Community discussions

MikroTik App

Search found 33 matches

by akukula
Sun Nov 04, 2007 10:15 pm
Forum: General
Topic: Beta 3.0 RC9 x86 - OpenVPN server licence bug
Replies: 2
Views: 1260

Re: Beta 3.0 RC9 x86 - OpenVPN server licence bug

After 2 days of operation I get an error message that says I have exceeded the number of connections allowed by my licence (200). I have only got 16 connections at any one time.. It looks like routeros is not properly freeing the VPN sessions that timeout. I have noticed some strange behaviour with...
by akukula
Tue Oct 30, 2007 11:10 am
Forum: General
Topic: DNS problem
Replies: 60
Views: 34772

Re: DNS problem

Unfortunately the maximum cache size is still 10MB... Nothing changed in this matter... Regards, Andrzej why would you need more than 10MB of DNS cache entries? Is your current DNS cache full? Note that those 10MB are stored in the router RAM and if you would set the cache size to big, the router c...
by akukula
Sun Oct 28, 2007 7:19 pm
Forum: General
Topic: DNS problem
Replies: 60
Views: 34772

Re: DNS problem

Unfortunately the maximum cache size is still 10MB... Nothing changed in this matter...

Regards,
Andrzej
by akukula
Thu Oct 25, 2007 1:09 am
Forum: General
Topic: 3.0rc8 release
Replies: 12
Views: 2481

Re: 3.0rc8 release

all im trying to say is that if it's a global setting it should hide all passwords in winbox... if its limited to one module then put the hide passwords checkbox inside that module. It's ugly to look at and confusing if its not really hiding passwords throughout winbox. I'd imagine it's going to ge...
by akukula
Mon Oct 22, 2007 8:49 pm
Forum: General
Topic: RouterOS v3.0rc7 released!
Replies: 3
Views: 1540

Re: RouterOS v3.0rc7 released!

http://www.mikrotik.com/download.html

What's new in 3.0rc7:
(...)
That's very impressive list of features, BIG THANKS for all of them.

Regards,
Andrzej
by akukula
Wed Oct 10, 2007 12:34 pm
Forum: General
Topic: DNS problem
Replies: 60
Views: 34772

Re: DNS problem

Increase your cache size. It is full. ( cache-size = cache-used ! )
That may be the cause - cache aging/purging algo not working well.

Regards,
Andrzej
by akukula
Wed Oct 03, 2007 3:31 pm
Forum: General
Topic: Layer7 in firewall - 3.0rc5
Replies: 26
Views: 8128

Re: Layer7 in firewall - 3.0rc5

each yahoo mess packet, contains ym. I put ym in the regexp and it is ok.
Such a "regexp" would match also your and my post, and a mail containing e.g. the word "gymnastics". They too contain "ym". So be careful with the rules.

Regards,
Andrzej
by akukula
Wed Oct 03, 2007 2:20 pm
Forum: General
Topic: RouterOS v3.0rc6 Released
Replies: 26
Views: 6087

Re: RouterOS v3.0rc6 Released

what is sntp? it is smtp or ntp?
http://en.wikipedia.org/wiki/Network_Time_Protocol

"A less complex form of NTP that does not require storing information about previous communications is known as the Simple Network Time Protocol or SNTP."

Regards,
Andrzej
by akukula
Tue Oct 02, 2007 10:30 pm
Forum: General
Topic: After upgrade, firewall rules for bridged interfaces not wor
Replies: 14
Views: 2675

Re: After upgrade, firewall rules for bridged interfaces not wor

Ok. Let's start to play again: 23 ;;; LOG ENTRY chain=forward action=log dst-address=IP dst-port=2222 protocol=tcp out-bridge-port=eth6-NK_MAIL log-prefix="LOG-" And what about: chain=forward action=log dst-address=IP dst-port=2222 protocol=tcp out-interface=NET out-bridge-port=eth6-NK_MAIL log-pre...
by akukula
Tue Oct 02, 2007 7:57 pm
Forum: General
Topic: After upgrade, firewall rules for bridged interfaces not wor
Replies: 14
Views: 2675

Re: After upgrade, firewall rules for bridged interfaces not wor

23 ;;; LOG ENTRY chain=forward action=log dst-address=IP dst-port=2222 protocol=tcp out-bridge-port=eth6-NK_MAIL log-prefix="LOG-" any ideas? I've got 3.0rc5 and my rules looks like this: 0 chain=forward out-bridge=bridge1 action=accept in-bridge=bridge1 mac-protocol=ip dst-address=aaa.bbb.ccc.ddd/...
by akukula
Tue Oct 02, 2007 5:17 pm
Forum: General
Topic: After upgrade, firewall rules for bridged interfaces not wor
Replies: 14
Views: 2675

