Community discussions

Search found 66 matches

by NumLock
Thu Aug 16, 2018 6:02 pm
Forum: General
Topic: FastNetMon Integration with MikroTik (DDoS detection software)
Replies: 38
Views: 12977

Re: FastNetMon Integration with MikroTik (DDoS detection software)

if ( $argc <= 4 ) { $msg .= "MikroTik's API Integration for FastNetMon - Ver: " . _VER . "\n"; $msg .= "missing arguments"; $msg .= "php fastnetmon_mikrotik.php [IP] [data_direction] [pps_as_string] [action] \n"; < ------------------Script stop working in this line echo $msg; exit( 1 ); } Any idea?
by NumLock
Thu Aug 09, 2018 5:20 pm
Forum: General
Topic: FastNetMon Integration with MikroTik (DDoS detection software)
Replies: 38
Views: 12977

Re: FastNetMon Integration with MikroTik (DDoS detection software)

Hi any help to make the php script running will be appreciated
by NumLock
Wed Jul 25, 2018 9:06 pm
Forum: General
Topic: FastNetMon Integration with MikroTik (DDoS detection software)
Replies: 38
Views: 12977

Re: FastNetMon Integration with MikroTik (DDoS detection software)

On the file "fastnetmon_mikrotik.php" line 51 has those argument
$msg .= "php fastnetmon_mikrotik.php [IP] [data_direction] [pps_as_string] [action] \n";

but I still get the same error
by NumLock
Wed Jul 25, 2018 4:39 pm
Forum: General
Topic: FastNetMon Integration with MikroTik (DDoS detection software)
Replies: 38
Views: 12977

Re: FastNetMon Integration with MikroTik (DDoS detection software)

Hi I just try to run ./notify_about_attack.sh and I get the fallowing error on "fastnetmon_mikrotik.php";

MikroTik's API Integration for FastNetMon - Ver: 1.0
missing argumentsphp fastnetmon_mikrotik.php [IP] [data_direction] [pps_as_string] [action]


Any idea?
by NumLock
Wed Sep 03, 2014 7:07 pm
Forum: General
Topic: Is this a legitimate Mikrotik reseller?
Replies: 1
Views: 648

Re: Is this a legitimate Mikrotik reseller?

Yes I buy from them.
by NumLock
Tue Apr 22, 2014 7:52 pm
Forum: General
Topic: P2P Limit ROS 6.12
Replies: 1
Views: 697

P2P Limit ROS 6.12

Hi I like to share and get some feedback, I deploy the following configuration to limit P2P connection I need to make sure is this should be work properly if not I really appreciate if point me to right direction. Mark P2P Mangle: /ip firewall mangle add action=mark-connection chain=prerouting conne...
by NumLock
Wed Feb 26, 2014 3:31 pm
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 112
Views: 63047

Re: DDoS story, or WARNING: use 'conection-limit' with cauti

Is there way to make the rule less sensitive? Yesterday I browse on my web server and my Firefox hangs and retry to many times and I flag as a ddoser.

Thanks!
by NumLock
Tue Feb 25, 2014 6:55 pm
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 112
Views: 63047

Re: DDoS story, or WARNING: use 'conection-limit' with cauti

/ip firewall filter add action=jump chain=forward comment=Detect-Ddos connection-state=new \ disabled=no in-interface=ether1 jump-target=detect-ddos add action=return chain=detect-ddos comment=Detect-Ddos disabled=no \ dst-limit=32,32,src-and-dst-addresses/10s add action=return chain=detect-ddos com...
by NumLock
Fri Feb 21, 2014 5:46 pm
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 112
Views: 63047

Re: DDoS story, or WARNING: use 'conection-limit' with cauti

Thanks this help a lot. Over 20,000 IP has been ban. Last configuration work so far so good: /ip firewall filter add action=jump chain=forward comment=Detect-Ddos connection-state=new \ disabled=no in-interface=ether1 jump-target=detect-ddos add action=return chain=detect-ddos comment=Detect-Ddos di...
by NumLock
Wed Feb 19, 2014 10:19 pm
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 112
Views: 63047

