Community discussions

Search found 4637 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 93
by SurferTim
Fri Nov 14, 2014 3:18 pm
Forum: General
Topic: Question about DHCP lease time
Replies: 2
Views: 1415

Re: Question about DHCP lease time

As I recall (it has been a while), the dhcp server will hold that lease offer for 30 seconds. If the client does not respond, then the IP is released. You can check that here: /ip dhcp-server lease print detail It will show the status there also. I think it will say "offered" while waiting for a cli...
by SurferTim
Thu Nov 13, 2014 7:13 pm
Forum: Beginner Basics
Topic: connecting 3 Mikrotik
Replies: 4
Views: 873

Re: connecting 3 Mikrotik

I need this on occasion. You must route the network IP/subnets back to each router on the downstream router. What are the IP/subnets assigned to each of these router interfaces? That would be the P1 and P2 on each router.
WAN <--> P1-R1-P2 <--> P1-R2-P2 <--> P1-R3-P2 <--> PC
by SurferTim
Mon Nov 10, 2014 11:35 pm
Forum: Beginner Basics
Topic: Bypass Hotspot and Radius for specific IP address
Replies: 6
Views: 5913

Re: Bypass Hotspot and Radius for specific IP address

First, you need to disable the hotspot NAT.
/ip hotspot
set 0 address-pool=none
Then when you use ip-binding, it will bypass everything. At least last time I checked.
by SurferTim
Fri Nov 07, 2014 3:34 pm
Forum: Beginner Basics
Topic: Firewall NAT problem to share internet - Slow internet
Replies: 3
Views: 1183

Re: Firewall NAT problem to share internet - Slow internet

Did you set your dhcp client to use peer dns?
/ip dhcp-client
set 0 use-peer-dns=yes
You might also try setting a static dns server in "/ip dhcp-server network".
by SurferTim
Tue Nov 04, 2014 1:07 am
Forum: Beginner Basics
Topic: Routing between multiple RouterBoards without Masquerade
Replies: 3
Views: 999

Re: Routing between multiple RouterBoards without Masquerade

Did you find a fix? Yes. I do this kind of routing all the time. You must explain your network configuration. Do you have an internet connection, or plan on having one someday? If so, specify which router it connects to. If you need a masquerade, you probably forgot the default route on the remote ...
by SurferTim
Mon Nov 03, 2014 5:09 pm
Forum: General
Topic: Outgoing ports are blocked
Replies: 2
Views: 501

Re: Outgoing ports are blocked

Add an in-interface parameter to the dstnat rule.
/ip firewall nat
add action=dst-nat chain=dstnat comment="Video" in-interface=ether1 dst-port=5445 protocol=tcp to-addresses=192.168.0.31
If ether1 is not the WAN interface, change that.
by SurferTim
Mon Nov 03, 2014 1:34 am
Forum: Beginner Basics
Topic: Leases time - cant change
Replies: 2
Views: 583

Re: Leases time - cant change

As I recall, the lease expires-after will not change until the client renews the lease. That will be at half the lease time. That will be a long time if the current lease is several thousand days. The alternative is to force the clients to renew the lease if you can access the client computers. With...
by SurferTim
Sun Nov 02, 2014 5:34 pm
Forum: Beginner Basics
Topic: Bypass Hotspot and Radius for specific IP address
Replies: 6
Views: 5913

Re: Bypass Hotspot and Radius for specific IP address

Yes.
/ip hotspot ip-binding
add address=192.168.0.0/24 type=bypassed
For Winbox, it is under "IP - Hotspot - IP Bindings"
by SurferTim
Sun Nov 02, 2014 4:49 pm
Forum: Beginner Basics
Topic: Bypass Hotspot and Radius for specific IP address
Replies: 6
Views: 5913

Re: Bypass Hotspot and Radius for specific IP address

You can do that with ip-binding.
/ip hotspot ip-binding
add address=192.168.0.2 type=bypassed
If 192.168.0.2 isn't the IP you want bypassed, change that.

