Community discussions

MUM Europe 2020

Search found 81 matches

by bburley
Thu Apr 19, 2012 5:28 am
Forum: Scripting
Topic: Firewall - Exceptions
Replies: 1
Views: 2327

Re: Firewall - Exceptions

Instead of defining a "block" of addresses which is less flexible, create an address list called "p2p-bypass" and enter the preferred users addresses into this list. Now you can apply this to "source address list" to a rule that skips your firewall block, or invert it (NOT) so that anyone not in thi...
by bburley
Sat Jul 23, 2011 3:46 am
Forum: General
Topic: How to track the motion of a packet through the firewall
Replies: 7
Views: 1217

Re: How to track the motion of a packet through the firewall

Thanks fewi, I had no idea that that existed. I made an assumption because it sounded difficult. Now that I have read about it, I can take a wild guess as to how it works. The virtual packet may have a special mark that turns on extra logging in the rule processing engine just while the packet with ...
by bburley
Fri Jul 22, 2011 6:01 pm
Forum: General
Topic: How to track the motion of a packet through the firewall
Replies: 7
Views: 1217

Re: How to track the motion of a packet through the firewall

I think that having a 'tool' to do that for you would be a huge problem to implement and would be very cpu intensive to the point where it wouldn't be practical.
by bburley
Fri Jul 22, 2011 8:48 am
Forum: General
Topic: How to track the motion of a packet through the firewall
Replies: 7
Views: 1217

Re: How to track the motion of a packet through the firewall

The procedure that I use is to create a logging rule with options set to filter everything except the packet type that I am interested in (as much as possible), then start by placing the logging rule at the beginning of the input chain (if the packet is expected to go directly to the router) or the ...
by bburley
Thu Jul 07, 2011 11:08 am
Forum: Scripting
Topic: script challenge....
Replies: 5
Views: 1207

Re: script challenge....

As you might have seen, I have played with this before. The problem is that the output of the wireless scan is sent to the terminal (telnet or serial port interface) but there isn't any variables used that could hold the output until they could be read by a script. The ping tool has its results stor...
by bburley
Wed Jul 06, 2011 5:19 pm
Forum: General
Topic: DHCP Server
Replies: 2
Views: 491

Re: DHCP Server

I have seen this same problem occurring on an RB1100 using DHCP Relay. The lease starts out at 1d (24 hrs) but continuously resets every 30 seconds. Eventually it settles down and works ok.
by bburley
Wed Jul 06, 2011 11:58 am
Forum: General
Topic: NTP Client
Replies: 16
Views: 2638

Re: NTP Client

Thanks Normis :)
by bburley
Wed Jul 06, 2011 11:57 am
Forum: General
Topic: NTP Client
Replies: 16
Views: 2638

Re: NTP Client

I don't think this has anything to do with NTP but I think the second DNS should be 208.67.220.220 /ip dns set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \ max-udp-packet-size=512 servers=208.67.222.222,208.67.222.220 I also wonder why the network address doesn't match the IP addre...
by bburley
Wed Jul 06, 2011 11:43 am
Forum: General
Topic: NTP Client
Replies: 16
Views: 2638

Re: NTP Client

It isn't clear to me why you need to masquerade in both directions. I haven't seen it done this way before.
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1
add action=masquerade chain=srcnat disabled=no out-interface=BigPond
by bburley
Tue Jul 05, 2011 11:32 am
Forum: General
Topic: Monitoring port 80
Replies: 4
Views: 862

Re: Monitoring port 80

Tera Term Pro is a telnet client with a built-in scripting language. It can also be programmed to change settings in MikroTik Routers if certain conditions are met.
by bburley
Tue Jul 05, 2011 11:27 am
Forum: General
Topic: NTP Client
Replies: 16
Views: 2638

Re: NTP Client

You didn't give much information about how your router is set up, but if you are using it as an AP within a local subnet you could be missing a default route or default gateway. Another possibility is firewall filter rules that are interfering.
by bburley
Mon Jun 27, 2011 12:56 am
Forum: Scripting
Topic: [ASK] how to log ping time result
Replies: 10
Views: 4471

