Community discussions

MikroTik App

Search found 98 matches

by rotten777
Sat Aug 12, 2017 1:18 am
Forum: General
Topic: Which USB 4G LTE works ??? Please update wiki ...
Replies: 1
Views: 737

Re: Which USB 4G LTE works ??? Please update wiki ...

I'm in the same boat. Have about 6 installations I could use this at but I'm not wasting $500 to find out it isn't supported or sucks. Mikrotik you're losing out on money.
by rotten777
Fri Nov 18, 2016 8:47 pm
Forum: General
Topic: IPSEC/L2TP - Windows client
Replies: 1
Views: 710

Re: IPSEC/L2TP - Windows client

Here's a bit of the log from the client connecting. [admin@fjsi-rt-sb] /ip ipsec peer> (224 messages discarded) 11:45:16 echo: ipsec,debug,packet Adding NON-ESP marker 11:45:16 echo: ipsec,debug,packet 72 bytes from firewall_IP_address[4500] to client_IP_address[4500] 11:45:16 echo: ipsec,debug,pack...
by rotten777
Fri Nov 18, 2016 8:40 pm
Forum: General
Topic: IPSEC/L2TP - Windows client
Replies: 1
Views: 710

IPSEC/L2TP - Windows client

I'm receiving this error on the client: "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer" Am I missing something? There are 3 tunnels active (site-to-site) that work fine. But this client will not conne...
by rotten777
Thu Sep 29, 2016 11:25 pm
Forum: General
Topic: Fresh setup of GRE + IPSEC
Replies: 2
Views: 662

Re: Fresh setup of GRE + IPSEC

Probably local and remote addresses of the tunnel entered incorrectly. First can also be caused by incorrect secret. /ip ipsec peer add address=IPADDRESS1/32 auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-128,3des exchange-mode=main...
by rotten777
Thu Sep 29, 2016 9:23 pm
Forum: General
Topic: Fresh setup of GRE + IPSEC
Replies: 2
Views: 662

Fresh setup of GRE + IPSEC

RB1100AHx2 on 3 sites all running v6.37 I've set everything up and in the logging of ipsec I get: phase1 negotiation failed due to time up localwan<500><=>remotewan[500] with a hexidecimal address after In the interface logging I see: Sebring GRE transmit loop detected, downing interface for 60 seco...
by rotten777
Thu Jan 07, 2016 10:54 pm
Forum: General
Topic: Training page
Replies: 0
Views: 1065

Training page

https://www.mikrotik.com/training/

Has anyone else noticed the outline PDF's are 404's when viewed over SSL? I don't know who to give a nudge to as far as a site maintainer.
by rotten777
Tue Apr 07, 2015 5:47 am
Forum: General
Topic: CRS125-24G-1S with LACP
Replies: 0
Views: 429

CRS125-24G-1S with LACP

OK so I have a NAS with a dual intel gigabit adapter to bond and use for storage, plus a single gigabit adapter for management. I have the client PC with a dual gigabit adapter to attach to the NAS while bonded, plus a single gigabit adapter on the PC for everything else. OK so I have a VLAN for sto...
by rotten777
Fri Jun 20, 2014 12:40 am
Forum: General
Topic: Blocking countries IP blocks for security
Replies: 8
Views: 4485

Re: Blocking countries IP blocks for security

I have a fail2ban setup already in place but I can't guarantee when I remote in that I'm not off on vacation in some tropical paradise from an unknown IP. I know I won't be in China lol I just want to drop the amount of traffic used by being a blackhole as far as the Chinese are concerned. If they ...
by rotten777
Thu Jun 19, 2014 10:50 pm
Forum: General
Topic: Blocking countries IP blocks for security
Replies: 8
Views: 4485

Re: Blocking countries IP blocks for security

Personal think blocking country wise is not a prevention against these common bruteforce attacks. They coming from all over the world, yes also from the USA. Most of the time it's done by other host where an attack was successful. It's spread like a worm. Access to mgmt interfaces like ssh or a web...
by rotten777
Thu Jun 19, 2014 9:47 pm
Forum: General
Topic: Blocking countries IP blocks for security
Replies: 8
Views: 4485

Blocking countries IP blocks for security

So I'm an American who administers many networks which I place routerboards in front of 99% of the time (I despise Cisco) and spend a lot of time reviewing logs and seeing brute force attempts constantly coming from places like China/Ukraine/Colombia/etc.... I am debating adding a filter to drop all...
by rotten777
Tue Aug 06, 2013 3:52 am
Forum: General
Topic: Exclusion from PCC load balancing
Replies: 4
Views: 2295

Re: Exclusion from PCC load balancing

It sounds like you might have something messed up in your rules. Post /export compact # aug/05/2013 20:49:18 by RouterOS 6.1 # software id = LQCC-ADHK # /interface wireless set 0 band=2ghz-b/g/n country="united states" frequency=2437 l2mtu=2290 mode=\ bridge ssid=MGMT /interface ethernet set 0 name...
by rotten777
Mon Aug 05, 2013 11:12 pm
Forum: General
Topic: Exclusion from PCC load balancing
Replies: 4
Views: 2295

Exclusion from PCC load balancing

I'm using PCC load balancing to balance two circuits and I'm having a problem with authenticated sites... for whatever reason the site balances over to another link and the site has to be reauthenticated. Is there a way to force web traffic connections to specific domains to one circuit or the other...
by rotten777
Mon Jun 17, 2013 5:30 pm
Forum: General
Topic: CCR1036-12G-4S with 6.0
Replies: 19
Views: 2934

Re: CCR1036-12G-4S with 6.0

I have the same problem.

