Community discussions

MikroTik App

Search found 26 matches

by haj3s29a
Fri Aug 14, 2020 6:56 pm
Forum: RouterOS v7 BETA
Topic: SSH connection issues with "fasttrack" switched off. [SOLVED]
Replies: 7
Views: 1827

Re: SSH connection issues with "fasttrack" switched off. [SOLVED]

SSH issue are not problem at Mikrotik router but ISP problem. I have switched ISP - from laggy, lossy LTE to cable Internet. Without changing anything in configuration (except WAN interface), SSH works again. LTE Internet latency over 100ms with at least 10% packet loss Cable Internet 10-20ms (local...
by haj3s29a
Tue Aug 11, 2020 12:35 pm
Forum: Useful user articles
Topic: Using RouterOS to QoS your network - 2020 Edition
Replies: 211
Views: 250739

Re: Using RouterOS to QoS your network - 2020 Edition

Change-dscp and mangle packets...30+ % CPU usage on Chateau LTE12.

It is unstable and unreliable though
by haj3s29a
Sat Aug 08, 2020 7:01 pm
Forum: RouterOS v7 BETA
Topic: SSH connection issues with "fasttrack" switched off. [SOLVED]
Replies: 7
Views: 1827

Re: SSH connection issues with "fasttrack" switched off. [SOLVED]

with default Mikrotik firewall rules everything works.

Once, I switch off FORWARD fasttrack...SSH doesn't work anymore.
by haj3s29a
Tue Aug 04, 2020 11:32 pm
Forum: RouterOS v7 BETA
Topic: local DNS blocked by firewall (bug?)
Replies: 6
Views: 1599

Re: local DNS blocked by firewall (bug?)

Your router should not be set to use itself as a DNS server. Under IP->DNS, verify that the only DNS server IPs entered are remote ones and not the router itself. thanks for reply. I have followed your manual . Isn't it incorrectly written or did I misunderstand, please? Example: To set 159.148.60....
by haj3s29a
Tue Aug 04, 2020 10:13 pm
Forum: RouterOS v7 BETA
Topic: local DNS blocked by firewall (bug?)
Replies: 6
Views: 1599

Re: local DNS blocked by firewall (bug?)

already configured this way
by haj3s29a
Tue Aug 04, 2020 9:33 pm
Forum: RouterOS v7 BETA
Topic: local DNS blocked by firewall (bug?)
Replies: 6
Views: 1599

local DNS blocked by firewall (bug?)

Chateau C12 LTE, ROS v7.1beta1 I have setup local DNS cache. There is some weird issues with the default rule defconf: drop all not coming from LAN I see in firewall log Aug/04/2020 19:56:01 firewall,info DROP !LAN: input: in:(unknown 1) out:(unknown 0), proto UDP, 192.168.88.1:43119->192.168.88.1:5...
by haj3s29a
Mon Aug 03, 2020 6:58 pm
Forum: RouterOS v7 BETA
Topic: Chateau LTE12 starts with 3CA but becomes 2CA after a while
Replies: 10
Views: 2253

Re: Chateau LTE12 starts with 3CA but becomes 2CA after a while

already linked, check out post #6 ;-)
by haj3s29a
Mon Aug 03, 2020 12:26 pm
Forum: RouterOS v7 BETA
Topic: Chateau LTE12 starts with 3CA but becomes 2CA after a while
Replies: 10
Views: 2253

Re: Chateau LTE12 starts with 3CA but becomes 2CA after a while

I have sent a command for locking primary & CA. It seems to work. You have to try, it is all down to ISP.

