Community discussions

Search found 4637 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 16
by SurferTim
Fri Nov 14, 2014 3:18 pm
Forum: General
Topic: Question about DHCP lease time
Replies: 2
Views: 1837

Re: Question about DHCP lease time

As I recall (it has been a while), the dhcp server will hold that lease offer for 30 seconds. If the client does not respond, then the IP is released. You can check that here: /ip dhcp-server lease print detail It will show the status there also. I think it will say "offered" while waiting for a cli...
by SurferTim
Thu Nov 13, 2014 7:13 pm
Forum: Beginner Basics
Topic: connecting 3 Mikrotik
Replies: 4
Views: 1081

Re: connecting 3 Mikrotik

I need this on occasion. You must route the network IP/subnets back to each router on the downstream router. What are the IP/subnets assigned to each of these router interfaces? That would be the P1 and P2 on each router.
WAN <--> P1-R1-P2 <--> P1-R2-P2 <--> P1-R3-P2 <--> PC
by SurferTim
Mon Nov 10, 2014 11:35 pm
Forum: Beginner Basics
Topic: Bypass Hotspot and Radius for specific IP address
Replies: 6
Views: 7593

Re: Bypass Hotspot and Radius for specific IP address

First, you need to disable the hotspot NAT.
/ip hotspot
set 0 address-pool=none
Then when you use ip-binding, it will bypass everything. At least last time I checked.
by SurferTim
Fri Nov 07, 2014 3:34 pm
Forum: Beginner Basics
Topic: Firewall NAT problem to share internet - Slow internet
Replies: 3
Views: 1347

Re: Firewall NAT problem to share internet - Slow internet

Did you set your dhcp client to use peer dns?
/ip dhcp-client
set 0 use-peer-dns=yes
You might also try setting a static dns server in "/ip dhcp-server network".
by SurferTim
Tue Nov 04, 2014 1:07 am
Forum: Beginner Basics
Topic: Routing between multiple RouterBoards without Masquerade
Replies: 3
Views: 1267

Re: Routing between multiple RouterBoards without Masquerade

Did you find a fix? Yes. I do this kind of routing all the time. You must explain your network configuration. Do you have an internet connection, or plan on having one someday? If so, specify which router it connects to. If you need a masquerade, you probably forgot the default route on the remote ...
by SurferTim
Mon Nov 03, 2014 5:09 pm
Forum: General
Topic: Outgoing ports are blocked
Replies: 2
Views: 650

Re: Outgoing ports are blocked

Add an in-interface parameter to the dstnat rule.
/ip firewall nat
add action=dst-nat chain=dstnat comment="Video" in-interface=ether1 dst-port=5445 protocol=tcp to-addresses=192.168.0.31
If ether1 is not the WAN interface, change that.
by SurferTim
Mon Nov 03, 2014 1:34 am
Forum: Beginner Basics
Topic: Leases time - cant change
Replies: 2
Views: 748

Re: Leases time - cant change

As I recall, the lease expires-after will not change until the client renews the lease. That will be at half the lease time. That will be a long time if the current lease is several thousand days. The alternative is to force the clients to renew the lease if you can access the client computers. With...
by SurferTim
Sun Nov 02, 2014 5:34 pm
Forum: Beginner Basics
Topic: Bypass Hotspot and Radius for specific IP address
Replies: 6
Views: 7593

Re: Bypass Hotspot and Radius for specific IP address

Yes.
/ip hotspot ip-binding
add address=192.168.0.0/24 type=bypassed
For Winbox, it is under "IP - Hotspot - IP Bindings"
by SurferTim
Sun Nov 02, 2014 4:49 pm
Forum: Beginner Basics
Topic: Bypass Hotspot and Radius for specific IP address
Replies: 6
Views: 7593

Re: Bypass Hotspot and Radius for specific IP address

You can do that with ip-binding.
/ip hotspot ip-binding
add address=192.168.0.2 type=bypassed
If 192.168.0.2 isn't the IP you want bypassed, change that.

You can also bypass by mac address if you prefer.
by SurferTim
Fri Oct 31, 2014 2:10 pm
Forum: Beginner Basics
Topic: 3 router static routing
Replies: 2
Views: 1584

Re: 3 router static routing

Is there going to be an internet connection on this setup at some time? If so, which router will have the internet connection?
by SurferTim
Fri Oct 31, 2014 4:11 am
Forum: Scripting
Topic: Increase active hotspot user session timeout
Replies: 1
Views: 1434

Re: Increase active hotspot user session timeout

/ip hotspot user profile
set 0 session-timeout=0
or
set 0 session-timeout=1d
Setting session-timeout=0 disables the session timeout (no timeout).
by SurferTim
Wed Oct 29, 2014 2:09 pm
Forum: General
Topic: DHCP assign & De-assign
Replies: 3
Views: 1191

Re: DHCP assign & De-assign

I had problems with that, but I haven't seen it lately since upgrading the RouterOS. The problem was the dhcp server was not updating the lease "expires-after" value when a lease was renewed. You might want to check that. /ip dhcp-server lease print detail The sum of the last-seen and expires-after ...
by SurferTim
Sun Oct 26, 2014 8:58 pm
Forum: General
Topic: Web proxy redirection issue
Replies: 3
Views: 2053

Re: Web proxy redirection issue

Is the wireless set up with a hotspot? Does the wireless client bypass the proxy?
by SurferTim
Sat Oct 25, 2014 10:51 pm
Forum: General
Topic: Port forwarding problem
Replies: 2
Views: 751

Re: Port forwarding problem

You should add a dst-port to those rules, or it will redirect all port requests to the first rule. /ip firewall nat add chain=dstnat action=dst-nat to-addresses=10.10.10.2 to-ports=28000 protocol=tcp dst-port=28000 in-interface=ether1 /ip firewall nat add chain=dstnat action=dst-nat to-addresses=10....
by SurferTim
Fri Oct 24, 2014 2:05 am
Forum: General
Topic: SMTP SSL - Port forwarding
Replies: 12
Views: 7115

Re: SMTP SSL - Port forwarding

I have also small other problem. I have forwarded port 443 from WAN to LAN (192.168.22.88) and this connection works properly from outside ;-) One important inconvenience is when I will browse other https page file (port 443) from LAN I allways go to this forwarded addres 192.168.22. Then you need ...
by SurferTim
Fri Oct 24, 2014 1:23 am
Forum: General
Topic: SMTP SSL - Port forwarding
Replies: 12
Views: 7115

Re: SMTP SSL - Port forwarding

Then you should either:
1) use the localnet private ip of the email server on your localnet computers rather than domain name.
or
2) use the router localnet gateway for your dns and set a static dns for the server in the router.
or
3) use a hairpin nat.
by SurferTim
Fri Oct 24, 2014 12:36 am
Forum: General
Topic: SMTP SSL - Port forwarding
Replies: 12
Views: 7115

Re: SMTP SSL - Port forwarding

What does this mean? The problem is when I tried to send email being connected to my LAN. Send email with what program? To where? There are two ways email servers "send and receive" email. 1) Email client (Outlook and Thunderbird) to and from the email server (Sendmail or Postfix). 2) Email server (...
by SurferTim
Thu Oct 23, 2014 9:01 pm
Forum: General
Topic: SMTP SSL - Port forwarding
Replies: 12
Views: 7115

Re: SMTP SSL - Port forwarding

Then adding the "in-interface=ether1" to the nat rule should allow your email server to send mail to another email server without being redirected back to your email server. Have you tried it?
by SurferTim
Thu Oct 23, 2014 2:51 pm
Forum: General
Topic: SMTP SSL - Port forwarding
Replies: 12
Views: 7115

Re: SMTP SSL - Port forwarding

If you are having trouble with outgoing mail from your email server, then it is probably due to the dstnat rule for port 25. It may be redirecting your outgoing packets back to your server. You must add an in-interface (or dst-address) to that rule to prevent that. /ip firewall nat add chain=dstnat ...
by SurferTim
Thu Oct 23, 2014 2:56 am
Forum: General
Topic: SMTP SSL - Port forwarding
Replies: 12
Views: 7115

Re: SMTP SSL - Port forwarding

Please help to configure NAT Rule to run my outcomming messages. I don't have any problems with my incoming messages ;-) Outgoing and incoming messages from where? If you mean another email server is having trouble delivering email to your server, you must use port 25 for that. Port 465 is how emai...
by SurferTim
Wed Oct 22, 2014 5:53 pm
Forum: General
Topic: DHCP Timers Options 58 and 59
Replies: 2
Views: 1057

Re: DHCP Timers Options 58 and 59

I try to manually add the options without success. What did you try? Did you try to enter the settings in "/ip dhcp option" and it reported an entry or value error? Did it accept your entry and doesn't send it to the DHCP client? Have you enabled verbose logging for the dhcp service? /sytem logging...
by SurferTim
Sun Oct 19, 2014 7:26 pm
Forum: RouterBOARD hardware
Topic: Hotspot Security
Replies: 4
Views: 1612

Re: Hotspot Security

Just to be more specific, the device that goes trough without login is tablet that does not have 3G connection. Is that normal? Thank's Well, that depends. On your "/ip hotspot profile" settings, what do you have in "login-by"? If you have cookie, it may be logging in without any login page. Check ...
by SurferTim
Sat Oct 18, 2014 8:00 pm
Forum: RouterBOARD hardware
Topic: Hotspot Security
Replies: 4
Views: 1612

Re: Hotspot Security

My iPhone works like it should with a hotspot, but my Blackberry seemed to bypass the hotspot login. After testing, I found it was not bypassing the hotspot security, but if it couldn't connect through the wifi immediately, it would resort to using the 3G data connection from my cellphone provider. ...
by SurferTim
Fri Oct 17, 2014 4:05 pm
Forum: Beginner Basics
Topic: exteral login page no errors are displayed
Replies: 14
Views: 2445

Re: exteral login page no errors are displayed

Hi guys,

Is realy necessary to have a RADIUS server to the external hotspot work?
If you mean an external hotspot login page, no. It will check the local router database first (/ip hotspot user), then a RADIUS server if you have one set up.
by SurferTim
Fri Oct 10, 2014 11:29 pm
Forum: Beginner Basics
Topic: hotspot setup
Replies: 2
Views: 823

Re: hotspot setup

...or you can select "IP - Hotspot" and click on the "Hotspot Setup" button. With the CLI
/ip hotspot
setup
by SurferTim
Fri Oct 10, 2014 3:35 pm
Forum: General
Topic: How to bypass internal traffic in hotspot
Replies: 3
Views: 897

Re: How to bypass internal traffic in hotspot

Last I checked, this is caused by the hotspot interface doing a 1:1 NAT on all localnet devices. Whatever IP you try to connect with on the localnet, the hotspot intercepts that attempt. Try disabling that 1:1 NAT. Everything else should still work ok, but any device connected to the hotspot interfa...
by SurferTim
Thu Oct 09, 2014 3:28 pm
Forum: General
Topic: Internet coming and going on hotspot
Replies: 2
Views: 657

Re: Internet coming and going on hotspot

Is everything assigned to bridge1? IP address/subnet? DHCP server? Hotspot? The hotspot will assign an IP from its dhcp pool if the IP address the client is using is out of the localnet subnet or is already assigned to another device. edit: My apology. I was interrupted by a phone call.The IP shown ...
by SurferTim
Sat Oct 04, 2014 7:43 pm
Forum: General
Topic: 10 Minute Leases
Replies: 10
Views: 3965

Re: 10 Minute Leases

That will cause no noticeable effect. Ping is one packet from src to dst, and one packet back. Hardly a network killer, even if done 30 times every 5 minutes.
by SurferTim
Sat Oct 04, 2014 6:05 pm
Forum: General
Topic: 10 Minute Leases
Replies: 10
Views: 3965

Re: 10 Minute Leases

Thanks tim. On the same note, if I am running a script to ping all static ip addresses every 5 minutes, will this also tax the network, or is ping so minimal it doesn't matter? It shouldn't tax the network too much, but again, it depends on the number of static IP clients you have on the localnet. ...
by SurferTim
Sat Oct 04, 2014 5:56 pm
Forum: General
Topic: 10 Minute Leases
Replies: 10
Views: 3965

Re: 10 Minute Leases

got it. But by shortening the lease time to 10 minutes, doesn't this tax the router and add network traffic? I wonder how it affects performance? Yes, it affects the performance of the network, but that would be relational to the number of clients on the network. If there are only a few clients, th...
by SurferTim
Sat Oct 04, 2014 5:41 pm
Forum: General
Topic: 10 Minute Leases
Replies: 10
Views: 3965

Re: 10 Minute Leases

The change in lease time should not be a problem. As long as the client device thinks it has a lease, even tho it is longer than the lease time on the dhcp server, it should not lose the connection. The dhcp server (last I checked) will check to see if an IP is being used before issuing that IP from...
by SurferTim
Sat Oct 04, 2014 4:59 pm
Forum: General
Topic: Ip cloud updating wrong public ip address
Replies: 4
Views: 1273

Re: Ip cloud updating wrong public ip address

Take a look at this thread.
http://forum.mikrotik.com/viewtopic.php?f=2&t=89620

If you wait a while, then try the ping again, does the IP change? It may be the site is using dns to load balance. PayPal uses this type of load balancing.
by SurferTim
Wed Oct 01, 2014 3:15 pm
Forum: General
Topic: HotSpot Software interfering with http connectivity
Replies: 1
Views: 475

Re: HotSpot Software interfering with http connectivity

Normally that is caused by the hotspot's 1:1 NAT. It uses ARP poisoning to intercept requests to localnet IPs from any device on the localnet.

