Community discussions

MikroTik App

Search found 50 matches

by SpaceCommander
Mon Jan 20, 2014 3:45 am
Forum: Beginner Basics
Topic: Dual WAN: how to send answer via the same WAN interface?
Replies: 3
Views: 1521

Re: Dual WAN: how to send answer via the same WAN interface?

Look at http://mum.mikrotik.com/presentations/US12/tomas.pdf If you read through that and can't get it to work I can try to write out the config for you. -Eric Okay, fixed firewall mangle settings are now here ("prerouting" changed to "input", as on Tomas slides 31,32): add action=mark-connection c...
by SpaceCommander
Mon Jan 20, 2014 3:29 am
Forum: Beginner Basics
Topic: Dual WAN: how to send answer via the same WAN interface?
Replies: 3
Views: 1521

Dual WAN: how to send answer via the same WAN interface?

There is RB951 with ROS 5.25 connected to 2 ISP's. How to send answers to external requests (icmp, ssh, winbox, ...) via the same WAN interface? Following does not work: /ip route add dst-addr=0.0.0.0/0 gateway=1.1.1.1 distance=10 routing-mark=route-isp1 add dst-addr=0.0.0.0/0 gateway=2.2.2.2 distan...
by SpaceCommander
Tue Nov 26, 2013 1:05 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1036979

Re: CLOUD CORE ROUTER

CCR1036-12G-4S Been fighting it most of today, one customer getting slammed with a DoS Packet attack, 150,000-250,000 pps, its enough to cause this CCR to overload to 100% cpu! When the attack stops the router drops to 5-10% cpu, when the attack starts back up, back to 100% cpu. This is on 6.0rc7, ...
by SpaceCommander
Tue Nov 26, 2013 12:58 am
Forum: Scripting
Topic: librouteros problem
Replies: 4
Views: 1936

Re: librouteros problem

Perhaps between 2010 and now, RouterOS changed something in the interfaces, while the "ros" executable is doing more than a simple print, and is thus not coping with the new changes... Try to use low(er) level commands, e.g. ./ros -u warn1ng 10.0.0.58 /interface/print Collectd correctly displays "e...
by SpaceCommander
Tue Nov 26, 2013 12:51 am
Forum: Scripting
Topic: librouteros problem
Replies: 4
Views: 1936

Re: librouteros problem

Works incorrectly with CCR + ROS 6.x
In collectd, SFP interfaces are not graphed at all.
DfComplex and Memory have strange values (3.5T free, 360G used)
All other graphs are empty.

Crossposted to http://forum.mikrotik.com/viewtopic.php ... 39#p397439
by SpaceCommander
Tue Nov 26, 2013 12:49 am
Forum: General
Topic: collectd plugin "RouterOS" on the horizon
Replies: 3
Views: 3739

Re: collectd plugin "RouterOS" on the horizon

Works incorrectly with CCR + ROS 6.x
SFP interfaces are not graphed at all.
DfComplex and Memory have strange values (3.5T free, 360G used)
All other graphs are empty.
Mey be related to http://forum.mikrotik.com/viewtopic.php?f=9&t=65227 ?
by SpaceCommander
Fri Sep 20, 2013 10:52 pm
Forum: General
Topic: Static DNS record does not suppress external one?
Replies: 8
Views: 1932

Re: Static DNS record does not suppress external one?

Hi, I tested it on my network & working fine. Please try to redirect all dns traffic to router itself. /ip firewall nat add action=redirect chain=dstnat disabled=no dst-port=53 protocol=udp src-address=192.168.88.0/24 to-ports=53 Hmmm... It is very-very strange, but after adding this rule all works...
by SpaceCommander
Fri Sep 20, 2013 10:26 pm
Forum: General
Topic: Static DNS record does not suppress external one?
Replies: 8
Views: 1932

Re: Static DNS record does not suppress external one?

Please provide your DNS configuration. Mikrotik Settings: [admin@MikroTik] > /ip dns ex # sep/20/2013 23:17:15 by RouterOS 5.25 # software id = N69E-277L # /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=4096 \ servers="" /ip dns static add address=192....
by SpaceCommander
Fri Sep 20, 2013 10:03 pm
Forum: General
Topic: Static DNS record does not suppress external one?
Replies: 8
Views: 1932

Re: Static DNS record does not suppress external one?

