Hi, I would like to see if anybody else have a problem like our and has found the reason or a solution. We use a power supply that we by from mk/routerboard.com (18POW 18V Power Supply) and from time to time, like once a week, we have one of these supplier that dies. We have to go to the site and re...
For me the porpouse is different. Chat is a quick, live and focussed help (you explain what is your problem and people online try to help you). Forum is more relaxed, minded but goes at a different speed.
Normis, chat is interesting since one can have a quick answer 24hrs a day. This is a live support community that if well managed can take away some pression on official mk support. I agree that it would be interesting to create separate rooms with the subject that is treated inside. Otherwise you ca...
I am interested in the configuration of you tower with 3 sectorial antennas and roaming facility for mobile voip handset. Do you have any experiences with that ?
can I have an idea of how do you put a video stream on the network, I mean how do you proceed in streaming a video (is this tv channel, movies, etc..), which machine is used etc... thanx
we would like to set up some Ap to have a decent coverage in a part of the city and give access to the wifi voip mobile handset that are now on the market, so that people can carry their "home number and rates" also out side the appartments.
normis, I would suggest something more robust and professional like using radius and a database like sql. with php they can also allow clients seeing the situation etc...
global-in and global-out reffers to the same traffic exepct the traffic originated/generate from/to teh router itself. shaping is normally done on the one leaving a certain interface. I dont understand how a customer can have more bandwidth that the one allowed by your pcq. can you be more specific?
p2p traffic takes a while to be detected and correctly mangled, usually firsts packets passed the p2pfilter. probably thats what you see.
you can also try to block most used p2p ports and then mangle and block p2p
Gianluca
we have some experince on it. we have hundreds of emulers. As said p2p programs gives download depending on upload. Actually we mangle the p2p-up and p2p-down traffic and limit both of them with pcq. This way we can give for instance 100kb on upload and 300kb on download to each customer. it works f...
I have a local ethernet card with a pppoe AC on it. Now I would like to segment my network with 6 vlans (and at the beginning I will still have untagged packets coming for a smooth transiction). in my tests I can brdige the vlans together but if I bridge also the ethernet card pings dont work (why?)...
We probably are a lot using an all bridged network to connect our clients. we use pppoe to connect clients to our MK OS pppoe concetrator and gateway. we are having problems with storms that are blocking the functioning of the network. I suppose that with the correct rules on /interface bridge filte...
good. we use rb512 with atheros cm9 for radio links point to point.
is there any limitation (I mean maybe atheros wireless card dont support so many packets).?
thank you very much, BUT it looks like this is very country-sensitive since you can probably still connect to 100% of SPANISH porn sites.... so this is not useful for us since our market is Spain
I prefectly agree with you. We can of course pay for such a service, but for a professional company this is highly scalable, for us it would be too expensive and not complete.
it would useful to have a way to block certain types of web sites.
of course we can block it thriugh the web proxy, but maybe someoen already find a way to update the site-list or a good method to do it.
We are using pppoe to connect WInXp customers to our MK. We have sometimes problems on the network due to the fact that 99% of our customers are connected directly with WinXP (SP1 and SP2) through pppoe to our network. Problems are: 1) disconnections, sometimes they are disconnected after a 2 or 10 ...
Franco, since in some cases I am having a similar problem, could you please explain the situation and how did you managed to solve it ? We are still using in an 80% windows PC directly connected to the network, and using winXP pppoe to connect them to our central mkOS server. Can we interchange some...
it would be useful to have a sample of correct firewall rules for a border router to avoid attacks, viruses etc..
i know that there are some topics on the forum about virus chain ... but it would be useful to write down ALL we need to think about to protect the network.
is there a final version of the script that looks for those IP infected and act ?
for me best action would be to block internet access and redirect them (if possible) to a local web page that comunicates thet they are infected
thanks
Gianluca
I would like to do the same, to block all ports of viruses and also use limit rate to block if there are too many packets per seconds (a virus attack but we dont know the port for instance).
yes, this is what the manual says.
