Community discussions

MikroTik App

Search found 182 matches

by LatinSuD
Wed Oct 25, 2023 7:24 pm
Forum: General
Topic: Static route not showing in export
Replies: 9
Views: 1227

Re: Static route not showing in export

I just set up a CHR 7.11.2, run quick set, and could reproduce.
by LatinSuD
Wed Oct 25, 2023 6:30 pm
Forum: General
Topic: Static route not showing in export
Replies: 9
Views: 1227

Re: Static route not showing in export

Full export did not show either.

Originally noticed with version 7.7, then upgraded to 7.11.2 and still happens.
by LatinSuD
Tue Oct 24, 2023 5:58 pm
Forum: General
Topic: Static route not showing in export
Replies: 9
Views: 1227

Static route not showing in export

I configured a CRS with quick setup. I gave it static IP and gateway.

When I do "/ip route print" it shows correctly.
The route has "As" flags (active, static).

But when I do a "/ip route export" it does NOT show!

Is this a bug?
by LatinSuD
Sun Sep 10, 2023 9:50 pm
Forum: General
Topic: About parameter frame-types in bridge
Replies: 7
Views: 1449

About parameter frame-types in bridge

I find a little confusing the 2 parameters "frame-types", that appear in 2 different places: At the port level. This make sense to me. At the bridge level. I can't understand its function. At the bridge level, the documentation is not very clear to me. It says: "Specifies allowed fram...
by LatinSuD
Thu May 04, 2023 12:51 pm
Forum: Beginner Basics
Topic: Private VLAN [SOLVED]
Replies: 8
Views: 7419

Re: Private VLAN [SOLVED]

I think you could emulate the functionality using bridging on top of VLAN, and a lot of bridge filter rules.
by LatinSuD
Mon Sep 27, 2021 3:31 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 65
Views: 97975

Re: WinBox v3.31 released!

Sorry, but the " Show Columns " introduced in 3.29 window is worse than before. Column names are not sorted alphabetically and there are no hotkeys, so it is a perfect storm for unusability. At least before you could iterate pressing "T" for eventually reaching into "to-addr...
by LatinSuD
Thu Apr 29, 2021 10:14 am
Forum: General
Topic: IPIP tunnel only works with fasttrack enabled
Replies: 2
Views: 682

Re: IPIP tunnel only works with fasttrack enabled

Connection tracking is disabled, so I think that "fast-track" is not possible.
My issue is with "fast-path", which seems to be a different thing.

The router also has OSPF, MPLS and VPLS if that matters.
by LatinSuD
Tue Apr 27, 2021 1:34 pm
Forum: General
Topic: IPIP tunnel only works with fasttrack enabled
Replies: 2
Views: 682

IPIP tunnel only works with fasttrack enabled

We have a CCR-1072, with version 6.45.8. We have several IPIP tunnels configured. One of the tunnels is behaving strange. In order to debug it we tried to sniff packets. When we start the sniffer the traffic of the IPIP goes to 0. We think that the problem is related to Fast path. In the IPIP tunnel...
by LatinSuD
Fri Aug 09, 2019 1:15 pm
Forum: Scripting
Topic: Concise list of API supported commands?
Replies: 5
Views: 8435

Re: Concise list of API supported commands?

Sorry, but how do I know the complete list of commands?

I would like to do backups using API, and for that i'd need to enumerate the whole configuration tree.
/interface/ethernet
/interface/queue
/queue/interface
...
Is it possible to know this list in advance using API?
by LatinSuD
Mon Jul 29, 2019 1:10 pm
Forum: General
Topic: Sniffer and MPLS
Replies: 0
Views: 807

Sniffer and MPLS

I have noticed that you cannot properly sniff MPLS packets:
  • IP filters do not work if the packet is MPLS encapsulated
  • IP address are not displayed in the captured list

Could you add an MPLS "dissector" to the packet sniffer?
by LatinSuD
Tue Apr 30, 2019 1:17 pm
Forum: General
Topic: No TX sniffed on hardware offloaded ports
Replies: 3
Views: 966

No TX sniffed on hardware offloaded ports

Hi. I see no traffic when sniffing on a port that belongs to a bridge in "hardware offload" mode. The bridge includes an EoIP tunnel and several Ethernet ports. The packets that I can't see enter from the EoIP and should egress through ether6. I can see incoming packets from the EoIP inter...
by LatinSuD
Thu Apr 25, 2019 10:42 am
Forum: SwOS
Topic: VLan Type enabled vs strict
Replies: 3
Views: 8083

VLan Type enabled vs strict

It looks from documentation that for standard VLAN operation you need to set VLAN Type to "strict" instead of just "enabled". If you set VLAN Type on port to "enabled" it will pass ANY VLAN that has been defined on ANY port. The value that only lets pass the VLANs that ...
by LatinSuD
Wed Apr 17, 2019 3:13 pm
Forum: The Dude
Topic: Alerts based on throughput threshold
Replies: 10
Views: 9290

Re: Alerts based on throughput threshold

It does not work on 6.39.2

Nor does this:
https://wiki.mikrotik.com/wiki/Manual:S ... imitations
by LatinSuD
Wed Mar 27, 2019 12:30 pm
Forum: General
Topic: Radius status not working
Replies: 1
Views: 1117

Re: Radius status not working

Ok, i see. Maybe "status" function is not implemented.

I think this is a duplicate of my issue: viewtopic.php?t=44710
by LatinSuD
Thu Mar 07, 2019 10:21 am
Forum: General
Topic: dst-limit not matching when rate is higher than 5000
Replies: 3
Views: 1288

dst-limit not matching when rate is higher than 5000

There is some limit at exactly at the rate of 5000. This one works. That means that if I generate 6000 pps it will eventually pass the rule: /ip firewall mangle add action=accept chain=DDOS dst-limit=5000,5000,dst-address/20s This will never pass. Not at 6000 pps, not at 10000pps: /ip firewall mangl...
by LatinSuD
Tue Mar 05, 2019 10:40 am
Forum: General
Topic: About NULL in Layer7
Replies: 5
Views: 2534

Re: About NULL in Layer7

I think you can emulate a \x00 with a [^\x01-\xff] -- NO SORRY IT DOES NOT WORK
by LatinSuD
Thu Feb 14, 2019 1:39 pm
Forum: General
Topic: Radius status not working
Replies: 1
Views: 1117

Radius status not working

I'm trying to check the status of a PPP client: radclient -f request.txt -r 1 -t 3 -x $IP status $SECRET I get this after a few seconds: radclient: no response from server for ID 139 socket 3 Everything has to be correct, because it works for "disconnect" subcommand. Only the "status&...
by LatinSuD
Tue Nov 13, 2018 11:54 am
Forum: General
Topic: Missing 3 dots in winbox column
Replies: 0
Views: 762

Missing 3 dots in winbox column

In my new PC i cannot see the 3 dots when i shrink a column. This is a comparison of my 2 PC. https://i.imgur.com/q0BUBrt.png The dots are very important, because it is not the same the route "1.2.3.16" than "1.2.3.16/30" for example. I am using Winbox 3.18 and connecting to the ...
by LatinSuD
Tue Jul 17, 2018 8:23 pm
Forum: General
Topic: A place for poetry
Replies: 63
Views: 247322

Re: A place for poetry

To prevents loops you need to
not only spanning tree enable,
but loop protection enable too
by LatinSuD
Wed Jul 04, 2018 9:36 pm
Forum: General
Topic: I created an alternative Winbox Launcher
Replies: 3
Views: 2809

I created an alternative Winbox Launcher

You can see it in the video: https://youtu.be/6jYS_PhEiEg Features: Quick search by almost any field (IP, Note, User) Column automatic resize Escape key closes No mouse required It is currently implemented with AutoHotKey. The code: https://gist.github.com/LatinSuD/aab03067add1d92f327795c4586231bb I...
by LatinSuD
Fri Jun 01, 2018 4:52 pm
Forum: Announcements
Topic: Winbox 3.14 released!
Replies: 77
Views: 58611

Re: Winbox 3.14 released!

hello, help me find the hotspot on the gui? if i login with romon i can't find the /ip hotspot on the gui.
Check that hotspot package is installed and enabled in System -> Packages.
It should be by default anyway.
by LatinSuD
Wed May 30, 2018 9:55 pm
Forum: Announcements
Topic: Winbox 3.14 released!
Replies: 77
Views: 58611

Re: Winbox 3.14 released!

On the RouterOS 5.x support issue, I know that removing support for deprecated systems is always more secure, but...
Have you considered whitelisting all previously released DLL?
It would be something like matching DLL against hardcoded hashes before installing and them.
by LatinSuD
Wed May 30, 2018 9:46 pm
Forum: Announcements
Topic: Winbox 3.14 released!
Replies: 77
Views: 58611

Re: Winbox 3.14 released!