Re: [ASK] how to log ping time result

The script that I posted logs the average response time for 10 pings as well as the packet loss if any. You can modify the number of pings or exactly what is logged by modifying the script. Then run the script with the scheduler.
by bburley
Sun Jun 26, 2011 10:16 am
Forum: Scripting
Topic: [ASK] how to log ping time result
Replies: 10
Views: 4471

Re: [ASK] how to log ping time result

When you used flood-ping did you limit the number of pings with the "count=" parameter?
by bburley
Sat Jun 25, 2011 7:54 pm
Forum: Scripting
Topic: [ASK] how to log ping time result
Replies: 10
Views: 4471

Re: [ASK] how to log ping time result

Does this work for you? :local avgRtt; :local pin :local pout /tool flood-ping 192.168.1.1 count=10 do={ :if ($sent = 10) do={ :set avgRtt $"avg-rtt" :set pout $sent :set pin $received } } :local ploss (100 - (($pin * 100) / $pout)) :local logmsg ("Ping Average for 192.168.1.1 - ".[:tostr $avgRtt]."...
by bburley
Mon Jun 13, 2011 12:55 pm
Forum: Beginner Basics
Topic: Help with SNMP.
Replies: 1
Views: 427

Re: Help with SNMP.

Make sure that your community strings match. In the router the address or subnet for your web server should be attached to the community string or use 0.0.0.0/0 to allow access from anywhere. Check that port 161 is not blocked by firewall rules in the router and web server. If you learn the syntax f...
by bburley
Mon Jun 13, 2011 12:16 pm
Forum: General
Topic: Spamming
Replies: 2
Views: 702

Re: Spamming

The above firewall rules seem to be for incoming attack filtering.

Perhaps this is what you were looking for

http://wiki.mikrotik.com/wiki/How_to_au ... MTP_output
by bburley
Wed Jun 08, 2011 12:26 pm
Forum: General
Topic: Local IPs get past NAT? Tracing traffic.
Replies: 4
Views: 1137

Re: Local IPs get past NAT? Tracing traffic.

I have seen some cases where a PC has an old printer driver that is trying to talk to a network printer that was set up with a fixed IP address. After the PC moves to a new subnet, it keeps trying to check the status of it's lost printer. It doesn't seem likely in your case with everyone natted. You...
by bburley
Tue Jun 07, 2011 6:47 pm
Forum: General
Topic: OVPN Server with ROS 4.11
Replies: 5
Views: 1473

Re: OVPN Server with ROS 4.11

When bridging with a PC, the tap interface gets an IP address from the subnet on the other end of the VPN. The layer-2 bridge is on the same subnet while the real NIC on the PC is on a different subnet. If you are trying to bridge two different subnets, they should have different subnet IP's, so you...
by bburley
Fri Jun 03, 2011 9:37 am
Forum: General
Topic: Netmap vs dstnat & srcnat
Replies: 3
Views: 9871

Re: Netmap vs dstnat & srcnat

Thanks for your comments fewi :) I did the swap and the nat rules seem to be ok, but I did run into some other problems. I forgot about the relay setting in the dhcp server and had a couple of AP's down for a while. I wound up putting in three dhcp servers, two with relay settings, all drawing from ...
by bburley
Thu Jun 02, 2011 4:58 pm
Forum: General
Topic: Netmap vs dstnat & srcnat
Replies: 3
Views: 9871

Re: Netmap vs dstnat & srcnat

Does this rule eliminate the need for hairpin nat?
add action=accept chain=forward comment="Traffic between Local Clients" \
    disabled=no in-interface=Local out-interface=Local
by bburley
Thu Jun 02, 2011 8:59 am
Forum: General
Topic: Netmap vs dstnat & srcnat
Replies: 3
Views: 9871

Netmap vs dstnat & srcnat

I am about to replace an old Cisco SOHO Router with a MT RB1100 and want to make sure that I get it right. I have a /30 to the provider with a /28 routed over the /30. The Public IP's in the /28 are assigned (mapped) when needed to various private IP's in some /24 and /22 private subnets. All other ...
by bburley
Thu Jun 02, 2011 8:46 am
Forum: General
Topic: OVPN Server with ROS 4.11
Replies: 5
Views: 1473

