Community discussions

Search found 1433 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 29
by sebastia
Wed May 22, 2019 7:32 pm
Forum: General
Topic: Strange RP filter behavior
Replies: 12
Views: 466

Re: Strange RP filter behavior

Routing & firewalling? ;) It's core functions, the rest is add-ons.
by sebastia
Wed May 22, 2019 12:07 pm
Forum: Wireless Networking
Topic: R11e-LTE firmware bug.
Replies: 3
Views: 279

Re: R11e-LTE firmware bug.

Hi

Do you have IP reverse path filter set to strict on lte modem? Try lowering it, loose should be enough.
by sebastia
Wed May 22, 2019 11:58 am
Forum: General
Topic: Strange RP filter behavior
Replies: 12
Views: 466

Re: Strange RP filter behavior

If thinking outside the box is allowed (literally here), dnsmasq is the solution here: it can do selective forwarding for domains & ranges (reverse dns).
by sebastia
Fri May 17, 2019 5:13 pm
Forum: General
Topic: How to PCQ this?
Replies: 5
Views: 235

Re: How to PCQ this?

when defining queues / limits / ... upload is first: queue=<up>/<down>

another option for multiple ranges: use parent queue with the limits defined there
by sebastia
Tue May 14, 2019 8:55 pm
Forum: Beginner Basics
Topic: Re-phrase o a warning on Wiki PCC page
Replies: 3
Views: 182

Re: Re-phrase o a warning on Wiki PCC page

Suppose you have

Wan1	---		--- Lan1
		Router
Wan2	---		--- Lan2

If you setup for LAN1 to go over Wan1 and Lan2 over Wan2, you might also want for Lan1 to be able to connect to Lan2.
To do that you need to accept traffic without mangling.
by sebastia
Tue May 14, 2019 7:30 pm
Forum: General
Topic: RB750GR3 for a 30 PCs Gaming event?
Replies: 10
Views: 363

Re: RB750GR3 for a 30 PCs Gaming event?

Nope, Gr3 won't do. Since you want ot balance, you'll need to skip FastTrack. Without it gr3 won't be able to cope with bandwidth.

You need more power. 4011 will do for example
by sebastia
Mon May 13, 2019 10:36 pm
Forum: Scripting
Topic: Set timer or some other way to prevent script from running multiple times in short time [SOLVED]
Replies: 5
Views: 250

Re: Set timer or some other way to prevent script from running multiple times in short time [SOLVED]

maybe?
* set a ":global bandwidth_already_informed_flag=1;
* start scheduler to reset in 60min

Another solution: use graphing to monitor usage over longer time interval (not just instantaneous).
by sebastia
Mon May 13, 2019 12:21 am
Forum: The Dude
Topic: Notification on network usage
Replies: 4
Views: 307

Re: Notification on network usage

I've noticed afterwards that your question is in dude section, while my response related to RouterOS, which I'm guessing is not what you're after.
by sebastia
Sun May 12, 2019 4:10 pm
Forum: Beginner Basics
Topic: Simple Queues vs Queue Tree
Replies: 2
Views: 224

Re: Simple Queues vs Queue Tree

have a look:
https://www.youtube.com/watch?v=loaVBWq6cWA
slides are linked
by sebastia
Sun May 12, 2019 3:38 pm
Forum: Beginner Basics
Topic: DMZ local ip to another without dstnat/port-forward the ports [SOLVED]
Replies: 6
Views: 277

Re: DMZ local ip to another without dstnat/port-forward the ports [SOLVED]

So you have two wans and two lans. How do you isolate them? VRF?
instead of natting, routing info needs to be update. List your config (/export hide-sensitive compact)
by sebastia
Sat May 11, 2019 11:06 pm
Forum: The Dude
Topic: Notification on network usage
Replies: 4
Views: 307

