Community discussions

MikroTik App

Search found 21 matches

by SA
Thu Sep 25, 2008 3:43 pm
Forum: General
Topic: Telnet
Replies: 11
Views: 2468

Re: Telnet

Yes, it works with +ct, but the script must work with both 2.9 and 3.x. (and worked before 3.13).
Anyway, this is sort of a solution, thanks :D
by SA
Tue Sep 23, 2008 11:01 am
Forum: General
Topic: Telnet
Replies: 11
Views: 2468

Re: Telnet

Doesn't work in 3.14 either
by SA
Mon Sep 08, 2008 1:46 pm
Forum: General
Topic: new feature:Dynamic ppp address-lists
Replies: 33
Views: 19907

Re: new feature:Dynamic ppp address-lists

sometimes entries in address list stop working and do not 'participate' in firewall matching. But if you select that (not disabled) entry in WinBox and press "Enable", visually nothing changes, but address list entry is working again...
Experienced the same problem in 2.9.51.
by SA
Wed Sep 03, 2008 11:52 am
Forum: General
Topic: Telnet
Replies: 11
Views: 2468

Re: Telnet

#!/usr/bin/perl use strict; use Net::Telnet; unless (@ARGV > 2) { exit 2; } my $nasip = shift(@ARGV); my $community = shift(@ARGV); my $login = shift(@ARGV); my ($user,$pass,$t); ($user,$pass)=split(/:/,$community,2); $t = new Net::Telnet (Timeout => 5, Errmode => "return", # Dump_Log => ...
by SA
Tue Sep 02, 2008 10:07 am
Forum: General
Topic: Telnet
Replies: 11
Views: 2468

Re: Telnet

Seems like nobody really reads my message :(
The script that works with 2.9 and 3.10 does NOT work with 3.13 due to some change in the console code.
It hangs after login (there is a "logged in via telnet" message in the /log).
by SA
Sun Aug 31, 2008 10:14 pm
Forum: General
Topic: Telnet
Replies: 11
Views: 2468

Re: Telnet

There is nothing to "hit", the problem is with perl scripts (which worked fine with 2.9 and even with older 3.x versions). Yes, there should not be too much difference, but seems like there is :( Once again, the script does not receive command prompt, MT telnet server just hangs after logi...
by SA
Fri Aug 29, 2008 2:18 pm
Forum: General
Topic: Telnet
Replies: 11
Views: 2468

Telnet

After upgrading to 3.13 from 3.10 my Net::Telnet perl scripts don't work anymore. Seems like telnet server was changed, but I can't find anything about it in the changelog. 2.9 also works fine. The ploblem is apparently with terminal type handling, 2.9 says "terminal type is network", 3.13...
by SA
Sun Jul 15, 2007 9:42 pm
Forum: General
Topic: NSSA
Replies: 0
Views: 697

NSSA

I've configured NSSA ospf area and ROS doesn't redistribute connected and static routes. If I configure the area as default it works (as type 5 LSA). The whole point of NSSA is to redistribute external routes (as type 7 LSA, which get translated by ABR). Tried both routing and routing-test. ABR is C...
by SA
Wed Jul 11, 2007 10:45 pm
Forum: General
Topic: stateless fragment processing
Replies: 4
Views: 1293

Re: stateless fragment processing

Thanks, seems like the same problem (but I have no bridge). Still seems more like bug, if there is no way to match a fragment (ROS drops if tracking disabled, matches whole reassembled packet if tracking enabled) then why there are specific options for that in firewall?
by SA
Wed Jul 11, 2007 1:56 pm
Forum: General
Topic: stateless fragment processing
Replies: 4
Views: 1293

