MikroTik

daiceman

RB532 with 564

daiceman

Is this still possible with 3.15? I am trying to find how to do it, but can not locate the option for master interface.

Thanks in advance

daiceman

daiceman

anyone?

Is my question not clear?

daiceman

Can nobody tell me why I can get IP addresses, but not get redirected or view the login page when the hotspot server is on and setup on a vlan?

If the server is disabled, all is well over the same VLAN.

daiceman

Hello, I am using MT as the hotspot controller in the Timeshare enviroment. MT is connected to a DSLAM that pushes DSL to my wireless APs. The DSLAM handles the VLAN tagging of the APs. I have it setup as below, but can not get directed to the login page for the hotspot server on the vlan2. DHCP wor...

daiceman

It has to do with the Proxy Arp as mentioned before and was called universal client in the 2.8.x versions.

Try editing your hotspot server settings and set the address pool to none with:

>ip hotspot set hotspot1 address-pool=none

daiceman

What do the numbers in this entry signify?

hotspot,account cjw4444(10.5.50.54): 1031 163310 1943639 1526 2147 (keepalive timeout)

daiceman

I found the ability to be able to telnet to a device on the other side thru remote connection awesome. Is it possible to be able to browse thru http to an attached device on the other side of a Mikrotik router also? Can this feature be added? It would really cut back on the number of VPN connections...

daiceman

I GOT IT!!!

I set up a rule that adds any ssh attempt NOT from my network to an ACL and then DROP based on that ACL.

That way any prik that tries to SSH into my router will get listed and not be able to access ANYTHING on my network.

No spam, www, telnet, nothing!!!

daiceman

Can this be made into a Mikrotik firewall rule??

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
--update --seconds 60 --hitcount 3 -j DROP

daiceman

daiceman , I suppose, you can not implement this exactly in described way. - To get rid of unauthorized access, allow access to the router only for trusted hosts (or for trusted hosts from public networks and for local hosts). - Modify 'ip service', there are options to set different port for certa...

daiceman

Hello, Is it possible to build an input rule that will add-src-address of any ip that attempts a ssh,telnet or ftp connecton and fails 3 times within X number of seconds? What I want to do is setup a target machine that will allow these hack attempts then add the addresses to an access list and bloc...

daiceman

bummer.

I second that...

daiceman

I did. Talk about killing the battery life!!!! 4 hour runtime went down to 45minutes

daiceman

Green - Q not full
Yellow - Q nearing capicity
Red - Q is overflowing and limiting is taking place

Hope this answers you question

daiceman

I have 4 PtP links in WDS/bridge mode that I would like to upgrade since some of my tests on a radio configured as a station have shown nice wireless improvements. Anyone know if the 9.6 to 9.13 will destroy the bridge and require a truck roll? Or, what is the best way to prepare a WDS/Bridge for up...

daiceman

why do you need this? RouterOS runs very good with a P4 or Xeon single CPU system

Most people could build 2 dual processor systems for the cost of 1 Xeon based system.

daiceman

I am experiancing the same thing with a RB532. Mine will NOT link up if all is set to auto. I have mine set to 10/full and am sending one ping every 10 seconds with netwatch and I will loose connection for 5-10 seconds every hour. Almost to the exact hour.

daiceman

you can with 2.9.x

Right click the queue and select torch

daiceman

It is my belief that the last mark processed is the one that sticks. All the rest are over written

daiceman

The phone does work if the interfaces are bridged.

daiceman

Set up a box with 2.8.23 and the phone works flawlessly.

Same box with version 2.9.10 kills the phone connections.

OK Mikrotik, what is the differnace with SIP on the two versions?

daiceman

A cisco 7960 works flawlessly masqueraded thru MT box

Cisco 7905 will not maintain a connection to the Call Manager Server.
Reboots every 1 minute, BUT if I connect MT -> linsys DSL router -> cisco
7905 all works well doing douible NAT.

Any ideas?

Jeff

daiceman

OK, I have the static route and 1 of 2 models of phone works.

A Cisco 7940 will establish its connection and make call fine.

A Cisco 7905 will continuously reboot, BUT if we double NAT, say thru a dsl router to the MT to the T-1 it will work OK.