Could it display a better error message when trying to connect to RouterOS 5.x?

It currently says:
ERROR: could not fetch index
Maybe something like "Remind that connecting to RouterOS 5.x or lower is not supported anymore" would be better
by LatinSuD
Thu Dec 14, 2017 2:26 pm
Forum: General
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 5331

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

I finally found the way. You need simple queues (not queue tree ) Target must be the LAN interface. Then you can specify the WAN interface as Dst (or use mangle to mark the upload). /queue simple add dst=WAN max-limit=5M/100M name=PCQ queue=pcq-upload-default/pcq-download-default target=LAN Tested i...
by LatinSuD
Fri Jul 07, 2017 2:50 pm
Forum: General
Topic: Can SSH keys be listed or printed using CLI?
Replies: 3
Views: 1324

Can SSH keys be listed or printed using CLI?

Is there a command to print or at least list existing public SSH keys installed?

I cannot see them using /export
by LatinSuD
Fri Jun 02, 2017 8:32 pm
Forum: RouterBOARD hardware
Topic: [solved] Power connector problem in RB2011-RM and RB3011-RM
Replies: 15
Views: 6970

Re: [solved] Power connector problem in RB2011-RM and RB3011-RM

Explanation of how to insert the connector in an image:

Image


You may like it or not, but that worked for me.
by LatinSuD
Thu Jun 01, 2017 3:21 pm
Forum: RouterBOARD hardware
Topic: [solved] Power connector problem in RB2011-RM and RB3011-RM
Replies: 15
Views: 6970

Re: Power connector problem in RB2011-RM and RB3011-RM

The solution is toooo easy, you just have to press it a little further. :D

See video:
https://goo.gl/photos/wr1vGThkBR3Bz2Ps7


Sorry i didn't notice earlier :D
by LatinSuD
Fri May 19, 2017 3:12 pm
Forum: General
Topic: Feature request: Comment for radius value
Replies: 1
Views: 1034

Re: Feature request: Comment for radius value

I would like this feature implemented
by LatinSuD
Thu May 18, 2017 3:37 pm
Forum: RouterBOARD hardware
Topic: [solved] Power connector problem in RB2011-RM and RB3011-RM
Replies: 15
Views: 6970

[solved] Power connector problem in RB2011-RM and RB3011-RM

We have a few boards of RB2011 and RB3011 rack mount.
The boards lose power with the slightest move of the connector (not sure if it's a problem of the power adapter or the mainboard connector).

Anyone else?

SOLUTION: Just press to insert the connector a little further.
by LatinSuD
Fri Mar 03, 2017 10:09 am
Forum: General
Topic: Tool>Graphing cannot graph more than 2.1Gbit
Replies: 4
Views: 1930

Re: Tool>Graphing cannot graph more than 2.1Gbit

Bump, still happening in 6.36.4 at least.
by LatinSuD
Wed Oct 26, 2016 9:56 am
Forum: General
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 5331

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

So we agree that pcq-upload is currently not compatible with masquerade, right?
With connection tracking on, it definitely works
Have you verified it personally in v6?
Can you post a working example?
by LatinSuD
Tue Oct 25, 2016 12:27 pm
Forum: General
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 5331

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

You may change "action=masquerade" to "action=same to-addresses=your.wan.ip.address" and recheck - this definitely works for me.
I only have 1 WAN IP address, can I use "same"?
by LatinSuD
Mon Oct 24, 2016 10:13 am
Forum: General
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 5331

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

So we agree that pcq-upload is currently not compatible with masquerade, right?
by LatinSuD
Fri Oct 21, 2016 7:24 pm
Forum: General
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 5331

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

and what value you see in '/queue tree print stats', pcq-queues=?

still works fine for me, marking in 'forward', queues are under 'global' :)
It says:
pcq-queues=1
Don't forget to use masquerade on the output interface.

Btw, using version 6.32.4
by LatinSuD
Fri Oct 21, 2016 11:16 am
Forum: General
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 5331

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

And yet it fails. /ip firewall mangle add action=mark-packet chain=forward new-packet-mark=prueba out-interface=pppoe-out1 /queue type add kind=pcq name=pcq-upload-prueba pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=1M \ pcq-src-address6-mask=64 /queue tree add name=pcq-upload-prueba...
by LatinSuD
Thu Oct 13, 2016 10:45 am
Forum: General
Topic: Cannot recover EoIP until I disable keepalive
Replies: 0
Views: 829

Cannot recover EoIP until I disable keepalive

We've got several EoIP tunnels running, and sometimes they stop working for no known reason. Once this happens the only way to bring them up again is to disable keepalive in one end (or both) of the tunnel . Disabling and reenabling the whole tunnel doesn't work either, only keepalive works. Sometim...
by LatinSuD
Mon Jun 20, 2016 3:32 pm
Forum: General
Topic: Old Winbox feature: autodetect username and password
Replies: 0
Views: 1240

Old Winbox feature: autodetect username and password

I have a script that invokes winbox automatically passing the IP of the board as a parameter, but not specifying username or password. Usernames and passwords have been previously saved in winbox. In Winbox 2.x when you only specified the IP, it would automatically lookup the corresponding username ...
by LatinSuD
Mon Jun 20, 2016 3:29 pm
Forum: General
Topic: Old Winbox feature: close on ESC key
Replies: 3
Views: 2489

Old Winbox feature: close on ESC key

On old versions of Winbox you could close welcome screen (the first screen before connecting anywhere) by pressing ESC key.

I liked that behaviour, could it come back?
by LatinSuD
Thu Dec 24, 2015 10:07 am
Forum: General
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 5331

Re: Suggestion: make "PCQ-Upload" compatible with "Maquerade" again

what parent do you use?
I think it doesn't work with any of them (global or interface)
by LatinSuD
Mon Nov 30, 2015 9:24 pm
Forum: General
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 5331

Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

The subject is quite descriptive: when using Masquerade PCQ-Upload queues work like standard queues.

It stopped working in V6 due to changes in packet flow.
by LatinSuD
Fri Oct 02, 2015 12:38 pm
Forum: General
Topic: CCR hangs when configuring SSH Keys
Replies: 0
Views: 806

CCR hangs when configuring SSH Keys

Have a CCR 6.32.2 (also happend with 6.29 iirc). Import a couple DSA SSH keys, (the same ones that used to work elsewhere, like on another CCR with 6.25). Try to connect through SSH to the CCR: It wont connect. Try again, it won't even show the "SSH-2.0-ROSSSH" banner. Now try to do a &quo...
by LatinSuD
Thu Sep 24, 2015 6:08 pm
Forum: General
Topic: PCQ Upload with NAT not possible in v6?
Replies: 0
Views: 726

PCQ Upload with NAT not possible in v6?

In previous versions of routeros you could put a PCQ-upload queue to handle fair upload bandwidth assignment. In ROS v6 it looks like the queues have moved to postrouting after NAT, this means that you cannot classify by src-address anymore, because you only get the final IP. Is there a way to do th...
by LatinSuD
Mon Sep 14, 2015 1:41 pm
Forum: General
Topic: Suggestion: Add a button to flush connections
Replies: 8
Views: 3553

Re: Suggestion: Add a button to flush connections

Quickest way
/ ip firewall connection tracking set enabled=no
/ ip firewall connection tracking set enabled=yes
I have tried that and IIRC it didn't work as expected.
by LatinSuD
Thu Sep 10, 2015 3:37 pm
Forum: General
Topic: Suggestion: Add a button to flush connections
Replies: 8
Views: 3553

Re: Suggestion: Add a button to flush connections

Where can I find a script that works? All my attempts end in random errors about non-existing connections. Also, and how many iterations do I have to try? Remember I can only remove 2048 connections at once, and between iterations new connections can be created and destroyed. Any scripted approach w...
by LatinSuD
Mon Sep 07, 2015 11:49 am
Forum: General
Topic: Suggestion: Add a button to flush connections
Replies: 8
Views: 3553

Suggestion: Add a button to flush connections

As we know connection management is a little limited (it shows at most 2048 connections). There are times when you want to flush/clear all connections and it is hard to do it, even with scripts. It would be great if there was a button/command to flush all connections at once. For example, after a ba...
by LatinSuD
Wed Jul 01, 2015 9:05 am
Forum: RouterBOARD hardware
Topic: all CCR crashed
Replies: 40
Views: 13274

Re: all CCR crashed

2 CCR crashed, i hope the bug will get fixed soon.

More details:
  • - CCR1036-12G-4S
  • - version 6.27
  • - NTP package installed. NTP client configured to a public server
by LatinSuD
Wed Jun 03, 2015 12:14 pm
Forum: General
Topic: Hotspot file location in new RB750 error
Replies: 0
Views: 773

Hotspot file location in new RB750 error

It looks like I can configure "html-directory" in two ways:
- "myoriginaldirectory"
- "flash/myoriginaldirectory"

During configuration Winbox suggests that I should use the second form, but it DOES NOT WORK. When trying it It gives a 404 error.
by LatinSuD
Sun May 31, 2015 10:52 pm
Forum: Announcements
Topic: hAP lite
Replies: 391
Views: 238846

Re: hAP lite

Got strange expression for this small device: it have no flash to downgrade ROS version!
I think upgrades (and maybe downgrades too) are made from ram.
Just put the NPK into the main folder (instead of /flash) and there you go.
by LatinSuD
Thu May 28, 2015 5:21 pm
Forum: Announcements
Topic: hAP lite
Replies: 391
Views: 238846

Re: hAP lite

Will it do VPN and custom firewall (filter, nat)?

