Community discussions

Search found 47 matches

by mehrzud
Fri Jul 27, 2012 7:30 pm
Forum: General
Topic: change source port of incoming packets
Replies: 3
Views: 1284

Re: change source port of incoming packets

I am trying to bypass an ISP which blocks packets with srcport and dstport 1720. A packet comes from 1.1.1.1:1111 (from the Internet and by source port 1111) and goes to 2.2.2.2:2222 which is directly connected to the router. I add a srcnat rule then I can change source port of the incoming packet (...
by mehrzud
Fri Jul 27, 2012 2:45 pm
Forum: General
Topic: change source port of incoming packets
Replies: 3
Views: 1284

change source port of incoming packets

Is it possible to change source port of an incoming packet to the router before the packet reaches its' destination (destination is directly connected to the router)? I have a client connected to my router which accept packets just with source port of 1720 (it has no restriction on destination port)...
by mehrzud
Sun Dec 11, 2011 10:23 pm
Forum: General
Topic: IPSEC on ports other than 500
Replies: 6
Views: 7477

Re: IPSEC on ports other than 500

The main idea here is to bypass IPSEC limitations in 'Enemies of the Internet' countries. For example all IPSEC traffic in country I* has a limited download speed of ~256Kbps. I successfully tried OVPN(UDP/TCP) on DNS port and the result was amazing. If we can find a way to change IKE port to any po...
by mehrzud
Tue Nov 22, 2011 1:15 pm
Forum: General
Topic: IPSEC on ports other than 500
Replies: 6
Views: 7477

Re: IPSEC on ports other than 500

No idea?
by mehrzud
Sun Nov 20, 2011 9:21 am
Forum: General
Topic: IPSEC on ports other than 500
Replies: 6
Views: 7477

IPSEC on ports other than 500

Greetings, I want to setup an IPSEC config with peers communicating on ports other than 500. Here our ISP filters UPD and TCP packets with destination address of 500. The only open ports are 53 for DNS and 80 for HTTP. The only problem here is that according to http://wiki.mikrotik.com/wiki/Manual:I...
by mehrzud
Thu Jul 14, 2011 12:09 pm
Forum: RouterBOARD hardware
Topic: Block Youtube site
Replies: 3
Views: 1367

Re: Block Youtube site

Please spend sometime reading these pages to get familiar with the concept and also some practical examples: http://www.mustnofee.com/tutorials/46-blocking-connection-using-mikrotik-with-layer7-protocol http://blog.butchevans.com/2008/12/using-the-layer-7-filters-instant-messaging-example/ http://fo...
by mehrzud
Fri Jul 01, 2011 7:10 pm
Forum: General
Topic: Extended interface statistics on x86
Replies: 5
Views: 1196

Re: Extended interface statistics on x86

They dont need to modify every driver. Just e1000, ixgbe and bnx2, as that will cover almost all x86 installs.
I think nz_monkey is right. :)
by mehrzud
Fri Jul 01, 2011 12:30 pm
Forum: RouterBOARD hardware
Topic: Block Youtube site
Replies: 3
Views: 1367

Re: Block Youtube site

The dynamic content on youtube pages (i.e videos) does not come from those IP addresses. They sure use CDN to deliver videos to viewers so no guaranty those IP addressea are the same every time.
I recommend using L7 feature of mikrotik. you can find topics about it in the forum or wiki.
by mehrzud
Fri Jul 01, 2011 12:17 pm
Forum: General
Topic: L2TP VPN connected, ping problem
Replies: 1
Views: 1026

Re: L2TP VPN connected, ping problem

Maybe you need to use SRC-NAT or Masquerade.
by mehrzud
Fri Jul 01, 2011 12:11 pm
Forum: General
Topic: Extended interface statistics on x86
Replies: 5
Views: 1196

Re: Extended interface statistics on x86

We need this too.
by mehrzud
Tue Jun 28, 2011 11:45 am
Forum: General
Topic: Multihomed (Multiple gateway) problem
Replies: 9
Views: 7143

Re: Multihomed (Multiple gateway) problem

I do not use NAT at all. you marked using 'connection marking', and some protocols (including icmp) do not create connections. you should try add some mangle rules to mark packets also. try and study the pcc wiki page & the forum. the mangle rules are a bit tricky, you need to catch all traffic, or ...
by mehrzud
Sun Jun 26, 2011 8:47 pm
Forum: General
Topic: Multihomed (Multiple gateway) problem
Replies: 9
Views: 7143

Re: Multihomed (Multiple gateway) problem

HELLO..........
by mehrzud
Fri Jun 24, 2011 11:35 pm
Forum: General
Topic: L2TP routing problem
Replies: 3
Views: 1449

