Community discussions

MUM Europe 2020

Search found 993 matches

by Eugene
Fri Oct 20, 2006 2:48 pm
Forum: General
Topic: Hardware Needed For 2 x Full Route BGP
Replies: 7
Views: 2704

P3/4 with 512 MB RAM
by Eugene
Fri Oct 20, 2006 2:43 pm
Forum: General
Topic: uPnp over EOIP?
Replies: 1
Views: 1214

EoIP is not different from the regular Ethernet interface. Just don't forget to bridge 'em together.

Eugene
by Eugene
Fri Oct 20, 2006 2:20 pm
Forum: General
Topic: IKE IPSEC working but can't ping. NAT-T?
Replies: 3
Views: 2420

you don't need NAT-T in this case. All you have to do is adding nat exception rules for traffic flowing between local networks to the top of nat rule list on both routers. This is in examples in the IPsec manual.

Eugene
by Eugene
Fri Oct 20, 2006 2:14 pm
Forum: General
Topic: BGP routes to address-list
Replies: 4
Views: 1543

just add items from the address list to /routing bgp networks list (may require resend-all issued after this).

Eugene
by Eugene
Fri Oct 20, 2006 2:12 pm
Forum: General
Topic: How to sum two or three wireless link?
Replies: 7
Views: 2468

by Eugene
Fri Oct 20, 2006 2:11 pm
Forum: General
Topic: Scope and Target-Scope
Replies: 6
Views: 3887

scope and target-scope control the recursive route lookup process. That essentially specifies, which routes would become active ("A" flag) in the routing table.
by Eugene
Fri Oct 20, 2006 2:08 pm
Forum: General
Topic: Dynamic Routes and Preferred Source
Replies: 4
Views: 7345

AFAIK, you can change preferred source for DAC route using routing filter in "dynamic" chain.

Eugene
by Eugene
Fri Oct 20, 2006 2:07 pm
Forum: General
Topic: BGP Not Advertising other BGP Routes
Replies: 8
Views: 2855

You have to report such cases accompanied by support-output files to support@mikrotik.com

Eugene
by Eugene
Fri Oct 20, 2006 2:00 pm
Forum: Scripting
Topic: WiFi Signal for Hotspot in Login Page
Replies: 28
Views: 12354

I am not aware of a way that would be easier then one described by Hellbound.

Eugene
by Eugene
Fri Oct 13, 2006 4:48 pm
Forum: General
Topic: Old Versions
Replies: 6
Views: 5210

/ip route print from=[/ip route find dst-address=10.10.3.0/24 Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf # DST-ADDRESS PREF-SRC G GATEWAY DIS INTERFACE 0 ADC 10.10.3.0/24 10.10.3.3 wlan1-uplink [demo@demo.mt.lv] >
by Eugene
Fri Oct 13, 2006 4:44 pm
Forum: General
Topic: NTH for 3 GW
Replies: 4
Views: 3204

you also need to consider as with most "dumb" web browsers, they wait until all or most of the images and text have been downloaded before rendering. what this means is you have 3 times the chance of getting one of those parts SLOWLY...and thus holding up the ENTIRE page... unless they are all line...
by Eugene
Fri Oct 13, 2006 4:31 pm
Forum: General
Topic: Is Vrrp Safe in 2.9.31 connected to non intelegent switch?
Replies: 2
Views: 1293

yes
by Eugene
Fri Oct 13, 2006 4:29 pm
Forum: General
Topic: Syn Proxy
Replies: 1
Views: 2473

no
by Eugene
Fri Oct 13, 2006 4:28 pm
Forum: General
Topic: Unlimited bandwidth but limited cpu
Replies: 1
Views: 2261

one thing to try could be SFQ (or PCQ without limit) queue that will equalize multiple clients.
by Eugene
Fri Oct 13, 2006 4:24 pm
Forum: General
Topic: RouterOS 2.9.32 Released
Replies: 16
Views: 4447

Send support output file to support@mikrotik.com
by Eugene
Fri Oct 13, 2006 4:21 pm
Forum: General
Topic: BGP Not Advertising other BGP Routes
Replies: 8
Views: 2855

issue /routing bgp peer resend-all command and see if the route is being advertised afterwards. If it is not, send support output file to support@mikrotik.com

Eugene
by Eugene
Thu Oct 05, 2006 12:00 am
Forum: Scripting
Topic: how to make advertise like hotspot have?
Replies: 6
Views: 1840

HOTSPOT auth by mac doesnt work at all !!!!!!!!!!!!! It's your personal opinion, most probably based on your inability to configure it right. You would better help yourself and others by describing what you have achieved so far, how it does not work (and how you tested it) and politely asking for h...
by Eugene
Wed Oct 04, 2006 11:54 pm
Forum: General
Topic: bw for every ip
Replies: 2
Views: 2491

search the forum, wiki or the manual for "pcq" examples.
by Eugene
Wed Oct 04, 2006 11:50 pm
Forum: General
Topic: Routing Problem
Replies: 3
Views: 2448

This is good for your education: http://wiki.mikrotik.com/wiki/BGP_Best_ ... _Algorithm

And this is a solution to your problem: http://wiki.mikrotik.com/wiki/BGP_Case_Studies_1 (search for "routing filters")

Good luck,
Eugene
by Eugene
Wed Oct 04, 2006 11:45 pm
Forum: General
Topic: VRRP 1 MT 2 Internet Connections
Replies: 13
Views: 3937

VRRP makes your router (the box itself) redundant. That's why it uses two routers to do the job. In your case you have to do simple fail-over. Search the manual for "check-gateway" parameter of static routes.
by Eugene
Wed Oct 04, 2006 11:36 pm
Forum: Wireless Networking
Topic: Laptop based clients Can not connect, but can to linksys
Replies: 8
Views: 1441

I read 2.9.3 and that induced the reply :)
by Eugene
Wed Oct 04, 2006 11:34 pm
Forum: RouterBOARD hardware
Topic: complete WDS setup
Replies: 9
Views: 4510

Sounds like a good reason to take a training or visit MUM. Or both?
by Eugene
Wed Oct 04, 2006 3:21 pm
Forum: General
Topic: More BGP docs (routing-test)
Replies: 0
Views: 2195

More BGP docs (routing-test)

by Eugene
Wed Oct 04, 2006 11:28 am
Forum: General
Topic: Firewall Critique/Feedback
Replies: 7
Views: 3645

right
by Eugene
Wed Oct 04, 2006 11:25 am
Forum: Wireless Networking
Topic: Laptop based clients Can not connect, but can to linksys
Replies: 8
Views: 1441

You have to upgrade to the latest version and set "proprietary-extensions" parameter of the wireless interface to "post-2.9.25".

Eugene
by Eugene
Tue Oct 03, 2006 10:45 pm
Forum: Wireless Networking
Topic: (How?) Drop packets between wireless clients
Replies: 7
Views: 1660

All "direct" (bridge-like) communications. You should configure routing instead.
by Eugene
Tue Oct 03, 2006 10:39 pm
Forum: General
Topic: Internet provider blocked my router
Replies: 17
Views: 5419

better increase it by 1, coz they might suspect something if you have unusual TTL :)

Eugene
by Eugene
Tue Oct 03, 2006 10:36 pm
Forum: General
Topic: How can i mark outbound router packets with routing-mark?
Replies: 7
Views: 2443

output
by Eugene
Tue Oct 03, 2006 10:03 pm
Forum: General
Topic: BGP Capabilities
Replies: 2
Views: 2023

by Eugene
Tue Oct 03, 2006 2:04 pm
Forum: Scripting
Topic: moving firewall rules by command
Replies: 10
Views: 26786

heh, nothing easier than that:
assign both rules a comment, say "rule1" and "rule2".
Then move arrange them with the following command:
/ip fire filter move rule1 rule2

Edit:

There is also "find" command:

/ip fire filter move [/ip fire filter find dst-addres=10.0.0.0/8] rule1
by Eugene
Tue Oct 03, 2006 2:00 pm
Forum: General
Topic: bgp,info Failed to open TCP connection: No route to host
Replies: 8
Views: 9318

It means that you are unable to route to the destination. Check if you can ping 202.53.251.193.