We need a cheap router for casual remote support.
by LatinSuD
Wed May 13, 2015 12:58 pm
Forum: General
Topic: Old RB750 upgraded to RB 750r2 Hex Lite?
Replies: 10
Views: 14485

Re: Old RB750 upgraded to RB 750r2 Hex Lite?

What's WRONG with these new boards? - It looks like we now have to use "flash/" subdirectory and the root filesystem is some kind of ram disk (nobody told me, and had to find out the hard way). - We've got four of them and for some of them they just don't work. Or after resetting tens of t...
by LatinSuD
Thu Apr 09, 2015 8:27 pm
Forum: General
Topic: PPPoE subinterface traffic counted twice
Replies: 0
Views: 719

PPPoE subinterface traffic counted twice

We're seeing this interface report about 200Mb of Tx traffic, while we estimate it to be transporting about 100Mb of PPPoE traffic only. We have come to the conclusion that it is counting the traffic twice (once for the physical interface, and again for the sum of the PPPoE subinterfaces). This beha...
by LatinSuD
Mon Mar 16, 2015 11:58 am
Forum: General
Topic: Export to file fun
Replies: 0
Views: 776

Export to file fun

This is a ROS 6.27 x86. When I export the configuration to a file the section "/ip pool" gets divided into two parts. While it is arguably a valid export I just cannot imagine what's happening inside. Eg: /ip pool add name=hs-pool-1 ranges="...." add name=wifiPublico ranges=... a...
by LatinSuD
Tue Feb 24, 2015 6:29 pm
Forum: General
Topic: CCR 6.27 unstable
Replies: 1
Views: 1185

CCR 6.27 unstable

We got this CCR1036-12G-4S with many PPPoE and hotspot users.

After a few minutes of activity the system becomes very unstable, IP->Routes doesn't even show

With version 6.25 this didn't happen.
by LatinSuD
Mon Oct 07, 2013 3:24 pm
Forum: General
Topic: NAT Protection
Replies: 2
Views: 1570

Re: NAT Protection

Check if the attack is saturating all your bandwidth. In that case there few little things you can do.
by LatinSuD
Mon Oct 07, 2013 3:20 pm
Forum: General
Topic: Total connections limit?
Replies: 12
Views: 5442

Re: Total connections limit?

Is there a way to override this display limit, even temporarily?
by LatinSuD
Mon May 27, 2013 2:13 pm
Forum: General
Topic: First time config CCR-1036-12G-4S
Replies: 4
Views: 6325

Re: First time config CCR-1036-12G-4S

After a reset the calibration of my display is completely wrong, like if it had been flipped 180º. The upper right corner is swapped with the bottom left corner. Upper left and bottom right corners work fine though. After recalibration everything is ok. Seen that, what the system REALLY SHOULD DO is...
by LatinSuD
Tue Oct 30, 2012 3:44 pm
Forum: Beginner Basics
Topic: HOTSPOT - issues with secure web pages.
Replies: 22
Views: 15606

Re: HOTSPOT - issues with secure web pages.

This problem basically has no solution. And it only got worse as Google now defaults to https. Hotspots work in a kind of intrusive way, and HTTPS is secure enough to prevent this and other intrusions. Even if you redirected HTTPS, which can be technically done, it would fail at verifying the certif...
by LatinSuD
Wed Sep 26, 2012 2:06 pm
Forum: General
Topic: Problems SSH and terminal (x86 ros 5.18 and up)
Replies: 26
Views: 14640

Re: Problems SSH and terminal (x86 ros 5.18 and up)

This script used to work in 4.x. Now I tested in 5.19 and 5.20 and does not. echo "/ip hotspot user print terse from=[/ip hotspot user find ];" | ssh admin@192.168.88.1 This script does work in all versions (but is not what i want to run): echo "/ip hotspot user print terse;" | s...
by LatinSuD
Thu Aug 02, 2012 7:00 pm
Forum: General
Topic: Super Webfig proof of concept
Replies: 4
Views: 4014

Super Webfig proof of concept

This is a proof of concept of some features i was missing in both Winbox and Webfig *** An image is worth more than 1000 words: http://www.latinsud.com/pub/routeros/routeros-demo.png *** Features - Automatic columns: only show columns for which values have been set (no more, no less). They are also ...
by LatinSuD
Wed Aug 01, 2012 1:29 pm
Forum: General
Topic: Webfig skins (tutorial)
Replies: 100
Views: 123009

Re: Webfig skins (tutorial)

In particular, is there a way to add columns like "to-address" in nat and all other firewall columns?
Without them, webfig is not very useful for firewall.
by LatinSuD
Wed Feb 08, 2012 1:50 pm
Forum: General
Topic: Some device stop to ping my Mikrotik
Replies: 8
Views: 2328

Re: Some device stop to ping my Mikrotik

May have to do with bridge vs arp timeout.

When pings fail, try clearing arp table (ip->arp) and try again.
Also check the bridge mac table of every equipment.
by LatinSuD
Wed Feb 08, 2012 1:46 pm
Forum: General
Topic: strange icmp traffic and some connection
Replies: 5
Views: 1621

Re: strange icmp traffic and some connection

Are you using hotspot?
Are you using any DROP rule?

From where are you trying to connect?

Is everything configured with a correct gateway?

Are you using routing/bridging/wds or what?

Bring IP address of everything.
by LatinSuD
Wed Feb 08, 2012 1:42 pm
Forum: General
Topic: winbox editing
Replies: 2
Views: 1285

Re: winbox editing

I think it is not open source, and there is not chance to develop modules for it.

I think you could use the API to develop your own software.
by LatinSuD
Wed Feb 08, 2012 1:34 pm
Forum: General
Topic: Trojan-Dropper.JS.Agent.fk on mikrotik or not?
Replies: 21
Views: 4137

Re: Trojan-Dropper.JS.Agent.fk on mikrotik or not?

There are many side explanations to that:
- Your computer may be already infected.
- Hotspot files got infected.
- Web cache got poisoned.
- General network poisoning.

Is it reproducible on different computers?
Can you download a sample of the virus?
by LatinSuD
Tue Feb 07, 2012 9:05 pm
Forum: Forwarding Protocols
Topic: Firewall + nat problem
Replies: 2
Views: 2614

Re: Firewall + nat problem

That's because forward filter happens after dstnat ( http://wiki.mikrotik.com/wiki/Packet_Flow#Diagram If you understand it), so port 2525 has already been translated to 25. If you want to distinguish you could try with packet marking. Leave Dstnat the same. /ip firewall mangle ;; Prerouting mangle ...
by LatinSuD
Tue Feb 07, 2012 8:53 pm
Forum: General
Topic: Hotspot public address and Routing
Replies: 4
Views: 3300

Hotspot public address and Routing

I'm using the Hotspot's feature that allows to give users public IP at the moment they log in. Basic configuration is: /ip pool add name=publicRange ranges=222.22.22.1-222.22.22.254 /ip hotspot add name=Wifi1 interface=Wifi1 profile=Wifi1 add name=Wifi2 interface=Wifi2 profile=Wifi2 /ip hotspot user...
by LatinSuD
Tue Feb 07, 2012 8:43 pm
Forum: Forwarding Protocols
Topic: [SOLVED] OSPF,HOTSPOT
Replies: 4
Views: 2486

Re: OSPF,HOTSPOT

Does DNS work at clients? If not, can they still go to hotspot page by IP?
by LatinSuD
Tue Jul 05, 2011 9:39 pm
Forum: General
Topic: View/manipulate interface tx queue length
Replies: 3
Views: 4026