Re: L2TP routing problem

cbrown is right.
Also you must always check your ping RTT time. It must not be less than the RTT of your route without tunnel form SiteA to SiteB.
by mehrzud
Fri Jun 24, 2011 1:01 am
Forum: General
Topic: L2TP routing problem
Replies: 3
Views: 1449

Re: L2TP routing problem

Use mangle in prerouting chain to mark-route traffic. In sideA with src-address of sideA to dsc-address of sideB and in sideB with src-address of sideB to dsc-address of sideA.
Note that you can use CIDR format in src-addresss and dsc-address filed of mangle.
now use your routing-mark in /ip route.
by mehrzud
Fri Jun 24, 2011 12:54 am
Forum: General
Topic: PPTP client usage capture
Replies: 1
Views: 728

Re: PPTP client usage capture

you can connect your router to a radius server. FreeRadius is really powerful and these link will help you with the configuration : http://wiki.mikrotik.com/wiki/RouterOs_MySql_Freeradius http://wiki.mikrotik.com/wiki/How_to_setup_up_RADIUS_for_use_with_MikroTik_-_By_Ramona another solution is to mo...
by mehrzud
Fri Jun 24, 2011 12:45 am
Forum: General
Topic: IPSec accross L3VPN - is it possible?
Replies: 1
Views: 722

Re: IPSec accross L3VPN - is it possible?

Good question but long answer. I know what you are talking about and we had the exact situation before. mikrotikuniversity.com has free video training (+PDF files) about L3VPN and IPSec. I recommend you watch all of them and all the answers to your questions are there. Free video trainings homepage:...
by mehrzud
Tue Jun 21, 2011 2:01 pm
Forum: General
Topic: Multihomed (Multiple gateway) problem
Replies: 9
Views: 7143

Re: Multihomed (Multiple gateway) problem

I do not have an ASN to use BGP and advertise my prefix(es). I have just 1 IP address from each ISP (+1 for DGW). Also you are right, I do not use NAT and I am using mostly for tunneling. Ether1 --> Connected To ISP A, IP: 1.1.1.1/30, GW: 1.1.1.2 Ether2 --> Connected To ISP B, IP: 2.2.2.1/30, GW: 2....
by mehrzud
Tue Jun 21, 2011 11:49 am
Forum: General
Topic: Multihomed (Multiple gateway) problem
Replies: 9
Views: 7143

Re: Multihomed (Multiple gateway) problem

These are useful links, but still not successful :( http://mikrotikuniversity.com/index.php/2010/11/mikrotik-layer3-gateway-load-balancing/ http://wiki.mikrotik.com/wiki/PCC#Policy_routing http://wiki.mikrotik.com/wiki/Load_Balancing_over_Multiple_Gateways When I have my gateways in /ip route all us...
by mehrzud
Mon Jun 20, 2011 11:47 pm
Forum: The Dude
Topic: SNMP with PRTG problem
Replies: 7
Views: 6265

Re: SNMP with PRTG problem

Okay, First update your PRTG to latest version if you can (NOT necessary) but I strongly recommend you doing that. New version 8 has lots of good sensors and features and a new light-speed database system. http://www.paessler.com/prtg/download If your security policies allow, mail me some detailed i...
by mehrzud
Sat Jun 18, 2011 8:57 pm
Forum: General
Topic: Multihomed (Multiple gateway) problem
Replies: 9
Views: 7143

Re: Multihomed (Multiple gateway) problem

Nobody? Really? !!!!
Even pros? !!!
Even forum guys or support?
by mehrzud
Sat Jun 18, 2011 12:37 am
Forum: General
Topic: Multiple public interfaces
Replies: 9
Views: 1322

Re: Multiple public interfaces

I do have one. Sit back and relax until someone will answer
Blank face is fine. The computer works faster than the brain, don't forget. The art of acting is not to act. Once you show them more, what you show them, in fact, is bad acting. (Anthony Hopkins)
by mehrzud
Fri Jun 17, 2011 9:30 pm
Forum: General
Topic: ECMP - Load balancing not working properly
Replies: 42
Views: 13260

Re: ECMP - Load balancing not working properly

Does anyone have any idea about this post?
http://forum.mikrotik.com/viewtopic.php?f=2&t=52654
by mehrzud
Fri Jun 17, 2011 9:28 pm
Forum: General
Topic: Multiple public interfaces
Replies: 9
Views: 1322

