Community discussions

Search found 157 matches

by MCT
Wed Jun 25, 2014 4:19 am
Forum: Beginner Basics
Topic: Mikrotik as firewall for white static address - not function
Replies: 7
Views: 1444

Re: Mikrotik as firewall for white static address - not func

I see you have a bridge in interfaces with the Internet label. I'll make an educated guess.
Go to Bridge, Settings, and enable Use IP Firewall
by MCT
Thu May 09, 2013 4:33 pm
Forum: Beginner Basics
Topic: Automatically forward Traffic to Netflix/Hulu via OVPN
Replies: 11
Views: 8137

Re: Automatically forward Traffic to Netflix/Hulu via OVPN

A few minutes on Google will get you the network blocks that those companies own. You can use those address ranges to tag and route the traffic to them through the VPN,
by MCT
Thu May 09, 2013 4:12 pm
Forum: General
Topic: Post-NAT Bandwidth management
Replies: 2
Views: 685

Re: Post-NAT Bandwidth management

The DSCP values would be a reasonable choice. You can use mangle on the 1100 to change it to certain values to tag the traffic and then mark the connection and packets in the 750 based on those tags so you can shape the traffic and set the DSCP back to it's proper value.
by MCT
Tue May 07, 2013 11:15 pm
Forum: General
Topic: Limit L2 traffic
Replies: 8
Views: 2410

Re: Limit L2 traffic

QoS or firewall rules won't work on VPLS. If you want to throttle the traffic you have to throttle on the ingress interface. You could also try it on the egress interface if you don't have access to the ingress.
by MCT
Fri Apr 19, 2013 9:32 pm
Forum: Wireless Networking
Topic: 35KM PTP Link
Replies: 12
Views: 3969

Re: 35KM PTP Link

Mates, Need you help. Be putting up a 35KM Point to Point Link. Initially I've taught of using Metal 5HnD and a 2 foot Parabolic Dish. Other hardware recommendation highly appreciate - Please specify Radio and Antenna Model Thanks. Geographic location, climate, bandwidth needs, latency requirements...
by MCT
Fri Apr 19, 2013 9:29 pm
Forum: Wireless Networking
Topic: 35KM PTP Link
Replies: 12
Views: 3969

Re: 35KM PTP Link

I have 200mbps real speed link on 35km
i used 36dbi 5Ghz antenna on each side Dual pol MIMO+R52Hnd+RB800
That's some pretty excessive hardware to use on a PtP link. Is there any particular reason for it?
by MCT
Wed Apr 17, 2013 10:26 am
Forum: Beginner Basics
Topic: QOS/Throttle for Home User
Replies: 5
Views: 1363

Re: QOS/Throttle for Home User

It is possible, but I'm a bit rusty on Mikrotik right now. If no one replies I'll look it up and post how to do it.
by MCT
Wed Sep 12, 2012 9:48 pm
Forum: General
Topic: What do you all think of the EdgeRouter?
Replies: 21
Views: 3451

Re: What do you all think of the EdgeRouter?

Maybe it will be like AirOS, hit apply and wait for restart :lol: Mmmm. Nope. It's a real time system. You hit apply and the change is made without dropping anything. Research before you bash ;) Not to mention that the EdgeRouter OS is based on Vyatta, a proven enterprise routing distro that's depl...
by MCT
Wed Sep 12, 2012 9:19 pm
Forum: General
Topic: What do you all think of the EdgeRouter?
Replies: 21
Views: 3451

Re: What do you all think of the EdgeRouter?

Very nice hardware with a os that's actually open source which you can use easily available tools to create your own packages for? Yeah that's a few steps ahead of RouterOS.

Though the biggest plus is that Ubiquiti addresses security issues openly rather than deleting threads.
by MCT
Thu May 17, 2012 4:22 pm
Forum: General
Topic: Mikrotik Router DDoS attack
Replies: 32
Views: 8603

Re: Mikrotik Router DDoS attack

well as a RouterOS and RouterBOARD user myself all i can suggest is - create decent firewall that will allow you everything you like and still keep the router safe. There have been endless discussions about what is and what is not safe. Now - suggested configuration have proposed WAN interface comp...
by MCT
Thu May 17, 2012 6:37 am
Forum: General
Topic: Mikrotik Router DDoS attack
Replies: 32
Views: 8603

Re: Mikrotik Router DDoS attack

This is one of the things that has hurt Mikrotik's reputation the most. This is the internet, and nothing attracts attention more than a company deleting posts about security issues or bugs. If they can't discuss it on your official forums they're going to go discuss it on your competitor and 3rd pa...
by MCT
Sun Feb 12, 2012 11:07 am
Forum: Wireless Networking
Topic: How Do You Make SNTP server and client actually work?
Replies: 5
Views: 10118

Re: How Do You Make SNTP server and client actually work?

If you have a firewall on your input chain or if the connection will cross a firewall be sure to allow UDP port 123 from the ip addresses of the NTP server you're using.
by MCT
Fri Feb 10, 2012 3:31 am
Forum: General
Topic: Combine 2 ISP speed
Replies: 7
Views: 4696

Re: Combine 2 ISP speed

Just a note that if you load balance a 20mpbs connection and a 6mbps connection you don't combine the speeds. Those connections will be the same speed you'll just have the load spread among them. The only way to get a 26mbps connection out of that is interface bonding and that requires the ISPs coop...
by MCT
Sun Feb 05, 2012 12:08 am
Forum: General
Topic: Trojan-Dropper.JS.Agent.fk on mikrotik or not?
Replies: 21
Views: 2586

Re: Trojan-Dropper.JS.Agent.fk on mikrotik or not?

If the router's web interface is public facing then the webserver running on it has been compromised. If you're running older routerOS versions then there's a good chance it's running a vulnerable web server or associated software.

It's happened with the webserver in Linksys routers in the past.
by MCT
Tue Jan 31, 2012 12:49 am
Forum: Wireless Networking
Topic: Large capacity backhaul
Replies: 16
Views: 2979

Re: Large capacity backhaul

At a half mile there are more options for a gigabyte link than at 5 miles. You have free space optics for one.
by MCT
Mon Jan 30, 2012 4:35 pm
Forum: Wireless Networking
Topic: Large capacity backhaul
Replies: 16
Views: 2979

Re: Large capacity backhaul

First you say less than five miles now less than 1/2 mile. It's hard to give any input when your distances changes.
by MCT
Sun Jan 29, 2012 9:46 pm
Forum: Wireless Networking
Topic: Large capacity backhaul
Replies: 16
Views: 2979

Re: Large capacity backhaul

Thanks for the input Sup. I was also looking at 60ghz unlicensed wireless. Bridgewave GE60 (about $17k for the link). Can you briefly explain the lincesing process in case I go that route? Mainly what FCC form, approx cost and time to get it. A GE60 won't work at 5 miles btw. You'll need to go up t...
by MCT
Sun Jan 29, 2012 7:10 am
Forum: Wireless Networking
Topic: Large capacity backhaul
Replies: 16
Views: 2979

Re: Large capacity backhaul

I'm assuming that's 500mpbs full duplex which in wireless terms is 1000mbps because the rating you see on wireless gear is typically half duplex. It's certainly possible to bond multiple links together but that'll take quite a few links and you haven't said how far this backhaul has to go.
by MCT
Sat Jan 14, 2012 9:51 am
Forum: RouterBOARD hardware
Topic: Water Sxt
Replies: 74
Views: 12356

Re: Water Sxt

In marine conditions I'll normally treat boards with Corrosion X heavy, or Boeshield T9. Boeshield will dry to a waxy type coating that's better for really cold conditions though that means you have to be careful not to coat your contacts in the ethernet port. After you treat the board you could sub...
by MCT
Wed Jan 11, 2012 4:11 pm
Forum: Beginner Basics
Topic: new way to hac mikrotik
Replies: 4
Views: 1175

Re: new way to hac mikrotik

There's nothing new about this. It's the flaw of mac based authentication systems and it's been around for quite a while now. The only way to resolve it is to use a different authentication method that requires a sign in and is encrypted.
by MCT
Tue Jan 10, 2012 12:32 am
Forum: General
Topic: Mikrotik DNS server issues with Amazon S3 - low TTL 60sec
Replies: 118
Views: 45027

Re: Mikrotik DNS server issues with Amazon S3 - low TTL 60se

TTL in DNS terms is indeed number of seconds to cache a DNS record: * Wikipedia - DNS TTL Amazon keeps the TTL low for various reasons. Mucking with it would likely cause you to be connecting to the wrong IP address. Ah, well I deal with network engineering mostly so my brain defaults to network te...
by MCT
Mon Jan 09, 2012 10:54 pm
Forum: General
Topic: Mikrotik DNS server issues with Amazon S3 - low TTL 60sec
Replies: 118
Views: 45027

Re: Mikrotik DNS server issues with Amazon S3 - low TTL 60se

Why not use just mangle to raise the TTL?