Re: View/manipulate interface tx queue length

My tips for performance on vmware: ESX(i) Use ESX/ESXi instead of Server/Workstation. e1000 Make sure the virtual machine gets Intel (e1000) virtual ethernet instead of AMD (vlance). They say the trick is setting the guest to a 64 bit type. You can also manually do a ethernet0.virtualDev = "e10...
by LatinSuD
Tue Jul 05, 2011 8:22 pm
Forum: General
Topic: vlan + sniffing = problem
Replies: 11
Views: 6187

Re: vlan + sniffing = problem

Afaik It's an ethernet interface.
There are VLAN interfaces on top of that one, but that's another story.
by LatinSuD
Tue Jul 05, 2011 2:06 pm
Forum: General
Topic: vlan + sniffing = problem
Replies: 11
Views: 6187

vlan + sniffing = problem

This is ROS 4.17. I have several Vlans defined over an interface. When i use packet sniffer over the base interface i have these problems: - It sniffs all packets coming from all VLANS (this is not really a problem, but there should be an option like in Torch). - All packets have "VLAN Id"...
by LatinSuD
Fri Jun 10, 2011 10:55 am
Forum: Beginner Basics
Topic: Hotspot eventually stops working
Replies: 2
Views: 1263

Hotspot eventually stops working

I've seen sometimes (maybe once a month) hotspot stops working in this way: it stops adding new hosts. When this happens I can see people getting DHCP, but they don't appear new hosts in the hotspot section. At that time i can even remove any host and it won't reappear automatically as it should (ev...
by LatinSuD
Thu May 12, 2011 2:17 pm
Forum: The Dude
Topic: Graph problems when data is not coming from a Mikrotik dev.
Replies: 16
Views: 7012

Re: Graph problems when data is not coming from a Mikrotik d

I had a similar problem.
My solution was increase polling interval from 5 to 10 seconds.

Maybe you should try increase it more (say 60 seconds or more).
by LatinSuD
Mon May 09, 2011 2:13 pm
Forum: The Dude
Topic: [Bug] Outages list empty in web
Replies: 0
Views: 926

[Bug] Outages list empty in web

I have 6 active outages that display correctly in dude.

But if i enter through web and click on Outages, the list is always empty.

Using Dude 4.0beta3.
by LatinSuD
Wed Mar 23, 2011 3:28 pm
Forum: General
Topic: Hotspot and firewall: "to-client" problem
Replies: 0
Views: 711

Hotspot and firewall: "to-client" problem

I'm having trouble with the "to-client" attribute for firewall rules. Imho, the definition of "to-client" should be packets destined to ip addresses that appear in the "to-address" of the hostpot->hosts list. Said that, it seems to fail in these cases: - Firewall rules ...
by LatinSuD
Wed Dec 22, 2010 3:59 pm
Forum: General
Topic: pcc load balancing
Replies: 5
Views: 1926

Re: pcc load balancing

Short answer: - You can have N different addresses on the same interface (you can even do that on windows :) ). - PCC load balancing on your case should be quite straightforward. Keep in mind that load balancing and policy routing is generally based on the gateway address (you have 4) rather than th...
by LatinSuD
Wed Dec 22, 2010 3:52 pm
Forum: General
Topic: Torch should always show Ports columns
Replies: 1
Views: 1183

Torch should always show Ports columns

Even if i filter by port on torch, it should keep showing the 2 port columns.
Connections use 2 ports, the one i'm specifying and another that i want to know sometimes.
by LatinSuD
Wed Dec 22, 2010 3:47 pm
Forum: General
Topic: Firewall nat bug
Replies: 3
Views: 1052

Re: Vlan problems with torch and nat

(post removed, see my post above)
by LatinSuD
Wed Dec 22, 2010 3:44 pm
Forum: General
Topic: Firewall nat bug
Replies: 3
Views: 1052

(post removed, see my post above)
by LatinSuD
Wed Dec 22, 2010 3:32 pm
Forum: General
Topic: Firewall nat bug
Replies: 3
Views: 1052

Firewall nat bug

I detected this because i could not dstnat more than 1 connection to a host if i used masquerade. I got these 2 rules, they look the same but one works and the other doesn't: 16 chain=srcnat action=masquerade protocol=tcp dst-address=192.168.160.2 dst-port=8291 17 chain=srcnat action=masquerade prot...
by LatinSuD
Mon Nov 29, 2010 11:09 pm
Forum: Scripting
Topic: Script to clear ARP
Replies: 4
Views: 18121

Re: Script to clear ARP

/ip arp remove [find]

(May fail if arp table is empty)
by LatinSuD
Mon Nov 29, 2010 4:07 pm
Forum: Scripting
Topic: Please Fix Documentation or Variables Behaviour
Replies: 0
Views: 793

Please Fix Documentation or Variables Behaviour

According to documentation, new unassigned variables should have a value of nil , but they have a value of nothing . Moreover, according to documentation it doesn't exist a type called nothing . The simplest example shows a different thing: [admin@mt] :global kk ; :put [:typeof $kk] nothing Related ...
by LatinSuD
Mon Oct 04, 2010 11:44 am
Forum: General
Topic: L2tp tunnels break
Replies: 0
Views: 735

L2tp tunnels break

I have a l2tp tunnel over a unstable wan line. The connection breaks often, but MT fails to restablish it. I found out the problem is that IP is not removed properly on the client. As a workaround I have this script scheduled every minute. It checks if the IP of the tunnel is being used when the tun...
by LatinSuD
Tue Jun 01, 2010 7:37 pm
Forum: General
Topic: Problems with DNS in Version 4.x
Replies: 47
Views: 11482

Re: Problems with DNS in Version 4.x

Switched dns to debian+djdbns
by LatinSuD
Tue Jun 01, 2010 7:29 pm
Forum: General
Topic: [Suggestion] Distributed public IP pools
Replies: 4
Views: 2292

[Suggestion] Distributed public IP pools

We have 256 ip addresses but we'd like not to waste them. Currently each of the small routers (Router1 and Router2) get 128 addresses each. Clients get public ip address by logging into hotspot or pppoe. ____ Router1 - clients / Internet - CoreRouter \____ Router2 - clients This address balancing is...
by LatinSuD
Tue Apr 27, 2010 11:17 pm
Forum: General
Topic: Bug: conntrack + queue tree = problem
Replies: 2
Views: 1147

Re: Bug: conntrack + queue tree = problem

Might be related to this:
http://kerneltrap.org/mailarchive/linux ... id-4825394

Though they suggest it should happen on SMP systems and mine is not.
by LatinSuD
Tue Apr 27, 2010 10:47 pm
Forum: General
Topic: Bug: conntrack + queue tree = problem
Replies: 2
Views: 1147

Bug: conntrack + queue tree = problem

For this test you need: A PC with recent linux distro (like debian testing or Fedora 11), which sends A and AAAA DNS queries at the same time. Routeros 4.6: Configure IP so it can act as a gateway for the PC (no nat required). Have conntrack enabled (by default). Add a trivial queue tree like this (...
by LatinSuD
Mon Apr 12, 2010 4:02 pm
Forum: General
Topic: Winbox comment selection bug?
Replies: 3
Views: 1298

Winbox comment selection bug?

This is a simple small bug: - Go to a firewall rule, and open the window to edit the comment. - (If the rule didn't have a comment type one, then close the edit-comment-window and open it again). - Try select the whole comment with mouse or keyboard, from right to left! After less than a second, par...
by LatinSuD
Thu Mar 25, 2010 12:59 pm
Forum: General
Topic: Hotspot + vlan + mtu advice in 3.30
Replies: 0
Views: 799

Hotspot + vlan + mtu advice in 3.30

I have a PC with ROS 3.30, in a VMware server. I already have a standard hotspot setup. But now i wanted to set a VLAN interface on the ethernet interface, and set up a different hotspot there. The problem was that hotspot login page did not fully load. I understood that it was a MTU problem. Both p...
by LatinSuD
Tue Mar 09, 2010 7:14 pm
Forum: General
Topic: Problems with DNS in Version 4.x
Replies: 47
Views: 11482

Re: Problems with DNS in Version 4.x

Try "/ip dns print" from a terminal.
by LatinSuD
Tue Jan 26, 2010 11:27 am
Forum: General
Topic: Dynamic filter rules
Replies: 1
Views: 1021

Dynamic filter rules

Did PPP incoming-filter change in recent versions?

