Community discussions

MikroTik App

Search found 552 matches

  • 1
  • 2
by skillful
Sun Aug 19, 2018 1:02 am
Forum: General
Topic: Dual WAN (really weird) problem...
Replies: 2
Views: 951

Re: Dual WAN (really weird) problem...

Modify the mangle rules to exclude out-interface and set passthrough=no in the output mangle rule ip firewall mangle add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=WAN...
by skillful
Fri May 25, 2018 11:04 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 222331

Re: v6.43rc [release candidate] is released!

Login by Winbox does not work but SSH and Telnet works
by skillful
Tue Jan 02, 2018 10:04 pm
Forum: General
Topic: SSTP server encryption offer [SOLVED]
Replies: 2
Views: 1770

Re: SSTP server encryption offer [SOLVED]

I wouldn't know how to enforce AES128 encoding over AES256 but I can assure you that SSTP connections are quite stable.

I had SSTP uptimes of over 30days before I upgraded my router to ver6.41 some five days ago.
sstp.png
by skillful
Sat Oct 14, 2017 5:39 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 45114

Re: v6.40.4 [current]

It surely works in winbox.
by skillful
Sun Aug 28, 2016 5:35 pm
Forum: Announcements
Topic: v6.36.2 [current] is released!
Replies: 54
Views: 27203

Re: v6.36.2 [current] is released!

RouterOS X86: Show R before interface name of interface list but this interface not connected with any device, why?
This will occur if :

1. the interface is a "Master Port" for another interface that is connected to a device,

Or

2. If the interface is a Bridge Interface
by skillful
Sun Aug 30, 2015 1:32 pm
Forum: General
Topic: Add two or more events in System scheduler
Replies: 2
Views: 2195

Re: Add two or more events in System scheduler

Yes, there is a way.

Just go ahead and list the scripts on a different line, one after the other in the "on event" field.

E.g.
/system script run script1
/system script run script2
/system script run script3
by skillful
Tue Aug 11, 2015 9:01 pm
Forum: General
Topic: How many HotSport user account in maximum in Mikrotik - CCR1072-1G-8S+?
Replies: 2
Views: 1069

Re: How many HotSport user account in maximum in Mikrotik - CCR1072-1G-8S+?

The theoretical limit, as stated in Mikrotik ROS Licence documentation is "unlimited" for Level 6.
by skillful
Sun May 17, 2015 1:40 am
Forum: General
Topic: PPP clients do not get added to bridge specified in PPP profile
Replies: 2
Views: 1852

Re: PPP clients do not get added to bridge specified in PPP profile

Two conditions must be met for a VPN to be dynamically added to a bridge.

1. You must add the VPN interface to a bridge on both the server and client ends.

2. Do not specify local and remote IP in PPP profile or secret. Add the IP address to the bridge instead.
by skillful
Mon Apr 27, 2015 2:21 pm
Forum: General
Topic: Hotpsot VS Printers & Copier
Replies: 8
Views: 2745

Re: Hotpsot VS Printers & Copier

From your diagram, it is obvious that Printer/Copier/Users communication occur on the Dlink Switch. In this case, the RB951 router will not interfere with your LAN communication since it is used to route packets egressing your LAN. You don't even need to add any bypass rule for the Printer/Copier in...
by skillful
Tue Apr 21, 2015 2:32 pm
Forum: General
Topic: Winbox 3 RC
Replies: 636
Views: 207109

Re: Winbox 3 RC

A work around for those experiencing winbox3.0RC9 crash. Check mark "Open in New Window" before click on connect.
by skillful
Thu Apr 16, 2015 10:22 pm
Forum: The User Manager
Topic: UM ver3 on ros v6
Replies: 3
Views: 2073

Re: UM ver3 on ros v6

NO!

UM and ROS versions most match.
by skillful
Sun Apr 12, 2015 12:43 am
Forum: Wireless Networking
Topic: How to set time based SSID broadcasting on Mikrotik
Replies: 5
Views: 1943

Re: How to set time based SSID broadcasting on Mikrotik

user connected will be kicked off at 5pm?
Yes, all users will be kicked out at 5pm. You can modify the codes to reflect your preferred time by editing the value "time=8h-17h"
by skillful
Thu Apr 09, 2015 9:38 pm
Forum: Wireless Networking
Topic: How to set time based SSID broadcasting on Mikrotik
Replies: 5
Views: 1943

Re: How to set time based SSID broadcasting on Mikrotik

Make two access-list rules; first one, to allow access during certain time and second on to deny access at all times. List order is important. /interface wireless access-list add comment="Allow access between 8am and 5pm" time=8h-17h,sun,mon,tue,wed,thu,fri,sat add authentication=no commen...
by skillful
Wed Mar 25, 2015 11:34 pm
Forum: Wireless Networking
Topic: Long distance links-best solutions?
Replies: 13
Views: 3812

Re: Long distance links-best solutions?

Set Wireless Protocol to NV2 and configure NV2 Security.
by skillful
Mon Mar 02, 2015 7:10 pm
Forum: General
Topic: OpenVPN server almost working - help to finish?
Replies: 10
Views: 3228

Re: OpenVPN server almost working - help to finish?

Modify your firewall to accept packets from the VPN network:
/ip fire filt 
add chain=input action=accept src-address=192.168.25.0/24 place-before=6
add chain=forward action=accept src-address=192.168.25.0/24 place-before=6
by skillful
Mon Mar 02, 2015 11:47 am
Forum: General
Topic: OpenVPN server almost working - help to finish?
Replies: 10
Views: 3228

Re: OpenVPN server almost working - help to finish?

/ip firewall nat> print 5 ;;; Outbound Internet Access chain=srcnat action=masquerade src-address=192.168.27.0/24 out-interface=all-ppp log=no log-prefix="" 6 X ;;; Outbound VPN Internet Access chain=srcnat action=masquerade src-address=192.168.25.0/24 log=no log-prefix="" 7 ;;;...
by skillful
Sun Mar 01, 2015 4:20 pm
Forum: General
Topic: OpenVPN server almost working - help to finish?
Replies: 10
Views: 3228

Re: OpenVPN server almost working - help to finish?

/ppp profile> print 1 name="OpenVPNprofile" local-address=OpenVPNpool1 remote-address=OpenVPNpool1 bridge=bridgeLAN use-mpls=default use-compression=default use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=default address-list="" You need to remo...
by skillful
Sun Mar 01, 2015 3:32 pm
Forum: General
Topic: Guest wireless almost working - help to finish?
Replies: 3
Views: 1598

Re: Guest wireless almost working - help to finish?

You need to add a rule in firewall filter to forward packets originating from the bridgeGuest interface and place the rule before the forward drop rule. /ip firewall filter add chain=forward action=accept place-before=3 in-interface="bridgeGuest Internet" comment="forward bridge guest...
by skillful
Sun Feb 15, 2015 1:10 am
Forum: Wireless Networking
Topic: Multiple Signals?
Replies: 5
Views: 3012

Re: Multiple Signals?

Chains 0, 1, and 2 (Ch0, Ch1 & Ch2) are antennae on a single radio. If your radio is 2x2 MiMo then you have two antennae (Ch0 and Ch1). TX/RX Signal Strength = Ch0+Ch1+Ch2 TX/RX Signal Strength Ch0 = Signal from antenna connected to chain 0 TX/RX Signal Strength Ch1 = Signal from antenna connect...
by skillful
Thu Feb 05, 2015 2:30 pm
Forum: Wireless Networking
Topic: the most stable solution for ptp link less then 7Km?
Replies: 10
Views: 2518

Re: the most stable solution for ptp link less then 7Km?

QRT 5 has been very stable in my network. It neither restart nor freeze.
by skillful
Thu Feb 05, 2015 1:33 pm
Forum: Wireless Networking
Topic: the most stable solution for ptp link less then 7Km?
Replies: 10
Views: 2518

Re: the most stable solution for ptp link less then 7Km?

QRT 5 should be adequate for your task.
by skillful
Tue Jan 20, 2015 12:53 pm
Forum: General
Topic: RouterOS v6.25
Replies: 107
Views: 45003

Re: RouterOS v6.25

Auto upgrade not working; displays error message - "Couldn't perform action: don't know which is system package (6)" in Winbox window
by skillful
Thu Dec 11, 2014 2:45 pm
Forum: General
Topic: Access to different routers, same public IP
Replies: 3
Views: 1500

Re: Access to different routers, same public IP

To specify the port in winbox, the format is <ip_address>:<port>

e.g. 192.168.122.1:8292
by skillful
Thu Dec 11, 2014 12:04 pm
Forum: General
Topic: Winbox 3 beta
Replies: 243
Views: 145958

Re: Winbox 3

Yes, it is normal behaviour. You must use the network address not node IP address. Take for example, the node IP address 192.168.1.10/30. The network address is 192.168.1.8, broadcast address is 192.168.1.11 while the two nodes IP addresses are 192.168.1.9 and 192.168.1.10. In order to represent the...
by skillful
Tue Dec 09, 2014 11:49 pm
Forum: General
Topic: How to redirect traffic from googledns to other dns provider
Replies: 6
Views: 2847

Re: How to redirect traffic from googledns to other dns prov

By using dst-address-list and src-address-list, you can accomplish your aim with only one rule. /ip firewall nat add chain=dstnat protocol=udp dst-address-list=google_dns dst-port=53 action=dst-nat to-addresses=69.42.56.54 to-port=53 src-address-list=no_google_dns /ip firewall address-list add addre...
by skillful
Fri Nov 21, 2014 6:50 pm
Forum: General
Topic: A final solution to the problem of the netCut
Replies: 32
Views: 11174

Re: A final solution to the problem of the netCut

The solution is PPPoE
by skillful
Fri Nov 21, 2014 6:45 pm
Forum: General
Topic: PPTP VPN
Replies: 6
Views: 3248

Re: PPTP VPN

Hi, I have a scenario, in which I want my traffic to be routed to internet through the MikroTik PPTP VPN server once the PPTP connection is established. I have one Ethernet interface in the RouterOS with public IP to which I am connecting. Is it possible to achieve this? How can it be done? Thanks....
by skillful
Tue Oct 28, 2014 6:46 pm
Forum: General
Topic: Does WDS mode means WDS repeating?
Replies: 3
Views: 1689

Re: Does WDS mode means WDS repeating?

Yes, WDS means "WDS repeating" if mode="wds slave" is used. Then you get 50% reduction in throughput per hop. But if mode="station wds" is used, it allows you to add the WDS interface to a bridge if you so desire. It is a hack used in the early days of WIFI to add a wif...
by skillful
Tue Oct 14, 2014 5:16 pm
Forum: General
Topic: prpblem with ip cloud
Replies: 4
Views: 1402

Re: prpblem with ip cloud

Paste this rule in new terminal
/ip firewall filter
add chain=input comment="accept winbox" dst-port=8291 protocol=tcp place-before=0
You may also wish to add src-address=a.b.c.d/e to the rule to further restrict the IP Addresses allowed to access the router with winbox
by skillful
Tue Oct 14, 2014 4:18 pm
Forum: General
Topic: DHCP Mikrotik can't detect on winbox
Replies: 3
Views: 1508

Re: DHCP Mikrotik can't detect on winbox

Do you have DHCP server configured on ether2 or ether5?

