Community discussions

MUM Europe 2020

Search found 648 matches

by galaxynet
Wed Oct 30, 2019 4:54 pm
Forum: Wireless Networking
Topic: GrooveA Channel Width
Replies: 2
Views: 528

Re: GrooveA Channel Width

Thanks r00t.

Thom
by galaxynet
Wed Oct 30, 2019 1:55 am
Forum: Wireless Networking
Topic: GrooveA Channel Width
Replies: 2
Views: 528

GrooveA Channel Width

Does anyone know if the RBGrooveA-52HPn will do 10mhz channel width in 2ghz band? For the US version. I just bought a NetmetalAC version and only now see that it does NOT support 10mhz channels.... This should be upfront on a package, brochure, and the PDF file...…… Another piece of equipment headed...
by galaxynet
Sat Jan 26, 2019 5:01 pm
Forum: Wireless Networking
Topic: wAP 60G experience
Replies: 292
Views: 44203

Re: wAP 60G experience

Thanks for the inputs Rudy! I know that my issue seems to be a 'one off' experience but I thought since I can't seem to isolate the issue that's at work here that bringing it to the community and see what I may have missed here. I have my guys installing another new line. We'll install and test that...
by galaxynet
Fri Jan 25, 2019 11:14 pm
Forum: Wireless Networking
Topic: wAP 60G experience
Replies: 292
Views: 44203

Re: wAP 60G experience

I have three different cables leading to the area where this was happening. Tried all three - no go. Had three brand new gigabit PoEs w/me, two Mikrotik and one Ubi**** - also no go's. I am not new to the port flapping issue - been at this with MT for 15 years now. All my outdoor cables are shielded...
by galaxynet
Fri Jan 25, 2019 9:55 pm
Forum: Wireless Networking
Topic: wAP 60G experience
Replies: 292
Views: 44203

Re: wAP 60G experience

Morning everyone - I haven't posted in a while as most things Mikrotik have worked well within their inherent limitations - nonetheless is is great equipment for the price point and I don't think you can find anything more flexible to configure. With all that being said...I've been testing the 60g r...
by galaxynet
Thu Oct 27, 2016 12:23 pm
Forum: General
Topic: Multiple packet marks / connections marks
Replies: 7
Views: 5005

Re: Multiple packet marks / connections marks

Decsus - For part 'one' of your plan, take a look at how PCQ queues work in the manual/wiki. Essentially if you set a maximum bandwidth to a pcq queue then all connections through that queue will get equal portions of the available bandwidth, i.e. if you set the max at 15mbps and there are only 3 cl...
by galaxynet
Sun Oct 16, 2016 11:58 pm
Forum: Beginner Basics
Topic: iPhone SE unable to join wireless network
Replies: 4
Views: 1914

Re: iPhone SE unable to join wireless network

slimprize - You should have in your access list this: /interface wireless access-list> print Flags: X - disabled ****BEGIN**** 0 mac-address=00:00:00:00:00:00 interface=wlan signal-range=-120..120 authentication=yes forwarding=yes ap-tx-limit=0 client-tx-limit=0 private-algo=aes-ccm private-key="my-...
by galaxynet
Sun Oct 16, 2016 4:18 pm
Forum: Beginner Basics
Topic: script, routes from DHCP server
Replies: 2
Views: 794

Re: script, routes from DHCP server

rushlife - First - you can't delete dynamic routes...the system just won't let you. I take from your post you're just trying to mark connections/packets with route marks so what you probably want to do is just get the dynamic routes / gateways and copy them to a route table, i.e. wan1, wan2. Then yo...
by galaxynet
Sun Oct 16, 2016 2:55 pm
Forum: Beginner Basics
Topic: iPhone SE unable to join wireless network
Replies: 4
Views: 1914

Re: iPhone SE unable to join wireless network

slimprize - Hard to tell fro sure why your IPhone won't connect but here's a few things to check.... I noticed in your wireless interface export above that this setting isn't present meaning it's probably at a default setting: preamble mode. For Apple products it has to be set at: preamble-mode=long...
by galaxynet
Fri Oct 14, 2016 8:39 pm
Forum: Wireless Networking
Topic: Increase capacity for main linkns
Replies: 3
Views: 743

Re: Increase capacity for main linkns

myazdian - well you have several options available to you. 1) You can start by optimizing your singular links. No NAT, No Filters, disable multicast package. Utilize fast path. If your signal levels are in the -50 to -65 range and the noise floor is low enough you should be able to get a single link...
by galaxynet
Sat Oct 08, 2016 5:53 pm
Forum: Wireless Networking
Topic: design a full duplex...complete integrated....
Replies: 4
Views: 935

Re: design a full duplex...complete integrated....

saintofinternet - there are no full-duplex cards available. Anything like this would be pseudo full-duplex. That being said I use two triple chain cards w/three dual-pol antennas. One of the antennas I set at a 45 degree polarity angle. This allows the 3 chains to be on different polarities. Althoug...
by galaxynet
Thu Aug 25, 2016 8:17 pm
Forum: Wireless Networking
Topic: How much "Nstreme" you got ?
Replies: 9
Views: 6228

Re: How much "Nstreme" you got ?

"Best fit" would probably be ok with that setup. Once you have it in place watch the CPU usage.... If it gets too high switch over to none.

Thom
by galaxynet
Thu Aug 25, 2016 1:54 pm
Forum: Wireless Networking
Topic: How much "Nstreme" you got ?
Replies: 9
Views: 6228

Re: How much "Nstreme" you got ?

Framer policy affects how much the cpu gets involved in ordering the packets in to a jumbo frame. I found that policy=none saves cpu time, it also sends the packets out in the same order received. Best fit would probably my second choice if I had to make one. Which optoin is best depends on the cpu ...
by galaxynet
Mon Jan 04, 2016 6:35 pm
Forum: Beginner Basics
Topic: RB951 as switch and router
Replies: 4
Views: 909

Re: RB951 as switch and router

phoenixdreamer - Well looking at your diagram above, specifically the highlighted RB951-4: You said ether ports 1, 4, & 5 are in bridge1 You also say that ether ports 2-5 and WLan are in bridge2.... You can't have multiple ports has p/o two different bridges and expect it to work properly, in fact I...
by galaxynet
Tue Dec 29, 2015 1:21 am
Forum: Beginner Basics
Topic: Basic ip addressing use and bridge setup
Replies: 22
Views: 3992

Re: Basic ip addressing use and bridge setup

Martin - you might try posting in the Switch OS forum....

I have two of these and they are in a production environment so I don't want to fool w/them. Ordering some new ones in the new year, just don't have one on hand at the moment...

Thom
by galaxynet
Tue Dec 29, 2015 12:40 am
Forum: Beginner Basics
Topic: Basic ip addressing use and bridge setup
Replies: 22
Views: 3992

Re: Basic ip addressing use and bridge setup

Martin - A CRS226.... Well it would have been helpful to know that earlier..... I do not have a CRS handy to work this out with you on.... From what I remember though you have to assign the DHCP server to a port and VLAN (on that port) has to have the port you selected as being able to pass the traf...
by galaxynet
Mon Dec 28, 2015 11:59 pm
Forum: Beginner Basics
Topic: Basic ip addressing use and bridge setup
Replies: 22
Views: 3992

Re: Basic ip addressing use and bridge setup

Martin - did you manually setup the dhcp server or did you go through the 'dhcp setup' button under /dhcp server in winbox?

Which version of winbox are you using (2.xx I hope).

What is the hardware? RB951 or what?

Thom
by galaxynet
Mon Dec 28, 2015 11:36 pm
Forum: Beginner Basics
Topic: Basic ip addressing use and bridge setup
Replies: 22
Views: 3992

Re: Basic ip addressing use and bridge setup

What did you fix to make it work?

Thom
by galaxynet
Mon Dec 28, 2015 11:25 pm
Forum: Beginner Basics
Topic: Basic ip addressing use and bridge setup
Replies: 22
Views: 3992

Re: Basic ip addressing use and bridge setup

Ok Martin - we're headed in the right direction.... Let's add a dhcp server to ether2, then set your Mac to get a dhcp address.... If you can get that to work, then delete the dhcp server and /ip pool on the mikrotik. Add your bridge, you had ether 2 & 3 in it last time, do the same. Move your IP ad...
by galaxynet
Mon Dec 28, 2015 10:54 pm
Forum: Beginner Basics
Topic: Basic ip addressing use and bridge setup
Replies: 22
Views: 3992

Re: Basic ip addressing use and bridge setup

Sounds like all the ports are a slave of ether1.... Open the interfaces tab and check each ether port. I would suggest that for the moment that you set 'master port' to none on all interfaces.... Also - remember, you can't have the same ip block on two different interfaces (ports) w/o disabling one ...
by galaxynet
Mon Dec 28, 2015 10:24 pm
Forum: Beginner Basics
Topic: Basic ip addressing use and bridge setup
Replies: 22
Views: 3992

Re: Basic ip addressing use and bridge setup

Martin - ip dhcp-server network add address=172.16.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=172.16.1.1 Gateway should be 172.16.10.1....... It could also be a hardware issue. Can you set an IP address on a different port, w/o a bridge and connect the Mac for just a short test - to test the Mikroti...
by galaxynet
Mon Dec 28, 2015 9:53 pm
Forum: Beginner Basics
Topic: Connection between 2 Groove + Local network
Replies: 5
Views: 1454

Re: Connection between 2 Groove + Local network

Hi ggorbalan - Far be it from me to tell you how to setup your network but it does seem a bit convoluted..... If it were me I'd go straight routing instead of PTP to the second groove, but that's just me. You are going to have to inject routing in there somewhere to be able to get to your clients. O...
by galaxynet
Mon Dec 28, 2015 7:14 pm
Forum: Beginner Basics
Topic: Basic ip addressing use and bridge setup
Replies: 22
Views: 3992

Re: Basic ip addressing use and bridge setup

the add-arp and always-broadcast configurations shouldn't normally be required, especially the ARP item, since normal ARP behavior on the IP interface (BR-10) should dynamically discover the MAC addresses of the client devices. You'd only need this if your LAN was doing some type of filtering on br...
by galaxynet
Mon Dec 28, 2015 6:42 pm
Forum: Beginner Basics
Topic: Basic ip addressing use and bridge setup
Replies: 22
Views: 3992

Re: Basic ip addressing use and bridge setup

Martin - Even with a static IP in the range of 172.16.10.2 - 172.16.10.254 you should be able to ping 172.16.10.1 from either ether2 or ether3. What does /IP ARP in the Mikrotik show when you have a PC connected to either ether2 or 3 with a properly configured IP address? What does your static entry...
by galaxynet
Mon Dec 28, 2015 6:29 pm
Forum: Beginner Basics
Topic: Isolate specific LAN user, possible or not?
Replies: 1
Views: 604

Re: Isolate specific LAN user, possible or not?

Artec - I would probably use the /IP Firewall NAT feature, specifically dst-nat. Simply dst-nat, action=dst-nat chain=dstnat to-addresses=10.1.70.1 src-addr=10.30.0.1 This rule will only allow him to access 10.1.70.1, no matter what IP address he puts in..... Now if this user also accesses the Inter...
by galaxynet
Mon Dec 28, 2015 6:14 pm
Forum: Beginner Basics
Topic: Basic ip addressing use and bridge setup
Replies: 22
Views: 3992

Re: Basic ip addressing use and bridge setup

Martin
I don't see this complete entry, specifically arp and broadcast:
/ip dhcp-server
add add-arp=yes address-pool=default-dhcp always-broadcast=yes disabled=no \
interface=BR-10 lease-time=3d name=default


Thom
by galaxynet
Mon Dec 28, 2015 6:10 pm
Forum: Beginner Basics
Topic: Two interfaces with the same MAC, it is possible?
Replies: 2
Views: 717

Re: Two interfaces with the same MAC, it is possible?

rafa16277 -
What model Mikrotik?

Which port on the Mikrotik is connected to 'router from provider'?

Which other ports on the Mikrotik are connected to what?

You really didn't give us a lot of information to help you with....

Thom
by galaxynet
Mon Dec 28, 2015 6:02 pm
Forum: Beginner Basics
Topic: RB951 as switch and router
Replies: 4
Views: 909

Re: RB951 as switch and router

phoenixdreamer -
Without more info I am just guessing here - did you check the block under /Bridge, settings button to use the /IP Firewall?

You also didn't mention anything about routing or masquerading/src-nat in the firewall...more info would be helpful.

Thom
by galaxynet
Mon Dec 28, 2015 5:45 pm
Forum: Beginner Basics
Topic: L2TP/ipsec vpn, proxy-arp and address conflicts
Replies: 2
Views: 2569

Re: L2TP/ipsec vpn, proxy-arp and address conflicts

Sba -
I think you still need to keep the proxy-arp on. Secondly, when accessing different networks you can always use masq out the interface you need to use on your main router with the source address(s) being your VPN client and/or group.....
by galaxynet
Mon Dec 28, 2015 5:39 pm
Forum: Beginner Basics
Topic: Hotspot clients wont get online
Replies: 2
Views: 761

Re: Hotspot clients wont get online

Soap - You didn't give us much to go on here.... How about exporting your config and posting it here. Obfuscate any public IP addresses and of course any 'secrets' that might show up. Then someone can help you. Without IP addresses, firewall settings and your hotspot settings it is kinda of hard to ...
by galaxynet
Mon Dec 28, 2015 5:35 pm
Forum: Beginner Basics
Topic: Connection between 2 Groove + Local network
Replies: 5
Views: 1454

Re: Connection between 2 Groove + Local network

ggorbalan - You really haven't given enough information on your network. Obfuscating your internal IP addresses is not necessary.... Where is your gateway to the Internet? What is the internal IP address there? What is your 750gl doing? How about showing the IP addresses on that (the private ones, n...
by galaxynet
Mon Dec 28, 2015 5:20 pm
Forum: Beginner Basics
Topic: Static ip
Replies: 2
Views: 601

Re: Static ip

Snoopy86 -
Winbox, IP / DHCP-Server, go to the Leases tab. There you will see the leases for each client. Open the client(s) you want to give a 'static' dhcp address to, once that client is open you can select 'Make static'. From then on that client will always get that IP address....