Eugene
by Eugene
Tue Oct 03, 2006 1:56 pm
Forum: General
Topic: Internet provider blocked my router
Replies: 17
Views: 5419

Try to increase TTL by 1 in mangle. This should help.
by Eugene
Tue Oct 03, 2006 1:53 pm
Forum: General
Topic: Firewall Critique/Feedback
Replies: 7
Views: 3645

Seems to be fine. One more example of a good firewall:
http://wiki.mikrotik.com/wiki/Dmitry_on_firewalling
by Eugene
Tue Oct 03, 2006 1:48 pm
Forum: General
Topic: Freeradius 1.1.0 + Mikrotik v2.9.7
Replies: 6
Views: 4185

Stupid question, but maybe you have L1 license which does not allow more than one user?
by Eugene
Tue Oct 03, 2006 1:36 pm
Forum: General
Topic: Dual ipsec or l2tp tunnel
Replies: 5
Views: 3626

src-address and dst-address in IPsec are working as matchers. It implies that it is impossible (does not make sense) to have two policies with the same src- and dst-addresses. So, to answer your question, you have to establish two l2tp tunnels between those remote locations, each encrypted with ipse...
by Eugene
Tue Oct 03, 2006 1:22 pm
Forum: Wireless Networking
Topic: (How?) Drop packets between wireless clients
Replies: 7
Views: 1660

With default-forwarding set to yes all communications between clients won't reach the firewall. You have to turn off default-forwarding to be able to filter traffic between clients.

Eugene
by Eugene
Tue Oct 03, 2006 1:14 pm
Forum: RouterBOARD hardware
Topic: PPPoE Radius problem
Replies: 2
Views: 2445

"Could Not Determine Local IP Address"
This means, that you have no IP address assigned to the router's end of the tunnel.
You have to set "local-address" parameter in the ppp profile.

Eugene
by Eugene
Mon Oct 02, 2006 1:37 pm
Forum: General
Topic: BGP routing test Ask..
Replies: 13
Views: 4373

gateway of route No. 1 is recursively looked up through route #0. Thats why if you disable the default route, nothing will work.

To view what you are advertising, use /routing bgp peer advertisements menu
by Eugene
Mon Oct 02, 2006 1:34 pm
Forum: General
Topic: problem radius hotspot
Replies: 1
Views: 1874

by Eugene
Mon Oct 02, 2006 10:26 am
Forum: General
Topic: load balancing web servers with dst-nat
Replies: 1
Views: 2393

This:
http://wiki.mikrotik.com/wiki/Load_Balancing_Persistent
discusses the same concept applied in the other direction. A good point to start.
by Eugene
Mon Oct 02, 2006 10:21 am
Forum: General
Topic: BGP routing test Ask..
Replies: 13
Views: 4373

the default values you can obtain by issuing "/ip route print detail" command
by Eugene
Mon Oct 02, 2006 9:26 am
Forum: General
Topic: Firewall Critique/Feedback
Replies: 7
Views: 3645

If no match is found in the child chain, the packet will return to the parent chain.
by Eugene
Mon Oct 02, 2006 9:25 am
Forum: General
Topic: too many firewall rule
Replies: 11
Views: 4922

1000 rules processed for _each_ packet make p4 2.8 pass through 76Mbps fdx. 50000 rules processed for _each_ packet reduce the throughput to 1.5 Mbps fdx.

Like mentioned before, in real life most of the traffic is processed with first 1 to 50 rules.

Eugene
by Eugene
Mon Oct 02, 2006 9:13 am
Forum: General
Topic: olsr support
Replies: 12
Views: 6175

RSTP already has means to monitor link quality.

We will come with our own better solution instead of OLSR.
by Eugene
Mon Oct 02, 2006 9:00 am
Forum: General
Topic: 2.9.30 SNAT Not Working ?
Replies: 1
Views: 2145

Your nat rule should show counters increasing. If it's not, try to move it to the top of the srcnat chain.
by Eugene
Mon Oct 02, 2006 8:58 am
Forum: General
Topic: CPU Usages goes to 98%
Replies: 8
Views: 3506

You have to generate support-output file when you are experiencing the problem and send it to support@mikrotik.com

Eugene
by Eugene
Mon Oct 02, 2006 8:54 am
Forum: General
Topic: BGP between two VPN MT and one FW MT
Replies: 6
Views: 2855

/ip ipsec installed-sa flush
by Eugene
Mon Oct 02, 2006 8:53 am
Forum: General
Topic: BGP - Default Route
Replies: 8
Views: 5501

just upgrade, no changes :wink:
by Eugene
Mon Oct 02, 2006 8:52 am
Forum: General
Topic: BGP routing test Ask..
Replies: 13
Views: 4373

/ip route set <number> scope=<value>

Eugene
by Eugene
Mon Oct 02, 2006 8:01 am
Forum: General
Topic: winbox still missing a very important feature
Replies: 11
Views: 3334

Re: winbox still missing a very important feature

... and please don't tell me there is no keyboard geek using routeros...
thanks
Keyboard geeks use ssh, not WinBox :D

Eugene
by Eugene
Fri Sep 29, 2006 5:29 pm
Forum: General
Topic: BGP - Default Route
Replies: 8
Views: 5501

the configuration is the same and I strongly suggest you to upgrade.
by Eugene
Fri Sep 29, 2006 5:26 pm
Forum: General
Topic: CPU Usages goes to 98%
Replies: 8
Views: 3506

there is no way to do that.
by Eugene
Fri Sep 29, 2006 3:17 pm
Forum: General
Topic: BGP routing test Ask..
Replies: 13
Views: 4373

by Eugene
Fri Sep 29, 2006 2:42 pm
Forum: General
Topic: BGP - Default Route
Replies: 8
Views: 5501

you could find some routing filter examples in the wiki:
http://wiki.mikrotik.com/wiki/Routing
by Eugene
Fri Sep 29, 2006 2:24 pm
Forum: RouterBOARD hardware
Topic: admin password
Replies: 20
Views: 26541

By using Netinstall
by Eugene
Thu Sep 28, 2006 9:26 pm
Forum: General
Topic: Loss of ability to ping out
Replies: 2
Views: 1883

Make a support-output file and send it to support@mikrotik.com. Also upgrade to the latest version.
by Eugene
Thu Sep 28, 2006 9:23 pm
Forum: General
Topic: router local users radius authentication
Replies: 1
Views: 907

Use the following RADIUS attribute:

Mikrotik-Group - Router local user group name (defines in /user group) for local users.

Eugene
by Eugene
Thu Sep 28, 2006 9:20 pm
Forum: General
Topic: Using HTTPS sign-on with hotspot consumes all memory
Replies: 7
Views: 5715

You should take support-output file from the router taken while the problem exists and send it to support@mikrotik.com
by Eugene
Thu Sep 28, 2006 8:10 am
Forum: General
Topic: Block PPPoE discovey broadcasts with firewall?
Replies: 11
Views: 3506

Use bridge firewall in "/interface bridge firewall" menu
by Eugene
Wed Sep 27, 2006 8:34 pm
Forum: General
Topic: Simple routing problem
Replies: 18
Views: 3566

If you need Layer 2 communication between two offices, then the setup you outlined is a good choice. However, if L2 is not a requirement, I'd choose routing across 2 IPsec tunnels.
by Eugene
Wed Sep 27, 2006 8:30 pm
Forum: General
Topic: redirect local clients to local SMTP
Replies: 2
Views: 1038

your smtp server should be in a different subnet from your clients.
by Eugene
Wed Sep 27, 2006 4:24 pm
Forum: General
Topic: Simple routing problem
Replies: 18
Views: 3566

IPsec tunnels could not be bonded, because they are Level 3. You could, however, use routing to fail-over between them.