You can also bypass by mac address if you prefer.
by SurferTim
Fri Oct 31, 2014 2:10 pm
Forum: Beginner Basics
Topic: 3 router static routing
Replies: 2
Views: 1199

Re: 3 router static routing

Is there going to be an internet connection on this setup at some time? If so, which router will have the internet connection?
by SurferTim
Fri Oct 31, 2014 4:11 am
Forum: Scripting
Topic: Increase active hotspot user session timeout
Replies: 1
Views: 1214

Re: Increase active hotspot user session timeout

/ip hotspot user profile
set 0 session-timeout=0
or
set 0 session-timeout=1d
Setting session-timeout=0 disables the session timeout (no timeout).
by SurferTim
Wed Oct 29, 2014 2:09 pm
Forum: General
Topic: DHCP assign & De-assign
Replies: 3
Views: 929

Re: DHCP assign & De-assign

I had problems with that, but I haven't seen it lately since upgrading the RouterOS. The problem was the dhcp server was not updating the lease "expires-after" value when a lease was renewed. You might want to check that. /ip dhcp-server lease print detail The sum of the last-seen and expires-after ...
by SurferTim
Sun Oct 26, 2014 8:58 pm
Forum: General
Topic: Web proxy redirection issue
Replies: 3
Views: 1819

Re: Web proxy redirection issue

Is the wireless set up with a hotspot? Does the wireless client bypass the proxy?
by SurferTim
Sat Oct 25, 2014 10:51 pm
Forum: General
Topic: Port forwarding problem
Replies: 2
Views: 580

Re: Port forwarding problem

You should add a dst-port to those rules, or it will redirect all port requests to the first rule. /ip firewall nat add chain=dstnat action=dst-nat to-addresses=10.10.10.2 to-ports=28000 protocol=tcp dst-port=28000 in-interface=ether1 /ip firewall nat add chain=dstnat action=dst-nat to-addresses=10....
by SurferTim
Fri Oct 24, 2014 2:05 am
Forum: General
Topic: SMTP SSL - Port forwarding
Replies: 12
Views: 4877

Re: SMTP SSL - Port forwarding

I have also small other problem. I have forwarded port 443 from WAN to LAN (192.168.22.88) and this connection works properly from outside ;-) One important inconvenience is when I will browse other https page file (port 443) from LAN I allways go to this forwarded addres 192.168.22. Then you need ...
by SurferTim
Fri Oct 24, 2014 1:23 am
Forum: General
Topic: SMTP SSL - Port forwarding
Replies: 12
Views: 4877

Re: SMTP SSL - Port forwarding

Then you should either:
1) use the localnet private ip of the email server on your localnet computers rather than domain name.
or
2) use the router localnet gateway for your dns and set a static dns for the server in the router.
or
3) use a hairpin nat.
by SurferTim
Fri Oct 24, 2014 12:36 am
Forum: General
Topic: SMTP SSL - Port forwarding
Replies: 12
Views: 4877

Re: SMTP SSL - Port forwarding

What does this mean? The problem is when I tried to send email being connected to my LAN. Send email with what program? To where? There are two ways email servers "send and receive" email. 1) Email client (Outlook and Thunderbird) to and from the email server (Sendmail or Postfix). 2) Email server (...
by SurferTim
Thu Oct 23, 2014 9:01 pm
Forum: General
Topic: SMTP SSL - Port forwarding
Replies: 12
Views: 4877

Re: SMTP SSL - Port forwarding

Then adding the "in-interface=ether1" to the nat rule should allow your email server to send mail to another email server without being redirected back to your email server. Have you tried it?
by SurferTim
Thu Oct 23, 2014 2:51 pm
Forum: General
Topic: SMTP SSL - Port forwarding
Replies: 12
Views: 4877

Re: SMTP SSL - Port forwarding

If you are having trouble with outgoing mail from your email server, then it is probably due to the dstnat rule for port 25. It may be redirecting your outgoing packets back to your server. You must add an in-interface (or dst-address) to that rule to prevent that. /ip firewall nat add chain=dstnat ...
by SurferTim
Thu Oct 23, 2014 2:56 am
Forum: General
Topic: SMTP SSL - Port forwarding
Replies: 12
Views: 4877

Re: SMTP SSL - Port forwarding

Please help to configure NAT Rule to run my outcomming messages. I don't have any problems with my incoming messages ;-) Outgoing and incoming messages from where? If you mean another email server is having trouble delivering email to your server, you must use port 25 for that. Port 465 is how emai...
by SurferTim
Wed Oct 22, 2014 5:53 pm
Forum: General
Topic: DHCP Timers Options 58 and 59
Replies: 2
Views: 736