Try disabling the 1:1 NAT. You do that by setting the hotspot address pool to none.
/ip hotspot
set 0 address-pool=none
by SurferTim
Tue Sep 30, 2014 5:03 am
Forum: Beginner Basics
Topic: MIkrotik Hotspot Manager
Replies: 1
Views: 724

Re: MIkrotik Hotspot Manager

I have not tried it, but FreeRADIUS is supposed to be able to do that. It is a setting in the clients.conf file. Maybe DMA Softlab can do it. It is based on FreeRADIUS v2. Check with them. Here is the entry that allows all IPs to be a client: client 0.0.0.0/0 { secret = 12345 shortname = name } Mayb...
by SurferTim
Mon Sep 29, 2014 11:31 pm
Forum: General
Topic: SSH Connection Timeouts On Simple NAT
Replies: 2
Views: 1397

Re: SSH Connection Timeouts On Simple NAT

I think you have to wrong IP for the SSH NAT. Port 80 is NAT'ed to 192.168.0.100 and port 22 is NAT'ed to 192.168.0.233. Is that really what you wanted?
by SurferTim
Sun Sep 28, 2014 11:40 pm
Forum: General
Topic: DHCP Options
Replies: 12
Views: 9200

Re: DHCP Options

what is the difference between the dhcp option 42 and the ntp server option in dhcp networks.
Probably nothing different. Just a different way of sending option 42. I have not tested it, but I don't see another way using dhcp to send the NTP server IP.
by SurferTim
Sun Sep 28, 2014 5:24 am
Forum: General
Topic: Cloud IP Address reports wrong
Replies: 2
Views: 985

Re: Cloud IP Address reports wrong

I don't know if this is your challenge, but some busy domains (like PayPal for example) use DNS to load balance between several servers. The TTL on each domain resolution is very short, and a subsequent domain resolution request will return a different IP. PayPal uses 4 servers in the rotation last ...
by SurferTim
Sun Sep 28, 2014 4:52 am
Forum: General
Topic: DHCP Options
Replies: 12
Views: 9200

Re: DHCP Options

Are these the options you wanted?
/ip dhcp-server option
add name="Time Zone Offset" code=2 value="'-28800'"
add name="NTP Server" code=42 value="'1.2.3.4'"
The value is a bit odd. It requires a double and single quote on each end of the value if not a hex value.
by SurferTim
Sun Sep 28, 2014 4:29 am
Forum: General
Topic: DHCP Options
Replies: 12
Views: 9200

Re: DHCP Options

You can set those in /ip dhcp-server option. I don't use it but I know where to set it.
http://wiki.mikrotik.com/wiki/Manual:IP ... CP_Options
by SurferTim
Sun Sep 28, 2014 3:36 am
Forum: General
Topic: How to login to default hotspot
Replies: 9
Views: 11152

Re: How to login to default hotspot

If you used "/ip hotspot setup", the default user and password are the last prompts. I don't see how you missed it. The rest I guess depends on your WAN interface. That shouldn't be on the hotspot. How strong is your firewall on it? Does the device have a serial port? If so, get a null modem cable, ...
by SurferTim
Sat Sep 27, 2014 11:32 pm
Forum: General
Topic: How to login to default hotspot
Replies: 9
Views: 11152

Re: How to login to default hotspot

When you set up the first hotspot on that router, it asks for a user and password for a "default" user. What did you enter there? Same as the login for the router?
by SurferTim
Sat Sep 27, 2014 3:36 pm
Forum: Beginner Basics
Topic: I can't figure out how to route between subnets
Replies: 11
Views: 2050

Re: I can't figure out how to route between subnets

If you want the interfaces on a bridge for a reason, that is fine, but the ip address/subnet must be assigned to the bridge, not an interface on that bridge. I recommend removing all interfaces from the bridge, removing all but the ip/subnet you connect to the router with, and start over by adding t...
by SurferTim
Sat Sep 27, 2014 1:48 pm
Forum: General
Topic: Hotspot Walled Garden https problem
Replies: 23
Views: 23895

Re: Hotspot Walled Garden https problem

Still using your "PayPal script" on my hotspots. 2 years later Tim. Saved me a LOT of Grief! :D :D :D
Thanks! It is good to hear my script is still useful!

Actually, I was hoping the Mikrotik crew would have come up with a fix to eliminate the need for that script by now.
by SurferTim
Sat Sep 27, 2014 1:45 pm
Forum: Beginner Basics
Topic: I can't figure out how to route between subnets
Replies: 11
Views: 2050

Re: I can't figure out how to route between subnets

Remove the interfaces from the bridge. Is there a reason they are on a bridge?

edit: Your listings of /ip address and /ip route above don't match. Have you done some editing of the settings in /ip address? The interface in /ip address and the gateway for that subnet in /ip route should match.
by SurferTim
Sat Sep 27, 2014 1:41 pm
Forum: Beginner Basics
Topic: I guess I don't understand this thing (router)
Replies: 1
Views: 661

Re: I guess I don't understand this thing (router)

What tells the RB2011 to allow traffic from 192.168.1.x on ether1 bound for 192.168.3.x on ether3 to go out ether3? and to allow return traffic from 192.168.3.x bound for 192.168.1.x to go out ether1? Dave The settings in /ip route. Those settings are added automatically when you enter the address ...
by SurferTim
Sat Sep 20, 2014 4:21 pm
Forum: Beginner Basics
Topic: Port forwording
Replies: 1
Views: 754

Re: Port forwording

To access any device on the hotspot interface, that device must be logged in or bypassed. Otherwise, the connection will fail. If the device IP is 192.168.0.2, then this will bypass the device. You can also use the mac address if the IP will vary. /ip hotspot ip-binding add address=192.168.0.2 type=...
by SurferTim
Sat Sep 13, 2014 6:54 pm
Forum: Beginner Basics
Topic: exteral login page no errors are displayed
Replies: 14
Views: 2445

Re: exteral login page no errors are displayed

i have webproxy enabled do u think that can be the problem ?
No. The web proxy works on port 80. The radius servers work on ports 1812 and 1813.
by SurferTim
Sat Sep 13, 2014 6:28 pm
Forum: Beginner Basics
Topic: exteral login page no errors are displayed
Replies: 14
Views: 2445

Re: exteral login page no errors are displayed

I can't help you there. All my routers are v6.x. I have no router to test that. The only suggestion I can offer is upgrade to the latest version. If you still have that problem, maybe the Mikrotik crew can help you. They have been really helpful with my problems. I presume you have the radius debug ...
by SurferTim
Sat Sep 13, 2014 6:05 pm
Forum: Beginner Basics
Topic: exteral login page no errors are displayed
Replies: 14
Views: 2445

Re: exteral login page no errors are displayed

What version of RouterOS are you using?
by SurferTim
Sat Sep 13, 2014 4:41 pm
Forum: Beginner Basics
Topic: exteral login page no errors are displayed
Replies: 14
Views: 2445

Re: exteral login page no errors are displayed

Then you need to do a bit of troubleshooting. Use this as the login.html page in your router. Check all entries to insure it is passing the values to the new page, especially the error value. My apology in advance if I introduced any errors into this page during the edit. <html> <head><title>...</ti...
by SurferTim
Sat Sep 13, 2014 3:22 pm
Forum: Beginner Basics
Topic: exteral login page no errors are displayed
Replies: 14
Views: 2445

Re: exteral login page no errors are displayed

Here is the wiki I wrote on external login pages. http://wiki.mikrotik.com/wiki/HotSpot_external_login_page Insure when the new login.html page in the router forwards the data to the external server, it sends this value <input type="hidden" name="error" value="$(error)"> and you use it on the new lo...
by SurferTim
Fri Sep 12, 2014 4:10 pm
Forum: General
Topic: login.html vs login
Replies: 1
Views: 475

Re: login.html vs login

If you are not logged in, I presume it calls login first. If you try to load login.html, then do a "view page source", all the variables are inserted correctly.
by SurferTim
Fri Sep 12, 2014 3:58 pm
Forum: Beginner Basics
Topic: Hotspot Self Registration
Replies: 1
Views: 1301

Re: Hotspot Self Registration

I don't believe the Mikrotik has the internal capability to do that. I use what you use. FreeRADIUS.
by SurferTim
Wed Sep 03, 2014 2:42 pm
Forum: General
Topic: Issue: DHCP deassigns address
Replies: 5
Views: 1950

Re: Issue: DHCP deassigns address

Why are some lease times 2 hours and others 5 minutes? Both were issued by the same dhcp server. 374 R address=nat mac-address=20:CF:30:D6:BD:0C client-id="1:20:cf:30:d6:bd:c" server=DHCP lease-time=2h dhcp-option="" status=bound expires-after=1h14m6s last-seen=45m54s active-address=10.195.4.130 act...
by SurferTim
Tue Sep 02, 2014 6:03 pm
Forum: General
Topic: Issue: DHCP deassigns address
Replies: 5
Views: 1950

Re: Issue: DHCP deassigns address

Check the entries in "/ip dhcp-server lease". /ip dhcp-server lease print detail Check the "expires-after" and "last-seen" entries. They should total the lease time. I had problems with this several versions ago when the "expires-after" time was not being updated after the lease renew. Maybe the sam...
by SurferTim
Fri Aug 29, 2014 7:00 pm
Forum: General
Topic: simple advertisement functionality doesn't work
Replies: 2
Views: 1243

Re: simple advertisement functionality doesn't work

but no advertisement redirect or popups happens during hotspot session. Most web browsers have popups blocked by default. My web browsers (IE and Chrome) don't even popup the "you are logged in" page unless I allow popups for the router's hotspot IP. Try setting your web browser to allow popups. De...
by SurferTim
Thu Aug 28, 2014 2:37 pm
Forum: General
Topic: Fix Radius Configuration
Replies: 1
Views: 470

Re: Fix Radius Configuration

Enable debug logging for RADIUS. The full response will be in the router's log.
/system logging
add topics=radius,debug action=memory
by SurferTim
Wed Aug 27, 2014 11:54 pm
Forum: General
Topic: email under version 6.x
Replies: 2
Views: 584

Re: email under version 6.x

Enable email debug logging and try it again, then check the router's log. It give much more detailed info on the attempted transaction.
/system logging
add topics=e-mail,debug action=memory
by SurferTim
Tue Aug 26, 2014 3:04 pm
Forum: Beginner Basics
Topic: SOS---After enabled hotspot, can't ping internal client
Replies: 8
Views: 1817

Re: SOS---After enabled hotspot, can't ping internal client

You know the device using 192.168.88.10 must be logged in to ping it, right?

edit: Or you need to bypass that ip through the hotspot if it can't login.
/ip hotspot ip-binding
add address=192.168.88.10 type=bypassed
by SurferTim
Mon Aug 25, 2014 4:13 pm
Forum: Beginner Basics
Topic: SOS---After enabled hotspot, can't ping internal client
Replies: 8
Views: 1817

Re: SOS---After enabled hotspot, can't ping internal client

If I need to ping the clients on the hotspot interface, I found I must use a out-interface icmp masquerade on the hotspot interface.
/ip firewall nat
add chain=src-nat action=masquerade protocol=icmp out-interface=ether2
If ether2 is not the hotspot interface, change that.
by SurferTim
Sat Aug 16, 2014 3:08 pm
Forum: General
Topic: Mikrotik-Group with Radius
Replies: 6
Views: 1740

Re: Mikrotik-Group with Radius

The issue I'm having is that the radius server appears to be sending a "MT-Group" instead of a "Mikrotik-Group" when responding with the access-accept. Is this how it should be? No. It should send Mikrotik-Group. I use this with the hotspot logins. http://wiki.mikrotik.com/wiki/Manual:RADIUS_Client...
by SurferTim
Thu Aug 14, 2014 5:07 pm
Forum: Beginner Basics
Topic: Cannot ping hotspot clients from different subnets
Replies: 2
Views: 707

Re: Cannot ping hotspot clients from different subnets

The hotspot client must be logged in in order to ping from outside the hotspot network.

