Community discussions

Search found 46 matches

by pablo
Tue Apr 17, 2012 9:39 am
Forum: General
Topic: Basic VLAN question - tagged vlan and default on some trunk?
Replies: 3
Views: 791

Re: Basic VLAN question - tagged vlan and default on some tr

Nope. No resolution yet. I've given up. Not worth the trouble.
by pablo
Mon Feb 27, 2012 11:00 am
Forum: General
Topic: Basic VLAN question - tagged vlan and default on some trunk?
Replies: 3
Views: 791

Re: Basic VLAN question - tagged vlan and default on some tr

Just thought I'd bump this to see if anyone had any suggestions to share - Thanks!
by pablo
Fri Feb 10, 2012 10:27 pm
Forum: General
Topic: Basic VLAN question - tagged vlan and default on some trunk?
Replies: 3
Views: 791

Basic VLAN question - tagged vlan and default on some trunk?

I'm using an RB450G as a router and an Access Point running dd-wrt (broadcom). I've setup the AP so that I have guest wireless tagged with VLAN4. Be default these newer broadcom routers have VLAN1 as the internal VLAN (and I can't seem to change that). The VLANs are trunked to the RB450G and I have ...
by pablo
Tue Feb 07, 2012 12:55 am
Forum: Beginner Basics
Topic: My 3rd bricked RB751U-2HnD out of 5, lots of flashing lights
Replies: 6
Views: 1496

Re: My 3rd bricked RB751U-2HnD out of 5, lots of flashing li

I've had two bricked 751Us... in case it helps anyone figure out if they can be identified by serial number here are mine:

#2FF2012xxxxx/142
#2FF2012xxxxx/142

If others post their affected units partial serials might help.
by pablo
Mon Jan 30, 2012 12:36 am
Forum: Wireless Networking
Topic: RB751U-2HnD Wireless Issues
Replies: 6
Views: 2032

Re: RB751U-2HnD Wireless Issues

It's hard to miss the blinking LEDs since it also seems to temporarily brick the device :-(

The first one locked up after a few hours. Changing AC Adapters (and using one that could deliver more amps) seemed to bring it back to life. The second one locked up after a few days.
by pablo
Sun Jan 29, 2012 11:17 pm
Forum: Wireless Networking
Topic: RB751U-2HnD Wireless Issues
Replies: 6
Views: 2032

Re: RB751U-2HnD Wireless Issues

I have a theory about the problem: both of the 751U that I've worked with had horrible wireless performance and both ended up being frozen with all LEDs blinking. There are multiple threads about this problem and according to Mikrotik it only affected one of the early production batches.
by pablo
Sat Jan 28, 2012 3:51 am
Forum: Wireless Networking
Topic: RB751U-2HnD Wireless Issues
Replies: 6
Views: 2032

Re: RB751U-2HnD Wireless Issues

I am having the same problem and I've just about given up. I've been using jperf 2 to run traffic through the router and it tops out at 30 Mbps. I can easily get twice that with any old stock n router under the exact same circumstances. I would love it if someone could post a configuration that's gi...
by pablo
Mon Jan 09, 2012 2:56 am
Forum: Scripting
Topic: :resolve function and multiple ip addresses
Replies: 11
Views: 4295

Re: :resolve function and multiple ip addresses

Well each one serves a different purpose... 1. "/ip dns cache all find where (name=$aServer)" Find everything added to the dns cache for the server we are trying to add to the ip address list 2. "/ip dns cache all find where (name=$aServer && type="CNAME")" Keep in mind that this done prior to a whi...
by pablo
Sat Jan 07, 2012 7:30 am
Forum: General
Topic: 751U 2HnD all LED flashing in unison including power PWR
Replies: 7
Views: 7581

Re: 751U 2HnD all LED flashing in unison including power PWR

Thanks ddejager. Tried another power adapter that could delivery more amps and it worked! But after digging through the forums a bit more there are some posts from Mikrotik support that suggest that it's a defective unit and not the power supply. I've sent them a request for help since my dealer isn...
by pablo
Fri Jan 06, 2012 9:54 pm
Forum: General
Topic: 751U 2HnD all LED flashing in unison including power PWR
Replies: 7
Views: 7581