Where can I find an example of incoming-filter setup? The documentation says that i should look in the Examples section, but examples do not show the filter setup!!
by LatinSuD
Mon Jan 18, 2010 3:31 pm
Forum: General
Topic: Feature Request: Winbox for BlackBerry (crazy but effective)
Replies: 44
Views: 31656

Re: Feature Request: Winbox for BlackBerry (crazy but effective)

Blackberry itself is sad, anyway
by LatinSuD
Wed Dec 23, 2009 2:42 pm
Forum: General
Topic: Mac-telnet for linux
Replies: 20
Views: 9009

Re: Mac-telnet for linux

I did some work time ago, basically the authentication part only.
Not useful yet.
by LatinSuD
Wed Dec 23, 2009 2:36 pm
Forum: General
Topic: Hotspot Hijack MAC address
Replies: 1
Views: 925

Re: Hotspot Hijack MAC address

Try with this:
IP -> Hotspot -> Server -> your hotspot -> Address Pool = None

Anyway I thought it only happend in 2.x versions of routeros. What version is it?
by LatinSuD
Mon Dec 21, 2009 11:40 am
Forum: General
Topic: Proxy src address preservation
Replies: 2
Views: 1050

Proxy src address preservation

Is it possible to preserve user ip address with transparent proxy?

Currently it seems to add an http header with original address, but i'd like that the connection appeared from the client's address.
by LatinSuD
Thu Nov 26, 2009 11:03 am
Forum: General
Topic: pptp and redirect
Replies: 2
Views: 1231

Re: pptp and redirect

If they are using Fixed IP Address for PPTP: You'll need an external web site for the message. - for port 80 connections, from=<pptp-ip-range>, and users that not on address-list, jump to a new chain: -- redirect to proxy -- add ip to an address-list (for some time interval, eg: 24h) - configure pro...
by LatinSuD
Wed Oct 21, 2009 11:10 am
Forum: General
Topic: Feature Request: Winbox for BlackBerry (crazy but effective)
Replies: 44
Views: 31656

Re: Feature Request: Winbox for BlackBerry (crazy but effective)

And another one for Android OS!
by LatinSuD
Tue Oct 20, 2009 10:50 am
Forum: General
Topic: Problems with DNS for www.google.com
Replies: 174
Views: 65748

Re: Problems with DNS for www.google.com

My bet is about big DNS replies and PPPoe MTU.

Does that DNS traffic go over UDP or TCP?

I once was using a wrong DNS server which eventually cut TCP support, and big requests didn't work.
by LatinSuD
Tue Oct 20, 2009 10:45 am
Forum: General
Topic: Hotspot: user profile pool overrides user address
Replies: 2
Views: 1239

Re: Hotspot: user profile pool overrides user address

Yes 3.30, and also 2.9.51.
by LatinSuD
Mon Oct 19, 2009 8:54 pm
Forum: General
Topic: Hotspot: user profile pool overrides user address
Replies: 2
Views: 1239

Hotspot: user profile pool overrides user address

I have a couple of user profiles in hotspot, both with address-pool configured so i can give them public ip addresses. The problem comes when i want to give a specific user a specific IP address. I would normally set the "address" field of the user, but that value is ignored when the user ...
by LatinSuD
Thu Sep 10, 2009 1:05 am
Forum: General
Topic: Suggestion for firewall display
Replies: 4
Views: 1692

Re: Suggestion for firewall display

Not fast enough. Increases level of stress when you are already under stress (i have many chains and too little time to manage them).
by LatinSuD
Thu Sep 03, 2009 2:41 pm
Forum: General
Topic: Suggestion for firewall display
Replies: 4
Views: 1692

Suggestion for firewall display

The suggestion is easy but powerful.
In firewall, instead of selecting "chains" by a listbox, use Tabs:

Image
(After posting the pic I realized that there should be a "show all" tab too).
by LatinSuD
Wed Jun 03, 2009 6:43 pm
Forum: General
Topic: Winbox columns suggestions
Replies: 1
Views: 1229

Winbox columns suggestions

2 suggestions about columns in winbox: Auto-show/hide: Have a button that hides unused columns and shows used ones. For example, in firewall->filter, do display "connection-mark" column only and only if there is a rule currently visible that uses that condition. Auto-width columns: Have a ...
by LatinSuD
Thu Apr 30, 2009 7:44 pm
Forum: General
Topic: Erroneous ping count in 3.23
Replies: 2
Views: 1644

Erroneous ping count in 3.23

I have a device that seems to be losing packets. While ping in console shows packet lose, pinging with winbox doesn't. http://img237.imageshack.us/img237/8321/pingcount.png Note that it is configured to send 10 pings and it only received 3 pings. It says "3 of 3" but it should be "3 o...
by LatinSuD
Wed Apr 22, 2009 11:35 am
Forum: The Dude
Topic: Show Multiple history of items
Replies: 1
Views: 892

Show Multiple history of items

We've developed a custom application in php to show status history of networks in tables.

Is it possible to do something similar with the dude? Can it be implemented?

Image
by LatinSuD
Tue Apr 21, 2009 10:03 pm
Forum: The Dude
Topic: Custom Layers
Replies: 1
Views: 1461

Custom Layers

I see in the map there's a listbox called "Layers", which can be either "links" or "dependencies".

Is it possible to create custom layers or views according to some function or attribute set on devices?
by LatinSuD
Tue Jan 27, 2009 2:42 pm
Forum: General
Topic: Login by mac on 2.9.51
Replies: 1
Views: 1074

Login by mac on 2.9.51

We have a hotspot client that has dhcp+login-by-mac. The problem is that eventually they get hotspot asking for username and password. The cause seems to be that IP changes too quick and it happens a "no more sessions allowed for this user" event. After the old IP has been removed, the new...
by LatinSuD
Tue Oct 14, 2008 4:04 pm
Forum: General
Topic: how can i do this?
Replies: 4
Views: 1489

Re: how can i do this?

And every single device has its own public ip address?
by LatinSuD
Wed Oct 01, 2008 7:06 pm
Forum: General
Topic: how can i do this?
Replies: 4
Views: 1489

Re: how can i do this?

-If I understood correct everything is using real public IP (server and users). There are 3 options: - Option 1: the gateway of the web server is the routeros (so it can convert the dst-nat back). - Option 2: do masquerade as well as the dst-nat (so the web server thinks the packets are coming from ...
by LatinSuD
Wed Oct 01, 2008 6:54 pm
Forum: General
Topic: Transparent Proxy in MT 3.14
Replies: 7
Views: 2408

Re: Transparent Proxy in MT 3.14

In 2.9 there were 2 web proxies: - "Proxy": typically only available to hotspot users. - "Web-Proxy": to use at your own discretion (just enable it on default port 3128, enable the transparent proxy option and manually insert rules in nat->dst-nat for protocl=tcp dst-port=80 with...
by LatinSuD
Wed Oct 01, 2008 6:38 pm
Forum: General
Topic: ECMP bug and workaround
Replies: 1
Views: 1150

ECMP bug and workaround

ECMP does not work for locally generated packets when using separate interfaces and not masquerading own external address. Example scenario: There are 2 gateways: 192.168.16.1 and 192.168.17.1. - Interface1: 192.168.16.2/24 - Interface2: 192.168.17.2/24 - Interface0: 192.168.0.1/24 - Default route h...
by LatinSuD
Wed Jun 04, 2008 9:06 pm
Forum: Scripting
Topic: find command and special character question!
Replies: 1
Views: 1461

Re: find command and special character question!

Something like:
:local myIp ""

/ip neighbor

:foreach i in=[find] do={ 
	:set myIp [ get $i address ]
	:if ( $myIp >= "10.10.0.0" && $myIp <="10.10.255.255" ) do={

		:log info ( "Do some action with this ip ... " . $myIp )

	}
}
by LatinSuD
Wed Jun 04, 2008 8:53 pm
Forum: Scripting
Topic: Auto-restoring last working configuration?
Replies: 1
Views: 1602

Re: Auto-restoring last working configuration?

Save current working config (/system backup save name=working )
Make a schedule of a /system backup load name=working in 10 minutes.

If it works disable/delete schedule before 10 minutes.

I have not tested it, but it may work.
by LatinSuD
Wed Jun 04, 2008 8:24 pm
Forum: Scripting
Topic: Variables behaviour in 3.10
Replies: 1
Views: 1680

Variables behaviour in 3.10

What's the correct use of variables in 3.x? I am missing some docs and i can't get it to work, even the given examples (ddns on wiki). An undefined variable should have a type of nil , but it has a type of "nothing" ! An unset variable has a type of "nil" , but mind quotes becaus...
by LatinSuD
Wed Jun 04, 2008 8:16 pm
Forum: General
Topic: Show a generic new-mark column in winbox
Replies: 2
Views: 2102

Re: Show a generic new-mark column in winbox

Then allow all types. User may choose between use individual columns or generic ones.