Thom
by galaxynet
Mon Dec 28, 2015 5:15 pm
Forum: Beginner Basics
Topic: Basic ip addressing use and bridge setup
Replies: 22
Views: 3992

Re: Basic ip addressing use and bridge setup

Mamoman - Looks like you are missing a few components: The below is from RoS 6.33 DNS entries are bogus of course..... /ip pool add name=default-dhcp ranges=172.16.10.5-172.16.10.10 /ip dhcp-server add add-arp=yes address-pool=default-dhcp always-broadcast=yes disabled=no \ interface=BR-10 lease-tim...
by galaxynet
Mon Dec 14, 2015 6:39 pm
Forum: General
Topic: Eoip bonding question
Replies: 6
Views: 1429

Re: Eoip bonding question

There are a lot of ways to bond connections and there is a lot of hardware/software devices you can purchase that claim (I use claim because I have only used a very few, some worked, some didn't and even those early ones that did, did not load balance properly....) to be able to bond different Inter...
by galaxynet
Mon Dec 14, 2015 4:14 pm
Forum: General
Topic: Eoip bonding question
Replies: 6
Views: 1429

Re: Eoip bonding question

Pharrow - Bonding, bonds two ends of a connection together. You have to have Mikrotiks at both ends of the connection..... If you bring in four cable connections, two to each location (within your home) yes you could bond the connection from bedroom to bedroom, but not to the rest of the world. You ...
by galaxynet
Fri Dec 11, 2015 2:08 pm
Forum: Beginner Basics
Topic: Configure devices for farm network
Replies: 3
Views: 792

Re: Configure devices for farm network

Trolley - You will need to go to the Mikrotik Wiki and start putting the pieces together. Here is the generic setup.... 1) Since 'Main House' has the Internet connection and you are using the 'Machinery Shed' as basically a 'relay' then you will need to setup Main House as WDS AP-Bridge. Machinery S...
by galaxynet
Fri Dec 11, 2015 1:34 pm
Forum: Beginner Basics
Topic: Firewall Q: Bridged Network vs. Routed Subnets
Replies: 3
Views: 652

Re: Firewall Q: Bridged Network vs. Routed Subnets

DL7JP - I am surprised that a lot of folks haven't jumped all over this one...... It is really a matter of what works best for you. I've been at this stuff for years, even before there was the 'real' Internet. The debate has raged on about routed vs 'smart' bridges as to what is quicker, provides a ...
by galaxynet
Fri Dec 11, 2015 1:18 pm
Forum: Beginner Basics
Topic: Using basebox2 as AP and sxt-lite2 as station but no connection is being established
Replies: 1
Views: 440

Re: Using basebox2 as AP and sxt-lite2 as station but no connection is being established

shyamjadhav05 - to help you out we need a look at your config in both boxes.... Go in to terminal mode from winbox..... type: /ip firewall nat [return] /export [return] Now copy that to a file (using notepad or something like that). Next type: /ip route [return] /export [return] Copy this output to ...
by galaxynet
Fri Dec 11, 2015 1:03 pm
Forum: General
Topic: Eoip bonding question
Replies: 6
Views: 1429

Re: Eoip bonding question

1) What is a 'local' environment? 2) You first speak about your company and then your home, what is it you are trying to do? Bond a connection from your home to the company and back or what? 3) Never had any real luck doing bonding w/dynamic IP addresses. Static public IP addresses - no problem bond...
by galaxynet
Fri Dec 11, 2015 12:31 pm
Forum: General
Topic: Different Subnet will not ping
Replies: 6
Views: 683

Re: Different Subnet will not ping

'Similar to' is not the same as 'exactly like'. With that being said, post an export of your firewall settings and we'll help. Without it, it's a waste of time to try and guess exactly what you have there.

Thom
by galaxynet
Thu Dec 10, 2015 9:39 pm
Forum: General
Topic: X-Connect help
Replies: 1
Views: 317

Re: X-Connect help

Drop me a line at the email address in my signature below. Let's see how much help you need.

Thom
by galaxynet
Thu Dec 10, 2015 9:36 pm
Forum: General
Topic: Different Subnet will not ping
Replies: 6
Views: 683

Re: Different Subnet will not ping

Just taking a stab in the dark that your filter rule(s) are the ones blocking this so here is a snippet that you would put in the /ip firewall filter table: /ip firewall filter add chain=forward disabled=no src-address=192.168.254.0/24 add chain=forward disabled=no dst-address=192.168.254.0/24 Somew...
by galaxynet
Thu Dec 10, 2015 9:31 pm
Forum: General
Topic: bandwidth control for specific IPs
Replies: 1
Views: 300

Re: bandwidth control for specific IPs

Here is the snippet: /ip firewall mangle add action=mark-connection chain=forward disabled=no new-connection-mark=/27 \ src-address=192.168.2.32/27 add action=mark-packet chain=forward connection-mark=/27 disabled=no \ new-packet-mark=/27 You have to use your own connection mark/packet mark verbiage...
by galaxynet
Tue Dec 08, 2015 9:06 pm
Forum: General
Topic: VPN Setup Brick Wall :-?
Replies: 2
Views: 494

Re: VPN Setup Brick Wall :-?

I just src-nat using the masquerade function of the src-nat facility. I make the dst-addr the address of the VPN and also the out-interface the PPTP (VPN) interface. That seems to do the trick just fine for me.

Thom
by galaxynet
Tue Dec 08, 2015 5:22 pm
Forum: General
Topic: 2 Wan Load Balancing
Replies: 3
Views: 1727

Re: 2 Wan Load Balancing

Just some observations on your PCC config Nic335... Not sure which way you are 'expecting' traffic to originate, e.g., are there servers behind your router that you expect to have publicly accessible IP addresses or is this pretty much 'users' going to the Internet through your router. It doesn't ma...
by galaxynet
Thu Jun 25, 2015 10:59 pm
Forum: General
Topic: uplink router using PCC
Replies: 4
Views: 1052

Re: uplink router using PCC

Undecided - First thing I noticed was that you mark your connections and then add a routing mark, what I didn't see was whether or not passthrough was enabled as each connection was evaluated....this is important. Second thing I noticed was that you have no /ip route rules listed.... Not sure how yo...
by galaxynet
Tue Mar 03, 2015 5:57 am
Forum: Announcements
Topic: RouterOS v6.27 released
Replies: 273
Views: 102328

Re: RouterOS v6.27 released

Support - Just as a follow-up to my ticket, I reverted to just the wireless package (disabled the wireless-fp package) no issues with running bandwidth tests or having the RB get rebooted by the ping watchdog. So it is definitely something with either the .AC card and/or the wireless-fp package. Tha...
by galaxynet
Sun Mar 01, 2015 12:49 pm
Forum: Announcements
Topic: RouterOS v6.27 released
Replies: 273
Views: 102328

Re: RouterOS v6.27 released

For anyone with the same issues. I have contacted support. I expect to hear from them soon. Below is an excerpt of what was sent. I have a RB912UAG-5HPnD w/a Mikrotik 802.ac card with ROS 6.27 installed with the wireless-fp package active. I have attached the autosupout.rif file. 1) After a ping wat...
by galaxynet
Sat Feb 14, 2015 4:07 pm
Forum: Announcements
Topic: RouterOS v6.27 released
Replies: 273
Views: 102328

Re: RouterOS v6.27 released

Well I was able to resolve my own issue. I was upgrading units from 5.26 to 6.27 and got this as an error: "routerboard-6.27-mipsbe.npk - package missing " That is what package update is telling me when I tried downloading the latest update. The solution was to upgrade to an earlier version of 6. In...
by galaxynet
Fri Feb 13, 2015 9:16 pm
Forum: Announcements
Topic: RouterOS v6.27 released
Replies: 273
Views: 102328

Re: RouterOS v6.27 released

routerboard-6.27-mipsbe.npk - package missing is what ROS tells me from the Winbox /system packages download.

It is not I who is telling 'you' its missing, it's ROS telling me it's missing.
by galaxynet
Fri Feb 13, 2015 8:22 pm
Forum: Announcements
Topic: RouterOS v6.27 released
Replies: 273
Views: 102328

Re: RouterOS v6.27 released

routerboard-6.27-mipsbe.npk - seems that this package is missing....

Both in the zip file for download on the 'download' page and via packages 'update' under ROS.....

Thom
by galaxynet
Thu Nov 13, 2014 2:10 pm
Forum: General
Topic: Open DNS Resolver
Replies: 8
Views: 10006

Re: Open DNS Resolver

You are welcome.

Thom
by galaxynet
Thu Aug 21, 2014 10:32 pm
Forum: General
Topic: RB951-2hdn - bricked
Replies: 9
Views: 1731

Re: RB951-2hdn - bricked

Thanks Normis - I'll be in touch in the next day or so.

Thom
by galaxynet
Tue Aug 19, 2014 5:17 pm
Forum: General
Topic: RB951-2hdn - bricked
Replies: 9
Views: 1731

Re: RB951-2hdn - bricked

The distributor would not issue an RMA to me to return the units - hence why I am perturbed over this. I can't supply them with a supout.rif file and the units are over 30 days since purchase..... It just seems pretty damn odd that these units failed and the thousands of RBs I have out in the field,...
by galaxynet
Tue Aug 19, 2014 4:50 pm
Forum: General
Topic: RB951-2hdn - bricked
Replies: 9
Views: 1731

Re: RB951-2hdn - bricked

Not to be 'snipity' Normis but where would such a spike come from on the ethernet port? One Ethernet port of this unit was connected to a RB411 Ethernet port. The only other used port was connected to a PC. Both the PC and the RB411 are fine - no issues. I use shielded cable with the drain wires con...
by galaxynet
Tue Aug 19, 2014 4:29 pm
Forum: General
Topic: RB951-2hdn - bricked
Replies: 9
Views: 1731

Re: RB951-2hdn - bricked

To answer the posed questions: This is a 951-2n indoor unit w/5 ethernet ports and no USB or serial port. I have used both older and the newest netinstall versions along with ROS versions 5.24, 5.25, 5.26, 6.2, 6.14, and 6.17. With Netinstall; I get it showing Ready for the RB in the status window, ...
by galaxynet
Mon Aug 18, 2014 10:00 pm
Forum: General
Topic: RB951-2hdn - bricked
Replies: 9
Views: 1731

RB951-2hdn - bricked

I am getting more than a little perturbed over the trend I am seeing w/regards to RB951 models 'bricking' after what is assumed to be a power 'spike'. I have had three now that have bricked themselves, two I was able to recover the first time. When it happened a second time the two I was able to rec...
by galaxynet
Fri Mar 28, 2014 3:56 pm
Forum: General
Topic: Open DNS Resolver
Replies: 8
Views: 10006

Re: Open DNS Resolver

Sure - try this: go to /ip firewall filter. Add rule, chain=input in-interface=the Public side interface protocol=udp dst port=53 action=drop Then add, chain=input in-interface=the Public side interface protocol=tcp dst port=53 action=drop These rules will drop any query to you public side interface...
by galaxynet
Thu Aug 15, 2013 4:02 pm
Forum: General
Topic: Rate Limit Setting
Replies: 9
Views: 5696

Re: Rate Limit Setting

farazhamzaa - Hotspot default queue type is hotspot-default and that is an SFQ type..... I recommend you set the queue type to 'default'. Then go to the 'queue type' tab and open default and make sure it has 50 to 100 packets as the size. This should make your queue scheme work much closer to what y...
by galaxynet
Tue Aug 13, 2013 9:01 pm
Forum: General
Topic: Rate Limit Setting
Replies: 9
Views: 5696

Re: Rate Limit Setting

farazhamzaa - What type of queue are you using? pfifo, pcq, or what? The 17 second period you are seeing is 'longest-burst-time' in action. longest-burst-time = burst-threshold * burst-time / burst-limit, substituting your numbers in gives us; longest-burst-time = 500000 * 60 / 1800000 longest-burst...
by galaxynet
Tue Aug 13, 2013 4:40 pm
Forum: General
Topic: Rate Limit Setting
Replies: 9
Views: 5696

Re: Rate Limit Setting

Farazhamzaa Your requirements: 256k/1800k and after 30 second the move back to limit at 256k/900k Using your initial example of; 256k/1800k and after 30 second the move back to limit at 256k/900k, let's look at what should happen. What I understand your setup to be is Limit-at=256k Max-limit=900k Bu...
by galaxynet
Mon Aug 12, 2013 4:37 pm
Forum: General
Topic: Dual NAT for two subnets on a single interface
Replies: 1
Views: 838

Re: Dual NAT for two subnets on a single interface

noob - I see a number of issues, you're all over the map on this config. Is there a reason you have a bridge interface? Seems to me that you don't need one. Since you have a bridge (currently) w/only ether1 in it, you need to enable the firewall rule set for bridge. You also need to add 'stuff' to t...
by galaxynet
Mon Aug 12, 2013 3:49 pm
Forum: General
Topic: Rate Limit Setting
Replies: 9
Views: 5696

Re: Rate Limit Setting

farazhamzaa - I know what you are seeing is confusing in regards to the Burst limitation. Read this and see if it helps you understand what all the settings mean. It also has a graphical representation of what is happening. If that does not help post back and I'll see if I can add some additional ex...
by galaxynet
Mon Aug 05, 2013 10:46 pm
Forum: General
Topic: Routing PPP/PPTP/L2TP etc.. interfaces over specific Gateway
Replies: 1
Views: 869

Re: Routing PPP/PPTP/L2TP etc.. interfaces over specific Gat

Downlots:
You should be able to use the interface as the gateway instead of an IP address to force the VPN/L2TP out a particular interface. Everything else would be the same.