Re: OVPN Server with ROS 4.11

I have client to network OpenVPN working perfectly on a RB750G (v4.11) and a RB1100 (v4.15). I can't be sure what your problem is, but I see some differences from my configuration. /interface ovpn-server server set auth=sha1 certificate=cert1 cipher=\ blowfish128,aes128,aes192,aes256 default-profile...
by bburley
Mon May 30, 2011 11:07 am
Forum: General
Topic: Solution for Winbox on Windows 2000
Replies: 0
Views: 1835

Solution for Winbox on Windows 2000

When I tried to run Winbox on a Windows 2000 machine, I got the following error; The procedure entry point freeaddrinfo could not be located in the dynamic link library WS2_32.DLL This is the Winsock 2 library and support for freeaddrinfo wasn't added until Windows XP but there is a solution. You ca...
by bburley
Tue May 10, 2011 12:35 pm
Forum: General
Topic: Winbox + Wine = Black Borders
Replies: 20
Views: 9697

Re: Winbox + Wine = Black Borders

This is even more interesting; http://ubuntuforums.org/archive/index.php/t-1032748.html BladeforgerJanuary 21st, 2009, 07:38 PM Well it appears I was looking at the wrong thing altogether. The fix was to alter a line in ~/.wine/system.reg. It had some ridiculous number there and I changed it to 60 d...
by bburley
Tue May 10, 2011 12:27 pm
Forum: General
Topic: Winbox + Wine = Black Borders
Replies: 20
Views: 9697

Re: Winbox + Wine = Black Borders

I think I'm on the track to fixing this issue. When I debug wine as it is loading winbox, it is looking for (and not finding) these font files: vgaoem.fon,vgafix.fon,serife.fon Anyone have an idea where I can find these? You might find this interesting; http://support.microsoft.com/kb/315338 Perhap...
by bburley
Mon May 09, 2011 9:43 am
Forum: RouterBOARD hardware
Topic: An RB493G setup ok for home?
Replies: 3
Views: 1016

Re: An RB493G setup ok for home?

I order mine from XAGYL Communications in Ontario. As far as I know, both types of antennas are 5dBi. You can get the N-Swivel antennas in the combo 2.4/5.8 GHz configuration as well. They are just a bit longer than the 2.4 GHz N-swivel type. The extra cost to go with N connectors is small and allow...
by bburley
Fri May 06, 2011 1:55 pm
Forum: RouterBOARD hardware
Topic: Router 411u is not keeping the clock.
Replies: 2
Views: 649

Re: Router 411u is not keeping the clock.

You probably have to set a default gateway or default route so that the NTP time requests can find the internet.
by bburley
Fri May 06, 2011 1:52 pm
Forum: RouterBOARD hardware
Topic: RB1000 ether1 dhcp client issue
Replies: 1
Views: 493

Re: RB1000 ether1 dhcp client issue

Sometimes different hardware doesn't negotiate port speed/duplex properly. You could try manual settings.
by bburley
Fri May 06, 2011 1:42 pm
Forum: RouterBOARD hardware
Topic: Reset button on RB750
Replies: 19
Views: 6766

Re: Reset button on RB750

I worked in electronics for 30 years and I wanted to put the switch back on for convenience. I knew about the reset pads as well :)
by bburley
Fri May 06, 2011 1:38 pm
Forum: RouterBOARD hardware
Topic: Reset button on RB750
Replies: 19
Views: 6766

Re: Reset button on RB750

I had the same problem, but was able to resolder the reset button. The serial number has been emailed to support.
by bburley
Fri May 06, 2011 1:21 pm
Forum: RouterBOARD hardware
Topic: RESET BUTTON ON RB 750
Replies: 14
Views: 113977

Re: RESET BUTTON ON RB 750

I would like to mention to be careful with the reset button on the RB750G. I had one with weak solder and I accidentally pushed the switch right off of the board. Fortunately, I know how to solder small stuff and I repaired it. It isn't much fun when you lose the ability to reset the router :(
by bburley
Fri May 06, 2011 12:56 pm
Forum: RouterBOARD hardware
Topic: An RB493G setup ok for home?
Replies: 3
Views: 1016

Re: An RB493G setup ok for home?

