Community discussions

Search found 7734 matches

by fewi
Sat Feb 16, 2013 12:09 am
Forum: Scripting
Topic: download backup from other devices to mikrotik
Replies: 2
Views: 1422

Re: download backup from other devices to mikrotik

If the backup on the Ubiquiti device can be accessed via FTP or HTTP you can use "/tool fetch".
by fewi
Tue Dec 13, 2011 3:04 pm
Forum: Forwarding Protocols
Topic: IP no changeable but can online...
Replies: 3
Views: 910

Re: IP no changeable but can online...

The Hotspot also contains a more elegant method for this, universal NAT. Just configure an IP pool on the Hotspot itself. It'll be used to 1:1 NAT everyone to a valid IP address.
by fewi
Tue Dec 13, 2011 3:39 am
Forum: Beginner Basics
Topic: Mikrotik Firewall
Replies: 6
Views: 1234

Re: Mikrotik Firewall

As cbrown said: You can't. Basic TCP/IP: hosts on the same network talk directly. They don't go through the router. If the traffic isn't going through the router you can't block the traffic on the router.

You'd need switches with layer 2 security features that let you do what you need to do.
by fewi
Sat Dec 10, 2011 5:50 am
Forum: General
Topic: URL Filtering
Replies: 1
Views: 594

URL Filtering

Hardly. Manually, sort of. You don't want to classify all web sites on existence, that is hard work. Use something like OpenDNS for free filtering. Not great, but free.
by fewi
Sat Dec 10, 2011 5:48 am
Forum: Forwarding Protocols
Topic: OSPF disappearing default route in RouterOS v4/v5
Replies: 4
Views: 1128

OSPF disappearing default route in RouterOS v4/v5

I haven't seen any threads with a solution, just threads reporting the bug.

Open up an official case with support to get traction on it. Either everyone has it wrong and it's not a bug and support will set you straight, or it is a bug and every report with debug output helps fix it.
by fewi
Sat Dec 10, 2011 12:41 am
Forum: Forwarding Protocols
Topic: OSPF disappearing default route in RouterOS v4/v5
Replies: 4
Views: 1128

OSPF disappearing default route in RouterOS v4/v5

Search the forums, there's other threads for this.
by fewi
Fri Dec 09, 2011 2:06 pm
Forum: General
Topic: Forwarding a puplic IP to CPE
Replies: 5
Views: 923

Re: Forwarding a puplic IP to CPE

Of course. You would need to assign the IP via RADIUS, and in OSPF on the CPE facing router redistribute static IPs (possibly with a filter, though) into OSPF. The client dials up via PPPoE, gets an IP address via RADIUS, the CPE facing router establishes the tunnel and has a route to the /32 on the...
by fewi
Fri Dec 09, 2011 2:03 pm
Forum: Beginner Basics
Topic: Help understanding Mikrotik LOG
Replies: 8
Views: 1115

Help understanding Mikrotik LOG

Nothing. What else is there to do? There's nothing listening on the port anymore, and you can't stop the packet from arriving on your router port (unless you control the other end of the connection as well). Someone is trying a key on the door to your house. You changed the door so there's no longer...
by fewi
Fri Dec 09, 2011 1:34 pm
Forum: Scripting
Topic: DynDns scripts HTTPS
Replies: 5
Views: 1395

DynDns scripts HTTPS

Because fetch didn't support HTTPS.
by fewi
Fri Dec 09, 2011 1:50 am
Forum: Forwarding Protocols
Topic: let mikrotik run an ext webserver instead of internet access
Replies: 5
Views: 2488

Re: let mikrotik run an ext webserver instead of internet ac

As I already said if you have wildcard DNS entries you can do without an external DNS server. You do need the Hotspot so you can redirect requests for any web resource on any host that a client could possibly request. Alternatively your web server would have to take care of that. Remember, a client ...
by fewi
Fri Dec 09, 2011 1:48 am
Forum: General
Topic: can't ping or telnet or winbox into RB711-2Hn
Replies: 12
Views: 1707

Re: can't ping or telnet or winbox into RB711-2Hn

According to what you posted SSH is enabled.
by fewi
Thu Dec 08, 2011 11:32 pm
Forum: Wireless Networking
Topic: RouterOS (PPC) Upgrading Questions
Replies: 2
Views: 490

Re: RouterOS (PPC) Upgrading Questions

Settings persist through upgrades, but it would be wise to take a binary as well as text backup before any upgrades just in case something goes wrong.

http://wiki.mikrotik.com/wiki/Manual:Co ... Management
by fewi
Thu Dec 08, 2011 10:11 pm
Forum: General
Topic: can't ping or telnet or winbox into RB711-2Hn
Replies: 12
Views: 1707