BUT I would like to know practical aspects of it. Real life experiences .... feedback, which values are good or not so good....
we had a static electricity storm 15b days ago and the 2 rb230 in a tower stopped working. So we went there and we had the same as you: 1- the poe injector had the green (the only light) blinking at a cosntant pace 2- but unplugging the cable of the LAN and leaving the poe, the light stopped blinkin...
the typical case is where you have hundreds of pppoe user on your local network and 1 connection to your ISP (public interface). So you are trying to shape traffic of all pppoe interfaces (virtual interfaces on your local physical interface), there you need the global-in/out. As the shaping on a phy...
thanks for the explaination but of course I already know what you say, I hav ethe same question, I see 3 different ways of mangling and it would be nice if someone would explain it to us: 1) mark directly the packets and then use this packet flow in the queue 2) mark connection and then mark the pac...
I think this is a very good idea.
Just one question, probably for us coming from the western europe, it would be a lot cheaper and faster if the meeting would take place in a big capital like Paris, London, Barcelona, Rome etc.. where low cost flight can go.
I have added several items on the dude and worked fine for a while, but then 1 day we had a problem with the electricity and the pc got shut off in 1 sec. before that I was closing and opening the program without problems, and all elements were present on the dude map. after the electricity problem ...
we are thinking about a deeper solution: pass all the traffic with a rule called virus (that checks all viruses with the rules here explained) we also limit the maximum connection per src-address to 120, so if a virus is opening a lot of connections this fill the connection and the customer cannot u...
I can say the same, I still have a 2.8.23 and p2p filtering works fine for me.
Of course the client can change the port to 80 or another, but MK mangling is based on patterns and not just ports.
I suppose that p2p programs (like emule or edonkey or bittorrent) can also use these ports so that blocking virus like that can also block the peer to peer program.
the solution pass through using dst-nat with 1 tcp and 1 udp port to each client (with fix ip address of course). Then they have to enter these port numbers in their emule/edonkey programs.
situation is like this on my case: we are downloading from 3 internet sites at the same time and everytime we do it with my laptop we have 320 KB/s that is exactly what we deliver as internet access. With all other PCs we just have 80 KB/s. We tried several times and this is not due to the internet ...
apparently ether1 is using a different microprocessor. this is the difference. talking to MK support they say that I am the only one reporting this problem. now we are 2.
for me, with my laptop, we can have full speed, but with several other PCs this is very low, in some cases as low as 300kbs
We installed 3 CPE with RB532 (all bridged with cm9 5213). On the wireless side all looks ok, since we have 20 Mb/s on the PtMP. We are using of course Poe on a 5/10 meters length cable. But connecting several PC, one at each time, reveals a problem, they can just transmit or receive 500kb/s or 1,70...
we are going to install these RB532 into outddor antenna enclosure. Here summer goes up to 40 ºC and winter is around 5-10 ºC. It would be nice to have a relation or test results (if any available) about CPU settings and temperature. Also, is temperature lowing performance, i.e. at 40ºC works better...
once important thing, after setting Rb must be shut down and power cable must be disconnected. after rebooting cpu mhz will be fixed to new value and you should use keep frequency to fix it forever.
Actually we are seeing the same behaviour. I shape it with: 21 ;;; P2P p2p=all-p2p action=passthrough mark-connection=p2p 22 in-interface=COG_GW connection=p2p action=accept mark-flow=p2p-down 23 connection=p2p action=accept mark-flow=p2p-up 24 p2p=all-p2p action=accept in 21 we mark all p2p, in 22 ...
I also have problems with prtg, the value I take form the mib browser of the number of interfaces (to see how many pppoe are connected), also without the "." is not working.
exactly. it is a good thing to set limit connection to a certain level. we limit to 250 the tcp connection per user. this is the instruction: add src-address=130.117.160.0/24 protocol=tcp action=drop \ connection-limit=250 comment="" disabled=no this helps a lot when a customer has a virus...
thanks a lot Edgard. BUt we are still on the 2.8 since 2.9 is in beta and no support is given, we have seen and plaid with the 2.9 but scared on putting it on production.
we need at a certain point to change the profile of a customer. since we use freeradius, we can change on the database the filter and then, next time it authorise the customer, it will have the new profile. but what if dint disconect and reconect can we remove the interface of the pppoe of that cust...