I am using an RB411U with R2n at home that replaced a WRT54G and found that is has much better signal. I can go anywhere in the yard. I am about to replace it with a RB493G but it is the same radio card. The R2n card may work just as good as a R52Hn - less money. Don't forget that the signal from yo...
by bburley
Fri May 06, 2011 11:46 am
Forum: General
Topic: RB750 poor ping performance
Replies: 3
Views: 617

Re: RB750 poor ping performance

I haven't worked with VSAT systems but the latency you describe sounds normal for satellite based internet.

http://www.vsat-systems.com/satellite-i ... tency.html

Even though you are only pinging the interface, perhaps it is the queues that are making you wait.
by bburley
Thu May 05, 2011 4:30 pm
Forum: Scripting
Topic: Returning comment in Netwatch
Replies: 9
Views: 1909

Re: Returning comment in Netwatch

Ok, so the line of code that I gave would only work if you could get the IP address that netwatch is pinging automatically. Now I don't know your setup and how the pinged address is related. The AP has to be programmed when it is set up and possibly when it is moved. If you can find a place to leave...
by bburley
Thu May 05, 2011 10:16 am
Forum: Scripting
Topic: Returning comment in Netwatch
Replies: 9
Views: 1909

Re: Returning comment in Netwatch

When I looked at netwatch, searching by IP address seemed to be the only way to locate the comment. I don't see how a generic script could do everything because you still have to tell netwatch what IP address to ping and put the location in the comment. I don't see why you couldn't duplicate the net...
by bburley
Thu May 05, 2011 8:56 am
Forum: Wireless Networking
Topic: Multiple power supplies
Replies: 47
Views: 12719

Re: Multiple power supplies

Just stick two simple power supplies in paralel and connect PSU positive output via diode and you have redundant feature. Has anybody tried this power supply redundancy method? I spent 30 years in electronics before wireless networking and this method does work. In this application, the diodes are ...
by bburley
Thu May 05, 2011 8:33 am
Forum: Scripting
Topic: Copy all files from "files" to an FTP account
Replies: 3
Views: 2400

Re: Copy all files from "files" to an FTP account

I ran into an intermittent problem with a scheduled ftp client uploading files to RB1100's. It sometimes fails to connect or it will connect and then reject the upload, and/or other wierdness. The automation is done with a "dumb" batch file and auto-generated text file for the ftp commands. This met...
by bburley
Thu May 05, 2011 8:19 am
Forum: Scripting
Topic: Returning comment in Netwatch
Replies: 9
Views: 1909

Re: Returning comment in Netwatch

If you move an AP, does it keep the same IP address? If it does you would only change the comment for the new location and use a variation of this code; :put [get [/tool netwatch find where host=xxx.xxx.xxx.xxx] comment] This could be even easier if MikroTik would add a "name" for each netwatch entr...
by bburley
Thu May 05, 2011 7:53 am
Forum: Scripting
Topic: random number generators
Replies: 3
Views: 2359

Re: random number generators

That is an awesome script, I can't even try to follow it through until my workload lets up. I made a very poor attempt at getting a random number out of the MikroTik but I rushed through it and it wasn't very well thought out. I was going to make another attempt, but after seeing your script, I may ...
by bburley
Wed May 04, 2011 8:28 am
Forum: Scripting
Topic: Script Running Problem
Replies: 5
Views: 989

Re: Script Running Problem

It can be very easy to make a typo or have some unexpected error from transferring a script to a different model or hardware type. There aren't many easy ways to troubleshoot a script. One method I use for feedback is to insert a logging command at various points in the script, such as; :log info "m...
by bburley
Mon Apr 25, 2011 7:45 pm
Forum: Scripting
Topic: Another attempt at a random password generator
Replies: 3
Views: 3553