Re: Notification on network usage

by sebastia
Sat May 11, 2019 11:05 pm
Forum: General
Topic: Fastrack no working
Replies: 1
Views: 125

Re: Fastrack no working

by sebastia
Sat May 11, 2019 10:55 pm
Forum: Beginner Basics
Topic: DMZ local ip to another without dstnat/port-forward the ports [SOLVED]
Replies: 6
Views: 277

Re: DMZ local ip to another without dstnat/port-forward the ports [SOLVED]

why not just route: just connect to .1.10/11 address?

gateway of 0.100 is 0.1 = Tik right?
and Tik knows how to get to 1.1x...
by sebastia
Fri May 10, 2019 9:30 pm
Forum: General
Topic: Queue tree upload max-limit stops working when parent=ether1
Replies: 7
Views: 312

Re: Queue tree upload max-limit stops working when parent=ether1

Hey HzMeister You are correct in your assumption: this is a working setup. Clipboard01.png /queue tree add max-limit=29M name=ext parent=bridgeExt add name=ext20 packet-mark=20 parent=ext priority=2 add name=ext30 packet-mark=30 parent=ext priority=3 add name=extFT packet-mark=no-mark parent=ext pri...
by sebastia
Fri May 10, 2019 9:01 pm
Forum: General
Topic: Equal Bandwidth Distribution: PCQ vs. "Untouched"
Replies: 7
Views: 314

Re: Equal Bandwidth Distribution: PCQ vs. "Untouched"

If it was up to me, the pcq-total-limit shouldn't be much larger than 1/10 s of max transmission on upload side: suppose you have a gamer, that would have latency of 100ms.... he wouldn't be happy. On download the queue is only there to account for and spread the bandwidth. It's an artificial bottle...
by sebastia
Wed May 08, 2019 11:45 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 19
Views: 631

Re: VoIP with load balancing PCC

Documentation is not clear on that point: https://wiki.mikrotik.com/wiki/Manual:HTB. One example has such situation, but the effect/goal is not elaborated. Then again is that a valid situation for you? I would think not: voip should have higher prio, and it's volume will be much smaller than rest in...
by sebastia
Wed May 08, 2019 8:45 pm
Forum: Beginner Basics
Topic: Bridge interface not showing traffic
Replies: 17
Views: 741

Re: Bridge interface not showing traffic

I think the problem is the wan bridge itself. For QOS to work, one needs to control the transmission. But in your case traffic is bypassing queue on bridge (because its in hardware / accelerated) which results in unpredictable queueing to ISP.
by sebastia
Wed May 08, 2019 11:04 am
Forum: Beginner Basics
Topic: Firewall chain for virtual interfaces of tunnels [SOLVED]
Replies: 2
Views: 161

Re: Firewall chain for virtual interfaces of tunnels [SOLVED]

Input chain is for any packet coming INTO router, from any available interface.
forward chain is for packets passing through router, so from one interface of router to another.
by sebastia
Wed May 08, 2019 10:38 am
Forum: General
Topic: Equal Bandwidth Distribution: PCQ vs. "Untouched"
Replies: 7
Views: 314

Re: Equal Bandwidth Distribution: PCQ vs. "Untouched"

* current mangles should work, but specifying interface is easier than working with ip's ** to eth2 -> download ** to eth1 -> upload * at this time there is no advantage in mangling as all to-from-lan is marked with "pcq-connection", still a to-do for future? * usually (except some specific situatio...
by sebastia
Tue May 07, 2019 7:12 pm
Forum: General
Topic: HOWTO: Dual WAN PCC with Dynamic IP
Replies: 32
Views: 3070

Re: HOWTO: Dual WAN PCC with Dynamic IP

LTE probably gets an /32 ip? That's a point-to-point connection, and in such a case the "gateway" can be determined by OS (=ip at the other end), so interface is enough.
by sebastia
Tue May 07, 2019 5:19 pm
Forum: General
Topic: Equal Bandwidth Distribution: PCQ vs. "Untouched"
Replies: 7
Views: 314

Re: Equal Bandwidth Distribution: PCQ vs. "Untouched"

if accounting bandwidth per users it's usually because it's scarce, and hence queueing will be used. PCQ is a type of queue.