I would like to see where in freeradius (which table) are the parameters: Filter-Id - firewall filter chain name. It is used to make a dynamic firewall rule. Firewall chain name can have suffix .in or .out, that will install rule only for incoming or outgoing traffic. Multiple Filter-id can be provi...
maybe filter-id is like ppp profile in the local database Filter-Id - firewall filter chain name. It is used to make a dynamic firewall rule. Firewall chain name can have suffix .in or .out, that will install rule only for incoming or outgoing traffic. Multiple Filter-id can be provided, but only la...
we would like to give different services to our clients. client A has a profile A and their traffic is going through a firewall rules on rule forward /ppp .... same thing for client B this is like we are doing it with pppoe right now, assigning a different profile to customers A profile A, B..B but ...
We are using freeRadius to autenticate the pppoe users. now we would ike to assign via radius also the profile of the users. how can it be done ? I cannot find it on the attributes...
thanks. but this is what my MIB browser give sme. must be the right one.
but the PRTG dont retreive any value at this oid, but works perfectly with all others.
and also when connecting through the serial cable, I can see the system start up, launching services but then I dont receive on my teminal screen any login... but at the same time if I try to enter via telnet it works.
We are using several mk links on the 5Ghz as point to point for our backbone We are using almos 80% of allowed bandwith, but since this depends on the ambiental situation, we need the following: from a mikrotik run a script that, lets say every 30 mins, is launching a /tool bandwidth-test ....... an...
well, we are a fix ISP (ETTH ethernet to the home) company. we would like to register our clients through radius and then have a billing system (provisioning, customer backoffice with traffic, consumption etc..). We are thinking about products like freeradius and optigold. any suggestion on a comple...
I suppose that then I have to write a script that use dst-nat for that new user.
but then do have to make this rule active just for 10 seconds (and what if customer starts brwosing just after 1 minute), or how ?
Eugene, could you please be a bit more specific on it. I have 50 customers woth pppoe. With 3 profiles (so that I have 3 fw rules, one each profile below ppp fw rule). where should I put the rules for counting bytes? I imagine that to put an identifier on each rule, I have to base the rule on the IP...
hi ponline, I am interested in this idea.
we are also hardly touched by p2pers that are downloading more movies that they can see in their life! I think we are going to limit download to a certain amount of GB.
For a low cost almost free profile on pppoe we would like that our customers are redirected (or that home page ...) to a certain webpage (our webpage). This just the first time they connect (then they must be free of browsing). I have no idea on ho to do it, is it possible? (I am using pppoe, no hot...
thank you very much Edgards. I had a look at the docs and demo. Just 2 more questions, since I am a bit lost: 1- we are a fixed WISP, our customers will be soon on a pppoe connections using winxp. Can we eliminate them to introduce the username/password, can it be done automatically or they have eac...
actually we are using several mikrotiks as firewall/traffic shaping/policy routing, still on v2.8 we would like now to set up a max 4 GByte per user limit and then ask some euros on the extra traffic each user will be consuming. We are using no radius. customers will prepay it. we will of course nee...
About the p2p we have 2 users using a client of bit torrent called BitComet. Apparently this is recognised as p2p (but not sure) but then when shaping the traffic (for instance it is limited to 180 Kb/s and works for all other clients), these 2 clients can download at 700 or more Kb/s. No way to lim...
but what i am seeing is that also after rebooting, or is pc connects after router is rebooted, some p2p programs are not recognised.
We have a clear case with a program called azureus, upload is not limited (or not well mangled ....)
I forgot to say that as I suppose that p2p is recognised through patterns on the packets, we all should post our info (which programs etc..) and also copy it to support@mikrotik.com in this way they can test it, find the pattern, append it in the code and include in the new release. In my case, some...
The same happens to me. I created a mangle at the end catching all the rest (after mangling all known traffic like http/s,ftp,dns, p2p etc..). Then you limit (for instance to 75kb/s) this traffic to each user. In this way you limit the traffic and if they have to use a not known (mangled) traffic, t...
Rosario, that is good news, I didnt know it. I will read the docs to see how it works. The problem I have i sthat I have 2 providers, and 1 gave us the public IP adresses and I would like to use these addresses also with the other provider. Have no idea about gbp/as but find out.... any help is wolc...
Yes I know, with route ploicy, but if I have public IPs from 1 provider (and don't have ngp) how can I route these IPs to a second one (that of course cannot annouce the IPs since they dont belongs to him) ???
We have same problem, our wireless access point (from Conceptronic) they just unswer after 2,3 or 7 pings, but they answer ! So we had to set up a script (as in the script exemple) but of course it is different than in the netwatch. doing some quick tests it seems netwacth just looks at 1st ping, ar...