If you unplug one of the LANs going into the switch, you will restore the connectivity.

It is not the switch. I have exactly the same problem with the CCR
you're running 6.0 or 6.1 right?
by rotten777
Thu Jun 13, 2013 6:19 pm
Forum: General
Topic: CCR1036-12G-4S with 6.0
Replies: 19
Views: 2934

Re: CCR1036-12G-4S with 6.0

I have the same problem. If you unplug one of the LANs going into the switch, you will restore the connectivity. It is not the switch. I have exactly the same problem with the CCR I have a rb751u-2hnd running with the same effective configuration in it's place now. I'm irritated I've spent nearly $...
by rotten777
Thu Jun 13, 2013 5:45 pm
Forum: General
Topic: CCR1036-12G-4S with 6.0
Replies: 19
Views: 2934

Re: CCR1036-12G-4S with 6.0

Usually it's 115200
Thanks. Didn't work. I'm getting a refund on this brick. :(
by rotten777
Thu Jun 13, 2013 3:06 am
Forum: General
Topic: CCR1036-12G-4S with 6.0
Replies: 19
Views: 2934

Re: CCR1036-12G-4S with 6.0

Does anyone have any idea what speed the serial console is on the router?
by rotten777
Wed Jun 12, 2013 4:28 am
Forum: General
Topic: CCR1036-12G-4S with 6.0
Replies: 19
Views: 2934

Re: CCR1036-12G-4S with 6.0

Update on this situation... it is definitely the CCR1036-12G-4S :(

Running on a RB751 and works flawless. Que sera sera. An e-mail has been sent to Mikrotik. Hopefully this isn't a lemon.
by rotten777
Wed May 29, 2013 5:44 pm
Forum: General
Topic: CCR1036-12G-4S with 6.0
Replies: 19
Views: 2934

Re: CCR1036-12G-4S with 6.0

well i ssh to the ccr and ping from terminal, but yes. SSH is ok too. ;-) Well, that's really strange... I've never seen that before... I would reset the CCR to factory defaults and start from scratch. I've got some CCRs which are running in similar configs and they do nothing like that. - Mat I di...
by rotten777
Wed May 29, 2013 4:55 pm
Forum: General
Topic: CCR1036-12G-4S with 6.0
Replies: 19
Views: 2934

Re: CCR1036-12G-4S with 6.0

No. When the CCR is connected to the switch I can ssh to the switch from a desktop on the LAN but can't ping out from router to the internet. So you can also access the CCR via Winbox but you can't ping a host on the Internet from the CCR (Tools/Ping)? Right? well i ssh to the ccr and ping from ter...
by rotten777
Wed May 29, 2013 4:22 pm
Forum: General
Topic: CCR1036-12G-4S with 6.0
Replies: 19
Views: 2934

Re: CCR1036-12G-4S with 6.0

It's possible that macs get leaked between the interfaces (maybe a bug), that's why it's important to know if these ports share the same broadcast domain or not. If they are in seperate VLANs we can rule out this situation. If you connect the switch to the CCR, is the CCR able to reach the internet...
by rotten777
Wed May 29, 2013 4:07 pm
Forum: General
Topic: CCR1036-12G-4S with 6.0
Replies: 19
Views: 2934

Re: CCR1036-12G-4S with 6.0

Are the Ports 1-3 connected to the same Switch? If yes, are these Ports in the same VLAN (on the switch)? I'm thinking it's the VLAN's as well. I got onto the console of the switches (I inherited this setup from a previous employee) and it looks like the VLAN setup is all screwed up and far from ho...
by rotten777
Wed May 29, 2013 3:48 pm
Forum: General
Topic: CCR1036-12G-4S with 6.0
Replies: 19
Views: 2934

Re: CCR1036-12G-4S with 6.0

Please post your config, so we can see if something is wrong there. It most likely isn't a hardware problem. - Mat [admin@shc-rt00] > export # jan/02/1970 00:00:53 by RouterOS 6.0 # software id = EAC6-B57Y # /interface ethernet set 12 auto-negotiation=yes set 13 auto-negotiation=yes set 14 auto-neg...
by rotten777
Wed May 29, 2013 3:44 pm
Forum: General
Topic: CCR1036-12G-4S with 6.0
Replies: 19
Views: 2934