Thom
by galaxynet
Mon Aug 05, 2013 3:55 pm
Forum: General
Topic: v6.2 bug
Replies: 8
Views: 2979

Re: v6.2 bug

Hi Rudy!
Did you try adding the IP like this from the terminal:

/ip address add address=10.128.23.4 netmask=255.255.255.0 network=10.128.23.0 interface=bridge1

Use the correct IPs of course.

Thom
by galaxynet
Sun Aug 04, 2013 3:48 pm
Forum: General
Topic: v5.25 + bonding 50% slower
Replies: 2
Views: 1712

Re: v5.25 + bonding 50% slower

I had something similar happen recently. The bonded router in my NOC said the ethernet port had successfully negotiated a 100mbps full duplex connection. My switch (8 feet of CAT6 cable) said it also had negotiated a 100mbps full duplex connection. But when I looked at the switch stats it was showin...
by galaxynet
Fri Jun 28, 2013 11:12 pm
Forum: General
Topic: Eoip
Replies: 2
Views: 1114

Re: Eoip

I'd start by taking the EoIP tunnel out of the bridge. Next, from what I recall in regards to EoIP tunnels, first you have to use a mac address that does not belong to the interface, this range has been designated as non-public MAC addresses suitable for private use; 00:00:5E:80:xx:xx I don't rememb...
by galaxynet
Mon May 27, 2013 3:09 pm
Forum: General
Topic: L2TP Tunnel drops
Replies: 0
Views: 382

L2TP Tunnel drops

I've been using L2TP tunnels for quite some time now in bonding multiple lines to form larger data 'pipes'. It has worked very well until of late. I had to replace an aging PC based router. I tried using the older ROS 2.9.50 but the PC was too new and wouldn't run properly with it so I ended up upgr...
by galaxynet
Thu Sep 20, 2012 4:37 pm
Forum: RouterBOARD hardware
Topic: Bonding 5 ADSL lines
Replies: 4
Views: 2933

Re: Bonding 5 ADSL lines

You can try looking at this old post from ChangeIP. I used something similar in a few locations and it works well for bonding DSL lines, provided of course the lines are not too heavily contended. The bonding scenario was developed with ROS 2.9 but should only require slight modifications under ROS ...
by galaxynet
Sun Feb 19, 2012 3:06 pm
Forum: RouterBOARD hardware
Topic: RB751U-2Hn frequent (daily) reboots
Replies: 111
Views: 74683

Re: RB751U-2Hn frequent (daily) reboots

Upgraded to ROS 5.13 - 24 hours ago...so far so good.
by galaxynet
Fri Feb 17, 2012 1:29 am
Forum: RouterBOARD hardware
Topic: RB751U-2Hn frequent (daily) reboots
Replies: 111
Views: 74683

Re: RB751U-2Hn frequent (daily) reboots

I am seeing the same thing at present...very annoying. This is a brand new unit - 5 days old. Have ROS 5.12 on it w/the latest firmware 2.38 installed. Card TX set to default, setup as a 'standard' router type device, (client) ether1->wlan--><- wlan (AP) ether1 ->Internet, it's the client radio. Thom
by galaxynet
Mon Nov 21, 2011 4:22 pm
Forum: Beginner Basics
Topic: why low speed in file transfer
Replies: 7
Views: 4216

Re: why low speed in file transfer

dacr33d - First, which version of ROS are you using? Second, did you update the firmware for the board (/system routerboard [enter] then type print [enter] to see the firmware version) Go to (winbox) Wireless menu, go to the Registration tab. Click on the 'radio' you are associated with. Go to the S...
by galaxynet
Fri Oct 21, 2011 1:49 am
Forum: General
Topic: Double replies to ping
Replies: 1
Views: 1256

Re: Double replies to ping

For all of you wanting to know why this is happening...read on. I had originally removed the 'el-cheapo' switch I had had in place between the two DSL lines and my 'main' router Ethernet interface when I installed the new RB493 because I had set a number of Ethernet ports on the RB493 to emulate swi...
by galaxynet
Tue Oct 04, 2011 5:19 pm
Forum: General
Topic: Double replies to ping
Replies: 1
Views: 1256

Double replies to ping

Well this is a weird one...two replies to the same ping request sent. Have an RB493, with ROS 5.7 and the firmware is upgraded to the latest version as well. eth ports 3, 4, & 5 are set with eth2 as their 'master' port - in other words, 2, 3, 4, & 5 are set up as a switch. Eth2 has two IP blocks. xx...
by galaxynet
Thu Mar 24, 2011 4:25 pm
Forum: Wireless Networking
Topic: data rates / basic rates setting best practise
Replies: 10
Views: 11913

Re: data rates / basic rates setting best practise

Multicast = general router 'housekeeping' / networking tasks such as exchanging routing information. etc. Ubiquiti - from what I read regarding their implementation, has allowed a departure from the standard and allows the 'user' (you) to select at what speed the Ubiquiti will attempt to exchange mu...
by galaxynet
Wed Mar 24, 2010 2:05 pm
Forum: Beginner Basics
Topic: RB112 and RouterOS 3.30 - disable TLS - for SMTP how?
Replies: 7
Views: 1218

Re: RB112 and RouterOS 3.30 - disable TLS - for SMTP how?

sergejs - The last I read the new userman is still in beta, and I am still seeing several posts regarding issues with it. So until userman is stable under ROS 4.x then I won't be switching the couple of units that are the base Usermanagers for a couple networks over to ROS 4.x Hope that answers your...
by galaxynet
Tue Mar 09, 2010 3:31 pm
Forum: Beginner Basics
Topic: RB112 and RouterOS 3.30 - disable TLS - for SMTP how?
Replies: 7
Views: 1218

Re: RB112 and RouterOS 3.30 - disable TLS - for SMTP how?

I don't want to upgrade to 4.6 - it isn't stable enough for me to upgrade a few thousand units.

'You' guys broke smpt after 3.24, so why can't you go back and fix it?

When ROS 4.x is stable enough - I'll switch over.
by galaxynet
Sun Mar 07, 2010 4:42 pm
Forum: Beginner Basics
Topic: RB112 and RouterOS 3.30 - disable TLS - for SMTP how?
Replies: 7
Views: 1218

Re: RB112 and RouterOS 3.30 - disable TLS - for SMTP how?

sergejs - Chris, please clarify your issue. Post us screenshot as well. Sergejs - show a screen shot of what? Steger is correct, I am using a Linux box for my mail server and have RBs all around the world sending email via a mail server. Now that ROS 3.30 uses TLS the RBs seem to want to answer the ...
by galaxynet
Wed Dec 23, 2009 8:55 pm
Forum: Beginner Basics
Topic: mangle rule weirdness
Replies: 4
Views: 624

Re: mangle rule weirdness

rmichael

You may also want to read this discussion on connection/packet marking - very helpful when starting out with MT.


http://forum.mikrotik.com/viewtopic.php?f=2&t=37694
by galaxynet
Wed Dec 23, 2009 8:46 pm
Forum: Beginner Basics
Topic: mangle rule weirdness
Replies: 4
Views: 624

Re: mangle rule weirdness

rmichael -

If you follow the 'mark connection' rule with a mark packet(s) rule then the packets in both directions will be marked.

At that point you can then you use the packet mark to manipulate the data stream as you see fit.

Thom
by galaxynet
Thu Jul 16, 2009 5:21 pm
Forum: RouterBOARD hardware
Topic: RB133 firmware/bootloader - where to find
Replies: 4
Views: 8303

Re: RB133 firmware/bootloader - where to find

Thanks MRZ, but as I said the webpage would not load correctly so I could NOT get to the part of the webpage I needed. I know how to do it, just couldn't 'get there from here' as it were...... That's why I asked for the direct link - which you provided.

Thanks.

R/
by galaxynet
Thu Jul 16, 2009 4:25 pm
Forum: RouterBOARD hardware
Topic: RB133 firmware/bootloader - where to find
Replies: 4
Views: 8303

RB133 firmware/bootloader - where to find

Went to this site: http://routerboard.com/ and all that shows up is the RB433 series, and in Internet Explorer it shows an 'error' on page' with a missing object.... Kind of hard to get the firmware without getting a full webpage. So MT, how about a direct link to the RB133 latest firmware? In fact ...
by galaxynet
Tue Jul 14, 2009 12:54 pm
Forum: The Dude
Topic: firewall rule to allow SNMP traffic
Replies: 4
Views: 3402

Re: firewall rule to allow SNMP traffic

schiele - Well sir you sure know how to make it interesting.... :) I do not believe that What's UP Gold will allow different ports for SNMP. Since you do not have multiple public IP addresses then you'll need to pursue the VPN route. To do that though you will have to make different IP or VPN networ...
by galaxynet
Mon Jul 13, 2009 5:17 pm
Forum: The Dude
Topic: firewall rule to allow SNMP traffic
Replies: 4
Views: 3402

Re: firewall rule to allow SNMP traffic

schiele - How do you plan to reach the 5 APs? Do they have a public IP address? If no, then there are a couple of possibilities...you could have a VPN connection to the Hotspot controller from your SNMP server, that would give it 'local' access to the 5 APs through the Hotspot controller LAN IP addr...
by galaxynet
Mon Jul 13, 2009 5:01 pm
Forum: Wireless Networking
Topic: RB600 log
Replies: 1
Views: 430

Re: RB600 log

kurd - Not enough information.... What version of ROS (i.e. 3.13 or 3.24, etc) are you using? What are you using for your PoE voltage to run the RB600? You really can not use four 2.4ghz channels and not have a lot of issues with dropped connections, lost beacons, disconnect due to extensive data, e...
by galaxynet
Mon Jul 13, 2009 4:55 pm
Forum: General
Topic: MAC address block for pppoe clients
Replies: 6
Views: 6184

Re: MAC address block for pppoe clients

raktim -

First - upgrade to ROS 3.24, and be sure to upgrade the firmware as well after the ROS upgrade.

Second, try dropping them in the pre-routing chain instead of the forward chain.


R/
by galaxynet
Mon Jul 13, 2009 4:50 pm
Forum: Beginner Basics
Topic: help with basic setting with dhcp
Replies: 3
Views: 1147

Re: help with basic setting with dhcp

gabak - It's an ugly way to do it but you can simply bridge wlan, eth1 and eth2 in the same bridge port. While there enable the IP firewall for the bridge. Then you can set all your firewall rules in the regular firewall and they will work.... Once that's done, you assign the IP address to the bridg...
by galaxynet
Mon Jul 13, 2009 4:44 pm
Forum: Beginner Basics
Topic: how to restrict certain users on internet
Replies: 2
Views: 648

Re: how to restrict certain users on internet

clarkstyx - Yes there sure is.... Go to the MT manual, look up the Firewall section - specifically mangle. There it will give you examples on how to mark connections/packets. Once you have the packets marked, proceed over to the Queue portion of the MT manual, there it gives examples on how to limit...
by galaxynet
Mon Jul 13, 2009 4:40 pm
Forum: General
Topic: problem with hotmail
Replies: 2
Views: 455

Re: problem with hotmail

Ibersystems - Well just in general, you said you only disabled one dsl line - it looks like there are two that are 'unknown' above. Next, it looks like you are still marking connections for all three dsl lines. Lastly - there have been reports of issues with Hotmail and PPoE...something to look in t...
by galaxynet
Mon Jul 13, 2009 4:14 pm
Forum: General
Topic: block static ip users and allow dchp users
Replies: 5
Views: 9429

Re: block static ip users and allow dchp users

murimi - There are a couple ways that come to mind - like Hotspot and Usermanager. The simplest is probably use the DHCP server and bind the MAC addresses to a particular IP address, that way whenever they are on they will always get the same IP - and if they go static on you then it should block th...
by galaxynet
Wed Jul 01, 2009 11:54 pm
Forum: General
Topic: Routing help
Replies: 2
Views: 530

Re: Routing help

IGadget -
The simple answer is in the routing table;

100.100.100.160/27 or 28 or 29 , depends on how many IPs you want to route over to the other building, GW=172.16.0.2 (LAN interface of building 2). At building 2 you can either use NAT or put the public IPs on one of your interfaces.


R/
by galaxynet
Wed Jul 01, 2009 11:12 pm
Forum: General
Topic: How to Reverse the role of the main tower and repeater
Replies: 1
Views: 484

Re: How to Reverse the role of the main tower and repeater

Owen - Can you from (old) tower 2 see the associated wlan2 card on (old) tower 1? (Wireless registration tab). Next, quoting you above; Tower2 (Old role as repeater new role as main tower) 10.7.0.1 network 10.7.0.0 broadcast 10.7.0.255 interface wlan1 10.7.0.2 network 10.7.0.0 broadcast 255.255.255....
by galaxynet
Wed May 13, 2009 2:49 pm
Forum: Beginner Basics
Topic: why low speed in file transfer
Replies: 7
Views: 4216

Re: why low speed in file transfer

channingzou - i use rb532a , 54G wireless card ,not in turbo mode,and do not setup any firewall or queues related to local network, i got data transfer speed about 1.3MB right now, but still far from 25mbps. thanks any help. If you go back and read what I wrote you'll see there are several factors t...
by galaxynet
Tue Apr 07, 2009 9:25 pm
Forum: RouterBOARD hardware
Topic: RB450 and windows ping timed out issue
Replies: 3
Views: 675

Re: RB450 and windows ping timed out issue

chrone - I see this issue pretty consistantly. Using RB333, RB433AH and RB411 - all with ROS 3.22 and lateast firmware - 2.20 I believe. Previous ROS 2.9.50 on RB500 or Intel CPU did not exhibit this behavior. There was another post on this, and it had something to do with time out values being chan...
by galaxynet
Thu Mar 05, 2009 10:00 pm
Forum: RouterBOARD hardware
Topic: **Route 2 network with RB493AH** ROute Not Work!!!!!!!!!!!!!
Replies: 3
Views: 1065

Re: Route 2 network wirth RB493AH

kazemm - Well you need to read the manual to get the whole story. Basically you need to go in to winbox, then the menu on the left, go to IP, then click on Route. A new window opens. Here you add your default route. Click on the ' + ' a window will open here you add the following; dst-addr=0.0.0.0/0...
by galaxynet
Thu Mar 05, 2009 9:48 pm
Forum: Beginner Basics
Topic: Web proxy error
Replies: 5
Views: 898

Re: Web proxy error

BDISP - It's in the manual..... Winbox, then IP, Web-Proxy. Once there go to the first tab, click on the 'settings' tab. This takes you to another window that has all the settings for the web-proxy drive including selecting the drive, stopping the proxy, sizing it, formating and checking the drive f...
by galaxynet
Tue Mar 03, 2009 8:52 pm
Forum: Beginner Basics
Topic: Web proxy error
Replies: 5
Views: 898

Re: Web proxy error

BDISP -

Yes - it looks like you need to turn the cache off. Fomat the cache again, and then check the cache drive. Once that all works again then you can re-enable the proxy.....