Please post the output of
/ip dhcp-server export
by skillful
Tue Oct 14, 2014 11:44 am
Forum: General
Topic: DHCP Mikrotik can't detect on winbox
Replies: 3
Views: 1508

Re: DHCP Mikrotik can't detect on winbox

You post is not very clear.

Are you saying that winbox neighbour view could not detect your RB750?
or
You cannot obtain an IP Address from the RB750 by DHCP?
by skillful
Tue Oct 14, 2014 11:29 am
Forum: General
Topic: license
Replies: 1
Views: 1005

Re: license

For all license related issues, it is advisable that you contact Mikrotik support by email (support@mikrotik.com)
by skillful
Tue Oct 14, 2014 12:53 am
Forum: Wireless Networking
Topic: Wireless distribution with WinBox and 433AH router
Replies: 1
Views: 1133

Re: Wireless distribution with WinBox and 433AH router

The wifi interface and the LAN port of the ADSL Router are most likely connected to the same switch chip inside the ADSL Router, so they see one another at layer2. Therefore, you must stop the packets before they get to the ADSL Router. The easiest way is to assign static IP Addresses to your Printe...
by skillful
Sat Oct 11, 2014 1:12 am
Forum: Wireless Networking
Topic: Migrating to Nv2
Replies: 5
Views: 2008

Re: Migrating to Nv2

Yes, you will loose default WPA encryption when you use NV2. The NV2 protocol does not use the default security settings, it will rather use its own security settings configured under the NV2 tab (nv2-preshared-key)
by skillful
Sat Oct 04, 2014 1:29 am
Forum: Wireless Networking
Topic: wireless AC can't find Noise Floor Threshold
Replies: 9
Views: 5323

Re: wireless AC can't find Noise Floor Threshold

Noise floor is a measurement of the ambient RF noise as seen by your wifi interface. It is not configurable, it is a read only value. It is however used in conjunction with signal strength to calculate the SNR value.
by skillful
Fri Oct 03, 2014 1:25 pm
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 74988

Re: v6.20 released!

Winbox v2.x still works?
Yes, Winbox 2.2.18 still works.
by skillful
Sat Sep 27, 2014 7:29 pm
Forum: Wireless Networking
Topic: From UBNT to MIkrotik: WPA2/PEAP with username and password
Replies: 6
Views: 3037

Re: From UBNT to MIkrotik: WPA2/PEAP with username and passw

You should not have an entry in the Access list for CPEs that you wish to authenticate by Radius. When the CPE connects to the AP, the AP checks the Access List for entry that match the CPE. If an entry if found then the Radius is not consulted but if no entry is found in the Access List then Radius...
by skillful
Wed Sep 24, 2014 7:21 pm
Forum: Beginner Basics
Topic: Limitations problem with User Manager!
Replies: 7
Views: 3478

Re: Limitations problem with User Manager!

IT WORKS!!

I have no idea what I've done but it works. :D

Can you please explain me what I've just done? Maybe there would be some side effects?

Thank you.
Please see http://forum.mikrotik.com/viewtopic.php?f=7&t=83477 for some explaination
by skillful
Fri Sep 19, 2014 4:36 pm
Forum: General
Topic: Mikrotik Sol. for 10 Km antena,
Replies: 3
Views: 1908

Re: Mikrotik Sol. for 10 Km antena,

I will recommend a pair of http://routerboard.com/RB911G-5HPnD-QRT over and above http://routerboard.com/RBSEXTANTG5HPnD because of its bigger antennae.
by skillful
Mon Sep 15, 2014 8:12 pm
Forum: General
Topic: Concurrent users
Replies: 3
Views: 2192

Re: Concurrent users

The ROS level6 license supports an unlimited number of concurrent users subject to the ability of your hardware.

The CCR1036 can handle 600mbps with 2000 concurrent users effortlessly.
by skillful
Thu Sep 11, 2014 1:07 pm
Forum: Wireless Networking
Topic: Sector AP
Replies: 8
Views: 2465

Re: Sector AP

It works very well at short distance (3km) with clear line of sight.
by skillful
Tue Sep 09, 2014 11:16 pm
Forum: Wireless Networking
Topic: failover link
Replies: 2
Views: 1268

Re: failover link

Where is the Mikrotik in your network? This is a Mikrotik forum.
by skillful
Tue Aug 19, 2014 1:36 am
Forum: General
Topic: ISP gives block of 16 address -- Need help configuring plz!
Replies: 9
Views: 6526

Re: ISP gives block of 16 address -- Need help configuring p

You can assign the IP statically without using PPPoE. Setup the interface facing your client to use IP address 180.185.160.209/28 /ip address add address=180.185.160.209/28 interface=lan Modify your NAT rule to exclude source ip 180.185.160.208/28 add action=masquerade chain=srcnat src-address=!180....
by skillful
Tue Aug 19, 2014 1:16 am
Forum: General
Topic: How to avoid user hotspot share connection using connectify
Replies: 4
Views: 6158

Re: How to avoid user hotspot share connection using connect

You need to set ttl to 1 on the interface facing the clients. Assuming the clients are connecting to wlan1 on your router. /ip firewall mangle add action=change-ttl chain=postrouting comment="change ttl to1" new-ttl=set:1 out-interface=wlan1 This will stop non technically savvy clients fro...
by skillful
Tue Aug 19, 2014 12:54 am
Forum: General
Topic: ISP gives block of 16 address -- Need help configuring plz!
Replies: 9
Views: 6526

Re: ISP gives block of 16 address -- Need help configuring p

It appears that the ISP will be routing the 180.185.160.208/28 block to you over the wan static ip 71.165.180.199 If this is the case, just setup PPPoE server on your client interface and handout the IP block 180.185.160.208/28 directly to your clients statically or dynamically using IP Pool 180.185...
by skillful
Fri Aug 01, 2014 2:18 am
Forum: General
Topic: enable/disable an ip address with an IF
Replies: 7
Views: 2391

Re: enable/disable an ip address with an IF

i just tried it. It worked both ways.

Paste the codes in a script and run to see if it works.

Manually delete the ARP entry for 10.70.3.5 and then run the script.
by skillful
Thu Jul 31, 2014 11:13 pm
Forum: General
Topic: enable/disable an ip address with an IF
Replies: 7
Views: 2391

Re: enable/disable an ip address with an IF

1. Create a schedule to run at 10sec interval 2. Copy and paste the script below into the "On Event" box of the schedule { :if ([/ip arp print count-only where address="10.70.3.5"]=0) do={ /ip add set [find address="10.70.1.1/30"] disable=no } else={/ip add set [find ad...
by skillful
Thu Jul 31, 2014 2:13 am
Forum: General
Topic: Routing between hotspot running on vlan to regular subnet
Replies: 3
Views: 1828

Re: Routing between hotspot running on vlan to regular subne

Do I need to create a mangle rule to mark packets from the 10.12.1.0 subnet destined for the 172.16.0.0 subnet? Yes. Since you are using PCC and policy routing, you need to exclude packets destined for the 172.16.0.0/16 network from the 10.12.0.0/22 network from being policy routed outside your net...
by skillful
Mon May 19, 2014 10:47 am
Forum: General
Topic: v6.13 released!
Replies: 176
Views: 65819

Re: v6.13 released!

Just upgraded from 6.12 to 6.13 (x86). From the Winbox -> Queues -> Simple Queues - the list is empty. In the terminal/ssh it's ok. Anybody with the same problem? I confirm this issue on RB1200. Simple queues are gone in both winbox and webfig. Sometimes the queue are there but frozen in time. Afte...
by skillful
Mon Mar 24, 2014 8:24 pm
Forum: General
Topic: Static DNS to a specific server
Replies: 3
Views: 1693

Re: Static DNS to a specific server

In addition to setting up the static DNS, your have to setup NAT rules to redirect all DNS request to your router. /ip firewall nat add action=redirect chain=dstnat dst-port=53 in-interface=bridge-local protocol=udp add action=redirect chain=dstnat dst-port=53 in-interface=bridge-local protocol=tcp ...
by skillful
Sat Jan 18, 2014 2:50 pm
Forum: General
Topic: MUM Europe 2014 - Italy, Venice, February 20-21
Replies: 145
Views: 73512

Re: MUM Europe 2014 - Italy, Venice, February 20-21

Flight Tickets purchased, hotel booked and baggage packed; ready to go.

See you in Venice.
by skillful
Tue Oct 08, 2013 8:56 pm
Forum: General
Topic: Port forwarding using PCC - help required
Replies: 3
Views: 1950

Re: Port forwarding using PCC - help required

Try excluding the dst-port from pcc markings. /ip firewall mangle add action=mark-connection chain=prerouting comment="port forward" disabled=no dst-port=1000,11115 new-connection-mark=port_forward passthrough=yes protocol=tcp add action=mark-connection chain=prerouting comment="port ...
by skillful
Mon Mar 25, 2013 10:51 am
Forum: Wireless Networking
Topic: How to work with static queues
Replies: 1
Views: 868

Re: How to work with static queues

create a queue for the IP range 10.10.0.0/24 and set the bandwidth to some very small number i.e 200bps. Place this queue below other static queues. Do NOT make the bandwidth 0. This will effectively queue down any IP in the range 10.10.0.1-10.10.0.254 not expressly provided for in the queue rules a...
by skillful
Thu Nov 22, 2012 8:24 pm
Forum: Beginner Basics
Topic: Static routing
Replies: 25
Views: 13236

Re: Static routing

Type
/ip route print
into a terminal window. Then copy and paste the output to the forum
by skillful
Thu Nov 22, 2012 8:17 pm
Forum: Beginner Basics
Topic: Static routing
Replies: 25
Views: 13236

Re: Static routing

Post the routing tables of both routers
by skillful
Thu Nov 22, 2012 8:14 pm
Forum: Beginner Basics
Topic: Static routing
Replies: 25
Views: 13236

Re: Static routing

Can you ping PC:10.10.10.2 for RB 750 GL?
by skillful
Thu Nov 22, 2012 8:07 pm
Forum: Beginner Basics
Topic: Static routing
Replies: 25
Views: 13236

Re: Static routing

On RB 751U-2HnD, add static route to 10.10.10.0/24
/ip route
add dst-address=10.10.10.0/24 gateway=172.16.1.1 disabled=no distance=10
by skillful
Sun Nov 11, 2012 7:42 pm
Forum: General
Topic: PCC method not work with hotspot.. my code is here..
Replies: 6
Views: 2112

Re: PCC method not work with hotspot.. my code is here..

/ ip firewall mangle add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=LAN add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=LAN add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection \ new-connection-mark=ISP1_conn ad...
by skillful
Sun Nov 11, 2012 1:13 pm
Forum: General
Topic: PCC method not work with hotspot.. my code is here..
Replies: 6
Views: 2112

Re: PCC method not work with hotspot.. my code is here..