Re: DHCP Timers Options 58 and 59

I try to manually add the options without success. What did you try? Did you try to enter the settings in "/ip dhcp option" and it reported an entry or value error? Did it accept your entry and doesn't send it to the DHCP client? Have you enabled verbose logging for the dhcp service? /sytem logging...
by SurferTim
Sun Oct 19, 2014 7:26 pm
Forum: RouterBOARD hardware
Topic: Hotspot Security
Replies: 4
Views: 1335

Re: Hotspot Security

Just to be more specific, the device that goes trough without login is tablet that does not have 3G connection. Is that normal? Thank's Well, that depends. On your "/ip hotspot profile" settings, what do you have in "login-by"? If you have cookie, it may be logging in without any login page. Check ...
by SurferTim
Sat Oct 18, 2014 8:00 pm
Forum: RouterBOARD hardware
Topic: Hotspot Security
Replies: 4
Views: 1335

Re: Hotspot Security

My iPhone works like it should with a hotspot, but my Blackberry seemed to bypass the hotspot login. After testing, I found it was not bypassing the hotspot security, but if it couldn't connect through the wifi immediately, it would resort to using the 3G data connection from my cellphone provider. ...
by SurferTim
Fri Oct 17, 2014 4:05 pm
Forum: Beginner Basics
Topic: exteral login page no errors are displayed
Replies: 14
Views: 2113

Re: exteral login page no errors are displayed

Hi guys,

Is realy necessary to have a RADIUS server to the external hotspot work?
If you mean an external hotspot login page, no. It will check the local router database first (/ip hotspot user), then a RADIUS server if you have one set up.
by SurferTim
Fri Oct 10, 2014 11:29 pm
Forum: Beginner Basics
Topic: hotspot setup
Replies: 2
Views: 658

Re: hotspot setup

...or you can select "IP - Hotspot" and click on the "Hotspot Setup" button. With the CLI
/ip hotspot
setup
by SurferTim
Fri Oct 10, 2014 3:35 pm
Forum: General
Topic: How to bypass internal traffic in hotspot
Replies: 3
Views: 711

Re: How to bypass internal traffic in hotspot

Last I checked, this is caused by the hotspot interface doing a 1:1 NAT on all localnet devices. Whatever IP you try to connect with on the localnet, the hotspot intercepts that attempt. Try disabling that 1:1 NAT. Everything else should still work ok, but any device connected to the hotspot interfa...
by SurferTim
Thu Oct 09, 2014 3:28 pm
Forum: General
Topic: Internet coming and going on hotspot
Replies: 2
Views: 513

Re: Internet coming and going on hotspot

Is everything assigned to bridge1? IP address/subnet? DHCP server? Hotspot? The hotspot will assign an IP from its dhcp pool if the IP address the client is using is out of the localnet subnet or is already assigned to another device. edit: My apology. I was interrupted by a phone call.The IP shown ...
by SurferTim
Sat Oct 04, 2014 7:43 pm
Forum: General
Topic: 10 Minute Leases
Replies: 10
Views: 2552

Re: 10 Minute Leases

That will cause no noticeable effect. Ping is one packet from src to dst, and one packet back. Hardly a network killer, even if done 30 times every 5 minutes.
by SurferTim
Sat Oct 04, 2014 6:05 pm
Forum: General
Topic: 10 Minute Leases
Replies: 10
Views: 2552

Re: 10 Minute Leases

Thanks tim. On the same note, if I am running a script to ping all static ip addresses every 5 minutes, will this also tax the network, or is ping so minimal it doesn't matter? It shouldn't tax the network too much, but again, it depends on the number of static IP clients you have on the localnet. ...
by SurferTim
Sat Oct 04, 2014 5:56 pm
Forum: General
Topic: 10 Minute Leases
Replies: 10
Views: 2552

Re: 10 Minute Leases

got it. But by shortening the lease time to 10 minutes, doesn't this tax the router and add network traffic? I wonder how it affects performance? Yes, it affects the performance of the network, but that would be relational to the number of clients on the network. If there are only a few clients, th...
by SurferTim
Sat Oct 04, 2014 5:41 pm
Forum: General
Topic: 10 Minute Leases
Replies: 10
Views: 2552