Re: 751U 2HnD all LED flashing in unison including power PWR

I am also experiencing the same problem. Distributor is telling me to repair via netinstall but doesn't look like RouterBOARD is looking for Netinstall server as lights are flashing no matter. Do you have more info as to the cause of this problem so that I can share it with the dealer?
by pablo
Fri Jan 06, 2012 1:30 am
Forum: Scripting
Topic: :resolve function and multiple ip addresses
Replies: 11
Views: 4295

Re: :resolve function and multiple ip addresses

I don't have perm for private messages... how do I register to post on the wiki?
by pablo
Thu Jan 05, 2012 11:27 am
Forum: Scripting
Topic: :resolve function and multiple ip addresses
Replies: 11
Views: 4295

Re: :resolve function and multiple ip addresses

And here's a slightly more sophisticated version of the script. First you need to set three globals before calling... :global Servers {"apple.com";"pop.gmail.com";"pop.plus.mail.yahoo.com";"scs.msg.yahoo.com";"scsa.msg.yahoo.com";"scsc.msg.yahoo.com"} :global Done true :global ListName test then you...
by pablo
Wed Jan 04, 2012 11:54 am
Forum: Scripting
Topic: :resolve function and multiple ip addresses
Replies: 11
Views: 4295

Re: :resolve function and multiple ip addresses

Thank you. In case it helps someone else (and if anyone wants to give me some feedback) here is what I ended up doing: #delete old address lists :foreach a in=[/ip firewall address-list find list=safe_pop_servers] do={ /ip firewall address-list remove $a; } :local popServers {"plus.pop.mail.yahoo.co...
by pablo
Tue Jan 03, 2012 11:55 pm
Forum: Scripting
Topic: :resolve function and multiple ip addresses
Replies: 11
Views: 4295

Re: :resolve function and multiple ip addresses

Thanks for the quick response. I definitely understand the behaviour but I'm used to working with something like nslookup. Like to figure out if there is a way of doing something similar and getting all of the ip addresses. I'm creating address-lists for firewall rules/mangle so I don't just want on...
by pablo
Tue Jan 03, 2012 11:34 am
Forum: Scripting
Topic: :resolve function and multiple ip addresses
Replies: 11
Views: 4295

:resolve function and multiple ip addresses

so :resolve returns on ip address at a time. It seems like multiple calls to resolve will return different ip addresses if more than one is assigned to a serverand then it'll cycle through them... so for example: [admin@MikroTik] > :put [:resolve talkr.l.google.com] 72.14.203.126 [admin@MikroTik] > ...
by pablo
Tue Mar 08, 2011 11:15 am
Forum: General
Topic: Howto prevent DHCP flooding ?
Replies: 6
Views: 2861

Re: Howto prevent DHCP flooding ?

So I think I figured this out and got it working by just adding the interface in question to it's own bridge and then creating some bridge filter rules like this: http://wiki.mikrotik.com/wiki/Bridge_Filter_-_Blocking_DHCP_Traffic So instead of just something like: interface_wlan I now have: interfa...
by pablo
Mon Mar 07, 2011 1:56 am
Forum: General
Topic: Howto prevent DHCP flooding ?
Replies: 6
Views: 2861

Re: Howto prevent DHCP flooding ?

I think I am experiencing a similar problem. Strangely enough it seems to be caused by a Directv DVR on the network. In any case I'm hoping to find out more about how to "put a bridge in front of the dhcp server". I'm not too clear on what that means and what I interfaces I would actually be bridgin...
by pablo
Wed Sep 22, 2010 9:20 am
Forum: Beginner Basics
Topic: allow udp/igmp broadcast to different subnet
Replies: 20
Views: 14696

Re: allow udp/igmp broadcast to different subnet

Apologies - I should have been clearer. I am using PIM. The problems between subnets/segments are not with all of 224.0.0.0/4 but rather with 224.0.0.0/24 (224.0.0.0 - 224.0.0.255) which are intended for the local subnet only. Some routers (dd-wrt for example) do seem to have settings to allow those...
by pablo
Wed Sep 22, 2010 8:55 am
Forum: Beginner Basics
Topic: allow udp/igmp broadcast to different subnet
Replies: 20
Views: 14696