Re: Multiple public interfaces

Does anyone have any idea about this post?
http://forum.mikrotik.com/viewtopic.php?f=2&t=52654
by mehrzud
Fri Jun 17, 2011 4:04 pm
Forum: The Dude
Topic: SNMP with PRTG problem
Replies: 7
Views: 6265

Re: SNMP with PRTG problem

I have a PRTG server and it is monitoring some miks without any problem. please let me know if u still have problems and we will find a solution for that.
by mehrzud
Fri Jun 17, 2011 1:18 am
Forum: General
Topic: Multihomed (Multiple gateway) problem
Replies: 9
Views: 7143

Multihomed (Multiple gateway) problem

Hi I have a multihome (multiple gateway ) configuration problem. On my 750G box I am connected to 3 ISPs. ISP A, B and C. This is IP information. Ether1 --> Connected To ISP A, IP: 1.1.1.1/30, GW: 1.1.1.2 Ether2 --> Connected To ISP B, IP: 2.2.2.1/30, GW: 2.2.2.2 Ether3 --> Connected To ISP C, IP: 3...
by mehrzud
Wed Jun 15, 2011 10:42 pm
Forum: General
Topic: Source Address for PPP and VPN Clients
Replies: 5
Views: 9806

Re: Source Address for PPP and VPN Clients

Now if you have a little experience in multihomed configurations the BIG question of "Which ISP for each VPN client" comes to your mind. One typical solution would be the use of Mangle-RoutingMark and custom static routes with Pref.Source and RoutingMark. What I mentioned above is a sort of load ba...
by mehrzud
Wed Jun 15, 2011 9:46 pm
Forum: General
Topic: Source Address for PPP and VPN Clients
Replies: 5
Views: 9806

Re: Source Address for PPP and VPN Clients

Thank you for your reply. Your answer is 100% in a different direction than the subject of my post. I am talking about a situation where I have 2 Miks. One act as VPN server (MIK1) with just 1 public IP address and the other as VPN client (MIK2) with multiple public IP addresses from different ISPs....
by mehrzud
Wed Jun 15, 2011 9:00 pm
Forum: General
Topic: Feature requests
Replies: 1163
Views: 212041

Re: Feature requests

by mehrzud
Thu Jun 09, 2011 8:49 pm
Forum: General
Topic: Source Address for PPP and VPN Clients
Replies: 5
Views: 9806

Source Address for PPP and VPN Clients

It would be nice to add a source address option to PPP clients such as PPTP or L2TP. ( like the one that radius has ) I know one can do it with Pref. Source option of static routes but think of a case that I have a VPN server with multiple protocols support (each for different purposes) and with a s...
by mehrzud
Fri May 27, 2011 9:25 pm
Forum: General
Topic: SNMP OID For PPP
Replies: 2
Views: 690

Re: SNMP OID For PPP

any update here?
maybe MikroTik support?
by mehrzud
Mon May 23, 2011 12:12 am
Forum: General
Topic: SNMP OID For PPP
Replies: 2
Views: 690

SNMP OID For PPP

Hi,
Does anyone know OIDs for number of connected PPP, SSTP, L2TP and PPTP clients?

Thanks
by mehrzud
Sun Mar 13, 2011 10:55 pm
Forum: General
Topic: Bug Report On PPP Profiles and Rate Limit
Replies: 4
Views: 27181

Re: Bug Report On PPP Profiles and Rate Limit

Problem solved. Copy & Paste from MK support final reply. Hello, The order of profiles, 1) ppp secret profile; 2) ppp server profile; rate-limit is assgined, because /ppp secret is empty and ppp server profile is taken. To fix you problem, set for /ppp secret profile rate-limit="" Then ppp server pr...
by mehrzud
Sun Mar 06, 2011 12:32 am
Forum: General
Topic: Bug Report On PPP Profiles and Rate Limit
Replies: 4
Views: 27181

Re: Bug Report On PPP Profiles and Rate Limit

Any update here? MikroTik Support?!?!?! :!:
by mehrzud
Tue Mar 01, 2011 2:03 pm
Forum: General
Topic: Bug Report On PPP Profiles and Rate Limit
Replies: 4
Views: 27181

Bug Report On PPP Profiles and Rate Limit

Hi, There is a bug (I think it is a bug) on RouterOS 5RC10 in PPP default profiles and rate limit option. I enabled PPTP, L2TP and SSTP servers on my Mik and I chose Default profile as X and used RADIUS for authentication. Also some manual secrets added for special purposes. Profile X has rate limit...
by mehrzud
Thu Feb 24, 2011 6:29 am
Forum: General
Topic: VPN server Mikrotik and Windows
Replies: 2
Views: 26656