PCC is load balancing / routing method (pcc requires mangling). so indeed spreading the load is the essence.
by sebastia
Tue May 07, 2019 2:09 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 19
Views: 631

Re: VoIP with load balancing PCC

it should work: verify counters on queues that they are actually used.
Only packets with no-mark for wan2, as queue is attached to wan2.

Make sure max-limit is not too high: there should be no buffering on isp modem => no added latency.
by sebastia
Tue May 07, 2019 10:06 am
Forum: General
Topic: dst-limit not matching when rate is higher than 5000
Replies: 3
Views: 225

Re: dst-limit not matching when rate is higher than 5000

That was indeed the post / thread I meant...
by sebastia
Tue May 07, 2019 9:52 am
Forum: General
Topic: VoIP with load balancing PCC
Replies: 19
Views: 631

Re: VoIP with load balancing PCC

You can use "no-mark" for bulk! So what you can do, is mangle voip selectively and throw rest of unmarked packets in "bulk" queue. What is needed: * in postrouting, mark packets with PBX connection mark -> for that you'll need a separate connection mark * setup htb on wan interface (not global) with...
by sebastia
Mon May 06, 2019 11:56 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 19
Views: 631

Re: VoIP with load balancing PCC

add a queue tree on wan link, and define queues matching packet marks.
https://wiki.mikrotik.com/wiki/Manual:Queue#Queue_Tree
https://wiki.mikrotik.com/wiki/Manual:HTB
by sebastia
Mon May 06, 2019 11:12 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 19
Views: 631

Re: VoIP with load balancing PCC

if you really want to do marking, reuse existing marks: add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge src-address=192.168.1.100 new-connection-mark=WAN2 passthrough=yes comment="Voip connection mark WAN2" Rest of original script can b...
by sebastia
Mon May 06, 2019 10:14 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 19
Views: 631

Re: VoIP with load balancing PCC

Assign an "unused" mark so it's not processed by other mangles and uses default routing.
/ip firewall mangle
add action=mark-connection connection-mark=no-mark chain=prerouting src-address=<pbx box> comment="Mark pbx" new-connection-mark=PBX
by sebastia
Mon May 06, 2019 9:27 pm
Forum: Beginner Basics
Topic: Open port between Guest WIFI and my main network [SOLVED]
Replies: 23
Views: 755

Re: Open port between Guest WIFI and my main network [SOLVED]

Ok i'll take a look at that, but i think i foud a solution, with the Hairpin Nat i can access the camera on the port 88 !
That will do the trick too but only for one destination?
Getting a bit complex ? ;-)
by sebastia
Mon May 06, 2019 9:25 pm
Forum: Beginner Basics
Topic: Open port between Guest WIFI and my main network [SOLVED]
Replies: 23
Views: 755

Re: Open port between Guest WIFI and my main network [SOLVED]

Great minds ... ;-) (Selfish, yes ;-) )
by sebastia
Mon May 06, 2019 9:07 pm
Forum: Beginner Basics
Topic: Open port between Guest WIFI and my main network [SOLVED]
Replies: 23
Views: 755

Re: Open port between Guest WIFI and my main network [SOLVED]

Hey * don't use wpa, it's broken To do what you want you need to have the notion of connection tracking: allow connection from lan to guest (and related responses, so conn tracking needed) but don't allow connections (new) from guest to lan. Bridge firewall doesn't have that capability. You could tr...
by sebastia
Mon May 06, 2019 12:11 pm
Forum: General
Topic: Equal Bandwidth Distribution: PCQ vs. "Untouched"
Replies: 7
Views: 314