Re: stateless fragment processing

So would I.
But no, fragments are silently dropped by routeros with tracking disabled, not seen in mangle nor in filter chains at all.
by SA
Tue Jul 10, 2007 1:36 pm
Forum: General
Topic: stateless fragment processing
Replies: 4
Views: 1293

stateless fragment processing

I have 2 vlan interfaces (tag 101 and 102) and "accept all" rule in the forward chain. Fragmented UDP packets are dropped and there is no way to match them (only the first fragment is matched with size=1500). If I enable connection tracking the packets get forwarded and i see their "f...
by SA
Thu Sep 08, 2005 10:25 pm
Forum: General
Topic: Find route
Replies: 2
Views: 1505

Actually it's even worse.
:put [find connect=no] doesn't show anything but i DO HAVE ospf and static routes (which are supposed to appear here). So it seems like TWO bugs
1) find returns an empty set
2) print outputs something on an empty set from find
by SA
Thu Sep 08, 2005 3:22 pm
Forum: General
Topic: Find route
Replies: 2
Views: 1505

Find route

Hi. When I execute /ip route print from [/ip route find connect=yes] I get the listing of directly connected routes. But when I try /ip route print from [/ip route find connect=no] I get all routes including connected. :shock: Is there any way to filter out "connect" routes? I've tried oth...
by SA
Fri Sep 02, 2005 6:10 pm
Forum: General
Topic: 802.1q over EoIP
Replies: 1
Views: 1308

802.1q over EoIP

Hi. Does MT support transparent bridging of .1q tagged frames? i.e. MT1 eth1 connected to one end (site1) MT2 eth1 connected to other end (site2) There is an EoIP tunnel between MT1 and MT2, brigded with eth1 on each side. The point is to provide a "virtual wire" between two sites (which p...
by SA
Fri Oct 08, 2004 4:57 pm
Forum: General
Topic: Radius Attributes
Replies: 1
Views: 1453

Filter-Id=xxx.in creates dymanic rule jump to xxx (from dynamic interface) in the "ppp" chain. If the ppp chain doesn't exists Filter-Id does nothing.

To use Filter-Id you should create ppp and xxx firewall chains
by SA
Mon Aug 23, 2004 10:01 pm
Forum: General
Topic: Hotspot DNS
Replies: 3
Views: 2203

No, just wanted to achieve perfect security 8)

>Operating system may cache DNS records

That's what TTL is for :wink:

rate-limiting dns packets is a solution but not a perfect one.
Ideally non-authenticated clients should not be able to transmit a single byte to the outside
by SA
Mon Aug 23, 2004 7:28 pm
Forum: General
Topic: Hotspot DNS
Replies: 3
Views: 2203

Hotspot DNS

Is there any way to setup a dns server that responds with predefined A record to ANY request from non-authenticated hotspot users? I want them to be able to enter any url in their browsers and get to the login page. MT redirects all tcp traffic to HS webserver but client sends DNS query before openi...
by SA
Mon Aug 09, 2004 10:26 am
Forum: General
Topic: PPPoE and VLANs
Replies: 7
Views: 4936

No, viruses usually scan the whole Internet :lol:

Intel has windows drivers with vlan support for their cards, so you CAN connect a windows box to tagged port :D
by SA
Sun Aug 08, 2004 7:23 pm
Forum: General
Topic: PPPoE and VLANs
Replies: 7
Views: 4936

Yes, it is possible. I have about 50 VLAN interfaces and many of them have PPPoE servers attached. Everything is ok :D
by SA
Fri Jul 30, 2004 2:00 pm
Forum: General
Topic: PPP 732 error
Replies: 2
Views: 2177

After some tracing I've found that MT incorrectly rejects LCP Code 12 packets. They are recognized as rejects of some random code. If this code is essential (9 for example) Windows drops the connection with 732 error. Here's how it happens: [1656] 12:54:12:315: <Protocol = LCP, Type = Identification...
by SA
Wed Jul 28, 2004 12:08 am
Forum: General
Topic: PPP 732 error
Replies: 2
Views: 2177

PPP 732 error

About 1/10 of connect attempts to MT PPPoE service from Windows (using builtin XP client or RASPPPOE) fails with PPP 732 error. The problem never appeared with cisco. Is it MT bug? Any fixes/workarounds?