MikroTik

Gotmoh

Hi all. Becouse my users are generating too big processor load on main mt server i decided to use squid on debian linux machine. Small problem. It seems work ok with parent proxy enabled on mt. I was try use dst-nat forwarding all tcp 80port request to tcp port on squid proxy. One problem. Squid rec...

Gotmoh

I did upgrades on two routers. Some away from me and some high

. Previous both was 2.9.24. No problems with both routers.

Gotmoh

one small think. What if your customer change his ip? He will see web page with "pay your bill!", looks into his ip configuration and try add some numbers to his ip to continue surfing without pays bill. I mean then you must controll all ip in your network. Permitt "legal" ip and...

Gotmoh

Two thinks : 1. Maybe not all of your users using the same communication methods (as flashget download, p2p programs, p2m etc.) and it looks as queues works for almos all except few peoples. 2. Change one bad working queue and watch what will be isnt not much work i think so. (about changing lot of ...

Gotmoh

Im not sure. Im using, and discovering MT from 1,5 year. Using simple queues as you saw my example almost from begin (burst limit = max limit) Its working. Maybe burst limits are not required. I dont want try change this. Too many users in my network (about 600) and it will be too risky. Hope someon...

Gotmoh

As you wish. I dont see anything wrong with burst limits. My users never goes more than max queue limits

Gotmoh

too little information. Im using connection limit, p2p blocking and queue tree with services packet marking. All working fine. Im remember some problem with overloaded simple queues with old 2.8.26? mt version... Mabe its problem with lack of parameters in your queues? Did you try use burst limit pa...

Gotmoh

All my simple queues are as default type; pfifo at 10 packets. Its working from old 2.8.x Mt version up to today (2.9.24).

Gotmoh

Hi This is one from my simple queues : add name="User 257" target-addresses=192.168.4.209/32 \ dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 \ queue=default/default limit-at=32000/128000 max-limit=256000/512000 \ burst-limit=256000/768000 burst-threshold=128000/...

Gotmoh

i have 10 hours now but Normis shows whats up with connections. Track shows more than 5000 conn and second value 2mil it may be max counted connections for me. command ip fire conn print wit shows only first 2049 connections i think so...

Gotmoh

heh. i give up :/ enabled: yes tcp-syn-sent-timeout: 2m tcp-syn-received-timeout: 1m tcp-established-timeout: 10h tcp-fin-wait-timeout: 2m tcp-close-wait-timeout: 1m tcp-last-ack-timeout: 30s tcp-time-wait-timeout: 2m tcp-close-timeout: 10s udp-timeout: 30s udp-stream-timeout: 3m icmp-timeout: 30s g...

Gotmoh

sure: last few lines after command ip firewall connections print without-paging : 2041 SA udp 192.168.0.60:4672 66.180.205.52:4672 2m36s 2042 SA udp 192.168.0.60:4672 207.212.26.208:4672 2m58s 2043 SA tcp 192.168.9.56:4763 84.6.195.66:8757 established 9h12m20s 2044 SA tcp 192.168.9.5:1059 82.103.215...

Gotmoh

I explain little : Isnt only my single fact. 12/12 mbit link is my main gate, also I have secondary gate in my network. Normaly used for crazy p2p users (its DSL 512/2048). How many connections show ip fire conn print ? 2048. My friend using DSL on his network (DSL 640/8192) and told the same. 2048 ...

Gotmoh

hmmm. Isnt simple problem. I have 12/12 mbit internet connection. Even without all limitations (queues, connections) my link not go more then 6/6 mbit. Dont know how to do. Cut off link and save some money or looking how to change this conn limit (i think users cant use full internet link speed beco...

Gotmoh

Hi

I found something strange. I have wifi network with about 600 customers. Mikrotik (now 2.9.24) shows maximum 2049 total connections (for all clients). One time saw 2051. Not more. I was try disable all limits on my mt (conn limits, queues, proxy, p2p etc). Still max 2049 connections. How is it?

Gotmoh

Hi all.

Is that posible? How to read ping results to an ip address and using "if" command reset interface. I mean scenario when mikrotik ping IP address to remote location and when have no responce reseting interface connected to those location.

Gotmoh

How about your wireless customers? They are using access points to connect to your MT server? Most of AP by default blocking netbios and then you cant see shared microsoft resources, use remote desktop protocol etc.

