Community discussions

MUM Europe 2020

Search found 49 matches

by givemesam
Thu Apr 20, 2017 7:51 am
Forum: General
Topic: rogue traffic
Replies: 3
Views: 540

Re: rogue traffic

So ive been watching it, and trying a few things, like enabling firewall, turning off service ports, making sure discovery is off on gateway. nothing worked. so i just kept watching it, then BAM, it all disappeared infront of my eyes. no longer showing the traffic on the lan via torch. makes no sens...
by givemesam
Thu Apr 20, 2017 7:36 am
Forum: General
Topic: rogue traffic
Replies: 3
Views: 540

rogue traffic

I have a rb750 at every one of my sites. I use it for ping tests, and speedtests for network performance. We do not have anything connected to its lan ports, only the gateway. it sits on the same lan as other devices at this location. somehow the gateway is showing about 20mbps constant traffic on t...
by givemesam
Sat Sep 03, 2016 11:15 am
Forum: General
Topic: Am i fragmenting?
Replies: 0
Views: 345

Am i fragmenting?

Our new ip uplink is using QiNQ to get our vlans sent to our head router. This brings our C-vlans mtu down to 1572 (upstream s-vlan interface is 1576, 1580 on bridge/eth) are we fragmenting with this current l2 MTU setup? - should i make an mtu change on the l2 MTU? - should i also tell the upstream...
by givemesam
Wed Jun 22, 2016 1:32 am
Forum: General
Topic: no sfp info, ddm
Replies: 0
Views: 457

no sfp info, ddm

so, on our ccr1036 we have a mikrotik sfp in the sfpplus1  6.34.6 when it is on autoneg, it gets ddm information, but wont pass data when negotiated at  1000F. it will show low light unless sfp is re-inserted with fibers installed. when its set to no auto 1000F, (as that is what upstream requires), ...
by givemesam
Fri Mar 11, 2016 10:49 am
Forum: General
Topic: ccr 1036 most stable software/FW?
Replies: 6
Views: 859

Re: ccr 1036 most stable software/FW?

They are pretty slow on complex things and will ask us to test it and supout

No way we can do that on our production gear

It could have been a bad revision that got sorted. I think it was 6.30.x
by givemesam
Fri Mar 11, 2016 10:35 am
Forum: General
Topic: ccr 1036 most stable software/FW?
Replies: 6
Views: 859

Re: ccr 1036 most stable software/FW?

Do you know a thread dedicated to 1036 stability? Is it possible Mk just keeps breaking their flagship router on every release? The last one we tried turned all ports into hub ports and all data flooded to all ports. The router is not new but is still in beta The old firmware gave us negotiation tro...
by givemesam
Fri Mar 11, 2016 10:28 am
Forum: General
Topic: ccr 1036 most stable software/FW?
Replies: 6
Views: 859

Re: ccr 1036 most stable software/FW?

So your saying I should downngrsde from 6.29.1 to 6.19?

Do you have any info on the 6.35 reliability?

I can't find anywhere discussion on stable newer firmware from the 2016 bugfix releases.
by givemesam
Fri Mar 11, 2016 8:23 am
Forum: General
Topic: ccr 1036 most stable software/FW?
Replies: 6
Views: 859

ccr 1036 most stable software/FW?

hi all we have a 1036 running 6.29.1 and we are not sure what the stable software/firmware for it is. We tried a few releases a few months ago (6.3x) and it crashed our network instantly. We are not sure if it was the software or the FW that crashed them, but we downgraded back to 6.29.1 There are m...
by givemesam
Tue Jan 12, 2016 12:05 am
Forum: General
Topic: Pptp/GRE passthrough
Replies: 6
Views: 5002

Re: Pptp/GRE passthrough

Thanks for the reply Has anyone implemented any special tricks for PPTP on mikrotik? It is still a widely used protocol. Although i dont really like PPTP through NAT, it is something i need to try to support. Any guides on making it work would be great. My guess is it involved mangling..... But that...
by givemesam
Sat Jan 09, 2016 11:54 am
Forum: General
Topic: Pptp/GRE passthrough
Replies: 6
Views: 5002

