MikroTik

webguyz

Found the problem. Had port 500 blocked in my forwarding rule. Disabled and now everything is working.

Thanks!

webguyz

I have some servers on a Mikrotik network that are working fine and they need to connect via VPN to a network outside connecting to a Meraki router. I am using the builtin Windows VPN with L2TP and settings that work fine from other PC's around the network and every time I try accessing I get a 789 ...

webguyz

Mispoke, my bandwidth is dedicated 80megabit circuit.

webguyz

Hi, Have an ISP where I have 80mb with a Mikrotik DUDE router. My isp has capped our bandwidth at their Ciscos in the past but after renewing they said they will no longer do that and recommended I do it on my main router. What ths best way to limit my Mikrotik to no more then 80mb in. My concern if...

webguyz

Blocked GRE and UDP connection 500 in forward chain which should block incoming VPN

webguyz

Was able to reboot the Dude and get logins again. Seeing a lot of ppp attempts at about when the problem started. Not using ppp or VPN's right now. What port(s) do I block or how to stop anyone trying to log into my ppp ports. Might be the attacks are causing the login auth mechanism to get locked u...

webguyz

have a Mikrotik Dude Edition that been working fine, but today my Cactus Graphs stopped working so I tried to login to the router and was not able to. It just times out after about 30 seconds and says invalid username password. Using WinBox tried to access via Neighbors but not getting a MAC address...

webguyz

Decided to create rules for well know ports like 22, 3306, etc with the DROP option and then set up access lists for valid users. The subnet is not that large and it will work out best that way.

Thanks!

webguyz

You should add another rule to allow your outbound traffic.

Can you give me a sample of a rule to allow outbound traffic?

webguyz

I have a rule #1 RDP port 3389 which is for Windows Remote Desktop. It works great and allows access to the Windows servers on that subnet and all functions on that server. But when I go to Chrome on that server it does not go to the website. if I type google.com.com or ipchicken.com nothing comes b...

webguyz

You have no rule that allows new traffic from inside the subnet except for ICMP. So that is not surprising. Also the "Drop everything else" comment for rule 3 is misleading because that is not what the rule does. (and because there is a default "Accept" at the end of every rule ...

webguyz

Have a new subnet from my isp so I set up a Mikrotik CHR as a VM (on Hyper-v server). It seems to work ok but if I RDP into a windows machine on that subnet I can not get any browser responses back from within that vm. If I disable that final DROP all statement then the browser responses show up. I ...

webguyz

Powered off the Mikrotik to reboot. Everything came up ok. The logs showed no access to the Mikrotik other the my own so it was not compromised. Probably of bug of some sort. Will upgrade to the latest and greatest.

Thanks all.

webguyz

Thx. Will do it that way.

webguyz

Have had Mikrotik for a while and always rebooted the router using commands in Windbox. Today I can't login to the Mikrotik and want to reboot the router but not redo the configuration. Googling "restart mikrotik" it keeps talking about holding in the reset button and power off the Mikroti...

webguyz

I have Cactus monitor and it stopped pulling SNMP data at about 10:30pm last night so something seems to have locked up inside the router.

Again, all networking function are working and I can access all devices behind the Mikrotik but not the Mikrotik itself. Wierd

webguyz

It was one less then the current one. The router is about 2 months old and has the OS that came installed on it

webguyz

Have a DUDE mikrotik and was working fine until about midnight, now I can no longer login. When I try to connect it just says connecting and never completes All router functions are working and I can access all devices behind the Mikrotik but no longer able to log in to the Mikrotik. I had some list...

webguyz

Currently have an RB1200 and want to replace it with a RB1100AHx4. Was hoping to replicate the routing functions and address lists. What the best way to accomplish this to ensure least amount of problems. Was thinking that i would need to export a complete config and then search and replace the inte...

webguyz

Installed CHR last night on a test system and its working with Hyper-V. Think this will provide a solution for the colo box.

Thanks!

webguyz

Was wondering if this would work. Want to create a Hyper-V server that has a single nic and it will be used for colocation. Will be getting a v4 64 IP allotment. Wanted to create a Mikrotik VM that will accept the 64 and route to Hyper-v internal switch. The Mikrotik will have 2 nics, one external s...

webguyz

Have a RB1200 that I was thinking of using with a 50 meg connection. It has a lot of ip address lists I use for blocking various services and a few rules but that's it. Should it be able to handle that? Currently have a 5 meg connection and not wanting to upgrade the router right now if I can help ...

webguyz

I have 5000 Ips hitting my one mail server from the outside, I need to rate limit 3 of the incoming IPs.

Simple queues are for rate limiting IP's behind the Mikrotik, need a way to rate limit 3 or more incoming IP's to my mail server which is behind the Mikrotik.

Thanks!

webguyz

I have tried this before but there is no traffic showing on the queue

In your example is the 10.10.9.3/32 address behind the Mikrotik or outside the Mikrotik?

I think I have to do something with marking packets but the process is not being understood by me.

Thanks.

webguyz

Totally confused about the different ways to limit traffic. Hoping if I explain what I'm trying to do someone can point me in the right direction. We have customers connecting to an IMAP server behind our Mikrotik and some of them are taking a lot of bandwidth to the point its maxing out my bandwidt...

webguyz

I found what I is what I was looking for:

/ip firewall address-list remove [find address=X.X.X.X list=remote_evilhosts]

Thanks!

webguyz

I am successfully adding IP address using an ftp upload scrip, but now sure how to create a script to remove an ip from a specific list tried this but it wiped out my list so it must be close. Need to specify in the script the IP address to remove but not sure where to put it. "/ip firewall add...

webguyz

Have a number of vm's behind my Mitrotik and need to limit ALL ftp traffic to all IP. I use Simple queues to limit certain IP, but not sure how to limit a protocol network wide. having customer use FTP and its saturating my overall Internet Bandwidth. If anyone could point me to a link that explains...

webguyz

I think that's what it needed. I restarted the Mikrotik and it worked.