R/
by galaxynet
Thu Feb 26, 2009 9:50 pm
Forum: General
Topic: Firewall filter by MAC problem
Replies: 2
Views: 584

Re: Firewall filter by MAC problem

kameelperdza - Your rules are very specific - if the MAC address matchs the rule and the it is going out the bridge=eoip1 then it is done, if none match then you are dropping everything..... You really need to make sure that the MAC addresses you are specifing are the correct ones...... Lastly, sinc...
by galaxynet
Thu Feb 26, 2009 9:41 pm
Forum: RouterBOARD hardware
Topic: signal difference in point to point
Replies: 3
Views: 777

Re: signal difference in point to point

ihernandez - Sure - there are a number of reasons..... Bad cable(s) or connections at the card(s). Bad cable connection from the card to the antenna (bad cable-loose ground, water intrusion, etc). Antenna damage. LoS issues, such as 'knife edge defraction', or an obstacle closer to one antenna than ...
by galaxynet
Thu Feb 26, 2009 9:26 pm
Forum: Beginner Basics
Topic: Yours and mine gateways.
Replies: 15
Views: 1552

Re: Yours and mine gateways.

tombrdfrd66 - Well the basics of your plan sound well founded..... Since I don't know what you PPoE setup is like I can not imagine what you are going to need for mangle rules...you pretty much have everyone 'captured' at the PPoE gateway to start with.... The only questions I would have is are the ...
by galaxynet
Thu Feb 26, 2009 9:09 pm
Forum: General
Topic: shaping + priorities - mangle and queue tree
Replies: 7
Views: 1704

Re: shaping + priorities - mangle and queue tree

xordi - You're just not getting it. Let me try one last time.... Once you mark a connection ( LAN -> WAN ) when the WAN source replies the related connection is also marked with the SAME connection mark. As I explained above...you can mark any kind of traffic you want. I was showing how to mark the ...
by galaxynet
Tue Feb 24, 2009 10:41 pm
Forum: General
Topic: shaping + priorities - mangle and queue tree
Replies: 7
Views: 1704

Re: shaping + priorities - mangle and queue tree

xordi - Ok I have a little better understanding of what you are trying to do. You do not have to separately mark 'return' traffic coming in the WAN interface. You marked the connection as it went through the router already. The only time you would want to mark traffic coming in on the WAN interface ...
by galaxynet
Tue Feb 24, 2009 10:13 pm
Forum: Beginner Basics
Topic: Yours and mine gateways.
Replies: 15
Views: 1552

Re: Yours and mine gateways.

tombrdfrd66 - Well not to disagree with you but a more extensible answer to your issue is the one I sugeested above where by you mark the connections as before but use the ' ! ' (not) dst-addr list function to make the final decision on whether to route locally (via the main table) or send the reque...
by galaxynet
Mon Feb 23, 2009 11:27 pm
Forum: General
Topic: shaping + priorities - mangle and queue tree
Replies: 7
Views: 1704

Re: shaping + priorities - mangle and queue tree

xordi - I am not going to fix the whole setup but I am going ot point out a few things and hopeflly that and the docs you have handy will do the rest for you... 0 ;;; WWW chain=prerouting action=mark-connection new-connection-mark=all_conn_www passthrough=yes protocol=tcp src-port=80,443 This will o...
by galaxynet
Mon Feb 23, 2009 3:42 pm
Forum: Beginner Basics
Topic: Yours and mine gateways.
Replies: 15
Views: 1552

Re: Yours and mine gateways.

tombrdfrd66 - On second thought..... Post your mangle rules for routing. Maybe this will help you so try it first and if it doesn't then post everything asked for.... In your mangle rules for routing - where you are marking your routes.... In the magle rule itself, I surmise from the article that yo...
by galaxynet
Mon Feb 23, 2009 3:03 pm
Forum: Beginner Basics
Topic: Yours and mine gateways.
Replies: 15
Views: 1552

Re: Yours and mine gateways.

tombrdfrd66 -

Post your route and route rule tables - let's see what you have....

/ip route print
/ip route rule print


/R

Thom
by galaxynet
Fri Feb 20, 2009 5:39 pm
Forum: Wireless Networking
Topic: retransmits can slow down your wlan speeds.
Replies: 20
Views: 1827

Re: retransmits can slow down your wlan speeds.

kameelperdza - Look, what everyone is trying to tell you is that you have a VERY BAD signal there. Your Line of Sight (LoS) is bad or your are badly misaligned with the AP side. With a very bad siganl you can not get good throughput. No matter what you do, until you get your signal issue resolved yo...
by galaxynet
Wed Feb 18, 2009 11:57 pm
Forum: General
Topic: Load Balancing 3dsl, Bank's pages not resolve
Replies: 13
Views: 5554

Re: Load Balancing 3dsl, Bank's pages not resolve

pastranini - Without your actual configuration it is hard to tell what has gone wrong. But from your description it sounds like you do not have a persistant connection for HTTPS (banks). You need to share your configuration here - post it on the forum. I suspect that you used some form of loadbalanc...
by galaxynet
Wed Feb 18, 2009 11:54 pm
Forum: General
Topic: 532 board on 2.9.23
Replies: 4
Views: 690

Re: 532 board on 2.9.23

ccr -
The only way to upgrade is via netinstall and use a serial cable. It will only let you do this if it is a 'legal' version of ROS.

R/
by galaxynet
Wed Feb 18, 2009 11:51 pm
Forum: Beginner Basics
Topic: Yours and mine gateways.
Replies: 15
Views: 1552

Re: Yours and mine gateways.

tombrdfrd66 - Sure - but basically what you are asking for is policy based routing - it's in the wiki.... If the wiki doesn't do it for you then paste your config up here and any other relative 'data' and we'll see what we can do.... By the way - how did that link across the water turn out? R/ Thom
by galaxynet
Mon Feb 16, 2009 4:35 pm
Forum: Wireless Networking
Topic: Class B for hotspot
Replies: 1
Views: 556

Re: Class B for hotspot

natedogg104 -

First - you'd never be able to make a wireless bridged network that large work - the bridge transmissions on a wireless network would kill your throughput....

That having been said.... A class 'B' network woud be;

10.1.0.0/16 (255.255.0.0) would be 10.1.0.0 - 10.1.255.255

R/
by galaxynet
Mon Feb 16, 2009 4:28 pm
Forum: Beginner Basics
Topic: why low speed in file transfer
Replies: 7
Views: 4216

Re: why low speed in file transfer

channingzou - First thing - local to local does NOT invole the MT box unless you are transferring to/from that box. Local to local would just connect to the boxes involved directly. That having been said, the MT box will not significantly reduce the transfer speed if it is the one the files are bein...
by galaxynet
Mon Feb 16, 2009 4:05 pm
Forum: General
Topic: TrafficFlow/NetFlow and Dynamic Interfaces
Replies: 3
Views: 1073

Re: TrafficFlow/NetFlow and Dynamic Interfaces

MyThoughts -

Do a support file and send it to support@mikrotik.com I am sure they would be interested in your issue.

R/

Thom
by galaxynet
Mon Feb 16, 2009 4:01 pm
Forum: Wireless Networking
Topic: Trendnet compatibility with Mikrotik routers
Replies: 7
Views: 1861

Re: Trendnet compatibility with Mikrotik routers

pellumb - Sounds like you are trying to use a feature known as WDS (Wirelss Distribution System). Does the Trendnet support WDS? Check on their firmware - make sure you have their latest firmware (Trendnet). Look at the MT docs on WDS - this will tell you how to set the AP (AP-WDS mode) and how othe...
by galaxynet
Mon Feb 16, 2009 3:54 pm
Forum: General
Topic: How are the firewall chains traversed?
Replies: 2
Views: 863

Re: How are the firewall chains traversed?

Each chain is traversed independently from top to bottom. DNAT is done in the prerouting chain which is processed before the any routing decision is made, while SNAT is done in the postrouting chain. So the order you add rules in are only significant for a specific chain. If you add the SNAT rules ...
by galaxynet
Mon Feb 16, 2009 3:38 pm
Forum: General
Topic: Firewall chains - default policy action?
Replies: 12
Views: 15026

Re: Firewall chains - default policy action?

NAB -

That's pretty much it in a nut shell....

I am sure Normis, Janisk or one of the others will jump in and confirm this as well.

R/

Thom
by galaxynet
Mon Feb 16, 2009 3:30 pm
Forum: General
Topic: use both mT 3.20 and ISA server
Replies: 8
Views: 1564

Re: use both mT 3.20 and ISA server

akram - See below...I removed most of the 'disabled' entries. Made comments in the body of the text below. Study it and be sure to look over the MT docs to understand what I did.... Basically it is 'policy routing'. The policy is when a chosen IP makes a request to get something from the Internet, t...
by galaxynet
Mon Feb 16, 2009 2:34 pm
Forum: Wireless Networking
Topic: how to maximize the throughput
Replies: 12
Views: 4584

Re: how to maximize the throughput

remuss -

You can leave the card putput power at the default level. MT knows what the maximum power level the card is capable of and sets it that way....



R/

Thom
by galaxynet
Sun Feb 15, 2009 7:22 pm
Forum: Wireless Networking
Topic: retransmits can slow down your wlan speeds.
Replies: 20
Views: 1827

Re: retransmits can slow down your wlan speeds.

kameelperdza - You receive signal strength at 1.2km with that setup should be in the order of -50db, not -77db. I suspect that one of your cards is 'blown'. The other possibility can be that you have water intrusion in one or more cables causing you to lose a lot of signal..... Has anything changed ...
by galaxynet
Sun Feb 15, 2009 7:15 pm
Forum: Wireless Networking
Topic: how to maximize the throughput
Replies: 12
Views: 4584

Re: how to maximize the throughput

remuss - fatonk is correct - your received siganl is too low causing your CCQ (quality of the link) to be poor. Rough calcs here but the free space loss across 25km is 136db. I did some calcs based on the distance being 25km. Output power of the card at 350mw, the antenna gain set to 24db, and with ...
by galaxynet
Sat Feb 14, 2009 4:17 pm
Forum: Wireless Networking
Topic: how to maximize the throughput
Replies: 12
Views: 4584

Re: how to maximize the throughput

remuss - Well you told us quite a bit but not enough.... What is the signal level at both ends of this link? You might be able to improve the link signal by going to LMR400 from your case to the antenna. Ufl to n-female (bulkhead). LMR 400 N-male to whatever the antenna takes. If you can shorten the...
by galaxynet
Sat Feb 14, 2009 3:52 pm
Forum: Wireless Networking
Topic: retransmits can slow down your wlan speeds.
Replies: 20
Views: 1827

Re: retransmits can slow down your wlan speeds.

kameelperdza - Looks like you are connecting at -77db Is that normal for this connection? What is the setup; distance km or miles, antenna gain, card type (like R52H or XR something), what band 2ghz, 5ghz ? Can you show both sides of the link? Let's see if we can figure out if you are getting the ri...
by galaxynet
Sat Feb 14, 2009 3:47 pm
Forum: Beginner Basics
Topic: simple internet sharing between freinds
Replies: 6
Views: 1968

Re: simple internet sharing between freinds

happydaddy - Well you have quite a mess there - so let's start again.... Need to see - and please label the client and the AP; /ip address print - both /ip route print - both /ip route rule print - both /ip firewall nat print - both I also see you still have a bridge in there and it is not disabled....
by galaxynet
Fri Feb 13, 2009 8:39 pm
Forum: Beginner Basics
Topic: simple internet sharing between freinds
Replies: 6
Views: 1968

Re: simple internet sharing between freinds

happydaddy - Well you'll need to show a bit more of your config.... PPoE. route, ip address, ip firewall, ip dns, etc for the AP. In terminal mode you can use /ip address print or /ip address export I like using the print method, but export will work ok. You'll need to do this for all of the above. ...
by galaxynet
Fri Feb 13, 2009 8:24 pm
Forum: General
Topic: Signal not improved when changed from 2.4ghz to 5ghz :-(
Replies: 11
Views: 1308

Re: Signal not improved when changed from 2.4ghz to 5ghz :-(

kameelperdza -

Sounds like you need to use higher gain antennas - your received signal strength -79 to -85db is getting close to what the cards are will to work with at all.... I believe the R52H best receive sensitivity is either -92 or -95.....

R/

Thom
by galaxynet
Fri Feb 13, 2009 8:21 pm
Forum: Scripting
Topic: Netwatch; continual reboots
Replies: 18
Views: 5419

Re: Netwatch; continual reboots

omnicron -

Use the netinsall server to 'hold on' to the RB. Then use the serial connection to get in to ROS and turn netwatch off.

R/

Thom
by galaxynet
Fri Feb 13, 2009 5:28 pm
Forum: Scripting
Topic: Netwatch; continual reboots
Replies: 18
Views: 5419

Re: Netwatch; continual reboots

omnicron -

If you can get a serial cable on it you can telnet / ssh or use Hyperterminal to get in to the box and turn off netwatch. /system netwatch ..........