Re: 10 Minute Leases

The change in lease time should not be a problem. As long as the client device thinks it has a lease, even tho it is longer than the lease time on the dhcp server, it should not lose the connection. The dhcp server (last I checked) will check to see if an IP is being used before issuing that IP from...
by SurferTim
Sat Oct 04, 2014 4:59 pm
Forum: General
Topic: Ip cloud updating wrong public ip address
Replies: 4
Views: 968

Re: Ip cloud updating wrong public ip address

Take a look at this thread.
http://forum.mikrotik.com/viewtopic.php?f=2&t=89620

If you wait a while, then try the ping again, does the IP change? It may be the site is using dns to load balance. PayPal uses this type of load balancing.
by SurferTim
Wed Oct 01, 2014 3:15 pm
Forum: General
Topic: HotSpot Software interfering with http connectivity
Replies: 1
Views: 357

Re: HotSpot Software interfering with http connectivity

Normally that is caused by the hotspot's 1:1 NAT. It uses ARP poisoning to intercept requests to localnet IPs from any device on the localnet.

Try disabling the 1:1 NAT. You do that by setting the hotspot address pool to none.
/ip hotspot
set 0 address-pool=none
by SurferTim
Tue Sep 30, 2014 5:03 am
Forum: Beginner Basics
Topic: MIkrotik Hotspot Manager
Replies: 1
Views: 602

Re: MIkrotik Hotspot Manager

I have not tried it, but FreeRADIUS is supposed to be able to do that. It is a setting in the clients.conf file. Maybe DMA Softlab can do it. It is based on FreeRADIUS v2. Check with them. Here is the entry that allows all IPs to be a client: client 0.0.0.0/0 { secret = 12345 shortname = name } Mayb...
by SurferTim
Mon Sep 29, 2014 11:31 pm
Forum: General
Topic: SSH Connection Timeouts On Simple NAT
Replies: 2
Views: 1047

Re: SSH Connection Timeouts On Simple NAT

I think you have to wrong IP for the SSH NAT. Port 80 is NAT'ed to 192.168.0.100 and port 22 is NAT'ed to 192.168.0.233. Is that really what you wanted?
by SurferTim
Sun Sep 28, 2014 11:40 pm
Forum: General
Topic: DHCP Options
Replies: 12
Views: 6519

Re: DHCP Options

what is the difference between the dhcp option 42 and the ntp server option in dhcp networks.
Probably nothing different. Just a different way of sending option 42. I have not tested it, but I don't see another way using dhcp to send the NTP server IP.
by SurferTim
Sun Sep 28, 2014 5:24 am
Forum: General
Topic: Cloud IP Address reports wrong
Replies: 2
Views: 720

Re: Cloud IP Address reports wrong

I don't know if this is your challenge, but some busy domains (like PayPal for example) use DNS to load balance between several servers. The TTL on each domain resolution is very short, and a subsequent domain resolution request will return a different IP. PayPal uses 4 servers in the rotation last ...
by SurferTim
Sun Sep 28, 2014 4:52 am
Forum: General
Topic: DHCP Options
Replies: 12
Views: 6519

Re: DHCP Options

Are these the options you wanted?
/ip dhcp-server option
add name="Time Zone Offset" code=2 value="'-28800'"
add name="NTP Server" code=42 value="'1.2.3.4'"
The value is a bit odd. It requires a double and single quote on each end of the value if not a hex value.
by SurferTim
Sun Sep 28, 2014 4:29 am
Forum: General
Topic: DHCP Options
Replies: 12
Views: 6519

Re: DHCP Options

You can set those in /ip dhcp-server option. I don't use it but I know where to set it.
http://wiki.mikrotik.com/wiki/Manual:IP ... CP_Options
by SurferTim
Sun Sep 28, 2014 3:36 am
Forum: General
Topic: How to login to default hotspot
Replies: 9
Views: 6995

Re: How to login to default hotspot

If you used "/ip hotspot setup", the default user and password are the last prompts. I don't see how you missed it. The rest I guess depends on your WAN interface. That shouldn't be on the hotspot. How strong is your firewall on it? Does the device have a serial port? If so, get a null modem cable, ...
by SurferTim
Sat Sep 27, 2014 11:32 pm
Forum: General
Topic: How to login to default hotspot
Replies: 9
Views: 6995