Thanks!

webguyz

I have a Mikrotik with a DST-NAT rule where the inbound IP is 72.249.59.40:587 -> 72.249.59.40:2525 and its working great. I move the application to another IP and it stopped working I changed the dst-nat action from IP 72.249.59.40:2525 to 72.249.59.45:2525 and it refused to forward the packets. My...

webguyz

Thats what I'm doing now. I have over a 100 vm's all with a dedicated IPs. Lets say tomorrow I move to another data center and I am given new sets of Public Internet IP's. Now imagine having to go to each virtual server and manually changing each set of IP's. Been there and done that before and its ...

webguyz

Doing some more reading it appears I can accomplish what I need by using the action=netmap to do 1:1 mapping 1:1 mapping If you want to link Public IP subnet 11.11.11.0/24 to local one 2.2.2.0/24, you should use destination address translation and source address translation features with action=netm...

webguyz

I have a debian server ip address 10.0.59.201 with minimal IPTABLES (dns, ping, ssh) I have a Mikrotik fw that has a Public IP range 73.250.59.0/24 I want to expose this private local server to the internet and have inbound outbound traffic go thru a single IP (73.250.59.201). I did for outgoing: ch...

webguyz

Simple fix was to just add a blank line at the end of the script. Now its working as expected.

webguyz

Any resolution to this? Running into the same problem with ftp. Have to upload it twice.

Thanks!

webguyz

I have worked with PRTG and its too much for my customers. They use Active Directory for authentication. The Mikrotik is just a basic router and NAT firewall. My best bet is to find a Proxy server that has Active Directory intergration. Ran across this yesterday and it looks promising. http://www.wa...

webguyz

Have a customer with a Mikrotik router who wants nice graphs of internet usage by user. Can anyone recommend a nice windows based proxy software (they are a windows shop) that will allow outgoing traffic to the Mikrotik be re-routed to a standalone proxy for getting stats, etc. and then being sent o...

webguyz

Thanks! thats just what I needed.

webguyz

I have a number of VPS servers behind a Mikrotik router. I have a Class C and give out 1 IP addresses to each VPS. I would like to prevent a user from an adding additional IP to his VPS without my approval. Anyone who is network savy would see that their IP is on a class C and they could try to bind...

webguyz

I ended up getting the freeware version of PRTG (up to 10 devices) and it supports Netflow. Not sure I can get everything I need with syslog.

webguyz

Doing more digging it appears that Sawmill can read in ascii logs, but ntop puts out raw data. Need a tool like nfdump to convert the rae data to ascii. Unfortunately they have no Linux at their shop and cant seem to find a netflow ascii exporter that runs under windows.

webguyz

Hi, Trying to collect Netflow info via Ntop on my V5 OS. Set up Ip/Traffic Flow to use Version 5 and its going to my server where I have Ntop running and its collecting what looks like raw data with a .flow extension. Supposedly Sawmill supports Mikrotik log format, but when I try and create a profi...

webguyz

Even though this is an old thread I am having the exact same problem and the same 0x80070320 error when attempting to connect to my SSTP server which is a RB1200 with os 5.5 from a Windows 7 client. I have a cert from rapidssl and the cert status when I do a /certificate print of cert1 (my cert that...

webguyz

Have you tried unplugging the power and waiting 30 seconds. On our RB1200 if you unplug the power and don't wait a few extra seconds it won't come up. Count to 30 before plugging it back in.

webguyz

Just happened to me on RB1200 upgrading from 5.2 to 5.5. Did this remotely so I had the remote hands guys unplug the rb1200 and plug it back in and it still would not come up. Finally I had my tech go down to the datacenter and unlplug the power and wait for almost a minute before plugging the power...

webguyz

Have an RB1200 and doing an OS upgrade on this box for the first time. Just wanted to confirm that the files I need to upload all have the -ppc- in the name. The exisiting package list says routeros-powerpc on the top line. Was wondering if I'm missing something. Don't want to screw up my production...

webguyz

Thanks for the info!!

webguyz

I have my RB1200 here in my lab and noticed the temperature is about 50c. According to the specs it can handle up to 65c. My concern is that this is going to get installed in the back of our rack facing the hot aisle and handling a lot of traffic. Concerned that this may be kind of high and wonderin...

webguyz

Hi, Have a faithful old 532A router in my lab thats working fine. Wanted to add a wireless bridge capability to it so I got a R52n wireless card so I could extend my network further in my office to my lab. I assumed the wirelss card would just be picked up in the list of interfaces, but not so. I ha...

webguyz

Hi, I have a server tool that harvests spammers IP's and would like to be able to script adding firewall rules to my Mikrotik. Every few minutes I would like to connect to my Mikrotik and add new IPs and the port number 25 to have them be blocked. Can I do this using telnet or FTP? Is it even possib...

webguyz

A google of "mikrotik routing marks" brought me to a page which I think describes what I'm trying to do:

http://wiki.mikrotik.com/wiki/Load_Bala ... e_Gateways

Thanks!

webguyz

Hi, Have a network at a colo facility where I was given 5 different Clas C subnets, 2 on one network and 3 on a second network. My Mikrotik has 2 NICs, one going to each ISP provider A = nets 110.x.x.x, 82.x.x.x provider B = nets 111.x.x.x, 113.x.x.x, 121.x.x.x Any traffic from 113. network has to g...

Search found 52 matches