Any ideas?

daiceman

Yup, all traffic destined to 1.2.3.4 will only be voip traffic from the phones

daiceman

MT box with 3 ethernets eth1 DSL eth2 Local lan masqueraded eth3 cat5 to T-1 router. eth1 is for internet traffic eth3 is for dedicated T-1 to VoIP server from Cisco phones. What I want it to route all traffic destined to 1.2.3.4 (the voip server) to travel via eth3. What is the best way to handle t...

daiceman

From DLink's website: Xtreme G uses the Atheros AR5002 chipset which employs special engines to compress and encrypt data. I might have to get a few and see how they work. Since it is Atheros and are WadWiFi driver compatible, they might just work, but only 15dbm. They can be gotten for $40 or less ...

daiceman

Well, lets see here. I am not too sure what the big deal is. The 'puter is a crapply little box sitting next to my monitor. What does it do? Nothing. What is it protecting? Nothing. No I have any sensitive info on it? Nope. I did password the admin account so that you will be able to sleep tonight w...

daiceman

I guess that I may be missing something..

I do not see where transparent proxy is enables in any of the config I posted..

daiceman

I have followed the thread. http://forum.mikrotik.com/viewtopic.php?t=4402 And all is working really well, but When I go to whatismyip.com I get the results pictured below. What is up with the PROXY? http://www.30below.com/~jeff/ip.gif Here are snips from the MT config. [admin@MikroTik] > /ip addres...

daiceman

I am pushing a static public thru the router as described at the top of this thread. When I go to whatismyip.com I get the results pictured below. What is up with the PROXY? http://www.30below.com/~jeff/ip.gif Here are snips from the MT config. [admin@MikroTik] > /ip address print Flags: X - disable...

daiceman

What's new in 2.9.10:

*) fixed problem - bridge configuration was not kept on upgrade on RB500;
*) fixed problem - PPPoE server did not work on bridge interface sometimes;

daiceman

I did just find the transparant proxy setting in the default users profile, but when I disable it, all trafic stops.

daiceman

Great How-To!!!

One question tho..

ipchicken.com is showing my IP and that of the Router

And

whatismyip.com shows my actual IP and a detected proxy that of the router.

Any ideas? I can not find any proxy setting that is enabled

daiceman

I would like an answer to this also.

daiceman

Yes sir that woud do it.

daiceman

WOW, 18 views and only 1 reply, great ratio.

thanks jober

daiceman

I am new to using MT as an AP. I was intending on using SR2's, but they seem go be giving alot of guys problems.

What radio do you use for a 2.4 AP?

Thanks,

Jeff

daiceman

yeah if you got another ethernet interface on the router just plug the cisco AP directly into that and run the hotspot on the 2nd ether interface.. otherwise it sounds like you'd need another mikrotik, or do some kind of creative solution with proxy-arp. Well, pulling another 250' cable down the to...

daiceman

It works great....

daiceman

Ok, Thanks.

Off I go to RTFM and dig thru the forum, cause I have some clients and other AP's on what will become the private side that need public addresses.

daiceman

I was having a similiar problem. My eth on MT was plugged directly into a Cisco AP and was dropping randomly, for random amounts of time. I had to set both devices to NOT autonegotiate and since my cable run was reaching 300' I stepped them down to 10Mbps and all has been well. Hope this applies to ...

daiceman

I currently have a 5.8 WDS-bridge doing backhaul to a tower location that has a 2.4 AP on it. The AP is a dumb cisco radio. The question is: My 5.8 wlan and eth01 are bridged, can I run hotspot on eth01 to controll access to the dumb cisco, or do I need to add a MT between them to run the hotspot? O...

daiceman

sorry, duplicate post

daiceman

Have you tried connecting via mac-address?

daiceman

I normally get responses quite quick.

Did you send them supout.rif?

daiceman

I am going to print it out and keep it. I think it is secret technology that is to be added into verson 3.5. When I learn Latvian, I will post my results.

daiceman

He's not kidding

RIIIIGHTTT!!!

daiceman

I think it was a plot !

Craig

Does it thicken??

daiceman

OK, just what was discussed here?

daiceman

Thanks for the reply.

When we hit -30F this winter, and we always do, I will post how they fared.

Jeff

daiceman

I just put my first 532 at 230' and it gets pretty cold where I am at. Like -30F/-34C what are my chances of having to climb in the dead of winter to replace a radio that freezes to death?

daiceman

I dunno know, my link seemed to drop if they were not set the same. Must have been a fluke.

My apologize the the forum for misinformation.