Eugene
by Eugene
Wed Sep 27, 2006 12:32 pm
Forum: General
Topic: BGP and Two Full Routes
Replies: 3
Views: 1048

by Eugene
Wed Sep 27, 2006 12:19 pm
Forum: Scripting
Topic: script for keeping adls router in shape?
Replies: 5
Views: 1441

/system telnet works only in interactive mode.
by Eugene
Tue Sep 26, 2006 8:46 pm
Forum: General
Topic: Simple routing problem
Replies: 18
Views: 3566

It's not a workaround. It's the way how routing works regardless of device brand. The routing table contains instructions for the router how to send a packet for the particular destination and the router obeys these rules. If it is instructed to go through one gateway, it won't go through the other ...
by Eugene
Tue Sep 26, 2006 8:34 pm
Forum: General
Topic: BGP between two VPN MT and one FW MT
Replies: 6
Views: 2855

http://www.mikrotik.com/docs/ros/2.9/routing/ospf

Scroll down to "application Examples"

Eugene
by Eugene
Tue Sep 26, 2006 8:33 pm
Forum: General
Topic: NTH
Replies: 9
Views: 2681

5,3,0
5,3,1
5,3,2
5,3,3
5,3,4
5,3,5
exactly

Routing marks should be:

wan1 to 5,3,0
wan2 to 5,3,1
wan3 to 5,3,2
...

(assuming you want to load-balance across 6 links, not just 2)
by Eugene
Tue Sep 26, 2006 4:42 pm
Forum: General
Topic: Simple routing problem
Replies: 18
Views: 3566

Lets start over. Suppose, you are accessing the router (IP 2.0.0.1, 3.0.0.1) from a computer (IP 1.0.0.1) over the Internet. the router has two upstream links, one connected to IP 2.0.0.2 and the other to 3.0.0.2. The default route points to 2.0.0.2. Now if the router does not have a specific route ...
by Eugene
Tue Sep 26, 2006 4:23 pm
Forum: General
Topic: dsa keyed SSH
Replies: 20
Views: 9939

OpenSSH_4.2p1 Debian-7ubuntu3
by Eugene
Tue Sep 26, 2006 12:57 pm
Forum: RouterBOARD hardware
Topic: Routerboard and solar panel
Replies: 1
Views: 1744

by Eugene
Tue Sep 26, 2006 12:25 pm
Forum: General
Topic: traffic prioritizing
Replies: 18
Views: 3888

it won't affect encrypted p2p. That can only be dropped in the firewall.
by Eugene
Tue Sep 26, 2006 12:24 pm
Forum: General
Topic: Ethernet Interfaces Freeezing up!!
Replies: 6
Views: 1387

most probably you have a broken switch/bad cable on that WAN port. Had the same problem myself, swapped the switch.

Eugene
by Eugene
Tue Sep 26, 2006 12:21 pm
Forum: General
Topic: PCQ question
Replies: 3
Views: 1353

This will work.
by Eugene
Tue Sep 26, 2006 12:13 pm
Forum: General
Topic: Simple routing problem
Replies: 18
Views: 3566

Re: IPSEC sould also stop working if there are 2 wan links

All this is the same problem: Once there are more then one internet links, then router's inner services tend to respond via the default gateway. Thank you for any comments. Router does not have "preferences". If it does not have a specific route to the destination, it _will_ respond through the def...
by Eugene
Tue Sep 26, 2006 12:04 pm
Forum: General
Topic: dsa keyed SSH
Replies: 20
Views: 9939

Works on debian/unstable and ubuntu dapper.
by Eugene
Mon Sep 25, 2006 5:28 pm
Forum: Wireless Networking
Topic: MAC ADDRESS FILTERING
Replies: 13
Views: 1935

/interface wireless access-list

Search for the "access list" in the following manual:
http://www.mikrotik.com/docs/ros/2.9/interface/wireless
by Eugene
Mon Sep 25, 2006 3:34 pm
Forum: Scripting
Topic: script for keeping adls router in shape?
Replies: 5
Views: 1441

no way to do this in RouterOS.
by Eugene
Mon Sep 25, 2006 3:31 pm
Forum: RouterBOARD hardware
Topic: Unable To Ping Router From Ethernet
Replies: 2
Views: 1265

Most probably, you are not in the same subnet.

Eugene
by Eugene
Mon Sep 25, 2006 3:31 pm
Forum: RouterBOARD hardware
Topic: Packet gain
Replies: 5
Views: 2252

Multiple CPEs have the same IP address.
by Eugene
Mon Sep 25, 2006 3:24 pm
Forum: Wireless Networking
Topic: How to configure maximum wireless perfomance
Replies: 4
Views: 1511

By the way: What is the cause for so much CPU resources used by bandwidth test?
Generating packets takes a lot of cpu time.
by Eugene
Mon Sep 25, 2006 2:45 pm
Forum: General
Topic: 2.9.29: Where is the Mikrotik CF image?
Replies: 26
Views: 5758

Then you should be aware, that only root could bind ports below 1024. In fact, all your "services" (apache, ssh, ftp, ...) are started as root :wink:
by Eugene
Mon Sep 25, 2006 2:39 pm
Forum: General
Topic: 2.9.29: Where is the Mikrotik CF image?
Replies: 26
Views: 5758

are you running it as root?
by Eugene
Mon Sep 25, 2006 2:23 pm
Forum: General
Topic: Way to bypass upstream proxy when upstream is dead
Replies: 1
Views: 1358

referencing an item by its number does not work in scripts. So the following won't work:
/ip firewall mangle disable 0
You should use 'find' command instead:
/ip firewall mangle disable [/ip firewall mangle find comment="This rule should be disabled"]
Eugene
by Eugene
Mon Sep 25, 2006 2:15 pm
Forum: General
Topic: Simple routing problem
Replies: 18
Views: 3566

please post:
/ip route print detail
/ip firewall mange print
by Eugene
Mon Sep 25, 2006 1:33 pm
Forum: General
Topic: load balancing for my dual adsl
Replies: 124
Views: 26671

you have to accept everything with dst-address equal to your public IP.
by Eugene
Fri Sep 22, 2006 5:13 pm
Forum: Wireless Networking
Topic: Limiting user connection by signal strength?
Replies: 1
Views: 747

This feature is scheduled to appear in version 3.0

Eugene
by Eugene
Fri Sep 22, 2006 3:26 pm
Forum: Wireless Networking
Topic: How to change acctually used frequency bandwidth
Replies: 1
Views: 520

Set "Band" to "5Ghz-turbo"
by Eugene
Fri Sep 22, 2006 3:25 pm
Forum: Wireless Networking
Topic: How to configure maximum wireless perfomance
Replies: 4
Views: 1511

The rates you are referring mean "air rate" and are not a measure of throughput.
You are getting only 8 Mbit because bandwidth test uses a lot of CPU resources. Try to test through the boards.
by Eugene
Fri Sep 22, 2006 2:10 pm
Forum: Scripting
Topic: watch alive to other machine
Replies: 2
Views: 1181

Take any e-mail sending script (from forum, wiki or the manual) and add it to the NetWatch event:

http://www.mikrotik.com/docs/ros/2.9/tools/netwatch
by Eugene
Fri Sep 22, 2006 2:03 pm
Forum: General
Topic: load balancing for my dual adsl
Replies: 124
Views: 26671

Hello Again, Got it working!!!! I now have all VOIP going through one specific WAN.. Thanks to Eugene and Sergejs...The trick was to make the mangle rule unset... To unset goto ip firewall mangle and print, than type unset, it will ask for the number and value-name, put connection-state on the valu...
by Eugene
Fri Sep 22, 2006 1:51 pm
Forum: General
Topic: Can't ping router interface?
Replies: 4
Views: 1352

Are you using any NAT?
by Eugene
Fri Sep 22, 2006 1:37 pm
Forum: General
Topic: Wall Garden under request
Replies: 3
Views: 1201

it is possible to enter this information via ssh into multiple routers simultaneously.
by Eugene
Fri Sep 22, 2006 1:36 pm
Forum: General
Topic: Simple routing problem
Replies: 18
Views: 3566

Post complete list of routes and ip addresses on the router. Indicate, to what address you are trying to connect.
by Eugene
Thu Sep 21, 2006 11:58 am
Forum: Wireless Networking
Topic: wpa no good for client wifi?
Replies: 6
Views: 1935

Upgrade to the latest version and set proprietary-extensions parameter of the wireless interface to post-2.9.25.