Re: CCR1036-12G-4S with 6.0

Whats the make and model of the switch?
NetVanta 1238 & NetVanta 1234 connected on gbic's
by rotten777
Wed May 29, 2013 4:03 am
Forum: General
Topic: CCR1036-12G-4S with 6.0
Replies: 19
Views: 2934

CCR1036-12G-4S with 6.0

I have no idea what in the world is going on but here goes... Brand new router, installed 6.0 for tile, blank config, added ip address for public interface/lan1/lan2, added route and nat masquerade, everything is working great at this point. Once I unplug my laptop and plug the lan1/lan2 into the sw...
by rotten777
Thu Apr 11, 2013 5:49 pm
Forum: General
Topic: WAN with multiple static address; force LAN SUBNET traffic
Replies: 2
Views: 875

Re: WAN with multiple static address; force LAN SUBNET traff

Here's the routing setup other than the dynamic entries /ip route add check-gateway=arp comment="42 traffic" disabled=no distance=1 \ dst-address=0.0.0.0/0 gateway=173.x.x.1 pref-src=173.x.x.42 \ routing-mark=bits_traffic scope=30 target-scope=10 add check-gateway=arp comment="default route to rs" d...
by rotten777
Thu Apr 11, 2013 5:30 pm
Forum: General
Topic: WAN with multiple static address; force LAN SUBNET traffic
Replies: 2
Views: 875

WAN with multiple static address; force LAN SUBNET traffic

So I have 3 private subnets, 1 WAN subnet.

I want to force all web traffic from a specific subnet to exit via a specific outside/public IP in the WAN subnet. What's the best way to accomplish this?

Thanks in advance
by rotten777
Tue Mar 05, 2013 3:16 am
Forum: General
Topic: Questions about multiple IP addresses on same interface
Replies: 2
Views: 705

Re: Questions about multiple IP addresses on same interface

use check gateway arp to make this work. in nat, don't use out interface.
so I don't masquerade the 3 outside interfaces?
by rotten777
Tue Mar 05, 2013 2:38 am
Forum: General
Topic: Questions about multiple IP addresses on same interface
Replies: 2
Views: 705

Questions about multiple IP addresses on same interface

So I have two public IP addresses on a class C and my default route goes out on that subnet as well. So I have XXX.XXX.XXX.41 and XXX.XXX.XXX.42 and the default route has 0.0.0.0/0 with pref-src of XXX.XXX.XXX.41 and gateway of XXX.XXX.XXX.1 distance=1 Traffic routes out with no issues. What I'm try...
by rotten777
Thu Jan 31, 2013 7:25 pm
Forum: General
Topic: Geolocation and static lat/long
Replies: 3
Views: 1672

Geolocation and static lat/long

Probably a stupid question but is there a way to setup a lat/long in routeros that's static so geolocation pulls its lat/long from there rather than the ISP's equipment?
by rotten777
Fri Dec 21, 2012 9:44 pm
Forum: General
Topic: Hairpin NAT with dynamic WAN IP?
Replies: 19
Views: 8607

Re: Hairpin NAT with dynamic WAN IP?

When you use hairpin NAT you use your private IPs.

dst-address being the WAN IP, src-address being a local NAT'd IP...
by rotten777
Thu Dec 06, 2012 12:11 am
Forum: General
Topic: Troubleshooting route/subnet/filter
Replies: 4
Views: 923

Re: Troubleshooting route/subnet/filter

Still dealing with this issue... is there something I can post to help people help me debug this mess? :?
by rotten777
Mon Nov 12, 2012 5:23 pm
Forum: General
Topic: Troubleshooting route/subnet/filter
Replies: 4
Views: 923

Re: Troubleshooting route/subnet/filter

Can you show which addresses you have assigned to the interfaces ?

Doyou have any bridging or switching enabled ?
No bridging. All ports on Switch1 side of RB1100. Thanks for the help btw.
by rotten777
Fri Nov 09, 2012 8:10 pm
Forum: General
Topic: Troubleshooting route/subnet/filter
Replies: 4
Views: 923

Re: Troubleshooting route/subnet/filter

Nothing at all? *sigh*
by rotten777
Fri Nov 09, 2012 1:44 am
Forum: General
Topic: Troubleshooting route/subnet/filter
Replies: 4
Views: 923

Troubleshooting route/subnet/filter

Hey guys I've got a problem stumping me. RB1100. I have 2 WAN interfaces, 4 LAN interfaces. ether6 and ether7 are both private subnets and can talk to each other. ether2 and ether3 are both the public interfaces for internet access and they're load balanced and working perfectly fine. ether1 and eth...
by rotten777
Thu Aug 09, 2012 3:30 am
Forum: General
Topic: Rebooting to get routing tables functional
Replies: 2
Views: 482

Re: Rebooting to get routing tables functional

I have had a few issues like that over the years, random. For whatever reason it will set one route as the default route and won't accept mine until I reboot. I'd say 3 out of 100 have done it, generally after I'd changed the routes several times. I don't think it ever happened in a production situ...
by rotten777
Wed Aug 08, 2012 4:50 am
Forum: General
Topic: Rebooting to get routing tables functional
Replies: 2
Views: 482

Rebooting to get routing tables functional

Is it normal to have to reboot a router after enabling an interface, addressing it, and creating the route for the interface?