TTL isn't measured in seconds, it's a hop count.
by MCT
Mon Jan 09, 2012 4:37 pm
Forum: General
Topic: Port knocking - filtering duplicate UDP packets
Replies: 7
Views: 1424

Re: Port knocking - filtering duplicate UDP packets

If someone is really interested in attacking your network they'll find a way to start intercepting your traffic. That's the reason why it's not considered a strong security measure as once they intercept the knocking sequence any security it once provided is gone. That's not to say it isn't useful. ...
by MCT
Sun Jan 08, 2012 11:59 pm
Forum: General
Topic: Port knocking - filtering duplicate UDP packets
Replies: 7
Views: 1424

Re: Filtering duplicate UDP packets

I am using lists (inside the "port-knock" chain). However if you let the next knock be anything without locking and resetting the knocking process on a wrong knock, then potentially an attacker could knock at all the ports 3 times in 5 seconds and get through the process successfully just because t...
by MCT
Sun Jan 08, 2012 12:05 pm
Forum: RouterBOARD hardware
Topic: i have 1 bad block in nand storge this is proplem
Replies: 3
Views: 977

Re: i have 1 bad block in nand storge this is proplem

If have it configured to write to memory a lot you'll eventually start seeing bad blocks. It's just normal wear on the flash memory. If it's new, then it could be a problem. Routerboards don't have a persistent clock so it will get reset when you reboot. That's why it's important to set up NTP, just...
by MCT
Sun Jan 08, 2012 11:54 am
Forum: General
Topic: Port knocking - filtering duplicate UDP packets
Replies: 7
Views: 1424

Re: Filtering duplicate UDP packets

Don't bother trying to do it that way. The easiest way to do port knocking is using lists. When something hits the first port it's added to a first-knock list. When something hits the second port and the IP is in first-knock it gets added to second-knock. You can progress with this as far as you wan...
by MCT
Sun Jan 08, 2012 11:46 am
Forum: General
Topic: QOS with variable WAN speed
Replies: 1
Views: 567

Re: QOS with variable WAN speed

In those situations the best you can do with QoS is to give guarantied minimums to critical services and allow it to use any remaining bandwidth available.
by MCT
Fri Jan 06, 2012 4:12 pm
Forum: General
Topic: Packet Shaping
Replies: 18
Views: 2760

Re: Packet Shaping

There is a difference in the terms used and I know the terminology in the wiki isn't always consistent. I could try to explain it but it's easier just to borrow one of Cisco's diagrams. http://www.cisco.com/image/gif/paws/19645/policevsshape-a.gif It's normally used in situations like transitioning ...
by MCT
Thu Jan 05, 2012 10:59 pm
Forum: General
Topic: Can i generate MRTG on 450g
Replies: 2
Views: 650

Re: Can i generate MRTG on 450g

Yes, turn on SNMP and you can pull the info.
by MCT
Mon Jan 02, 2012 3:19 am
Forum: General
Topic: up and down
Replies: 10
Views: 1544

Re: up and down

I have some routerboards hooked to cisco gear that do the same thing.
by MCT
Fri Dec 30, 2011 5:03 pm
Forum: General
Topic: How to Block Network Games?
Replies: 10
Views: 9183

Re: How to Block Network Games?

Is there any particular reason why you have to be the one to run the counterstrike server? It seems like a very quick way to breed hate and discontent to me and short of cutting off their network connections there will be ways around your attempts to block it.
by MCT
Thu Dec 29, 2011 7:48 pm
Forum: General
Topic: Simulate Latency?
Replies: 2
Views: 1872

Re: Simulate Latency?

I'm posting this only because RouterOS doesn't have this functionality.
There's another popular commercial grade x86 router distribution that will do this if you look into it's QoS functions for network emulation.
by MCT
Thu Dec 29, 2011 4:06 pm
Forum: Beginner Basics
Topic: MikroTik and VMware
Replies: 2
Views: 2560

Re: MikroTik and VMware

If you're using an up to date XP build turn off your firewall on both VMs. It's on by default and I've found it's normally the source of problems like this.
by MCT
Wed Dec 28, 2011 9:46 pm
Forum: General
Topic: i want any help for this case plzzzzzzzzzzz :(
Replies: 3
Views: 692

Re: i want any help for this case plzzzzzzzzzzz :(

The 20.0.0.0/8 address block is not a private IP block. You shouldn't be using that for your internal network. The 10.0.0.0/8 address block has more than enough addresses to cover your internal addressing needs.
by MCT
Wed Dec 28, 2011 8:31 pm
Forum: RouterBOARD hardware
Topic: US Routerboard Repair Service
Replies: 3
Views: 1162

Re: US Routerboard Repair Service

That would depend on what the problem is. If it's capacitor replacement, then it's pretty simple and inexpensive. If it calls for a lot of diagnostic equipment and surface mount rework then it will probably be cheaper for you to just buy new boards.
by MCT
Wed Dec 28, 2011 8:19 pm
Forum: Beginner Basics
Topic: what is the solution?
Replies: 8
Views: 1263

Re: what is the solution?

i did mention teh client hardware.. mostly they are dlink DWL-2100 Ap, and longest distnace is approx 1.5km all clinets are not more then 1.5 km away frm the sector. Here are few golden rules you have to follow: - antenas MUST have clear line of sight including clear Fresnell zone - antenna polaris...
by MCT
Wed Dec 28, 2011 6:25 pm
Forum: Wireless Networking
Topic: Your Coax Sealing Techniques?
Replies: 13
Views: 3562

Re: Your Coax Sealing Techniques?

A method that we've come up with for environments like jungles and marine applications is to treat the entire board with corrosion X including all the connectors, it's a dielectric and perfectly safe to submerge electronics in the stuff. We treat the coax the same way, saturating it with corrosion x...
by MCT
Wed Dec 28, 2011 4:44 pm
Forum: General
Topic: I lose time, date, and graph data when i reboot RB450G
Replies: 3
Views: 811

Re: I lose time, date, and graph data when i reboot RB450G

None of the Routerboards have persistent clocks so when you reboot they'll be reset to default. That's why it's important to set up NTP when working with them so your edge router can pull time from the Internet and then distribute it within your network. As for graph data, it's memory resident so yo...
by MCT
Wed Dec 28, 2011 4:39 pm
Forum: General
Topic: Mikrotik vs Vyatta
Replies: 6
Views: 5466

Re: Mikrotik vs Vyatta

This thread is dead? The Mikrotik does not support over 100.000 pps? I'll try to use the Mikrotik in a border gateway for 1.5 Gbps with over 1.200.000 pps. Have you ever seen a scenario like using Mikrotik? Regards, This thread is 2 years dead. It's considered bad forum etiquette to bring up thread...
by MCT
Wed Dec 28, 2011 4:27 pm
Forum: General
Topic: Uptime Contest
Replies: 11
Views: 2232