Eugene
by Eugene
Thu Sep 21, 2006 11:38 am
Forum: General
Topic: QoS for three network rannges
Replies: 6
Views: 3211

add these networks as "target-address" for a simple queue and use pcq as queue type.
by Eugene
Thu Sep 21, 2006 11:36 am
Forum: General
Topic: Ethernet Interfaces Freeezing up!!
Replies: 6
Views: 1387

not sure why it's happening, but you can work around this problem. Add a netwatch script that monitors your Internet connection and disables/enables the interface in case of any problems. You should take support-output file when the problem happens and sent it to support@mikrotik.com to enable us to...
by Eugene
Thu Sep 21, 2006 11:33 am
Forum: General
Topic: hotspot problem
Replies: 3
Views: 1314

What version are you using? What attributes your RADIUS server is sending back to the router?
by Eugene
Thu Sep 21, 2006 11:20 am
Forum: General
Topic: load balancing for my dual adsl
Replies: 124
Views: 26671

Re: Ok, here it is

...
1) you have to disable "passthrough" in your voip rules.

2) you are sending part of the voip connection (packets with established state) through a different gw then the other part of the connection ("new"). I'd say you are very lucky if it works.

Eugene
by Eugene
Thu Sep 21, 2006 11:16 am
Forum: General
Topic: load balancing for my dual adsl
Replies: 124
Views: 26671

A question how would I load balance the outgoing conections from the hotspot proxy?

Also do I have my nth values correct for 4 connections.

3,1,0
3,1,1
3,1,2
3,1,3

Ideas if I should change anything..

Cheer Lee
use output chain.

nth values are correct.
by Eugene
Thu Sep 21, 2006 11:13 am
Forum: General
Topic: WEB.PROXY TRNASPARENT MODE
Replies: 8
Views: 2252

the rule is disabled
by Eugene
Thu Sep 21, 2006 11:10 am
Forum: General
Topic: Winbox Feature suggestion.
Replies: 37
Views: 13344

Re: Winbox Feature Suggestion

Only thing I am asking for is the ability to specify a name for the backup file in Winbox. This can also be accomplished by providing a file rename capabiliy in the File Folder.
This could be done in terminal:
/system backup save name=<File name goes here>
Eugene
by Eugene
Wed Sep 20, 2006 12:22 pm
Forum: Wireless Networking
Topic: Time based Bandwidth Control
Replies: 2
Views: 964

yes. You have to use "Time" parameter in simple queues.
More on this in the manual: http://www.mikrotik.com/docs/ros/2.9/root/queue
by Eugene
Wed Sep 20, 2006 12:19 pm
Forum: General
Topic: Old laptop & pcmcia with MikroTik RouterOS V2.9
Replies: 3
Views: 1207

You have to check your configuration against supported hardware list: http://www.mikrotik.com/docs/ros/2.9/guide/driverlist
by Eugene
Tue Sep 19, 2006 4:25 pm
Forum: General
Topic: Loosing rip;ospf,BGP with 2.10
Replies: 26
Views: 6179

Now 3.0 (2.10) is in early beta stage. We will clarify our policy on this topic closer to the release date.

Eugene
by Eugene
Tue Sep 19, 2006 4:21 pm
Forum: Wireless Networking
Topic: HOW MAX CLINTS CAN CONECT WALN
Replies: 10
Views: 1598

No more than 50 (per radio) for practical reasons.
by Eugene
Tue Sep 19, 2006 4:19 pm
Forum: Wireless Networking
Topic: HELP, we make Noise on fire deparment freq.
Replies: 31
Views: 5044

Shielding everything with foil should also help.
by Eugene
Tue Sep 19, 2006 4:16 pm
Forum: General
Topic: VTun client to connect to MikroTik router ?
Replies: 1
Views: 1741

RouterOS does not support VTun.

Eugene
by Eugene
Tue Sep 19, 2006 1:16 pm
Forum: General
Topic: cant connect to WinBox via MAC Address
Replies: 11
Views: 4817

You have to find the difference between that two machines and notify us about it.

Eugene
by Eugene
Tue Sep 19, 2006 1:14 pm
Forum: The Dude
Topic: Printing Down Machine List
Replies: 3
Views: 1734

We will put this feature on the list.
by Eugene
Tue Sep 19, 2006 12:39 pm
Forum: General
Topic: cant connect to WinBox via MAC Address
Replies: 11
Views: 4817

Do you have the latest winbox loader? You can download one from the router with the latest version of RouterOS.

Eugene
by Eugene
Tue Sep 19, 2006 11:55 am
Forum: General
Topic: [SOLVED] internal IP-compname resolver
Replies: 7
Views: 2374

afaik, you can add static DNS entries in the /ip dns menu.

Eugene
by Eugene
Tue Sep 19, 2006 11:49 am
Forum: General
Topic: load balancing for my dual adsl
Replies: 124
Views: 26671

could you provide a snippet of your configuration (in particular /ip firewall export and /ip route export)

Eugene
by Eugene
Tue Sep 19, 2006 11:45 am
Forum: General
Topic: BGP between two VPN MT and one FW MT
Replies: 6
Views: 2855

better use ospf for this.
by Eugene
Mon Sep 18, 2006 11:04 am
Forum: RouterBOARD hardware
Topic: BGP on 2.9.27
Replies: 9
Views: 3362

memory leak is fixed in the latest version.

Eugene
by Eugene
Thu Aug 31, 2006 6:17 pm
Forum: RouterBOARD hardware
Topic: Hotspot filter doesn't work?
Replies: 5
Views: 2596

You have to add rules with action "jump" to the hotspot chain.
by Eugene
Wed Aug 30, 2006 2:22 pm
Forum: Scripting
Topic: how to print Bytes detail on /ip firewall mangle
Replies: 2
Views: 1456

/ip firewall mangle print all stats
by Eugene
Wed Aug 30, 2006 2:18 pm
Forum: Scripting
Topic: how to run a script every sunday
Replies: 8
Views: 3959

Scheduler has also start-date parameter. Choose a date that is Sunday and interval of 7 days.

Eugene
by Eugene
Wed Aug 30, 2006 2:13 pm
Forum: Scripting
Topic: Warning about high connection numbers.
Replies: 5
Views: 1515

That's because output from "print" could not be reliably parsed in all cases by the script interpreter.
There are "find" and "get" commands, which replace "print" in scripts.

Eugene
by Eugene
Tue Aug 29, 2006 11:48 am
Forum: Scripting
Topic: how to save user statistic?
Replies: 5
Views: 1561

Writing a script to send all this from the router via e-mail is much more complicated task then polling your routers via SNMP from a server.
by Eugene
Mon Aug 28, 2006 5:52 pm
Forum: General
Topic: [solved] winbox on MacOS
Replies: 2
Views: 905

Same issue here. uncheck "secure mode" checkbox and it will work fine.