Hi,
Please check your work stations DNS entry. There should be only your router's IP.
Yes, it is so, of course.
by SpaceCommander
Fri Sep 20, 2013 9:56 pm
Forum: General
Topic: Static DNS record does not suppress external one?
Replies: 8
Views: 1932

Static DNS record does not suppress external one?

There is RouterOS 5.25, with DNS server enabled. All clients are confugured to use ROS DNS only. When "www.microsoft.com" is added to IP/DNS/Static as 10.20.30.40, nslookup on client workstations returns multiple values - 10.20.30.40 and external ones. How to suppress external DNS resolution for nam...
by SpaceCommander
Sat Mar 03, 2012 7:13 pm
Forum: General
Topic: Feature request: request port in builtin Winbox SSH client
Replies: 0
Views: 424

Feature request: request port in builtin Winbox SSH client

Built-in Telnet/SSH client in WinBox always uses standard 22/23 port for connections.
So it's impossible to connect to hosts where non-standard port is used, for example, 1022.
Can you add this field to connection window?

"/system ssh" in CLI allows that.
by SpaceCommander
Sat Mar 03, 2012 6:43 pm
Forum: General
Topic: PuTTY + PortForwarding + WinBox = Disconnect
Replies: 2
Views: 1315

Re: PuTTY + PortForwarding + WinBox = Disconnect

The problem is more common - it happens with any port forwarding to any host, not only 8291 to localhost.
For example, forwarding SSH or HTTP connection to another host is terminated with the same error.

Question to the ROS team:
Do you need additional diagnostic to approving this bug?
by SpaceCommander
Mon Feb 06, 2012 6:51 pm
Forum: General
Topic: PuTTY + PortForwarding + WinBox = Disconnect
Replies: 2
Views: 1315

PuTTY + PortForwarding + WinBox = Disconnect

There is PuTTY 0.61 and RB/750 with RouterOS 5.12. When PuTTY is connected to Linux-driven host, then redirecting port 8291 to ROS-driven neighbor (for example, 10.0.0.2:8291) works fine. But when PuTTY is connected directly to ROS box, then redirecting 8291 to 127.0.0.1:8291 causes PuTTY to disconn...
by SpaceCommander
Thu Aug 04, 2011 11:26 am
Forum: General
Topic: SNMP OID's are changed after upgrading from 4.x to 5.4?
Replies: 3
Views: 768

Re: SNMP OID's are changed after upgrading from 4.x to 5.4?

No, unfortunately it is not possible to change OID values.
Okay, but what is the goal of this change?
At now, we have many Mikrotik devices with RouterOS 3/4/5 monitored by Cacti.
It is a bit difficult to use different templates to monitor devices with different ROS versions.
by SpaceCommander
Wed Aug 03, 2011 6:41 pm
Forum: General
Topic: SNMP OID's are changed after upgrading from 4.x to 5.4?
Replies: 3
Views: 768

SNMP OID's are changed after upgrading from 4.x to 5.4?

After upgrading RouterOS from 4.x to 5.4, some OIDs are changed in the last digit: > /sys resource pr oid uptime: .1.3.6.1.2.1.1.3.0 total-hdd-space: .1.3.6.1.2.1.25.2.3.1.5.131073 used-hdd-space: .1.3.6.1.2.1.25.2.3.1.6.131073 total-memory: .1.3.6.1.2.1.25.2.3.1.5.65536 used-memory: .1.3.6.1.2.1.25...
by SpaceCommander
Thu Jul 14, 2011 6:14 am
Forum: General
Topic: ROS 5.4 SSH closes SSH connection immediately?!?
Replies: 4
Views: 1557

Re: ROS 5.4 SSH closes SSH connection immediately?!?

check if you have set public key for that user you are trying to authenticate with. Most probably, you do, and since 5.0rc2 it is not allowed to used password authentication if key is set, you have to use private key to authenticate. "/user ssh-keys print" on RouterBox is empty. $HOME/.ssh on works...
by SpaceCommander
Wed Jul 13, 2011 12:51 pm
Forum: General
Topic: ROS 5.4 SSH closes SSH connection immediately?!?
Replies: 4
Views: 1557

ROS 5.4 SSH closes SSH connection immediately?!?