Also, insure you are pinging the correct IP from outside the hotspot subnet. Look in "/ip hotspot host" and insure the to-address for that client is the same as the address. The to-address is the ip you must ping.
by SurferTim
Mon Aug 11, 2014 10:33 pm
Forum: General
Topic: Hotspot issues with Apple Devices
Replies: 6
Views: 2489

Re: Hotspot issues with Apple Devices

I just tested my iPhone5 on a RouterOS V6.9, and it did good. Popped up the login page, logged in, and an hour later it logged out. I was testing the session-timeout feature.
by SurferTim
Sun Aug 10, 2014 3:27 pm
Forum: General
Topic: Forum Question
Replies: 14
Views: 2414

Re: Forum Question

I get the same thing when I try to login. I think MikroTik is implementing an anti-spam feature on the login.
by SurferTim
Sat Aug 09, 2014 11:04 pm
Forum: Beginner Basics
Topic: Session Timeout in User Profile
Replies: 17
Views: 28652

Re: Session Timeout in User Profile

I have my idle timeout set high (1 day) so I can run tests like these without having to download something every few minutes. I'm now running this test on my iPhone 5. I have 58 minutes to go. edit: This is more difficult on my iPhone. When it goes into standby, it disconnects from my wifi and that ...
by SurferTim
Sat Aug 09, 2014 10:11 pm
Forum: Beginner Basics
Topic: Session Timeout in User Profile
Replies: 17
Views: 28652

Re: Session Timeout in User Profile

I'm using v6.9. It logged me out after 1 hour. I had to log in again. Maybe it is your script. You should post it so I can try it. It is not a problem here. This is your problem. I was testing with a YouTube video running during the last few minutes to insure it cut off the video when the time ran o...
by SurferTim
Sat Aug 09, 2014 9:43 pm
Forum: Beginner Basics
Topic: Session Timeout in User Profile
Replies: 17
Views: 28652

Re: Session Timeout in User Profile

Are you sure those users are using the default profile? The 'R' indicates you are using a RADIUS server for auth. Note the lack of a 'R' on the second active list.

What version RouterOS are you using?

I've got 25 minutes to go on my one hour session timeout.
by SurferTim
Sat Aug 09, 2014 9:26 pm
Forum: Beginner Basics
Topic: Session Timeout in User Profile
Replies: 17
Views: 28652

Re: Session Timeout in User Profile

I just checked my Winbox, and it is showing the correct times there also. Why is your display showing an 'R' before the line number in "ip hotspot active"? That is supposed to indicate you are using a radius server for authentication. I'm using a user from my router database in "/ip hotspot user".
by SurferTim
Sat Aug 09, 2014 9:13 pm
Forum: Beginner Basics
Topic: Session Timeout in User Profile
Replies: 17
Views: 28652

Re: Session Timeout in User Profile

I just tested mine. Here is the result from "/ip hotspot active". UPTIME + SESSION-TIME-LEFT = 1 hour. [admin@test] /ip hotspot active> pri Flags: R - radius, B - blocked # USER ADDRESS UPTIME SESSION-TIME-LEFT IDLE-TIMEOUT 0 tim 192.168.1.254 4m53s 55m7s 1d [admin@test] /ip hotspot active> I will w...
by SurferTim
Sat Aug 09, 2014 8:37 pm
Forum: Beginner Basics
Topic: Session Timeout in User Profile
Replies: 17
Views: 28652

Re: Session Timeout in User Profile

If you do not see a value here, it isn't working.
Does it show a session-time-left in "/ip hotspot active"?
by SurferTim
Sat Aug 09, 2014 8:08 pm
Forum: Beginner Basics
Topic: Session Timeout in User Profile
Replies: 17
Views: 28652

Re: Session Timeout in User Profile

The user is logged out unconditionally . That does NOT mean the user cannot log back in immediately ! I use FreeRADIUS and send a WISPr-Session-Terminate-Time with the Access-Accept message instead of session-timeout. That will prevent a client from logging back in. http://wiki.mikrotik.com/wiki/Man...
by SurferTim
Sat Aug 09, 2014 8:00 pm
Forum: Beginner Basics
Topic: Simple Queue does not work with Hotpspot
Replies: 11
Views: 2588

Re: Simple Queue does not work with Hotpspot

The entry won't take fractions, so use K instead of M.
/ip hotspot user profile
set 0 rate-limit="1M/1500K"
by SurferTim
Sat Aug 09, 2014 4:18 pm
Forum: Beginner Basics
Topic: Session Timeout in User Profile
Replies: 17
Views: 28652

Re: Session Timeout in User Profile

It did last time I checked. Look in "/ip hotspot active" and see what that client shows under "session time left". Once the client is logged out, there is nothing to prevent the client from logging in again unless you use some other way of preventing the login. If you have "login-by=cookie" in "/ip ...
by SurferTim
Mon Aug 04, 2014 7:12 pm
Forum: Beginner Basics
Topic: Simple Queue does not work with Hotpspot
Replies: 11
Views: 2588

Re: Simple Queue does not work with Hotpspot

This sets the user upload/download speed limit to 512k upload and 1M download.
/ip hotspot user profile
set 0 rate-limit="512k/1M"
by SurferTim
Mon Aug 04, 2014 4:39 pm
Forum: Beginner Basics
Topic: Simple Queue does not work with Hotpspot
Replies: 11
Views: 2588

Re: Simple Queue does not work with Hotpspot

I don't see the profile for the hotspot. I see only the default.

I use the rate-limit entry in "/ip hotspot user profile" to limit user upload/download rates.
by SurferTim
Tue Jul 15, 2014 4:16 pm
Forum: General
Topic: Automatic client login to hotspot !!!
Replies: 1
Views: 440

Re: Automatic client login to hotspot !!!

You can use "login-by=cookie,http-chap", and a cookie will log you in without a login page, but you must have NTP set or the cookie will timeout each time you close your web browser.

edit: That change must be made on the router that has the hotspot, so your ISP would need to implement that.
by SurferTim
Tue Jul 08, 2014 4:42 pm
Forum: General
Topic: Mikrotik Hotspot Bypass/Exclusion for Subnets
Replies: 12
Views: 3789

Re: Mikrotik Hotspot Bypass/Exclusion for Subnets

Have you tried disabling the hotspot universal NAT?
/ip hotspot
set 0 address-pool=none
If 0 is not the line number of your hotspot, change that.
by SurferTim
Sat Jul 05, 2014 4:27 pm
Forum: General
Topic: Freeradius Port-Limit simultaneous-use
Replies: 3
Views: 1592

Re: Freeradius Port-Limit simultaneous-use

Simultaneous-Use is working if I use PAP. radtest works. #radtest user password 127.0.0.1 100 secret FreeRADIUS will never be 127.0.0.1 on the router. Enable radius logging on your router. /system logging add topics=radius,debug action=memory Try the login again and check your log. edit: If the use...
by SurferTim
Sat Jun 28, 2014 4:21 pm
Forum: General
Topic: Strange IP on webporxy loggin
Replies: 4
Views: 1389

Re: Strange IP on webporxy loggin

You should be blocking requests from the WAN interface from at least unknown/untrusted ip addresses, otherwise you are asking to get hacked. This will help you add the other rules you need to secure your router.
http://wiki.mikrotik.com/wiki/Securing_your_router
by SurferTim
Sat Jun 28, 2014 3:35 pm
Forum: General
Topic: Strange IP on webporxy loggin
Replies: 4
Views: 1389

Re: Strange IP on webporxy loggin

Are you blocking proxy requests from the internet? If not, then that is normal. Anyone would be able to use your proxy.
by SurferTim
Fri Jun 27, 2014 2:43 pm
Forum: Beginner Basics
Topic: RouterOS as core network router blocking AD authentication?
Replies: 7
Views: 1593

Re: RouterOS as core network router blocking AD authenticati

How would one verify that the router is not blocking/dropping packets to port 445 for SMB share access (or any other protocols)?
Look in "/ip firewall filter".
by SurferTim
Thu Jun 26, 2014 9:10 pm
Forum: RouterBOARD hardware
Topic: RB750 die after reset
Replies: 7
Views: 2932

Re: RB750 die after reset

Are you using Winbox? If so, start Winbox and next to the "Connect to" box there is a button with "...". Click on that and wait a couple seconds. Your router should appear there, even if no ip is assigned to the port. It may show only the mac address.
by SurferTim
Thu Jun 26, 2014 8:49 pm
Forum: Beginner Basics
Topic: RouterOS as core network router blocking AD authentication?
Replies: 7
Views: 1593

Re: RouterOS as core network router blocking AD authenticati

If you can ping the AD server, then the Active Directory problems are normally a Windows firewall issue. Insure you are allowing the correct ports through the AD server firewall. Do a Google search for Active Directory firewall ports.
by SurferTim
Thu Jun 26, 2014 3:59 pm
Forum: Beginner Basics
Topic: Gerneral Question: RADIUS - multi DHCP - Usergroups
Replies: 3
Views: 619

Re: Gerneral Question: RADIUS - multi DHCP - Usergroups

Are you planning on using different radius servers to manage each domain?
by SurferTim
Tue Jun 24, 2014 4:19 pm
Forum: General
Topic: Strange log messages
Replies: 4
Views: 815

Re: Strange log messages

Also check "/system logging" to insure you do not have a "topics=firewall" enabled.
by SurferTim
Tue Jun 24, 2014 2:44 pm
Forum: Beginner Basics
Topic: Hotspot on multiple locations
Replies: 6
Views: 1232

Re: Hotspot on multiple locations

Why not keep them separate hotspots and use a single RADIUS server for the authentication?
by SurferTim
Sat Jun 21, 2014 2:13 am
Forum: General
Topic: HOTSPOT from and to IP ADDRESS
Replies: 7
Views: 1322

Re: HOTSPOT from and to IP ADDRESS

Hi, you need to change the hotspot user profile to none not only in servers sheet. It works fine im tested it on more hotspots, in hosts now only one IP. Where do you see an entry for this in "/ip hotspot user profile"? I don't know what this is supposed to mean. edit: I see where you can assign an...
by SurferTim
Thu Jun 19, 2014 6:09 pm
Forum: General
Topic: Mentioning IP Pool
Replies: 9
Views: 1341

Re: Mentioning IP Pool

If they have static IPs, what is the point of having an IP pool? I do not use hotspot, so maybe there is some point I do not know about. What is the IP address which is configured on the hotspot facing interface? If the hotspot is still using the universal 1:1 NAT, the hotspot interface on the clie...
by SurferTim
Thu Jun 19, 2014 3:57 pm
Forum: General
Topic: Simple Queue in Hotspot
Replies: 2
Views: 937

Re: Simple Queue in Hotspot

I haven't verified it, but that is normally unauthorized clients attempting to access pages outside the hotspot. It could be websites in the walled garden, or the login page.
by SurferTim
Tue Jun 17, 2014 2:29 pm
Forum: General
Topic: HOTSPOT from and to IP ADDRESS
Replies: 7
Views: 1322

Re: HOTSPOT from and to IP ADDRESS

SurferTim,

Same issue. :(
Are you sure? If you set the hotspot address-pool to none, it does not perform the NAT.

edit: Insure you are setting the address-pool on the right hotspot (AFGS-HS-S...).
by SurferTim
Mon Jun 16, 2014 2:42 pm
Forum: General
Topic: HOTSPOT from and to IP ADDRESS
Replies: 7
Views: 1322

Re: HOTSPOT from and to IP ADDRESS

I need my hotspot to get the same ip address from my dhcp, which is working before on my previous hotspot setup, now I dont know what is wrong.
Disable the hotspot NAT. If disabled, no translation will be done.
/ip hotspot
set 0 address-pool=none
by SurferTim
Sun Jun 15, 2014 4:14 pm
Forum: General
Topic: HOTSPOT:IP Active User does not correspond to IP of pc
Replies: 1
Views: 447

Re: HOTSPOT:IP Active User does not correspond to IP of pc

Look in "/ip hotspot host". That shows the hotspot NAT results. The address is what the PC is assigned. The to-address is the dhcp issued ip to that device. The router sees only the to-address. The hotspot uses arp poisoning to intercept the devices requests on the hotspot localnet. To disable the N...
by SurferTim
Sun Jun 15, 2014 3:24 pm
Forum: General
Topic: HOTSPOT from and to IP ADDRESS
Replies: 7
Views: 1322

Re: HOTSPOT from and to IP ADDRESS

If you mean the entries in "/ip hotspot host", that is the universal hotspot NAT. It allows clients to use the hotspot if they have a static ip outside the hotspot localnet ip range.