Eugene
by Eugene
Mon Aug 28, 2006 5:43 pm
Forum: General
Topic: Mangle, prerouting or forward, NAT ...
Replies: 4
Views: 6245

- why, using SQ, mangling p2p in forward chain (as in manual or various examples), on router where masquarading is being done, SQ upload rate says at 0, while changing mangle rules to prerouting chain, SQ counter starts to show even upload? Because one simple queue places three real queues (one in ...
by Eugene
Mon Aug 28, 2006 5:36 pm
Forum: Scripting
Topic: how to save user statistic?
Replies: 5
Views: 1561

snmpwalk -v 1 -c public 10.5.7.1 > myfile
Eugene
by Eugene
Mon Aug 28, 2006 3:04 pm
Forum: Scripting
Topic: how to make advertise like hotspot have?
Replies: 6
Views: 1840

A better way would be to use hotspot just for advertising. It can be configured to be completely transparent to the end user and presenting them with [annoying] advertisements in the same time.
by Eugene
Mon Aug 28, 2006 3:01 pm
Forum: General
Topic: Mangle, prerouting or forward, NAT ...
Replies: 4
Views: 6245

by Eugene
Mon Aug 28, 2006 2:57 pm
Forum: General
Topic: LOG Error
Replies: 4
Views: 1090

send support-output file to support@mikrotik.com
by Eugene
Mon Aug 28, 2006 2:56 pm
Forum: General
Topic: IPSec Tunnels, quick question
Replies: 9
Views: 1564

You could have multiple IPs on the LAN side of your peer (not necessary in the same segment as your remote nodes) and nat to these IPs. Or, you could have both transport and tunnel mode policies with the same peer simultaneously.
by Eugene
Mon Aug 28, 2006 12:48 pm
Forum: General
Topic: IPSec Tunnels, quick question
Replies: 9
Views: 1564

The question now is just what happens when 2 or more remote peers has a private LAN behind the firewall (which I need to accommodate in a Tunnel configuration), with duplicate IP addresses. If I do use dst-nat at the remote node, then my IPSec Peer and my Tunnel Peer will be the same address... Tha...
by Eugene
Mon Aug 28, 2006 12:45 pm
Forum: Scripting
Topic: Warning about high connection numbers.
Replies: 5
Views: 1515

"print" does not work in scripts.

Eugene
by Eugene
Mon Aug 28, 2006 12:25 pm
Forum: General
Topic: IPSec Tunnels, quick question
Replies: 9
Views: 1564

You could nat to local addresses of remote ipsec peers (thus no need to change policies to transport mode).
by Eugene
Mon Aug 28, 2006 12:23 pm
Forum: General
Topic: 2.9.29 Queues - Diff btwn Target Address and dst. address?
Replies: 2
Views: 1129

Yes, target-address is the address of the client you want to apply data rate limitation to (the "target" of your traffic policy). dst-address is the address client is going to (usually not needed, so placed in the "advanced" tab).

Eugene
by Eugene
Mon Aug 28, 2006 12:12 pm
Forum: General
Topic: IPSec Tunnels, quick question
Replies: 9
Views: 1564

What will happen if I have a policy that states to encrypt data between 1.1.1.2 and 5.5.5.5, when 5.5.5.5 sits on both 2.0.1.1 and 2.0.2.1 ? This will cause routing problems, as your router does not know, what is the difference between 5.5.5.5 sitting on 2.0.1.1 and the one sitting on 2.0.2.1. You ...
by Eugene
Thu Aug 24, 2006 1:21 pm
Forum: General
Topic: transparent traffic shaper
Replies: 35
Views: 9626

Why prerouting chain is used instead of forward chain? Is it because of bridging? because we need to know the marks before the forward chain. see http://www.mikrotik.com/docs/ros/2.9/graphics:packet_flow31.jpg What kind of queue do you recommend for TTS? Can I implement PCQ in TTS? depends on your ...
by Eugene
Wed Aug 23, 2006 12:54 pm
Forum: General
Topic: dont fragment bit - clearing
Replies: 6
Views: 4665

IPsec policy has an option to clear DF bit. And it can be used without actually running IPsec tunnel.
by Eugene
Tue Aug 22, 2006 2:23 pm
Forum: General
Topic: NTH
Replies: 9
Views: 2681

at random.
by Eugene
Tue Aug 22, 2006 12:23 pm
Forum: General
Topic: NTH
Replies: 9
Views: 2681

"counter" is just a counter. nothing more. it should be the same for all rules targeting the same flow.
by Eugene
Tue Aug 22, 2006 12:19 pm
Forum: General
Topic: Secondary Addresses
Replies: 4
Views: 980

You could add as many IP addresses on the interface, as you want.
by Eugene
Mon Aug 21, 2006 5:44 pm
Forum: Wireless Networking
Topic: rb 112 problem
Replies: 1
Views: 559

you should use WDS for this.
by Eugene
Mon Aug 21, 2006 11:54 am
Forum: Scripting
Topic: Registering global variables
Replies: 2
Views: 983

:if (("." . $check . ".") != "..") do={ 
:log info "variable registered..." 
}else={ 
:log info "registering variable..." 
:global check 0 
} 
Eugene
by Eugene
Sun Aug 20, 2006 9:45 pm
Forum: General
Topic: ROS 2.9.28 Routing-Test BGP memory leak?
Replies: 3
Views: 1050

are there any configuration differences between these devices?

Eugene
by Eugene
Sun Aug 20, 2006 9:37 pm
Forum: General
Topic: 802.1p, howto?
Replies: 1
Views: 1693

Look for vlan-priority parameter in the bridge firewall manual:
http://www.mikrotik.com/docs/ros/2.9/interface/bridge
by Eugene
Sun Aug 20, 2006 9:30 pm
Forum: Scripting
Topic: Cant find /tool sigwatch ?
Replies: 1
Views: 996

AFAIK, it's only present on x86 systems
by Eugene
Fri Aug 18, 2006 12:15 pm
Forum: General
Topic: IP Forwarding
Replies: 12
Views: 3084

connection tracking is required for NAT.
by Eugene
Fri Aug 18, 2006 11:55 am
Forum: General
Topic: access allow,restrict , redirect.
Replies: 1
Views: 838

by Eugene
Fri Aug 18, 2006 11:27 am
Forum: General
Topic: load balancing for my dual adsl
Replies: 124
Views: 26671

The manual is much more expressive about your question than I could ever be in my life:
http://www.mikrotik.com/docs/ros/2.9/ip/mangle

Eugene
by Eugene
Fri Aug 18, 2006 11:11 am
Forum: General
Topic: load balancing for my dual adsl
Replies: 124
Views: 26671

All addresses on your LAN are automatically classified by the following rules: / ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 \ action=mark-connection new-connection-mark=odd passthrough=yes add chain=prerouting in-interface=Local action=add-src-to-addres...
by Eugene
Fri Aug 18, 2006 10:29 am
Forum: General
Topic: nth, just to know..
Replies: 15
Views: 3180

@eugene: so, for 5 wanes the nth is:
4,6,0
4,6,1
4,6,2
4,6,3
4,6,4

?????

M.
yes
by Eugene
Thu Aug 17, 2006 9:37 pm
Forum: General
Topic: nth, just to know..
Replies: 15
Views: 3180

example: nth=Every,Counter,Packet nth=2,3,0. 2,3,1 2,3,2 divide all packets into groups of three (2+1). The packets will be numbered from 0 to 2. So, a sequence of packets the rule matches looks like: (0 1 2)(0 1 2)(0 1 2)(0 1 2)(0 1 2)... the first rule will match the first packet in each group ("P...
by Eugene
Thu Aug 17, 2006 12:45 pm
Forum: General
Topic: Routing-test 2.9.28 - ospf-out chain problem
Replies: 3
Views: 1402

Works fine for me. v2.9.28
by Eugene
Thu Aug 17, 2006 11:50 am
Forum: General
Topic: Hotspot + Bridging
Replies: 12
Views: 2228

Have you considered giving this web server a separate vlan, that could be later bridged with the WAN interface?

Eugene
by Eugene
Thu Aug 17, 2006 10:40 am
Forum: General
Topic: nth, just to know..
Replies: 15
Views: 3180

Can everyone without the right experience read the manual before asking such questions?

http://www.mikrotik.com/docs/ros/2.9/ip ... 0388772383
by Eugene
Thu Aug 17, 2006 10:34 am
Forum: General
Topic: IP Forwarding
Replies: 12
Views: 3084

We want all traffic for ips X.X.X.54 and X.X.X.69 port 25 to goto server X.X.X.15
/ip firewall nat add chain=dstnat action=dst-nat protocol=tcp dst-port=25 dst-address=X.X.X.54 to-addresses=X.X.X.15 to-ports=25
by Eugene
Thu Aug 17, 2006 10:22 am
Forum: Scripting
Topic: Hard Cap Users?
Replies: 9
Views: 1744

1) use ssh keys. you should generate a key on your linux box with 'ssh-keygen -t dsa' and then import it on the router with '/user ssh-keys import'

2) I think disabling the user record (for HS and PPP) should work.