Re: DDoS story, or WARNING: use 'conection-limit' with cauti

Like this: ? /ip firewall filter add action=jump chain=forward comment=Detect-Ddos connection-state=new \ disabled=no in-interface=ether1 jump-target=detect-ddos add action=return chain=detect-ddos comment=Detect-Ddos disabled=no \ dst-limit=32,32,src-and-dst-addresses/10s add action=add-dst-to-addr...
by NumLock
Wed Feb 19, 2014 3:28 pm
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 112
Views: 63047

Re: DDoS story, or WARNING: use 'conection-limit' with cauti

This help a lot to prevent attackers eat my bandwidth fist attack was 100mbps on icmp and UDP (17) and hang my MK. The rule works properly but after few hours to deploy customer was unable to browse or access to the internet I just add in-interface=ether1 (My ether1 is the wan interface) and problem...
by NumLock
Wed May 22, 2013 10:40 pm
Forum: RouterBOARD hardware
Topic: support DL360
Replies: 5
Views: 1314

Re: support DL360

Try to install from Serial ATA CD/DVD ROM then will work.
by NumLock
Thu Jan 24, 2013 4:56 pm
Forum: General
Topic: PCI-DSS/Security Risk Assessment/Gap Analysis
Replies: 4
Views: 1920

Re: PCI-DSS/Security Risk Assessment/Gap Analysis

Why not put some firewall behind the server you need PCI-DSS compliance.
by NumLock
Fri Oct 26, 2012 10:25 pm
Forum: General
Topic: Why can not work Down Router Board 1100 e version 4.17
Replies: 3
Views: 498

Re: Why can not work Down Router Board 1100 e version 4.17

Upload the files with winbox then open the terminal and put this command
system package downgrade
Then reboot the unit, please by patience to unit downgrade the OS.

regards,
by NumLock
Thu Oct 18, 2012 10:27 pm
Forum: General
Topic: 5.21 released
Replies: 78
Views: 19024

Re: 5.21 released

Upgrade from 5.20 to 5.21 to Edge Router very stable no issues.
by NumLock
Wed Oct 10, 2012 11:35 pm
Forum: Beginner Basics
Topic: How to remote desktop via Mikroktik
Replies: 3
Views: 1281

Re: How to remote desktop via Mikroktik

ip firewall nat add chain=dstnat action=dst-nat to-addresses=xx.xx.xx.xx(Internal IP Host) to-ports=3389 protocol=tcp dst-address=xx.xx.xx.xx(MK Public Address) dst-port=3389
by NumLock
Mon Jul 30, 2012 5:45 pm
Forum: Wireless Networking
Topic: Anyone solved Tranzeo problems?
Replies: 2
Views: 1294

Re: Anyone solved Tranzeo problems?

The best way to use Tranzeo CPE is using Tranzeo AP. I use TR-6600 for AP and TR-SL2, no issues.
by NumLock
Thu Jul 12, 2012 10:44 pm
Forum: General
Topic: CPU usage
Replies: 4
Views: 1049

Re: CPU usage

Do you enable web proxy? If yes, make sure you block access from internet.
by NumLock
Wed May 16, 2012 9:20 pm
Forum: General
Topic: VPN Help
Replies: 2
Views: 465

Re: VPN Help

I try net map not work :(
by NumLock
Wed May 16, 2012 7:29 pm
Forum: General
Topic: VPN Help
Replies: 2
Views: 465

VPN Help

I have a pool of IP 172.16.251.0/24 without NAT those IP source has access for a particular firewall. Currently I have a few users doing VPN with the following: Customer1 Remote IP 172.16.251.2 Customer2 Remote IP 172.16.251.3 Customer3 Remote IP 172.16.251.4 Now I need to assign 172.16.251.5 with I...
by NumLock
Wed Apr 25, 2012 2:28 am
Forum: General
Topic: Bridge two interface to increase speed
Replies: 5
Views: 939

Re: Bridge two interface to increase speed

btest.exe (Windows Speed Test) balance-rr interface bonding print Flags: X - disabled, R - running 0 R name="bonding1" mtu=1500 mac-address=00:0D:B9:21:4A:90 arp=enabled slaves=ether1,ether2 mode=balance-rr primary=none link-monitoring=none arp-interval=100ms arp-ip-targets="" mii-interval=100ms dow...
by NumLock
Wed Apr 25, 2012 12:05 am
Forum: General
Topic: Bridge two interface to increase speed
Replies: 5
Views: 939

Re: Bridge two interface to increase speed

Thanks for quick respond. I tested on first with single interface 92Mbps and then tested with Bonding ether1,ether2 and just get me only 129Mbps.