I would like to set up 3 links between 2 big buildings in a city, complete LOS (a lot higher then other buildings), distance is about 3 km and need at least 40 Mb/s. I am pretty used with MK (traffic shaping and firewalling but not wireless) I suppose the solution goes through having a PCI card inst...
I would like to set up 3 links between 2 big buildings in a city, complete LOS (a lot higher then other buildings), distance is about 3 km and need at least 40 Mb/s. I am pretty used with MK (traffic shaping and firewalling but not wireless) I suppose the solution goes through having a PCI card inst...
I have another problem with network chache, it doesn't work at all, if my local interface ip address is 192.168.1.1 I put thsi ip on a client pc and there is no way to browse then if I put a dns on the client pc, it works perfectly.. my config is set primary-dns=194.179.1.100 secondary-dns=0.0.0.0 a...
well, just mangle if you have a user with ip 192.168.5.29 you mangle the p2p traffic add src-address=192.168.5.29/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.29 comment="" disabled=no add connection=p2p_con_5.29 action=accept mark-flow=p2p_5.29 comment="" disabled...
now I receive this on my log a part of course is drpped by the input rule, but there is still another part (ISKAM) which doen's mach my input rules nov/06/2004 01:43:03 input->DROP, in:public, out:(local), src-mac 00:04:de:69:e8:a8, prot UDP, 218.186.80.250:500->217.172.x.x:500, len 244 > nov/06/200...
many thanks again anyway I received again on the log oct/27/2004 15:05:50 peer not configured oct/27/2004 15:05:54 received ISAKMP packet from 82.135.2.123:500, phase 1, Identity Protection oct/27/2004 15:05:54 peer not configured oct/27/2004 15:05:59 received ISAKMP packet from 194.176.44.209:500, ...
thank you very much, I will change it to this. I am on another prob... on the ip firewall rule forward I use the limit connection to limit the maximum connection of the mangled traffic to 150. But then we need to limit also the OVERALL max amount of connections per user, since they can have viruses ...
Hammy are your network coneccting a community of people like mine ? we would like to set up a p2p server to allow people to share their files, any experience on it?
on my log i see this. what does it mean ? TIME MESSAGE oct/23/2004 21:35:12 peer not configured oct/23/2004 21:35:13 received ISAKMP packet from 65.102.121.225:500, phase 1, Identity Protection > oct/23/2004 21:35:13 peer not configured oct/23/2004 21:35:14 received ISAKMP packet from 65.102.121.225...
maybe a litle bit too long but this is it [admin@MikroTik] ip firewall mangle> print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; P2P STREAMING src-address=192.168.5.29/32 p2p=all-p2p action=passthrough mark-connection=p2p_con_5.29 1 connection=p2p_con_5.29 action=accept mark-flow=p2p_5.29 2 ...
I would like to speed up as much as possible the web page opening dns are a important part now in my mangle I have at the first position p2p and then dns traffic, follows http/s and mail .... this is how i mangle the dns 68 ;;; DNS dst-address=:53 protocol=udp action=accept mark-flow=dns 69 src-addr...
i explain you how this is set up in our network, so you can see it better and we can talk more specifically we have 1 public IP, lets call it PubIP and 50 emule users, with private IP, lets say privIP1, privIP2 ... for instance the privIP 192.168.5.29 has all this: in ip firewall mangle / ip firewal...
we are using the mikrotik as gateway for our wireless LAN, mangling p2p traffic (basically 90% Emule) we are using private ips, so that we are using masquerade to allow the use of the emule we are using dst-nat assigning a tcp and a udp port to each client it works fine but sometimes there is someon...
I will try the script and organise the queues with some tricks, like just changing the queues with priority 5 to priority 1 and live queues that i dont want to change to priority 4 .... but this is not the solution why dont look at the donwloaded bytes and each time it goes up to a certain amount, w...
it would be very nice, but it seems mikrotik is not pushing in this direction. there is this billingo .... but we have to pay ... otherwise a lot of in-house solutions, but nobody shares anything I will start working on it beginning november, but I find a bit silly re-invent the wheel again .... som...
many many thanks, I will try it asap. Anyway there are just 2 other aspects: - in my case not all the customers are using p2p, so instead of having a lineal increment of the variable, it would be nice to have a vector where i can put the list of customers I would like to include in this random. - th...
let's say we have 10 queues of p2p mangled trafficm i.e. p2pIN_user1 maxlimit 100 p2pIN_user2 p2pIN_user3 and so on and p2pOUT_user1 etc... maxlimit 30 all of them with priority 5 every our one customer should have the BINGO TIMEm randonly putting its queues to maxlimit 300 and the out to 90m priori...
or... we can also put a windows server on the network to automate this, but do you know any windows based prgram that can automatically telnet an equipment and write reboot after it ?