Remove "hotspot=auth" from the rules Add two more rules to exclude hotspot packets from being routed to your ISP. Place these rules before the first "mark-routing" rule. /ip firewall mangle add action=mark-packet chain=output connection-mark=ISP1_conn disabled=no new-packet-mark=...
by skillful
Sat Nov 10, 2012 5:19 pm
Forum: Beginner Basics
Topic: Setup ventrillo server
Replies: 4
Views: 1638

Re: Setup ventrillo server

something like this:
/ip firewall filter
add chain=forward in-interface="1Modem" src-address="Ventrilo_Server_IP_Address" action=accept place-before=0
Replace the words in "" as appropriate
by skillful
Sat Nov 10, 2012 5:11 pm
Forum: Beginner Basics
Topic: Allow some users for complete internet access
Replies: 11
Views: 3460

Re: Allow some users for complete internet access

Move rule #2 to #0
by skillful
Sat Nov 10, 2012 1:52 pm
Forum: Beginner Basics
Topic: Setup ventrillo server
Replies: 4
Views: 1638

Re: Setup ventrillo server

You need to place a rule in "/ip firewall filter" to accept incoming packets from the ventrilo server IP Address. Be sure to place the rule above the drop rules.
by skillful
Sat Nov 10, 2012 11:52 am
Forum: Beginner Basics
Topic: Allow some users for complete internet access
Replies: 11
Views: 3460

Re: Allow some users for complete internet access

I cannot see any allow rule in there.

Create the required allow rule and place it ahead of the facebook deny rule.
by skillful
Fri Nov 09, 2012 7:17 pm
Forum: General
Topic: v6rc3 released
Replies: 92
Views: 35824

Re: v6rc3 released

I noticed that "tcp-syncookie" setting disappeared from /ip firewall connection tracking.
:-)
Its now in
/ip settings
by skillful
Fri Nov 09, 2012 5:03 pm
Forum: Beginner Basics
Topic: 1 wan 2 subnet problems
Replies: 12
Views: 3033

Re: 1 wan 2 subnet problems

hm... but how to modify the firewall on host 192.168.0.200 there is no firewall on him... the only firewall is mikrotik Yea, there is a firewall on host 192.168.0.200. If it is a Linux box, then the firewall is in the iptables. Modify it to allow 10.10.10.0/29. If it is a windows box, then the wind...
by skillful
Fri Nov 09, 2012 4:16 pm
Forum: Beginner Basics
Topic: 1 wan 2 subnet problems
Replies: 12
Views: 3033

Re: 1 wan 2 subnet problems

You need to modify the firewall on host 192.168.0.200 to allow packets from 10.10.10.0/29. Or Use the scr-nat rule I gave you about to deceive host 192.168.0.200 into accepting packets from 10.10.10.0/29 believing that it is coming from 192.168.0.1, The down side of this is that host 192.168.0.200 s...
by skillful
Fri Nov 09, 2012 3:53 pm
Forum: Beginner Basics
Topic: 1 wan 2 subnet problems
Replies: 12
Views: 3033

Re: 1 wan 2 subnet problems

You setup looks okay. Hmmm, dont work... cannot ping cannot access shares, from mikrotik i can ping both subnet Since you can ping both lans from the mikrotik router then I suspect there might be a firewall on host 192.168.0.200 blocking traffic originating from outside its subnet. To test this assu...
by skillful
Fri Nov 09, 2012 3:17 pm
Forum: Beginner Basics
Topic: Allow some users for complete internet access
Replies: 11
Views: 3460

Re: Allow some users for complete internet access

lets see the output of
/ip proxy access print
by skillful
Fri Nov 09, 2012 3:10 pm
Forum: Beginner Basics
Topic: 1 wan 2 subnet problems
Replies: 12
Views: 3033

Re: 1 wan 2 subnet problems

by the way can you explain to me friend what that mark means "!" i see it before and google it but never find out what is serve for, posible you can help me ? "!" means not. Therefore "!192.168.0.200" mean "not 192.168.0.200" Your English is not very clear. I...
by skillful
Fri Nov 09, 2012 1:52 pm
Forum: Beginner Basics
Topic: RouterBoard 1100AH
Replies: 3
Views: 2172

Re: RouterBoard 1100AH

Check the firewall and Antivirus on your computer. Disable the firewall and AV temporarily and see if you can connect to the router.

Can you ping the router from your computer?
by skillful
Fri Nov 09, 2012 1:47 pm
Forum: Beginner Basics
Topic: 1 wan 2 subnet problems
Replies: 12
Views: 3033

Re: 1 wan 2 subnet problems

Create two rules in IP Firewall Filter. /ip firewall filter add action=drop chain=forward in-interface=lan1 out-interface=lan2 src-address=!192.168.0.200 add action=drop chain=forward dst-address=!192.168.0.200 in-interface=lan2 out-interface=lan1 Just copy and paste the above codes into a terminal ...
by skillful
Fri Nov 09, 2012 1:33 pm
Forum: Beginner Basics
Topic: Allow some users for complete internet access
Replies: 11
Views: 3460

Re: Allow some users for complete internet access

Place the allow rule above the deny rule.
by skillful
Mon Nov 05, 2012 11:43 pm
Forum: General
Topic: Double QoS for v6 is possible
Replies: 71
Views: 53973

Re: Double QoS for v6 is possible

Nice feature; good work.
by skillful
Sat Oct 27, 2012 7:38 pm
Forum: Wireless Networking
Topic: SEXTANT construction
Replies: 4
Views: 1941

Re: SEXTANT construction

1:According to the blurb, the sextant has an RB711G as the base router,, can MT confirm whether this is a standard "unmodified" Routerboard, or has it been re-shaped to fit the enclosure. The RB711-5HnD in the Sextant CPE is the standard RB711-5HnD. It was not modified or re-shaped. It fi...
by skillful
Mon Oct 22, 2012 1:18 am
Forum: Wireless Networking
Topic: Hotspot + freeradius
Replies: 1
Views: 1010

Re: Hotspot + freeradius

Just enable cookie in the hotspot server profile and set the cookie lifetime to whatever time you desire.
by skillful
Fri Oct 19, 2012 1:18 am
Forum: Scripting
Topic: Reboot Upon Timeout
Replies: 1
Views: 1136

Re: Reboot Upon Timeout

Use watchdog
by skillful
Tue Oct 02, 2012 10:28 pm
Forum: Beginner Basics
Topic: connection tracking multi wan
Replies: 2
Views: 1144

Re: connection tracking multi wan

The the absence of any policy routing, packets always e-gress on the interface with active default route with lowest distance.
by skillful
Fri Sep 14, 2012 12:08 am
Forum: Beginner Basics
Topic: Layer 7 Blocking website
Replies: 6
Views: 17819

Re: Layer 7 Blocking website

Firewall rules are hierarchical. So, make sure to place the exemption rule above the block rule.
by skillful
Mon Aug 27, 2012 2:49 am
Forum: General
Topic: [ASK] Block ping through filter & nat
Replies: 3
Views: 3238

Re: [ASK] Block ping through filter & nat

2. How to block ping from LAN to ether1 (Modem (Bridge) & MikroTik)? Not blocking with ip, but blocking with interface ether1. I tried with ip firewall nat chain=input action=drop protocol=icmp dst-address=10.0.0.1 in-interface=ether2 ip firewall nat chain=input action=drop protocol=icmp dst-ad...
by skillful
Mon Aug 27, 2012 12:42 am
Forum: General
Topic: Hot Spot Queue Bypass
Replies: 3
Views: 1648

Re: Hot Spot Queue Bypass

Sure, it is possible. 1. In mangle, packet mark outputs from your router to your users. 2. Create an unlimited static queue for the packets marked in 1 above. 3. Use a login script to always move the static queue above dynamic queues created by hotspot. Search the forum for a script to move static q...
by skillful
Tue May 08, 2012 7:29 pm
Forum: General
Topic: Bad latency on P2P-Link MikroTik SXT G-5HnD
Replies: 6
Views: 4118

Re: Bad latency on P2P-Link MikroTik SXT G-5HnD

Can i achieve 1-2ms with MikroTik SXT G-5HnD?
To achieve 1-2ms pings use Nstreme. That is, set Wireless Protocol=nstreme
by skillful
Wed Apr 25, 2012 8:15 pm
Forum: Beginner Basics
Topic: Please...! Its urgent. IP routing setup is not working
Replies: 4
Views: 1573

Re: Please...! Its urgent. IP routing setup is not working

Add a static route to network 0.0.0.0/24 on GW(MT1)
/ip route
add dst-address=0.0.0.0/24 gateway=10.0.0.3 distance=1 disabled=no
by skillful
Wed Apr 25, 2012 1:41 pm
Forum: General
Topic: PPTP client tunnel: default host route chokes tunnel conn.
Replies: 12
Views: 7878

Re: PPTP client tunnel: default host route chokes tunnel con

I think the misconfiguration is from the PPTP server end. Make sure you have not specified "Local Address" as 1.2.3.4 in the PPP secret. Do not use the IP of the interface your are dialing into as Local Address in PPP Secret. You can always use any wild IP Address.
by skillful
Wed Apr 25, 2012 3:27 am
Forum: General
Topic: how to select interface for PPTP/SSTP tunnels
Replies: 12
Views: 9918

Re: how to select interface for PPTP/SSTP tunnels

In that case, you have to use mangle to force PPTP packets to be routed over one uplink while SSTP packets engress the other uplink. PPTP make use of TCP:1723 and IP Protocol=GRE (value 47) SSTP make use of TCP:443 /ip firewall mangle add action=mark-routing chain=output disabled=no dst-port=1723 ne...
by skillful
Wed Apr 25, 2012 2:01 am
Forum: Scripting
Topic: usermman backup in 5.14 broken.
Replies: 2
Views: 1402

Re: usermman backup in 5.14 broken.