There is RouterOS 5.4 on RB750G. Winbox connection is established normally, but all ssh attempts are closed immediately after password validation: ssh -p244 admin@10.10.10.3 admin@10.10.10.3's password: <<WrongPassword>> Permission denied, please try again. admin@10.10.10.3's password: <<ValidPasswo...
by SpaceCommander
Sat Jul 02, 2011 9:39 pm
Forum: General
Topic: Bug in setting of admin-mac in bridge
Replies: 1
Views: 963

Bug in setting of admin-mac in bridge

There is RB450G + ROS 5.4. Each VLAN on tagged port should have unique MAC. This is performed using bridges: /interface vlan add interface=ether1 vlan-id=11 name=vlan11 add interface=ether1 vlan-id=12 name=vlan12 /interface bridge add name=bridge11 admin-mac=00:16:3E:11:11:11 add name=bridge12 admin...
by SpaceCommander
Mon Jun 20, 2011 6:27 am
Forum: General
Topic: VLAN sub-if MAC
Replies: 7
Views: 940

Re: VLAN sub-if MAC

why would you want to change the MAC address in the first place? I have many ADSL modems working as bridges, each connected to untagged port on D-Link switch. RouterBox is connected to tagged port: N vlan's for N modems. By default, RouterBox MAC is the same in all vlan's == MAC of ether1-gateway. ...
by SpaceCommander
Mon Jun 20, 2011 5:57 am
Forum: General
Topic: VLAN sub-if MAC
Replies: 7
Views: 940

Re: VLAN sub-if MAC

Why would you want to, though?
For preventing performance slowdown at bridge layer.
"PPPoE over VLAN over Ethernet" should be a bit faster than ""PPPoE over Bridge over VLAN over Ethernet", is itn't?
by SpaceCommander
Mon Jun 20, 2011 5:24 am
Forum: General
Topic: VLAN sub-if MAC
Replies: 7
Views: 940

Re: VLAN sub-if MAC

How to change VLAN MAC without creating bridge as described in http://wiki.mikrotik.com/wiki/Change_MA ... _interface ?
Under pure Linux, this is performed simply by "/sbin/ip link set vlan10 address 00:11:22:33:44:55"
by SpaceCommander
Sat Jun 18, 2011 12:29 pm
Forum: General
Topic: "/ip traffic-flow interface=name" ignores outgoing traffic?
Replies: 0
Views: 517

"/ip traffic-flow interface=name" ignores outgoing traffic?

There is netflow configuration on RouterBox 5.4: /ip traffic-flow set active-flow-timeout=30m cache-entries=4k enabled=yes inactive-flow-timeout=15s interfaces=ether1-gateway /ip traffic-flow target add address=10.30.1.3:9996 disabled=no version=5 flow-print output on 10.30.1.3 host: srcIP dstIP pro...
by SpaceCommander
Sat Jun 18, 2011 11:00 am
Forum: General
Topic: How long time PCQ reserves bandwidth for substreams?
Replies: 0
Views: 570

How long time PCQ reserves bandwidth for substreams?

How long PCC reserves bandwidth for substreams after last user activity? There is a RouterBox 5.4 connected to external 30Mbit/s channel, shared using PCQ to bunch of masquerad'ed clients: /queue type add name="PCQ_download" kind=pcq pcq-rate=0 pcq-classifier=dst-address add name="PCQ_upload" kind=p...
by SpaceCommander
Thu Jun 16, 2011 11:45 pm
Forum: General
Topic: Traffic Flow: what is "local" interface?
Replies: 0
Views: 543

Traffic Flow: what is "local" interface?

What exactly means "local" in /IP/Traffic Flow/Settings/General/Interfaces list?
This is the only interface name that actually is not present in the /Interfaces list.
by SpaceCommander
Sun May 22, 2011 7:51 am
Forum: General
Topic: Is address-list lookup speed O(n) or O(1)?
Replies: 1
Views: 371

Is address-list lookup speed O(n) or O(1)?