Eugene
by Eugene
Wed Aug 16, 2006 5:13 pm
Forum: Scripting
Topic: Hard Cap Users?
Replies: 9
Views: 1744

a perl or python script running on a linux machine that checks a user against your SQL database. Then the script would log into the router via ssh and issue some CLI commands.

Eugene
by Eugene
Wed Aug 16, 2006 4:24 pm
Forum: General
Topic: Double-click required for all forum links?
Replies: 18
Views: 2465

fine for me, though maybe Macs come with double click as the default :)
by Eugene
Wed Aug 16, 2006 1:59 pm
Forum: Scripting
Topic: Hard Cap Users?
Replies: 9
Views: 1744

you could do it via ssh provided you have dedicated host to run the script.
by Eugene
Wed Aug 16, 2006 11:58 am
Forum: General
Topic: Block port's
Replies: 6
Views: 1281

/ip firewall filter add chain=forward protocol=tcp dst-port=80 action=drop
Reading the manual won't hurt, either.
http://www.mikrotik.com/docs/ros/2.9/

Eugene
by Eugene
Wed Aug 16, 2006 11:32 am
Forum: Scripting
Topic: Hard Cap Users?
Replies: 9
Views: 1744

RADIUS can use SQL DB as a back-end.
by Eugene
Wed Aug 16, 2006 11:26 am
Forum: General
Topic: Hotspot + Bridging
Replies: 12
Views: 2228

You have to be more specific on your network layout and problem description.
by Eugene
Wed Aug 16, 2006 11:24 am
Forum: General
Topic: 1:N destination NAT
Replies: 3
Views: 1998

you should use dst-nat and nat different ports on the router to the (different) emule ports on clients.
by Eugene
Wed Aug 16, 2006 11:00 am
Forum: General
Topic: NTH
Replies: 9
Views: 2681

7,5,0
7,5,1
7,5,2
7,5,3
7,5,4
7,5,5
7,5,6
7,5,7
by Eugene
Wed Aug 16, 2006 10:39 am
Forum: General
Topic: tunnel queueing
Replies: 1
Views: 709

yes. Tunnel appears to queues as a real interface.
by Eugene
Wed Aug 16, 2006 10:17 am
Forum: Scripting
Topic: Where is my error?
Replies: 6
Views: 1577

'print' does not work in scripts.
by Eugene
Fri Aug 11, 2006 7:26 pm
Forum: Wireless Networking
Topic: Need some help configuring relay link
Replies: 3
Views: 709

yes, two radios at the relay side will be configured as AP (ap-bridge or bridge to be precise). I suggest you to use mode=bridge, as you have exactly one client per each AP.

Eugene
by Eugene
Fri Aug 11, 2006 2:03 pm
Forum: General
Topic: Hotspot + Bridging
Replies: 12
Views: 2228

bridge two interfaces and add some rules to broute table (/interface bridge broute)

Everything that is dropped from broute table will be routed.

Eugene
by Eugene
Fri Aug 11, 2006 1:57 pm
Forum: Wireless Networking
Topic: Need some help configuring relay link
Replies: 3
Views: 709

You should configure two identical links as outlined in "WDS Station" example (http://www.mikrotik.com/docs/ros/2.9/in ... 8093683028) and then bridge two wds interfaces on the AP side together.

Eugene
by Eugene
Fri Aug 11, 2006 1:24 pm
Forum: General
Topic: Load Balancing.. cannot make it work well....
Replies: 3
Views: 1132

the wiki example does not provide fail-over. You should make fail-over script on your own.

Eugene
by Eugene
Fri Aug 11, 2006 1:09 pm
Forum: General
Topic: Problem with all 2.9.x versions and VIA chipset + DMA2 CF
Replies: 1
Views: 815

no
by Eugene
Fri Aug 11, 2006 1:04 pm
Forum: General
Topic: initial routing - need help.
Replies: 7
Views: 1624

You could not have addresses from one network assigned to different interfaces.

Eugene
by Eugene
Fri Aug 11, 2006 1:03 pm
Forum: General
Topic: traffic shaping Tree + pcq
Replies: 6
Views: 1707

the idea of PCG is to use *one* queue for multiple clients. See the following link for details http://www.mikrotik.com/docs/ros/2.9/ro ... 7797108865

Eugene
by Eugene
Thu Aug 10, 2006 4:10 pm
Forum: General
Topic: transparent traffic shaper
Replies: 35
Views: 9626

by Eugene
Thu Aug 10, 2006 1:07 pm
Forum: Wireless Networking
Topic: WDS backbone
Replies: 9
Views: 2186

WDS surpresses loops

WDS does not suppress loops by itself. STP and RSTP do. You should enable RSTP on all bridges in your WDS setup to avoid forwarding loops.
by Eugene
Thu Aug 10, 2006 12:48 pm
Forum: Scripting
Topic: /system history commands
Replies: 3
Views: 2599

Already fixed :) Will be available in 2.9.29

Eugene
by Eugene
Thu Aug 10, 2006 12:43 pm
Forum: General
Topic: Not quite what we suspected...
Replies: 5
Views: 1523

Mac is from MACaronies :)
by Eugene
Wed Aug 09, 2006 4:05 pm
Forum: General
Topic: PCQ classifier is not working well with masquerade
Replies: 2
Views: 1093

Long questions are Good Thing (tm). They sometimes deserve long answers. The reason for what you are experiencing is that simple queues attach to global-in and global-out interfaces, which allows them to see unmodified source addresses: http://www.mikrotik.com/docs/ros/2.9/graphics:packet_flow31.jpg...
by Eugene
Wed Aug 09, 2006 3:37 pm
Forum: General
Topic: mikrotik newbie settings
Replies: 7
Views: 1925

just upload packages via ftp and reboot. takes less then 2 minutes.
by Eugene
Wed Aug 09, 2006 3:11 pm
Forum: General
Topic: Will RB532 support 30 concurrent VPN tunnels?
Replies: 7
Views: 1620

yes.
/ip firewall service-port set gre,pptp disabled=no 
by Eugene
Wed Aug 09, 2006 11:25 am
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

Multiple peer entries are okay, but you cannot use more than 1 instance. If you use more than 1 instance you end up with multiple views of the routing table that do not 'see' other instances ... it's a problem and should not be that way. ... Sam This behavior is normal,it is not a bug. AFAIK, zebra...
by Eugene
Tue Aug 08, 2006 12:44 pm
Forum: Scripting
Topic: Saving information from registration-table into log
Replies: 1
Views: 819

better do the same through ssh to a file
by Eugene
Tue Aug 08, 2006 12:30 pm
Forum: General
Topic: ppp source interface
Replies: 6
Views: 1769

PPTP should do this already, not sure about L2TP, though. You should send us support-output file in case of such problems.
by Eugene
Mon Aug 07, 2006 11:04 am
Forum: Scripting
Topic: Monitor dst-nat bytes
Replies: 2
Views: 871

by Eugene
Fri Aug 04, 2006 2:20 pm
Forum: Scripting
Topic: firewall remove
Replies: 2
Views: 1045

/ip firewall rule forward remove [/ip firewall rule forward find comment=456]
by Eugene
Fri Aug 04, 2006 10:02 am
Forum: General
Topic: MT RB L2TP client and Cisco L2TP server ?
Replies: 3
Views: 1888

you have to add something like:
no l2tp tunnel authentication
Eugene
by Eugene
Thu Aug 03, 2006 3:22 pm
Forum: Wireless Networking
Topic: WPA PSK TKIP and handshake timeout (15)
Replies: 7
Views: 1683