Re: How to login to default hotspot

When you set up the first hotspot on that router, it asks for a user and password for a "default" user. What did you enter there? Same as the login for the router?
by SurferTim
Sat Sep 27, 2014 3:36 pm
Forum: Beginner Basics
Topic: I can't figure out how to route between subnets
Replies: 11
Views: 1782

Re: I can't figure out how to route between subnets

If you want the interfaces on a bridge for a reason, that is fine, but the ip address/subnet must be assigned to the bridge, not an interface on that bridge. I recommend removing all interfaces from the bridge, removing all but the ip/subnet you connect to the router with, and start over by adding t...
by SurferTim
Sat Sep 27, 2014 1:48 pm
Forum: General
Topic: Hotspot Walled Garden https problem
Replies: 23
Views: 21510

Re: Hotspot Walled Garden https problem

Still using your "PayPal script" on my hotspots. 2 years later Tim. Saved me a LOT of Grief! :D :D :D
Thanks! It is good to hear my script is still useful!

Actually, I was hoping the Mikrotik crew would have come up with a fix to eliminate the need for that script by now.
by SurferTim
Sat Sep 27, 2014 1:45 pm
Forum: Beginner Basics
Topic: I can't figure out how to route between subnets
Replies: 11
Views: 1782

Re: I can't figure out how to route between subnets

Remove the interfaces from the bridge. Is there a reason they are on a bridge?

edit: Your listings of /ip address and /ip route above don't match. Have you done some editing of the settings in /ip address? The interface in /ip address and the gateway for that subnet in /ip route should match.
by SurferTim
Sat Sep 27, 2014 1:41 pm
Forum: Beginner Basics
Topic: I guess I don't understand this thing (router)
Replies: 1
Views: 565

Re: I guess I don't understand this thing (router)

What tells the RB2011 to allow traffic from 192.168.1.x on ether1 bound for 192.168.3.x on ether3 to go out ether3? and to allow return traffic from 192.168.3.x bound for 192.168.1.x to go out ether1? Dave The settings in /ip route. Those settings are added automatically when you enter the address ...
by SurferTim
Sat Sep 20, 2014 4:21 pm
Forum: Beginner Basics
Topic: Port forwording
Replies: 1
Views: 632

Re: Port forwording

To access any device on the hotspot interface, that device must be logged in or bypassed. Otherwise, the connection will fail. If the device IP is 192.168.0.2, then this will bypass the device. You can also use the mac address if the IP will vary. /ip hotspot ip-binding add address=192.168.0.2 type=...
by SurferTim
Sat Sep 13, 2014 6:54 pm
Forum: Beginner Basics
Topic: exteral login page no errors are displayed
Replies: 14
Views: 2113

Re: exteral login page no errors are displayed

i have webproxy enabled do u think that can be the problem ?
No. The web proxy works on port 80. The radius servers work on ports 1812 and 1813.
by SurferTim
Sat Sep 13, 2014 6:28 pm
Forum: Beginner Basics
Topic: exteral login page no errors are displayed
Replies: 14
Views: 2113

Re: exteral login page no errors are displayed

I can't help you there. All my routers are v6.x. I have no router to test that. The only suggestion I can offer is upgrade to the latest version. If you still have that problem, maybe the Mikrotik crew can help you. They have been really helpful with my problems. I presume you have the radius debug ...
by SurferTim
Sat Sep 13, 2014 6:05 pm
Forum: Beginner Basics
Topic: exteral login page no errors are displayed
Replies: 14
Views: 2113

Re: exteral login page no errors are displayed

What version of RouterOS are you using?
by SurferTim
Sat Sep 13, 2014 4:41 pm
Forum: Beginner Basics
Topic: exteral login page no errors are displayed
Replies: 14
Views: 2113

Re: exteral login page no errors are displayed

Then you need to do a bit of troubleshooting. Use this as the login.html page in your router. Check all entries to insure it is passing the values to the new page, especially the error value. My apology in advance if I introduced any errors into this page during the edit. <html> <head><title>...</ti...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 93