Should be double speed?
by NumLock
Tue Apr 24, 2012 10:54 pm
Forum: General
Topic: Bridge two interface to increase speed
Replies: 5
Views: 939

Bridge two interface to increase speed

Hi I like to bridge two interface to increase speed.
by NumLock
Tue Nov 02, 2010 9:05 pm
Forum: General
Topic: Help with P2P
Replies: 6
Views: 1035

Re: Help with P2P

The P2P is red but the speed is not limit :(
BitTorrent.PNG
P2P-TEST.PNG
by NumLock
Tue Nov 02, 2010 8:26 pm
Forum: General
Topic: Help with P2P
Replies: 6
Views: 1035

Re: Help with P2P

How do I know if is encrypting traffic?
by NumLock
Tue Nov 02, 2010 5:52 pm
Forum: General
Topic: Help with P2P
Replies: 6
Views: 1035

Help with P2P

I have 192.168.7.0/24 NAT network and I want to limit all P2P. I try this /queue simple add burst-limit=64k/64k burst-threshold=64k/64k burst-time=1m/1m comment="" \ direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\ 64k/64k max-limit=64k/64k name="Limit P2P Download" p2p=all-...
by NumLock
Wed Jul 21, 2010 9:28 pm
Forum: General
Topic: Mikrotik PPTP Server Port
Replies: 0
Views: 507

Mikrotik PPTP Server Port

Can I change de listen port (1723) for other port? For example port 2000/
by NumLock
Tue Jun 29, 2010 9:15 pm
Forum: General
Topic: MikroTik RouterOS version 5.0beta3 released!
Replies: 91
Views: 30755

Re: MikroTik RouterOS version 5.0beta3 released!

RIP feature is not available in beta 5.0 beta3?
by NumLock
Mon Dec 21, 2009 4:23 pm
Forum: General
Topic: PPPoE Radius Download 4GB
Replies: 5
Views: 725

Re: PPPoE Radius Download 4GB

I see that option on Radius GUI setting.
I use “Radius Manager” the core is FreeRadius.

But I contact the vendor and he say if I use “Radius Disconnection method” require more resources on the radius server.


I need a heavy server to run FreeRadius?

I have AMD Dual core with 4GB of RAM.
by NumLock
Mon Dec 21, 2009 1:57 pm
Forum: General
Topic: PPPoE Radius Download 4GB
Replies: 5
Views: 725

Re: PPPoE Radius Download 4GB

Thanks for quick respond!


What Disconnection method you use?

Radius or NAS?
by NumLock
Sun Dec 20, 2009 2:35 am
Forum: General
Topic: PPPoE Radius Download 4GB
Replies: 5
Views: 725

PPPoE Radius Download 4GB

Hi I use Radius with Mikrotik but when user downloads more than 4GB the connection reset.
So the user lost some GB.
I check the profile he has 150GB download and 200GB Upload.
How can I fix that?
by NumLock
Tue Oct 20, 2009 1:45 am
Forum: General
Topic: Help! PPPoE with Limit Access with webproxy
Replies: 10
Views: 2164

Re: Help! PPPoE with Limit Access with webproxy

you cannot use transparent proxying for https

I think, you should just get IP addresses of paypal servers, allow port 443 to there addresses and then block all the rest. all in firewall filter, w/o webproxy

how?