Re: allow udp/igmp broadcast to different subnet

You are indeed correct. Alternate subnets does not work since they are not actually alternate multicast subnets. I do not believe that there is a solution to this unless Mikrotik exposes some of these multicast settings. For example it is an option in DD-WRT as I can see that all 224.0.0.0/4 packets...
by pablo
Wed Sep 22, 2010 7:19 am
Forum: Beginner Basics
Topic: allow udp/igmp broadcast to different subnet
Replies: 20
Views: 14696

Re: allow udp/igmp broadcast to different subnet

I have been struggling with this myself. I believe that the 224.x.x.x multicast traffic will not be forwarded since it is intended to be only for one network segment. Unless there are some settings I don't know about it appears that Mikrotik's implementation is correct although it would be desirable...
by pablo
Thu Sep 09, 2010 10:48 am
Forum: Beginner Basics
Topic: Best Practioe for Limiting LAN Access from WLAN
Replies: 10
Views: 1907

Re: Best Practioe for Limiting LAN Access from WLAN

Thanks again for the advice. This has definitely been bugging me and I'd like to find a solution even though there are workarounds :-) I used the packet sniffer and found that the mDNS multicast (224.0.0.251) goes into the router from the various interfaces but is never seen from again. TTL is defin...
by pablo
Thu Sep 09, 2010 4:57 am
Forum: Beginner Basics
Topic: Best Practioe for Limiting LAN Access from WLAN
Replies: 10
Views: 1907

Re: Best Practioe for Limiting LAN Access from WLAN

It is multicast but I think it's intended only for the current broadcast domain and has a TTL of 1. I've tried mangling and increasing the TTL with no luck. Any other ideas or do I have to bridge the interfaces to get it to work?
by pablo
Thu Sep 09, 2010 1:35 am
Forum: Beginner Basics
Topic: Best Practioe for Limiting LAN Access from WLAN
Replies: 10
Views: 1907

Re: Best Practioe for Limiting LAN Access from WLAN

Thanks again. So one last quick one. Short of bridging and putting everything on one broadcast domain, is there an easy way getting bonjour/rendezvous/zeroconf to work across broadcast domains? I've seen some references in posts to EoIP tunnels but can't seem to figure out if and how that applies wh...
by pablo
Wed Sep 08, 2010 9:25 pm
Forum: Beginner Basics
Topic: Best Practioe for Limiting LAN Access from WLAN
Replies: 10
Views: 1907

Re: Best Practice for Limiting LAN Access from WLAN

Thank you. So a couple of quick follow-up questions: 1. Apart from being easier to read/manage is there also a performance improvement with having fewer rules and combining the common ones? 2. Is this the approach that's typically taken rather than bridging the interfaces and using firewall rules fo...
by pablo
Wed Sep 08, 2010 8:53 pm
Forum: Beginner Basics
Topic: Best Practioe for Limiting LAN Access from WLAN
Replies: 10
Views: 1907

Re: Best Practioe for Limiting LAN Access from WLAN

Pretty straightforward network setup. Used for home. RB450G Interface 1 - WAN - Cable Modem Interface 2 - DMZ Interface 3 - WLAN - external AP running DD-WRT Interface 4 - LAN (slave to interface 5) Interface 5 - LAN Not sure I want to bore you with a ton of rules but it's basically the Dmitry on Fi...
by pablo
Wed Sep 08, 2010 8:14 pm
Forum: Beginner Basics
Topic: Best Practioe for Limiting LAN Access from WLAN
Replies: 10
Views: 1907

Best Practioe for Limiting LAN Access from WLAN

I have an AP (WLAN) on one interface and LAN on another and I want to limit access between the WLAN and LAN. I've been using firewall rules to do that but it's getting cumbersome since I often have to duplicate rules for the LAN and WLAN. I'm wondering if bridging WLAN and LAN and using the bridge f...
by pablo
Thu Sep 02, 2010 10:04 pm
Forum: Beginner Basics
Topic: Web Proxy Using Mangle to Mark Packets (Dmitry Firewalling)
Replies: 5
Views: 3584