It is quite frustrating to troubleshoot for an hour only to reboot and have the same exact rules work great on a reboot.
by rotten777
Tue Jul 03, 2012 11:26 pm
Forum: Wireless Networking
Topic: spoofing problem
Replies: 14
Views: 2121

Re: spoofing problem

if you know where he is, setup directionals flooding data and ssids to him. or get a noise generator, an amp, and a directional and knock his communications completely out lol A noise generator would definately be on the "other" side of the legal fence... you can keep it in the public spectrum. why...
by rotten777
Tue Jul 03, 2012 5:22 am
Forum: Wireless Networking
Topic: Dropping wireless clients on RB751U-2HnD
Replies: 19
Views: 5717

Re: Dropping wireless clients on RB751U-2HnD

here's the current power tx


tx power mode is card rates and it's at 30 right now. doesn't seem to change the actual output. i must be missing something.
by rotten777
Tue Jul 03, 2012 1:18 am
Forum: General
Topic: Logging firewall filter events without duplicating rules
Replies: 2
Views: 730

Logging firewall filter events without duplicating rules

I'd like to log all my firewall events to a syslog server (already got that part down) but when enabling the action of logging, it seems I'm going to have to recreate all of my filter entries (lots). Is there a way around this? I just want to log all the filtered traffic but don't want to double my ...
by rotten777
Tue Jul 03, 2012 1:14 am
Forum: General
Topic: Android ping inside LAN
Replies: 6
Views: 1199

Re: Android ping inside LAN

If it doesn't work from a wired client to the wireless client but it does from the router itself, you may want to look at your bridging. If you're coming in on ether2 and trying to go out the bridge interface or wlan1 interface, make sure you have the appropriate rules and the bridging is setup prop...
by rotten777
Tue Jul 03, 2012 1:06 am
Forum: Wireless Networking
Topic: Dropping wireless clients on RB751U-2HnD
Replies: 19
Views: 5717

Re: Dropping wireless clients on RB751U-2HnD

Try dropping the power down to circa 23db , by default its 30db which is way to high. Also, just for a test, try without using WPA/WPA2 and see if the ping response stabilises. I removed encryption. I will change the power output once I get home and try it again and I will let you know the outcome.
by rotten777
Tue Jul 03, 2012 1:03 am
Forum: General
Topic: Wireless connection droppping on RB951-2n
Replies: 24
Views: 7508

Re: Wireless connection droppping on RB951-2n

I just turned off encryption. So far I'm just not happy with the wireless on this unit. I think I'm going to put my RB750G back in place and leave the PowerAPN for the wireless. Quite disappointing :(
by rotten777
Fri Jun 29, 2012 9:45 pm
Forum: Wireless Networking
Topic: spoofing problem
Replies: 14
Views: 2121

Re: spoofing problem

if you know where he is, setup directionals flooding data and ssids to him. or get a noise generator, an amp, and a directional and knock his communications completely out lol
by rotten777
Fri Jun 29, 2012 8:01 pm
Forum: Wireless Networking
Topic: Dropping wireless clients on RB751U-2HnD
Replies: 19
Views: 5717

Re: Dropping wireless clients on RB751U-2HnD

I set the group key update to 1 hour. It seems to have stabilized. But I'm assuming at the 1 hour point, whatever is screwed up with knock all wireless clients off.
by rotten777
Fri Jun 29, 2012 7:29 pm
Forum: Wireless Networking
Topic: Dropping wireless clients on RB751U-2HnD
Replies: 19
Views: 5717

Re: Dropping wireless clients on RB751U-2HnD

this is the only thing I can find in the log that isn't normal auth/deauth

echo: wireless,info C8:AA:21:40:02:C5@wlan1: disconnected, group key exchange timeout
by rotten777
Fri Jun 29, 2012 7:23 pm
Forum: Wireless Networking
Topic: Dropping wireless clients on RB751U-2HnD
Replies: 19
Views: 5717

Re: Dropping wireless clients on RB751U-2HnD

Not enough info. What revision firmare? Just a single AP, not routing or bridging loops? Clients signal strength? Whats the Log saying? fw is 2.39 ros is 5.18 this is a single soho router setup. ether1 is wan, 2 is lan with dhcp, wlan1 is wireless. very basic. signal strength doesn't matter. i was ...
by rotten777
Fri Jun 29, 2012 2:42 am
Forum: Wireless Networking
Topic: Dropping wireless clients on RB751U-2HnD
Replies: 19
Views: 5717