If the size of your user manager database file is large, you need to introduce a delay in the script after saving the database to give enough time for the save operation to complete before the email operation commence. /file remove Database.umb ; /tool user-manager database save name=Database ; :del...
by skillful
Wed Apr 25, 2012 1:34 am
Forum: Scripting
Topic: help find lease by comment
Replies: 6
Views: 2454

Re: help find lease by comment

Try:
/ip dhcp-server lease print where comment~"customer"
by skillful
Wed Apr 25, 2012 1:05 am
Forum: General
Topic: how to select interface for PPTP/SSTP tunnels
Replies: 12
Views: 9918

Re: how to select interface for PPTP/SSTP tunnels

You can force packets out on a particular interface by simply adding a route to that IP in your routing table. Assuming that the remote IP addresses you want to establish a tunnel to are x.x.x.x and y.y.y.y, You want the tunnel to x.x.x.x to be routed through DSL uplink while y.y.y.y is routed throu...
by skillful
Sun Apr 22, 2012 6:41 pm
Forum: General
Topic: Policy based routing using two uplinks
Replies: 13
Views: 26741

Re: Policy based routing using two uplinks

In addition to your existing configurations, you need to add routing marks that ensures that all packets entering the router from a particular interface leaves by that interface. /ip firewall mangle add action=mark-connection chain=input connection-mark=no-mark disabled=no in-interface= ISP1 new-con...
by skillful
Sun Apr 15, 2012 8:11 pm
Forum: The User Manager
Topic: Many problems with UM on v.5.14
Replies: 4
Views: 3790

Re: Many problems with UM on v.5.14

UM 5.14 is still in alpha stage! I see all types of weird behavior in it. If you must use UM in production environment, better downgrade to ROS4.17.
by skillful
Fri Apr 06, 2012 12:09 am
Forum: The User Manager
Topic: Voucher template constants
Replies: 11
Views: 13976

Re: Voucher template constants

Try out my template. <table style="color: black; font-size: 11px;" border="2" height="10"> <tr> <td colspan="2" bordercolorlight="#000000" bordercolordark="#000000"> <b><font size="2" face="Arial Black" color="#FF33...
by skillful
Thu Apr 05, 2012 11:18 pm
Forum: The User Manager
Topic: user limitation
Replies: 6
Views: 3453

Re: user limitation

create three profiles, 1day, 7days and 10days and set the validity to 1d, 7d and 10d respectively. Apply the required profile when you create users.
by skillful
Thu Apr 05, 2012 10:28 pm
Forum: The User Manager
Topic: user-manager and access to Winbox
Replies: 4
Views: 8872

Re: user-manager and access to Winbox

1. Edit profile "full" and add limitation "full". Make sure to place a check mark against the added limitation 2. Edit user "jpj", remove all associated profile from it and add only profile "full" Always use the userman web interface to configure and edit user...
by skillful
Thu Apr 05, 2012 1:20 am
Forum: The User Manager
Topic: user-manager and access to Winbox
Replies: 4
Views: 8872

Re: user-manager and access to Winbox

Use the "group name" attribute under Profile ->Limitations ->constraints ->group name to force a group.
by skillful
Mon Apr 02, 2012 2:16 am
Forum: The User Manager
Topic: Active sessions and Active users NOT refreshing.
Replies: 5
Views: 3559

Re: Active sessions and Active users NOT refreshing.

There is no generic best configurations for user manager. Configurations must be tailored to specific services/package offered by the ISP.
by skillful
Fri Mar 16, 2012 8:01 pm
Forum: The User Manager
Topic: Active sessions and Active users NOT refreshing.
Replies: 5
Views: 3559

Re: Active sessions and Active users NOT refreshing.

The userman status page does not auto refresh. Manually refresh it by clicking on another menu icon and then click on the status icon.
by skillful
Sun Mar 04, 2012 8:39 pm
Forum: General
Topic: Security Issue in ROS 5.14
Replies: 4
Views: 1429

Re: Security Issue in ROS 5.14

Bug confirmed present in ver5.14.
by skillful
Fri Mar 02, 2012 11:41 pm
Forum: General
Topic: WAN Failover with Dynamic IP from ISP and default route
Replies: 10
Views: 11053

Re: WAN Failover with Dynamic IP from ISP and default route

Setup as per Tevolo's first post and use recursive routing to ping any host you desire.
by skillful
Fri Mar 02, 2012 12:38 pm
Forum: General
Topic: Dynamic queue setup
Replies: 8
Views: 3165

Re: Dynamic queue setup

Hi Skillful,

Great! Your suggestion works for me. Thank you very much.
A karma will be well appreciated.
by skillful
Fri Mar 02, 2012 12:03 am
Forum: Beginner Basics
Topic: Radius and User man
Replies: 6
Views: 2282

Re: Radius and User man

All i do is?
1: add router in userman with ip address and password
2: add a radius in mikrotik with same ip and password and then check ppp
Use loopback ip - 127.0.0.1
by skillful
Sun Feb 26, 2012 6:54 pm
Forum: General
Topic: Dynamic queue setup
Replies: 8
Views: 3165

Re: Dynamic queue setup

In picture 4, set total-max-limit=4M too.

Also change all Queue type from "default-small" to "default" in pictures 3 and 4. There had been reported issues with default-small
by skillful
Sun Feb 26, 2012 12:02 am
Forum: General
Topic: restoring a default for "ip firewall service-port"
Replies: 3
Views: 2301

Re: restoring a default for "ip firewall service-port"

In winbox, double click the pptp icon to pop it up. Then click the up arrow key in the ports settings to delete whatever port you had set.
by skillful
Sat Feb 25, 2012 11:43 pm
Forum: General
Topic: WISP CONTROL MANAGER 100% Guarantee Work with Mikrotik
Replies: 2
Views: 2221

Re: WISP CONTROL MANAGER 100% Guarantee Work with Mikrotik

Post email address please.
by skillful
Sat Feb 25, 2012 11:30 pm
Forum: General
Topic: Dynamic queue setup
Replies: 8
Views: 3165

Re: Dynamic queue setup

Modify your queue as stated below.
upload=1500k
download=1500k
total-limit-at=1500k
by skillful
Sat Feb 25, 2012 11:07 pm
Forum: General
Topic: Scripting issue
Replies: 1
Views: 727

Re: Scripting issue

To record the output of "/interface wireless monitor wlan1" data into a text file: /interface wireless monitor wlan1 once file=power To extract only the "overall-tx-ccq" of "/interface wireless monitor wlan1" and save to file: /file print file=power /interface wireless ...
by skillful
Fri Feb 24, 2012 12:56 pm
Forum: Wireless Networking
Topic: How to reduce signal strength
Replies: 9
Views: 52571

Re: How to reduce signal strength

Setting the tx power too low will not damage the card but the card might not function properly at such low power level.

The settings are adjustable on all Mikrotik ROS with wireless adapter.
by skillful
Fri Feb 24, 2012 12:08 pm
Forum: Wireless Networking
Topic: How to reduce signal strength
Replies: 9
Views: 52571

Re: How to reduce signal strength

It is much more safer to use the method I described that modifying the tx power directly. You risk damaging the wireless adapter if you accidentally adjust the tx power beyond the capacity of the card. Whereas, modifying the antenna gain allow the ROS to automatically adjust the tx power to ensure t...
by skillful
Thu Feb 23, 2012 11:53 pm
Forum: Wireless Networking
Topic: How to reduce signal strength
Replies: 9
Views: 52571

Re: How to reduce signal strength

You can also use Antenna Gain to reduce signal strength to whatever value you want. Set frequencymode=regulatory domain, set country, then increase the antenna gain and watch the signal nosedive.

Image
by skillful
Tue Feb 14, 2012 11:19 pm
Forum: Beginner Basics
Topic: TFTP question
Replies: 3
Views: 1074

Re: TFTP question

Use FTP.
by skillful
Fri Feb 03, 2012 11:54 pm
Forum: Beginner Basics
Topic: how
Replies: 3
Views: 1384

Re: how

WDS is a hack, not a standardized protocol. So, its implementation varies from vendor to vendor and always incompatible across vendors. If you must use WDS, it is advisable to stick to a single vendor for best performance,
by skillful
Tue Dec 20, 2011 10:57 pm
Forum: Scripting
Topic: Testing a script
Replies: 11
Views: 6682

Re: Testing a script

Enclose the script in a parenthesis, then copy and paste it in a terminal window.
by skillful
Mon Dec 12, 2011 1:32 am
Forum: Beginner Basics
Topic: Basic NAT configuration problem
Replies: 3
Views: 1607

Re: Basic NAT configuration problem

The inbuilt web server of Mikrotik ROS runs on port 80 by default. To achieve your desire, you either change the mikrotik default www port from 80 to something else, i.e. 8080, or change the dst-nat port from port 80 to 8080. To implement the first option, goto ip->service->www and change 80 to 8080...
by skillful
Sat Dec 03, 2011 6:30 pm
Forum: Beginner Basics
Topic: IP>Web proxy>Allowing sites to get unblocked for certain tim
Replies: 9
Views: 8724

Re: IP>Web proxy>Allowing sites to get unblocked for certain

Yes, it can be done with ROS.

How are you blocking the sites? Post your blocking rules please.
by skillful
Mon Nov 07, 2011 12:25 pm
Forum: Beginner Basics
Topic: What setting is missing?
Replies: 11
Views: 1571

Re: What setting is missing?

You need to add a masquerade rule for the vlan interface.
/ip firewall nat

add action=masquerade chain=srcnat disabled=no out-interface="your_vlan_interface"
by skillful
Mon Oct 31, 2011 12:18 am
Forum: General
Topic: Proper NATing question
Replies: 4
Views: 1484

Re: Proper NATing question

I have an RB493G that I am setting up as my home firewall / router. I have an email server in house that needs to have ports forwarded to it. Specifically 443, 465, 993, and 25. I have NAT rules set up that are forwarding traffic nicely to the mail server, and all email is working. Post the forward...
by skillful
Sun Oct 30, 2011 11:48 pm
Forum: General
Topic: IP address change without control
Replies: 4
Views: 1205

Re: IP address change without control

Make sure "address pool" is set to "none" in hotspot server
by skillful
Sun Oct 30, 2011 11:13 pm
Forum: General
Topic: Policy based routing using two uplinks
Replies: 13
Views: 26741

Re: Policy based routing using two uplinks

You need to create an address list containing all the address you want to go through uplink1 /ip firewall address-list add address=192.168.100.x disabled=no list=uplink1 add address=192.168.100.y disabled=no list=uplink1 Now create a mangle rule to mark all packets that should go through uplink1 /ip...
by skillful
Sun Oct 23, 2011 2:42 pm
Forum: Beginner Basics
Topic: Repeater ! Please Help if you can..
Replies: 2
Views: 1401

Re: Repeater ! Please Help if you can..

For repeater to function properly, the SSID, Band and Frequency of both Access Points must be the same. Repeaters rely of WDS; but WDS is a hack not a standardized Protocol. Sometimes, this introduces compatibility issues when using products from different vendors. For this reason, it is better to u...
by skillful
Sun Oct 23, 2011 1:33 pm
Forum: General
Topic: I need to updade RoS version in an old x86 Mikrotik box
Replies: 6
Views: 1374

Re: I need to updade RoS version in an old x86 Mikrotik box

Hello all,

How can I updade it? I should buy a new license? How can I work this out?
Upgrade the box to ver5 and check the licence. If you have the 24hours trial licence then buy a new licence based on the ver5 soft ID.
by skillful
Tue Oct 18, 2011 12:13 am
Forum: General
Topic: rb 1200 change 5.7 to 4.7?
Replies: 1
Views: 756

Re: rb 1200 change 5.7 to 4.7?

ROS 4.xx is does not support RB1200. Do not load v4 package into the RB1200. You have to use v5.xx or higher.
by skillful
Tue Oct 04, 2011 1:38 am
Forum: Beginner Basics
Topic: RB751 When???
Replies: 13
Views: 6301

Re: RB751 When???

Hi,

Any chance of a copy of the specification sheet or other documentation (PDFs)?

Rgds,
Mark.
http://routerboard.com/RB751U-2HnD
by skillful
Tue Oct 04, 2011 1:08 am
Forum: The User Manager
Topic: UM Scripting Variable Names?
Replies: 4
Views: 2529

Re: UM Scripting Variable Names?