There is an address-list containing many items.
Should I sort them for increase lookup performance, or lookup is order-independent?
In another words, is address-list checked linearly, using sorted tree or using hash keys?
by SpaceCommander
Tue Jul 20, 2010 12:44 pm
Forum: Scripting
Topic: Script to Reboot Routerboard
Replies: 16
Views: 38432

Re: Script to Reboot Routerboard

why does it hang up? it's not normal!
Yep, this is wonderful idea, but in real life our wifi channel hangs up every day
no, in real life, wifi channels don't hang up. you have a problem
Great. What to check at next hangup for diagnose? :roll:
by SpaceCommander
Tue Jul 20, 2010 1:02 am
Forum: Scripting
Topic: Script to Reboot Routerboard
Replies: 16
Views: 38432

Re: Script to Reboot Routerboard

reboot one of my routers daily at midnight Can I ask why ? They should not need rebooting. In Linux world, a reboot required = something broken, which should, and can be fixed. Yep, this is wonderful idea, but in real life our wifi channel hangs up every day and the only workaround solution found a...
by SpaceCommander
Sun Jul 18, 2010 9:24 am
Forum: Scripting
Topic: Script to Reboot Routerboard
Replies: 16
Views: 38432

Re: Script to Reboot Routerboard

There is a scheduler task for rebooting MT every 8 hours: /system scheduler add comment="Reboot every 8 hours" disabled=no interval=8h name=Reboot8 on-event=\ "/system reboot" policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive \ start-date=jul/16/2010 start-time=08:00:00 Is it ...
by SpaceCommander
Tue Jul 06, 2010 9:50 pm
Forum: General
Topic: SNMP - no response from internal IP
Replies: 1
Views: 957

SNMP - no response from internal IP

There is RB/750g, RouterOS 4.10, two IP interfaces: external (dhcp = 1.2.3.4/24) and internal (static = 5.6.7.8 ). RB is normally accessible (telnet, winbox, ping etc.) from external box 1.2.3.5/24 by both IP-addresses: 1.2.3.4 and 5.6.7.8. "snmpwalk -c public -v1 1.2.3.4" answers normally too. But ...
by SpaceCommander
Tue Jul 06, 2010 9:35 pm
Forum: RouterBOARD hardware
Topic: How to get ARPWatch on RB/750G?
Replies: 5
Views: 1991

Re: How to get ARPWatch on RB/750G?

What does not work for /ip arp? We cannot detect fast flip-flops happened between "/ip arp" pollings. ARPWatch detects these situations "on the fly". How could arp entry timeout modification help you? When timeout is too small, polling must be repeated too often. For example, at now, when we use "/...
by SpaceCommander
Tue Jun 15, 2010 7:28 pm
Forum: General
Topic: UDP activity does not create ARP records?
Replies: 15
Views: 1451

Re: UDP activity does not create ARP records?

hm... I wonder, what is dst-mac-address of the response packet?.. where does router sends it?..
How to check it? Using /ip tool sniffer + remote Wireshark?
I hope that dst-mac = MAC of layer3 switch, because it's the only way to deliver responses (except direct sending via vlan5, of course).
by SpaceCommander
Tue Jun 15, 2010 5:06 pm
Forum: General
Topic: UDP activity does not create ARP records?
Replies: 15
Views: 1451

Re: UDP activity does not create ARP records?

probably it's just implementation feature.
It's very strange... All other OS'es (Linux, FreeBSD, ...) works in another manner - send responses using shortest path.
by SpaceCommander
Mon Jun 14, 2010 10:41 pm
Forum: RouterBOARD hardware
Topic: How to get ARPWatch on RB/750G?
Replies: 5
Views: 1991

Re: How to get ARPWatch on RB/750G?

You are not able to launch custom application at MikroTik RotuerOS, perhaps it could be done by other OS, which could be installed by MetaROUTER. No, it doesn't works for me: http://forum.mikrotik.com/viewtopic.php?f=2&t=42498 MikroTik RouterOS provides you with /ip arp table, where you can see all...
by SpaceCommander
Mon Jun 14, 2010 10:36 pm
Forum: General
Topic: Mikrotik ARP -- Default Timeout
Replies: 4
Views: 2830

Re: Mikrotik ARP -- Default Timeout

Could you explain when it is necessary to increase timeout?
We need any replacement for arpwatch.
For example, do "/ip arp print" every N minutes and compare with previous output.