The weak point is that it may result a little confusing for users. Any ideas?
by LatinSuD
Wed Jun 04, 2008 3:07 pm
Forum: General
Topic: Show a generic new-mark column in winbox
Replies: 2
Views: 2102

Show a generic new-mark column in winbox

In winbox firewall mangle section, instead of having these 3 columns:
- new packet mark
- new routing mark
- new connection mark

Why not have a generic "new mark" column? That is, spend only one column for all of the marks above.
It should be ok as only one type of mark is allowed per rule.
by LatinSuD
Tue Mar 11, 2008 12:29 pm
Forum: General
Topic: Max. Cache Size: none
Replies: 8
Views: 2726

Re: Max. Cache Size: none

Have you tried stopping (disabling) the proxy before commiting any change, and then starting it again ?
by LatinSuD
Wed Jan 16, 2008 6:44 pm
Forum: General
Topic: Winbox drag-drop of multiple items order
Replies: 0
Views: 1337

Winbox drag-drop of multiple items order

When i drag&drop multiple rules in winbox (eg: in mangle) they usually get disordered.
This is specially true, but not exclusive, for rules belonging to different chains, winbox seems to regroup them by chains.
I'd like it to respect original order.
Thank you.
by LatinSuD
Mon Jan 14, 2008 6:14 pm
Forum: General
Topic: VLAN switch problem
Replies: 3
Views: 3020

VLAN switch problem

I have a routeros with 2 lan ports: users and internet gateways. I'd like to have more ports to monitor and control all internet gateways independently. I have a SMC 8024L2 VLAN switch and I try to set it up like this, but it seems not to work: - Gateways go on untagged vlan ports (vlan2, vlan3, vla...
by LatinSuD
Thu Dec 20, 2007 12:40 pm
Forum: General
Topic: L2TP bug ?
Replies: 2
Views: 2607

L2TP bug ?

We found a problem of routes disappearing on L2TP tunnels. When it happens we must disable and reenable tunnel to make it work again. Addresses are assigned statically and server address (10.6.0.1) is shared by all connections. There are several kinds of VPN tunnels. We have 2.9.48 on both ends. I a...
by LatinSuD
Mon Dec 03, 2007 3:40 pm
Forum: General
Topic: Static dns failure on hotspot - can't load login page
Replies: 6
Views: 4161

Re: Static dns failure on hotspot - can't load login page

I've just had a similar problem with 2.9.48. I used to have 2.9.46 and i'm not sure whether it happened then. Bypassed hosts got dns working correct, but hotspot users couldn't login (with dns errors). I did some sniffing and got mikrotik sending ICMP port 53 unreachable to hosts!! Also found a dyna...
by LatinSuD
Wed Oct 31, 2007 11:11 am
Forum: General
Topic: Compatible UPS
Replies: 0
Views: 871

Compatible UPS

Is there a list of compatible UPS units, or can you tell me which brand/model supports the most of this features?
  • RS232 interface (compatible with routeros)
  • USB interface (compatible with routeros)
  • Auto power-on if it runs completely out of battery and AC is later restored.
by LatinSuD
Fri Sep 14, 2007 3:22 pm
Forum: General
Topic: UPnP bug?
Replies: 1
Views: 2209

UPnP bug?

I've been trying emule latest version (0.48a, which supports upnp) and MT 2.9.46. I have enabled UPnP on a big wireless network and seems to work, as many rules appear for different addresses. But i had some trouble in testing it myself at the office (all machines XP SP2 spanish). In one computer it...
by LatinSuD
Thu Sep 06, 2007 8:48 pm
Forum: General
Topic: msn audio not working behind NON-NATting setup
Replies: 10
Views: 2248

Re: msn audio not working behind NON-NATting setup

Use less restrictive firewall rules? Like only dropping "invalid" packets, but not new incoming. Maybe you could configure a range/window of incoming ports to be always open? That is tell msn to use certain ports, and tell MT not to filter those ports. Maybe MT could implement MSN related ...
by LatinSuD
Wed Sep 05, 2007 2:44 pm
Forum: Scripting
Topic: Scripting.. missing :unset command
Replies: 4
Views: 3787

Re: Scripting.. missing :unset command

Manual should be updated then! :o http://www.mikrotik.com/testdocs/ros/2.9/system/scripting.php Btw, because of wrong documentation i got into this error: :local myvar :foreach i in=1 do={ :set myvar hello } :put ( [:typeof $myvar] . $myvar ) nil What i thought i was doing: - Declare a local variabl...
by LatinSuD
Fri Jul 27, 2007 11:42 am
Forum: General
Topic: Ip-proxy long header error 400 (hotmail)
Replies: 3
Views: 3008

Re: Ip-proxy long header error 400 (hotmail)

I've used default configuration for 'ip proxy' (2.9.44 version, web-proxy test enabled), I have not been able to reproduce any issues with login to HotMail. Could you provide your proxy configuration ? It is not related to web-proxy, but "ip-proxy". I have a hotspot and user profiles have...
by LatinSuD
Thu Jul 26, 2007 8:34 pm
Forum: General
Topic: Ip-proxy long header error 400 (hotmail)
Replies: 3
Views: 3008

Ip-proxy long header error 400 (hotmail)

I've been debugging a problem with a user that couldn't log into hotmail when using ip-proxy, it receives a 400 http proxy error. With help of firefox's http-live-headers i could reproduce it on several places, and tested mikrotik versions 2.9.9, 2.9.19 and 2.9.43. The request is about 4200 bytes lo...
by LatinSuD
Tue Jun 12, 2007 2:03 pm
Forum: General
Topic: Winbox double click issue
Replies: 1
Views: 1525

Winbox double click issue

I often get an undesired drag&drop effect when opening 2 or more Winbox instances. The procedure is: - Open a Winbox, connect, and open subwindow that allows drag&drop (eg: firewall filter). - Open another Winbox, but don't connect yet. - Place the Loader window so when you click on a stored...
by LatinSuD
Thu Jun 07, 2007 3:23 pm
Forum: General
Topic: MSS bugs ?
Replies: 2
Views: 1538

Re: MSS bugs ?

I'm a little confused, i have a MT 2.9.23 that uses wrong MSS for locally generated packets, but a MT 2.9.24 does work. I'll try upgrade and tell you later.

Thank you.
by LatinSuD
Wed Jun 06, 2007 1:34 pm
Forum: General
Topic: MSS bugs ?
Replies: 2
Views: 1538

MSS bugs ?

I think that dynamic TCP MSS rules for PPPoE interfaces could be enhanced in 2 ways: * The rule that matches by "out-interface" should be in "postrouting" instead of forward. Locally generated TCP packets seem not to have correct MSS. Those don't go through "forward", b...
by LatinSuD
Thu Dec 21, 2006 3:21 pm
Forum: General
Topic: WINBOX MAC SCAN
Replies: 4
Views: 3157

I talked about discovery, but "Mac telnet" is another story yes.

Btw, have you noticed that you can do mac telnet from winbox? Just type mac addy instead of ip addy. :wink:
by LatinSuD
Mon Dec 18, 2006 2:49 pm
Forum: General
Topic: WINBOX MAC SCAN
Replies: 4
Views: 3157

Official docs: http://www.mikrotik.com/docs/ros/2.9/ip/mndp Mt is supposed to send mndp packets each 60 secons, but you can active poll it like neighborViewer does, according to wireshark: Send UDP packet localip:5678 -> 255.255.255.255:5678 Containing 8 bytes of data: 00 00 00 00 00 06 00 00 Respon...
by LatinSuD
Mon Dec 18, 2006 2:31 pm
Forum: General
Topic: pppoe connection with ISP from within NAT-ed LAN
Replies: 2
Views: 1243

http://forum.mikrotik.com/viewtopic.php ... highlight=

Your best chance is disable nat, enable bridging.

Or else put another pppoe-server on mt.

Or else don't use pppoe, use vpn or other tunnelling protocol if you want.
by LatinSuD
Tue Dec 12, 2006 7:13 pm
Forum: General
Topic: Hotspot login + http-keepalive = problem
Replies: 0
Views: 1346

Hotspot login + http-keepalive = problem

I noticed a problem when i try enter a web site, be redirected to hotspot, login and then try enter the site. I get an error. The problem is that while firefox sends this request GET / HTTP/1.1 Host: www.terra.es Mt proxy sends this to web server, which is imho incorrect: GET http://www.terra.es/ HT...
by LatinSuD
Mon Dec 11, 2006 1:16 pm
Forum: General
Topic: Tcp MSS question
Replies: 0
Views: 1012

Tcp MSS question

On pppoe links, when you enable to change tcp mss mt adds mangle rules for both incoming and outgoing traffic so mss is set to whatever value (eg: 1480). The problem is: what if an incoming packet had a lower mss value (eg: 1400) ? Does mt overwrite a 1400 mss with 1480 ? Maybe mss rule should have ...
by LatinSuD
Tue Nov 28, 2006 12:46 pm
Forum: General
Topic: Nth a little biased
Replies: 4
Views: 1764

I found a trick. I created 2 set of rules: - one of them just like the ones i posted before - the other does the same but in opposite order (first adds to listaB, second to listaA). When i follow these rules they bias in favour of listaB. I made a timer so each 5 minutes i switch over one or other r...
by LatinSuD
Tue Nov 14, 2006 6:21 pm
Forum: General
Topic: Nth a little biased
Replies: 4
Views: 1764

It was the respective latest version of routeros when we updated them. I didn't know those were weird versions.