Re: Uptime Contest

How about this one? The most amazing thing is not even one packet drop with almost 70mbps.
It would be rather disturbing if there was, that's very light traffic for gigabit interfaces. I'm only seeing about 57mbps aggregate in your screenshot though.
by MCT
Sat Dec 24, 2011 10:14 am
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 112
Views: 62976

Re: DDoS story, or WARNING: use 'conection-limit' with cauti

No one will be able to help unless you post detailed information about the traffic. The most helpful thing would be to do a packet capture of the traffic and post it. If the attack address shifted then the alternate approach would be to create a queue rule to throttle the traffic down to a trickle. ...
by MCT
Sat Dec 24, 2011 9:27 am
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 112
Views: 62976

Re: DDoS story, or WARNING: use 'conection-limit' with cauti

You shouldn't bump really old threads, it's considered bad forum etiquette. That aside since all of your issues are from a single address simply create a rule to drop all traffic from that IP. I looked up the source IP in a security database and it's a frequent offender for attacking networks. I alw...
by MCT
Mon Sep 19, 2011 10:13 pm
Forum: Scripting
Topic: using two o.s(xp and router o.s)
Replies: 5
Views: 1142

Re: using two o.s(xp and router o.s)

RouterOS will format the HD by default. If you want to run both then run RouterOS in a virtual machine with VMware or VirtualBox.
by MCT
Mon Sep 19, 2011 8:12 pm
Forum: General
Topic: Problem upgrading bootloader
Replies: 15
Views: 4802

Re: Problem upgrading bootloader

Try this, worked for my 450G that didn't want to upgrade
/system routerboard settings set force-backup-booter=no 
then upgrade
by MCT
Sat Sep 17, 2011 10:41 am
Forum: General
Topic: RouterOS v5.7 released
Replies: 227
Views: 67246

Re: RouterOS v5.7 released

Anyone had any issues upgrading the routerboard bootloader firmware? It took a couple of tries on some other units but I have a 450G that's not taking the upgrade. It says it is, but after a reboot it's still the same. I haven't had this issue with previous versions.
by MCT
Tue Sep 13, 2011 5:53 pm
Forum: Wireless Networking
Topic: Is there a way to create a true 2.4ghz repeater
Replies: 5
Views: 1230

Re: Is there a way to create a true 2.4ghz repeater

If you do a search for OpenMesh you'll find what you're looking for. It's applications are very limited and the bandwidth/latency is horrible if you're more than 1 hop away from a internet feed node. You can make a much better system fairly easily with Mikrotik, but unless you have a mobile network ...
by MCT
Mon Sep 12, 2011 4:40 pm
Forum: Wireless Networking
Topic: is this true??
Replies: 7
Views: 905

Re: is this true??

It reads more like a disinformation document. It's pretty standard in the corporate world to include the name and contact information for the authors at the start of the document for feedback if it was legitimate. I'm betting this was created and purposely "leaked" for marketing purposes with full d...
by MCT
Mon Sep 12, 2011 4:32 pm
Forum: Wireless Networking
Topic: 5Ghz wave reflection by double glazing?
Replies: 7
Views: 2175

Re: 5Ghz wave reflection by double glazing?

I've seen something similar during a pentest. We entered the network through their wireless points so one of their reactions was to install this wifi blocking film on all the windows. I of course took a peak at the rolls to what this special stuff was. It was ordinary metallic window film which I'm ...
by MCT
Mon Sep 12, 2011 4:16 pm
Forum: General
Topic: winbox password with wireshark
Replies: 6
Views: 2877

Re: winbox password with wireshark

Isn't that a good thing?
Yes, but not in my situation :(
Let me guess, you have the password saved in the GUI and you forgot it?
by MCT
Sun Sep 11, 2011 4:32 am
Forum: General
Topic: winbox password with wireshark
Replies: 6
Views: 2877

Re: winbox password with wireshark

Only if you're not using secure mode.
by MCT
Fri Sep 09, 2011 3:11 pm
Forum: General
Topic: Mapping IP addresses on a actual USA map.
Replies: 6
Views: 633

Re: Mapping IP addresses on a actual USA map.

Why bother with maps it's easy enough to find what netblocks they use. You can have a script count up unique occurrences out of your logs and give you a count. If you want to be evil you can always write scrips to update NAT rules to redirect attacks back to the source. Bad idea. If the source addr...
by MCT
Fri Sep 09, 2011 6:22 am
Forum: Beginner Basics
Topic: gigabyte wireless bridge?
Replies: 4
Views: 895

Re: gigabyte wireless bridge?

No problem 1Gbps units are available if you have about $15,000 for each side of the link. 100Mbps full duplex units are available too though if you get creative you could achieve such a feat with mikrotik gear. The SXT can theoretically do it though practically I'd use a pair on each side and bond t...
by MCT
Fri Sep 09, 2011 2:09 am
Forum: General
Topic: Mapping IP addresses on a actual USA map.
Replies: 6
Views: 633

Re: Mapping IP addresses on a actual USA map.

Why bother with maps it's easy enough to find what netblocks they use. You can have a script count up unique occurrences out of your logs and give you a count.

If you want to be evil you can always write scrips to update NAT rules to redirect attacks back to the source.
by MCT
Fri Sep 09, 2011 1:44 am
Forum: General
Topic: Using Mikrotik with Comcast Cable
Replies: 17
Views: 3739

Re: Using Mikrotik with Comcast Cable

We can get Internet on another router with the exact same IP and setup. You know, that's really the kind of information you should include in the initial post. That basically says to people that they can focus on the router rather than outside factors. It would have saved me from guessing to try an...
by MCT
Thu Sep 08, 2011 10:46 pm
Forum: General
Topic: Using Mikrotik with Comcast Cable
Replies: 17
Views: 3739

Re: Using Mikrotik with Comcast Cable

Call Comcast and make sure they updated everything for your new location.
by MCT
Thu Sep 08, 2011 8:32 pm
Forum: General
Topic: Using Mikrotik with Comcast Cable
Replies: 17
Views: 3739

Re: Using Mikrotik with Comcast Cable

You need to provide a lot more info. I use Mikrotik on cable connections and never had an issue. Do you have static IPs from Comcast? If you moved locations then your IPs will likely be different because you're on a different network segment. The solution if you don't have static IPs, or even if you...
by MCT
Thu Sep 08, 2011 5:46 pm
Forum: General
Topic: Mapping IP addresses on a actual USA map.
Replies: 6
Views: 633

Re: Mapping IP addresses on a actual USA map.

I have some firewall rules in place that add ip addresses to a list banning that person from that port for 10 days. I would like to be able to plot these addresses automatically to a actual map as I would also like to eventually find a way to automate sending emails to abuse departments for people ...
by MCT
Thu Sep 08, 2011 4:39 pm
Forum: General
Topic: Howto Public IP´s on LAN-Client
Replies: 7
Views: 1191

Re: Howto Public IP´s on LAN-Client

Sounds more like a routing issue. Your ISP needs to add routes directing traffic for your subnet to your router and the corresponding routes need to be propagated to all of your routers for return traffic.