Re: Another attempt at a random password generator

I didn't think about this one long enough. The above scripts are very flawed and will not generate very many unique passwords. I will make another attempt soon.
by bburley
Mon Apr 25, 2011 12:06 pm
Forum: Scripting
Topic: Another attempt at a random password generator
Replies: 3
Views: 3553

Another attempt at a random password generator

I wanted to try making a random password generator and this is the first script that I came up with. It uses three character source strings, the second and third are just scrambled versions of the first string. You can loop through more strings if you want. This script takes a couple of minutes to r...
by bburley
Wed Apr 20, 2011 5:16 pm
Forum: General
Topic: Solar power, have i got this right?
Replies: 3
Views: 902

Re: Solar power, have i got this right?

Auckland, NZ sees about 5.6 hours of sunshine per day. I would be conservative and use 5 or less hours per day to calculate available charge time. The sun angle will not be optimum for all 5 hours. You should size your batteries to run the system for about 5 days without charging, then calculate the...
by bburley
Wed Apr 20, 2011 5:55 am
Forum: Scripting
Topic: Help with retrieving /interface/wireless > scan data
Replies: 34
Views: 16463

Re: Help with retrieving /interface/wireless > scan data

Here is one solution using the newer version of Tera Term which you can get here; http://en.sourceforge.jp/projects/ttssh2/downloads/50074/teraterm-4.68.exe/ ; Filename: MikroTik_Wlan_Scan.ttl ; Tera Term Script (use newer version 4.6x) ; Author: Bob Burley - April 19, 2011 ; Initialize Variables de...
by bburley
Tue Apr 19, 2011 10:33 am
Forum: Scripting
Topic: Ping randomly and Monitor the Latency Script...
Replies: 12
Views: 13800

Re: Ping randomly and Monitor the Latency Script...

I played around with the script from psamsig and added packet loss checking :local avgRtt; :local pin :local pout /tool flood-ping 1.1.1.1 count=10 do={ :if ($sent = 10) do={ :set avgRtt $"avg-rtt" :set pout $sent :set pin $received } } :local ploss (100 - (($pin * 100) / $pout)) :local logmsg ("Pin...
by bburley
Tue Apr 19, 2011 8:46 am
Forum: Scripting
Topic: Audio Script: Loud Alarm
Replies: 1
Views: 1838

Audio Script: Loud Alarm

It isn't that easy to hear the RouterBoard speaker in most cases, so I came up with a simple alarm that does a much better job at getting your attention. :for a from=1 to=10 step=1 do={ :local b 4000 :for c from=1 to=50 step=1 do={ :beep length=10ms frequency=$b :set b ($b - 40) } } The upper value ...
by bburley
Fri Apr 15, 2011 5:04 am
Forum: Scripting
Topic: Backup Script
Replies: 2
Views: 992

Re: Backup Script

You may need to add a delay before emailing. It could be trying to send the file before the backup export is complete.
by bburley
Fri Apr 15, 2011 4:02 am
Forum: Scripting
Topic: Morse Code Log Reader
Replies: 2
Views: 1004

Morse Code Log Reader

I am sure I should have been spending my time doing something else, but it was fun to do :D This script will take any text you can throw at it and spit it out in Morse Code to the speaker. The first script gets the text from the system log # MikroTik Log Reader Script # # Author: Bob Burley - April ...
by bburley
Thu Apr 14, 2011 4:59 am
Forum: General
Topic: Winbox windows empty
Replies: 7
Views: 2840

Re: Winbox windows empty

I have seen this problem, but in my case the reason was simple. I was using a very bad wireless link where telnet worked ok but the link quality was so poor that most larger packets were lost.
by bburley
Thu Apr 14, 2011 4:47 am
Forum: General
Topic: Port forwarding on a RB750
Replies: 1
Views: 2934

Re: Port forwarding on a RB750

/ip firewall nat
add action=dst-nat chain=dstnat comment="Web Cam" disabled=no dst-port=80 \
    protocol=tcp to-addresses=192.168.88.xxx to-ports=80
by bburley
Thu Apr 14, 2011 3:56 am
Forum: General
Topic: Log issues
Replies: 3
Views: 457