Re: can't ping or telnet or winbox into RB711-2Hn

Those rules were part of 4.x, too. The different is the kind of board you use. http://wiki.mikrotik.com/wiki/Manual:De ... igurations documents the different default configurations of a variety of RouterBOARDs.
by fewi
Thu Dec 08, 2011 9:33 pm
Forum: Forwarding Protocols
Topic: let mikrotik run an ext webserver instead of internet access
Replies: 5
Views: 2488

Re: let mikrotik run an ext webserver instead of internet ac

Sure. Just run a normal DHCP server on the network announcing the router for DNS, add a wildcard entry for DNS that resolves all host names to some IP address, add a Hotspot, and redirect to the web server as a login page. Adding static DNS: http://wiki.mikrotik.com/wiki/Manual:IP/DNS#Static_DNS_Ent...
by fewi
Thu Dec 08, 2011 9:30 pm
Forum: General
Topic: Forwarding a puplic IP to CPE
Replies: 5
Views: 923

Re: Forwarding a puplic IP to CPE

If you don't want to use NAT (which is good) you just route it over to the CPE. Since you already have a full OSPF network you could simply implement the IP network on a CPE interface, and then add the interface as passive to OSPF. That's it, the CPE now advertises that IP space and the rest of your...
by fewi
Thu Dec 08, 2011 8:48 pm
Forum: General
Topic: can't ping or telnet or winbox into RB711-2Hn
Replies: 12
Views: 1707

Re: can't ping or telnet or winbox into RB711-2Hn

/ip firewall address-list add list=management address=1.1.1.0/24 add list=management address=2.2.2.0/24 /ip firewall filter add chain=input src-address-list=management action=accept Then move the filter rule above the existing drop rule. Also refer to the manual: http://wiki.mikrotik.com/wiki/Manua...
by fewi
Thu Dec 08, 2011 7:53 pm
Forum: General
Topic: can't ping or telnet or winbox into RB711-2Hn
Replies: 12
Views: 1707

Re: can't ping or telnet or winbox into RB711-2Hn

/ip firewall filter add action=accept chain=input comment="default configuration" disabled=no protocol=icmp add action=accept chain=input comment="default configuration" connection-state=established disabled=no add action=accept chain=input comment="default configuration" connection-state=related d...
by fewi
Thu Dec 08, 2011 6:24 pm
Forum: General
Topic: can't ping or telnet or winbox into RB711-2Hn
Replies: 12
Views: 1707

Re: can't ping or telnet or winbox into RB711-2Hn

Of course. Select the text, right click, copy, then paste here. Just like any other text.
by fewi
Thu Dec 08, 2011 5:52 pm
Forum: General
Topic: can't ping or telnet or winbox into RB711-2Hn
Replies: 12
Views: 1707

Re: can't ping or telnet or winbox into RB711-2Hn

There's something wrong with your config. What exactly is wrong is hard to troubleshoot without seeing the configuration. Post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip service print detail", and "/ip firewall export" together with a network ...
by fewi
Thu Dec 08, 2011 2:24 pm
Forum: RouterBOARD hardware
Topic: Availability of the RB751G
Replies: 101
Views: 19622

Availability of the RB751G

As long as it is $1 cheaper than twice as expensive I would be saving money, because right now I have to buy two devices (or one from a different manufacturer that has two chip sets - which is significantly more attractive because it is cheaper, uses less foot print, is easier to configure, and uses...
by fewi
Thu Dec 08, 2011 2:18 pm
Forum: RouterBOARD hardware
Topic: Availability of the RB751G
Replies: 101
Views: 19622

Re: Availability of the RB751G

Maybe this is where the misunderstanding is: I'm not saying I don't want to offer 2.4 at all. I want to offer both. There's so many clients now on 2.4 (because, as you said, everyone has a smart phone) that there's more 2.4 APs, so there's crazy interference. I wasn't kidding when I said I can see 1...
by fewi
Thu Dec 08, 2011 2:03 pm
Forum: General
Topic: Maximum Number of Port Forwards?
Replies: 1
Views: 440

Maximum Number of Port Forwards?

25 is no problem.

It does depend on how much other work the router is doing so it is hard to state a hard limit, but 25 is definitely feasible.
by fewi
Thu Dec 08, 2011 2:00 pm
Forum: RouterBOARD hardware
Topic: Availability of the RB751G
Replies: 101
Views: 19622

Availability of the RB751G

I personally have the same observation as Macgaiver above, most consumer devices still only support 2GHz.
Huh. All my laptops and tablets support 5Ghz.