Will redirect to paypal like proxy?
by NumLock
Tue Oct 20, 2009 1:42 am
Forum: General
Topic: Help! PPPoE with Limit Access with webproxy
Replies: 10
Views: 2164

Re: Help! PPPoE with Limit Access with webproxy

allow only to paypal and my web site.
by NumLock
Mon Oct 19, 2009 9:33 pm
Forum: General
Topic: Help! PPPoE with Limit Access with webproxy
Replies: 10
Views: 2164

Re: Help! PPPoE with Limit Access with webproxy

Hi Chupaka

I have RoutersOS 3.22 is safe to upgrade to 4.1?

In my setup the proxy wil work only for the 10.80.40.0/24 or all ip will use this proxy?

I just want proxy for the IP pool 10.80.40.0/24


sorry I am newbie
by NumLock
Mon Oct 19, 2009 4:56 pm
Forum: General
Topic: Help! PPPoE with Limit Access with webproxy
Replies: 10
Views: 2164

Re: Help! PPPoE with Limit Access with webproxy

Thanks for help me and respond.
It’s reliable to make this implementation or there other way to make that.


Its working but I don’t have any experience with web proxy on Mikrotik.

The others IP pools work with out problems for those rules.


Please advice.

Thanks! Thanks! Thanks! Thanks! :) :)
by NumLock
Mon Oct 19, 2009 4:17 am
Forum: General
Topic: Help! PPPoE with Limit Access with webproxy
Replies: 10
Views: 2164

Re: Help! PPPoE with Limit Access with webproxy

?????????????
????????????
???????????
??????????
?????????
????????
???????
??????
????
??
?
by NumLock
Sat Oct 17, 2009 10:32 pm
Forum: General
Topic: Help! PPPoE with Limit Access with webproxy
Replies: 10
Views: 2164

Re: Help! PPPoE with Limit Access with webproxy

Firewall Filter
/ip firewall filter
add action=drop chain=input comment="" disabled=no dst-port=8080 \
    in-interface=ether1 protocol=tcp src-address=10.80.40.0/24

For some reason I have to block the most popular web site for port 443 and skype still work.


Help please I almost done
by NumLock
Sat Oct 17, 2009 10:30 pm
Forum: General
Topic: Help! PPPoE with Limit Access with webproxy
Replies: 10
Views: 2164

Re: Help! PPPoE with Limit Access with webproxy

I have this setup and block the IP pool that I want. But the port 443 is open and the client can access any page with https: enabled: yes src-address: 10.80.40.0 port: 8080 parent-proxy: 0.0.0.0 parent-proxy-port: 0 cache-administrator: "webmaster" max-cache-size: none cache-on-disk: no max-client-c...
by NumLock
Sat Oct 17, 2009 12:11 am
Forum: General
Topic: Help! PPPoE with Limit Access with webproxy
Replies: 10
Views: 2164

Help! PPPoE with Limit Access with webproxy

Hi I need some help. I need to make limit access for PPPoE.

PPPoE clients pool IP is 10.80.40.0/24

I want limit access only to some web site for example:

www.paypal.com


Any help I will appreciate.


Thanks!
by NumLock
Fri Sep 18, 2009 1:33 am
Forum: Beginner Basics
Topic: HELP HOTSPOT Assign Public IP
Replies: 9
Views: 1948

Re: HELP HOTSPOT Assign Public IP

3.22
by NumLock
Thu Sep 17, 2009 10:26 pm
Forum: Beginner Basics
Topic: HELP HOTSPOT Assign Public IP
Replies: 9
Views: 1948

Re: HELP HOTSPOT Assign Public IP

No working I try but not work :(
by NumLock
Wed Jul 01, 2009 7:25 pm
Forum: Beginner Basics
Topic: HELP HOTSPOT Assign Public IP
Replies: 9
Views: 1948

Re: HELP HOTSPOT Assign Public IP

And not work :( :(
by NumLock
Wed Jul 01, 2009 7:24 pm
Forum: Beginner Basics
Topic: HELP HOTSPOT Assign Public IP
Replies: 9
Views: 1948