Re: Log issues

Are you logging the activity of sending the log entries by email? If you are, this will cause an endless loop. Any log entries generated by emailing should be stopped with a filter rule that accepts the packets before they reach your logging rule.
by bburley
Fri Feb 11, 2011 9:11 pm
Forum: Beginner Basics
Topic: Winbox connect to Bridge IP not working
Replies: 0
Views: 413

Winbox connect to Bridge IP not working

I have an RB411 where Winbox can connect if the IP address is assigned directly to the ether1 or wlan1 ports, but if I assign the IP address to the bridge interface, the only way I can connect with Winbox is through the MAC Server.

Am I missing something simple?
by bburley
Thu Feb 10, 2011 9:58 pm
Forum: General
Topic: [Solved] Lost Telnet/Winbox connect to AP through CPE
Replies: 1
Views: 395

Re: Lost Telnet/Winbox connect to AP through CPE

This problem is solved.

The in-interface was flipped in one firewall rule combined with a typo in the logging rule I was using for testing.

It's a wonder that I have ANY hair left :)
by bburley
Thu Feb 10, 2011 4:06 am
Forum: General
Topic: vendor-tag circuit-id service equivalent
Replies: 2
Views: 1770

Re: vendor-tag circuit-id service equivalent

I haven't used a pppoe setup yet, but I searched in vain for a way to use circuit-id to select dhcp pools on the MikroTik and gave up. It appears that the MikroTik does not support option 82. I was using a Cisco SOHO router that supported dhcp-class (circuit-id) before replacing it with the MikroTik...
by bburley
Thu Feb 10, 2011 3:54 am
Forum: General
Topic: how to block https://www.facebook.com
Replies: 23
Views: 34588

Re: how to block https://www.facebook.com

I haven't tried to do exactly what you are doing, but based on my previous experience perhaps you could substitute dst-host=https://facebook.com (leave out the www).

I admit my suggestion is only a guess.
by bburley
Thu Feb 10, 2011 3:45 am
Forum: General
Topic: how to block https://www.facebook.com
Replies: 23
Views: 34588

Re: how to block https://www.facebook.com

I wasn't suggesting to use openDNS, just wondering if "https://facebook.com" makes any difference.
by bburley
Thu Feb 10, 2011 3:35 am
Forum: General
Topic: [Solved] Lost Telnet/Winbox connect to AP through CPE
Replies: 1
Views: 395

[Solved] Lost Telnet/Winbox connect to AP through CPE

This used to be working. I can no longer connect to an RB411AH AP via an RB411 CPE. I can log the TCP-8291 packets in the prerouting chain of the AP (no rules in prerouting) but these packets do not even enter the input chain. I can ping both interfaces of the AP but no connect. I can connect throug...
by bburley
Thu Feb 10, 2011 3:24 am
Forum: General
Topic: how to block https://www.facebook.com
Replies: 23
Views: 34588

Re: how to block https://www.facebook.com

I think I have seen this before while using openDNS.

"www.facebook.com" did not work but "facebook.com" did work.

Perhaps it is the same for your setup.
by bburley
Sun Feb 06, 2011 7:07 am
Forum: Scripting
Topic: Trouble with backup script
Replies: 5
Views: 946

Re: Trouble with backup script

I don't see a delay in the script between creating the file and trying to email it. Perhaps the file has not been completely saved and the email send fails. The time it takes to save the file could depend on hardware type and number of configuration entries.
by bburley
Sun Feb 06, 2011 5:54 am
Forum: General
Topic: Winbox shows an address list that doesn't exists
Replies: 41
Views: 8669

Re: Winbox shows an address list that doesn't exists

I now have the same problem with two address lists in v4.11 (RB750G). I have been working on it for hours with no solution. I did discover that some rules would retain an address-list entry even though the address-list box was "closed up". I opened the address-list box again, the address-list name r...
by bburley
Fri Feb 04, 2011 6:17 am
Forum: General
Topic: Unable to extrac temperature using MRTG from Rb493G ...
Replies: 4
Views: 1733

Re: Unable to extrac temperature using MRTG from Rb493G ...