Re: Dropping wireless clients on RB751U-2HnD

PING 192.168.77.1 (192.168.77.1) 56(84) bytes of data. 64 bytes from 192.168.77.1: icmp_req=1 ttl=64 time=166 ms 64 bytes from 192.168.77.1: icmp_req=2 ttl=64 time=190 ms 64 bytes from 192.168.77.1: icmp_req=3 ttl=64 time=8.97 ms 64 bytes from 192.168.77.1: icmp_req=4 ttl=64 time=35.2 ms 64 bytes f...
by rotten777
Fri Jun 29, 2012 2:34 am
Forum: Wireless Networking
Topic: Dropping wireless clients on RB751U-2HnD
Replies: 19
Views: 5717

Re: Dropping wireless clients on RB751U-2HnD

I am also seeing dropped packets and ping replies all over the map from 18ms to 450ms to timeouts
by rotten777
Fri Jun 29, 2012 2:28 am
Forum: Wireless Networking
Topic: Dropping wireless clients on RB751U-2HnD
Replies: 19
Views: 5717

Dropping wireless clients on RB751U-2HnD

So I have changed very little to the wireless setup on the rb. Set to AP bridge, b/g/n, 20mhz channel width, 2462 freq, ssid, wireles proto to 802.11, setup WPA2 key. Clients connect, then drop, then reconnect, then drop, then reconnect, then drop. Never ending loop. Quite frustrating. It's on andro...
by rotten777
Wed Apr 25, 2012 7:32 pm
Forum: General
Topic: Hairpin NAT with dynamic WAN IP?
Replies: 19
Views: 8607

Re: Hairpin NAT with dynamic WAN IP?

You need to do something like this.
add action=masquerade chain=srcnat dst-address=192.168.77.20 src-address=192.168.77.0/24
I will try that this evening. Thanks for your help
by rotten777
Wed Apr 25, 2012 7:24 pm
Forum: General
Topic: Hairpin NAT with dynamic WAN IP?
Replies: 19
Views: 8607

Re: Hairpin NAT with dynamic WAN IP?

What IP address does port 3389 go to and what is your LAN subnet?
subnet on ether2-lan -> 192.168.77.0/24
to-address for 3389 -> 192.168.77.20
by rotten777
Wed Apr 25, 2012 6:59 pm
Forum: General
Topic: Hairpin NAT with dynamic WAN IP?
Replies: 19
Views: 8607

Re: Hairpin NAT with dynamic WAN IP?

I want hairpin nat on port 3389. public interface is ether1. the lan subnet is on ether2. the public interface pulls dhcp from the isp. huh? I have DST-NAT setup and working for specific ports. It comes in and does a DST-NAT when on port 3389 using TCP. That works great from the outside. I have thi...
by rotten777
Wed Apr 25, 2012 6:49 pm
Forum: General
Topic: Hairpin NAT with dynamic WAN IP?
Replies: 19
Views: 8607

Re: Hairpin NAT with dynamic WAN IP?

Are you wanting to setup hairpin NAT or DSTNAT? What are you trying to achieve?

Hairpin NAT is a combination of DSTNAT and SRCNAT correct?

I want hairpin nat on port 3389. public interface is ether1. the lan subnet is on ether2. the public interface pulls dhcp from the isp.
by rotten777
Wed Apr 25, 2012 6:40 pm
Forum: General
Topic: Hairpin NAT with dynamic WAN IP?
Replies: 19
Views: 8607

Re: Hairpin NAT with dynamic WAN IP?

Sure. Did you read how to setup hairpin nat? http://wiki.mikrotik.com/wiki/Hairpin_NAT Yes. From that article: /ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 \ action=dst-nat to-address=192.168.1.2 add chain=srcnat out-interface=WAN action=masquerade The public IP ad...
by rotten777
Wed Apr 25, 2012 4:38 pm
Forum: General
Topic: Hairpin NAT with dynamic WAN IP?
Replies: 19
Views: 8607

Hairpin NAT with dynamic WAN IP?

Is this possible at all?
by rotten777
Mon Jan 23, 2012 10:31 pm
Forum: General
Topic: Routes
Replies: 1
Views: 390

Re: Routes

I can also ping the two SXT's from the console of the router and they come back at 1ms and 8ms with 0 dropped. So I'm sure the physical part of the connection on that subnet is A-OK
by rotten777
Mon Jan 23, 2012 10:29 pm
Forum: General
Topic: Routes
Replies: 1
Views: 390

Routes

I'm probably missing something basic here but any help is appreciated. I have an RB1100 with one interface going to a dumb switch with a P2P bridge of SXT's. It is one the 172.16.0.0/12 subnet and there's a route in the router pointing to that subnet. I can ping the 172.16.0.1 (RB1100) IP address fr...
by rotten777
Fri Jan 13, 2012 11:50 pm
Forum: General
Topic: RB433 upgraded too far
Replies: 2
Views: 889

RB433 upgraded too far

So I was in the middle of upgrading some SXT devices and also ended up upgrading a very old RB433... obviously the license won't even go past 4.17 so I was wondering where can I download 3.x to make the license for the RB active again?

thanks in advance!
by rotten777
Mon Jan 02, 2012 5:26 pm
Forum: Wireless Networking
Topic: The highest throughput <1Km PTP line of sight setup
Replies: 3
Views: 1159

Re: The highest throughput <1Km PTP line of sight setup

RB800 + N will give you 200 Mbps aggregated if you use good antennas.
OK which cards and which antennas?