Re: After upgrade, firewall rules for bridged interfaces not wor

/interface bridge> print 1 R name="LAN" mtu=1500 arp=enabled mac-address=*************** protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m Where's the bridge "NET"?? Regards, Andrzej
by akukula
Sat Sep 29, 2007 4:59 pm
Forum: General
Topic: DNS problem
Replies: 60
Views: 34772

Re: DNS problem

I confirm the problem. In a network we switched from BIND to MT 2.9.46 DNS cache. The customer phoned me after ~30mins telling that some hosts didn't resolve - randomly - sometimes the same host DID resolve, and after several seconds it DIDN'T. I checked that myself and it really behaved that way. H...
by akukula
Mon Sep 24, 2007 11:00 pm
Forum: General
Topic: Layer7 in firewall - 3.0rc5
Replies: 26
Views: 8128

Re: Layer7 in firewall - 3.0rc5

Yes, there is no Winbox support for this feature. This will be only in the next release.
In the console you should go under 'ip firewall layer7-protocol'
We will put some more info how to use this soon.
One week has passed.........
Just don't be a troll.
by akukula
Wed Sep 19, 2007 6:55 pm
Forum: General
Topic: Layer7 in firewall - 3.0rc5
Replies: 26
Views: 8128

Re: Layer7 in firewall - 3.0rc5

as far as I can tell it is Perl Compatible Regular Expression
Then they rule ;-)
by akukula
Wed Sep 19, 2007 1:48 pm
Forum: General
Topic: Layer7 in firewall - 3.0rc5
Replies: 26
Views: 8128

Re: Layer7 in firewall - 3.0rc5

Thank you. Just found it.
I must suppose regexp should be regular expression, right ?
I really hope it's not Regular Expression but PCRE (Perl-Compatible Regular Expression) which is more powerful and simpler (and more efficient but I have no numbers to prove that).

Regards,
Andrzej
by akukula
Sun Sep 09, 2007 2:30 pm
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 77715

Re: BETA Testing and Feature Suggestions for next routeros

It would be fien if we could have Traffic and system resource graphing available in XML format together with HTML. XML is easier to parse and use data. This is not hard to do and would be very useful. Of course, and I think it's also very easy to make them available in PDF, CSV and a format suitabl...
by akukula
Sat Aug 04, 2007 6:18 pm
Forum: General
Topic: Ethernet errors
Replies: 6
Views: 1154

Re: Ethernet errors

Such information is not available. You may try to get some values over snmp for 'interface print oid'. I wonder why such important information is not accessible via winbox/console? I think you can add it as a feature request there: http://wiki.mikrotik.com/wiki/MikroTik_RouterOS/v3/Feature_Requests...
by akukula
Fri Aug 03, 2007 5:21 pm
Forum: Beginner Basics
Topic: Graphing doesn't work http://[router_IP]/graphs
Replies: 1
Views: 1019

Re: Graphing doesn't work http://[router_IP]/graphs

Hello,
what else should i do, to make it work ??? :?
Try
/ip service enable [ /ip service find name=www ]
/ip service set [ /ip service find name=www ] address=0.0.0.0/0

to enable web access to the Mikrotik.

Regards,
Andrzej
by akukula
Fri Aug 03, 2007 2:48 pm
Forum: General
Topic: 3 RC1 ISO??
Replies: 8
Views: 1723

Re: 3 RC1 ISO??

ISO is now on the web
Not quite, the file is missing... Error 404: Not found.

Regards,
Andrzej
by akukula
Fri Aug 03, 2007 2:06 pm
Forum: General
Topic: 3 RC1 ISO??
Replies: 8
Views: 1723

Re: 3 RC1 ISO??

(...) it shows an error that the license does not support RC1...I hade to record a movie of the screen to see what it said it was so quick.
That info is also in the log after reboot... Just click "Log" in Winbox or type
/log print
in a terminal window.

Regards,
Andrzej
by akukula
Tue Jul 31, 2007 11:12 am
Forum: General
Topic: Routing Filter via Winbox
Replies: 9
Views: 3179

Re: Routing Filter via Winbox

Just use command "move" in the CLI interface
Thanks Macgaiver, we do use "move", we just wanted to report shortcoming of 3.0rc1.

Regards,
Andrzej
by akukula
Mon Jul 30, 2007 4:33 pm
Forum: General
Topic: Routing Filter via Winbox
Replies: 9
Views: 3179

Re: Routing Filter via Winbox

there are no difference in rule order, because first rules applied will be most specific ones. order in rules will not change that. Hello, and if we need to DISCARD some specific route and then ALLOW more general one then still order doesn't matter?... I think it's as important as in packet filter....
by akukula
Mon Jul 30, 2007 11:20 am
Forum: General
Topic: Will 10/100B-TX Intel 82551QM work?
Replies: 1
Views: 458

Re: Will 10/100B-TX Intel 82551QM work?