Have a look at the wiki
by skillful
Thu Aug 25, 2011 11:12 pm
Forum: General
Topic: Feature request: More web pages like hotspot
Replies: 8
Views: 3342

Re: Feature request: More web pages like hotspot

Hi skillful. So you mean I need to create hotspot and hotspot server must active?
Yes. Activation of hotspot server hijacks port 80 from the default home page and makes the hotspot folder available as root directory on port 80.
by skillful
Tue Aug 23, 2011 11:06 pm
Forum: General
Topic: How to Block UnknownUsers Using Free PtP Links via MyDevices
Replies: 9
Views: 2273

Re: How to Block UnknownUsers Using Free PtP Links via MyDev

After disabling default forwarding, add a firewall rule to stop a packets from exiting on the same interface it came from. /ip firewall filter add action=drop chain=forward disabled=no in-interface=wlan1 out-interface=wlan1 If your are bridging, you also need to enable firewall for bridged interface...
by skillful
Tue Aug 23, 2011 10:35 pm
Forum: General
Topic: Feature request: More web pages like hotspot
Replies: 8
Views: 3342

Re: Feature request: More web pages like hotspot

really? I tried but no success. 192.168.123.250/hotspot/error.html How to do that? Please explain me more detail. Place the html page in a folder (e.g. debtor) and upload the folder into the hotspot folder in your router. Then deny in web proxy and redirect to 192.168.123.250/debtor/error.html. 192...
by skillful
Thu Aug 18, 2011 7:38 pm
Forum: Beginner Basics
Topic: Ip Config
Replies: 9
Views: 2186

Re: Ip Config (Solved)

The ip address *.*.241.16/28 is network address for the /28 subnet, so, you cannot assign it to an interface. Change that address to *.*.241.21/28 since you are already scr-natting your private IPs to it. Assign public IPs from *.*.241.17 - *.*.241.20 and *.*.241.22 - *.*.241.30 to clients connected...
by skillful
Wed Aug 17, 2011 11:48 am
Forum: Beginner Basics
Topic: Ip Config
Replies: 9
Views: 2186

Re: Ip Config

IP addresses 192.168.0.0/24 and *.*.241.21 are not in your network diagram. Please post the output of
/ip address print
by skillful
Tue Aug 16, 2011 2:22 pm
Forum: Beginner Basics
Topic: Ip Config
Replies: 9
Views: 2186

Re: Ip Config

Post your nat rules and routing table, that is, the output of
/ip firewall nat export
/ip route export
by skillful
Tue Aug 16, 2011 1:51 pm
Forum: Wireless Networking
Topic: Configuring a wireless router with RB493AH
Replies: 2
Views: 841

Re: Configuring a wireless router with RB493AH

Did you connect an antenna to the wireless card on the RB493AH?
by skillful
Mon Aug 15, 2011 1:03 pm
Forum: Beginner Basics
Topic: Problem with ip addressing
Replies: 4
Views: 1566

Re: Problem with ip addressing

Remove IP 100.100.100.61 from your router completely. 100.100.100.61 should be assigned to the user.

You don't have to assign any IP address on eth3.
by skillful
Mon Aug 15, 2011 1:42 am
Forum: Beginner Basics
Topic: Problem with ip addressing
Replies: 4
Views: 1566

Re: Problem with ip addressing

1. Configure proxy-arp on ether1 and ether3 interfaces /interface ether set ether1 arp=proxy-arp /interface ether set ether3 arp=proxy-arp 2. add a static route for 100.100.100.61 /ip route add dst-address=100.100.100.61 gateway=ether3 distance=1 3. Configure the power user system as follows: IP Add...
by skillful
Mon Aug 08, 2011 12:32 am
Forum: Beginner Basics
Topic: CANNOT GET TO ROUTER VIA HTTP PORT
Replies: 10
Views: 21506

Re: CANNOT GET TO ROUTER VIA HTTP PORT

Please post the output of
/ip service print
/ip firewall filter print
by skillful
Sun Aug 07, 2011 10:30 pm
Forum: General
Topic: radius accounting request not sent
Replies: 7
Views: 6031

Re: radius accounting request not sent

The issue is cause by user-manager license limitation. Level 4 license allow only 20 active sessions in User-manager; so, after the 19th active session you will start seeing the issue. Delete all expired sessions that are still listed as active in user-manager and the issue should disappear. If you ...
by skillful
Sat Jul 23, 2011 11:56 pm
Forum: General
Topic: PPtP keeps disconnecting
Replies: 17
Views: 29101

Re: PPtP keeps disconnecting

Add a srcnat rule with action=masquerade on the pptp-out1 interface.
/ip firewall nat add chain=srcnat action=masquerade out-interface=pptp-out1
by skillful
Wed Jul 20, 2011 12:40 pm
Forum: Beginner Basics
Topic: Help With Load Balancing with same ISP and Dynamic
Replies: 3
Views: 1212

Re: Help With Load Balancing with same ISP and Dynamic

Post your routing table here; that is, the output of
/ip route print detail without-paging
by skillful
Wed Jul 20, 2011 2:50 am
Forum: Beginner Basics
Topic: Help With Load Balancing with same ISP and Dynamic
Replies: 3
Views: 1212

Re: Help With Load Balancing with same ISP and Dynamic

You need to add backup routes with a higher distance settings for the PCC routing marks.
by skillful
Mon Jul 18, 2011 1:04 am
Forum: General
Topic: PPtP keeps disconnecting
Replies: 17
Views: 29101

Re: PPtP keeps disconnecting

Let's see the output of the following codes:
/ip route print

/ip firewall nat print

/interface pptp-client print
You may just blank out any sensitive information
by skillful
Sun Jul 17, 2011 9:45 pm
Forum: General
Topic: PPtP keeps disconnecting
Replies: 17
Views: 29101

Re: PPtP keeps disconnecting

1. Set add-default-route=no on the PPTP client interface
2. add a scr-nat rule with action=masquerade out-interface=your-pptp-client-interface
by skillful
Fri Jul 15, 2011 12:27 am
Forum: Beginner Basics
Topic: Speed Test
Replies: 5
Views: 2424

Re: Speed Test

Better to use dedicated speed testing site like speedtest.net
by skillful
Sat May 28, 2011 1:56 am
Forum: General
Topic: RB 750 Auto Negotiation Problem
Replies: 8
Views: 3085

Re: RB 750 Auto Negotiation Problem

What's new in 5.4 (2011-May-27 13:18):

*) webfig - do not try to open many windows
if first open was blocked by browser;
*) RB4xx ether1 port flapping fixed;
Try out the new ROS 5.4
by skillful
Fri May 27, 2011 1:18 pm
Forum: General
Topic: PCQ and burst
Replies: 6
Views: 7420

Re: PCQ and burst

A better way to thank someone is to give a positive karma.
by skillful
Fri May 27, 2011 12:20 pm
Forum: General
Topic: PCQ and burst
Replies: 6
Views: 7420

Re: PCQ and burst

The pcq-burst-threshold is value that switch the burst on/off. You want to set this value lower than the pcq-rate so that burst is only possible when the user have just start a connection. The user is then allow to reach the pcq-burst-rate for a duration specified in the pcq-burst-time before being ...
by skillful
Fri May 27, 2011 1:09 am
Forum: General
Topic: PCQ and burst
Replies: 6
Views: 7420

Re: PCQ and burst

Is correct this new configuration for the new feature ? name="PCQ_Download" kind=pcq pcq-rate=2M pcq-limit=100 pcq-classifier=dst-address pcq-total-limit=1000 pcq-burst-rate=0 pcq-burst-threshold=8M pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=1...
by skillful
Fri May 27, 2011 12:59 am
Forum: General
Topic: RB 750 Auto Negotiation Problem
Replies: 8
Views: 3085

Re: RB 750 Auto Negotiation Problem

How long is the cable? Is the cable of good quality?

Force 10mbps and Disable Auto Negotiation on the interface.
by skillful
Fri May 27, 2011 12:55 am
Forum: General
Topic: License L5 into RB411AH
Replies: 1
Views: 849

Re: License L5 into RB411AH

Yes, you can put L5 license on the RB411. The Device type is RouterBoard.
by skillful
Fri May 27, 2011 12:25 am
Forum: Beginner Basics
Topic: prevent poor link radio from interfering with other cpes?
Replies: 1
Views: 918

Re: prevent poor link radio from interfering with other cpes

You should disable "Default Authenticate" on the wireless interface and use "access list" to control access to your AP 1. Create an access list entry for the MAC address of the errant CPE and remove the check-mark from Authenticating and forwarding. 2. Create another access list ...
by skillful
Thu May 26, 2011 11:58 pm
Forum: Beginner Basics
Topic: Re: how to reset user manager
Replies: 3
Views: 6584

Re: how to reset user manager

A better way to thank someone is to give a positive karma
by skillful
Thu May 26, 2011 1:03 am
Forum: Beginner Basics
Topic: Re: how to reset user manager
Replies: 3
Views: 6584

Re: how to reset user manager

To clear user-manager configurations, issue this command:
/tool user-manager database clear
by skillful
Fri Apr 22, 2011 12:29 pm
Forum: General
Topic: Do I have this Queue set up correctly
Replies: 4
Views: 1442

Re: Do I have this Queue set up correctly

You have to set the pcq-classifier as well

Create two PCQs, one for downloads with the pcq-classifier=dst-address and the second for uploads with the pcq-classifier=src-address. Set both rates to whatever you want each IP Address to have.

Now use these PCQs in the queue-type tab of the simple queue
by skillful
Mon Apr 18, 2011 12:33 am
Forum: Beginner Basics
Topic: Browser based port knocker
Replies: 11
Views: 3416

Re: Browser based port knocker

If you are still paranoid about this, you many add the source address matcher to the NAT rule. Instead of /ip firewall nat add chain=dstnat action=dst-nat to-address=192.168.1.2 protocol=tcp dst-address-type=local in-interface=WAN dst-port=500 to-port=80 You now have /ip firewall nat add chain=dstna...
by skillful
Sat Apr 02, 2011 8:31 pm
Forum: General
Topic: RouterOS 5.0 is out!
Replies: 153
Views: 39370

Re: RouterOS 5.0 is out!

Have you updated the licence to the new 8-digit format?

What is the output of
/system license print
by skillful
Sun Nov 21, 2010 6:23 pm
Forum: Beginner Basics
Topic: Server Cache
Replies: 3
Views: 1484

Re: Server Cache

Uncheck Always From Cache
by skillful
Sun Nov 21, 2010 5:49 pm
Forum: Beginner Basics
Topic: Why doesn't PCQ work correctly?
Replies: 10
Views: 3440

Re: Why doesn't PCQ work correctly?

Queue Type /queue type print 5 name="my_pcq_download" kind=pcq pcq-rate=0 pcq-limit=1 pcq-classifier=dst-address pcq-total-limit=200 6 name="my_pcq_upload" kind=pcq pcq-rate=0 pcq-limit=1 pcq-classifier=src-address pcq-total-limit=200 pcq-limit=1 is too small. Change that value ...
by skillful
Fri Jul 23, 2010 9:57 pm
Forum: Forwarding Protocols
Topic: OSPF or BGP for wireless network?
Replies: 8
Views: 4402

Re: OSPF or BGP for wireless network?