P.S. Of course, true arpwatch (for example, sending notifications via syslog) would by more better!!!
by SpaceCommander
Mon Jun 14, 2010 10:05 pm
Forum: General
Topic: UDP activity does not create ARP records?
Replies: 15
Views: 1451

Re: UDP activity does not create ARP records?

oh, you should use filter-address1=10.0.1.2/32:53 source port is not 53 Great! Changing filter1 to 10.0.5.5/32:0-65535 causes following results (after "nslookup r0.ru 10.0.1.2" on client): [admin@MikroTik] > /tool sniffer packet print # TIME INTERFACE SRC-ADDRESS 0 8.258 vlan1 10.0.5.5:3738 1 8.264...
by SpaceCommander
Mon Jun 14, 2010 6:02 pm
Forum: General
Topic: UDP activity does not create ARP records?
Replies: 15
Views: 1451

Re: UDP activity does not create ARP records?

isn't it possible that packet is sent back via vlan1? try to sniff on all interfaces to see exact path of the packet... Step 1. Configure sniffer on Mikrotik (vlan1:10.0.1.2/24, vlan5:10.0.5.2/24): /tool sniffer set file-limit=10 file-name="" filter-address1=10.0.5.5/32:53 filter-address2=\ 0.0.0.0...
by SpaceCommander
Mon Jun 14, 2010 1:52 am
Forum: General
Topic: RB750/g becomes inaccessible after loading openwrt
Replies: 1
Views: 1646

RB750/g becomes inaccessible after loading openwrt

There is RB/750g with RouterOS 4.10 Immediately after creating OpenWRT environment ( http://wiki.mikrotik.com/wiki/Metarouter ) routerboard had rebooted by watchdog, then become inaccessible: nmap displays open ports for www, ssh, telnet, winbox, but no answer on all of them. After resetting via res...
by SpaceCommander
Mon Jun 14, 2010 12:38 am
Forum: General
Topic: UDP activity does not create ARP records?
Replies: 15
Views: 1451

Re: UDP activity does not create ARP records?

May be this picture will clarify situation for you: (1) is the path of request from client to 10.0.1.2 via l3 switch. (2) should be a path of response. On my routerboard, (2) happens for TCP and ICMP, but not for UDP: on Mikrotik, ARP table for vlan5 still empty, packet sniffer on vlan5 displays not...
by SpaceCommander
Thu Jun 10, 2010 12:19 am
Forum: General
Topic: UDP activity does not create ARP records?
Replies: 15
Views: 1451

Re: UDP activity does not create ARP records?

Well, why the should be ARP about this client on 10.0.1.0 network?
MikroTik RouterOS should see 10.0.5.1 address/mac-address as 10.0.1.1 in ARP table, 10.0.5.1 is layer3 switch.
No, Mikrotik should see 10.0.5.5 on vlan5 interface, because sends answers directly from 10.0.5.2 (his IP in vlan5).
by SpaceCommander
Wed Jun 09, 2010 3:49 pm
Forum: General
Topic: UDP activity does not create ARP records?
Replies: 15
Views: 1451

Re: UDP activity does not create ARP records?

What is the default gateway for 10.0.5.5?
10.0.5.1 (this is layer3 switch having IP *.1/24 in each vlan).

Request path is 10.0.5.5 ==> 10.0.5.1=10.0.1.1 ==> 10.0.1.2
Response path must be 10.0.1.2=10.0.5.2 ==> 10.0.5.5
by SpaceCommander
Wed Jun 09, 2010 9:09 am
Forum: General
Topic: UDP activity does not create ARP records?
Replies: 15
Views: 1451

UDP activity does not create ARP records?