R5SHPn? R52Hn?
by rotten777
Wed Nov 30, 2011 10:29 pm
Forum: General
Topic: Problem upgrading bootloader
Replies: 15
Views: 5267

Re: Problem upgrading bootloader

I'm stuck at 2.25 on my RB750G...........
by rotten777
Tue Nov 29, 2011 9:53 pm
Forum: Wireless Networking
Topic: The highest throughput <1Km PTP line of sight setup
Replies: 3
Views: 1159

The highest throughput <1Km PTP line of sight setup

So I'm going into a project where there's a 600m PTP connection needed to pass as much bandwidth as needed. The cost is not a factor at all... I just want to avoid the $74k in construction costs for burying fiber. That being said, I'm really new to the Mikrotik wireless stuff. I've got a single back...
by rotten777
Mon Nov 28, 2011 8:06 pm
Forum: General
Topic: DHCP Relay over wireless bridge
Replies: 1
Views: 1328

Re: DHCP Relay over wireless bridge

ahh nevermind... my fat fingers put the dhcp-client on the wrong interface (eth instead of bridge)

:lol:
by rotten777
Mon Nov 28, 2011 8:04 pm
Forum: General
Topic: DHCP Relay over wireless bridge
Replies: 1
Views: 1328

DHCP Relay over wireless bridge

OK so here's the scenario. I've got my core network with the RB1100 working on 5 subnets. I have two SXT-5D's bridging traffic between each other to be a back haul to another location. The wireless part is working great and passing traffic between the two is great but I don't seem to have DHCP offer...
by rotten777
Wed Sep 21, 2011 3:41 am
Forum: General
Topic: SIP Registrations being denied
Replies: 2
Views: 600

Re: SIP Registrations being denied

nope. I actually had all the settings correct. the problem was fixed as I rebooted the router. LAME
by rotten777
Sun Sep 11, 2011 5:10 pm
Forum: General
Topic: SIP Registrations being denied
Replies: 2
Views: 600

SIP Registrations being denied

I've got an asterisk server out on the cloud and one behind my routerboard. Using the exact same sip.conf I get registration on the cloud asterisk but not on the physical one. I keep hearing references to the SIP helper service but cannot find a single reference to its use. Please advise. Thanks in ...
by rotten777
Tue Aug 30, 2011 7:17 pm
Forum: General
Topic: ip firewall nat - port forward (even with internal request)
Replies: 1
Views: 917

ip firewall nat - port forward (even with internal request)

so I have a network where smartphones access an internal exchange server and when they come on site and their wifi picks up, they're now on the corporate subnet. the port forward stops working to the exchange server unless they disable the wifi and use the cell networks. i have this: chain=dstnat ac...
by rotten777
Mon Aug 22, 2011 3:09 pm
Forum: General
Topic: Load balancing interference with PPTP services
Replies: 1
Views: 1780

Load balancing interference with PPTP services

Hey guys. I'm having a problem wrapping my mind around the load balancing and excluding PPTP traffic. Here's what I have in the "ip firewall mangle" section.. /ip firewall mangle 0 chain=prerouting action=accept dst-address=WANSUBNET1/25 in-interface=ether1-corplan 1 chain=prerouting action=accept d...
by rotten777
Sat Aug 20, 2011 3:36 pm
Forum: General
Topic: PPTP VPN Bridge and PCC
Replies: 10
Views: 4518

Re: PPTP VPN Bridge and PCC

I tried to use my PCC using the LAN interface as the in-interface use 'src-address' instead of 'in-interface' If I use the Bridge interface as the in-interface, <...> VPN is no longer able to get to LAN in mangle prerouting, first accept packets with dst-address=your_local_addresses, then mark rout...
by rotten777
Wed Aug 17, 2011 11:54 pm
Forum: General
Topic: Simple priotization
Replies: 1
Views: 571

Simple priotization

Is there a way to simply prioritize traffic so an IP address or subnet has priority to bandwidth on a WAN link?
by rotten777
Tue Aug 16, 2011 11:06 pm
Forum: General
Topic: v5.5 bug: after ssh-keys password login via ssh is blocked
Replies: 20
Views: 6124

Re: v5.5 bug: after ssh-keys password login via ssh is block

yes we are considering that and assessing consequences. At the moment you can add several certificates for each account, aslo, it is possible to add private key to log through ssh from one router to another with the key. IMHO - password authentication alone is bad thing, should use key with authori...
by rotten777
Tue Aug 16, 2011 3:08 pm
Forum: General
Topic: v5.5 bug: after ssh-keys password login via ssh is blocked
Replies: 20
Views: 6124