Re: HELP HOTSPOT Assign Public IP

I just try this using my example: /ip address add address=192.168.8.10/24 interface=ether1 /ip firewall nat add chain=dstnat dst-address=192.168.8.10 action=dst-nat \ to-addresses=10.66.41.41 /ip firewall nat add chain=srcnat src-address=10.66.41.41 action=src-nat \ to-addresses=192.168.8.10
by NumLock
Wed Jun 24, 2009 4:50 pm
Forum: General
Topic: HOTSPOT BUG
Replies: 3
Views: 589

Re: HOTSPOT BUG

There no option to fix that or make workaround to handle this issue?
by NumLock
Tue Jun 23, 2009 4:51 pm
Forum: General
Topic: HOTSPOT BUG
Replies: 3
Views: 589

HOTSPOT BUG

Hi I made my hotspot with mikrotik 2 years ago. Now I found bug, for many months I search how cause this: userXX (IP) logged out: traffic limit reached The problem is the mikrotik has limit to 4.2 GB if the radius has unlimited download quota per day. Is possible to change that parameter? From 4.2 G...
by NumLock
Wed Jun 17, 2009 11:03 pm
Forum: Beginner Basics
Topic: HELP HOTSPOT Assign Public IP
Replies: 9
Views: 1948

Re: HELP HOTSPOT Assign Public IP

??????????????????
????????????????
??????????????
????????????
??????????
????????
??????
????
???
??
?
by NumLock
Wed Jun 17, 2009 7:20 pm
Forum: General
Topic: HP Proliant DL 360 G5
Replies: 12
Views: 3063

Re: HP Proliant DL 360 G5

I think will work but I think you will have limints in interface. Hp comes only with two Ethernet
by NumLock
Wed Jun 17, 2009 3:54 pm
Forum: Beginner Basics
Topic: HELP HOTSPOT Assign Public IP
Replies: 9
Views: 1948

HELP HOTSPOT Assign Public IP

Hi I build hotspot and I like to know how to assign public IP to X client. Public address 192.168.8.2/24 ether1(SAMPLE IP) Hotspot DHCP pool 10.66.40.1/23 ether2 For example I want to assign public IP 192.168.8.10 (SAMPLE IP) to hotspot address 10.66.41.41. All other hotspot address should be out wi...
by NumLock
Fri May 15, 2009 5:40 pm
Forum: Forwarding Protocols
Topic: TCP Keep alive
Replies: 1
Views: 1272

TCP Keep alive

Hi I like to know if Mikrotik router supports TCP Keep alive
by NumLock
Fri Apr 17, 2009 9:50 pm
Forum: Forwarding Protocols
Topic: Custom SSL Project
Replies: 6
Views: 2344

Re: Custom SSL Project

The host 192.168.8.15 only support SSL or clear TCP without SSL the host 192.168.8.15 is a Point of Sale Terminal.
by NumLock
Fri Apr 17, 2009 5:49 pm
Forum: Forwarding Protocols
Topic: Custom SSL Project
Replies: 6
Views: 2344

Re: Custom SSL Project

Thanks for respond you mean I can use ssl between 192.168.8.30 and 192.168.8.15 and PPTP tunnel to 10.1.32.28?

The communication between 192.168.8.30 and 192.168.8.15 must be ssl.

Thanks
by NumLock
Wed Apr 08, 2009 5:06 pm
Forum: Forwarding Protocols
Topic: Custom SSL Project
Replies: 6
Views: 2344

Re: Custom SSL Project

Ok when 192.168.8.X hit the host 192.168.8.30 port the host 192.168.8.X waits for respond. But I need to connect all traffic from 10.1.32.28 to host 192.168.8.30 to communicate host 192.168.8.X to 10.1.32.28 using the host 192.168.8.30 as SSL GATEWAY.