Hello, there's no mention in the docs that 82551 will work with Mikrotik, only 82557 is specified. I plan to buy this platform http://taiwan.advantech.com.tw/unzipfunc/Unzip/1-241P3X/FWA-3140_DS.pdf and I'd like to be sure that it'll work, because it's quite expensive... Thanks in advance and regar...
by akukula
Mon Jul 30, 2007 10:40 am
Forum: General
Topic: Routing Filter via Winbox
Replies: 9
Views: 3179

Re: Routing Filter via Winbox

are you sure that you cannot move them (drag and drop)?

i have no problems with doing that
Hello, I work with Jakub and I confirm that we can't move rules in rc1 - but only in routing filters. Rules in firewall filter, nat, mangle can be drag'n'dropped without problems.

Regards,
Andrzej
by akukula
Wed Jul 25, 2007 2:12 pm
Forum: General
Topic: Will 10/100B-TX Intel 82551QM work?
Replies: 1
Views: 458

Will 10/100B-TX Intel 82551QM work?

Hello, there's no mention in the docs that 82551 will work with Mikrotik, only 82557 is specified. I plan to buy this platform http://taiwan.advantech.com.tw/unzipfunc/Unzip/1-241P3X/FWA-3140_DS.pdf and I'd like to be sure that it'll work, because it's quite expensive... Thanks in advance and regard...
by akukula
Tue Jul 10, 2007 9:32 pm
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 77715

Re: Re:

It is already possible if you log to syslog, or better syslog-ng, on any *nix. You can use any log parsing tool and execute commands on Mikrotik via SSH to add a rule to the filter to disable the offending IP, and send mail to the admin. I'll take this as a joke :) No I'm dead serious. It's working...
by akukula
Mon Jul 09, 2007 9:37 pm
Forum: General
Topic: how to flush all rules using API?
Replies: 2
Views: 1296

Re: how to flush all rules using API?

Hi,

I'm writing a java mass config tool using API, is there a way how
to flush all rules, flushing by ID is slow, when thousands rules
are applied. Scripting seems not to work. Help please :-)
/ip firewall filter remove [ /ip firewall filter find ]

Andrzej
by akukula
Mon Jul 09, 2007 9:20 pm
Forum: General
Topic: Please increase the maximum DNS cache size
Replies: 0
Views: 1174

Please increase the maximum DNS cache size

Hello, in 2.9 and in 3.0beta10 there's 10MB limit on maximum DNS cache size. It'd be nice if you relaxed that limit. Networks with several hundreds of machines would really benefit from larger caches. And I think the Mikrotik's cache is really nice, and stable. IMHO it's not a big deal to change tha...
by akukula
Mon Jul 09, 2007 8:47 pm
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 77715

Re:

Can you add option that we can handle some system events, like login failure? It would be gogod if we can block out Ip which from login failures come, and also option to send warning email to admin. It could be useful for other system critical events. It is already possible if you log to syslog, or...
by akukula
Mon Jul 09, 2007 10:05 am
Forum: Scripting
Topic: /ip route print - filters?
Replies: 1
Views: 1134

/ip route print - filters?

Hello, I'm stuck. I have some 444.000 routes in my Mikrotik (two routers with BGP to the world, and iBGP between them, doubling the routing table). I need to quickly check only some routes, like all under 63.192.0.0/12, to see what causes problems. Unfortunately /ip route print has no filters whatso...
by akukula
Fri Jul 06, 2007 2:17 am
Forum: General
Topic: Feature request - a *whole connection* logging facility
Replies: 3
Views: 1585

Feature request - a *whole connection* logging facility

Hello, It would be really helpful to have a facility that would log the whole connections, just like some dedicated firewall products do. Here's what I mean: Connection from xxx.xxx.xxx.xxx:xxxxx to yyy.yyy.yyy.yyy:yyyyy initiated 2007-07-05T01:00:00+02:00 closed 2007-07-05T01:05:00+02:00 555555/777...
by akukula
Fri Jul 06, 2007 1:08 am
Forum: General
Topic: Timestamps in history
Replies: 1
Views: 1029

Re: Timestamps in history

[admin@MikroTik] > /system history print detail Flags: U - undoable, R - redoable, F - floating-undo U action="log action changed" by="admin" policy=write time=jul/05/2007 23:20:27 U action="log action changed" by="admin" policy=write time=jul/05/2007 23:20:04 U action="filter rule changed" by="admi...
by akukula
Thu Jun 21, 2007 1:11 am
Forum: General
Topic: process list
Replies: 3
Views: 1557

Re: process list

disable firewall, or disable dummy script and see if there are any changes. Not quite good recommendation, for example if I disable redirect in NAT, the Web proxy stops serving clients, or if I disable "mangle" then queues also stop working - and how to tell which part was responsible for eating CP...