R/
by galaxynet
Fri Feb 13, 2009 5:26 pm
Forum: Wireless Networking
Topic: retransmits can slow down your wlan speeds.
Replies: 20
Views: 1827

Re: retransmits can slow down your wlan speeds.

kameelperdza - Well has the weather improved there yet? Did you system come back to normal? If yes to the above - then you have too small of a 'fade margin'. Typically, you want about 30db difference between the noise floor and the received signal in areas that have severe weather issues at the lowe...
by galaxynet
Fri Feb 13, 2009 5:17 pm
Forum: Wireless Networking
Topic: hotspot feeding other aps with routing bridge or wds
Replies: 4
Views: 764

Re: hotspot feeding other aps with routing bridge or wds

miahac -

If you setup everything as suggested then you will only have to masqurerade data going out the interface that points to the Internet. Everything inside would be on private network IPs.

R/
by galaxynet
Tue Feb 10, 2009 4:09 pm
Forum: Wireless Networking
Topic: help needed to setup new location
Replies: 2
Views: 581

Re: help needed to setup new location

illiniwireless - First a little constructive criticism...get off the bridge kick. The convenience of 'seeing' everything at once is costing you 30%+ in lost bandwidth capability. Use 'The Dude' or some other program to monitor your network. Save the backhaul and AP IPs in Winbox so you can jump righ...
by galaxynet
Tue Feb 10, 2009 3:37 pm
Forum: General
Topic: use both mT 3.20 and ISA server
Replies: 8
Views: 1564

Re: use both mT 3.20 and ISA server

akram - To answer that question you'll need to post your config. Go to terminal mode (either in winbox, left hand menu 'New Terminal' or telnet/ssh to the MT box). /ip address export /ip route export /ip router rule export /ip firewall nat export Copy and paste the results here. If you renamed your ...
by galaxynet
Mon Feb 09, 2009 9:27 pm
Forum: RouterBOARD hardware
Topic: RB493ah switch ports won't route
Replies: 6
Views: 1400

Re: RB493ah switch ports won't route

Eric - Well I really didn't expect anyhting exotic - just checking to see there was not something that you may have overlooked.... I have not used that board but have used the older 150 series...what I found was the ether ports are not necessarily in order - and that would seem the case in your desc...
by galaxynet
Mon Feb 09, 2009 4:45 pm
Forum: Beginner Basics
Topic: Saperate Cache Server
Replies: 1
Views: 537

Re: Saperate Cache Server

segunjoy -

What operating systems are you familiar with????

For linux there is Squid and a few others.

For windows - you'll have to look that up on the web.....

R/
by galaxynet
Mon Feb 09, 2009 4:44 pm
Forum: General
Topic: HotSpot Problem
Replies: 2
Views: 888

Re: HotSpot Problem

ergonaft -

Sure - but you need to post your config before anyone can help...........


/ip address export
/ip route export
/ip route rule export
/ip hotspot server, profile, etc export
/ip firewall nat, mangle, filter, etc export

R/
by galaxynet
Mon Feb 09, 2009 4:38 pm
Forum: RouterBOARD hardware
Topic: RB493ah switch ports won't route
Replies: 6
Views: 1400

Re: RB493ah switch ports won't route

e2346437 -

You are going to have to show us your config before anyone can help you...

/ip address export
/ip route export
/ip route rule export
/ip firewall nat, mangle, & filter export.....

R/
by galaxynet
Mon Feb 09, 2009 4:26 pm
Forum: General
Topic: use both mT 3.20 and ISA server
Replies: 8
Views: 1564

Re: use both mT 3.20 and ISA server

akram - Not really sure what your intended meaning is with 'ISA server' but it sounds like a 'regular' Internet Gateway / Router. So really all you have to do is configure the MT to be the gateway for all your internal systems on one ethernet interface and on the second connect it to the ISA server....
by galaxynet
Mon Feb 09, 2009 4:20 pm
Forum: Beginner Basics
Topic: router os setup
Replies: 1
Views: 593

Re: router os setup

OluNesta - Well you need to post your config for help with your firewall settings - /ip firewall nat export /ip firewall filter export /ip firewall mangle export and under /ip wwebproxy your settings there as well..... Here is the Wiki page for a lot of MT configs: http://wiki.mikrotik.com/wiki/Mikr...
by galaxynet
Mon Feb 09, 2009 4:12 pm
Forum: General
Topic: Signal not improved when changed from 2.4ghz to 5ghz :-(
Replies: 11
Views: 1308

Re: Signal not improved when changed from 2.4ghz to 5ghz :-(

kameelperdza - It is not so much the noise floor as it is the difference between the noise floor and the received signal - this is called Signal-to-Noise ( S/N ) ratio. What you are looking for is about 20db or more between the noise floor and the received signal, i.e., received signal = -65db, nois...
by galaxynet
Mon Feb 09, 2009 4:00 pm
Forum: Wireless Networking
Topic: Mikrotik as Client / Roam
Replies: 2
Views: 670

Re: Mikrotik as Client / Roam

gustkiller - Well you can set the signal level in the wireless table to 'dis-associate' once a signal level has droped below a certain level in the CPE. I suppose that would simulate forcing the CPE to re-associate with the stronger AP. It only takes a second or so for this to happen - so yes that w...
by galaxynet
Mon Feb 09, 2009 3:52 pm
Forum: Wireless Networking
Topic: high ping time
Replies: 3
Views: 2327

Re: high ping time

rodolfo - /interface wireless nstreme set wlan1 comment=RadioSlave disable-csma=no enable-nstreme=yes \ enable-polling=yes framer-limit=3600 framer-policy=exact-size There are a couple of things - in the above config you can check mark disable-csma so it equals 'yes'. ( disable-csma=yes ). You can a...
by galaxynet
Sun Feb 08, 2009 10:22 am
Forum: Beginner Basics
Topic: Ping / PPTP issue
Replies: 1
Views: 674

Re: Ping / PPTP issue

rickr - add action=accept chain=input comment=\ "Allow access to router from known network" disabled=no src-address-list=\ safe Probably the above rule... You are limiting communication to the router itself (chain=input) based on a src-address-list = safe. So if the address you are connecting from i...
by galaxynet
Sat Feb 07, 2009 1:05 am
Forum: Wireless Networking
Topic: hotspot feeding other aps with routing bridge or wds
Replies: 4
Views: 764

Re: hotspot feeding other aps with routing bridge or wds

miahac - You can just use the Hotspot on AP1. Set the radius service on the other APs to point to AP1. Even better setup Usermanager on Hotspot AP1 (or get a cheap PC - better than using the AP for usermanager) then run Hotspot on each AP, have the APs authenticate against the Usermanager - all that...
by galaxynet
Sat Feb 07, 2009 1:01 am
Forum: Wireless Networking
Topic: Ap with various connection types problems with bridges
Replies: 1
Views: 456

Re: Ap with various connection types problems with bridges

miahac - Sounds like you need to set the 433s in pseudo-bridge mode instead of station and then bridge the wlan & ether interface. If I remember correctly you also had to use the WDS mode as well.... I believe there is a wiki on that. Take a look. I will too as it has been sometime since I used brid...
by galaxynet
Sat Feb 07, 2009 12:32 am
Forum: Beginner Basics
Topic: Internet Access to private LAN (RB 450) etc.
Replies: 20
Views: 2471

Re: Internet Access to private LAN (RB 450) etc.

MasterofDisaster - Your english is fine - I understand what you are saying. I just hope you understood what I said...as in I was not trying to be 'mean spirited' with my reply - educational was my intent. You started off saying the you had used the wiki to implement load balancing and everything was...
by galaxynet
Thu Feb 05, 2009 5:01 pm
Forum: Beginner Basics
Topic: Internet Access to private LAN (RB 450) etc.
Replies: 20
Views: 2471

Re: Internet Access to private LAN (RB 450) etc.

MasterofDisaster - Ok well the main problem here is you 'started' to use the loadbalancing wiki and didn't finish implementing all of it. Go back, read the wiki article on loadbalancing, and then put all the required items in your router. Like right now you have 5 default routes to the internet, the...
by galaxynet
Thu Feb 05, 2009 4:33 pm
Forum: Wireless Networking
Topic: Video Streaming Over WLAN: Best Practice on MKK Radios
Replies: 11
Views: 3574

Re: Video Streaming Over WLAN: Best Practice on MKK Radios

dipson - Well I hate to break it to you this way but yes - the 2.4ghz band is really full..... Looks to me that your best frequency would be 2462.... At least there most of the competing signals are -88db and lower (lower being -90db, etc). See in 802.11b/g your center frequency is the 'channel' you...
by galaxynet
Thu Feb 05, 2009 4:15 pm
Forum: Beginner Basics
Topic: Internet Access to private LAN (RB 450) etc.
Replies: 20
Views: 2471

Re: Internet Access to private LAN (RB 450) etc.

MasterofDisaster - Please post your config again; /ip route export /ip route rule export /ip firewall nat export /ip firewall mangle export Just to let you know - from inside your network you will have to go directly to the server via it's private IP 192.168.15.12 From outside your internal network ...
by galaxynet
Wed Feb 04, 2009 10:10 pm
Forum: Wireless Networking
Topic: Video Streaming Over WLAN: Best Practice on MKK Radios
Replies: 11
Views: 3574

Re: Video Streaming Over WLAN: Best Practice on MKK Radios

dipson - It seems I am missing sometin out here. For the data rates, assuming the worst camera connection is 36mbps does that mean I will select 24mbps and deselect other rates or I will select 24mbps and below while deselecting 36,48 and 56mbps. Kindly clerify this for me please. In your example ab...
by galaxynet
Wed Feb 04, 2009 5:28 pm
Forum: General
Topic: Router Natting with port
Replies: 1
Views: 436

Re: Router Natting with port

ferdinandbabst - Sure you can - just like any other dst-nat rule. add chain=dstnat action=dst-nat to-addresses=192.168.1.10 to-ports=10010 in-interface=etherX dst-address=PUBLIC IP dst-port=10010 protocol=tcp comment="Camera 1" disabled=no add chain=dstnat action=dst-nat to-addresses=192.168.1.11 to...
by galaxynet
Wed Feb 04, 2009 5:21 pm
Forum: General
Topic: 2 Web domains, one server, How do I route?
Replies: 4
Views: 1063

Re: 2 Web domains, one server, How do I route?

gimmepatiencequickly - Well you have a couple of things going on here.... Your first dst-nat rule is correct. The second rule (ether2 - I don't know what you're trying to do there....192.168.1.5 shouldn't be showing up on that interface.....) Your src-nat rule.... Isn't the cisco nat'ing for you? Ev...
by galaxynet
Wed Feb 04, 2009 4:57 pm
Forum: Wireless Networking
Topic: Video Streaming Over WLAN: Best Practice on MKK Radios
Replies: 11
Views: 3574

Re: Video Streaming Over WLAN: Best Practice on MKK Radios

Hello Oladipupo, Nice to hear from you. I can understand why you are using WDS vice routing - though in the end if they are just looking at the streaming video - would they really have to 'administer' the network? As to the access list - this is straight forward - use the MAC address of you want con...
by galaxynet
Wed Feb 04, 2009 4:50 pm
Forum: Beginner Basics
Topic: Internet Access to private LAN (RB 450) etc.
Replies: 20
Views: 2471

Re: Internet Access to private LAN (RB 450) etc.

MasterofDisaster - There are two possibilities that I see.... 1) In your src-nat rule for the server, change the 'to-ports=' to 0-65535 2) Your load balancing setup is interferring with the server 'returning' the connection to the correct dsl / ethernet port. You'll have to look in the MT under /too...
by galaxynet
Tue Feb 03, 2009 6:01 pm
Forum: Beginner Basics
Topic: Internet Access to private LAN (RB 450) etc.
Replies: 20
Views: 2471

Re: Internet Access to private LAN (RB 450) etc.

MasterofDisaster -
1 chain=srcnat action=src-nat to-addresses=x.x.x.x to-ports=1195 src-address=192.168.15.12 protocol=udp
Try removing the " to-ports=1195 " from the above.

R/

Thom
by galaxynet
Tue Feb 03, 2009 3:38 pm
Forum: Wireless Networking
Topic: Reassociating Wireless Connection
Replies: 11
Views: 5056

Re: Reassociating Wireless Connection

chadd - Well it certainly isn't the towers being too close.... As to the 10mhz channel - the radio broadcasts at 5mhz above and below the center frequuency for a total of 10mhz channel width.... As to diconnects - have you per chance mixed ROS versions? ROS 2.9.46 on the AP and ROS 3.x on the client...
by galaxynet
Tue Feb 03, 2009 3:13 pm
Forum: Beginner Basics
Topic: Internet Access to private LAN (RB 450) etc.
Replies: 20
Views: 2471

Re: Internet Access to private LAN (RB 450) etc.

MasterofDisaster - 3 chain=srcnat action=src-nat to-addresses=0.0.0.0 to-ports=1195 src-address=192.168.15.12 protocol=udp the "to-addresses=0.0.0.0" above is the problem. to-addresses should be the same value (IP) as your x.x.x.x value in your dst-nat rule (rule 2). What is rule 1? You didn't show ...
by galaxynet
Tue Feb 03, 2009 12:29 am
Forum: Wireless Networking
Topic: Reassociating Wireless Connection
Replies: 11
Views: 5056

Re: Reassociating Wireless Connection

chadd - Do these towers 'see' each well? I know you are using 10mhz channels but the cards 'listen' at 20mhz channel width and TX on 10mhz channels. I see that they are just at the limits of 20mhz between the two towers.... Is it possible to move one of these higher or lower in frequency to get them...
by galaxynet
Mon Feb 02, 2009 10:45 pm
Forum: Wireless Networking
Topic: so where is the problem with Nstreme
Replies: 2
Views: 666

Re: so where is the problem with Nstreme

jo2jo -

I have never seen nstreme work with WDS....