Re: Equal Bandwidth Distribution: PCQ vs. "Untouched"

Hi 1. No, connection have both up and down "legs". Hence your mangling changes the connection marks on a connection back and forth to "up" and "down", with unpredictable results on the actual packet mangling... 2. available bandwidth will be split equally and depending on load. If one users is not u...
by sebastia
Sat May 04, 2019 1:58 pm
Forum: Beginner Basics
Topic: Bridge interface not showing traffic
Replies: 17
Views: 741

Re: Bridge interface not showing traffic

Got me wondering: CCR1009-7G-1C-1S+ doesn't have any switch chip, https://i.mt.lv/cdn/rb_files/CCR1009-7G-1C-1Splus-170321154504.png So traffic between ports, part of bridge will need to be passed on by cpu in software. Hence I would expect all traffic should be visible and accounted for? BUT it doe...
by sebastia
Fri May 03, 2019 3:01 pm
Forum: RouterBOARD hardware
Topic: hEX RB750Gr2 grounding
Replies: 3
Views: 404

Re: hEX RB750Gr2 grounding

If cable goes outside, it should be grounded, directly or indirectly. GR2 is not grounded on it's own, and given it's enclosure of plastic, not sure you can.
Perhaps you should ground cable directly?
by sebastia
Thu May 02, 2019 8:25 pm
Forum: General
Topic: How to set ping parameters in IP route?
Replies: 1
Views: 108

Re: How to set ping parameters in IP route?

ping target is the gateway address. There is no other ip involved. If you want something else please have a look at https://wiki.mikrotik.com/wiki/Advanced ... _Scripting
by sebastia
Thu May 02, 2019 8:20 pm
Forum: Beginner Basics
Topic: 2 Mikrotik behind firewall
Replies: 13
Views: 528

Re: 2 Mikrotik behind firewall

You're welcome.
by sebastia
Thu May 02, 2019 5:32 pm
Forum: General
Topic: Given the hardware similarities
Replies: 2
Views: 200

Re: Given the hardware similarities

Look at OpenWRT maybe?
by sebastia
Thu May 02, 2019 1:43 am
Forum: General
Topic: Interface Queue Causing Slow Performance
Replies: 2
Views: 151

Re: Interface Queue Causing Slow Performance

If you have excess capacity, why use queues ;-) ? Someone else on the forum had a setup in production, where the backbone was unlimited, and policing / shaping happened closer to clients. 1500 packets x 1500 b/packet = 2,2MB 4Gbps / 8bit/byte = 512MB/s 2,2MB / 512MB/s = 4ms looks to be fine from buf...
by sebastia
Wed May 01, 2019 12:24 pm
Forum: General
Topic: One physical port/ multiple bridges
Replies: 3
Views: 224

Re: One physical port/ multiple bridges

Hoy

These are the same vlans, so all you need to do is add the n'th eoip as new port to bridge, and indicate which vlans (101 & 2) need to pass over it.
by sebastia
Wed May 01, 2019 11:59 am
Forum: Beginner Basics
Topic: 2 Mikrotik behind firewall
Replies: 13
Views: 528

Re: 2 Mikrotik behind firewall

You'll also need to:
indicate in which vlans it partiipates under /interface ethernet switch vlan
change from access to trunk under /interface ethernet switch port
by sebastia
Tue Apr 30, 2019 9:25 pm
Forum: General
Topic: Upgrade from old firmware, is it safe?
Replies: 1
Views: 142

Re: Upgrade from old firmware, is it safe?

it's still a supported device.
Before you upgrade: "/export compact" your full config + export any certificates / keys you have in use, as these are not part of "export"
you're bridge config will change, so be careful with restore if needed.

BootRom can be updated after software update.
by sebastia
Tue Apr 30, 2019 9:20 pm
Forum: Beginner Basics
Topic: 2 Mikrotik behind firewall
Replies: 13
Views: 528

Re: 2 Mikrotik behind firewall

if firewall doing the vlan routing?

and both Tik's are used as smart switches then?