What clients are you using? You should send support-output file to support@mikrotik.com if you encounter problems like this.
by Eugene
Thu Aug 03, 2006 10:24 am
Forum: General
Topic: BGP Killing OSPF Route in Routing-Test 2.9.27
Replies: 1
Views: 788

send support output file to support@mikrotik.com
by Eugene
Thu Aug 03, 2006 10:22 am
Forum: General
Topic: 2.9.27 ospf crash
Replies: 14
Views: 2781

Send support-output file to support@mikrotik.com if you experience problems.
by Eugene
Wed Aug 02, 2006 6:48 pm
Forum: General
Topic: MT RB L2TP client and Cisco L2TP server ?
Replies: 3
Views: 1888

A configuration of LNS-LAC-Client topology (Client-LNS could be easy derived from this): Client ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$HwpA$2...
by Eugene
Wed Aug 02, 2006 4:59 pm
Forum: Scripting
Topic: Reset hotspot subscribers at first of month?
Replies: 4
Views: 1282

Look for UserManager. It does this and much more.[/code]
by Eugene
Wed Aug 02, 2006 11:47 am
Forum: General
Topic: P2P Blocking
Replies: 1
Views: 956

yes
by Eugene
Wed Aug 02, 2006 11:42 am
Forum: General
Topic: 2.9.27 BGP Multihop
Replies: 6
Views: 1724

If I run /ip route print detail I see all the routes learned through BGP are gateway-state=recursive. Is that what the state should be?
Yes
Can I set two default gateways like this?
It depends on what you want to achieve :wink:
by Eugene
Wed Aug 02, 2006 11:23 am
Forum: General
Topic: Big problem Routing Guys it was ok then Stop +++++++++++++++
Replies: 6
Views: 1282

yes. Not possible at the time.
by Eugene
Tue Aug 01, 2006 1:30 pm
Forum: Scripting
Topic: Reset hotspot subscribers at first of month?
Replies: 4
Views: 1282

Do you use RADIUS, UserManager or local HS database?
by Eugene
Tue Aug 01, 2006 1:26 pm
Forum: General
Topic: Address lists
Replies: 1
Views: 808

[eugene@SM_BGP] interface bridge filter> /ip fire address-list add address=                        


Address ::= A.B.C.D[-A.B.C.D |/00..32 |/A.B.C.D ]    (IP address range)

[eugene@SM_BGP] interface bridge filter> /ip fire address-list add address=
It works
by Eugene
Tue Aug 01, 2006 1:24 pm
Forum: General
Topic: Big problem Routing Guys it was ok then Stop +++++++++++++++
Replies: 6
Views: 1282

serious??
absolutely
by Eugene
Tue Aug 01, 2006 1:20 pm
Forum: General
Topic: Bridge Filter bug on Terminal
Replies: 7
Views: 1324

:D we will probably make a fix for this in 2.10.
by Eugene
Tue Aug 01, 2006 9:20 am
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

There are numerous routing fixes in .28. Could you switch on those bgp peers?
by Eugene
Tue Aug 01, 2006 9:16 am
Forum: General
Topic: Bridge Filter bug on Terminal
Replies: 7
Views: 1324

without the help of excellent OS X calculator I would write the following:
[eugene@SM_BGP] interface bridge filter> add chain forward mac-protocol=[:tonum 0x8863] 
Eugene
by Eugene
Tue Aug 01, 2006 9:10 am
Forum: General
Topic: Bridge Filter bug on Terminal
Replies: 7
Views: 1324

:oops:
anyway,
[eugene@SM_BGP] interface bridge filter> add chain forward mac-protocol=34915
Eugene
by Eugene
Tue Aug 01, 2006 8:56 am
Forum: General
Topic: L2TP to Cisco
Replies: 2
Views: 1078

try to set "lcp renegotiation on-mismatch" in cisco.

Also cisco has some very usefull logs.
by Eugene
Tue Aug 01, 2006 8:50 am
Forum: General
Topic: Big problem Routing Guys it was ok then Stop +++++++++++++++
Replies: 6
Views: 1282

Ask your ISP to change the IP address of the PPTP server back. That's the only way to fix this.
by Eugene
Tue Aug 01, 2006 8:46 am
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

the calculation process probably has not finished by the time you were looking at these routes. Though without support-output it's difficult to tell.

Eugene
by Eugene
Tue Aug 01, 2006 8:41 am
Forum: General
Topic: manual of winbox
Replies: 6
Views: 4369

Winbox closely resembles console command structure. As the console commands are more readable and less verbose than winbox screenshots, the manual will always discuss console.
by Eugene
Mon Jul 31, 2006 10:35 am
Forum: General
Topic: Bridge Filter bug on Terminal
Replies: 7
Views: 1324

It's not a bug. So the choice seems to be pretty limited, yeah? :D [eugene@SM_BGP] interface bridge filter> add chain forward mac-protocol= Protocol name or number MacProtocol ::= [!]Protocol Protocol ::= ProtocolName | ProtocolNumber ProtocolName ::= ProtocolName36 | MacProtocol MacProtocol ::= arp...
by Eugene
Mon Jul 31, 2006 10:27 am
Forum: General
Topic: How many clients can I connect to a MT AP?
Replies: 20
Views: 3077

If I have 100 clients simultaneously connected (and using net) to an AP.. they have 11mbps/100 of bandwidth eachone, or there is some other limitation, for example they present desconectations ¿?? Keep in mind with 802.11b the interface is half-duplex. The radio cannot transmit and receive at the s...
by Eugene
Mon Jul 31, 2006 10:18 am
Forum: General
Topic: problem
Replies: 1
Views: 866

Simple routing will do for IP traffic only. If you plan to use anything other than IP, use bridging (bridge has a firewall, which can be configured to drop traffic between eth2 and eth3).

Eugene
by Eugene
Mon Jul 31, 2006 10:06 am
Forum: General
Topic: Block MSN Messenger
Replies: 11
Views: 6224

"content" firewall matcher allows to inspect packets' source for a given string. A good way to block Messenger based on it's signature.
by Eugene
Mon Jul 31, 2006 9:55 am
Forum: General
Topic: How to Deny Tracert
Replies: 3
Views: 1150

why do you ever need to do something like this?

ICMP type:code:

11:0
3:3
by Eugene
Mon Jul 31, 2006 9:50 am
Forum: General
Topic: Routing private subnet to private subnet?
Replies: 10
Views: 2168

To decide whether a particular IP address is "private" (non-routable) or "public" (routable) address in a given network is the responsibility of the network administrator (read: a matter of configuration).

There is no difference from the router's point of view between private and public IPs.

Eugene
by Eugene
Mon Jul 31, 2006 9:41 am
Forum: General
Topic: 2.9.27 BGP Multihop
Replies: 6
Views: 1724

by default, bgp routes have "target-scope" value less then "scope" value of static routes. You should set "scope" of the static route to a lower value.

Eugene
by Eugene
Mon Jul 31, 2006 9:33 am
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

Russ: exactly.
by Eugene
Mon Jul 31, 2006 8:47 am
Forum: Scripting
Topic: Down bursting
Replies: 9
Views: 2667

by Eugene
Fri Jul 28, 2006 1:52 pm
Forum: Scripting
Topic: Run script from file?
Replies: 7
Views: 7397

Having a spare machine with Linux inside® is Good Thing (tm).