We also have this on 2.9.24, same behaviour.
by LatinSuD
Tue Nov 14, 2006 2:05 pm
Forum: General
Topic: Nth a little biased
Replies: 4
Views: 1764

Nth a little biased

I am trying some load balance with src address lists: 1 ;;; Enrutar chain=prerouting src-address-list=clientes dst-address-list=!internas action=jump jump-target=enrutar 2 chain=enrutar src-address-list=ruta2 action=return 3 chain=enrutar src-address-list=ruta3 action=return 4 chain=enrutar nth=1,3,...
by LatinSuD
Wed Sep 27, 2006 5:42 pm
Forum: General
Topic: Proxy default expiration time
Replies: 1
Views: 1470

Proxy default expiration time

Hi, i just read in docs that web sites that don't specify caching instructions expire from cache in 72 hours.

We had a problem with a customer that said that some pages did not update until 72 hours had passed.

Can we change that default expiration time? Do you have any other suggestion?

Thanks
by LatinSuD
Thu Jul 13, 2006 5:46 pm
Forum: Scripting
Topic: Wild Card DNS
Replies: 14
Views: 8735

DNS "spoofing" has to be done with care, because DNS records tend to be cached and will not change until timeout expires (imho).
by LatinSuD
Wed Jul 05, 2006 5:47 pm
Forum: General
Topic: Remote gateway and failover
Replies: 2
Views: 1436

Thanks, that's it.
by LatinSuD
Wed Jul 05, 2006 5:45 pm
Forum: General
Topic: Improvements for "find"
Replies: 0
Views: 1438

Improvements for "find"

It'd be great if find supported wildcards. Like this:
disable [find comment="*groupA*"] 
Is it possible to look for unset fields? Like this:
disable [find distance=none]
Note that currently you cannot use "none" as value.
by LatinSuD
Wed Jul 05, 2006 4:37 pm
Forum: General
Topic: Remote gateway and failover
Replies: 2
Views: 1436

Remote gateway and failover

I have a MT that is connected to several internet routers like this: __MT__ ____Router1___ _Internet_ 10.0.0.2 10.0.0.1-80.80.80.2 80.80.80.1 Router1 sometimes loses internet connectivity and that's what i want to detect. With check-gateway option i can see whether 10.0.0.1 is reachable, but i'd lik...
by LatinSuD
Fri Jun 30, 2006 10:33 am
Forum: General
Topic: check-gateway question
Replies: 1
Views: 979

check-gateway question

How does /ip route ... check-gateway work?

I'm interested in ping. How many pings does it perform before considering the gateway dead? Will it give false positives over a ldms or wireless quite stable link?

Thanks
by LatinSuD
Wed May 31, 2006 1:36 pm
Forum: Scripting
Topic: sms and email public ip
Replies: 1
Views: 1661

Why not use dynamic-dns client? There was some example in the wiki.

Ok, there will be a while while dns updates, but most time it will be accesible.
by LatinSuD
Wed May 31, 2006 1:28 pm
Forum: General
Topic: VPN resources question
Replies: 2
Views: 1356

VPN resources question

Will a 800MHz via cpu based computer work fine with:

- 15 simultaneous tunnels (e.g. pptp), of an average of 2Mb traffic each?

Thanks
by LatinSuD
Wed May 31, 2006 1:24 pm
Forum: General
Topic: how to hide my network
Replies: 13
Views: 3335

Imho if a couple of users voluntarily add a route to access each other through gateway they will have access to resources.

If you reall want to block netbios i'd also to block these ports:
tcp & udp: 135,137,138,139
tcp: 445
by LatinSuD
Fri Apr 21, 2006 11:25 pm
Forum: General
Topic: Hotspot with transparent appearance
Replies: 3
Views: 1493

Re: Hotspot with transparent appearance

authenticate the clients, then log and disconnect them
What do you mean with that?
but I dont want it to filter
If you don't filter why would users log in?

Why not use masquerade? How about netmap?
by LatinSuD
Wed Apr 12, 2006 10:59 am
Forum: General
Topic: Winbox port problem
Replies: 0
Views: 881

Winbox port problem

Hi, we have several mikrotik together and we want to access them through internet. One mikrotik is behind the other on the same public ip address. We did dst-nat from port 8293 to port 8291 of the mt behind. In theory it works, but winbox always connect to default port (8291) even if you specify a d...
by LatinSuD
Thu Apr 06, 2006 11:00 am
Forum: General
Topic: Subversion fails (propfind makes 400 bad request)
Replies: 0
Views: 1254

Subversion fails (propfind makes 400 bad request)

Hi, using mt 2.9.18, hotspot, ip-proxy and web-proxy it seems that i cannot use subversion to download things through http. I get this error from proxy: svn: requerimiento PROPFIND falló en '/code/tools/wispy' svn: PROPFIND de '/code/tools/wispy': 400 Bad Request (http://svn.kismetwireless.net) When...
by LatinSuD
Thu Mar 09, 2006 3:19 pm
Forum: General
Topic: TCP Close connection tracking not timing out
Replies: 1
Views: 1284

TCP Close connection tracking not timing out

I have mt 2.9.14 and default connection tracking values. I have hotspot, masquerade and some connection and routing marks set. I have hundreds of tcp connections in close state with high timeouts, but closed connections should timeout in 10 seconds. 12 S tcp 192.168.222.193:1102 84.121.51.6:4662 clo...
by LatinSuD
Wed Jan 18, 2006 1:17 pm
Forum: General
Topic: Unsetting mac-address
Replies: 2
Views: 1532

It's not worth, we'd need to rent a crane to access it.

It works, but just if we could...
by LatinSuD
Wed Jan 18, 2006 12:36 pm
Forum: General
Topic: Unsetting mac-address
Replies: 2
Views: 1532

Unsetting mac-address

Hi, this time we tried manually setting mac-address for an interface for a test and now we don't know how to unset it, we don't either remember original mac address of our router (RB200).

Is there a way of unsetting /interface mac-address value to standard value?

Thanks
by LatinSuD
Wed Jan 18, 2006 12:30 pm
Forum: General
Topic: DHCP-client problems
Replies: 0
Views: 1018

DHCP-client problems

Hi, we are having some problems with dhcp-client. We're using mt 2.9.9 to 2.9.11 and Winbox for these operations: * Issue 1: Disabling and enabling dhcp-client instance does not work, the client remains in "searching..." status forever (or at least for a big while). * Issue 2: If we add a ...
by LatinSuD
Tue Dec 20, 2005 1:39 pm
Forum: General
Topic: Mark routing locally generated traffic (like web-proxy)
Replies: 8
Views: 6049

Yeah

I also tried output, as suggested by that and neither worked.
I still send packets from default gateway insted of marked one.
by LatinSuD
Tue Dec 20, 2005 1:35 pm
Forum: General
Topic: HTTP Traffic question
Replies: 6
Views: 2381

Moreover

How do you distinguish from a user downloading a 1MB image from a user downloading 1MB applications?

You may define bursts or complicated count-limit rules, but that would mainly apply to connections, not users.

What if a users is downloading a file while browsing?
by LatinSuD
Tue Dec 20, 2005 1:24 pm
Forum: General
Topic: Feature Request: Conformation on disabling interfaces
Replies: 10
Views: 4906

Locking accidental keyboard changes

My problem is that you can delete and disable rules just by pressing one key in Winbox. If you accidentally press a wrong key on the wrong place you may break something important.