You are probably going to have a difficult time having ROS 3.10 and ROS 2.9.51 connect via nstreme as well..... There are some differences between the ROS 2.9.51 and 3.10 versions.
by galaxynet
Mon Feb 02, 2009 9:46 pm
Forum: Wireless Networking
Topic: Wireless over water
Replies: 23
Views: 3507

Re: Wireless over water

tombrdfrd66 - SurferTim makes a good point on the radio card connectors - a or b. I didn't research the card type to see if it had two different antenna ports - this is definitly something to look at as you are almost exactly 20db down from what you should be - and that is what you usually get when ...
by galaxynet
Mon Feb 02, 2009 9:37 pm
Forum: Beginner Basics
Topic: Internet Access to private LAN (RB 450) etc.
Replies: 20
Views: 2471

Re: Internet Access to private LAN (RB 450) etc.

MasterofDisaster - First - I mis-read the interface scheme you had - my original interpretation was that INTERN was = INTERNET.... I overlooked the dsl1, dsl2, & dsl3 as the 'Internet' interfaces... But back to the task at hand..... You want any request to IP x.x.x.x on UDP port 1195 to be dst-nat'd...
by galaxynet
Mon Feb 02, 2009 5:42 pm
Forum: Beginner Basics
Topic: Internet Access to private LAN (RB 450) etc.
Replies: 20
Views: 2471

Re: Internet Access to private LAN (RB 450) etc.

MasterofDisaster - Looking over your config - add action=mark-connection chain=prerouting comment="" connection-state=new \ disabled=no in-interface=INTERN new-connection-mark=odd nth=3,1 \ passthrough=yes add action=mark-routing chain=prerouting comment="" connection-mark=odd \ disabled=no in-inter...
by galaxynet
Mon Feb 02, 2009 4:42 pm
Forum: Wireless Networking
Topic: Video Streaming Over WLAN: Best Practice on MKK Radios
Replies: 11
Views: 3574

Re: Video Streaming Over WLAN: Best Practice on MKK Radios

dipson - You are asking a lot and you are asking a lot of the equipment to get the job done....4mbps+ across 3 radios in WDS mode...... If you have to use the 2.4ghz then make your access lists now so you can lock each camera to a particualr AP. Set the scanning frequency list for each AP/WDS node. ...
by galaxynet
Mon Feb 02, 2009 4:14 pm
Forum: Wireless Networking
Topic: Wireless over water
Replies: 23
Views: 3507

Re: Wireless over water

tombrdfrd66 - I can't tell you exactly what is worng but I can tell you that what you are getting and what you should be getting are far different. According to just about every calc I can do you should be in the neighborhood of -65db at both ends of your connection. 17db power, plus 12db antenna, m...
by galaxynet
Mon Feb 02, 2009 2:25 pm
Forum: Beginner Basics
Topic: Internet Access to private LAN (RB 450) etc.
Replies: 20
Views: 2471

Re: Internet Access to private LAN (RB 450) etc.

Export your Mikotik config and paste it here so we can look at what you told the MT to do.... Then you can get some help.

R/

Thom
by galaxynet
Fri Jan 30, 2009 9:28 pm
Forum: Beginner Basics
Topic: Load balancing problem
Replies: 8
Views: 1352

Re: Load balancing problem

/interfaces add address=XXX.ZZZ.22.179/24 broadcast=XXX.ZZZ.22.255 comment="" disabled=no \ interface=eth-link1 network=ZZZ.XXX.22.0 add address=172.31.1.23/16 broadcast=172.31.255.255 comment="" disabled=no \ interface=eth-private network=172.31.0.0 add address=XXX.ZZZ.113.3/24 broadcast=XXX.ZZZ.11...
by galaxynet
Mon Jan 19, 2009 3:54 pm
Forum: Beginner Basics
Topic: ERROR : Gateway Timeout OR ERROR : Not Found
Replies: 1
Views: 1827

Re: ERROR : Gateway Timeout OR ERROR : Not Found

Does your MT work without web-proxy enabled? (You would have to turn off the dst-nat rule where you redirect port 80 to 8080) If yes - then you may need to format your cache drive and let it build the cache. If no - then post the rest of your config and lets get the basics working first.... / R Thom
by galaxynet
Sun Jan 18, 2009 2:20 pm
Forum: RouterBOARD hardware
Topic: Multiple cable modems on same network (again)
Replies: 9
Views: 2598

Re: Multiple cable modems on same network (again)

It seems to me that you may be way over thinking this...... :) 1) Most cable modems have WAN / LAN where the public IP is on the WAN side and you have a 'private' IP on the LAN side. The modem NAT's the private IP to the public..... Seems to me that all you need to do in a case like this is have eac...
by galaxynet
Sun Jan 18, 2009 1:58 pm
Forum: RouterBOARD hardware
Topic: RB333 reboots several times per day
Replies: 5
Views: 1491

Re: RB333 reboots several times per day

What we found was changing the power supply to an 18vdc vice the 24vdc we originally had seems to have 'fixed' the issue. If you look through the forum you'll see mention of this type of issue on the RB333 - it has to do with the internal voltage monitoring circuit that shuts the RB off if the input...
by galaxynet
Sun Jan 18, 2009 1:50 pm
Forum: RouterBOARD hardware
Topic: Routerboard RB433AH intermittantly stops operating
Replies: 7
Views: 1892

Re: Routerboard RB433AH intermittantly stops operating

If you set a log entry to save to 'disk' it will save it in flash memory as surmised. Then just open the log normally right after a reboot to see the log entry.

R/

Thom
by galaxynet
Sat Nov 01, 2008 8:12 pm
Forum: Beginner Basics
Topic: Connection Bonding
Replies: 9
Views: 3889

Re: Connection Bonding

blueice -

Sent you a reply in email.

R/
by galaxynet
Fri Oct 10, 2008 3:19 pm
Forum: General
Topic: Some ip-firewall problems...
Replies: 4
Views: 914

Re: Some ip-firewall problems...

marek001 - Well marek001 - you have not supplied enough information for anyone to help you.... Here - and now i have set the ip-range for vpn and i have a ip range for my local area... Lan and wlan - Nod1 - 192.168.10.0/24 and Nod2 - 192.168.11.0/24 vpn ip - 170.0.51.0/24 You talk about 192.x... and...
by galaxynet
Sun Oct 05, 2008 4:26 pm
Forum: Beginner Basics
Topic: Connection Bonding
Replies: 9
Views: 3889

Re: Connection Bonding

Dren - Each end of the bonded interfaces have to be at the same respective locations. Meaning you need one at the ISP end and one at the tail end. Now as long as you and your friend are at the same physical location on one end and you can get a box setup at the ISP end then you can use your friend's...
by galaxynet
Sat Oct 04, 2008 5:29 pm
Forum: General
Topic: how can i make Mikrotik an Internal DNS Server ??
Replies: 4
Views: 5617

Re: how can i make Mikrotik an Internal DNS Server ??

EngAMoktar - Along with setting your DNS in your MT box as noted above with your public DNS IPs - I suspect you are using the newer MT ROS so set the UDP packet size to 1024 vice the 'standard' 512 bytes. Also watch your cache size for DNS - if you run out of cache it can cause issues (I didn't say ...
by galaxynet
Sat Oct 04, 2008 5:10 pm
Forum: Beginner Basics
Topic: Connection Bonding
Replies: 9
Views: 3889

Re: Connection Bonding

Dren -

You need to have a MikroTik box at both ends of your connection to bond lines....since you have two different ISPs it is not possible.....
by galaxynet
Fri Oct 03, 2008 4:55 pm
Forum: Wireless Networking
Topic: accessing Ap's from the internet
Replies: 2
Views: 754

Re: accessing Ap's from the internet

jwcn -
You forgot to tell him to change the 'local' LAN side NIC to proxy-arp mode to access everything on the local side from a VPN connection... :)
by galaxynet
Fri Oct 03, 2008 4:43 pm
Forum: Wireless Networking
Topic: Interference problem
Replies: 5
Views: 1151

Re: Interference problem

acim -
Take all that stuff out of bridge mode and route everything - that will help you a lot to start with.

With 3 cards on top of each other you are bound to get some interference, move one of the cards to the other RB (the one with the single card in it). That will also help.
by galaxynet
Mon Sep 29, 2008 6:19 pm
Forum: General
Topic: Multiple Routers running WDS - System monitor
Replies: 17
Views: 2578

Re: Multiple Routers running WDS - System monitor

Blignaut - Tried to answer via email - the email got returned.... Well let's first try some filtering to get your bandwidth under control and then we'll get to the rest of it.... Everything here is in Winbox. I generally start with a ' / ' to indicate a menu item on the left hand menu of Winbox, the...
by galaxynet
Mon Sep 29, 2008 3:59 pm
Forum: General
Topic: Multiple Routers running WDS - System monitor
Replies: 17
Views: 2578

Re: Multiple Routers running WDS - System monitor

Blignaut -

Answering via email...

R/
Thom
by galaxynet
Sun Sep 28, 2008 2:05 pm
Forum: General
Topic: Multiple Routers running WDS - System monitor
Replies: 17
Views: 2578

Re: Multiple Routers running WDS - System monitor

blignaut -

Bump....

Are you going to continue the discussion?

R/

Thom
by galaxynet
Fri Sep 26, 2008 9:51 pm
Forum: General
Topic: Multiple Routers running WDS - System monitor
Replies: 17
Views: 2578

Re: Multiple Routers running WDS - System monitor

blignaut - might be better if you conatct me directly off forum...that way we don't clutter up the forum with little notes... You can post what you did after we're done - that will help other folks when they go looking for answers.... RB532A - is that the one w/32mb of memory? That may not be enough...
by galaxynet
Fri Sep 26, 2008 5:35 pm
Forum: General
Topic: Multiple Routers running WDS - System monitor
Replies: 17
Views: 2578

Re: Multiple Routers running WDS - System monitor

blignaut - Pros and cons - Pros for Usermanager and Hotspot together - one place to add/delete/disable users. Accounting stats are avaialble and you can get reports of users usage based on criteria you select. Cons - more than 50 users requires a higher license level $$, requires some knowledge of r...
by galaxynet
Fri Sep 26, 2008 4:22 pm
Forum: General
Topic: Multiple Routers running WDS - System monitor
Replies: 17
Views: 2578

Re: Multiple Routers running WDS - System monitor

blignaut - Working on it.... You have sort of a mess there. I see you are using AP1 as the hotspot 'controller' for that entire network. Was that your intention or just the way things ended up? Do you want a separate Hotspot Controller on each AP OR (read the next paragraph)? It is entirely possible...
by galaxynet
Thu Sep 25, 2008 6:01 pm
Forum: General
Topic: Multiple Routers running WDS - System monitor
Replies: 17
Views: 2578

Re: Multiple Routers running WDS - System monitor

blignaut -

Go to the hotspot section of your post above - remove the username and passwords - you can do it by editing your post....

R/

Thom
by galaxynet
Thu Sep 25, 2008 5:21 pm
Forum: General
Topic: Multiple Routers running WDS - System monitor
Replies: 17
Views: 2578

Re: Multiple Routers running WDS - System monitor

blignaut - It would be better if you posted either 'printouts' or exports of the aforementioned sections... While in winbox - left hand menu - New Terminal, click on that..... When the window opens, make it 'full size' by dragging the corners or double clicking on the top blue bar for that window. /...
by galaxynet
Thu Sep 25, 2008 4:42 pm
Forum: General
Topic: Multiple Routers running WDS - System monitor
Replies: 17
Views: 2578

Re: Multiple Routers running WDS - System monitor

blignaut - First - why are you using bridge and WDS - this looks perfect for a statically routed setup.... On to the issue at hand....where is the hotspot 'controller' - AP1? Or did you setup a Hotspot on each AP? How did you connect to AP1 - Wlan x? or via ethernet? The reason you can see everythin...
by galaxynet
Wed Sep 24, 2008 3:15 pm
Forum: Beginner Basics
Topic: routing between two networks
Replies: 1
Views: 827

Re: routing between two networks

jokefake24 - Well first off you'll need to read the manual more fully. As to Networks A & B 'talking' to each other - they already can. You'll have to set your cpu's up to use IP address for printing vice using a computer name since they are in different networks. As to making network B use the prox...
by galaxynet
Fri Sep 19, 2008 5:26 pm
Forum: General
Topic: static IPs for web server
Replies: 5
Views: 986

Re: static IPs for web server

thomaspc -

Aswered you back via email....

R/

Thom
by galaxynet
Thu Sep 18, 2008 10:48 pm
Forum: General
Topic: static IPs for web server
Replies: 5
Views: 986

Re: static IPs for web server

thomaspc -

Ping won't work if you have not port forwarded the icmp protocol to that IP....

Post your dst-nat and src-nat rules here (obfascate your public IPs as necessary)....

do a traceroute and port here....

from the command prompt / terminal / telnet;

/ip firewall nat print [enter]


R/

Thom
by galaxynet
Thu Sep 18, 2008 9:02 pm
Forum: General
Topic: static IPs for web server
Replies: 5
Views: 986

Re: static IPs for web server

thomaspc - So - what is the problem - is it you are outside your network you can't see the internal webserver on it's 'now' public IP address or is it that you can not see the internal webserver by name http://www.xxx.xxx from 'inside' your network? Reading your post again...looks like you are tryin...
by galaxynet
Thu Sep 18, 2008 6:39 pm
Forum: Wireless Networking
Topic: Wireless Network Topology ... I'd like your opinion ...
Replies: 4
Views: 991

Re: Wireless Network Topology ... I'd like your opinion ...

marcelocbf -

I use a lot of 5ghz (802.11a) in my metro areas.... 2.4ghz is just too full of noise from consumer gear..... I split the band and use the higher 5ghz for backhauling data to/from the site and then use the lower 5ghz for the clients - works fine for me.