Gotmoh

Friend, you should read the manual first before asking here. But, you can try using mac address protection: /ip firewall filter add src-mac-address=[client mac address] src-address=![client correct ip address] action=drop Isnt your rule will drops every ip except one pair MAC+IP ? I mean it will wo...

Gotmoh

Realy? It enables internal ftp server on MikroTik IMHO. You dont need this to use ftp inside your LAN.

Gotmoh, you're confusing this with /ip service, which
indeed controls services on the router itself.

--Tom

Me confusing? Or Mapik?

Gotmoh

I think this may help

/ip firewall service-port enable ftp

Realy? It enables internal ftp server on MikroTik IMHO. You dont need this to use ftp inside your LAN.

Gotmoh

Email sent to you Ramona.

Gotmoh

hi there. Im not sure. Youre wanna permitt only for those ports and drop everything other? Whase problem? I have similary configuration at my company. Users can only using on selected ports and all other are dropped. I using rules in firewall forward. Have few rules. Just all packets from specific v...

Gotmoh

Hi.

I have the same results. AMD 1.8, 1 GB Ram. Memory droping from 720 to 40 mb after 2-3 days. In another location have CELERON 2.6, 1 GB Ram. After 11 days uptime lost only 60 mb ram. Isnt "function" amd processor or motherboards problem?

Gotmoh

Isnt easier to use address list contains only valid-admins ip whos have rights to access to your routerboard?

Gotmoh

Hi Im using some different way to resolve this problem. Using two address list. One contains all valid user ip addresses, second exactly the same ips but all by default are disabled. In dst nat have two positions. First using address list with disabled ip redirect http requests to page with "pa...

Gotmoh

need pass packet on tcp port 8291 on external interface.

Gotmoh

You mean outlook with LDAP protocol to exchange server or Outlook Express with pop3/smtp ?

Gotmoh

I had broken one memory module at my mikrotik (2x512 MB DIMM). It was reboot few times a week, sometimes two-three times a day.

Gotmoh

How is it work? If i define simple queue with two or more target addresses it will share queue bandwith with those addresses or just multiple two or more queues for simple targets? example : add name="user1" \ target-addresses=172.16.0.1/32,172.16.0.2/32,172.16.0.3/32 \ dst-address=0.0.0.0...

Gotmoh

Strange. Im using publish rules for emule high id for my customers. Have about 60 dst-nat rules. All working fine (2.9.14 at this moment).

Gotmoh

Just block input icmp packets from sources. You can use address list to pass only from accepted places.

Gotmoh

ok. this is it. parent queue : add name="xxxxxxx Rafal 1" target-addresses=192.168.9.154/32 \ dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 \ queue=default/default limit-at=1000000/1000000 max-limit=1000000/1000000 \ burst-limit=1356000/1768000 burst-threshold=1...

Gotmoh

Hi all.

I created simple queue for an user. Then created another one as child for previous queue. Now parent and child counters doesnt show any activity (but when using torch I can see packet moves at this queues (both)). Was try use higher priority for child queue but dont work. Any ideas?

Gotmoh

Try controll connection limits for users. Every p2p program generates 100+ more connections and lot of conn try per minute.

Gotmoh

Hi All.

Have one small (maybe silly

) problem. How to remove empty address list from mt????

D.

Gotmoh

im using someting like this : add chain=forward in-interface="internal_bridge" protocol=tcp dst-port=0-80 \ tcp-flags=syn,!fin,!rst,!psh,!ack,!urg,!ece,!cwr connection-limit=15,32 \ action=drop comment="Connlimit" disabled=no add chain=forward in-interface="internal_bridge&q...

Gotmoh

I did remote upgrade to rc10 3 hours ago. Had some affraid (router is about 6 km away from me on roof 10floor bulding) but working fine. Processor have normal load (up to 60%).

Gotmoh

Hi I have the same problem.Moterboard with AMD processor and 100% utilisation. Few days ago did upgrade from 2.9 rc7 to rc9. Before all works ok, now after few hours always have 100% processor load. Working only telnet-ssh connection. The only way to resolve this problem is reboot router. Its AMD pr...

Search found 38 matches

external proxy without parent proxy on my MT. How to do?

Total connections limit?

Can I use results of ping in an script to reset interface?

Simple queue with multiple target addresses

simple queue small problem

Stupid question ? ;)