A network diagram and a printout of your routes will help people figure out what's going on.
by MCT
Thu Sep 08, 2011 4:22 pm
Forum: General
Topic: Forget MikroTik Password
Replies: 3
Views: 3567

Re: Forget MikroTik Password

Is this on an x86 system or on a Routerboard? With x86 you can google for what people have done in the past. With a Routerboard, you'll have to dump the flash memory first which requires some specialized equipment, datasheets, and someone with a heavy electronics or preferably an EE or computer engi...
by MCT
Wed Sep 07, 2011 8:12 pm
Forum: Beginner Basics
Topic: Avoiding Double NAT with multiple routers
Replies: 25
Views: 9764

Re: Avoiding Double NAT with multiple routers

I'd personally never pay for a connection that doesn't have a public IP. I'll NAT (PAT actually) at the edge of my network but only because I have to. I wish they'd get on the ball with IPv6. The only downside of that is a lot of people relied on NAT(PAT) to protect their network. I've done testing ...
by MCT
Wed Sep 07, 2011 5:27 pm
Forum: General
Topic: Can't ping over VLAN interface
Replies: 11
Views: 7228

Re: Can't ping over VLAN interface

It's a Cisco 4948, and it's managed with trunk port. Sorry if I confuse you with that. It's not the point about a switch... Just add to my first picture switch to the left... With 2 SXT's it work as showed (interface VLAN)... With RB411/SXT I can ping just RB411 (can't ping after it). Just when I c...
by MCT
Wed Sep 07, 2011 4:47 pm
Forum: General
Topic: Can't ping over VLAN interface
Replies: 11
Views: 7228

Re: Can't ping over VLAN interface

The first thing that jumps out to me is you mentioned you can't connect from a switch. What kind of switch is it?

If it's an unmanaged switch there's a good chance it won't pass VLAN tagged traffic. If it's a managed switch you may have to configure the port to trunk VLAN traffic.
by MCT
Tue Sep 06, 2011 6:48 pm
Forum: Beginner Basics
Topic: Stranger than fiction Please Help Meeeeeeeeeeeeeeeeee
Replies: 4
Views: 839

Re: Stranger than fiction Please Help Meeeeeeeeeeeeeeeeee

Post your mangle and queue config and you might get an answer
by MCT
Tue Sep 06, 2011 3:57 pm
Forum: General
Topic: DoS Deauth Attack Defense
Replies: 20
Views: 16090

Re: DoS Deauth Attack Defense

'nuff said http://wiki.mikrotik.com/wiki/Manual:Interface/Wireless#Management_frame_protection Was going to post this myself but Janisk beat me to it. Deauth attacks are nothing new and there's very little that can be done about them outside of protocol modifications to authenticate deauth frames. ...
by MCT
Sun Sep 04, 2011 9:06 am
Forum: General
Topic: Firmware goes backwards?
Replies: 7
Views: 1061

Re: Firmware goes backwards?

The current numbering is pretty much standard in the software development world.

<major version>.<minor version>

It isn't decimal numbering. The '.' is a separator between version numbers. Take a look at some Linux packages you'll see versions like 2.32.3 and such.
by MCT
Fri Sep 02, 2011 6:19 pm
Forum: Beginner Basics
Topic: i want to block the facebook in my internal network
Replies: 43
Views: 20625

Re: i want to block the facebook in my internal network

Ever consider a different approach such as blocking any outgoing DNS request that contains facebook?
by MCT
Fri Sep 02, 2011 3:47 pm
Forum: Beginner Basics
Topic: 4 IP public over 1 conexion ethernet
Replies: 1
Views: 513

Re: 4 IP public over 1 conexion ethernet

Post the relevant configuration sections please.

It's easy enough to set up NAT so you can reserve one of those IP addresses for your connection and everyone else can use the other three.
by MCT
Wed Aug 31, 2011 11:33 pm
Forum: General
Topic: Mikrotik router record !!!
Replies: 22
Views: 9975

Re: Mikrotik router record !!!

tomiczech OMG! You're saying that dedicated network hardware is faster than x86?! :shock: It's not news to anyone. People use x86 based networking gear because it's cost effective and has a high performance to cost ratio. There comes a point when you have to use hardware specifically designed for pr...
by MCT
Wed Aug 31, 2011 9:16 pm
Forum: General
Topic: IPv6 over PPP interfaces
Replies: 5
Views: 807

Re: IPv6 over PPP interfaces

You'll have to manually configure it at the moment. DHCPv6 should be ready in about two weeks or so from what I saw this morning.
by MCT
Wed Aug 31, 2011 8:59 pm
Forum: General
Topic: Free MUM entry vouchers for everyone with positive Karma
Replies: 13
Views: 3411

Re: Free MUM entry vouchers for everyone with positive Karma

Be careful about digging up old stuff the zombies may eat your brains...
by MCT
Wed Aug 31, 2011 8:48 pm
Forum: General
Topic: Question for ISP's, how do you assign static IP's?
Replies: 4
Views: 988

Re: Question for ISP's, how do you assign static IP's?

Most ISPs I've worked with reserves the address in the DHCP server so the client device always gets the same one. In RouterOS there is a "Make Static" button in the DHCP server leases tab. As for VLANS I believe strongly in the KISS principle of networking, don't make things more complicated than th...
by MCT
Wed Aug 31, 2011 7:11 pm
Forum: Beginner Basics
Topic: 3 WAN - 1 LAN
Replies: 11
Views: 4213

Re: 3 WAN - 1 LAN

A diagram would help people assist you.

What are the 3 WAN devices and how do they connect upstream?
How are they physically connected from the WAN devices to the Routerboard? Is there a switch?
by MCT
Wed Aug 31, 2011 6:52 pm
Forum: General
Topic: help me
Replies: 4
Views: 622

Re: help me

Your description isn't the clearest but from what I can work out you have two bridged modems connected to a switch... Bridged in networking terms meaning no routing, just a conversion of mediums from ADSL to Ethernet Never do that, seriously. It could cause all kinds of problems the least of which c...
by MCT
Wed Aug 31, 2011 5:26 pm
Forum: RouterBOARD hardware
Topic: Problem in connecting 411 to CISCO3750 switch
Replies: 5
Views: 1105

Re: Problem in connecting 411 to CISCO3750 switch

Cisco gear doesn't always auto-negotiate well, particularly with non-Cisco gear so make sure you manually set the port and duplex on it. In a perfect world it would work all the time but even in their own training classes Cisco gear will tell you it's considered a best practice to manually set speed...
by MCT
Wed Aug 31, 2011 9:17 am
Forum: Beginner Basics
Topic: Network Simulator
Replies: 4
Views: 2344

Re: Network Simulator

Yeah, VMware workstation is the solution. You can use the teams function and set up large complex networks down to controlling the speed on individual network segments. A RouterOS VM is small and doesn't need much ram so you can easily do a large number of machines. You can toss a desktop VM in the ...
by MCT
Wed Aug 31, 2011 12:28 am
Forum: RouterBOARD hardware
Topic: RB1100 low bridging/shapping performance
Replies: 57
Views: 10255

Re: RB1100 low bridging/shapping performance

We have not advertised the RB1100 as better than all X86 systems, yes, if you need extra power, currently your option is to get a X86 system. Many of our MFM partners offer preassembled systems like that. We are working on more powerful devices, but there is nothing to announce at the moment. No on...
by MCT
Tue Aug 30, 2011 11:14 pm
Forum: Wireless Networking
Topic: HELP TO SELECT PROPER MINI PCI ??
Replies: 1
Views: 435

Re: HELP TO SELECT PROPER MINI PCI ??