Does this work?
Target[rb493g_temp]: 1.3.6.1.4.1.14988.1.1.3.10.0&1.3.6.1.4.1.14988.1.1.3.11.0:XXXXXXXXX@192.168.2.6 / 10
by bburley
Fri Feb 04, 2011 5:49 am
Forum: General
Topic: RouterOS ignores DHCP offer
Replies: 1
Views: 1842

Re: RouterOS ignores DHCP offer

I have just had a similar problem with the MikroTik router ignoring a DHCP request from a bridged device on the LAN side. The device was a WaveRider CCU in switched mode which needed to use DHCP Relay to forward DHCP traffic to the MikroTik. The MikroTik needed to have the IP address of the CCU ente...
by bburley
Fri Feb 04, 2011 5:38 am
Forum: General
Topic: Mikrotik stops working!!! WHY?
Replies: 20
Views: 2011

Re: Mikrotik stops working!!! WHY?

You are correct SurferTim

I have enough experience that I should have known that :) It has only been 3-1/2 years since I traded electronics for networking and I am already showing signs of looking at things funny :)
by bburley
Thu Feb 03, 2011 5:48 pm
Forum: General
Topic: Mikrotik stops working!!! WHY?
Replies: 20
Views: 2011

Re: Mikrotik stops working!!! WHY?

ADD: I have used the solution offered by bburley with great success. I used 3 diodes in series to insure no overvoltage. As I recall, I used 1N4001. This option is not exactly free. It involves about a 7% power loss in the diodes. I prefer 11-15v supply with no additional loss. IN4007 is probably e...
by bburley
Thu Feb 03, 2011 10:11 am
Forum: Scripting
Topic: Mikrotik + CISCO Script
Replies: 4
Views: 1672

Re: Mikrotik + CISCO Script

You can use this program http://logmett.com/index.php?/download/tera-term-468.html to telnet to each device and automatically issue the required commands. I have used tera term to write a script that downloads (using WGET) the fullbogons-ipv4.txt from http://www.team-cymru.org/Services/Bogons/http.h...
by bburley
Thu Feb 03, 2011 8:48 am
Forum: General
Topic: RouterOS Firewall
Replies: 7
Views: 6478

Re: RouterOS Firewall

And i also want to block outgoing traffic For example, A user tries to go to http://www.facebook.com and instead of showing the facebook webpage, the browser will show that the webpage is being blocked. I'm not sure this is doable on a mikrotik device though. I use http://www.opendns.com/ It's free...
by bburley
Thu Feb 03, 2011 8:34 am
Forum: General
Topic: Mikrotik stops working!!! WHY?
Replies: 20
Views: 2011

Re: Mikrotik stops working!!! WHY?

could it be that 28-29 volts is too much? I am not sure how to cut the battery output down to 24 volts. even if i could it would drain the batteries I would think. If you need to reduce voltage, just install silicon diodes in series between the power source and the load. Each silicon diode has a vo...
by bburley
Wed Dec 22, 2010 2:38 am
Forum: Wireless Networking
Topic: [Solved] Single IP blocked for unknown reason
Replies: 1
Views: 472

Re: [Solved] Single IP blocked for unknown reason

Maybe I've been at work too long today :) The device I couldn't ping had a misconfigured gateway address. Now I am wondering how it worked before.

On to another problem... A PC that can't ping anything on it's own subnet :(
by bburley
Wed Dec 22, 2010 1:05 am
Forum: Wireless Networking
Topic: [Solved] Single IP blocked for unknown reason
Replies: 1
Views: 472

[Solved] Single IP blocked for unknown reason

I have just installed a RB411AH/XR5 v4.11 Access Point along with a RB411/XR5 v4.10 CPE in my office. The AP is connected to the Main LAN Switch which leads to some other 900MHz AP's. The system worked great while testing but the trouble started when I used the MikroTiks to replace the Canopy Backha...
by bburley
Thu Nov 25, 2010 7:50 am
Forum: General
Topic: Filter rule for traffic between local router applications
Replies: 11
Views: 1822