There is RB/750G with RouterOS 4.10. - vlan1 = 10.0.1.2/24 - vlan2 = 10.0.2.2/24 - ... - vlan9 = 10.0.9.2/24 - default gateway = 10.0.1.1 (this is main core Layer3 switch having .1 in all VLAN's) - route 10.0.0.0/8 via 10.0.1.1 (for interaction with some remote 10.* networks) Problem description: Wh...
by SpaceCommander
Wed Jun 09, 2010 8:36 am
Forum: General
Topic: Mikrotik ARP -- Default Timeout
Replies: 4
Views: 2830

Re: Mikrotik ARP -- Default Timeout

We are running MK v3.14 on our routers within the network.
It appears that the router is dropping ARP tables every 60-30 seconds.
Is there a way to set the timeout too 900 seconds like i can on a Cisco router?
Actual for me too.
Default timeout is very small!
by SpaceCommander
Fri Jun 04, 2010 3:34 am
Forum: RouterBOARD hardware
Topic: How to get ARPWatch on RB/750G?
Replies: 5
Views: 1991

How to get ARPWatch on RB/750G?

Is there any possibility to launch ARPWatch on RB/750G hardware using RouterOS, DD-WRT or Open-WRT?

It seems that answer is "NO":
1) RouterOS does not contain ARPWatch package,
2) RB750/G does not support OS replacement (no RS-232, FlashROM unpluggable).

Any ideas? :(
by SpaceCommander
Fri Jun 04, 2010 3:28 am
Forum: General
Topic: Arpwatch feature request in ROS to identify ARP spoofing
Replies: 5
Views: 2020

Re: Arpwatch feature request in ROS to identify ARP spoofing

ARPWatch is strongly needeed Mikrotik feature for our ISP network.
Where to vote???
by SpaceCommander
Tue May 04, 2010 12:43 am
Forum: General
Topic: How to intercept DNS requests to builtin server?
Replies: 7
Views: 2713

Re: How to intercept DNS requests to builtin server?

on bridge, settings try to enable 'use ip firewall'
Thank you very much! :D
The solution was:
/interface bridge settings set use-ip-firewall=yes
by SpaceCommander
Tue May 04, 2010 12:28 am
Forum: General
Topic: How to intercept DNS requests to builtin server?
Replies: 7
Views: 2713

Re: How to intercept DNS requests to builtin server?

I understood my problem: Mikrotik works as bridge, so layer3-firewall ignores transit packets.
Is it solvable?
Linux allows layer2 filtering using ebtables. Can Mikrotik do that?
by SpaceCommander
Tue May 04, 2010 12:18 am
Forum: General
Topic: How to intercept DNS requests to builtin server?
Replies: 7
Views: 2713

Re: How to intercept DNS requests to builtin server?

Who is IP 1.2.3.4? is it Router itself or another server attached to the router? 1.2.3.4 is IP-address of my external DNS server. If you are using action=redirect you can not use dst-address, it should be: I want to intercept DNS-requests to 1.2.3.4 only. For example, requests to Google 8.8.8.8 and...
by SpaceCommander
Mon May 03, 2010 7:44 pm
Forum: General
Topic: How to intercept DNS requests to builtin server?
Replies: 7
Views: 2713

How to intercept DNS requests to builtin server?

There is a Mikrotik box powered by RouterOS 3.10. DNS server is enabled and works fine (answers are added to "/ip dns cache print"). How to intercept forwarding DNS requests from clients 10.20.30.0/24 to server 1.2.3.4 and redirect them to builtin DNS? I tried so: > /ip firewall nat print Flags: X -...
by SpaceCommander
Tue Dec 30, 2008 8:08 pm
Forum: Wireless Networking
Topic: How to detect/change actual RX/TX speed for better quality?
Replies: 2
Views: 787

Re: How to detect/change actual RX/TX speed for better quality?

Which tx/rx speed are you talking about ?
Data transfer speed between two AP's.
by SpaceCommander
Fri Dec 26, 2008 3:46 am
Forum: Wireless Networking
Topic: How to detect/change actual RX/TX speed for better quality?
Replies: 2
Views: 787

How to detect/change actual RX/TX speed for better quality?

Hi!
There is following device:
- routerboard model: "411"
- current-firmware: "2.15"
- system software-id: "B0F9-LTT", nlevel 3
- system resource: MIPS 24K 300MHz, RAM 30MB
- wireless Atheros AR5413

How to detect RX/TX speed/quality and tune them for best via telnet CLI?