Re: VPN server Mikrotik and Windows

Can you provide more information? Generally you can add an invalid IP range on your VPN server (as an IP pool), use that IP range for connected clients (in profile or secret of PPP section), and NAT the invalid IP range on server. If you can connect to VPN server using windows but you have no intern...
by mehrzud
Tue Feb 22, 2011 10:05 pm
Forum: Beginner Basics
Topic: Help with SSTP cert
Replies: 8
Views: 35629

Re: Help with SSTP cert

You can use Comodo 90 day free SSL cert (2048 bit, Really strong and easy). http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html Before starting you need to have a CN (Common Name). What is CN? CN is a domain name (or a sub-domain) pointed to IP address of your SSTP server. y...
by mehrzud
Mon Feb 21, 2011 11:31 pm
Forum: Beginner Basics
Topic: Help with SSTP cert
Replies: 8
Views: 35629

Re: Help with SSTP cert

I just finished a SSTP server with cert which works fine with Win 7 and Vista and MikroTik.
Let me know if you still have the problem. I will share steps ASAP.
Maybe I will post it on wiki (if it is open for users). :-)
by mehrzud
Mon Feb 21, 2011 11:53 am
Forum: Beginner Basics
Topic: General Q.
Replies: 0
Views: 25323

General Q.

Does anyone here know how to set preferred source IP in Cisco routers just like you set it in MikroTik's static routes settings(/ip route: pref-src, check the attached file)?
by mehrzud
Sat Nov 20, 2010 2:52 pm
Forum: General
Topic: Traffic Flow Source IP Address
Replies: 4
Views: 33504

Traffic Flow Source IP Address

I was testing Mikrotik's Traffic Flow feature and just not working! After hours of checking and .... I found out that RouterOS sends out Traffic Flow data packets to the specified target using one of my private IP addresses (of course it is set on one of interfaces) which is not routed and does not ...
by mehrzud
Mon Aug 23, 2010 5:39 pm
Forum: Scripting
Topic: Redirect HTTP 404 errors
Replies: 3
Views: 25024

Re: Redirect HTTP 404 errors

no way. seems like you need Squid Thank you. I found this page on Squid-cache project's wiki : http://wiki.squid-cache.org/Features/Redirectors?action=fullsearch&context=180&value=redirect+404&titlesearch=Titles#Feature:_Redirection_Helpers But does anyone have any practical example? Another proble...
by mehrzud
Mon Aug 23, 2010 5:08 pm
Forum: Scripting
Topic: Redirect HTTP 404 errors
Replies: 3
Views: 25024

Redirect HTTP 404 errors

Hi
Does anyone have any suggestion for a script or even a feature in RouterOS to redirect all web pages that get HTTP 404 error to another IP address or URL?
by mehrzud
Sun Aug 08, 2010 7:36 pm
Forum: Forwarding Protocols
Topic: Forward IPs
Replies: 3
Views: 24973

Re: Forward IPs

Enable proxy-arp in the destination (I mean remote side) or in the server? Shall I use bridging or just enabling proxy-arp on the public interface is enough? And by the way when I enable proxy-arp because of BPDU being transmitted on the network my dedicated server provider blocks my server's switch...
by mehrzud
Sat Aug 07, 2010 7:59 pm
Forum: Beginner Basics
Topic: VPN for VoIP
Replies: 3
Views: 32168

Re: VPN for VoIP

here is a problem: When I use L2TP it shows RX errors that after 5 days it is in range of 200,000! RX errors. with PPTP it does not show any RX error (in client side not server). I want to know how to optimize MTU and MRU to have the best result for jitter and packet size and ... related to UDP and ...
by mehrzud
Sat Aug 07, 2010 3:26 pm
Forum: Beginner Basics
Topic: VPN for VoIP
Replies: 3
Views: 32168

VPN for VoIP

Which one of these tunneling protocols is better for VoIP over VPN (which is udp based) and how to optimize it's options such as MTU and MRU to have the best result? which one has a better security, and whats is the effect of IPSec on L2TP if used on both security and VoIP quality? available options...
by mehrzud
Wed Aug 04, 2010 5:18 pm
Forum: Forwarding Protocols
Topic: Forward IPs
Replies: 3
Views: 24973

Forward IPs

I have a routerOS on a dedicated host in USA. (IP range[edited] 17.12.22.225/28). I use VPN (with private IP addresses) to transfer 2 of public IPs of this range over a l2TP or PPTP. Those 2 public IP addresses are 17.12.22.229 and 230. while Mikrotik RouterOS IP address is 17.12.22.227 my dedicated...