You have to instruct your uplink ISP to route the 80.97.140.0/24 IP range to you on your assigned 86.127.70.132 IP
by skillful
Sun Jul 04, 2010 7:49 pm
Forum: General
Topic: Attaking to my router OS
Replies: 3
Views: 1123

Re: Attaking to my router OS

see wiki
by skillful
Wed May 12, 2010 1:01 am
Forum: Scripting
Topic: Moving a Simple Queue to position 0 via a script
Replies: 7
Views: 8540

Re: Moving a Simple Queue to position 0 via a script

/queue simple move [/queue simple find name="Limit p2p"] 0 This code, when used in a script will move "Limit p2p" queue to number 1 not 0 print is unreliable in scripting because there is no shell I have have found print to be very reliable in scripting when compelled to print b...
by skillful
Tue May 11, 2010 11:44 pm
Forum: Scripting
Topic: Moving a Simple Queue to position 0 via a script
Replies: 7
Views: 8540

Re: Moving a Simple Queue to position 0 via a script

You are welcome. Glad to be of assistance.
by skillful
Tue May 11, 2010 10:59 pm
Forum: Scripting
Topic: Moving a Simple Queue to position 0 via a script
Replies: 7
Views: 8540

Re: Moving a Simple Queue to position 0 via a script

To use queue serial numbers in a script, you should first use the print command. Modify your script as shown below.
/queue simple print  brief without-paging
/queue simple move "Limit p2p" destination=0
by skillful
Tue May 04, 2010 12:41 am
Forum: General
Topic: How to intercept DNS requests to builtin server?
Replies: 7
Views: 3892

Re: How to intercept DNS requests to builtin server?

I understood my problem: Mikrotik works as bridge, so layer3-firewall ignores transit packets.
Is it solvable?
Yes it is solvable. Set bridge interface to use firewall.
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
by skillful
Mon Apr 26, 2010 8:50 pm
Forum: Beginner Basics
Topic: TTL increment for incoming packets. What am I doing wrong?
Replies: 5
Views: 3915

Re: TTL increment for incoming packets. What am I doing wron

Please modify your mangle rule to include the in-interface. e.g.
/ip firewall mangle
add action=change-ttl chain=prerouting comment="" disabled=no in-interface=wan new-ttl=increment:1
replace "wan" with the actual name of the interface connected to the ISP
by skillful
Sun Apr 25, 2010 9:19 pm
Forum: Wireless Networking
Topic: ROS V4.7 disapears
Replies: 5
Views: 1559

Re: ROS V4.7 disapears

Note! The recently released RouterOS v4.7 contained an uncommon DHCP server problem in some non standard installations, until a fix can be provided, you can use RouterOS v4.6
see http://forum.mikrotik.com/viewtopic.php?f=2&t=41113
by skillful
Sun Apr 25, 2010 8:34 pm
Forum: The User Manager
Topic: hotspot and /user login
Replies: 4
Views: 2231

Re: hotspot and /user login

It is not a bug. When you have hotspot on an interface, then the built-in http server is no longer accessible on port 80 on that interface.
by skillful
Sun Apr 25, 2010 1:16 pm
Forum: The User Manager
Topic: hotspot and /user login
Replies: 4
Views: 2231

Re: hotspot and /user login

You need to change the www port from 80 to something else, i.e 8888
/ip service set www port=8888
Now access userman at

[url]http://hotspot_ip:8888/userman[/url]
by skillful
Tue Apr 20, 2010 2:37 am
Forum: The User Manager
Topic: Usermanager, Hotspot, shared users
Replies: 19
Views: 38982

Re: Usermanager, Hotspot, shared users

Hello ,I am having th same problem. I am having a RB1000 running ROS 4.6 and UM 4.6 package installed.I am unable to create shared users,I dont even see an option for it the 'add user' menu. However in the Hotspot user profiles,there is a shared users option,is there any such thing in user manager?...
by skillful
Wed Apr 14, 2010 11:19 pm
Forum: RouterBOARD hardware
Topic: RB 433AH Stuck at "jumping to kernel code"
Replies: 23
Views: 10280

Re: RB 433AH Stuck at "jumping to kernel code"

Yes, I fixed the problem by using a different version of the Netinstall software. I cannot remember which version it was that resolved the issue. Try the netinstall 4.6 or 5.0beta1.
by skillful
Thu Mar 11, 2010 11:35 pm
Forum: The User Manager
Topic: masquarade and web proxy issue
Replies: 3
Views: 1995

Re: masquarade and web proxy issue

use the appropriate subnet mask to add a block of IPs.
/ip proxy access
add action=allow comment="" disabled=no src-address=10.10.10.0/23
add action=deny comment="deny all others" disabled=no
This rule will allow all IPs in the range 10.10.10.0 - 10.10.11.255
by skillful
Sun Mar 07, 2010 10:49 pm
Forum: The User Manager
Topic: masquarade and web proxy issue
Replies: 3
Views: 1995

Re: masquarade and web proxy issue

You have to allow access for 10.10.10.2 and 10.10.10.3 while blocking all others in "/ip proxy access" /ip proxy access add action=allow comment="" disabled=no src-address=10.10.10.2 add action=allow comment="" disabled=no src-address=10.10.10.3 add action=deny comment=...
by skillful
Tue Dec 22, 2009 1:25 pm
Forum: Beginner Basics
Topic: wireless control access
Replies: 2
Views: 1049

Re: wireless control access

Do not assign any IP Address to the wireless interface.
by skillful
Tue Nov 17, 2009 10:05 pm
Forum: Beginner Basics
Topic: Configuring Speed from proxy to client?
Replies: 13
Views: 25695

Re: Configuring Speed from proxy to client?

Please post the output of the following:
/ip fire man pr without-paging

/que sim pr without-paging

/ip proxy pr
by skillful
Wed Nov 11, 2009 6:06 pm
Forum: Beginner Basics
Topic: Configuring Speed from proxy to client?
Replies: 13
Views: 25695

Re: Configuring Speed from proxy to client?

You are correct. You cannot speed up just content that was already cached. Of course you can! 1. Assign a Cache hit DSCP (TOS) value in webproxy settings. The default in ROS is 4. /ip proxy set cache-hit-dscp=4 2. Set up a mangle rule on the output chain to mark packets with DSCP=4. Place this rule...
by skillful
Wed Nov 11, 2009 5:41 pm
Forum: Forwarding Protocols
Topic: route /28 netmask
Replies: 10
Views: 3845

Re: route /28 netmask

How is your question related to Mikrotik ROS? This is a Mikrotik ROS forum not a TCP/IP class.
by skillful
Mon Nov 09, 2009 6:05 pm
Forum: Beginner Basics
Topic: Can you mangle traffic from RB itself? (DNS, NTP etc.)
Replies: 12
Views: 3703

Re: Can you mangle traffic from RB itself? (DNS, NTP etc.)

To capture traffic from the router itself, you have to mangle chain=output.
by skillful
Wed Nov 04, 2009 8:58 pm
Forum: General
Topic: Installing DUDE on routeros 4.2
Replies: 7
Views: 1742

Re: Installing DUDE on routeros 4.2

Just reboot the router and the Dude package will be installed
by skillful
Sun Nov 01, 2009 8:55 pm
Forum: Beginner Basics
Topic: Impossible problem - pings from end to end
Replies: 2
Views: 1250

Re: Impossible problem - pings from end to end

You stole somebody's car and then turn around to ask his assistance to fix a puncture! Buy a legitimate version before asking for assistance.
by skillful
Wed Oct 28, 2009 8:41 pm
Forum: Beginner Basics
Topic: LAN Client
Replies: 1
Views: 920

Re: LAN Client

If the clients are in the same broadcast domain (i.e. connected to the switch) then the router cannot block viewing of network neighbourhood. But if the clients are in different broadcast domains, just drop packets destined for ports 135-139 and 445 in the forward chain.
by skillful
Mon Oct 26, 2009 12:41 am
Forum: Wireless Networking
Topic: Please Advise me Best and chep wi-fy solutaion
Replies: 4
Views: 1775

Re: Please Advise me Best and chep wi-fy solutaion

RB433 (or RB433AH), RB52 (or R52-350), omni antena.
Omni Antenna is not a good idea. Use 3units of 120deg high gain sector antenna instead.
by skillful
Sun Oct 25, 2009 6:14 pm
Forum: General
Topic: Configure webproxy transparent
Replies: 5
Views: 1963

Re: Configure webproxy transparent

You need to accept "established" and "related" connections in the input chain before dropping all.
by skillful
Sat Oct 24, 2009 1:42 am
Forum: Beginner Basics
Topic: Power supply Problems
Replies: 7
Views: 1704

Re: Power supply Problems

You might have unreliable connectivity at 100mbps if your Ethernet cable is not of very good quality and the span is long. Force the interface to only negotiate 10mbps and see if the connectivity is stable. /interface ethernet set [find name=ether1] speed=10Mbps auto-negotiation=no NB: Replace ether...
by skillful
Sat Oct 24, 2009 1:20 am
Forum: Beginner Basics
Topic: Power supply Problems
Replies: 7
Views: 1704

Re: Power supply Problems

What is the amperage of the 24Volt power supply?
How many radios did you install in the RB433?

I recommend laptop power supply of between 19-24VDC with not less than 2.5A current rating.
by skillful
Thu Oct 22, 2009 3:40 pm
Forum: General
Topic: Dhcp and hostpot "dynamic address-list"
Replies: 6
Views: 2113

Re: Dhcp and hostpot "dynamic address-list"

I do not see address-list in hotspot profiles.

Or anywhere apart from adding static leases!
It is in individual profile of your hotspot users. /ip hotspot user profile
by skillful
Thu Oct 22, 2009 1:02 am
Forum: Scripting
Topic: Like watchdog script
Replies: 2
Views: 3829

Re: Like watchdog script

Something like this.
{
:if ([/ping XX.XX.XX.XX count=2]>0) do={
    /interface disable [find name=wlan1]
    :delay 2s
    /interface enable [find name=wlan1]
    }
}
by skillful
Tue Oct 20, 2009 2:09 am
Forum: General
Topic: Problems with DNS for www.google.com
Replies: 174
Views: 65731

Re: Problems with DNS for www.google.com

Do you have a NAT rule to redirect all DNS request in place? If yes, disable the rule and check if the issue is resolved.
by skillful
Sun Oct 18, 2009 12:29 pm
Forum: General
Topic: Print voucher more than 3 per page
Replies: 4
Views: 1242

Re: Print voucher more than 3 per page

Unfortunately, the current version of User-manager does not support printing more than 3 vouchers per page.
by skillful
Sun Oct 18, 2009 1:54 am
Forum: General
Topic: Print voucher more than 3 per page
Replies: 4
Views: 1242

Re: Print voucher more than 3 per page

You can export the user-names and password to excel and then format excel to print in whatever way you want.
by skillful
Sun Oct 18, 2009 1:52 am
Forum: Scripting
Topic: Upgrading User-Manager 2.9.27 to User-Manager 2.9.42
Replies: 3
Views: 3104

Re: Upgrading User-Manager 2.9.27 to User-Manager 2.9.42

ROS 2.9.27 is too old and no longer supported. There is no reason why you cannot upgrade to version 4.1 or 3.30 at least. The upgrade is simple and free for all legitimate license.
by skillful
Sat Oct 17, 2009 2:25 am
Forum: Wireless Networking
Topic: noise floor
Replies: 5
Views: 5072

Re: noise floor

Get rid of all the amps, they won't serve any useful purpose. Amps will amplify both signal and noise in the same order of magnitude, so, the signal to noise ratio remains the same with or without the amplifiers.