Re: v5.5 bug: after ssh-keys password login via ssh is block

change was made in 5.0rc2. Where changelog message explained - if ssh-key is set, logins using password are disabled. Feature is there, that if you feel like having keys for router login less secure option is not used. That is security measure. Thank you for pointing me to CHANGELOG , I found it in...
by rotten777
Mon Aug 15, 2011 5:23 pm
Forum: General
Topic: v5.5 bug: after ssh-keys password login via ssh is blocked
Replies: 20
Views: 6124

Re: v5.5 bug: after ssh-keys password login via ssh is block

Is there a way to disable this feature?
by rotten777
Thu May 26, 2011 10:29 pm
Forum: General
Topic: v5.3 released
Replies: 76
Views: 10712

Re: v5.3 released

Funny how a couple of us reported the port flapping issue a few weeks ago with loss of data also causing lock ups and watchdog reboots but not only did my thread get deleted twice..!, we also didnt get any resolve in our issues.... Now all of the sudden there bug affects more boards and boom! issue...
by rotten777
Sat May 21, 2011 5:09 pm
Forum: General
Topic: [Solved] RB750G ROS 5.2 serious performance issue.
Replies: 15
Views: 3360

Re: [Solved] RB750G ROS 5.2 serious performance issue.

Hi guys,

I can confirm that there is huge performance improvement in ROS 5.3 even compared to 4.17. So do not downgrade, it's better to wait few days and upgrade to 5.3.

Life is nice again :D

that's good to hear! 8)
by rotten777
Tue May 17, 2011 8:21 pm
Forum: General
Topic: SSH Key
Replies: 0
Views: 370

SSH Key

Since 5.x has gone to shared key only when a shared key exists, I need to consolidate my authorized keys. Is it possible to combine keys into 1 file to import for a single user. I have a basic single user with full rights and 5 keys I need to import. I was thinking a simple : cat key1.pub >> combine...
by rotten777
Tue May 17, 2011 1:01 am
Forum: General
Topic: Debian's rsyslogd & remote logging
Replies: 13
Views: 3595

Re: Debian's rsyslogd & remote logging

gotcha! thanks
by rotten777
Tue May 17, 2011 12:43 am
Forum: General
Topic: Debian's rsyslogd & remote logging
Replies: 13
Views: 3595

Re: Debian's rsyslogd & remote logging

was this bad practice at having a single rule for the remote or was that a bug?
by rotten777
Tue May 17, 2011 12:41 am
Forum: General
Topic: Debian's rsyslogd & remote logging
Replies: 13
Views: 3595

Re: Debian's rsyslogd & remote logging

that did it. thank you very much!
by rotten777
Tue May 17, 2011 12:32 am
Forum: General
Topic: Debian's rsyslogd & remote logging
Replies: 13
Views: 3595

Re: Debian's rsyslogd & remote logging

[admin@dcomfap-rt01] /system logging action> /ip address print detail Flags: X - disabled, I - invalid, D - dynamic 0 ;;; default configuration address=172.30.7.1/24 network=172.30.7.0 interface=ether2-local-master actual-interface=ether2-local-master 1 address=173.12.150.x/30 network=173.12.150.x ...
by rotten777
Tue May 17, 2011 12:18 am
Forum: General
Topic: Debian's rsyslogd & remote logging
Replies: 13
Views: 3595

Re: Debian's rsyslogd & remote logging

I know the two communicate because SNMP polling is working fine. Ugh how frustrating.
by rotten777
Tue May 17, 2011 12:14 am
Forum: General
Topic: Debian's rsyslogd & remote logging
Replies: 13
Views: 3595

Re: Debian's rsyslogd & remote logging

no dice :(
by rotten777
Tue May 17, 2011 12:12 am
Forum: General
Topic: Debian's rsyslogd & remote logging
Replies: 13
Views: 3595

Re: Debian's rsyslogd & remote logging

 3 * name="remote" target=remote remote=66.228.56.x remote-port=514 src-address=173.12.150.x bsd-syslog=no syslog-facility=daemon syslog-severity=auto 

that look about right?
by rotten777
Tue May 17, 2011 12:11 am
Forum: General
Topic: Debian's rsyslogd & remote logging
Replies: 13
Views: 3595

Re: Debian's rsyslogd & remote logging

What version are you running? Under 5.x I've found that I have to specify a src-address for the remote entry under "/system logging action" or it doesn't send anything.
yeah i'm 5.2

trying that now!
by rotten777
Tue May 17, 2011 12:02 am
Forum: General
Topic: Debian's rsyslogd & remote logging
Replies: 13
Views: 3595

Re: Debian's rsyslogd & remote logging

having run tshark on the server, there is no traffic coming in from the routers so I'm 99% that the traffic isn't being generated at the router side.
by rotten777
Mon May 16, 2011 11:55 pm
Forum: General
Topic: Debian's rsyslogd & remote logging
Replies: 13
Views: 3595