Any idea how to do that or any work around?
by NumLock
Wed Apr 08, 2009 5:16 am
Forum: Forwarding Protocols
Topic: Custom SSL Project
Replies: 6
Views: 2344

Re: Custom SSL Project

can I do dat with reverse proxy?
by NumLock
Wed Apr 08, 2009 12:01 am
Forum: Forwarding Protocols
Topic: Custom SSL Project
Replies: 6
Views: 2344

Custom SSL Project

Hi I have the following configuration: ction=dst-nat chain=dstnat comment="" disabled=yes dst-address=\ 192.168.8.30 dst-port=443 protocol=tcp to-addresses=10.1.32.28 to-ports=\ 2004 I like to communicate with 192.168.8.30 with encrypted data and forward to dst-nat host 10.1.32.28 with port 2004 une...
by NumLock
Sun Jun 29, 2008 9:13 pm
Forum: Wireless Networking
Topic: Sector Antennas Best Practices
Replies: 96
Views: 23680

Re: Sector Antennas Best Practices

Well the problem is we spend on 4 90 sector antennas. If they wont work why still sell those antennas GRR! any solution to me? If use use a WISP designed product, you can reuse channels as you want... This is completly doable with Motorola Canopy.. ahora esquivo! jeje que viva el chimichurri!!! y l...
by NumLock
Thu Jun 26, 2008 3:02 am
Forum: Wireless Networking
Topic: Sector Antennas Best Practices
Replies: 96
Views: 23680

Re: Sector Antennas Best Practices

Well they will disconnect and recconect to stronger signal. I guess there is no way to avoid that.
That is the case of my setup... if I put 1 AP and the other WDS no idea.
by NumLock
Wed Jun 25, 2008 6:16 pm
Forum: Wireless Networking
Topic: Sector Antennas Best Practices
Replies: 96
Views: 23680

Re: Sector Antennas Best Practices

Well I tested yesterday I just put all my AP with same SSID.

When users move around they always will connect to stronger signal.

When they switch to other AP will be a reconnection so it’s better if you have all AP on same network to avoid authentication problems.

Sorry my bad English...
by NumLock
Tue Jun 24, 2008 5:40 pm
Forum: Wireless Networking
Topic: Sector Antennas Best Practices
Replies: 96
Views: 23680

Re: Sector Antennas Best Practices

Why not simply put them all on Channel 1 and WDS them together? Create static WDS links between each interface and add them all to the same RTSP bridge. Give all of the wireless interfaces the same ssid. Basically your array will appear as one big antenna. If I use Same SSID not cause problems? BTW...
by NumLock
Tue Jun 24, 2008 1:59 pm
Forum: Wireless Networking
Topic: Sector Antennas Best Practices
Replies: 96
Views: 23680

Re: Sector Antennas Best Practices

I plan to use 90 Array antennas with following setup:

Sector front CH 11

Sector back CH 11

Left CH 6

Right CH 6



TOP Omni backup antenna CH 1
I just make test with this setting with no lost db I guess the antenna has good insulation
by NumLock
Mon Jun 16, 2008 7:06 am
Forum: Wireless Networking
Topic: Sector Antennas Best Practices
Replies: 96
Views: 23680

Re: Sector Antennas Best Practices

Well the problem is we spend on 4 90 sector antennas. If they wont work why still sell those antennas GRR! any solution to me?
by NumLock
Mon Jun 16, 2008 6:19 am
Forum: Wireless Networking
Topic: Sector Antennas Best Practices
Replies: 96
Views: 23680

Re: Sector Antennas Best Practices

So there no way to setup the site with 5 AP? or I should remove the omni from the top?

Assumes I remove the Omni from the top what is the best way to setup my current antennas.
by NumLock
Mon Jun 16, 2008 5:52 am
Forum: Wireless Networking
Topic: Sector Antennas Best Practices
Replies: 96
Views: 23680

Re: Sector Antennas Best Practices

This setup will be better? Please help
by NumLock
Mon Jun 16, 2008 4:58 am
Forum: Wireless Networking
Topic: Sector Antennas Best Practices
Replies: 96
Views: 23680

Re: Sector Antennas Best Practices

Thanks for quick respond do you have any suggestion with current setting?

For now we have the Omni antenna.

On this week we are going to turn on the array sector antennas.
by NumLock
Mon Jun 16, 2008 3:49 am
Forum: Wireless Networking
Topic: Sector Antennas Best Practices
Replies: 96
Views: 23680

Re: Sector Antennas Best Practices

I plan to use 90 Array antennas with following setup:

Sector front CH 11

Sector back CH 11

Left CH 6

Right CH 6



TOP Omni backup antenna CH 1