Eugene
by Eugene
Fri Jul 28, 2006 1:21 pm
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

toRuss: Add a static /27 route to the router. redistribute static routes instead of connected.
by Eugene
Fri Jul 28, 2006 12:58 pm
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

2Sam: If these 2 routes are from different instances, they are not compared by BGP code (AS_PATH length does not matter).
by Eugene
Fri Jul 28, 2006 12:56 pm
Forum: General
Topic: RADIUS source interface / address
Replies: 14
Views: 6084

src-nat is your friend.
by Eugene
Fri Jul 28, 2006 12:53 pm
Forum: Scripting
Topic: Run script from file?
Replies: 7
Views: 7397

$ ssh -l admin 10.0.0.1 /ip address add address=$address

bash could read from files, too :)
by Eugene
Fri Jul 28, 2006 12:03 pm
Forum: Scripting
Topic: finding values that contain string
Replies: 3
Views: 1365

I hope it will be there.
by Eugene
Thu Jul 27, 2006 1:38 pm
Forum: Scripting
Topic: finding values that contain string
Replies: 3
Views: 1365

by Eugene
Wed Jul 26, 2006 12:31 pm
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

Do you have /routing bgp instance <number> ignore-as-path-len set to "no"?
by Eugene
Tue Jul 25, 2006 7:50 am
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

Excuse for my other stupid question… I’ve put a static route with scope<=target-scope and next-hope resolved, all routes from multihop neighbor were put in routing table without any filtering. But now I have other trouble – MT redistribute my RIP networks trough BGP. That multihop neighbor received...
by Eugene
Mon Jul 24, 2006 1:02 pm
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

Speaking of next hops, a next hop have not to be always directly reachable in order to route packets over a particular route. Instead, a next hop could be recursively looked up via other routes. The router does not know anything about how your network is organized. It obeys the rules written in the ...
by Eugene
Mon Jul 24, 2006 12:38 pm
Forum: General
Topic: Routing Problem, im new...
Replies: 10
Views: 1716

RouterOS does not route on per interface basis, but on per destination (prefix) basis. Your question is therefore not appropriate and has no answer.
by Eugene
Mon Jul 24, 2006 12:19 pm
Forum: General
Topic: Strange Routing problem
Replies: 3
Views: 789

Because the packets originated from the router have different source address from packets coming from attached LAN.
by Eugene
Mon Jul 24, 2006 12:13 pm
Forum: General
Topic: ECMP Using The Same Gateway Address
Replies: 1
Views: 670

No way.
by Eugene
Mon Jul 24, 2006 12:01 pm
Forum: General
Topic: Road to recovery
Replies: 2
Views: 739

OSPF or VRRP will reduce downtime by switching to an alternative path.
by Eugene
Mon Jul 24, 2006 11:53 am
Forum: General
Topic: 2 isp´s and 3 subnets !
Replies: 3
Views: 914

by Eugene
Mon Jul 24, 2006 11:09 am
Forum: General
Topic: MT Hardware Support
Replies: 3
Views: 687

any x86 compatible CPU will be fine. 2.10 will support dual CPUs.
by Eugene
Mon Jul 24, 2006 11:00 am
Forum: General
Topic: internet disconnection
Replies: 10
Views: 1376

http://www.catb.org/esr/faqs/smart-questions.html

One more time does not hurt, yeah?
by Eugene
Mon Jul 24, 2006 10:57 am
Forum: General
Topic: Demo "key" queue settings
Replies: 10
Views: 1739

[eugene@SM_BGP] > /queue interface print # INTERFACE QUEUE 0 ether1 ethernet-default 1 ether2 ethernet-default 2 <pptp-int> default [eugene@SM_BGP] > /queue type print 0 name="default" kind=pfifo pfifo-limit=50 1 name="ethernet-default" kind=pfifo pfifo-limit=50 2 name="wireless-default" kind=sfq sf...
by Eugene
Mon Jul 24, 2006 10:55 am
Forum: General
Topic: Dynamic Policy based Routing
Replies: 8
Views: 2475

We will think about it. BTW, what happened to those 2 bgp peers? Seems to be down.

Eugene
by Eugene
Mon Jul 24, 2006 10:49 am
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

Yes, of cause. At first we added static route for that next hop and test by ping, but MT didn't put routing information without filtering input BGP with 'set-nexthop' option. In another BGP routing daemons option "multihop" complete with field 'hope count' (numeric) - if two routers have more then ...
by Eugene
Mon Jul 24, 2006 10:44 am
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

Eugene, Are you still using those 2 test peering here? If so, maybe I can script something up to add/remove routes similiar to that on the internet - maybe taking in 180,000 routes on 2 routers and syncing them between using ibgp works fine until there are new annoucements during that sync. We had ...
by Eugene
Mon Jul 24, 2006 10:42 am
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

You would help a lot by sending support-output file to support@mikrotik.com Eugene Hello Eugene, Yes, I know we should have thought to generate a support-output file. Even with three people working on the problem nobody was thinking of sending supout files...instead our pants were on fire and we we...
by Eugene
Mon Jul 24, 2006 10:33 am
Forum: Scripting
Topic: Run script from file?
Replies: 7
Views: 7397

/import <filename>
by Eugene
Mon Jul 24, 2006 10:22 am
Forum: Scripting
Topic: Compare 2 truth values
Replies: 2
Views: 875

:if ([/ping 10.0.0.254 count=1]=1 && [/ping 10.0.0.253 count=1]=1) do {:put "Both Gateways reachable"}
Eugene
by Eugene
Mon Jul 24, 2006 10:19 am
Forum: Scripting
Topic: Uploading scripts to MT
Replies: 1
Views: 922

MT doesn't support ssh-heys.
MT _does_ support ssh keys:
[admin@bottom] > /user ssh-keys import file=key.dsa user=admin 
Eugene
by Eugene
Fri Jul 14, 2006 9:36 am
Forum: General
Topic: Dynamic Policy based Routing
Replies: 8
Views: 2475

Re: Dynamic Policy based Routing

If I could alternatly set the pptp client to add the default route with a routing mark, that would solve my problem as well.
If you are using the routing-test package, there is a built-in chain dynamic-in which allows you to apply routing marks on dynamic routes.

Eugene
by Eugene
Thu Jul 13, 2006 11:53 am
Forum: General
Topic: Nehemiah 1 ghz mini itx w/ RouteOS ??
Replies: 6
Views: 1015

wrong
by Eugene
Thu Jul 13, 2006 8:13 am
Forum: General
Topic: Routing-Test
Replies: 148
Views: 31092

You would help a lot by sending support-output file to support@mikrotik.com

Eugene
by Eugene
Mon Jul 10, 2006 10:02 am
Forum: General
Topic: VRRP... does it really work?
Replies: 60
Views: 11336

I assume support output file is already sent ?

Eugene
by Eugene
Mon Jul 10, 2006 9:39 am
Forum: General
Topic: VRRP... does it really work?
Replies: 60
Views: 11336

If I understand correctly this means that an interface that is running vrrp should show the virtual mac for all ips. That's how it should work. Technically, there is no reason IP addresses not part of the virtual router should use the virtual mac, but this simplifies implementation a lot without br...
by Eugene
Fri Jul 07, 2006 1:51 pm
Forum: General
Topic: Is it possable?
Replies: 23
Views: 3389

You have to use passthrough=yes for all your connection-marking rules.
by Eugene
Fri Jul 07, 2006 1:48 pm
Forum: General
Topic: VRRP... does it really work?
Replies: 60
Views: 11336

Actually, VRRP master router will change the mac address of the interface to a virtual one, causing ALL addresses on that interface to be advertised with this virtual mac address. And that's *exactly* where you are going wrong! The Virtual Mac, has nothing per say, to do with the interface! The sta...
by Eugene
Fri Jul 07, 2006 1:31 pm
Forum: General
Topic: load balancing for my dual adsl
Replies: 124
Views: 26671

then you have to provide more information about your problem.
(Hint: export of the relevant parts of your config will help).
by Eugene
Fri Jul 07, 2006 1:29 pm
Forum: General
Topic: Is it possable?
Replies: 23
Views: 3389

could you provide the configuration of mangle as well?
by Eugene
Fri Jul 07, 2006 8:59 am
Forum: General
Topic: load balancing for my dual adsl
Replies: 124
Views: 26671

by Eugene
Fri Jul 07, 2006 8:48 am
Forum: General
Topic: PortForward don't go when loadbalance 2 wan on 1 interface
Replies: 2
Views: 888

you have to mangle your dst-natted sessions and make them go out through the same gw they have entered your router.