If you want to disable the hotspot NAT, then
/ip hotspot
set 0 address-pool=none
by SurferTim
Fri Jun 06, 2014 4:50 pm
Forum: RouterBOARD hardware
Topic: RB433UAH and Arduino Uno/Mega and Ethernet shield
Replies: 18
Views: 10095

Re: RB433UAH and Arduino Uno/Mega and Ethernet shield

My apology for not experimenting with this in a while. I've been busy with another project. I am now at a point where this function would be useful. I will try to make time soon to see if I can login to the Mikrotik router through the USB port. That would probably be the simplest solution involving ...
by SurferTim
Tue Jun 03, 2014 8:19 pm
Forum: Beginner Basics
Topic: Hotspot MAC cookie timeout
Replies: 9
Views: 6895

Re: Hotspot MAC cookie timeout

ROS6.9 on a RB433AH.

Going surfing now, Be back in an hour or so. :D
by SurferTim
Tue Jun 03, 2014 6:45 pm
Forum: Beginner Basics
Topic: Hotspot MAC cookie timeout
Replies: 9
Views: 6895

Re: Hotspot MAC cookie timeout

I did. I set the http-cookie-lifetime=10d, and it set the http-cookie-lifetime=1w3d. Here is the output from the router: [admin@test] /ip hotspot cookie> pri Flags: M - mac-cookie # USER DOMAIN MAC-ADDRESS EXPIRES-IN 0 admin 00:16:76:04:CC:1E 1w2d23h58m6s Here is the output from Chrome's cookies: Na...
by SurferTim
Tue Jun 03, 2014 6:13 pm
Forum: Beginner Basics
Topic: Hotspot MAC cookie timeout
Replies: 9
Views: 6895

Re: Hotspot MAC cookie timeout

The maximum value is 3d!!! ;)
Was this a test or in the documentation?
by SurferTim
Tue Jun 03, 2014 4:04 pm
Forum: Beginner Basics
Topic: Hotspot MAC cookie timeout
Replies: 9
Views: 6895

Re: Hotspot MAC cookie timeout

I don't use cookie logins, but I know where to change the value.
/ip hotspot profile
set X http-cookie-lifetime=10d
Change X to the line number or name of the hotspot profile.

If they don't work, insure you use NTP client to set the correct time in the router.
by SurferTim
Mon Jun 02, 2014 3:25 pm
Forum: Beginner Basics
Topic: Routing Problem
Replies: 1
Views: 419

Re: Routing Problem

Not enough info here. How are these routers connected to each other?

If the routers all share the 10.0.0.x network, and all have a 192.168.1.x localnet, it will be very difficult to route all those. Maybe one 192.168.1.x network will work.
by SurferTim
Fri May 30, 2014 5:25 pm
Forum: General
Topic: One website not available through Mikrotik router
Replies: 13
Views: 3225

Re: One website not available through Mikrotik router

That is the same ip I get here. That website is using virtual hosting. If you try that ip, you get a webpage from the virtual host. Then try nslookup from a command line on the computer if it has that capability. Maybe the computer is not getting the resolution on that domain. Is the request to that...
by SurferTim
Fri May 30, 2014 5:12 pm
Forum: General
Topic: One website not available through Mikrotik router
Replies: 13
Views: 3225

Re: One website not available through Mikrotik router

Check if the router is resolving that domain. From a command line in the router
:put [:resolve e107.org]
by SurferTim
Fri May 30, 2014 4:45 pm
Forum: Beginner Basics
Topic: Hotspot question
Replies: 2
Views: 532

Re: Hotspot question

How long are you looking to keep the user logged in after the disconnect? If you allow only one user logged in simultaneously, then that user will not be able to login from another device during that time.
by SurferTim
Tue May 27, 2014 5:32 pm
Forum: General
Topic: Hotspot hack
Replies: 2
Views: 1165

Re: Hotspot hack

Today I login and I see that it's changed back to pornotube redirect, but no body else except me logged in to the RB. :-S
How do you know that? Maybe the hacker rebooted your router.
by SurferTim
Tue May 27, 2014 5:20 pm
Forum: General
Topic: Two Radius Servers
Replies: 4
Views: 1013

Re: Two Radius Servers

How does the router which is the "main" and which one is the "backup" radius server?
It is the order that the servers are entered in the "/radius" section. First entry is the primary. The second entry is the backup. Only if the primary does not respond will the router contact the secondary server.
by SurferTim
Tue May 27, 2014 3:16 pm
Forum: General
Topic: problem in authentication using radius server in mikrotik
Replies: 23
Views: 2403

Re: problem in authentication using radius server in mikroti

ya you are ri8. But currently i don't have mikrotik router. So i did my testing on D-link router. it works well. But i want to check make sure for mikrotik it will work as well. So if you can provide me that kind of stuff then it will be better for me. That doesn't make sense. How can you test a Mi...
by SurferTim
Tue May 27, 2014 2:29 pm
Forum: General
Topic: problem in authentication using radius server in mikrotik
Replies: 23
Views: 2403

Re: problem in authentication using radius server in mikroti

That code was produced by the standard login.html page from my router. I removed the stuff that applied to the login-by=http-chap and the formatting part. Look in your router under /file. It should be in a directory called hotspot/login.html. The code I posted above was taken from a "view source" to...
by SurferTim
Mon May 26, 2014 7:08 pm
Forum: General
Topic: problem in authentication using radius server in mikrotik
Replies: 23
Views: 2403

Re: problem in authentication using radius server in mikroti

ok. let me check that it works for me or not. Do you think that by providing simply username and password using a form we can authenticate our self to mikrotik? It appears so. That is what that form does if using login-by=http-pap. If you use login-by=http-chap, all bets are off. The chap challenge...
by SurferTim
Mon May 26, 2014 6:14 pm
Forum: General
Topic: problem in authentication using radius server in mikrotik
Replies: 23
Views: 2403

Re: problem in authentication using radius server in mikroti

I enabled my hotspot and tried to login. Then I did a "view source" of the login page (login.html). Here is mine shortened to just the stuff you need. If you are using login-by=http-pap, then this is the form you must submit to the router: <form name=login action="http://192.168.1.1/login" method="p...
by SurferTim
Mon May 26, 2014 4:37 pm
Forum: General
Topic: problem in authentication using radius server in mikrotik
Replies: 23
Views: 2403

Re: problem in authentication using radius server in mikroti

I'm not sure. I haven't tried it. If you are not using the login-by=http-chap setting, it shouldn't be too bad. Open a port 80 connection to the router, then send a form with the user/password to the correct "page" and wait for a response.
by SurferTim
Mon May 26, 2014 4:28 pm
Forum: General
Topic: problem in authentication using radius server in mikrotik
Replies: 23
Views: 2403

Re: problem in authentication using radius server in mikroti

Your app need not respond to the "look and feel" stuff. Just the forms. All those web browsers are not returning the "look and feel" stuff to the router, just to you so the display will be pretty. I recommend using http-pap as a login-by setting to start. That way your app doesn't need to do the jav...
by SurferTim
Mon May 26, 2014 4:12 pm
Forum: General
Topic: problem in authentication using radius server in mikrotik
Replies: 23
Views: 2403

Re: problem in authentication using radius server in mikroti

@SurferTim : so you mean its possible to authenticate using desktop based application to mikrotik??
Of course! Internet Explorer is a desktop app. Chrome is a desktop app. Firefox is a desktop app. Your Java app must emulate those apps to login.
by SurferTim
Mon May 26, 2014 4:04 pm
Forum: General
Topic: problem in authentication using radius server in mikrotik
Replies: 23
Views: 2403

Re: problem in authentication using radius server in mikroti

You must authenticate through the Mikrotik router. The router must connect to the radius server, get the authentication and return that result to your Java app through a port 80 connection.
by SurferTim
Mon May 26, 2014 3:14 pm
Forum: General
Topic: problem in authentication using radius server in mikrotik
Replies: 23
Views: 2403

Re: problem in authentication using radius server in mikroti

If the Java app works like a web client, it should be possible. I'm not saying it would be easy.
by SurferTim
Mon May 26, 2014 3:07 pm
Forum: General
Topic: hotspot enable network access
Replies: 12
Views: 1404

Re: hotspot enable network access

Did you remove the interfaces from the switch? ether1 is normally the WAN interface, and ether2-ether5 are normally on a switch on the RB750. If you haven't removed them, I believe ether2 is the master port of the switch, not ether3. If I get time, I'll try some tests on my network today, just to in...
by SurferTim
Mon May 26, 2014 2:52 am
Forum: General
Topic: hotspot enable network access
Replies: 12
Views: 1404

Re: hotspot enable network access

So your localnet PCs can access each other and the internet with the hotspot disabled? If so, the hotspot universal nat is the only thing that has blocked localnet access for me. Setting the address-pool to none disables that nat.

Maybe you should post "/ip address" and "/ip hotspot profile".
by SurferTim
Sun May 25, 2014 5:27 pm
Forum: General
Topic: problem in authentication using radius server in mikrotik
Replies: 23
Views: 2403

Re: problem in authentication using radius server in mikroti

I want to authenticate each connected user using wired connection. So i use Freeradius server along with mikrotik. I want to make a simple change. I don't want to use default authentication page provided by mikrotik, apart from it i want to use my own mechanism that request to authenticate to mikro...
by SurferTim
Sun May 25, 2014 3:12 pm
Forum: Scripting
Topic: Ineed to show user limit in status.html help me
Replies: 1
Views: 919

Re: Ineed to show user limit in status.html help me

Look here under "User status information".
http://wiki.mikrotik.com/wiki/Manual:Cu ... ng_Hotspot

$(session-time-left)
$(limit-bytes-in)
$(limit-bytes-out)
by SurferTim
Sun May 25, 2014 2:11 pm
Forum: General
Topic: hotspot enable network access
Replies: 12
Views: 1404

Re: hotspot enable network access

If you want the PCs on the hotspot interface to communicate with each other, disable the hotspot universal nat.
/ip hotspot
set 0 address-pool=none
It is the hotspot using arp poisoning to perform the universal 1:1 nat that prevents localnet communication.
by SurferTim
Sat May 17, 2014 3:31 pm
Forum: Beginner Basics
Topic: NTP client doesn't sync
Replies: 4
Views: 2796

Re: NTP client doesn't sync

...and move it above the 'drop all' rule...
...and that too. I missed that part.
by SurferTim
Sat May 17, 2014 3:18 pm
Forum: Beginner Basics
Topic: NTP client doesn't sync
Replies: 4
Views: 2796

Re: NTP client doesn't sync

I don't know if this is the problem, but I don't see where you have started a services chain. 7 ;;; Allow NTP chain=services action=accept protocol=udp dst-port=123 I would set that chain to input, and allow the src-port=123. 7 ;;; Allow NTP chain=input action=accept protocol=udp src-port=123
by SurferTim
Tue May 06, 2014 5:15 pm
Forum: Beginner Basics
Topic: Time policy to use hotspot
Replies: 6
Views: 973

Re: Time policy to use hotspot

You should be able to do it with a script and the scheduler. Replace the 'X' below with the line number or name of the hotspot.