We have several customers using P2P. Each customer has its p2p traffic mangled and then put in a queue tree out and in. I would like to play a little bit with the max-limit of the queues setting them on a cycle way to higher number. I explain myself, lets say CL1 to CL30 have p2p on, all limited to ...
I have the same problem, we have a lot of users using p2p programs and need to reboot our equipment on teh network twice a day. Now we are still doing it manually but it would be nice to have it done from the MK through a script. My equipment doesn't support ssh and the only way is to use telnet + u...
many many thanks we are using 3 different LANs, tipical lan is LAN 1 CL1 --------------- SWITCH (no programmable)-------------- CL2 --------------- ! CL3 --------------- ! ! LAN 2 ! ! CL4 --------------- SWITCH (no programmable)---------------- MIKROTIK CL5 --------------- ! CL6 --------------- ! ! ...
I have the same problem, using masquerade, there is no way to make audio and/or video working (in same cases video is ok but slow) My customers found a solution using another software for audio. If you activate the universal plug and play everybody will see MIKROTIK UPaP everytime they connect to th...
if they change the IP is no problem for me, as they will not have access to the internet since it will be refused at the gateway (which is the MK). So my question is still open .... with PPPoE all packets goes directly to the PPPoE concetrator and then back to the other user ?? I mean, I don't want ...
Hi is the sangoma card this ? ADSL cards S518/ADSL PCI card Part Number S518 Description PCI 2.2 bus interface, 3.3v and 5v.Data rates up to 10.5 Mb/s high speed, 8 Mb/s full rate, 4 Mb/s for G.Lite downstream and up to 1 Mb/s upstream. A general purpose card supporting all applications including WA...
I would like to migrate my 100 customers to PPPoE. In this way can I avoid 1 customer to "see" the other customers ? I mean can I avoid direct customer to customer traffic ?
I tried the v2.9 and my system crashed (routerboard) some months ago. I of course wait for the new version released. Is there any documentation or screenshot available to see new feature so I avoid thinking in solving problems I might find on new version? If graph is embedded in new version, is ther...
Thank you very much. Of course it helps (we also have to translate it to spanish, but it is ok for our network in Barcelona,Spain). please write me at gianred123@yahoo.it I suppose you have rural hotspots and people are connecting through roof-top connections. Have you ever thought about setting up ...
We are using the mikrotik os on routerboard as gateway for our wi-fi network. Wi-fi network is based on cheap equipment like linksys and is a roof-to-roof network, then inside the building we are cabling. p2p traffic is shaped (mangle,queuetree+pcq) but there is a big problem on amount of connection...
I would like to migrate my network of 100 customers from LAN to PPPoE. Customers are 90 % on Windows XP, directly connected by cable & wifi to the router I would like to have some indication on how to set up the PPPoE client on the XP (I did it and looked easy and worked) but even more important...
that's excactly what happens to me, no audio at all, video is ok, seems just to be a litle bit slow but might be the queue tree that is slowing it down.
I have the same problem, actually we are connecting 1 of the 2 gateway of the MK to an ADSL, diverting p2p traffic there, but the router got stack very often.
Do you know any adsl-modem that supports wothout problems 20/25 users with emule ?
I also have the same problem. I would like to limit the connection per-user to 300. Can i set this as a limit just for the user p2p traffic or must be for all connections the user opens ? this emule is litteraly lowing teh performance of the whole network we have... that is a pitty ... we have a LAN...
can someone help me ?
I have CPU usage 50% and memory as well left as much as 50% (I am using a 64 Mb memory). I would like to use it in a 6Mb/s trunck with 8.000 connections opened
/ ip firewall set input name="input" policy=accept comment="" set forward name="forward" policy=accept comment="" set output name="output" policy=accept comment="" add name="customer" policy=none comment="" / ip firewall...