I'd say two R52Hn cards. There is no guarantee that you'll get the speed you want since every link is different and what works for one may not work for another. It's heavily dependent on the LOS. It's certainly possible though. Someone did a 50km link recently using XR5 cards and got 33Mbps simultan...
by MCT
Tue Aug 30, 2011 7:15 pm
Forum: Beginner Basics
Topic: m0n0wall vs routerOS - help me decide
Replies: 2
Views: 2202

Re: m0n0wall vs routerOS - help me decide

While it has it's faults RouterOS is probably the most flexible linux based routing platform made. I have a very Cisco heavy background, working on my CCIE actually. If I was looking for a linux routing distro comparable to Cisco I wouldn't hesitate to go with Vyatta. It's not flashy, but it does it...
by MCT
Tue Aug 30, 2011 5:53 pm
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 112
Views: 62976

Re: DDoS story, or WARNING: use 'conection-limit' with cauti

+1 for a detection based solution rather than just blocking ports.
by MCT
Mon Aug 29, 2011 6:45 pm
Forum: Wireless Networking
Topic: Link Suggetions
Replies: 8
Views: 1544

Re: Link Suggetions

When you see wireless bandwidth you're normally getting an aggregate number that is the total of send and receive together. So applied to wireless systems you're looking for. 1) 60Mbps 2) 100Mbps 3) 200Mbps The advertised numbers of wireless systems may match this, but those are theoretical maximums...
by MCT
Mon Aug 29, 2011 5:16 pm
Forum: General
Topic: How do I open Ports
Replies: 2
Views: 1636

Re: How do I open Ports

Never ever use Telnet. It's one of the cardinal sins of network security. If something requires Telnet then that's justification to avoid it like a plague.
by MCT
Mon Aug 29, 2011 5:07 pm
Forum: General
Topic: what are the options for 2 wan(PIC INCLUDED COMPLEX NETWORK)
Replies: 14
Views: 1286

Re: what are the options for 2 wan(PIC INCLUDED COMPLEX NETW

As it is now if you tunnel the new internet connection to the 'master' hotspot server you're going to be sending data over the same link twice in many cases. That is never a good thing. If you're using hotspot I'd push it out to all of the APs and have it authenticate against your master server. Tha...
by MCT
Sun Aug 28, 2011 3:44 am
Forum: General
Topic: 10 Gigabit
Replies: 2
Views: 781

Re: 10 Gigabit

Well you can go with Cisco or Brocade and pay a fortune. Vyatta is the only linux based router that I know officially supports 10gbps interfaces. They're actually open source though so there is no reason why Mikrotik couldn't use the drivers. In any case when you're pushing that much data don't try ...
by MCT
Sat Aug 27, 2011 1:11 pm
Forum: General
Topic: what are the options for 2 wan(PIC INCLUDED COMPLEX NETWORK)
Replies: 14
Views: 1286

Re: what are the options for 2 wan(PIC INCLUDED COMPLEX NETW

EIGRP is Cisco proprietary so that's not even an option. In all honesty the diagram is seriously lacking, as is the apparent lack of any design other than 'bridge everything'. The network is still very simple What's the topology actually look like? Where are the customers connecting? What's the band...
by MCT
Sat Aug 27, 2011 1:57 am
Forum: General
Topic: Newsletter 33
Replies: 48
Views: 11434

Re: Newsletter 33

Guys do we really need a 1Watt 711-2A. I appreciate the dual chain. it is indeed a necessity but 1 Watt (WHAT) for?? 500mW was more than enough. With so much noise around we dunno what frequency to use. At 2.4 the Noise Floor in our area has already gone low too -75. Suggest what should we use to s...
by MCT
Fri Aug 26, 2011 12:08 am
Forum: General
Topic: very strange 3.x,4.x,5.x freeze and crash with pppoe
Replies: 78
Views: 19923

Re: very strange 3.x,4.x,5.x freeze and crash with pppoe

Since you seemed to not understand the zombie reference last time I'll elaborate. While not specifically mentioned in rules it's generally considered bad forum etiquette to bump a very old thread. The proper etiquette is to create a new post with your issue and then include links to older threads as...
by MCT
Thu Aug 25, 2011 7:52 pm
Forum: Wireless Networking
Topic: Mikrotik SXT
Replies: 11
Views: 2286

Re: Mikrotik SXT

SXT's are not weak, you have a problem somewhere and I believe is polarisation mismatch. By default SXT have only H pol. active. You must activate second chain.
+1

Sounds like a polarity mismatch. The two SXTs I've been using get a lot better signal levels than what you're seeing at those ranges.
by MCT
Thu Aug 25, 2011 5:34 pm
Forum: General
Topic: Need help with network organization
Replies: 14
Views: 1752

Re: Need help with network organization

i can't pull 1811 because it used to connect 20.0/24 to other offices and hq can mikrotik route/nat ip aliases? It will do everything the 1811 will minus Cisco proprietary things like EIGRP. Mikrotik is very capable and a lot more flexible, but Cisco has enterprise level reliability and quality ass...
by MCT
Wed Aug 24, 2011 5:28 pm
Forum: General
Topic: Need help with network organization
Replies: 14
Views: 1752

Re: Need help with network organization

I don't know the physical proximity of the gear, but if you can I'd pull the 1811 out and do everything from the mikrotik router. The 1811 is a good piece of gear but it's just going to add more complexity without any real benefits. If not then you're going to have to configure a /30 between them an...
by MCT
Tue Aug 23, 2011 10:26 pm
Forum: General
Topic: Virus Ports Block
Replies: 24
Views: 20536

Re: Virus Ports Block

HI MCT, Your advice is fine. I have not tried it but is worth thinking over. However I had a few queries. The mangle u showed is for "tcp" only but we know that UDP ports are also vulnerable. Also, after the IP's have been identified as in asad's list in the picture 4444.jpg does it only identify t...
by MCT
Tue Aug 23, 2011 9:57 pm
Forum: Wireless Networking
Topic: 5km - Groove 5Hn - What is the expected throughput?
Replies: 12
Views: 7338

Re: 5km - Groove 5Hn - What is the expected throughput?

Back with test results:


Scheme 2: Ethernet Test Cable Length 40m
PC-> GROOVE-AP

TCP:
RX: 68Mbps
TX: 32Mbps

UDP:
RX: 98.8Mbps
TX: 38Mbps

Groove CPU = 100%


That's lower than I'd expect from a direct ethernet connection. You using half-duplex for some reason?
by MCT
Tue Aug 23, 2011 9:13 pm
Forum: General
Topic: Virus Ports Block
Replies: 24
Views: 20536

Re: Virus Ports Block

Correct, you don't need the old ones anymore, at least for port 445.
by MCT
Tue Aug 23, 2011 4:39 pm
Forum: General
Topic: Need help with network organization
Replies: 14
Views: 1752

Re: Need help with network organization

What's the story with the 1811? While you can get around not being able to configure it I'd consider it a patchwork solution that hinders the flexibility of configurations.
by MCT
Mon Aug 22, 2011 6:12 pm
Forum: General
Topic: Mikrotik API
Replies: 2
Views: 402

Re: Mikrotik API

by MCT
Mon Aug 22, 2011 3:20 pm
Forum: General
Topic: Virus Ports Block
Replies: 24
Views: 20536

Re: Virus Ports Block

As I said before this type of arbitrary port blocking is an amateur's solution. Target specific behavior not ports. I know I said arbitrary filtering is generally bad practice but what you have is a worm actively attacking other machines, not something like spam. If it's an active attack filter it ...
by MCT
Sun Aug 21, 2011 6:55 pm
Forum: General
Topic: Virus Ports Block
Replies: 24
Views: 20536

Re: Virus Ports Block

add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=135-139 protocol=tcp add action=drop chain=virus comment="Drop Messenger Worm" disabled=no dst-port=135-139 protocol=udp add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=444-445 protocol=tcp add...
by MCT
Sat Aug 20, 2011 9:59 pm
Forum: General
Topic: Reorganize Central service location
Replies: 9
Views: 1105

Re: Reorganize Central service location

Well for a non-specific question and a design opening problems that will cause quite a few headaches over time.

http://www.ciscopress.com/index.asp
by MCT
Fri Aug 19, 2011 5:20 pm
Forum: General
Topic: Virus Ports Block
Replies: 24
Views: 20536

Re: Virus Ports Block

I'm not a fan of just blocking ports to people just because it could be used by malware. If you follow that mentality you'll end up blocking legitimate port users. I've seen a lot of malware use port 80, you going to block that? If there is a signature or unique property that can be used to target t...
by MCT
Fri Aug 19, 2011 9:20 am
Forum: General
Topic: Virus Ports Block
Replies: 24
Views: 20536