Schedule this to run and enable it at 1PM daily.
/ip hotspot
enable X
Schedule this to run disable it at 6PM daily.
/ip hotspot
disable X
by SurferTim
Sat May 03, 2014 5:00 pm
Forum: Beginner Basics
Topic: how to make blacklisted hosts
Replies: 6
Views: 914

Re: how to make blacklisted hosts

How are you determining what ips to put in the blacklist? Are you planning on doing that manually? If so, use an address list. Put the ips in an address list, then use that list to block access to those ips. This should do what you want: /ip firewall address-list add address=1.2.3.4 list=myblacklist...
by SurferTim
Sat May 03, 2014 3:50 pm
Forum: Beginner Basics
Topic: how to make blacklisted hosts
Replies: 6
Views: 914

Re: how to make blacklisted hosts

If you want me to help you, be more specific about "blacklisted" and "hosts". Are you not understanding what I am asking? Just a few questions: 1) How are you determining what goes in the blacklist? 2) What format are the hosts in? IP or domain name? 3) How did you get that much karma and not know t...
by SurferTim
Sat May 03, 2014 3:42 pm
Forum: Beginner Basics
Topic: how to make blacklisted hosts
Replies: 6
Views: 914

Re: how to make blacklisted hosts

how to make blacklisted hosts in firewall?
Use "/ip firewall filter".
by SurferTim
Sat May 03, 2014 2:50 pm
Forum: Beginner Basics
Topic: using local forum page beside hotspot login page!
Replies: 8
Views: 1509

Re: using local forum page beside hotspot login page!

nobody understand my question!
I don't know what you want. I thought you wanted a login page and your forum page on the same page. If that isn't it, be more specific about what you want.

Did you not understand about the iframe and the walled garden?
http://www.w3schools.com/tags/tag_iframe.asp
by SurferTim
Fri May 02, 2014 2:16 pm
Forum: Beginner Basics
Topic: Cannot connect to Internet after change router IP address
Replies: 18
Views: 4072

Re: Cannot connect to Internet after change router IP addres

No. Remove it by highlighting the dhcp server entry, then click the red '-'. Click "DHCP Setup" and answer the prompts.
by SurferTim
Fri May 02, 2014 8:24 am
Forum: Beginner Basics
Topic: Cannot connect to Internet after change router IP address
Replies: 18
Views: 4072

Re: Cannot connect to Internet after change router IP addres

Can I do this by WinBox's GUI?
Yes.
by SurferTim
Fri May 02, 2014 5:08 am
Forum: Beginner Basics
Topic: Cannot connect to Internet after change router IP address
Replies: 18
Views: 4072

Re: Cannot connect to Internet after change router IP addres

Remove the old dhcp server.
/ip dhcp-server
remove X
Relace X with the line number of the server for that network.

Set up the new one.
/ip dhcp-server
setup
by SurferTim
Thu May 01, 2014 7:58 pm
Forum: Beginner Basics
Topic: Cannot connect to Internet after change router IP address
Replies: 18
Views: 4072

Re: Cannot connect to Internet after change router IP addres

Did you change the dhcp server and repair the network connection?
by SurferTim
Thu May 01, 2014 1:34 pm
Forum: Beginner Basics
Topic: Cannot connect to Internet after change router IP address
Replies: 18
Views: 4072

Re: Cannot connect to Internet after change router IP addres

I recommend removing the assignment in "/ip address" and enter a new assignment. Don't edit the address. It won't change the stuff needed to route the new ip address. Do the same with the dhcp server. Remove it and set up a new one after the "/ip address" change. Be careful tho. Removing the address...
by SurferTim
Tue Apr 29, 2014 7:51 pm
Forum: Beginner Basics
Topic: Cannot connect to Internet after change router IP address
Replies: 18
Views: 4072

Re: Cannot connect to Internet after change router IP addres

The solution in your case is easy. If you do not understand what I am asking, don't change it.
by SurferTim
Tue Apr 29, 2014 6:28 pm
Forum: Beginner Basics
Topic: Cannot connect to Internet after change router IP address
Replies: 18
Views: 4072

Re: Cannot connect to Internet after change router IP addres

I should have been more specific. You should post the following
/ip address print
/ip route print
/ip dhcp-server print
/ip dhcp-server network print
/ip pool print
/ip firewall nat print
by SurferTim
Tue Apr 29, 2014 5:11 pm
Forum: Beginner Basics
Topic: Cannot connect to Internet after change router IP address
Replies: 18
Views: 4072

Re: Cannot connect to Internet after change router IP addres

Then you should post the following
/ip address
/ip route
/ip dhcp-server
/ip dhcp-server network
/ip pool
/ip firewall nat
by SurferTim
Tue Apr 29, 2014 5:06 pm
Forum: General
Topic: IP Addressing & HotSpot Issues
Replies: 3
Views: 695

Re: IP Addressing & HotSpot Issues

Insure you remove wlan1 from the switch/bridge. Here are the default configurations for MikroTik devices.
http://wiki.mikrotik.com/wiki/Manual:De ... igurations
by SurferTim
Tue Apr 29, 2014 4:48 pm
Forum: Beginner Basics
Topic: Cannot connect to Internet after change router IP address
Replies: 18
Views: 4072

Re: Cannot connect to Internet after change router IP addres

Insure you change the gateway on the PC. The dhcp server settings on the router may need to be changed. That may require "Repair the connection" on your PCs.
/ip dhcp-server network
print
by SurferTim
Tue Apr 29, 2014 3:19 pm
Forum: General
Topic: After running hotspot ,xp users can not see workgroup!
Replies: 2
Views: 680

Re: After running hotspot ,xp users can not see workgroup!

If you want to allow communication on the hotspot localnet, you can disable the hotspot universal nat by setting the hotspot address pool to "none".
/ip hotspot
set 0 address-pool=none
by SurferTim
Tue Apr 29, 2014 2:37 pm
Forum: General
Topic: Mikrotik Hotspot Trail - Users having to relogin
Replies: 1
Views: 521

Re: Mikrotik Hotspot Trail - Users having to relogin

The cookie login doesn't work if NTP client is not set up on the router. The router needs the correct time for that function to work. Just a thought...
by SurferTim
Sat Apr 26, 2014 3:47 pm
Forum: Beginner Basics
Topic: DNS
Replies: 3
Views: 1109

Re: DNS

If you set "allow-remote-requests=no", then your router will be the only device using the dns on the router. Your clients will not be able to use the router for dns. The "/ip dns static" entries are local only. Only clients using the router for dns will use the entries there. Be careful tho. If you ...
by SurferTim
Sat Apr 26, 2014 2:48 pm
Forum: Beginner Basics
Topic: using local forum page beside hotspot login page!
Replies: 8
Views: 1509

Re: using local forum page beside hotspot login page!

You should be able to add an iFrame to the login.html doc just like any html page, and allow the forum through the hotspot like this:
/ip hotspot walled-garden
add dst-host=forum.mydomain.com action=allow
by SurferTim
Sat Apr 26, 2014 2:44 pm
Forum: Beginner Basics
Topic: DNS
Replies: 3
Views: 1109

Re: DNS

I think this is what you want. Set up the router in "/ip dns". Set "allow-remote-requests=yes" so the clients can use it for a dns server. If the clients get their network settings from the router's dhcp, then set the dhcp server to issue the router's ip as the dns server. /ip dhcp-server network se...
by SurferTim
Fri Apr 25, 2014 4:53 pm
Forum: General
Topic: Remote login to a private IP
Replies: 1
Views: 474

Re: Remote login to a private IP

Not possible unless your ISP port forwards the public ip to your private ip.
by SurferTim
Wed Apr 23, 2014 5:22 am
Forum: General
Topic: Hotspot walled garden
Replies: 4
Views: 1347

Re: Hotspot walled garden

You don't need a wildcard for the pages, just the server/domain. This should do the same thing.
/ip hotspot walled-garden
add dst-host=download.mcafee.com action=allow
by SurferTim
Wed Apr 23, 2014 1:31 am
Forum: Beginner Basics
Topic: DHCP hangs up
Replies: 12
Views: 2245

Re: DHCP hangs up

Sounds like a gateway problem in the APs. Maybe you should explain what make/model they are, and how they are set up.
by SurferTim
Wed Apr 23, 2014 1:28 am
Forum: General
Topic: Hotspot walled garden
Replies: 4
Views: 1347

Re: Hotspot walled garden

Why don't you just allow access to all mcafee.com? Would that be out of the question?
/ip hotspot walled-garden
add dst-host=*.mcafee.com action=allow
by SurferTim
Sat Apr 19, 2014 2:44 pm
Forum: General
Topic: hotspot's status.html is always popup
Replies: 28
Views: 10423

Re: hotspot's status.html is always popup

Then remove the code from alogin.html as I suggested above.
by SurferTim
Thu Apr 17, 2014 3:24 pm
Forum: Beginner Basics
Topic: Port forwarding works - except for 1 port in particular
Replies: 2
Views: 572

Re: Port forwarding works - except for 1 port in particular

Post your "/ip firewall nat" and "/ip firewall filter" rules.

I use the CLI.
/ip firewall nat print
/ip firewall filter print
by SurferTim
Thu Apr 17, 2014 3:15 pm
Forum: Beginner Basics
Topic: Yes ping - No http - No telnet - newbee
Replies: 5
Views: 1386

Re: Yes ping - No http - No telnet - newbee

Check "/ip firewall filter". The RB2011 blocks WAN access by default. Add a rule that allows your remote ips through the firewall.
by SurferTim
Wed Apr 16, 2014 1:11 am
Forum: Beginner Basics
Topic: Router refusing seemingly random IP's issue
Replies: 8
Views: 1170

Re: Router refusing seemingly random IP's issue

You stated that the router was refusing ip addresses from the dhcp server. What ip addresses is it refusing? If the dhcp server is attempting to issue a 192.168.0.x/24 ip, and you have a 192.168.0.x/24 localnet on the router, that could cause a problem. The usual thing I recommend is enable verbose ...
by SurferTim
Tue Apr 15, 2014 1:33 pm
Forum: Beginner Basics
Topic: Router refusing seemingly random IP's issue
Replies: 8
Views: 1170

Re: Router refusing seemingly random IP's issue

Post "/ip address" and the ip offers that the router is refusing from the dhcp server.
by SurferTim
Mon Apr 14, 2014 4:45 pm
Forum: Beginner Basics
Topic: Router refusing seemingly random IP's issue
Replies: 8
Views: 1170

Re: Router refusing seemingly random IP's issue

Just out of curiosity, is your client router being issued an ip/subnet by the dhcp server that already exists on the dhcp client router?
by SurferTim
Sun Apr 13, 2014 5:23 pm
Forum: Beginner Basics
Topic: Please help in setting up an SMTP server
Replies: 9
Views: 4443

Re: Please help in setting up an SMTP server

Sorry about that. It is port 587 now, not 465.
by SurferTim
Sun Apr 13, 2014 3:45 pm
Forum: Beginner Basics
Topic: Please help in setting up an SMTP server
Replies: 9
Views: 4443

Re: Please help in setting up an SMTP server

Use the SMTP server ip for Gmail. That is smtp.gmail.com. I use nslookup (or :resolve in Mikrotik script) to get the ip. Currently it resolves to these here in Florida: 173.194.64.108 173.194.64.109 To insure the email is accepted, use your Gmail address as the sender. You can also use it as the to ...
by SurferTim
Sun Apr 13, 2014 2:53 pm
Forum: Beginner Basics
Topic: Please help in setting up an SMTP server
Replies: 9
Views: 4443

Re: Please help in setting up an SMTP server

Most email servers check the sender's domain. If it doesn't resolve, it won't take the email.