At my workplace 55% of all connections are on 5Ghz, which is huge given that smart phones can only do 2.4.
by fewi
Wed Dec 07, 2011 11:24 pm
Forum: RouterBOARD hardware
Topic: Availability of the RB751G
Replies: 101
Views: 19622

Re: Availability of the RB751G

I do see 8 - 12 SSIDs from other neighbours
Lucky you, I see 17 right now.
by fewi
Wed Dec 07, 2011 10:08 pm
Forum: Scripting
Topic: dynDNS Update Script
Replies: 158
Views: 102992

Re: dynDNS Update Script

Sure, if the public IP is configured right on the router you can just check the interface IP directly. The fetch only happens in case you're behind NAT and need to update a public IP you can't access locally directly.
by fewi
Wed Dec 07, 2011 2:44 pm
Forum: Forwarding Protocols
Topic: Multihomed BGP and traffic reply path
Replies: 2
Views: 1314

Re: Multihomed BGP and traffic reply path

How do I set the reply traffic to go out over the same interface in came in on? You identify the networks it happens to and write a BGP policy (using routing filters) that assigns a weight or local preference to the route you want traffic to take. You basically have two routes to a given destinatio...
by fewi
Wed Dec 07, 2011 4:32 am
Forum: General
Topic: RouterOS v5.9 released
Replies: 166
Views: 38710

Re: RouterOS v5.9 released

Hopefully no one is using half duplex wired Ethernet connections anymore, though.
by fewi
Wed Dec 07, 2011 4:31 am
Forum: RouterBOARD hardware
Topic: where is netinstall?
Replies: 9
Views: 1437

Re: where is netinstall?

Fix up the BOOTP server so the router can access it. It's unlikely it's actually unable to boot from the network due to an error on the router, it's likely to be an error on the network or with the server. Take firewalls into account, particularly if you're on a recent version of Windows.
by fewi
Wed Dec 07, 2011 2:57 am
Forum: RouterBOARD hardware
Topic: Moving key from one router to another.
Replies: 7
Views: 2595

Re: Moving key from one router to another.

Either way you'll have to email support. This is a user forum, so people can't help you with licensing issues. I wouldn't expect too much. You ordered something you didn't need 5 years ago - I can't think of any vendors that would refund that, to be honest.
by fewi
Wed Dec 07, 2011 2:55 am
Forum: Forwarding Protocols
Topic: Block access between two ip address
Replies: 4
Views: 1426

Re: Block access between two ip address

you can give subnetmask 255.255.255.255 to your users (over dhcp, or manual) and then all packets will go trough mikrotik (gateway for users is mikrotik ip, ofcourse), and then u can control all theese packets. then u can make this rule: Just a word of warning: if you don't have strict control over...
by fewi
Wed Dec 07, 2011 1:08 am
Forum: General
Topic: Hotspot change of ISP
Replies: 2
Views: 482

Re: Hotspot change of ISP

Two things to try:

- check that DNS is OK and that the clients can resolve the Hotspots name as well as other Internet web hosts so they can request a login page in the first place
- check that NAT is OK

If that doesn't get you anywhere post actual configuration excerpts in text form.
by fewi
Tue Dec 06, 2011 11:34 pm
Forum: Beginner Basics
Topic: Port forwarding using WebfigV5.2
Replies: 2
Views: 792

Re: Port forwarding using WebfigV5.2

http://wiki.mikrotik.com/wiki/Manual:IP ... rt_mapping
That shows how to do it in the CLI. The field names in Winbox and Webfig mirror what the parameters are called on the CLI.
by fewi
Tue Dec 06, 2011 11:31 pm
Forum: Beginner Basics
Topic: Cache Server - Plan and Design
Replies: 25
Views: 6969

Re: Cache Server - Plan and Design

How can we know what 172.16.0.0/12 is on your network? It's private IP space. Nothing in this thread mentions it before. The rule means, literally: take all traffic to tcp/80 that comes in via ether3 and isn't going to 172.16.0.0/12, and send it to 172.19.65.250 on port tcp/3128 instead. What that m...
by fewi
Tue Dec 06, 2011 11:28 pm
Forum: General
Topic: Difference Between " walled-garden " and "walled-garden ip"
Replies: 11
Views: 3715

Re: Difference Between " walled-garden " and "walled-garden

Taken directly from the manual I posted: /ip firewall mangle add chain=prerouting in-interface=LAN \ dst-address=10.0.0.0/24 action=mark-packet \ new-packet-mark=exempt-up add chain=postrouting out-interface=LAN \ src-address=10.0.0.0/24 action=mark-packet \ new-packet-mark=exempt-down /queue type a...
by fewi
Tue Dec 06, 2011 11:25 pm
Forum: General
Topic: Hotspot redirect not working (mostly)
Replies: 10
Views: 8867

Re: Hotspot redirect not working (mostly)

You need to give your Hotspot a proper domain name with a valid TLD, such as "hotspot.local" instead of just "stjw-hotspotcontroller1". Everything else looks fine from what you posted.
by fewi
Tue Dec 06, 2011 7:21 pm
Forum: General
Topic: Hotspot redirect not working (mostly)
Replies: 10
Views: 8867