Always use good quality, high gain, high sensitivity antenna.
by skillful
Fri Oct 16, 2009 10:37 pm
Forum: Wireless Networking
Topic: noise floor
Replies: 5
Views: 5072

Re: noise floor

Noise floor is the measure of the signal created from the sum of all the noise sources and unwanted signals within a measurement system. The lower the noise floor, the better the quality of communication. Noise floor being a negative value means that -100dBm is lower than -20dBm for instance. To ans...
by skillful
Fri Oct 16, 2009 12:57 pm
Forum: Beginner Basics
Topic: Can the Hotspot authenticate without an external radius?
Replies: 3
Views: 1066

Re: Can the Hotspot authenticate without an external radius?

Yes, ROS can do what you want and much more
by skillful
Fri Oct 16, 2009 2:42 am
Forum: Scripting
Topic: Upgrade v 3.10 to 3.24 = script problem
Replies: 2
Views: 1472

Re: Upgrade v 3.10 to 3.24 = script problem

You cannot extract the value of the comment field directly from /int wir reg. You have to get it from /int wir access. Try this: { :local signal :local body :local sysname :local macid :set sysname ("SIGNAL na " . [/system identity get name]) :foreach i in=[/int wir reg find ap=no] do={ :s...
by skillful
Thu Oct 15, 2009 1:21 am
Forum: General
Topic: imesh peer to peer
Replies: 4
Views: 1065

Re: imesh peer to peer

try this: /ip firewall layer7-protocol {add name=imesh regexp="^(post[\09-\0D -~]*<PasswordHash>................................</PasswordHash><ClientVer>|\34\80\?\0D\?\FC\FF\04|get[\09-\0D -~]*Host: imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?...
by skillful
Wed Oct 14, 2009 11:37 pm
Forum: The User Manager
Topic: Can't log into Usermanager while using dst nat to cache port
Replies: 3
Views: 2043

Re: Can't log into Usermanager while using dst nat to cache port

Change the www service port from 80 to something else, i.e. 8080
/ip service
set www address=0.0.0.0/0 disabled=no port=8080
Now access user-manager at http://192.168.30.254:8080/userman
by skillful
Mon Oct 12, 2009 6:40 pm
Forum: The User Manager
Topic: USER MANAGER RATE LIMIT
Replies: 9
Views: 22402

Re: USER MANAGER RATE LIMIT

something like this.
by skillful
Sat Oct 10, 2009 1:10 pm
Forum: The User Manager
Topic: USER MANAGER RATE LIMIT
Replies: 9
Views: 22402

Re: USER MANAGER RATE LIMIT

The "Burst threshold" cannot be higher than the "Rate Limit"

RX and TX are seen from the perspective of the router. RX is what the router receives from the client, i.e clients uploads. TX is what is transmitted to the client by the router, i.e. clients downloads.
by skillful
Fri Oct 02, 2009 6:52 pm
Forum: Beginner Basics
Topic: ROS hangs opening Terminal
Replies: 8
Views: 2107

Re: ROS hangs opening Terminal

Unistall NTP, Calea and User-manager.
by skillful
Sun Sep 27, 2009 1:16 am
Forum: RouterBOARD hardware
Topic: New To RB433.
Replies: 78
Views: 11771

Re: New To RB433.

Where do i type that?
Type in console / terminal
by skillful
Thu Sep 24, 2009 9:58 pm
Forum: General
Topic: Not getting actual throughput
Replies: 7
Views: 1564

Re: Not getting actual throughput

lets see the output of
/queue simple print
and
/queue tree print
by skillful
Thu Sep 24, 2009 5:33 pm
Forum: General
Topic: Not getting actual throughput
Replies: 7
Views: 1564

Re: Not getting actual throughput

normis, the client doesnt get the full capacity if they try to download. believe even i myself tried several times to download but couldnt get the full capacity. even surfing the net is very slow. Your graph shows the contrary. At about 1300hrs for example, you got the full bandwidth. Please be awa...
by skillful
Thu Sep 24, 2009 5:21 pm
Forum: The User Manager
Topic: user logoff option- using usermanager
Replies: 4
Views: 1733

Re: user logoff option- using usermanager

You can only add cost when setting up "credit time".

In your case, just create credit time with unlimited time (i.e time=0) and cost. Create as many of them as you desire. Select the appropriate one to add cost when setting uptime.
by skillful
Sat Sep 19, 2009 12:38 am
Forum: General
Topic: RouterOS v3.30 released
Replies: 10
Views: 2464

Re: RouterOS v3.30 released

let us know if anyone has tested on 133c board as 3.27 was stable
Tested on Ver.4.0Beta4 with limited package and it is rock stable, much better than ver. 3.xx
by skillful
Thu Sep 17, 2009 11:47 pm
Forum: Wireless Networking
Topic: wds mode in a mesh scenario
Replies: 1
Views: 1164

Re: wds mode in a mesh scenario

Both are correct but used in different scenarios.
/interface wireless set wlan1 wds-mode=dynamic
is used to add a dynamic wds interface to a bridge.
/interface wireless set wlan1 wds-mode=dynamic-mesh
is used to add a dynamic wds interface to a mesh without having to create a bridge interface.
by skillful
Thu Sep 17, 2009 6:31 pm
Forum: Scripting
Topic: scripting for firewall and sorting ports
Replies: 18
Views: 3032

Re: scripting for firewall and sorting ports

:for x from=1 to=6000 do={/ip firewall filter add chain=forward action=accept protocol=tcp port=$x; /ip firewall filter add chain=forward action=accept protocol=udp port=$x} For you to specify ports, you must also specify protocol. The script will create 12000 rules, i.e. 6000 rule for TCP and anot...
by skillful
Tue Sep 15, 2009 2:19 pm
Forum: Wireless Networking
Topic: MIKROTIK RADIO (RB 532) FOR WIRELESS AND HOTSPOT
Replies: 8
Views: 2579

Re: MIKROTIK RADIO (RB 532) FOR WIRELESS AND HOTSPOT

Use netinstall to upgrade the Router Board.
by skillful
Thu Sep 03, 2009 12:04 am
Forum: Wireless Networking
Topic: MIKROTIK RADIO (RB 532) FOR WIRELESS AND HOTSPOT
Replies: 8
Views: 2579

Re: MIKROTIK RADIO (RB 532) FOR WIRELESS AND HOTSPOT

Download the latest appropriate version of ROS from the mikrotik site. The "All Packages" contains user manager as well. If your license is too old, use net-install to upgrade the Router.

As for detail steps, search the wiki, every information you need is there.
by skillful
Wed Sep 02, 2009 11:56 pm
Forum: General
Topic: NEW feature :) "admin comment"
Replies: 3
Views: 1179

Re: NEW feature :) "admin comment"

You can use the sys-note feature. Create a text file named sys-note.txt and ftp it into the router or just drag and drop it into the files folder in winbox. The content of that file is displayed whenever someone log-in via terminal, telnet or ssh.
by skillful
Wed Sep 02, 2009 10:18 pm
Forum: Wireless Networking
Topic: BAD BLOCKS.
Replies: 5
Views: 1603

Re: BAD BLOCKS.

Of course, some new Router Boards do come with some bad blocks. Bad blocks is just another statistics especially when it is not much.
by skillful
Wed Sep 02, 2009 7:36 pm
Forum: Wireless Networking
Topic: MIKROTIK RADIO (RB 532) FOR WIRELESS AND HOTSPOT
Replies: 8
Views: 2579

Re: MIKROTIK RADIO (RB 532) FOR WIRELESS AND HOTSPOT

All your desires can be achieved on RB532 but you will require an external proxy server for cache as there is not enough memory on the RB532 for web cache.
by skillful
Mon Aug 31, 2009 12:08 am
Forum: Scripting
Topic: Parent proxy
Replies: 4
Views: 3076

Re: Parent proxy

The fetch command is not available in ver 2.9.6. Upgrade to the latest version to use fetch.
by skillful
Tue Aug 25, 2009 12:48 am
Forum: Forwarding Protocols
Topic: IP SuperNeting.
Replies: 5
Views: 2303

Re: IP SuperNeting.

configure dynamic routing on all your routers using OSPF
by skillful
Sat Aug 22, 2009 10:19 pm
Forum: Forwarding Protocols
Topic: IP SuperNeting.
Replies: 5
Views: 2303

Re: IP SuperNeting.

if i reroute with the other router, i have hotspot set on the main router, therefore, other clients do not see the login page once one person logged in from each of the routers Remove all the masquerade NAT rules from all the internal routers. If you must use masquerade, configure it on the edge ro...
by skillful
Wed Aug 19, 2009 12:27 am
Forum: Scripting
Topic: [ask] still confusing
Replies: 5
Views: 1900

Re: [ask] still confusing

after that when we the person be able to reconnect with that same ip address
One week. The duration can be set in address-list-timeout
by skillful
Sat Aug 15, 2009 1:31 pm
Forum: General
Topic: Lockdown Hotspot Help
Replies: 4
Views: 1264

Re: Lockdown Hotspot Help

Felix's rules will block all packets from an interface named "vlan-interface" except those destined for TCP ports 25,53,110,443 and UDP port 53. Mind you, these people will not be able to browse the internet because TCP port 80 is not included in the list. To allow browsing, just include p...
by skillful
Thu Aug 13, 2009 3:58 pm
Forum: The User Manager
Topic: authentication pin with mikrotik
Replies: 6
Views: 4536

Re: authentication pin with mikrotik

In addition to that, you can edit the login.html file, change "login" to "pin" and then hide the password field.
by skillful
Wed Aug 12, 2009 5:41 pm
Forum: Scripting
Topic: Finding a string in comment
Replies: 3
Views: 2775

Re: Finding a string in comment

Try
/ip route get [find comment="FailOver"]
by skillful
Sun Aug 09, 2009 12:49 am
Forum: Beginner Basics
Topic: limit hotspot user
Replies: 1
Views: 898

Re: limit hotspot user

You have to disable transparent proxy in the hotspot user profile. Alternatively, you may add those rule to the web-proxy Access rule.
by skillful
Sat Aug 08, 2009 12:15 pm
Forum: Forwarding Protocols
Topic: Multicast
Replies: 4
Views: 2885

Re: Multicast

Disable default forward on your wireless interface and use firewall to block CPE to CPE communication. The excess traffic your are seeing on wlan1 might just be communication amount CPEs connected to the AP.
by skillful
Sun Aug 02, 2009 9:32 pm
Forum: General
Topic: Update an Problem with License
Replies: 2
Views: 1362

Re: Update an Problem with License

Make sure the router board is connected to the internet then update the license in system->license->update license key.
by skillful
Mon Jul 13, 2009 10:01 pm
Forum: General
Topic: block static ip users and allow dchp users
Replies: 5
Views: 16195

Re: block static ip users and allow dchp users

I would like to know how to do the following: 1.allow only dhcp users to access the internet and block any ip that is not issues by the dhcp server. Kind regards LM 1. Set arp=reply-only on the interface your customers are connecting to. 2. Set add-arp=yes for the DHCP-Server. With these two settin...
by skillful
Sat Jul 11, 2009 10:17 pm
Forum: Beginner Basics
Topic: routerboard 433 and r52n
Replies: 3
Views: 1688

Re: routerboard 433 and r52n

To use "n" you must update your ROS license. In winbox, go to system -->license and click on "Update License Key" botton. Reboot the router and the R52n card should appear in wireless interface.
by skillful
Fri Jul 03, 2009 10:44 am
Forum: General
Topic: 4.0 beta 3 dont' working find address command
Replies: 4
Views: 1886

Re: 4.0 beta 3 dont' working find address command

Try,
:put [/ip firewall address-list find address=192.168.1.100/32]
by skillful
Mon Jun 29, 2009 9:42 pm
Forum: General
Topic: Can we PLEASE leave the menu orders ALONE?
Replies: 30
Views: 7944

Re: Can we PLEASE leave the menu orders ALONE?