If you use Tik1Port3 for connection to Tik2, then this port has to be cofigured as trunk too, just like Port2: so all vlans (or the relevant ones) present and all tagged.
by sebastia
Tue Apr 30, 2019 8:58 pm
Forum: Beginner Basics
Topic: NAT not working in load balance (2 WAN)
Replies: 5
Views: 275

Re: NAT not working in load balance (2 WAN)

Or more likely... PCC is available from v3 see top right corner. Or see history: https://wiki.mikrotik.com/index.php?title=Manual:PCC&action=history On top of that, it was user generated content, when it was still allowed. FastTrack has been added only recently. And best of all: the wiki on FT(https...
by sebastia
Tue Apr 30, 2019 2:36 pm
Forum: General
Topic: DHCP Queue needed
Replies: 3
Views: 194

Re: DHCP Queue needed

This could work. Just need to change the limits pcq-rate to your liking. Setting total max for upload & download is advisable to provide overall QoS.
by sebastia
Tue Apr 30, 2019 2:15 pm
Forum: Beginner Basics
Topic: 2 Mikrotik behind firewall
Replies: 13
Views: 528

Re: 2 Mikrotik behind firewall

Tik1 Port3 is access port: only untagged traffic for vlan 21 will pass.

If you want vlan 21 & 22 on Tik2, you'll need to use Port2 of Tik1 as this one is trunk port.

Note: "set ether2 vlan-mode=secure vlan-header=add-if-missing" without saying which id doesn't make sense
by sebastia
Tue Apr 30, 2019 11:26 am
Forum: Beginner Basics
Topic: 2 Mikrotik behind firewall
Replies: 13
Views: 528

Re: 2 Mikrotik behind firewall

List your config on Tik1 (/export hide-senstive compact) and indicate who you want to connect: from what interface to which?
by sebastia
Tue Apr 30, 2019 11:24 am
Forum: Scripting
Topic: [newbie] How to get a script to run automatically
Replies: 3
Views: 214

Re: [newbie] How to get a script to run automatically

which script? what is your config? (-> /export hide-sensitive compact)
by sebastia
Mon Apr 29, 2019 11:36 am
Forum: General
Topic: simple queue missing traffic (ie not working) (simple 1 pc setup)
Replies: 4
Views: 241

Re: simple queue missing traffic (ie not working) (simple 1 pc setup)

With queuing one can only really control the transmitting side: so before almost filling the uplink pipe, what to send. On reception side it's a hack: by dropping some packets already transmitted and received, TCP and ONLY tcp, can be forced to back down / slow transmission. The UPD is connection le...
by sebastia
Mon Apr 29, 2019 1:32 am
Forum: Beginner Basics
Topic: FastTrack and dual WAN
Replies: 4
Views: 303

Re: FastTrack and dual WAN

mark connections for fasttrack in chain=forward, only from lan to wan1.
by sebastia
Mon Apr 29, 2019 1:29 am
Forum: Beginner Basics
Topic: LTE passthrough winbox issue
Replies: 3
Views: 321

Re: LTE passthrough winbox issue

have tried the search feature? https://wiki.mikrotik.com/wiki/Manual:Interface/LTE#Passthrough_Example LTE pass-through is locked to specific MAC (either given or chosen), so communication from another MAC on same subnet is not affected (hijacked), and router can be reached. wrt bridge, on the clien...
by sebastia
Sun Apr 28, 2019 12:46 pm
Forum: Beginner Basics
Topic: Recommended LTE modem for RBwAPR-2nD?
Replies: 3
Views: 190

Re: Recommended LTE modem for RBwAPR-2nD?

if you're are "remote" why don't you have a look at LHG LTE, or high gain external antennae.

I myself use SXT LTE and throughput wise happy with it, but I'm not in "remote" area.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 29