Re: Virus Ports Block

There are no defined 'virus ports'. You need to provide more information on the traffic before anyone can help you. Malware, a virus, depending on the particular sample can use any ports or protocols the author desires. It's also helpful if you would provide a reasonably sized packet capture, a few ...
by MCT
Fri Aug 19, 2011 1:31 am
Forum: General
Topic: Flooding big problemmmmm
Replies: 4
Views: 727

Re: Flooding big problemmmmm

Nothing anyone can solve until you provide more information. What you've posted so far is confusing to be honest, the interface names in particular. I have no clue what the interfaces go to. You posted nothing about the traffic that's causing the problem either. There are plenty of people here who w...
by MCT
Thu Aug 18, 2011 9:44 am
Forum: General
Topic: Flooding big problemmmmm
Replies: 4
Views: 727

Re: Flooding big problemmmmm

You have just enough information to make it an interesting problem but not enough information to figure anything out. The names you've picked for interfaces just makes things confusing and your Dude map shows connections but since there's no correlation between those links and the interface names, o...
by MCT
Tue Aug 16, 2011 7:40 pm
Forum: General
Topic: New Made for MikroTik Product, RB750C
Replies: 3
Views: 1448

Re: New Made for MikroTik Product, RB750C

Lol, Steve, that's rather creative.
by MCT
Sat Aug 13, 2011 8:26 am
Forum: Wireless Networking
Topic: Power/backup solutions discussed
Replies: 20
Views: 2100

Re: Power/backup solutions discussed

Based off the max power draw on the 433AH datasheet you're looking at about 3.5 hours max though if you want to get the most use out of those batteries you'll get about an hour, maybe 1.5 hours. That's no guarantee. When I'm designing a battery system I'll take my desired run time to get the capacit...
by MCT
Fri Aug 12, 2011 4:43 pm
Forum: Wireless Networking
Topic: Apartment Wireless Blanket, groove + ?
Replies: 10
Views: 2039

Re: Apartment Wireless Blanket, groove + ?

You could run a simple, single radio HMWP mesh setup and just plug your APs into the groove. We have plenty of such setups and for general wifi internet access it works very well, despite the bandwidth tradeoff associated with single radio. His requirements are a bit more complex as the end goal is...
by MCT
Thu Aug 11, 2011 11:33 pm
Forum: General
Topic: Apple Products detected as port scanners
Replies: 8
Views: 1909

Re: Apple Products detected as port scanners

/ip firewall filter add chain=forward protocol=tcp dst-port=25 src-address-list=spammer action=drop comment="BLOCK SPAMMERS OR INFECTED USERS" add chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 action=add-src-to-address-list address-list=spammer address-list-timeout=1d com...
by MCT
Thu Aug 11, 2011 10:41 pm
Forum: General
Topic: Apple Products detected as port scanners
Replies: 8
Views: 1909

Re: Apple Products detected as port scanners

/ip firewall filter add action=add-src-to-address-list address-list=bonjour address-list-timeout=15m chain=forward disabled=no dst-port=5353 protocol=udp And move them above the port scan detection and modify the port scan detection with src-address-list=!bonjour It detected my mac off the UDP rule...
by MCT
Thu Aug 11, 2011 8:15 pm
Forum: General
Topic: Apple Products detected as port scanners
Replies: 8
Views: 1909

Re: Apple Products detected as port scanners

Apple devices are very chatty in general, relax the rule a bit or add another rule specific to detected apple devices. It advertises and tries to discover other services on the network. Bonjour generally uses 5297 TCP 5298 TCP/UDP 5353 UDP You can set up a list when they get detected and apply a por...
by MCT
Thu Aug 11, 2011 6:16 pm
Forum: Wireless Networking
Topic: Apartment Wireless Blanket, groove + ?
Replies: 10
Views: 2039

Re: Apartment Wireless Blanket, groove + ?

Ah, you're in Jacksonville.

What you want to do is a bit more involved than you realize. You have a good contact IM/email/number? I did an apartment complex setup for a friend not too long ago.
by MCT
Thu Aug 11, 2011 8:20 am
Forum: Wireless Networking
Topic: Extensive Data Loose Error Problem.
Replies: 2
Views: 474

Re: Extensive Data Loose Error Problem.

Sorry, but I can't help but find it amusing how paranoid people are about hiding their MAC addresses. It's not like anyone can do anything with they'll get the MACs anyway since they're broadcast to the world. MAC and private IP address are pretty useless unless someone is local and then it's not li...
by MCT
Wed Aug 10, 2011 5:37 pm
Forum: Wireless Networking
Topic: PtP link for 3km
Replies: 7
Views: 881

Re: PtP link for 3km

I've used vsat units in field networks before and it's never affected wifi, though I've never used an extended C band unit. What frequency are you using? The most common vsats are Ku or Ka which together range from 10Ghz to 31Ghz. If it's a C band the only way I could see it interfering with your li...
by MCT
Tue Aug 09, 2011 4:41 pm
Forum: Wireless Networking
Topic: Slow transparent bridging
Replies: 5
Views: 1126

Re: Slow transparent bridging

Find the reason, non solution! The reason: the reason for slow performances is in TCP Window Size; hosts exchanging test data can't "fill" the link bandwidth. Using iperf with a TCP windows size of 800kbytes (instead of default 64kbytes) I had an huge increment of performance (more than 50Mbps test...
by MCT
Tue Aug 09, 2011 3:53 pm
Forum: Beginner Basics
Topic: Trying to help a small community...
Replies: 3
Views: 734

Re: Trying to help a small community...

No offense but when someone says they have 'plenty of LAN experience' I would assume this includes an understanding of subnets and routing. Private or public IPs, routing doesn't change. You're asking a pretty basic networking question for someone wanting to step into the role of a service provider....
by MCT
Fri Aug 05, 2011 3:13 pm
Forum: Beginner Basics
Topic: Download drastically dropped in simple home NAT
Replies: 7
Views: 1502

Re: Download drastically dropped in simple home NAT

Hello, I've recently purchased a rb433 and configured it to masquerade to ether2 (WAN). I have a PC on ether1 (192.168.1.0/24). Everything is basically working, but my dl speed dropped from 20 mbit to ~1 mbit. When I connect my PC directly to the modem it's back to normal. My firewall settings are ...
by MCT
Thu Aug 04, 2011 11:47 pm
Forum: General
Topic: 2.3 Ghz Support In mikrotik
Replies: 6
Views: 1236

Re: 2.3 Ghz Support In mikrotik

India may not care about licenses but Aircel paid 34.38 billion rupees for the 2.3ghz spectrum. If they paid that much then they're probably going to care a bit.

You've never seen someone geolocate a transmitter faster than a cellular company when someone steps on their frequencies.
by MCT
Thu Aug 04, 2011 11:34 pm
Forum: Wireless Networking
Topic: Inteference problem
Replies: 1
Views: 637

Re: Inteference problem

I am thinking on Two projects due to interference. There are many Ap's around us three of them are just 500 metr away from us. Noise floor is - 50....one with least - 77. It will cause interference problem. First Project AP - Mikrotik 433AH+XR2(Super channel) CLIENT CPE - NanoStation Loco 2 Frequen...
by MCT
Thu Aug 04, 2011 9:31 pm
Forum: RouterBOARD hardware
Topic: R52Hn Oxidizing
Replies: 4
Views: 1024

Re: R52Hn Oxidizing

It could be some fluke electrochemical reaction caused by something at that site. Then again it could be something as simple as being in a coastal area and the enclosure not being sealed well enough. I've used http://corrosionxproducts.com in marine environments to protect boards. I'd be sure to mak...
by MCT
Thu Aug 04, 2011 5:58 pm
Forum: General
Topic: v5.6 released
Replies: 91
Views: 20826

Re: v5.6 released

Yes, now you have to set server's IP address (not DNS name) when creating certificate. SSTP is not harder to use, it is just an additional security feature. It's pretty much an industry standard to use domain names, how exactly is this a 'feature'? Because nameservers cannot be trusted. Yes, they c...
by MCT
Thu Aug 04, 2011 4:24 pm
Forum: Wireless Networking
Topic: P2P (Point to Point) some help wanted
Replies: 9
Views: 1448

Re: P2P (Point to Point) some help wanted

Again this is mostly guesswork as a datasheet on the wireless card your using would be a huge help as TX power and RX sensitivity change with the data rates.

