - PPPOE

I already read the that doc but i can find what i need. assume that you have 10 MK Routers and one of them have route to the internet, every 10 MK can ping each other we want to give IP to the PPPOE clients that's all, i couldnt find application example. or any enough manual Yes, OSPF will fix the ...
by butche
Wed Jan 09, 2008 8:57 am
Forum: General
Topic: hotspot woes
Replies: 2
Views: 1070

Re: hotspot woes

is your hotspot connected to the internet via a pppoe connection by chance?
by butche
Wed Jan 09, 2008 8:33 am
Forum: General
Topic: Feature proposal (also community pls say if it is required)
Replies: 14
Views: 6301

Re: Feature proposal (also community pls say if it is required)

There is no need to go inside Mikrotik. I can get all names of interfaces by walking (it can be done by perl code or even using libnetsnmp, instead forking snmpwalk binary), it is just standart MIB. I know...and now with your statements and mine above, everyone sees both possibilities. Thanks for p...
by butche
Tue Jan 08, 2008 10:23 pm
Forum: General
Topic: Problem with firewall filter to dst-address?
Replies: 14
Views: 7432

Re: Problem with firewall filter to dst-address?

Gotta ask...where did you get the "place-before=0" parameter? I have seen other setup commands that I do not see any mention of in the reference manual. If that does what I think it does, that is a handy thing to know! Any other shortcuts like that? I didn't know it wasn't in the manual. ...
  • 1
  • 2