To check why it is being rejected, enable debug logging for email and try a send, then check the log.
/system logging
add topics=e-mail,debug action=memory
by SurferTim
Sat Apr 12, 2014 12:17 am
Forum: General
Topic: DHCP and Switch Question
Replies: 7
Views: 1534

Re: DHCP and Switch Question

Set the relay and src. address settings to 0.0.0.0.
by SurferTim
Fri Apr 11, 2014 10:43 pm
Forum: General
Topic: DHCP and Switch Question
Replies: 7
Views: 1534

Re: DHCP and Switch Question

So 192.168.10.1 is the dhcp server for your network?
http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Relay
by SurferTim
Fri Apr 11, 2014 10:29 pm
Forum: General
Topic: DHCP and Switch Question
Replies: 7
Views: 1534

Re: DHCP and Switch Question

Is that an 'I' (invalid) preceeding the dhcp server name? If so, you should find out why. [admin@MikroTik] >> ip dhcp-server print Flags: X - disabled, I - invalid # NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP 0 I dhcp1 ether1 192.168.10.1 dhcp_pool1 3d Why is there a relay entry of 192.168...
by SurferTim
Fri Apr 11, 2014 2:22 pm
Forum: General
Topic: hotspot's status.html is always popup
Replies: 28
Views: 10423

Re: hotspot's status.html is always popup

simply put "//" at the start of the line where "open('$(link-status)'......" is
The OP said above he tried that and it didn't work. I would suspect at that point the Android is not recognizing the comment slashes or the $if statement.

BTW, nice fix. :D
by SurferTim
Fri Apr 11, 2014 2:06 am
Forum: General
Topic: hotspot's status.html is always popup
Replies: 28
Views: 10423

Re: hotspot's status.html is always popup

Then try removing all of this from the alogin.html page: $(if popup == 'true') open('$(link-status)', 'hotspot_status', 'toolbar=0,location=0,directories=0,status=0,menubars=0,resizable=1,width=290,height=200'); $(endif) If there is no command to open the status page, it shouldn't open.
by SurferTim
Thu Apr 10, 2014 11:48 pm
Forum: General
Topic: hotspot's status.html is always popup
Replies: 28
Views: 10423

Re: hotspot's status.html is always popup

I tried it again with IE and Chrome. Both respond correctly. If popup is true, you get a status.html popup. If popup is false, you don't. RB433AH ROS V6.9 I have "login-by=http-chap". Insure you are modifying the correct file. hotspot/login.html Did you do the "view source" as I suggested? Does it s...
by SurferTim
Tue Apr 08, 2014 11:41 pm
Forum: General
Topic: hotspot's status.html is always popup
Replies: 28
Views: 10423

Re: hotspot's status.html is always popup

Is a mobile phone the only device you have? It doesn't matter if a cellphone or a laptop. Try it with a laptop and view the source. If the page has popup set to false, then it should be false for every device that loads the login.html page.
by SurferTim
Tue Apr 08, 2014 1:10 am
Forum: General
Topic: hotspot's status.html is always popup
Replies: 28
Views: 10423

Re: hotspot's status.html is always popup

It appears to be the login.html page you need to modify. There are two places that must be changed to insure no popup status page. You must change <input type="hidden" name="popup" value="true" /> to false. Here if you use "login-by=http-chap": $(if chap-id) <form name="sendin" action="$(link-login-...
by SurferTim
Mon Apr 07, 2014 7:16 pm
Forum: Beginner Basics
Topic: PPTP Connection can't see entire network.
Replies: 3
Views: 2271

Re: PPTP Connection can't see entire network.

Are you using a Mikrotik router as the client? If so, do you have a route to the PPTP server localnet networks in the client "/ip route"?
by SurferTim
Mon Apr 07, 2014 6:52 pm
Forum: Beginner Basics
Topic: Winbox - IP Route Window - Colors
Replies: 3
Views: 1492

Re: Winbox - IP Route Window - Colors

Last I checked:
Black means good.
Blue means the interface is not running (nothing connected)
Red means the interface doesn't exist or is disabled.
by SurferTim
Mon Apr 07, 2014 4:29 pm
Forum: Beginner Basics
Topic: Web Proxy - No Route to host
Replies: 2
Views: 2826

Re: Web Proxy - No Route to host

Add "dst-address-type=!local" to the dstnat redirect rule.
by SurferTim
Mon Apr 07, 2014 2:29 pm
Forum: General
Topic: Hotspot MAC-auth
Replies: 5
Views: 1158

Re: Hotspot MAC-auth

Yes, I am wrong. I just tested it with V6.9 and it does not change the mac format. It leaves the colons in the mac address. Sound like a new bug to me. I think the last time I tried this was with V4.X, so it has been a while. It did change the format then. I remember this because my radius didn't li...
by SurferTim
Sat Apr 05, 2014 4:14 pm
Forum: General
Topic: Offload dns with hotspot.
Replies: 5
Views: 3003

Re: Offload dns with hotspot.

I did a bit of experimenting and maybe found a way. Print the dynamic rules and set the redirect for tcp and udp dst-port=53 to "hotspot=!auth". Mine were rules 2 and 3. /ip firewall nat print dynamic set 2 hotspot=!auth set 3 hotspot=!auth Note it added "hotspot=!auth" to rules 2 and 3. [admin@test...
by SurferTim
Sat Apr 05, 2014 12:56 pm
Forum: General
Topic: automatically add users
Replies: 2
Views: 1199

Re: automatically add users

I haven't checked in a while, but you can use RADIUS for the system users. It worked a few versions ago. Just a thought...

As I recall, you can return Mikrotik-Group to set the group.
by SurferTim
Sat Apr 05, 2014 12:34 pm
Forum: General
Topic: Offload dns with hotspot.
Replies: 5
Views: 3003

Re: Offload dns with hotspot.

Last time I checked, the hotspot walled garden depends on the dns cache to allow access to domains in the walled garden. If you managed to bypass the dns service of the router, the hotspot walled garden would not function. Just a FYI.
by SurferTim
Fri Apr 04, 2014 4:51 pm
Forum: General
Topic: Mikrotik Ping problem
Replies: 2
Views: 887

Re: Mikrotik Ping problem

Usually this can be caused by a network configuration problem. Is your network routed or are you using masquerades?
Post "/ip route" from Mikrotik01.
Post "/ip firewall nat" from Mikrotik-02 and Mikrotik-03.
by SurferTim
Fri Apr 04, 2014 3:34 pm
Forum: General
Topic: Hotspot MAC-auth
Replies: 5
Views: 1158

Re: Hotspot MAC-auth

This change RADIUS MAC-format.. (Calling-Station-Id in radius packet), not login name...
It does change the login (user) name. I tested it, and it works.

Enable radius debug logging, and you will see the change in your router log.
/system logging
add topics=radius,debug action=memory
by SurferTim
Fri Apr 04, 2014 2:53 pm
Forum: General
Topic: Hotspot MAC-auth
Replies: 5
Views: 1158

Re: Hotspot MAC-auth

Yes. It works for RADIUS, but I haven't checked it with the local router database.
/ip hotspot profile
set X radius-mac-format=XXXXXXXXXXXX
by SurferTim
Wed Apr 02, 2014 3:25 pm
Forum: Beginner Basics
Topic: No ip address allocated..
Replies: 4
Views: 842

Re: No ip address allocated..

What type security do you have set on the AP? Looks like your security mode or passphrase in the apm6828 may be incorrect.
by SurferTim
Wed Apr 02, 2014 12:25 am
Forum: Beginner Basics
Topic: Unable to connect to AP on different ip rang
Replies: 6
Views: 1224

Re: Unable to connect to AP on different ip rang

How does the Groove get its network settings? Is it static or dhcp? Check the gateway setting on the Groove. Insure it is 192.168.40.254.
by SurferTim
Tue Apr 01, 2014 3:41 pm
Forum: Beginner Basics
Topic: Unable to connect to AP on different ip rang
Replies: 6
Views: 1224

Re: Unable to connect to AP on different ip rang

OK. Then post "/ip address" and "/ip route" from your routerboard server, whatever device that is. Never heard of that model routerboard.
by SurferTim
Tue Apr 01, 2014 3:06 pm
Forum: Beginner Basics
Topic: Unable to connect to AP on different ip rang
Replies: 6
Views: 1224

Re: Unable to connect to AP on different ip rang

My computer is connected on simple home router that is further connected to a main routerbord that is also a server/gateway...
Do you have that 192.168.40.x network routed to the routerboard in the "simple home router"?
by SurferTim
Tue Apr 01, 2014 2:52 am
Forum: Beginner Basics
Topic: Sending Mail using External SMTP server, but via IP not FQDN
Replies: 6
Views: 1863

Re: Sending Mail using External SMTP server, but via IP not

Outlook uses that short TTL for load balancing. The resolved ip should be good for much longer than 5 minutes. I show it rotates through the same set of ips over and over. If you keep entering this, you will see. :put [:resolve smtp.outlook.com] It has been the same set of about a dozen ips for the ...
by SurferTim
Tue Apr 01, 2014 1:00 am
Forum: Beginner Basics
Topic: Sending Mail using External SMTP server, but via IP not FQDN
Replies: 6
Views: 1863

Re: Sending Mail using External SMTP server, but via IP not

There is no problem with resolving smtp.outlook.com. Using the CLI
:put [:resolve smtp.outlook.com]
Don't resolve it every 5 minutes. Run it once a day.

If you have the ability and resources, then the best way is to use an email server to relay your email.
by SurferTim
Mon Mar 31, 2014 4:42 pm
Forum: Beginner Basics
Topic: No ip address allocated..
Replies: 4
Views: 842

Re: No ip address allocated..

What type of device is a nano time logger? The only time logger I know of would be an Arduino, but it doesn't have wireless capability.

edit: Or is this a computer like a Raspberry Pi or Beaglebone with a nano wifi device?
by SurferTim
Mon Mar 31, 2014 3:32 pm
Forum: General
Topic: Internet not working after hotspot setup
Replies: 22
Views: 6506

Re: Internet not working after hotspot setup

From the OP:
The hotpsot works fine but when I log in I am unable to access the internet even though the internet works when accessed directly without hotspot.
Then later:
I get the results

failure: dns server failure
If the router cannot resolve dns requests, then there will be problems.
by SurferTim
Mon Mar 31, 2014 3:18 pm
Forum: General
Topic: Internet not working after hotspot setup
Replies: 22
Views: 6506

Re: Internet not working after hotspot setup

Just a FYI: If you decide to add another network to your router, insure you add a masquerade that covers the new subnet. I use this, and it covers any subnets in the router.
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1
by SurferTim
Mon Mar 31, 2014 2:34 pm
Forum: General
Topic: Internet not working after hotspot setup
Replies: 22
Views: 6506

Re: Internet not working after hotspot setup

Did you fix your dns resolution problem?

@rextended: The hotspot redirects any dns request to the router.
by SurferTim
Sun Mar 30, 2014 8:56 pm
Forum: General
Topic: Internet not working after hotspot setup
Replies: 22
Views: 6506

Re: Internet not working after hotspot setup

What does it do when it doesn't work? What does the web browser display? Do you get a login page? What is in the address bar of the web browser? I found the redirect to the login page won't work if the dns-name entry doesn't resolve to the ip of the hotspot interface, at least on my system. That wou...
by SurferTim
Sun Mar 30, 2014 8:42 pm
Forum: Beginner Basics
Topic: Sending Mail using External SMTP server, but via IP not FQDN
Replies: 6
Views: 1863

Re: Sending Mail using External SMTP server, but via IP not

You could use a scheduled script to resolve the domain to an IP, then replace an IP in a dstnat rule. Are you ok with that?
by SurferTim
Sun Mar 30, 2014 5:21 pm
Forum: Beginner Basics
Topic: dual wan challenge
Replies: 25
Views: 4338

Re: dual wan challenge

If speedtest.net uses a reverse dns lookup, you can contact your ISP, and if they are ok with it, they can change the reverse dns lookup to show your domain. I did this with my ISP and my email server IP so I wouldn't get rejections because the reverse dns did not show the correct server. If speedte...
by SurferTim
Sun Mar 30, 2014 5:07 pm
Forum: Beginner Basics
Topic: dual wan challenge
Replies: 25
Views: 4338

Re: dual wan challenge

Then you have my apology.