Re: Filter rule for traffic between local router application

It turns out that those stray DHCP packets are coming from a non-routable address in my providers network. The Drop Rule that I am using appears before my illegal address rules. I will probably call them and ask them if it is of any concern. It is interesting that the firewall does see DHCP packets ...
by bburley
Wed Nov 24, 2010 4:07 am
Forum: General
Topic: Filter rule for traffic between local router applications
Replies: 11
Views: 1822

Re: Filter rule for traffic between local router application

Now that is interesting information but it still leaves me with questions. If the DHCP packets are unicast, and just passing through the router (DHCP Relay), when renewing a lease, does that still apply? I am not using a bridge, so now it is harder to explain why this rule is working?? add action=dr...
by bburley
Tue Nov 23, 2010 4:57 pm
Forum: General
Topic: Filter rule for traffic between local router applications
Replies: 11
Views: 1822

Re: Filter rule for traffic between local router application

I have seen that info, but I am wondering things like do the DHCP packets ever go through the forward chain and how is it different for lease renewal for local DHCP vs. DHCP Relay. I plan on running some tests to follow the packets but it might take a couple of days, it's getting busy :(
by bburley
Tue Nov 23, 2010 10:35 am
Forum: General
Topic: Filter rule for traffic between local router applications
Replies: 11
Views: 1822

Re: Filter rule for traffic between local router application

Thanks fewi, Your answer makes a lot of sense, including the part about letting support have the last word. Good firewall practice on one platform may not always transfer perfectly to another. I have decided to dig in and improve my understanding of the MikroTik firewall and the TCP/IP protocol at t...
by bburley
Tue Nov 23, 2010 6:20 am
Forum: General
Topic: Filter rule for traffic between local router applications
Replies: 11
Views: 1822

Re: Filter rule for traffic between local router application

Does anyone have any info on this subject? Maybe just a good guess?
by bburley
Mon Nov 22, 2010 8:38 am
Forum: RouterBOARD hardware
Topic: Solar Tracking
Replies: 10
Views: 4640

Re: Solar Tracking

You should probably be doing a proper analysis of your proposed solar system. This analysis will include the average sunlight hours for your location, the total system load, the number of days the system should stay running off batteries without charging, the battery capacity to allow running for th...
by bburley
Sun Nov 21, 2010 4:58 am
Forum: RouterBOARD hardware
Topic: Bios Time problem
Replies: 7
Views: 1850

Re: Bios Time problem

After a quick google search, GMT+1 timezone should not be using daylight saving time. If dst was enabled it could result in a 1 hour difference. This is only a guess.
by bburley
Sun Nov 21, 2010 3:20 am
Forum: Beginner Basics
Topic: New Config will not allow access to certain public IPs.
Replies: 11
Views: 1443

Re: New Config will not allow access to certain public IPs.

I am not an expert but it sounds like this is what you need;

http://wiki.mikrotik.com/wiki/Hairpin_NAT
by bburley
Sat Nov 20, 2010 4:47 am
Forum: General
Topic: Filter rule for traffic between local router applications
Replies: 11
Views: 1822

Re: Filter rule for traffic between local router application

Actually "dst-address-type=local" means that it is an IP address that is assigned directly to the router itself. The "input" chain is for packets destined for the router itself regardless of the interface. I am not sure if any packets not destined for the router itself could ever wind up in the inpu...
by bburley
Thu Nov 18, 2010 9:43 am
Forum: General
Topic: Filter rule for traffic between local router applications
Replies: 11
Views: 1822

Filter rule for traffic between local router applications

I have found this filter rule suggested on the wiki. Can someone explain what type of local router applications this rule is designed to match? /ip firewall filter add action=accept chain=input comment=\ "Allow Local Traffic Between Router Applications" disabled=no \ dst-address-type=local in-interf...
by bburley
Thu Nov 18, 2010 7:31 am
Forum: General
Topic: Free Remote Log Server ?
Replies: 4
Views: 1050

Re: Free Remote Log Server ?

This is the one that I use;

http://syslog-win32.sourceforge.net/

It works well, it's free, and it will write separate files by date and IP address.