R/
by galaxynet
Thu Sep 18, 2008 6:36 pm
Forum: Wireless Networking
Topic: bonding on miltiple wireless links, need help
Replies: 1
Views: 1052

Re: bonding on miltiple wireless links, need help

migo - Your 'text art' map doesn't make sense.... Typically the issue you are describing would be that you didn't change the MAC address on the bond interface. Read the manual and the wiki about bonding - it is very specific about changing the MAC for the bond interface (not the Wlan card or eth, th...
by galaxynet
Wed Sep 17, 2008 4:49 pm
Forum: Wireless Networking
Topic: Wireless Network Topology ... I'd like your opinion ...
Replies: 4
Views: 991

Re: Wireless Network Topology ... I'd like your opinion ...

marcelocbf - - Setting the same SSID, on the setorial antennas will make users associate back and forth between the cards ? Actually, my question would be ... how much strength difference between channels a wireless card decide to associate to another (average) ? Typically the client will associate ...
by galaxynet
Tue Sep 16, 2008 5:46 pm
Forum: RouterBOARD hardware
Topic: Bonded Bridge routing problem
Replies: 1
Views: 883

Re: Bonded Bridge routing problem

Blachawk - Sure - my suggestion would be to take the MTs out of bridged mode.... Bondingrr works just fine without a bridge. That way when you put the IP of the Moto radio in - the MT knows where to find it. Right now as a bridge it expects the IP to be accessible on BOTH lines - hence only receivin...
by galaxynet
Tue Sep 16, 2008 5:34 pm
Forum: Wireless Networking
Topic: Hotspot 3 APs away
Replies: 8
Views: 1340

Re: Hotspot 3 APs away

Hi Chris - First - thanks for the compliments - you seemed to be desperate so helping you out was a pleasure.... I see from your post that you had an IP conflict - you forgot to change the IP on the Desktop back to it's original IP didn't you - so it still had 192.168.1.1 as it's IP which conflicted...
by galaxynet
Mon Sep 15, 2008 6:21 pm
Forum: General
Topic: redirect outbound traffic to specific remote server
Replies: 4
Views: 1227

Re: redirect outbound traffic to specific remote server

edgarsw - I might be missing something but here goes... I do not see how you are going to 're-route' traffic from the Cisco through the DMZ to the MT and then through the MT to another public IP through the Internet cloud to your Lotus server and back again.... Perhaps your drawing is in error? If n...
by galaxynet
Mon Sep 15, 2008 5:50 pm
Forum: General
Topic: Winbox to two different routers behind ADSL
Replies: 11
Views: 5309

Re: Winbox to two different routers behind ADSL

maximo64 -
Why don't you just setup a VPN (ppp menu) or PPtP - whatever you want to call it..... Give the VPN an unused IP on the other side of MT Edge. Turn on Proxy Arp for that interface. Once connected via VPN you can call the routers by their local IP addresses right from winbox....

R/
by galaxynet
Mon Sep 15, 2008 3:04 pm
Forum: Scripting
Topic: Simple Script Help.
Replies: 4
Views: 1065

Re: Simple Script Help.

rednetwifi - For getting a ping to go out a specific port you'd need to use policy routing.... Typically you would use mangle to mark the connection, use the connection mark to add a routing mark. Then over in /ip routes you need to add two things.... One, a route in a named route table for your int...
by galaxynet
Mon Sep 15, 2008 1:53 pm
Forum: Wireless Networking
Topic: Hotspot 3 APs away
Replies: 8
Views: 1340

Re: Hotspot 3 APs away

mickeymouse690 - (Chris) It was a pleasure to talk with you last nite.... Please don't forget to post here, when you get done absorbing all the info and the configs we created last nite - including how you decided how to setup future CPEs on your Hotspots, your lessons learned. They will help someon...
by galaxynet
Sun Sep 14, 2008 10:34 pm
Forum: Wireless Networking
Topic: Hotspot 3 APs away
Replies: 8
Views: 1340

Re: Hotspot 3 APs away

mickeymouse690 - Well here's a stab at it - great talking to you on the phone.... RT1 - eth1 gets it's IP from your Internet router (dlink I think you said...) RT1 - Wlan1 - let's give it an IP of 10.8.82.1/24 Interface=Wlan1 In winbox / ip route add ( + ) the routes to the other wlans and hostspot ...
by galaxynet
Sun Sep 14, 2008 4:52 pm
Forum: Wireless Networking
Topic: Hotspot 3 APs away
Replies: 8
Views: 1340

Re: Hotspot 3 APs away

mickeymouse690 - Not really sure what the heck you're trying to do here.....why bridge and wds everything? Why don't you just route everything where it needs to go and set the Hotspots up on the desired interfaces (WLans I presume)? You can NAT out at your ISP linkup - so only one NAT.... Maybe a li...
by galaxynet
Sun Sep 14, 2008 4:00 pm
Forum: General
Topic: Hardware for high bandwidth 1.5km 5Ghz Nstreme link?
Replies: 14
Views: 2605

Re: Hardware for high bandwidth 1.5km 5Ghz Nstreme link?

_Petya_ Well it really depends on how much you want to do with the units on each end.... RB433ah or RB600 will certainly do a good job. With the proper setup they should be able to pass 50mbps+ with dual wlan cards...and still have the cpu processing power to do a good amount of QoS servicing.... Pa...
by galaxynet
Fri Sep 12, 2008 9:01 pm
Forum: Beginner Basics
Topic: 3 link wireless bonding, will this work...
Replies: 13
Views: 2457

Re: 3 link wireless bonding, will this work...

InoX - This is not a competition to me - if you can get it to work & work well then I'd like to see the config as I could use the extra speed myself. My experience is that once you to start to load traffic in both directions the whole thing slows down. Add bonding on top of that (with bondingrr for ...
by galaxynet
Fri Sep 12, 2008 6:30 pm
Forum: General
Topic: RouterOS v3.14rc1 released
Replies: 42
Views: 5682

Re: RouterOS v3.14rc1 released

Any chance you (MT) addressed the issues with mangle and queuing that I sent in via Ticket#2008090766000066] ROS on Intel CPU V3.13 Queues

Where mangle is not working correctly and so PCQs are not working correctly?

R/
by galaxynet
Fri Sep 12, 2008 5:39 pm
Forum: Beginner Basics
Topic: routing headache
Replies: 2
Views: 767

Re: routing headache

cylent - Well you 'discoverd' probably the only method that will work. Possibly, and I will repeat that, possibly, you can setup eth3 as a DHCP relay under DHCP server.... I haven't tried this but the functionality is there.... Alternately you should be able to setup just a standard routed situation...
by galaxynet
Fri Sep 12, 2008 5:13 pm
Forum: General
Topic: bridging, nat'ing, private/public ip's, firewall, 1 router?
Replies: 3
Views: 809

Re: bridging, nat'ing, private/public ip's, firewall, 1 router?

dankerr -

Well you can't specify the in-interface but you can specify the src-addr for NAT'ing.....

R/

Thom
by galaxynet
Fri Sep 12, 2008 4:57 pm
Forum: Beginner Basics
Topic: 3 link wireless bonding, will this work...
Replies: 13
Views: 2457

Re: 3 link wireless bonding, will this work...

InoX - I am talking about serious transfer rates...yes I know you can get 50Mbps with a single tubo channel and Nstreme - in ONE direction - I've done it pleny of times. You can also get about 70Mbps using only UDP - so what? I even duplicated MT's 300Mbps setup in my lab. But what the challege is t...
by galaxynet
Fri Sep 12, 2008 4:26 pm
Forum: Beginner Basics
Topic: cannot ping ether 2 local to PC, but can winbox to it.
Replies: 7
Views: 1678

Re: cannot ping ether 2 local to PC, but can winbox to it.

lookout - Well it looks like for the most part that you have used the names I gave the interfaces in my example and not the names you gave the interfaces..... add chain=sanity-check in-interface=Local src-address=!192.168.1.0/24 action=jump jump-target=drop comment="Drop everything that goes from lo...
by galaxynet
Thu Sep 11, 2008 9:11 pm
Forum: Beginner Basics
Topic: 3 link wireless bonding, will this work...
Replies: 13
Views: 2457

Re: 3 link wireless bonding, will this work...

jknudsen - 150Mbps is a dream - the RBs cannot push that much data across a wireless tcp link under even the best circumstances. I have run at least 50 different configs trying to get 100Mbps across a radio set pair. When I used Nstreme and bonding with 4 wireless interfaces at each end I was finall...
by galaxynet
Thu Sep 11, 2008 8:56 pm
Forum: Wireless Networking
Topic: Help needed on Wireless Setup.
Replies: 2
Views: 1068

Re: Help needed on Wireless Setup.

Darren / Ron -

Glad we talked on skype earlier...I have a good sense of what you are looking for....

I am working up the basic config now.

Talk to you soon...

Thom
by galaxynet
Thu Sep 11, 2008 4:53 pm
Forum: Wireless Networking
Topic: Public IPs need
Replies: 1
Views: 839

Re: Public IPs need

Ibersystems - This is more of a 'beginner' question than a wireless question. Basically what you would need to do it route a subnet of your public IP block to your remote office. There on the 'local' side of the MT station, you would place the Public IP gateway you routed to the MT station. For exam...
by galaxynet
Thu Sep 11, 2008 4:14 pm
Forum: Beginner Basics
Topic: cannot ping ether 2 local to PC, but can winbox to it.
Replies: 7
Views: 1678

Re: cannot ping ether 2 local to PC, but can winbox to it.

lookout - Ok lookout - here goes..... 1) Make sure you use masquerade for the private network in /ip firewall nat like so; src-addr=put_your_local_network_IP_block_here out-interface=Internet_interface action=masq 2) Firewalling - this is a short excerpt from an article by Dmitry (which you should l...
by galaxynet
Thu Sep 11, 2008 5:28 am
Forum: Beginner Basics
Topic: cannot ping ether 2 local to PC, but can winbox to it.
Replies: 7
Views: 1678

Re: cannot ping ether 2 local to PC, but can winbox to it.

lookout - Well I am glad you found your issue - as I noted in my response - it looked like a netwmask / IP address / or basic route issue.... As to SPI by the MT firewall.... It does do SPI, but you have to tell it what you are looking for.... As it let's say you only want your clients to use your m...
by galaxynet
Wed Sep 10, 2008 10:44 pm
Forum: Beginner Basics
Topic: 3 link wireless bonding, will this work...
Replies: 13
Views: 2457

Re: 3 link wireless bonding, will this work...

jknudsen - The backfire antenna is a good antenna - so are most of the 23/24db 5ghz antennas out there - so either selection will probably work just fine for you. As to bonding.... I have a couple of bonded setups running. I tried nstreme and nstreme dual..... I am not happy about the throughput on ...
by galaxynet
Wed Sep 10, 2008 10:26 pm
Forum: Beginner Basics
Topic: Question about "Load balancing persistant" configuration
Replies: 1
Views: 762

Re: Question about "Load balancing persistant" configuration

CastorTroy - Well yes you will have to setup some scripts and mangle rules so your scripts will ping a specific host through a specific gateway (one of your data lines). And if the ping fails x times in y seconds/minutes then disable that route.... I did some scripts and such for " WirelessRudy " a ...
by galaxynet
Wed Sep 10, 2008 10:13 pm
Forum: Beginner Basics
Topic: cannot ping ether 2 local to PC, but can winbox to it.
Replies: 7
Views: 1678

Re: cannot ping ether 2 local to PC, but can winbox to it.

lookout - It would be real helpful if you would go in to the teminal (console) and do a; /ip address export /ip route export /ip firewall nat export /ip dhcp server export and let us see what your config is at the moment so we can all point you in the right direction.... What is kind of sounds like ...
by galaxynet
Tue Sep 09, 2008 11:42 pm
Forum: General
Topic: Bypass Simple Queue?
Replies: 3
Views: 1939

Re: Bypass Simple Queue?