Re: Hotspot redirect not working (mostly)

If you need help you'll have to be more specific than "I got everything setup and working expect the hotspot login redirect is not working (for the most part)" - what is working? What isn't? Also post the relevant configuration in text format.
by fewi
Tue Dec 06, 2011 7:17 pm
Forum: General
Topic: No IGMP Proxy in RB750GL
Replies: 5
Views: 2029

Re: No IGMP Proxy in RB750GL

(I knew it that if I’ll “touch” the Mtik’s pride, solutions will come... :)
Bit of a dick move, really.
by fewi
Tue Dec 06, 2011 4:59 pm
Forum: General
Topic: IP issues
Replies: 7
Views: 830

Re: IP issues

If you have a layer 3 switch you don't need the Mikrotik router. If you want to use the Mikrotik router you can't run the layer 3 switch at layer 3, and need to just assign an IP address to the router LAN interface and connect the switch and have it distribute that network at layer 2 to the other se...
by fewi
Tue Dec 06, 2011 3:00 pm
Forum: General
Topic: FIN scan originating from iphone
Replies: 2
Views: 1034

Re: FIN scan originating from iphone

What are you rules to detect FIN scans? FIN scans send a FIN to a port without a connection being open. This could of course happen entirely naturally - such as your router having fairly low connection time outs, lower than the device on the other end. If the phone is expecting the connection to sta...
by fewi
Tue Dec 06, 2011 2:53 pm
Forum: Beginner Basics
Topic: Help understanding Mikrotik LOG
Replies: 8
Views: 1115

Re: Help understanding Mikrotik LOG

Do you use SSH to access your router? If not best practice would be to disable the service.
by fewi
Tue Dec 06, 2011 2:50 pm
Forum: General
Topic: Hotspot with User Credits and Active Directory
Replies: 4
Views: 1637

Re: Hotspot with User Credits and Active Directory

Authentication for Hotspot: Is is MAC based or based on HTTP session? The other buildings would be behind their own router so I don't have to make one huge, gigantic subnet. Per MAC, but the "addresses-per-mac" property lets you govern how many IPs can log in per MAC. Generally speaking, though, Ho...
by fewi
Tue Dec 06, 2011 2:46 pm
Forum: Beginner Basics
Topic: Mikrotik as bandwidth manager
Replies: 3
Views: 1822

Re: Mikrotik as bandwidth manager

Read the wiki manuals on queueing, both PCQ and simple queues.
by fewi
Tue Dec 06, 2011 3:04 am
Forum: General
Topic: No IGMP Proxy in RB750GL
Replies: 5
Views: 2029

Re: No IGMP Proxy in RB750GL

Which incidentally is clearly stated in the manual: http://wiki.mikrotik.com/wiki/Manual:Routing/Multicast#Requirements Requirements Multicast is available on all architectures supported by RouterOS. Packages required: system multicast Note: v3.x routing-test and multicast packages are incompatible....
by fewi
Tue Dec 06, 2011 2:49 am
Forum: RouterBOARD hardware
Topic: RB750 Internet Usage
Replies: 6
Views: 2339

Re: RB750 Internet Usage

http://wiki.mikrotik.com/wiki/Switch_Chip_Features#Port_Switching Port Switching Switching feature allows wire speed traffic passing among a group of ports, like the ports were a regular ethernet switch. You configure this feature by setting a "master-port" property to one ore more ports in /interf...
by fewi
Mon Dec 05, 2011 9:53 pm
Forum: General
Topic: UPnP NAT Entry Timeout?
Replies: 17
Views: 4391

Re: UPnP NAT Entry Timeout?

It probably cleans them just fine, but it's a bit of a brute force approach: it'll also clear forwarding rules that are still active. So if the device/app that requested the UPnP hole be punched is still active you're dragging it out from under its feet. How it handles that would depend on the devic...
by fewi
Mon Dec 05, 2011 3:30 pm
Forum: General
Topic: wifi double nat
Replies: 1
Views: 620

Re: wifi double nat

That you need NAT very, very strongly indicates that the Untangle server doesn't have a route back to 192.168.2.0/24 via 192.168.1.227. I know you said you added one, but double check that. Also check that the Untangle server is set up to NAT 192.168.2.0/24 out its WAN interface and isn't restricted...
by fewi
Mon Dec 05, 2011 2:55 am
Forum: General
Topic: UPnP NAT Entry Timeout?
Replies: 17
Views: 4391

Re: UPnP NAT Entry Timeout?

Ah. Well, you can access the the connection table via "/ip firewall connection", access the dynamic rules and extract the ports used by them, and then look for connections in the connection table by that port. I doubt that you can determine when a rule was last used without some rather complex logic...