Re: Web Proxy Using Mangle to Mark Packets (Dmitry Firewalli

I solved my own problem but I'd love to hear confirmation from others since I can't believe I'm the first to run into this when implementing the suggested rules in Dmitry on Firewalling: So it turns out that the mangle rule that marks the redirected http connection with 'proxy' needs to be in the in...
by pablo
Wed Sep 01, 2010 8:18 pm
Forum: Beginner Basics
Topic: Web Proxy Using Mangle to Mark Packets (Dmitry Firewalling)
Replies: 5
Views: 3584

Re: Web Proxy Using Mangle to Mark Packets (Dmitry Firewalli

Oh yes. I definitely see traffic to 3128. I've got dstnat redirect that handles that. So the flow is supposed to be something like: mangle:tcp 80/8080 marked with 'http' dstnat: redirect 'http' to 3128 mangle: tcp 3128 marked with 'proxy' firewall filter: 'proxy' accepted as a local input service I ...
by pablo
Wed Sep 01, 2010 11:54 am
Forum: Beginner Basics
Topic: Web Proxy Using Mangle to Mark Packets (Dmitry Firewalling)
Replies: 5
Views: 3584

Web Proxy Using Mangle to Mark Packets (Dmitry Firewalling)

I am using the "Dmitry on Firewalling" (http://wiki.mikrotik.com/wiki/Dmitry_on_firewalling) example to try out the proxy server. It's not getting any hits and I can't figure out why. I want to make sure that there are no problems with that example. Has anyone run into this? I can see that mangling ...
by pablo
Wed Aug 04, 2010 12:33 am
Forum: Beginner Basics
Topic: uPNP Configuration Not Working on 4.10 - Please Help?
Replies: 6
Views: 1605

Re: uPNP Configuration Not Working on 4.10 - Please Help?

I'm also a newbie but maybe I can try to help. What is your network configuration like? I can't tell from the configs which interfaces are bridged? Do you really need to have them bridged or can you just use the switch? In any case, if you want to have the multicast packets go from one interface to ...
by pablo
Tue Aug 03, 2010 10:51 pm
Forum: Forwarding Protocols
Topic: Can RouterOS Forward Broadcast to 255.255.255.255
Replies: 1
Views: 1321

Can RouterOS Forward Broadcast to 255.255.255.255

I don't want to bridge interfaces but I'd like to have broadcasts to 255.255.255.255 forwarded to other interfaces. Is there any way to do that with RouterOS ?
by pablo
Mon Aug 02, 2010 3:01 am
Forum: Forwarding Protocols
Topic: UPnP Multicast & PIM
Replies: 0
Views: 981

UPnP Multicast & PIM

So I've been struggling with this for a while and I thought I'd ask for some help. I have RB450G + RouterOS 4.11 with 3 interfaces configured: LAN, WLAN, WAN. I have an external AP on the WLAN and I treat WLAN almost like WAN except for poking some holes through the firewall. I've got a bunch of med...
by pablo
Tue Jun 08, 2010 4:53 am
Forum: General
Topic: DNS Problems under Windows XP
Replies: 2
Views: 610

Re: DNS Problems under Windows XP

I'm well aware that it is working as a DNS cache and my post is by no means a criticism of RouterOS. Under Windows XP, unless there is a static entry for the RouterOS machine, nslookup on Windows will fail to use the cache on RouterOS and will instead just use the provided DNS servers. From what I c...
by pablo
Mon Jun 07, 2010 12:22 am
Forum: General
Topic: DNS Problems under Windows XP
Replies: 2
Views: 610

DNS Problems under Windows XP

I'm using my RouterOS as a DNS server. Windows XP clients seem to have some weird problems resolving DHCP clients that I have added static entries for. I traced it to: C:\Documents and Settings\User>nslookup *** Can't find server name for address 192.168.10.1: Non-existent domain *** Default servers...
by pablo
Fri Apr 30, 2010 3:56 am
Forum: Beginner Basics
Topic: srcnat, masquerade & VPN
Replies: 0
Views: 2016

srcnat, masquerade & VPN

I have something of a silly question but I just can't figure out what's going on... this is my first time configuring a router/firewall instead of using an off the shelf SOHO router/firewall. I've always had to change some settings to allow VPN Passthrough but with RouterOS and a srcnat masquerade r...
by pablo
Tue Apr 27, 2010 5:33 am
Forum: RouterBOARD hardware
Topic: RB44GV ON small form factor Machine
Replies: 4
Views: 1003