MyThoughts - Boy that is a lot of queues..... :) I would bet money you are using a PC based ROS distro, and you're using ROS 3.12 or ROS 3.13. From what I have seen on my ROS 3.13 router it acts similiar to yours. Look at your mangle rules and you'll notice that they are probably not counting corect...
by galaxynet
Tue Sep 09, 2008 4:49 pm
Forum: General
Topic: bridging, nat'ing, private/public ip's, firewall, 1 router?
Replies: 3
Views: 809

Re: bridging, nat'ing, private/public ip's, firewall, 1 router?

lordzar - Not to be critical - by why the heck do you want to bridge everything anyway? NORMALLY you would give your servers a private IP and use 1:1 nat'ing for them on a particular private IP block, and then do masq for clients from another private IP block. And/or if you HAVE to have public IPs o...
by galaxynet
Tue Sep 09, 2008 4:39 pm
Forum: General
Topic: Multiple packet marks / connections marks
Replies: 7
Views: 5005

Re: Multiple packet marks / connections marks

chris021 - Well I looked at the wiki and I did not see any further examples of using different chains the way you planned to use them - there are some there that do it differently that you can draw from to do your own...perhaps you lack the expertise with ROS to do this so I will show a partial exam...
by galaxynet
Mon Sep 08, 2008 6:00 pm
Forum: General
Topic: Correct dstnat setup
Replies: 2
Views: 1003

Re: Correct dstnat setup

fball - enk's solution won't work as the first src-nat rule will get excuted before the netmap src-nat rules will be seen....the order in which the rules are applied are important.... Your idea is more correct...however....... scrnat: 10.4.2.2 -> 144.92.249.228 10.4.x.x -> 144.92.249.226 dstnat: 144...
by galaxynet
Mon Sep 08, 2008 5:21 pm
Forum: General
Topic: Multiple packet marks / connections marks
Replies: 7
Views: 5005

Re: Multiple packet marks / connections marks

chris021 Here is a link to the wiki for just such a case - there are two examples here and there are a few others for just routing regarding 'local' and international traffic... http://wiki.mikrotik.com/wiki/Bandwidth_Managment_and_Queues Basically what you are going to do is mark the connections in...
by galaxynet
Mon Sep 01, 2008 4:59 pm
Forum: Beginner Basics
Topic: One hotspot want to add another with access to original
Replies: 7
Views: 1361

Re: One hotspot want to add another with access to original

Mark - Just posting some clarifications here so the other folks know what you started with, what you wanted, and what you ended up with..... Mark wanted to be able to add a second Hotspot to service other clients in his area. Did not want to disturb the current client base. He also did NOT want to u...
by galaxynet
Wed Aug 27, 2008 3:44 pm
Forum: Beginner Basics
Topic: Setting Router Timeout on the WAN connection
Replies: 3
Views: 1236

Re: Setting Router Timeout on the WAN connection

rpuerto - Well then first might I suggest that you get the latest manual for MikroTik - it's version 3. A link is posted here on the firum somewhere - do a search..... To 'print out' your configs.... In winbox, left side, click on 'New Termial', a telnet window will open. Double click on the top blu...
by galaxynet
Wed Aug 27, 2008 3:36 pm
Forum: Beginner Basics
Topic: One hotspot want to add another with access to original
Replies: 7
Views: 1361

Re: One hotspot want to add another with access to original

lormar - Mark - Quoting you " I use the hotspot existing profile. If I do remove the hotspot from the VAP I will have to change all the firewall settings and etc. Seems a lot of work but willing to do it if I can get it done quick as I have connected individuals most of the hours of the day. I will ...
by galaxynet
Wed Aug 27, 2008 12:42 am
Forum: Beginner Basics
Topic: One hotspot want to add another with access to original
Replies: 7
Views: 1361

Re: One hotspot want to add another with access to original

Hi Mark - I have a pretty busy business - so it has taken a little while to get back to your post. Let's see - you have your original Hotspot depicted above. First - take the hotspot off of the VAP wlan2 interface in your original unit. You'd want that (wlan2 your 'new' Virtual AP) to be just a stra...
by galaxynet
Mon Aug 25, 2008 4:01 pm
Forum: General
Topic: Protocol Classifier, mark packet then queue tree?
Replies: 1
Views: 1001

Re: Protocol Classifier, mark packet then queue tree?

yudigadget - You need to study the firewall mechanisms more throughly.... 9 chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=80 action=mark-connection new-connection-mark=http passthrough=no 10 chain=tcp-services connection-mark=http action=mark-packet new-packet-mark=packet_http_in pass...
by galaxynet
Mon Aug 25, 2008 3:34 pm
Forum: Beginner Basics
Topic: One hotspot want to add another with access to original
Replies: 7
Views: 1361

Re: One hotspot want to add another with access to original

lormar (Mark) Well you have sort of told us what you are trying to do - but you need to post some of your config here so we can tell you where you went wrong.... Basically it sounds like you want the origianl Hotspot to feed your new one and still handle clients as well. That sounds straight forward...
by galaxynet
Sat Aug 23, 2008 4:33 pm
Forum: Wireless Networking
Topic: 6 radio AP/Relay. Any obvious issues?
Replies: 15
Views: 2760

Re: 6 radio AP/Relay. Any obvious issues?

iam8up - There is no issue with running 2.4ghz and 900mhz together. What I said above was be careful running a SR9 and SR/XR or any other 2.4ghz card with it. The reason - the SR9 the data is first formated and sent out a 2.4ghz very low power amp, it is then fed to a 900mhz down converter/amplifier...
by galaxynet
Thu Aug 21, 2008 12:04 am
Forum: Wireless Networking
Topic: 6 radio AP/Relay. Any obvious issues?
Replies: 15
Views: 2760

Re: 6 radio AP/Relay. Any obvious issues?

mickeymouse690 - I don't know how everyone missed this but you don't have enough channel space to run that many 900mhz that close together..... Your very best bet is to run the 5ghz as backhauls between sites. That will at least free up some 900mhz channel space. If you are going to use 2.4ghz be mi...
by galaxynet
Wed Aug 20, 2008 11:43 pm
Forum: Wireless Networking
Topic: ip address dst address
Replies: 1
Views: 987

Re: ip address dst address

xezen -

10.1.4.250/32 - this format will only affect that single address. You'll have to use the firewall filter or mangle or both so this address does not get 'serviced'.

R/
by galaxynet
Wed Aug 20, 2008 2:43 pm
Forum: Wireless Networking
Topic: Security Issues and researching, need some ideas!
Replies: 6
Views: 1399

Re: Security Issues and researching, need some ideas!

nitrium - Where to start.... Radius is about control but also adds security as well.... You can simply have it authenticate by MAC address or get sophisticated and have it send the wpa and ask for a username and password...it is entirely up to you..... As to WDS - well there certainly are situations...
by galaxynet
Sat Aug 16, 2008 12:57 am
Forum: General
Topic: Load Ballancing in V3.13 code error
Replies: 5
Views: 1694

Re: Load Ballancing in V3.13 code error

You're welcome....


Thom
by galaxynet
Sat Aug 16, 2008 12:48 am
Forum: Wireless Networking
Topic: Security Issues and researching, need some ideas!
Replies: 6
Views: 1399

Re: Security Issues and researching, need some ideas!

nitrium - There are at least a dozen ways to add security in various ways and combinations.... Already mentioned are radius and wpa2 wireless coding. There is also 'hidden' essid, access and connect lists in the APs, with MAC / SSID checking. Much of this can be used in conjunction with radius. This...
by galaxynet
Sat Aug 16, 2008 12:39 am
Forum: Wireless Networking
Topic: Next gen wireless card poll
Replies: 57
Views: 25810

Re: Next gen wireless card poll

I am going to have to qoute Nickb here adding only that you remove the diversity switch as well..... SMA would be the ultimate in carrier class reliability (threaded connector, heavier cable), but MT would need to space their MiniPCI slots further apart to support it. I would love to see SMA cards, ...
by galaxynet
Sat Aug 16, 2008 12:20 am
Forum: Wireless Networking
Topic: Point to Multipoint Configuration Suggestions
Replies: 2
Views: 3087

Re: Point to Multipoint Configuration Suggestions

thinair - Well I would certainly dump the bridge that's for sure..... There are a lot ways to switch over to routed, and maintain a decent amount of security and control..... For us - we lock things down by MAC address, use aes-ccm keys, and a few other things. We have a very secure network.... I ha...
by galaxynet
Sat Aug 16, 2008 12:10 am
Forum: Wireless Networking
Topic: Bonding through a bridge
Replies: 1
Views: 2601

Re: Bonding through a bridge

expunge - Well it really sounds like you have the bonding setup incorrectly..... I have a couple of similiar setups with VRRP at each each end, then a dual wireless system in a second box off to the main site, dual wireless box, VRRP. The other setups do not have the VRRP but do have separate boxes ...
by galaxynet
Fri Aug 15, 2008 11:26 pm
Forum: General
Topic: Load Ballancing in V3.13 code error
Replies: 5
Views: 1694

Re: Load Ballancing in V3.13 code error

CanWAN - Sure - if you read the wiki - it is for ROS 2.9.xx You are using ROS 3.0 Nth is different under 3.0 First go look at the ROS3.0 'nth' presentation on the wiki. Mod the load balancing to match your needs, and remember 'nth' under 3.0 only takes two paramenters - not three like 2.9.xx R/
by galaxynet
Mon Aug 04, 2008 4:51 pm
Forum: Beginner Basics
Topic: Redirect to Internal Web Server without PPPoE or Hotspot
Replies: 1
Views: 7793

Re: Redirect to Internal Web Server without PPPoE or Hotspot

fabricioviana - Well it sounds like you are trying to redirect 'someone' to your internal web server that is coming in on your internal interface..... Now the way you put things in general above, this web server has a public IP that can be seen from the outside world, you are just trying to redirect...
by galaxynet
Mon Aug 04, 2008 4:28 pm
Forum: Beginner Basics
Topic: Setting Router Timeout on the WAN connection
Replies: 3
Views: 1236

Re: Setting Router Timeout on the WAN connection

rpuerto - ROS / Hotspot does not really care about timeouts....the only issue with that would be DNS. The issue you are describing - 'Bad Gateway or Gateway unavailable ' would typically be because you have the hotspot configured incorrectly..... Post your hotspot config and we'll take a look at it ...
by galaxynet
Mon Aug 04, 2008 4:20 pm
Forum: Beginner Basics
Topic: Bandwidth Management
Replies: 1
Views: 1004

Re: Bandwidth Management

lukef - You need to post your Hotspot config and the queue config.... In terminal mode /ip hotspot print.... Similiar for queue config. You can copy and past the terminal output in to the forum here. It sounds like Hotspot bandwidth limiting (queues) are taking priority over the simple queues you se...
by galaxynet
Fri Jun 27, 2008 12:01 am
Forum: Beginner Basics
Topic: Problem with NAT rules and security
Replies: 13
Views: 2802

Re: Problem with NAT rules and security

sergiom99 -

Are your servers and cpus' using this device (the router) for their gateway?

Thom
by galaxynet
Thu Jun 26, 2008 10:14 pm
Forum: Beginner Basics
Topic: Problem with NAT rules and security
Replies: 13
Views: 2802

Re: Problem with NAT rules and security

sergiom99 - Well I can see what the issue is - your src-nat rule - masquerade. While using masq does save you a lot of trouble in keeping track of your 'public' IP it is not helping you with your current issue.... Perhaps we could use the script that ChangeIP gave you and set the IP and use src-nat ...
by galaxynet
Thu Jun 26, 2008 5:07 pm
Forum: Beginner Basics
Topic: Problem with NAT rules and security
Replies: 13
Views: 2802

Re: Problem with NAT rules and security

sergiom99 - I see your rules above - question - when you added these rules - what about the other rules before them? Rule order is critical in achieving your goal - so how about posting your rules (nat rules) from 0 to say 10, and let's see what you have and we'll figure out how to get your rules in...
by galaxynet
Wed Jun 25, 2008 9:37 pm
Forum: Beginner Basics
Topic: Problem with NAT rules and security
Replies: 13
Views: 2802

Re: Problem with NAT rules and security

sergiom99 - You would just use the dst-port portion of the nat rules; chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=0-65535 dst-address=xxx.xxx.xxx.xxx should look similiar to this; chain=dstnat protocol=tcp dst-port=9000 action=dst-nat to-addresses=192.168.1.2 to-ports=9000 dst-addr...
by galaxynet
Wed Jun 25, 2008 5:16 pm
Forum: Beginner Basics
Topic: Problem with NAT rules and security
Replies: 13
Views: 2802

Re: Problem with NAT rules and security

Sergiom99 This what I use and I can see my servers inside and out by the public name or IP. 12 XServer NAME comment chain=srcnat action=src-nat to-addresses=xxx.xxx.xxx.xxx.xxx to-ports=0-65535 src-address=192.168.1.2 13 chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=0-65535 dst-addre...
by galaxynet
Wed Jun 25, 2008 4:59 pm
Forum: Beginner Basics
Topic: Client bridge problems
Replies: 5
Views: 1286

Re: Client bridge problems

techsimp -

A little better explanation of your solution would go a long way towards helping others when this type of issue arises... That what the forum is for.....

R/
by galaxynet
Tue Jun 24, 2008 9:28 pm
Forum: Beginner Basics
Topic: Problem with NAT rules and security
Replies: 13
Views: 2802

Re: Problem with NAT rules and security

sergiom99 -

Ok - I see where you are going - let me think on this a little.... I see you got ChangeIP's script for dynamically updating your IP - that's good!

I'll get back to you.

R/
by galaxynet
Tue Jun 24, 2008 2:56 pm
Forum: Beginner Basics
Topic: Client bridge problems
Replies: 5
Views: 1286

Re: Client bridge problems

techsimp - My first and probably most obvious question is - where is your config? Simply telling us that everything is bridged does not really help.... Pls post IP addresses and routes at the very least from your MT. Showing the interfaces with their config would be good too. My first observation - ...
by galaxynet
Mon Jun 23, 2008 5:04 pm
Forum: Beginner Basics
Topic: Connection Problems
Replies: 1
Views: 935

Re: Connection Problems

jaws - You did not say what the ROS version was in all of the units - they should be the same. Also check the underlying firmware - in terminal mode "/system routerboard print", the two version listed should be the same - if not then "/system routerboard upgrade" answer yes, then reboot for the chan...
by galaxynet
Mon Jun 23, 2008 5:03 pm
Forum: RouterBOARD hardware
Topic: RB 150, bandwith questions
Replies: 6
Views: 1627

Re: RB 150, bandwith questions

morfius - Well you should be able to get 40mbps with the RB150 on a wired network.... Post your config as it sounds like something is wrong with your config. You are able to get 45mbps to your ISP - where do you live :) If you are talking about 'internal' network speed you should get wire speed - so...
by galaxynet
Mon Jun 23, 2008 4:35 pm
Forum: Beginner Basics
Topic: Problem with NAT rules and security
Replies: 13
Views: 2802

Re: Problem with NAT rules and security

sergiom99 - First thing that comes to mind is - why don't you have a static public IP if you are running services for users?? Aside from that.... Since your users appear to be using 'dynhost.mydomain' as their dns...you could simply remove the in-interface in rule #2 and that should do it....the oth...
by galaxynet
Mon Jun 23, 2008 4:24 pm
Forum: Beginner Basics
Topic: Firewall configuration
Replies: 1
Views: 901

Re: Firewall configuration

syd2o2 - The easiest way would be to; Winbox / IP / Firewall / Filter Here add; src-addr=192.168.15.0/24, in-interface=your local interface name, action=accept - This allows anything via the VPN addresses src-addr='secondary IP address' in-interface=your local interface name, protocol=tcp dst-port=2...