What about an option to disable/enable hotkeys in winbox ?
by LatinSuD
Tue Dec 20, 2005 12:49 pm
Forum: General
Topic: Mark routing locally generated traffic (like web-proxy)
Replies: 8
Views: 6049

Mikrotik 2.9.7 and 2.9.8 with masquerade, hotspot, queue trees and much more. I hope there's nothing wrong on those things. I have tried something like this: /ip firewall mangle add chain=prerouting dst-address=80.80.80.80 action=mark-routing routing-mark=r2 Then have a default route assigned by dhc...
by LatinSuD
Mon Dec 19, 2005 10:56 pm
Forum: General
Topic: Mark routing locally generated traffic (like web-proxy)
Replies: 8
Views: 6049

Mark routing locally generated traffic (like web-proxy)

We're trying to do some policy routing on our lines. We can distinguish traffic by port easy and mark routing of packets, that works quite well. But we are having problems in marking web traffic, like it ignores all routing marks. We are using caching web-proxy, so packets are auctally generated ins...
by LatinSuD
Mon Dec 19, 2005 10:12 pm
Forum: General
Topic: ECMP on dynamic interfaces
Replies: 1
Views: 1749

ECMP on dynamic interfaces

We're trying Equal Cost Multi-Path routing on 2 Dsl lines. One of them has static address and the second one has a dynamic PPPoE address. If we wanted to do ECMP we'd need to create a single rule with both gateways. Eg: /ip add dst-address=0.0.0.0/0 gateway=80.80.80.1,70.70.70.1 scope=255 target-sco...
by LatinSuD
Wed Nov 16, 2005 7:20 pm
Forum: General
Topic: Emule upload vs download
Replies: 16
Views: 5163

Emule upload vs download

Hi, i've been trying to limit p2p with queue trees and i found something curious. Download is unlimited. When i limit upload to 200k download rate goes about 200k. When i limit upload to 100k download rate goes about 90k. When i limit upload to 10k download rate goes about 0k. So theres an almost im...
by LatinSuD
Sun Nov 13, 2005 2:58 pm
Forum: General
Topic: P2P Blocking not working at all, and many other things
Replies: 35
Views: 10654

Or go to ip/Firewall/Connections and kill-em-all (easy using winbox)...

Count on that there are not only many p2p protocols, but also every p2p application can be easily configured to use non-standard ports, so matching by port number is not very useful.
by LatinSuD
Thu Oct 20, 2005 11:36 am
Forum: General
Topic: Web & graphs suggestion.
Replies: 1
Views: 2585

Web & graphs suggestion.

We have several mt routers installed and it would be very nice if Identity or name of the router was displayed in all pages as title or whatever.
by LatinSuD
Wed Oct 19, 2005 9:31 pm
Forum: General
Topic: Policy based routing for p2p
Replies: 1
Views: 1120

Policy based routing for p2p

I have a setup with 2 internet gateways (with 2 public addresses) and several users. We initially thought to send p2p traffic to one gateway and rest of traffic to the other. So we tried to set it up and... ouch, we realized that it was not possible as p2p classifier would match p2p packets after co...
by LatinSuD
Wed Oct 19, 2005 7:01 pm
Forum: General
Topic: Update file list in winbox
Replies: 2
Views: 4458

thanks, actually it seems to work fine now anyway :)
by LatinSuD
Wed Oct 19, 2005 1:19 pm
Forum: General
Topic: Update file list in winbox
Replies: 2
Views: 4458

Update file list in winbox

When i upload files by drag&drop to file section in winbox they do not appear there but they are successfully uploaded.

I can see them in console (/ip file print), but not on winbox until i close and open winbox again.

Could files be shown?
by LatinSuD
Tue Oct 18, 2005 8:40 pm
Forum: General
Topic: P2P Blocking not working at all, and many other things
Replies: 35
Views: 10654

Sure all traffic is going through mt?

Have you seen counters increase for the rule? (/ip firewall filter print forward stats)
by LatinSuD
Thu Oct 06, 2005 3:39 pm
Forum: General
Topic: Bypassed hosts not always bypass?
Replies: 2
Views: 1239

I think i quite have the problem. This is our configuration: Mikrotik hotspot 2.9.5 --(ethernet)-- Proxim AP700 ----(wds) ---- mikrotik wifi 2.8rc6 ---(wifi)---- client The problem occurs eventually for clients of mikrotik after some seconds, they dont respond to pings. To make them work again i mus...
by LatinSuD
Wed Oct 05, 2005 2:23 pm
Forum: Wireless Networking
Topic: 129 Km Link
Replies: 26
Views: 12036

Where are you from? It has worked for you?

admin note: english only please
by LatinSuD
Wed Oct 05, 2005 11:07 am
Forum: General
Topic: Graph feature suggestion
Replies: 4
Views: 4077

Graph feature suggestion

It would be great if web graphs could have password protection.
Ok, you can access most graphs from webbox, but it would be nice if you could also access "queue graphs" from there.
by LatinSuD
Tue Oct 04, 2005 9:04 pm
Forum: General
Topic: Bypassed hosts not always bypass?
Replies: 2
Views: 1239

ok, no clues
by LatinSuD
Tue Oct 04, 2005 8:22 pm
Forum: General
Topic: Bypassed hosts not always bypass?
Replies: 2
Views: 1239

Bypassed hosts not always bypass?

I have mt 2.9.5 and a hotspot setup on ip address 192.168.222.1. I also have configured address 192.168.0.1 on same interface and several ap on 192.168.0.0/24. I have a hotspot bypass rule for 192.168.0.0/24 so i can ping them. Eventually some of the ap would stop responding to ping, until i remove ...
by LatinSuD
Mon Sep 26, 2005 2:33 pm
Forum: General
Topic: Mac telnet client
Replies: 2
Views: 4989

Oh, thanks, i missed that one (and runs on wine, with just a slight font problem).
by LatinSuD
Fri Sep 23, 2005 10:21 pm
Forum: General
Topic: Mac telnet client
Replies: 2
Views: 4989

Mac telnet client

Is it planned to release a standalone mac-telnet client for either linux or windows, or release the specs?
by LatinSuD
Tue Sep 20, 2005 8:31 pm
Forum: General
Topic: how to log visited urls on transparent web-proxy?
Replies: 5
Views: 3138

I have the same question, if i set HOTSPOT TRANSPARENT-PROXY and WEB-PROXY together all requests seem to be from 127.0.0.1. Example: Sep 20 19:15:10 192.168.1.1 web-proxy,debug,packet 1127236573.254 57 127.0.0.1 TCP_HIT/200 204794 GET http://latinsud.com/360a.jpg - NONE/- image/jpeg Disabling hotspo...
by LatinSuD
Thu Sep 15, 2005 11:03 pm
Forum: General
Topic: Static IP'd devices behind a Hotspot interface
Replies: 5
Views: 3751

Actually there was also an issue with multi-addressed interfaces, arp and hotspot that i discovered today and... wow! today the released 2.9.2 that fixes it! Did you read my mind?
by LatinSuD
Thu Sep 15, 2005 3:57 pm
Forum: General
Topic: Winbox queue statistics update slow
Replies: 1
Views: 1158

Winbox queue statistics update slow

Looks like from v2.9 of MT queues stats in winbox update slow and give a kind of average value of the last seconds instead of, as previous versions, give instant values.

Is this a bug or a feature? :wink:
by LatinSuD
Thu Sep 15, 2005 3:55 pm
Forum: General
Topic: Tx & Rx confusion
Replies: 2
Views: 3397

Tx & Rx confusion

I've been managing mikrotik's hotspot, ppp and queues rates for a while and i tend to mistake by swapping tx and rx values. First, the semantics are not well explained in the docs, so it would be ok to put an example or explain that "tx" does not mean "user upload" but tx from th...
by LatinSuD
Thu Jul 14, 2005 2:04 pm
Forum: General
Topic: incoming(outgoing)-filter for PPPoE traffic
Replies: 1
Views: 1691

Tricky

I'm not sure if it is possible to have PPPoE and direct-DHCP on the same subnet. Afaik PPPoE defines a new interface for each connection so you end having same subnet in 2 different interfaces, which usually doesn't work (but bridging). If you use different subnets and pools hosts will still be able...
by LatinSuD
Thu Jul 14, 2005 1:56 pm
Forum: General
Topic: how to shift session in hotspot?
Replies: 1
Views: 1093

how to shift session in hotspot?

I have hotspot where a user may access through different hosts and there can only be 1 shared sessions per user. The problem comes when a user logs in a pc, then goes to a different pc without closing his/her session, and cannot log in anymore (until first pc is off or logged out), the hotspot tells...
by LatinSuD
Thu Jul 14, 2005 12:19 pm
Forum: General
Topic: Mikrotik Hotspot Manager [beta]
Replies: 44
Views: 26613

PPP

Does it support PPP(oE) ?
by LatinSuD
Mon Jul 04, 2005 9:50 pm
Forum: The Dude
Topic: Wine compatibility?
Replies: 12
Views: 5822

Wine compatibility?

Could it be made to work under wine?

Or else, is there a similar tool for linux, that allows to place hosts on the screen and watch ther alive status?

Thanks
by LatinSuD
Thu Jun 30, 2005 6:30 pm
Forum: General
Topic: Problem with multipath routing & load balance addresses
Replies: 3
Views: 1790

Problem with multipath routing & load balance addresses

Hi, i was testing multipath routing (for load balancing over 2 isp) and found a problem. In my simulation environment i used a couple of conceptronic routers to use as gateways. I also have masqueraded hotspot users (and freeradius+mysql but that's another story). Network figure Masqueraded hosts wo...