However. I am not sure why this is important. My customers use speedtest.net, and it shows the appropriate ISP for each of my connections. It still appears to me this is slightly deceptive.
by SurferTim
Sun Mar 30, 2014 3:17 pm
Forum: General
Topic: Hotspot not redirecting
Replies: 4
Views: 2981

Re: Hotspot not redirecting

Do you have valid operating dns server IPs entered in "/ip dns"? Have "allow-remote-requests=yes"?
I don't see a masquerade entry for the WAN interface. Does it require one?
by SurferTim
Sat Mar 29, 2014 10:34 pm
Forum: Beginner Basics
Topic: dual wan challenge
Replies: 25
Views: 4338

Re: dual wan challenge

Please tell me I am incorrect. The OP only has to tell me I am incorrect. The difference between a little tiny bit unethical and a lot unethical isn't much to me. My past experiences has shown me that one leads to the other. @rextended: This isn't aimed at you. I don't regret giving you the karma y...
by SurferTim
Sat Mar 29, 2014 7:45 pm
Forum: Beginner Basics
Topic: dual wan challenge
Replies: 25
Views: 4338

Re: dual wan challenge

@rextended: I have given you karma for your other answers to my questions, but I would be careful about judging my ethics. It is not impolite to ask a user about his/her intentions. I am a member of other forums where my responses could affect more than just the OP and myself. If you think that a cr...
by SurferTim
Sat Mar 29, 2014 2:49 pm
Forum: Beginner Basics
Topic: dual wan challenge
Replies: 25
Views: 4338

Re: dual wan challenge

this the scenario i have in mind. i have 2 ISP WAN 1 = 8 Mbps DSL WAN 2 = 30 Mbps PPOE i'm trying to use both on 1 mikrotik device, but i don't want customers to find out what's WAN 2 isp when they go to http://www.speedtest.net any ideas or suggestions ? So let me see if I have this correct. You w...
by SurferTim
Sat Mar 29, 2014 1:27 pm
Forum: General
Topic: Internet not working after hotspot setup
Replies: 22
Views: 6506

Re: Internet not working after hotspot setup

Try this from a command line in the router.
:put [:resolve www.google.com]
Does it resolve to an ip?

Insure the dns servers entered in "/ip dns" are operational dns servers.
by SurferTim
Sat Mar 29, 2014 1:23 pm
Forum: General
Topic: ip ping by scripts
Replies: 3
Views: 1088

Re: ip ping by scripts

Get ping working first.
/ping xx.xx.xx.xx arp-ping=yes interface=out1 count=1
If that works, add it to the script above.
by SurferTim
Fri Mar 28, 2014 9:38 pm
Forum: General
Topic: Internet not working after hotspot setup
Replies: 22
Views: 6506

Re: Internet not working after hotspot setup

Have you tried accessing the internet by ip rather than domain? May be a dns issue. Check your "/ip dns" settings and insure you have "allow-remote-requests=yes".
by SurferTim
Fri Mar 28, 2014 3:04 pm
Forum: Beginner Basics
Topic: Using Putty via USB Connection
Replies: 4
Views: 2361

Re: Using Putty via USB Connection

Do you have a dhcp client set up on the WAN interface?

I suggest enabling verbose logging for dhcp.
/system logging
add topics=dhcp,debug action=memory
After a dhcp attempt, check the log to see what is happening.
by SurferTim
Fri Mar 28, 2014 12:49 pm
Forum: Beginner Basics
Topic: Using Putty via USB Connection
Replies: 4
Views: 2361

Re: Using Putty via USB Connection

It appears to have a micro usb connector. Is that correct? If so, that is a client usb, not a host. If you can't connect to it, why have it?

Try 115200-8-N-1.

edit: It can also be used as a host according to the docs.
http://wiki.mikrotik.com/wiki/Manual:USB_Features
by SurferTim
Thu Mar 27, 2014 6:02 pm
Forum: General
Topic: ip ping by scripts
Replies: 3
Views: 1088

Re: ip ping by scripts

Yes. Replace xx.xx.xx.xx with the ip you want to test ping.
:if( [/ping "xx.xx.xx.xx" count = 1] == 0) do={
  :beep;
}
by SurferTim
Thu Mar 27, 2014 1:25 am
Forum: General
Topic: Two Radius
Replies: 1
Views: 479

Re: Two Radius

No. If you have two RADIUS servers set for the same service, the second server is used only if the first server does not respond. If the first server responds with ACCESS-REJECT, the second server is not used. You can kinda trick the router if you use FreeRADIUS by using an ACESS-REJECT delay longer...
by SurferTim
Wed Mar 26, 2014 7:24 pm
Forum: General
Topic: Assigned / deassigned log
Replies: 11
Views: 6366

Re: Assigned / deassigned log

Did you check "/ip dhcp-server lease" to see what is happening with the "last-seen" and "expires-after" values? Those two values should add up to total the lease time. If you see any leases that the sum of those two values equals about half the lease time, then that may be the problem. That was mine...
by SurferTim
Wed Mar 26, 2014 5:09 pm
Forum: Beginner Basics
Topic: HotSpot does not work. Need help.
Replies: 13
Views: 2532

Re: HotSpot does not work. Need help.

It does not resolve it because its a local test DNS server that only resolved whats in the DNS list. Can this cause a problem with redirecting to resolvable hotspot URL? Should I create Google entry in DNS to resolve to a local address for testing purposes? Yes. If the dns server does not resolve d...
by SurferTim
Wed Mar 26, 2014 4:55 pm
Forum: Beginner Basics
Topic: HotSpot does not work. Need help.
Replies: 13
Views: 2532

Re: HotSpot does not work. Need help.

Then your dns is malfunctioning. See if your router is resolving domain names. From a command prompt in the router:
:put [:resolve www.google.com]
Does it resolve that domain?
by SurferTim
Wed Mar 26, 2014 4:27 pm
Forum: Beginner Basics
Topic: HotSpot does not work. Need help.
Replies: 13
Views: 2532

Re: HotSpot does not work. Need help.

How does the hotspot fail? Just a blank page? When it fails, what is in the address bar of the client web browser?
by SurferTim
Wed Mar 26, 2014 2:53 pm
Forum: Beginner Basics
Topic: HotSpot does not work. Need help.
Replies: 13
Views: 2532

Re: HotSpot does not work. Need help.

Then check your dns server. Is 192.168.1.2 an operating dns server?
by SurferTim
Wed Mar 26, 2014 1:49 pm
Forum: Beginner Basics
Topic: HotSpot does not work. Need help.
Replies: 13
Views: 2532

Re: HotSpot does not work. Need help.

I suggest removing the dns-name entry from "/ip hotspot profile". If you use a dns-name entry, it must resolve to the hotspot interface ip, which in your case is 172.16.1.1.
by SurferTim
Tue Mar 25, 2014 6:27 pm
Forum: Beginner Basics
Topic: HotSpot does not work. Need help.
Replies: 13
Views: 2532

Re: HotSpot does not work. Need help.

You have problems with your ip subnets. You have wlan1 and wlan1-1 sharing the same subnet.
/ip address
add address=192.168.1.254/24 comment="default configuration" interface=wlan1
add address=192.168.1.253/24 interface=wlan1-1
add address=192.168.1.200/24 comment="hotspot network" interface=wlan1-1
by SurferTim
Tue Mar 25, 2014 5:09 pm
Forum: Beginner Basics
Topic: pptp vpn issue
Replies: 22
Views: 4033

Re: pptp vpn issue

Then this is not a Mikrotik issue. However, I can tell you that any router will have problems with your home router setup. You must change the localnet to 192.168.5.x/24, or the localnet will not route correctly to 192.168.1.x/24.
by SurferTim
Tue Mar 25, 2014 3:47 pm
Forum: Beginner Basics
Topic: pptp vpn issue
Replies: 22
Views: 4033

Re: pptp vpn issue

when you say (localnet) you mean the network i'm connected to other than mikrotik's network, right ?
I'm not sure what you mean.
What make and model router do you have at home?
What make and model router do you have at work?

I'm talking about the localnet on your home router.
by SurferTim
Tue Mar 25, 2014 12:41 pm
Forum: Beginner Basics
Topic: pptp vpn issue
Replies: 22
Views: 4033

Re: pptp vpn issue

yes. at the office i'm on 192.168.1.x/24 and at home i'm on 192.168.5.x/16 what do you suggest? change something ip address? Yes. I would change the home setting to 192.168.5.x/24. In the home router, it shouldn't cause any routing problems because the router will use the network that has the small...
by SurferTim
Mon Mar 24, 2014 11:26 pm
Forum: Beginner Basics
Topic: pptp vpn issue
Replies: 22
Views: 4033

Re: pptp vpn issue

So your VPN ip 192.168.4.9/32 is also in the same as one of your localnets? I don't think that will work. Do you have a 192.168.4.0/24 localnet somewhere in one of the routers?
by SurferTim
Mon Mar 24, 2014 9:16 pm
Forum: Beginner Basics
Topic: pptp vpn issue
Replies: 22
Views: 4033

Re: pptp vpn issue

how do I access the 192.168.x.x devices that are connected to LAN 1 interface ?! I'm trying to access these devices while i'm not on that mikrotik's network. If you are not on the Mikrotik's network, what network are you on? You set your VPN to accept all 192.168.x.x ips on the VPN client. What sub...
by SurferTim
Mon Mar 24, 2014 4:45 pm
Forum: Beginner Basics
Topic: pptp vpn issue
Replies: 22
Views: 4033

Re: pptp vpn issue

You know you will not be able to reach any 192.168.0.x ip through that VPN. That ip range is assigned to LAN 1.
by SurferTim
Mon Mar 24, 2014 3:58 pm
Forum: Beginner Basics
Topic: pptp vpn issue
Replies: 22
Views: 4033

Re: pptp vpn issue

Did you check the entries in "/ip route" on the server after the reconnect? Here is mine after the reconnect. 172.16.0.2/32 is the ip of the VPN client. Note the routes for 192.168.3.0/24 and 192.168.5.0/24 have a gateway of 172.16.0.2. [admin@test] /ip route> pri Flags: X - disabled, A - active, D ...
by SurferTim
Mon Mar 24, 2014 3:18 pm
Forum: Beginner Basics
Topic: pptp vpn issue
Replies: 22
Views: 4033

Re: pptp vpn issue

Did you add the route to the localnet in "/ppp secret"? I have multiple networks on my clients, but to access them from my VPN server, I must add the network to "routes". For example, I have two networks on my VPN client test router. 192.168.3.1/24 and 192.168.5.1/24, so I had to add this to my entr...
by SurferTim
Mon Mar 24, 2014 2:16 pm
Forum: Beginner Basics
Topic: Can not appear the username and password textbox on webfig.
Replies: 4
Views: 1649

Re: Can not appear the username and password textbox on webf

Try clearing your web browser cache or force a page reload. It is still showing the previous version webfig login page.
by SurferTim
Mon Mar 24, 2014 2:05 pm
Forum: Beginner Basics
Topic: Mikrotik Hotspot redirection
Replies: 2
Views: 845

Re: Mikrotik Hotspot redirection

Do you have an entry for "dns-name" in "/ip hotspot profile"? If so, does that domain name resolve to the ip of the router's hotspot interface ip?
Post "/ip hotspot profile" if you have a question about it.
by SurferTim
Mon Mar 24, 2014 1:56 pm
Forum: Beginner Basics
Topic: pptp vpn issue
Replies: 22
Views: 4033

Re: pptp vpn issue

Is the lan in question on the VPN server or the VPN client?
by SurferTim
Sat Mar 22, 2014 4:46 pm
Forum: Beginner Basics
Topic: STATIC DNS
Replies: 6
Views: 2698

Re: STATIC DNS

Yes. Use the onboard proxy. Here is an example of how to set up a transparent proxy. http://wiki.mikrotik.com/wiki/Manual:IP/Proxy#Transparent_proxy_configuration_example Once you have the proxy set and enabled, then use the access list to deny access to that host and redirect to your server/page ht...
by SurferTim
Sat Mar 22, 2014 3:22 pm
Forum: Beginner Basics
Topic: STATIC DNS
Replies: 6
Views: 2698

Re: STATIC DNS

Then you could use static dns. It won't change the page request. You would need to do that on the server. /ip dns static add name=www.example.com address=192.168.168.1 Insure the dhcp server issues your router localnet ip as the main dns server and "allow-remote-requests=yes" in your router dns sett...
by SurferTim
Sat Mar 22, 2014 2:12 pm
Forum: Beginner Basics
Topic: STATIC DNS
Replies: 6
Views: 2698

Re: STATIC DNS

You can do that with the proxy, but what is the purpose? What are you doing on your server?
by SurferTim
Fri Mar 21, 2014 11:24 pm
Forum: General
Topic: Assigned / deassigned log
Replies: 11
Views: 6366

Re: Assigned / deassigned log

I had the same problem. Like I said, the deassign/assign are just a few seconds apart. It looks like you have the same problem. I think this was fixed around v6.5, but I can't remember exactly. (edit: yes, it was fixed in v6.5) If you want to see the problem: /ip dhcp-server lease print detail Do th...
by SurferTim
Fri Mar 21, 2014 6:05 pm
Forum: General
Topic: Assigned / deassigned log
Replies: 11
Views: 6366

Re: Assigned / deassigned log

I can't help you if you don't answer my questions. Here they are:
1) Do you have problems with only some devices? Or is it all devices?
2) Do the deassigned/assigned messages happen within a few seconds of each other?