Debian's rsyslogd & remote logging

So I've got the daemon running on all IP's of my debian server udp 0 0 0.0.0.0:514 0.0.0.0:* I have the remote logging setup admin@dcomfap-rt01] /system logging> print Flags: X - disabled, I - invalid # TOPICS ACTION PREFIX 0 info memory 1 error memory 2 warning memory 3 critical echo 4 error remote...
by rotten777
Thu May 12, 2011 6:04 pm
Forum: General
Topic: Logging URL request for certain IP addresses
Replies: 2
Views: 2187

Re: Logging URL request for certain IP addresses

Bump. I'm looking for the same thing.
by rotten777
Thu May 12, 2011 12:55 am
Forum: General
Topic: Outbound 3389 port goes syn-sent but RDP doesn't connect
Replies: 4
Views: 2928

Re: Outbound 3389 port goes syn-sent but RDP doesn't connect

No, that forwards ALL tcp/3389 traffic to that IP address, regardless of what IP address the traffic is going to, or what interface it enters the router through. If you want to be more specific you have to either specify a dst-address (the destination IP before NAT), or an in-interface. and thus th...
by rotten777
Wed May 11, 2011 12:26 am
Forum: General
Topic: Outbound 3389 port goes syn-sent but RDP doesn't connect
Replies: 4
Views: 2928

Re: Outbound 3389 port goes syn-sent but RDP doesn't connect

Try to check your routes & NATS on all Routers to the network, some times you can be Routing to the IP address and there can be a NAT / Masqurade changing the src IP address of the returning Packets, ( this Can Be a real head Melter) if you have a specific src/ dst nat rules they should be before t...
by rotten777
Tue May 10, 2011 10:42 pm
Forum: General
Topic: Outbound 3389 port goes syn-sent but RDP doesn't connect
Replies: 4
Views: 2928

Outbound 3389 port goes syn-sent but RDP doesn't connect

So I've disabled all filter rules that drop anything and I can't get beyond syn-sent... I'm pulling my hair out! I've got a whole network who can't get to their payroll service... here's the filter Flags: X - disabled, I - invalid, D - dynamic 0 ;;; DudeIncoming chain=input action=accept protocol=tc...
by rotten777
Tue May 10, 2011 3:48 am
Forum: General
Topic: SNMP problem after 5.2 upgrade
Replies: 19
Views: 8075

Re: SNMP problem after 5.2 upgrade

nevermind fixed it with a secure snmp setup... weird
by rotten777
Tue Apr 19, 2011 8:26 pm
Forum: General
Topic: RouterOS 5.0 - DSA Shared Keys
Replies: 0
Views: 330

RouterOS 5.0 - DSA Shared Keys

Is this not functioning like previous releases? I generate the key, ftp it, import it successfully (with the new different syntax) and i get a failure when I try to log in.

Agent admitted failure to sign using the key.
by rotten777
Sat Apr 16, 2011 10:37 pm
Forum: General
Topic: Sending WOL packets from a Routerboard
Replies: 3
Views: 927

Re: Sending WOL packets from a Routerboard

now I am setup with shared dsa key...

I have a shell script setup as a launcher running this:

ssh -l admin rt7.XXXXXXXX.com "/tool wol interface=ether2 00:1F:D0:81:08:6E"


RouterOS is friggin awesome! :D
by rotten777
Sat Apr 16, 2011 9:27 pm
Forum: General
Topic: Sending WOL packets from a Routerboard
Replies: 3
Views: 927

Re: Sending WOL packets from a Routerboard

fantastic thanks very much
by rotten777
Sat Apr 16, 2011 7:46 pm
Forum: General
Topic: Sending WOL packets from a Routerboard
Replies: 3
Views: 927

Sending WOL packets from a Routerboard

Is this supported? I have a subnet of high power (think watts) devices which I don't want powered on at all times for $ and longevity reasons. I do, however, need to boot the devices on the subnet remotely for administration. Is there a way to send a WOL packet directly from the router? Right now I ...
by rotten777
Mon Feb 07, 2011 5:03 pm
Forum: General
Topic: Different Instances of DHCP Services on different interfaces
Replies: 1
Views: 414

Different Instances of DHCP Services on different interfaces

Has anyone had DHCP services running on different interfaces & different subnets? I'm trying to keep these services on the core router instead of relying on the servers.

Thanks in advance! :D
by rotten777
Thu Dec 17, 2009 6:01 am
Forum: General
Topic: General question about filtering web traffic
Replies: 5
Views: 1042

Re: General question about filtering web traffic

OpenDNS
A-ha!

Thanks!!!
by rotten777
Thu Dec 17, 2009 5:23 am
Forum: General
Topic: General question about filtering web traffic
Replies: 5
Views: 1042

General question about filtering web traffic

I understand there's a proxy built into RouterOS but I'm curious as to the content filtering aspect. I'd like to be able to filter generally non-work friendly sites but also be able to block specific sites I add. Is this a function of the latest versions? I am ready to purchase quite a few routers b...