The only constant in life is change. When change comes, do not resist it.
by skillful
Sun Jun 28, 2009 3:27 pm
Forum: General
Topic: RB133 Ethernet Speed to 10M
Replies: 2
Views: 978

Re: RB133 Ethernet Speed to 10M

To force 10mbps, you must also disable anto-negotiation
/interface ethernet
set ether1 speed=10Mbps auto-negotiation=no
by skillful
Sun Jun 28, 2009 3:05 pm
Forum: RouterBOARD hardware
Topic: Can the IA/MP4 handle 3 XR2 cards?
Replies: 1
Views: 876

Re: Can the IA/MP4 handle 3 XR2 cards?

Any system that cannot handled SR2 cards will not handle XR2 cards by implication. XR2 cards consumes more resources and radiates more power than SR2 cards.
by skillful
Sun Jun 28, 2009 2:37 pm
Forum: The User Manager
Topic: user manager configuration
Replies: 4
Views: 2702

Re: user manager configuration

Connect to http://myrouter-ip/userman NOT http://myrouter-ip/username

See post by Girts above
by skillful
Sun Jun 28, 2009 2:26 pm
Forum: The User Manager
Topic: Userman 4.0 Is ready to use ?
Replies: 3
Views: 1770

Re: Userman 4.0 Is ready to use ?

Usermanager 4 is still in the alpha stage. Mikrotik had consistently stated that it is not ready and should not be used in a production environment.
by skillful
Sun Jun 28, 2009 2:06 pm
Forum: Beginner Basics
Topic: all clients shown on winbox.
Replies: 4
Views: 1623

Re: all clients shown on winbox.

Routing is better especially if you don't have any compelling reasons to bridge. Routing removes the high network overhead associated with bridging and also gives the customer the freedom to choose the IP addressing scheme they want to use on their local network.
by skillful
Sat Jun 27, 2009 1:03 am
Forum: Beginner Basics
Topic: all clients shown on winbox.
Replies: 4
Views: 1623

Re: all clients shown on winbox.

Are you bridging the wlan and the ethernet interfaces of the customers CPEs? This type of issue is unavoidable in a bridge network. If you route packets between the wireless and ethernet interfaces of your CPEs, the issue will disappear.
by skillful
Thu Jun 25, 2009 10:48 pm
Forum: Beginner Basics
Topic: Editing Firewall rule set questions
Replies: 2
Views: 4083

Re: Editing Firewall rule set questions

Using Winbox, you should first sort the rules by clicking on the "#" tab then simply drag the rule to whatever place you want. You can depress the "ctrl" or "shift" keys to select more than one rule. From Console,telnet and ssh, you must first issue the print command to...
by skillful
Thu Jun 25, 2009 10:19 pm
Forum: Beginner Basics
Topic: NAT setup Questions
Replies: 5
Views: 1819

Re: NAT setup Questions

I understand most of this and will give it a try.

The piece I don't understand is the src-address-list=port-knock
My error! Pls just delete that part of the code, it was meant for something else. I will modify my original code accordingly.
by skillful
Thu Jun 25, 2009 4:49 pm
Forum: Beginner Basics
Topic: NAT setup Questions
Replies: 5
Views: 1819

Re: NAT setup Questions

In that case, you can use the name of your public interface instead of the IP address. Replace "dst-address=x.x.x.x" with "in-interface=name-of-your-public-interface"
by skillful
Thu Jun 25, 2009 12:11 pm
Forum: Beginner Basics
Topic: NAT setup Questions
Replies: 5
Views: 1819

Re: NAT setup Questions

Two NAT rules are required to accomplish your desires. /ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=20010 dst-address=x.x.x.x protocol=tcp to-addresses=192.168.1.10 to-ports=22 add action=dst-nat chain=dstnat disabled=no dst-port=20011 dst-address=x.x.x.x protocol=tcp to-add...
by skillful
Thu Jun 25, 2009 11:49 am
Forum: General
Topic: arp of hotspot
Replies: 6
Views: 1926

Re: arp of hotspot

You have to set
address-pool=none
for the hotspot server in /ip hotspot
/ip hotspot
print
set 0 address-pool=none
by skillful
Thu Jun 25, 2009 12:52 am
Forum: Beginner Basics
Topic: Polling in a P-MP Outdoor Network
Replies: 3
Views: 1378

Re: Polling in a P-MP Outdoor Network

Yes, the Mikrotik ROS support wireless polling via its Nstreme protocol. This is a proprietary protocol which is not compatible with other vendor's implementation.
by skillful
Tue Jun 23, 2009 9:52 pm
Forum: Beginner Basics
Topic: winbox is vertically challenged
Replies: 2
Views: 1960

Re: winbox is vertically challenged

You will also need the new winbox loader V2.2.15. It can be downloaded from your router after upgrading to ROS ver 3.25
by skillful
Tue Jun 23, 2009 9:01 pm
Forum: Beginner Basics
Topic: hotspot dhcp
Replies: 1
Views: 994

Re: hotspot dhcp

Yes, it is possible.

Setup hotspot, make sure to set address-pool=your-ip-pool and addresses-per-mac=2
by skillful
Thu Jun 11, 2009 1:01 am
Forum: Scripting
Topic: mrz help
Replies: 6
Views: 1735

Re: mrz help

what about
/queue simple move [find name="SQ1"] 0
?
It doesn't work no more in version 3.24. See http://forum.mikrotik.com/viewtopic.php?f=9&t=18841
by skillful
Sat Jun 06, 2009 6:10 pm
Forum: Scripting
Topic: HotSpot Problem cookies
Replies: 3
Views: 3280

Re: HotSpot Problem cookies

add the following to your do loop after the "remove" command do={/ip hotspot cookie remove [find user=[/ip hotspot user get $i name]]} There is an inherent weakness in you script. What happens within the first minute of login? You script will forcefully logout the user and remove his cookie.
by skillful
Thu Jun 04, 2009 10:46 pm
Forum: Beginner Basics
Topic: Noob question
Replies: 1
Views: 933

Re: Noob question

Mikrotik R52 wifi card is more than adequate for that distance.
by skillful
Wed Jun 03, 2009 9:25 pm
Forum: Beginner Basics
Topic: No such item bug
Replies: 1
Views: 1884

Re: No such item bug

Specify the number to remove on the same line with the remove command. Try:
/ip address pr
/ip address remove 3
by skillful
Wed Jun 03, 2009 9:09 pm
Forum: Forwarding Protocols
Topic: OSPF redistributed connected route removal
Replies: 5
Views: 2631

Re: OSPF redistributed connected route removal

Yes, you have to set disable-running-check=no for OSPF to in that manner.

disable-running-check is only available via CLI.

I don't have RB493Ah but I am running ROS ver. 3.24 on X86 and disable-running-check=no is available.
by skillful
Wed Jun 03, 2009 8:57 pm
Forum: The User Manager
Topic: DHCP server with MAC filtering
Replies: 8
Views: 27957

Re: DHCP server with MAC filtering

But is there any defense if person who tries to connect to my network input static address in Local Area Connection and he gets my network resources. If you are using unmanaged switch he get as far as the broadcast domain of the switch he connects to. Beyond that, the router will block him. Only ma...
by skillful
Tue Jun 02, 2009 3:15 pm
Forum: Scripting
Topic: Moving Static Queue Above Dynamic Queues
Replies: 59
Views: 32931

Re: Moving Static Queue Above Dynamic Queues

Queues are sorted by the first column. I get the same result in terminal when I issue command "/queue print without-paging"

When downgrade to version 3.23 and the script works as expected.
by skillful
Mon Jun 01, 2009 7:49 pm
Forum: Scripting
Topic: Moving Static Queue Above Dynamic Queues
Replies: 59
Views: 32931

Re: Moving Static Queue Above Dynamic Queues

Yes. it works but not with the expected result. Instead of moving the queue to #0, it is moved to the end.
by skillful
Mon Jun 01, 2009 11:18 am
Forum: Scripting
Topic: Moving Static Queue Above Dynamic Queues
Replies: 59
Views: 32931

Re: Moving Static Queue Above Dynamic Queues (FIXED)

This is broken again in ver3.24!

Any comments on this from the Mikrotik squad?
by skillful
Fri May 29, 2009 12:13 pm
Forum: General
Topic: VOIP QOS and Traffic Shaper
Replies: 7
Views: 2752

Re: VOIP QOS and Traffic Shaper

Any suggestions on a consultant?

Thanks
list of consultants
by skillful
Thu May 28, 2009 1:30 am
Forum: Scripting
Topic: Moving Static Queue Above Dynamic Queues
Replies: 59
Views: 32931

Re: Moving Static Queue Above Dynamic Queues (FIXED)

This issue had been fixed in ROS 3.11. This script
/queue simple move [find name="cached"] 0
now works as expected.

Many thanks to the Mikrotik team for this fix.

This is broken again in ver3.24!
by skillful
Tue May 26, 2009 4:21 pm
Forum: The User Manager
Topic: Question about 4.3b and user credits
Replies: 7
Views: 2353

Re: Question about 4.3b and user credits

I have ver 4.03beta on RB433H and it is still there.


userman.JPG
by skillful
Tue May 26, 2009 1:34 am
Forum: The User Manager
Topic: Question about 4.3b and user credits
Replies: 7
Views: 2353

Re: Question about 4.3b and user credits

You have to create a credit with time set to 7d then assign this credit to the user under "prepaid" when creating users. You must also set "Uptime Limit" to zero (0)
by skillful
Sat May 23, 2009 2:38 pm
Forum: Beginner Basics
Topic: hotspot error
Replies: 1
Views: 743

Re: hotspot error

Post your hotspot config for us to see.
  • 1
  • 2