It might help to post a section of your log showing the problem.
by SurferTim
Fri Mar 21, 2014 3:12 pm
Forum: Beginner Basics
Topic: local name resolution
Replies: 10
Views: 10088

Re: local name resolution

Mine still works. What did you reboot? The router or the computer? I rebooted the router and the domains in "/ip dns static" still resolve ok.
by SurferTim
Fri Mar 21, 2014 1:54 pm
Forum: Beginner Basics
Topic: DHCP Server Configuration Doesn't Work
Replies: 5
Views: 3715

Re: DHCP Server Configuration Doesn't Work

You should put the dhcp server on bridge-local, since that is where the ip is assigned for those two interfaces.

You should also assign an ip to the second ssid (wlan1_1).
by SurferTim
Thu Mar 20, 2014 1:54 pm
Forum: Beginner Basics
Topic: Drop requests to NTP server while allowing NTP client
Replies: 8
Views: 3924

Re: Drop requests to NTP server while allowing NTP client

@rextended: Nice! I just tested it, and it works great! Thanks!
by SurferTim
Thu Mar 20, 2014 1:33 pm
Forum: Beginner Basics
Topic: Drop requests to NTP server while allowing NTP client
Replies: 8
Views: 3924

Re: Drop requests to NTP server while allowing NTP client

Since UDP doesn't establish a connection, does UDP recognize the connection-state=new? I haven't tried that. Maybe I am making it more complicated than necessary.
by SurferTim
Thu Mar 20, 2014 1:27 pm
Forum: Beginner Basics
Topic: Drop requests to NTP server while allowing NTP client
Replies: 8
Views: 3924

Re: Drop requests to NTP server while allowing NTP client

I am about to try experimenting with UDP transactions for the same reason. Maybe you can follow along with me. My first test will be to use an address list. I plan on adding the destination address of UDP packet sends from my localnets to an address list with a timeout of 10 seconds. Then use that a...
by SurferTim
Thu Mar 20, 2014 12:42 pm
Forum: Beginner Basics
Topic: DNS don't want to be my friend
Replies: 2
Views: 572

Re: DNS don't want to be my friend

Doesn't sound like a dns problem.
Insure there is a default route in "/ip route".
Insure there is a masquerade in "/ip firewall nat".
by SurferTim
Thu Mar 20, 2014 12:16 am
Forum: General
Topic: How to forward all WiFi traffic to WEB server?
Replies: 9
Views: 2818

Re: How to forward all WiFi traffic to WEB server?

Proxies don't work well with port 443. It's a security thing. Don't redirect port 443. I mean you can, but it won't go to the same port 80 page. You will get an error instead, but it keeps the client from accessing the internet.
by SurferTim
Wed Mar 19, 2014 12:25 pm
Forum: General
Topic: How to forward all WiFi traffic to WEB server?
Replies: 9
Views: 2818

Re: How to forward all WiFi traffic to WEB server?

Without the proxy access deny rule, it won't redirect the source ip address request to the new server/page. I have not tried redirecting a request in a hairpin nat. I use an external server. If the client ip is 192.168.1.75, then this will redirect any http request from that client to xx.xx.xx.xx/pa...
by SurferTim
Tue Mar 18, 2014 7:09 pm
Forum: General
Topic: How to forward all WiFi traffic to WEB server?
Replies: 9
Views: 2818

Re: How to forward all WiFi traffic to WEB server?

Rudios way will redirect to that ip, but will not translate the page. If the page requested is not on the server, you will get a 404 error. The proxy is the best way. It can redirect any site/page to any page on the server.
by SurferTim
Tue Mar 18, 2014 3:03 pm
Forum: Beginner Basics
Topic: gateway timeout error your cache administrater etc
Replies: 3
Views: 1269

Re: gateway timeout error your cache administrater etc

Are you using the hotspot function? It uses the proxy whether you enable it or not.

Did you set your router dns settings with valid dns servers?
by SurferTim
Tue Mar 18, 2014 2:26 pm
Forum: Beginner Basics
Topic: VirtualAP only for selected devices.
Replies: 6
Views: 1542

Re: VirtualAP only for selected devices.

I don't know about QuickSet. I use the CLI. I will check if I get a chance today.
by SurferTim
Tue Mar 18, 2014 2:20 pm
Forum: Beginner Basics
Topic: pptp secrets on rb1100
Replies: 2
Views: 554

Re: pptp secrets on rb1100

Did you set the arp to proxy-arp as per the instructions? I install a route in the client computer/router instead, but either work.
http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP
by SurferTim
Tue Mar 18, 2014 1:59 pm
Forum: Beginner Basics
Topic: VirtualAP only for selected devices.
Replies: 6
Views: 1542

Re: VirtualAP only for selected devices.

Oh, i think i got it, i didn't know it is that easy. :) Thanks Now you must decide whether it is specific users or specific devices you want to allow. If you want to allow specific users connecting with any device, log's suggestion is best. If you want to allow only specific devices, then mine is b...
by SurferTim
Tue Mar 18, 2014 1:38 pm
Forum: Beginner Basics
Topic: VirtualAP only for selected devices.
Replies: 6
Views: 1542

Re: VirtualAP only for selected devices.

I'm not exactly certain what you are looking for, but have you looked at "/interface wireless access-list"? You can set "default-authentication=no" on the wireless interface and use the access list to allow only certain devices to connect.
by SurferTim
Mon Mar 17, 2014 10:55 pm
Forum: Beginner Basics
Topic: Can't connect to the internet from the LAN devices
Replies: 25
Views: 8152

Re: Can't connect to the internet from the LAN devices

I am not using a switch at all. I was under the assumption that once you set up your WAN/LAN ports on the switch you can use the rest of the ports, in my case ether3-ether10 to plug in devices directly into the router. Yes, you can plug devices directly into the router without any setup. But you ca...
by SurferTim
Mon Mar 17, 2014 9:01 pm
Forum: Beginner Basics
Topic: Can't connect to the internet from the LAN devices
Replies: 25
Views: 8152

Re: Can't connect to the internet from the LAN devices

If ether1 is the WAN interface and the laptop is on ether5, then this is wrong. Laptop settings: IP: xxx.xx.xxx.120 Subnet: 255.255.255.128 Default Gateway: xxx.xx.xxx.5 DNS1: xxx.xx.xxx.5 If ether2 to ether5 are on a switch, then it should be something like this. The dns ip may be wrong. IP: 10.1.1...
by SurferTim
Mon Mar 17, 2014 7:39 pm
Forum: Beginner Basics
Topic: Can't connect to the internet from the LAN devices
Replies: 25
Views: 8152

Re: Can't connect to the internet from the LAN devices

Is the laptop on the WAN interface (ether1)? If so, then the laptop has the wrong default gateway to access the internet.

Is there a device connected to ether2?
by SurferTim
Mon Mar 17, 2014 1:24 pm
Forum: Beginner Basics
Topic: VPN Routes help
Replies: 1
Views: 540

Re: VPN Routes help

This worked for me. In the admin router: 1) add routes to all the remote router 10.10.x.x subnets using the vpn ip of the master router as the gateway. 2) add a srcnat masquerade with "out-interface=pptp-out" where pptp-out is the name of the vpn interface. No guarantees. I don't have access to that...
by SurferTim
Mon Mar 17, 2014 4:42 am
Forum: Beginner Basics
Topic: Port forwards only work inside?
Replies: 3
Views: 1168

Re: Port forwards only work inside?

1) If I ping a domain that is being forwarded to me, it does not resolve anymore.
It doesn't resolve or doesn't respond?
by SurferTim
Mon Mar 17, 2014 3:40 am
Forum: General
Topic: Problem with Hotspot and Apple products
Replies: 3
Views: 1606

Re: Problem with Hotspot and Apple products

Post "/ip hotspot profile". I'm posting this on an iPhone5 logged in to a hotspot.

I've been surfing the internet for several minutes without any issues.
by SurferTim
Sun Mar 16, 2014 2:25 pm
Forum: Beginner Basics
Topic: local name resolution
Replies: 10
Views: 10088

Re: local name resolution

On my computer, ping requires a FQDN. nslookup doesn't.

Change computer1 to computer1.com and it should work.
by SurferTim
Sun Mar 16, 2014 4:16 am
Forum: General
Topic: Hotspot problem...
Replies: 3
Views: 683

Re: Hotspot problem...

If you disable the hotspot, can the clients access the internet?

Is dns set up correctly? Do you have "allow-remote-requests=yes"?
by SurferTim
Sat Mar 15, 2014 4:30 pm
Forum: General
Topic: information on src-nat
Replies: 4
Views: 1689

Re: information on src-nat

can you please explain the following configuration and what it does :) add chain=src-nat action=accept src-address=192.168.1.0/24 dst-address=192.168.2.0/24 add chain=src-nat action=accept src-address=192.168.2.0/24 dst-address=192.168.1.0/24 That keeps any srcnat rules from applying to those src a...
by SurferTim
Sat Mar 15, 2014 3:52 pm
Forum: Beginner Basics
Topic: missing routerOS winbox plugins
Replies: 3
Views: 1999

Re: missing routerOS winbox plugins

You are using ROS v6.10 on the router? I usually download the Winbox version from the router I want to connect to.
by SurferTim
Sat Mar 15, 2014 3:30 pm
Forum: Beginner Basics
Topic: missing routerOS winbox plugins
Replies: 3
Views: 1999

Re: missing routerOS winbox plugins

Are you using the correct version of Winbox for your router's OS version? They are a bit fussy about that lately.
by SurferTim
Sat Mar 15, 2014 2:12 pm
Forum: Beginner Basics
Topic: Can't connect to the internet from the LAN devices
Replies: 25
Views: 8152

Re: Can't connect to the internet from the LAN devices

This will cause some routing confusion. You have the same subnet on two interfaces.
add address=10.1.1.1/24 interface=ether2 network=10.1.1.0
add address=10.1.1.2/24 interface=Bridge_6-10 network=10.1.1.0
by SurferTim
Sat Mar 15, 2014 1:38 pm
Forum: General
Topic: Assigned / deassigned log
Replies: 11
Views: 6366

Re: Assigned / deassigned log

What ROS version are you using? I had problems with some devices and dhcp in earlier versions prior to V6.5. Do the deassigned/assigned messages happen within a few seconds of each other? Post a section of the log that has the symptoms you describe. Also you might want to enable debug logging for dh...
by SurferTim
Sat Mar 15, 2014 1:13 pm
Forum: General
Topic: New RB2011 hotspot page not working [FIXED]
Replies: 5
Views: 2618

Re: New RB2011 hotspot page not working

To start, you should post "/ip hotspot profile print". I prefer the print from the CLI instead of Winbox. But if you use Winbox, insure the profile data you post has the entry for dns-name. It should be blank. FYI, when you enable the hotspot on the interface you connect to the router with, it will ...
by SurferTim
Sat Mar 15, 2014 3:19 am
Forum: Beginner Basics
Topic: no direct to login page
Replies: 7
Views: 1263

Re: no direct to login page

I tested your setup with ROS v6.9 on a localnet router ip of 192.168.1.1/24. Mine fails if I use "dns-name=www.orbit.com", or any domain that does not resolve to 192.168.1.1. No login page. That dns-name must resolve to the ip of the hotspot interface ip. You can set that domain to resolve to that i...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 16