I have an issue with two cell towers 2km apart and my modem often use the wrong/weak one.
by haj3s29a
Mon Aug 03, 2020 6:55 am
Forum: RouterOS v7 BETA
Topic: Chateau LTE12 starts with 3CA but becomes 2CA after a while
Replies: 10
Views: 2253

Re: Chateau LTE12 starts with 3CA but becomes 2CA after a while

Try cell lock but guys say CA is automatically determined by cell tower.

viewtopic.php?f=13&t=159889#p798970
by haj3s29a
Sun Aug 02, 2020 10:43 pm
Forum: RouterOS v7 BETA
Topic: SSH connection issues with "fasttrack" switched off. [SOLVED]
Replies: 7
Views: 1827

Re: SSH connection issues with "fasttrack" switched off. [SOLVED]

forward accepts ESTABLISHED, RELATED as in default config.

new connections from LAN accepted as in default.

there is no reason for firewall to block it. I have on all DROP rules logging and there is nothing in logs???
by haj3s29a
Sun Aug 02, 2020 8:47 pm
Forum: RouterOS v7 BETA
Topic: SSH connection issues with "fasttrack" switched off. [SOLVED]
Replies: 7
Views: 1827

SSH connection issues with "fasttrack" switched off. [SOLVED]

Chateau C12 LTE, ROS v7.1beta1, LTE modem firmware EG12EAPAR01A06M4G . I have switched off default fasttrack for FORWARD chain in order to use QoS and prioritizing traffic. In default setup, I can connect to my SSH servers. If I switch off fasttrack , I will get an error after timeout: packet_write_...
by haj3s29a
Sun Aug 02, 2020 8:39 pm
Forum: RouterOS v7 BETA
Topic: Chateau C12 LTE modem issues after last ROSv7.1beta1
Replies: 1
Views: 677

Re: Chateau C12 LTE modem issues after last ROSv7.1beta1

I have upgraded LTE modem firmware and experimented with cell lock. There is slight improvements.

It may be also related to switched of "fasttrackt" for FORWARD chain. I cannot connect to SSH anymore.
by haj3s29a
Sun Aug 02, 2020 5:48 pm
Forum: RouterOS v7 BETA
Topic: Chateau LTE12 starts with 3CA but becomes 2CA after a while
Replies: 10
Views: 2253

Re: Chateau LTE12 starts with 3CA but becomes 2CA after a while

I always have three bands in CA (very good signal).

In your case, it simply disconnect poor connection but you can lock in bands you want as you already did.
by haj3s29a
Sat Aug 01, 2020 8:32 pm
Forum: General
Topic: TCP session connection tracking bug?
Replies: 17
Views: 5205

Re: TCP session connection tracking bug?

I have similar issue on my Chateau C12 LTE. After latest ROS v7.1beta1, I cannot connect to my SSH server. Always get following error: packet_write_wait: Connection to x.x.x.x port 22: Broken pipe I do not see any dropped packets in log UPDATE It is an issue with fasttrack vs normal firewall process...
by haj3s29a
Thu Jul 30, 2020 7:42 pm
Forum: RouterOS v7 BETA
Topic: Chateau C12 LTE modem issues after last ROSv7.1beta1
Replies: 1
Views: 677

Chateau C12 LTE modem issues after last ROSv7.1beta1

I am not sure whether it is ISP issue or latest RouterOS v7.1beta1 upgrade. I have got a decent signal I guess Screenshot 2020-07-30 18.26.46.png Internet sometimes doesn't work at all. Sometimes it is fast. 2020-07-29_chateau_c12_lte_latency.txt Usual crap latency. Yesterday, I noticed also some co...
by haj3s29a
Sun Jul 26, 2020 10:47 pm
Forum: RouterOS v7 BETA
Topic: connection-bytes doesn't work as described in documentation
Replies: 1
Views: 661

Re: connection-bytes doesn't work as described in documentation

it looks like it is just WebFig issue because above by mentioned command is possible to add over CLI
by haj3s29a
Sun Jul 26, 2020 7:25 pm
Forum: Useful user articles
Topic: Using RouterOS to QoS your network - 2020 Edition
Replies: 211
Views: 250739

Re: Using RouterOS to QoS your network - 2020 Edition

try this....connection-bytes=!0-5000000
not possible to use "!" in connection-bytes. I have tried connection-bytes=5M-100M and it seems to work

UPDATE:

5M-0 seems to work over CLI but WebUI considers it as an error.
by haj3s29a
Sun Jul 26, 2020 12:31 am
Forum: RouterOS v7 BETA
Topic: connection-bytes doesn't work as described in documentation
Replies: 1
Views: 661

connection-bytes doesn't work as described in documentation

/ip firewall mangle add action=mark-connection chain=prerouting connection-bytes=5000000-0 connection-mark=HTTP connection-rate=2M-300M connection-state=established,related,new dst-address-list=!not_in_internet \ new-connection-mark=HTTP_BIG passthrough=yes protocol=tcp connection-bytes=5000000-0 d...
by haj3s29a
Sun Jul 26, 2020 12:27 am
Forum: Useful user articles
Topic: Using RouterOS to QoS your network - 2020 Edition
Replies: 211
Views: 250739

Re: Using RouterOS to QoS your network - 2020 Edition

/ip firewall mangle add action=mark-connection chain=prerouting connection-bytes=5000000-0 connection-mark=HTTP connection-rate=2M-300M connection-state=established,related,new dst-address-list=!not_in_internet \ new-connection-mark=HTTP_BIG passthrough=yes protocol=tcp connection-bytes=5000000-0 d...
by haj3s29a
Sat Jul 25, 2020 12:55 pm
Forum: RouterOS v7 BETA
Topic: ICMP - change DSCP drops packets
Replies: 2
Views: 839

Re: ICMP - change DSCP drops packets

2020-07-25_supout.rif.zip
by haj3s29a
Fri Jul 24, 2020 7:31 pm
Forum: RouterOS v7 BETA
Topic: ICMP - change DSCP drops packets
Replies: 2
Views: 839

Re: ICMP - change DSCP drops packets

it looks like "change-dscp" in firewall/mangle is full of bugs not only for ICMP.

Yesterday, local DNS cache stopped to work and whole Internet connectivity was down.

I have to switch off all "dscp" mangle rules.
by haj3s29a
Wed Jul 22, 2020 11:07 pm
Forum: RouterOS v7 BETA
Topic: ICMP - change DSCP drops packets
Replies: 2
Views: 839

ICMP - change DSCP drops packets

Chateau C12 RouterOS v7.1beta1 default config I am working on QoS and marking packets. PC > router (bridge > lte1) > Internet /ip firewall mangle add action=change-dscp chain=prerouting comment="mark ICMP packets (DSCP 46)"\ dscp=!46 in-interface=bridge new-dscp=46 passthrough=yes protocol=icmp Abov...
by haj3s29a
Tue Jul 21, 2020 7:37 pm
Forum: General
Topic: WAN to bridge packet flow explanation
Replies: 4
Views: 900

Re: WAN to bridge packet flow explanation

thanks guys

I noticed in documentation about routing cache aka FIB/RIB.

Does that mean only first packet goes full route (as mentioned above by) and RELATED, ESTABLISHED packets go as following:
Internet > RIB/FIB cache > forward
by haj3s29a
Tue Jul 21, 2020 12:49 am
Forum: General
Topic: WAN to bridge packet flow explanation
Replies: 4
Views: 900

Re: WAN to bridge packet flow explanation

Thanks for reply. Looking at routing diagram mentioned above by. Packets should flow as follows: Internet > PREROUTING (lte1) > FORWARD (lte1)> POSTROUTING (lte1) > PREROUTING (eth1) > FORWARD (eth1) > my PC my PC > PREROUTING (eth1) > FORWARD (eth1) > POSTROUTING (eth1) > PREROUTING (lte1) > FORWAR...
by haj3s29a
Mon Jul 20, 2020 10:49 pm
Forum: General
Topic: WAN to bridge packet flow explanation
Replies: 4
Views: 900

WAN to bridge packet flow explanation

Hi, I am trying to understand packet flow in my Chateau LTE12 router with RouterOS v7 beta8 . lte1 is WAN connection bridge is (ether + wifi) but only one eth1 port is active...everything else is switched off. Firewall for bridge is switched off. From packet flow diagram , I am not sure how exactly ...
by haj3s29a
Sun Jul 05, 2020 5:14 pm
Forum: Beginner Basics
Topic: Graphing issue
Replies: 8
Views: 1428

Re: Graphing issue

I have got same issue.

I generated SSL certificate, associated with mikrotik web server. Disabled port 80....ever since graphing doesn't work.
https://192.168.88.1/graphs
Error 404: Not Found
Of course everything else works as suppose to (Webfig HTTPS access)