Re: RB44GV ON small form factor Machine

The riser I used mounts the board horizontally instead of vertically: http://www.mini-box.com/I-O-shield-and- ... -D945GSEJT
Someone did mention in another post that this board is now EOL.
by pablo
Mon Apr 26, 2010 7:07 am
Forum: RouterBOARD hardware
Topic: RB44GV ON small form factor Machine
Replies: 4
Views: 1003

Re: RB44GV ON small form factor Machine

Worked fine for me in an ITX Intel D945GSEJT using the mini-box case and riser.
by pablo
Sat Apr 24, 2010 10:50 am
Forum: Beginner Basics
Topic: Firewall Testing Recommendations
Replies: 3
Views: 1016

Re: Firewall Testing Recommendations

Answering some of my own questions... here are some of the testing tools/scanners I've found... For inbound connections there are quite a few: http://www.auditmypc.com/ https://www.grc.com/ (ShieldsUp) etc. For outbound connections it's a little trickier since something needs to be listening on the ...
by pablo
Fri Apr 23, 2010 10:52 pm
Forum: Beginner Basics
Topic: Firewall Testing Recommendations
Replies: 3
Views: 1016

Re: Firewall Testing Recommendations

Thanks for the advice. I didn't want to mess up my existing rules and I had heard that the web gui might do that. I did a fresh install of RouterOS 2.6 on a VM and used the web GUI. In case this is useful to anyone else I am posting the export output after setting all of the default protect options ...
by pablo
Fri Apr 23, 2010 7:05 pm
Forum: Beginner Basics
Topic: Specifying tls=yes for logging e-mail
Replies: 1
Views: 495

Specifying tls=yes for logging e-mail

Is there anyway to specify 'tls=yes' for all e-mails using Tools->Email ? I can do it in a script but I want to be able to do it for email logging actions.
by pablo
Fri Apr 23, 2010 6:02 am
Forum: RouterBOARD hardware
Topic: RB450G microSD card issue
Replies: 4
Views: 3186

Re: RB450G microSD card issue

I was having these problems with a class 6 Kingston card. Was hoping the Sandisk cards would be better since they show up more often on the compatibility list. I'm not longer having the problem with RouterOS 4.7 so I'm wondering if it may have been related to routing related crashes.
by pablo
Fri Apr 23, 2010 6:00 am
Forum: Beginner Basics
Topic: Help to choose Mini-ITX/ DTX motherboard for Mikrotik.
Replies: 2
Views: 1579

Re: Help to choose Mini-ITX/ DTX motherboard for Mikrotik.

I tried RouterOS on a D945GSEJT which I picked because it's lower power compared to the other boards you mentioned. Doesn't have a watchdog but the mini-box case has a riser for it and I was able to install a RouterBoard 44GV 4-INC Gigabit Via card. Hope that helps.
by pablo
Thu Apr 22, 2010 6:33 am
Forum: The Dude
Topic: Can't add users with Dude package on RouterOS
Replies: 0
Views: 574

Can't add users with Dude package on RouterOS

I have an RB450G with RouterOS 4.7 and Dude 3.6. Try to add users and they don't show up on the list. When I try to add them a second time I get:
Error: already have object with such name. Any ideas? Didn't know if this was working with older version of dude or not.
by pablo
Wed Apr 21, 2010 11:04 am
Forum: RouterBOARD hardware
Topic: RB450G microSD card issue
Replies: 4
Views: 3186

Re: RB450G microSD card issue

What's the make/model of the card you are using?
by pablo
Sun Apr 18, 2010 10:11 pm
Forum: Beginner Basics
Topic: Firewall Testing Recommendations
Replies: 3
Views: 1016

Firewall Testing Recommendations

I'm using RouterOS for a small business firewall and I'd like some suggestions for testing before deployment. I've used nmap for scans but I'm wondering if there are more professional suggestions.
by pablo
Sun Apr 18, 2010 8:20 am
Forum: Beginner Basics
Topic: Problems with logging rules with multiple topics
Replies: 0
Views: 343

Problems with logging rules with multiple topics

I've been trying to setup remote logging and e-mail rules and I'm having trouble getting them to work unless I have a single topic with rule. I used nc on my linux host to verify that packets aren't received when there is more than one topic. Is this expected behaviour?

Thanks,

P