:standing in the corner:

daiceman

I found what my problem was. 2 bridges back to back. 1 5.8 Turbo at 5765 Other 5.8 at 5825. I disabled turbo and pushed it to 5745 and both links are good. If I wanted to run turbo on both, what kind of freq separation would I need? This is what the link looked like. (----------------5825-----------...

daiceman

[quote="totalnett"]Hi im new to Mikrotik and that might be my only problem. Well anyway, i got 2 532boards with long range radios which i was planning to set up as an backbone link, only at transparent bridge. WDS is working fine, but when enabling Nstreme the link drops. Here is my config...

daiceman

Quick update.

I killed Nstreme and the connection became stable BUT

My bridge can send data at 10Mbps but only recieves at about .5Mbps
Test shows the same from the other end, only reversed.

Maybe I need to re-align the bridge end?

daiceman

My link is 9km and has a signal of -78 and it keeps bouncing.

RB500's with SR5 into 26dbi grids

Any ideas?

daiceman

has anyone ever tried to connect a WGB350 to a MT AP????

daiceman

Is it possible?

daiceman

Me also?

bowtieguy at gmail dot com

daiceman

Which is lower loss?

daiceman

now on 1 hand they have a right since they own it. and they want to manage it.

My customers paid an installation fee and I own the network and can do with it what I want. This way I can turn thier CPE into a CPE/Hotspot if I see the need.

Something to think about.

daiceman

If you have MT and AP's inside, what cable are you running up your towers? My longest current run is 250'. It was the first AP that I set up about 4 years ago, and I used LMR-400 because that was all I could afford at the time to a tower mounted amp. I am either looking for an acceptable cold climat...

daiceman

I live in the most northern part of Michigan and every winter we see a week or two of sub -20F with lows reaching -30F

If you are in very cold climates how or what do you use the handle the temperatures? I have not seen too many products that can handle those kind of extremes..

Thanks

Jeff

daiceman

Huh? My goal is to make it invisible to the users. I don't want them to see anything at all. Also if they are using something else besides http, I don't want them to be forced to login using http. If the hotspot see's traffic coming from that mac address I want them to be able to login automagicaly...

daiceman

I just set up a client that lives in an apartment complex that will not allow exterior antennas. Right now I have him set-up with a 15dbi panel shooting LOS thru his window. Problem is that the window must be UV protected and hampering the signal. The AP he is connecting to is a Cicso 350BR ( Don't ...

daiceman

If you make a static record in ARP table asigning specific IP to specific MAC, then that user will not be able to use any other IP. You also have to set DNS to lease static IP to that user. Look at DHCP / LEASES I cant wait until you start setting traffic shaping. Manual is very uninformative and m...

daiceman

Not much to really add, other than RADIUS can do all that you have requested with regards to the bandwidth controll. FreeRadius is really easy to setup with MT.

On a side note. Very nice graphic...

daiceman

OK. I can see this if the AP is what is called an Aligator in the HAM world. (all mouth and no ears) But if the AP is amped to get the reach and the client devices are amped also to get back to the AP, will these same problems still appear?

daiceman

Why are so many people opposed to using amps? Is there a drawback that I am not aware of?

daiceman

What is the best way to make sure my MT box can hold these guys off? Just a strong password? This box has been up for 1 day now. echo: system,error,critical login failure for user root from 62.213.0.226 via ssh echo: system,error,critical login failure for user cosmin from 62.213.0.226 via ssh echo:...

daiceman

I added the following to my ip firewall nat rules

chain=hs-auth protocol=tcp dst-port=143 action=accept

chain=hs-auth protocol=tcp dst-port=110 action=accept

I am running the beta

daiceman

Same problem here

daiceman

Thanks for all the info. I will try the last option. What I have configured is hotspot for all the normal clients and now I have PPPoE setup for the clients that need publicly accessable addresses.

daiceman

I am not going to use the MT boxes as wireless AP's, but impliment them in my current network. So, the question is, what does everyone prefer to control thier client connections? Hotspot, PPPoE, PPtP, or whatever else? Which one has the most flexibility.

daiceman

Forget what you see on whatismyip.com etc. Try accessing from some other network I am sure it will open 207.75.xx.55.... Right, it does work that way. BUT, what I am needing is for a maching to be able to be accessed from the internet with a public IP. This is working. Also, the parent company want...

daiceman

Here are my current nat rules: [admin@MikroTik] ip firewall src-nat> print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Static for Goomba src-address=10.0.4.11/32 action=nat to-src-address=207.75.xx.55 1 ;;; masquerade hotspot network src-address=10.0.5.0/24 action=masquerade 2 ;;; masquerade...

daiceman

Hehe, well I think you're in Twilight Zone :) The example I posted earlier was exactly how it should be... Just remove add address=207.75.xx.55/26 network=207.75.xx.0 broadcast=207.75.xx.63 interface=internet comment="Public for Goomba" disabled=no Try and let us know what happened ;) Che...

daiceman

I tried moving the rule to the top and no good. Also tried disableing all the other src-nat rules. The only one running is the one I need. Still no good.