If you're using the same antennas and get a clear line of sight from where you're mounting them then you should get a solid link.
by MCT
Wed Aug 03, 2011 11:18 pm
Forum: Wireless Networking
Topic: P2P (Point to Point) some help wanted
Replies: 9
Views: 1448

Re: P2P (Point to Point) some help wanted

The location 'base' is near Khambi? You gave a chipset but not the wireless card you're using. If you get up at least 25m at each location of your base-point 2 link and have a decent cards (I ran the numbers with the highest data rate on the R52Hn at 5.7Ghz MCS07 40mhz wide) you should get a decent ...
by MCT
Wed Aug 03, 2011 7:48 pm
Forum: General
Topic: v5.6 released
Replies: 91
Views: 20826

Re: v5.6 released

Yes, now you have to set server's IP address (not DNS name) when creating certificate.

SSTP is not harder to use, it is just an additional security feature.
It's pretty much an industry standard to use domain names, how exactly is this a 'feature'?
by MCT
Wed Aug 03, 2011 5:17 pm
Forum: General
Topic: Mikrotic - Border Router
Replies: 8
Views: 2562

Re: Mikrotic - Border Router

What's the model of your current Cisco router? If you're replacing a Cisco with x86 I'd lean more towards Vyatta. It's being used in datacenters with 10gbps NIC cards. The capacity of course depends on the hardware you give it. It's on par with Cisco or Juniper when it comes to ease of use and featu...
by MCT
Mon Aug 01, 2011 11:38 pm
Forum: General
Topic: username and password ?
Replies: 8
Views: 10466

Re: username and password ?

It's generally not a common practice, and actually a rather stupid one, to store a user password in plain text. The most common method is the user password is hashed with a salted MD5 and compared to the stored hash in the system. It seems most systems are going to SHA-256 now instead of MD5 because...
by MCT
Mon Aug 01, 2011 11:15 pm
Forum: Wireless Networking
Topic: 1km link no Line Of Sight
Replies: 17
Views: 3893

Re: 1km link no Line Of Sight

+1 to above

You need a relay that both points can see. I don't know if it's feasible for you to get the points higher up.

900mhz is more tolerant to that type of setup.

The higher frequency you use the more it will require a clear line of sight so going to 5Ghz will just make it worse.
by MCT
Fri Jul 29, 2011 6:54 pm
Forum: Wireless Networking
Topic: Mikrotik And Nano Loco 2
Replies: 8
Views: 1472

Re: Mikrotik And Nano Loco 2

It would be better to ask about Ubiquiti gear on their forums. They get touchy here when people talk about it. I'd still recommend that you look at Mikrotik for routing as it's really hard to beat the price for all of the features. It may not have the reliability track record something like a Cisco ...
by MCT
Fri Jul 29, 2011 5:59 pm
Forum: Wireless Networking
Topic: Planning 83km PTP 5.8Ghz backhaul link.
Replies: 13
Views: 3715

Re: Planning 83km PTP 5.8Ghz backhaul link.

While I haven't been to Zimbabwe I've got some experience with long PTP links we set up in Uganda. I learned one thing very quickly, never underestimate the rainy season. There's nothing like getting reduced to using HF data radios for IRC and email when it's raining so hard that nothing else works....
by MCT
Tue Jan 18, 2011 8:07 am
Forum: Wireless Networking
Topic: r52hn speed problem
Replies: 16
Views: 2985

Re: r52hn speed problem

The linksys N router runs multiple chains. If you're only using a single antenna with the R52Hn then you're only using one of the two chains if I'm not mistaken.
by MCT
Mon Jan 17, 2011 3:30 am
Forum: General
Topic: 10G compatibility/performance with Mikrotik?
Replies: 81
Views: 17182

Re: 10G compatibility/performance with Mikrotik?

Rackspace has 10Gbps routers running on x86 hardware as well as virtual routers in their cloud infrastructure with an open source solution. When you're dealing with high bandwidth links you have to really examine where and what QoS to apply. It's normally in the realm of a core network and traffic s...
by MCT
Tue Jan 04, 2011 8:19 am
Forum: General
Topic: Wireless Sniffer streaming and @#$%@ TZSP
Replies: 8
Views: 3761

Re: Wireless Sniffer streaming and @#$%@ TZSP

I need native code, not scripts.

Mikrotik... open source trafr please
by MCT
Mon Jan 03, 2011 6:23 am
Forum: General
Topic: Wireless Sniffer streaming and @#$%@ TZSP
Replies: 8
Views: 3761

Re: Wireless Sniffer streaming and @#$%@ TZSP

I don't need to look at the stream in wireshark. I need to remove the TZSP header to pass it to other software as native packets not a TZSP stream.
by MCT
Thu Dec 30, 2010 11:02 am
Forum: General
Topic: IPv6 TODO
Replies: 54
Views: 10110

Re: IPv6 TODO

IPV6 support is a top need right now.
by MCT
Mon Dec 27, 2010 7:02 am
Forum: General
Topic: MAC spoofing as a way of saving money (and IPv4 addresses)
Replies: 1
Views: 407

Re: MAC spoofing as a way of saving money (and IPv4 addresse

While possible that's considered a taboo practice. It'll kinda work for low volumes of traffic, but it'll be a collision nightmare beyond that.

If you've already spent the money for a VPN concentrator and a firewall just put a router there and NAT the correct way.
by MCT
Sat Dec 25, 2010 7:05 pm
Forum: General
Topic: How to get rid of a bootlegger.
Replies: 1
Views: 464

Re: How to get rid of a bootlegger.

That's what the access list is for.
by MCT
Sat Dec 25, 2010 2:45 pm
Forum: General
Topic: Wireless Sniffer streaming and @#$%@ TZSP
Replies: 8
Views: 3761

Wireless Sniffer streaming and @#$%@ TZSP

To make a long story short. I'm trying to work out a solution for someone trying to monitor a wireless environment over a wide area. The current solution costs quite a bit of money and to be honest sucks. I can see some Mikrotik devices acting as cost effective sensors but the TZSP encapsulation is ...
by MCT
Mon Oct 11, 2010 7:11 pm
Forum: General
Topic: Client isolation (PC + managed switch )
Replies: 12
Views: 3183

Re: Client isolation (PC + managed switch Vs RB493AH)

It's difficult with most hotspot setups using MAC authentication. The best thing would be to try to find another authentication method. A managed switch won't really help unless the spoofing is from two different APs that pass through it. If it's on the same AP then the AP itself won't know which is...
by MCT
Mon Oct 04, 2010 9:26 am
Forum: Wireless Networking
Topic: MT RB433UAH Mesh Backhaul Bandwidth Degragation
Replies: 1
Views: 593

Re: MT RB433UAH Mesh Backhaul Bandwidth Degragation

A network diagram is work a thousand words...

You mention mesh in the subject but not in your post. You need to give a lot more detail on how your network is set up before anyone has a hope of answering your question.
by MCT
Sun Sep 19, 2010 9:14 am
Forum: Beginner Basics
Topic: Mikrotik Simulation
Replies: 6
Views: 2903

Re: Mikrotik Simulation

VMware workstation and teams. You can create all the virtual network segments you want for test networks complete with packet loss and soon I'm told by my sales rep latency and jitter. If you want to connect to your computer you have VM to host only connections, NAT connections to share internet, or...
by MCT
Tue Sep 07, 2010 8:44 am
Forum: Beginner Basics
Topic: spam problem help!
Replies: 4
Views: 1223

Re: spam problem help!

Spam isn't something you should take care of in your router. I would take care of it on the server side with server blacklists from spamhaus.
by MCT
Wed Sep 01, 2010 4:16 pm
Forum: RouterBOARD hardware
Topic: Is anyone using fiber optics on a Routerboard
Replies: 12
Views: 4898

Re: Is anyone using fiber optics on a Routerboard

I tend to avoid media converters. I've used a number of different brands before and I still have no clue how they can all make solid state devices that fail so often...
by MCT
Wed Sep 01, 2010 4:11 pm
Forum: Beginner Basics
Topic: 2 vlans can communicate
Replies: 4
Views: 701

Re: 2 vlans can communicate

VLAN 1 is also the default VLAN on a lot gear and you'll want to avoid using it if you're trying to separate traffic. VLANs can work different ways as well. They can be internal to a piece of equipment and used to separate ports on a switch and not tag any traffic leaving an interface or you can set...
by MCT
Tue Aug 31, 2010 4:28 am
Forum: General
Topic: Vyatta Open Network OS Completes IPv6 Ready Phase-2 Certific
Replies: 4
Views: 2374

Re: Vyatta Open Network OS Completes IPv6 Ready Phase-2 Cert

Not to mention that Vyatta is free until you go with enterprise support. I really like RouterOS but if I'm installing x86 based routers it's going to be Vyatta unless it includes wireless just for cost effectiveness and the option of enterprise support.
by MCT
Tue Aug 31, 2010 4:20 am
Forum: General
Topic: T-1 compatible Mikrotik router
Replies: 3
Views: 628

Re: T-1 compatible Mikrotik router

Well Mikrotik doesn't have a compatible hardware list so I'd suggest looking at Vyatta, it supports T1s and they have a list of tested hardware, and to top it off it's free unless you want enterprise support.
by MCT
Fri Aug 27, 2010 4:58 am
Forum: Beginner Basics
Topic: X86 Hardware requirement as per the scenario
Replies: 5
Views: 2665

Re: X86 Hardware requirement as per the scenario

With 200mb of traffic not much with an external radius server.
by MCT
Wed Aug 25, 2010 8:30 am
Forum: SwOS
Topic: Switch product line
Replies: 1
Views: 2473

Re: Switch product line

Cisco to Brocade.

The current setup is almost pure fiber with Cisco. The new setup is going to be 10gb Brocade. We're combining some of the traditional structure and going layer 3 down to the access switches.
by MCT
Wed Aug 25, 2010 8:07 am
Forum: General
Topic: Routing issues
Replies: 4
Views: 541

Re: Routing issues

Problem fixed itself after a reboot.
by MCT
Wed Aug 25, 2010 4:47 am
Forum: General
Topic: Routing issues
Replies: 4
Views: 541

Re: Routing issues

Yes, there is a route back. I've already double checked the routes. I can ping from from the 750G across the /30 to the other network. The issue is nothing else can ping through the 750G. I've already disabled anything that could block it to check as well.
by MCT
Wed Aug 25, 2010 3:47 am
Forum: General
Topic: Routing issues
Replies: 4
Views: 541

Routing issues

This is with a RB750G. It has a number of routes in it and I haven't had any problems until I try to get it to route to a /30 that it's directly connected to. The router can ping it and beyond it but I can't ping the other side of the /30 from any hosts on the network. I've double checked everything...
by MCT
Fri Aug 13, 2010 4:16 pm
Forum: General
Topic: Hardware requirement for Maximum bandwidth
Replies: 5
Views: 898

Re: Hardware requirement for Maximum bandwidth

With RouterBoards, not much. A good high end 2u quad core x86 server system might push 800mbps-1gbps in our experience with the CPUs. You need hardware VPN accelerator cards, it's the only way you're going to get 10gbps of VPN traffic. The ones I mentioned at first will do it easily you just have to...
by MCT
Fri Aug 13, 2010 1:33 am
Forum: General
Topic: Hardware requirement for Maximum bandwidth
Replies: 5
Views: 898

Re: Hardware requirement for Maximum bandwidth

You need 10gbps and ipsec with it, or do you need a 10gbps ipsec tunnel. The first you'd have to run x86 hardware with good processors. Your ipsec will be limited by the lack of crypto hardware so it'll be sharing the cpu so it's limits are the cpus you choose. The second... how much you willing to ...
by MCT
Mon Aug 09, 2010 3:18 am
Forum: General
Topic: Thousands of Connections established with mikrotik
Replies: 5
Views: 718

Re: Thousands of Connections established with mikrotik

That's odd, 60-70mbps shouldn't even phase the RB1000. Do you have any captures of that traffic? The only way to really see what is happening is to get a good look at that traffic burst and work out why it's maxing the CPU on the routerboard.
by MCT
Sun Aug 08, 2010 2:15 am
Forum: General
Topic: Possible use of a Mikrotik
Replies: 2
Views: 534

Re: Possible use of a Mikrotik

Easy fix

Plug your VPN machine into an interface on your MT router then create firewall rules that restrict any connection from that interface to addresses/subnets allowed for VPN users.
by MCT
Sun Aug 08, 2010 2:01 am
Forum: General
Topic: RB??? usa or chinea
Replies: 7
Views: 919

Re: RB??? usa or chinea

Because of manufacturing costs I doubt they're made in the US. In fact most electronics in the US get made in Taiwan and assembled in Mexico. Why worry about where it's made? Then again... The US Government doesn't like to buy equipment from Chinese companies because they're afraid there might be ha...
by MCT
Sun Aug 08, 2010 1:37 am
Forum: General
Topic: Bundle 2 internet link when fully loaded ?!
Replies: 10
Views: 2591

Re: Bundle 2 internet link when fully loaded ?!

What you're asking for isn't a load balancing solution but rather a routing solution. It's common in multi-router/multi-gateway scenarios. We have a couple of primary links and a backup satellite link which is only used if the primaries are saturated. OSPF adjusts metrics based on bandwidth so it sh...
by MCT
Mon Aug 02, 2010 6:50 am
Forum: Beginner Basics
Topic: New to RouterOS; a few questions...
Replies: 4
Views: 1557

Re: New to RouterOS; a few questions...

RouterOS is a bit more robust than M0n0wall. I don't know of M0n0wall being used in ISP setups but there's a lot of Mikrotik there. It's probably going to do anything you want it to and more. Your VPN will probably need to be changed over to one Mikrotik supports but that just means better security ...
by MCT
Wed Jul 14, 2010 1:16 am
Forum: General
Topic: Big subnets vs small subnets
Replies: 5
Views: 1061

Re: Big subnets vs small subnets

There are different schools of thought when it comes to routing. In general it's best practice to have a point to point link as a /30 as it conserves IPv4 addresses. In your scenario I would suggest creating a core switched network, bond interfaces if you have to but it's the foundation you build on...
by MCT
Thu Apr 22, 2010 8:30 am
Forum: General
Topic: RouterOS v4.7 released
Replies: 72
Views: 13386

Re: RouterOS v4.7 released

Nice

Has the Router Advertisement bug in the IPv6 package been addressed? I'd love to use routerboards in an IPv6 deployment but I can't until that works reliably.
by MCT
Sun Apr 04, 2010 1:35 am
Forum: General
Topic: How to handle "download managers"?
Replies: 35
Views: 7147

Re: How to handle "download managers"?

I'm a rather strong believer in net neutrality. If someone is paying me for a certain download speed then they have every right to do whatever they want with the speed that they payed for. It's also a matter of professional ethics. If someone is paying you their money for a certain download rate the...
by MCT
Thu Apr 01, 2010 3:50 am
Forum: Beginner Basics
Topic: Load Balance Problem
Replies: 2
Views: 638

Re: Load Balance Problem

Load balancing doesn't work that way. You don't get 20mb with 20 x 1mb connections you get your connections distributed across those 20 1mb connections. If you're doing something that creates a lot of connections like torrents then you'll see a benefit but for streaming media or downloads it will st...