I think I will stop the the day. My desk is taking quite a beating from my head.

daiceman

it shouldn't... have your client reboot his CPE device and then try going to Http://www.whatismyip.com Also make sure you clear the cache on the browser... Well, right now the client is me and the cpe is my laptop sitting next to me. I did reboot it, made sure the connection was cleared in MT and r...

daiceman

yup, it looks good, but it is still reporting the primary interface, the .60.
If my client needs to have a public that works both ways for remote access to his local server and use the same ip to connect to a remote server it is not working as needed.

Edit: the src-nat is not doing its job.

daiceman

OK here is my config. / ip firewall src-nat add src-address=10.0.4.11/32 action=nat to-src-address=207.75.xx.55 comment="Static for Goomba" disabled=no / ip firewall dst-nat add dst-address=207.75.xx.55/32 action=nat to-dst-address=10.0.4.11 comment="Static for Goomba" disabled=n...

daiceman

Update: I can ping my public nated pc from outside the MT. This is good - remote access is possible But, when I get a report of the IP that I am using, it is still showing 207.75.xx.60 and not 207.75.xx.55. the 55 is the one I am nating thru. If I look at the nat rules. my src nat is showing no pack...

daiceman

Right, the pc still has the private ip, but when I do to a page that will show me what the world sees, my IP is that of the MT router interface. Not the one that I am trying to nat thru. The pages that I am using to lookup my IP are http://www.ipchicken.com and iceman.30below.com. Do I need to add t...

daiceman

Do src-nat and dst-nat.. Just add user address in src-nat: ip firewall src-nat src-address=10.0.5.x/32 action=nat to-src-address=207.75.xx.50 now ip firewall dst-nat dst-address=207.75.xx.50/32 action=nat to-dst-address=10.0.5.x Like this your client would have public ip address. Cheers... It is no...

daiceman

So, would this be the best way to handle public IP's on my access points for remote management and monitoring? I need to run DHCP and would like universal client, AND be able to have access from the greater internet for management and also for client servers that need remote access. Is there anyone ...

daiceman

I must have missed something. I am able to pass the address from radius to MT and MT shows the address bound to the mac. But the end user address never changes on the pc and can not surf. What could have i missed? Is there a doc somewhere that helps with running a DHCP pool and being able to assign ...

daiceman

Here is what I am looking for: All the periods are for formating purposes. ............................................................................................................./ DHCP Pool 10.0.5.0/24 ...............................................................................................

daiceman

Any other ideas for me?

daiceman

Well lets see, this is a tough one. My suggestion is to look at bridging the two interfaces and maybe useing PPPoE to hand out some static publis addresses. It might work, but I am new to PPPoE. Can anyone tell either of us what the pros/cons of a PPPoE session are as compared to PPP. Newb question:...

daiceman

My first post here, so please don't chew me up :shock: Here is the scenario I am working with. Mikrotik Box: -Ether 1 Public IP 207.xx.xx.56 SN:255.255.255.192 GW:207.xx.xx.62 -Ether 2 Private IP 10.5.50.1 I need to figure out how to pass a local address from the 207 class to clients connected to Et...

Search found 92 matches

Re: Routerboard as switch is it possible?

Re: Routerboard as switch is it possible?

Re: winbox login - RADIUS PAP vs CHAP

Second Hotspot Server on a VLAN

Question about log entry

Feature request.

Firewall Question

Setting up a Bait server for Firewall rules

Upgrade 2.9.6 to 2.9.13 I am Scared!!!

Problems with Cisco VoIP Phones - PLEASE HELP MT!!

Anyone use Cisco VoIP Phones?

Easy routing question (maybe)

Problem with Proxy-Arp on Hotspot

Any ideas?

2.9.10 is up

If not SR2, then what?

FYI: Wine + Winbox = Winbox in Linux

Bridge + Hotspot = Bad or Good

RB532 + Cold = ???

Re: Point to point bridge, whats wrong here?

Help with a 5.8 Link

MT AP --> Cisco WGB350 Client

u.fl vs mmcx

How cold do you go?

Q: For the Antenna Guru's

Amplifiers

Protection?

Another Hotspot question from me.

Hotspot static IP addresss

Hotspot and public addresses