Re: Pptp/GRE passthrough

"Acting as a VPN server" and "forwarding VPN traffic" are two completely different things. It is not useful to apply solutions you find for acting as a VPN server to the forwarding of VPN traffic problem. I'm not even sure that the MikroTik is capable of forwarding PPTP (that is not a trivial thing...
by givemesam
Sat Jan 09, 2016 11:10 am
Forum: General
Topic: Pptp/GRE passthrough
Replies: 6
Views: 5002

Re: Pptp/GRE passthrough

PS its a ccr1036 with r6.29
by givemesam
Sat Jan 09, 2016 11:07 am
Forum: General
Topic: Pptp/GRE passthrough
Replies: 6
Views: 5002

Pptp/GRE passthrough

I've been playing with this for a while with no luck I have a good firewall following a drop all logic with some tweaks to drop known baddies. Firewall is basically: Accept established and Related for both input and forwarding chains. Then drop all. Works great for all users except for PPTP through ...
by givemesam
Fri Aug 28, 2015 12:07 am
Forum: General
Topic: VLANs are the enemy of CCRs? CCR 1036 SFP+ 16gb
Replies: 2
Views: 527

Re: VLANs are the enemy of CCRs? CCR 1036 SFP+ 16gb

How are you adding the VLANs? I copy an existing VLAN from within winbox and vlan tab, and change all the fields, then press OK on the new one, and cancel on the source. I have also simply pressed + to add a new vlan, to re-create one that is giving me issue. Both methods didnt solve the issue in r...
by givemesam
Thu Aug 27, 2015 11:16 pm
Forum: General
Topic: VLANs are the enemy of CCRs? CCR 1036 SFP+ 16gb
Replies: 2
Views: 527

VLANs are the enemy of CCRs? CCR 1036 SFP+ 16gb

I am not sure what section to put this, but in both 6.28, 6.29, and 6.29.1 when adding new vlans, under a bridge, some will work, some will not. I have found the issue to be somewhere with NAT. Simple explanation: Added Vlan 30-40. Each has its own DHCP, Pool, Network, Addresses, scr-nat to address ...
by givemesam
Sun May 10, 2015 9:07 pm
Forum: RouterBOARD hardware
Topic: AVAGO HFBR-57E0LZ 1300nm Multi-Mode SFP and CRS212-1G-10S-1S+ IN not quite working
Replies: 2
Views: 1039

Re: AVAGO HFBR-57E0LZ 1300nm Multi-Mode SFP and CRS212-1G-10S-1S+ IN not quite working

I'm no pro but possibly you need to swap tx and rx on one side of the optical link.

You may have tx going to tx, tx needs to go to rx
by givemesam
Thu Mar 26, 2015 2:16 am
Forum: General
Topic: router nat relay setup
Replies: 0
Views: 393

router nat relay setup

Hi all, lets say i used a real MT on one of my lans, OR i launched a VPS server with ROS running, could i do this: issue: Wifi network running 'isolation' with MAC based authentication. No devices can communicate over the lan. Devices are HVAC sensors and do not need internet access persay, but my c...
by givemesam
Sat Mar 21, 2015 9:19 pm
Forum: Announcements
Topic: v6.28 final RC testing
Replies: 92
Views: 32826

Re: v6.28 final RC testing

Is this the x27 (introduced in .25) port flapping issue? Taken off upstream switch cisco me3600x, ethernet port, connected to mikrotik sfp+ port on ccr1036 16GB via mikrotik copper sfp Also note: their port is set to no autonegotiation / 1000M Full My port would not sync up on autonegotiation unchec...
by givemesam
Sat Mar 21, 2015 7:58 am
Forum: Announcements
Topic: v6.28 final RC testing
Replies: 92
Views: 32826

Re: v6.28 final RC testing

me too. i upgraded to 6.27 last night, and 2 hrs later had FCS errors on the uplink/wan port connecting to upstream isp. This resulted in an outage that was devastating. rebooting did not help, reseating did not help. nothing helped. it randomly came back an hour later.......... Very concerned it wa...
by givemesam
Fri Mar 20, 2015 8:44 am
Forum: Announcements
Topic: v6.28 final RC testing
Replies: 92
Views: 32826

Re: v6.28 final RC testing

There are no dates on the posts in this thread. When will .28 be released? Just updated to .27 from .23 and immediately adopted an Ethernet negotiating issue on my ccr1036..... After two hours it just went off line. Has some FCS errors on my Cooper sfp. No asking of reboots or unplugging recovered i...
by givemesam
Sat Dec 20, 2014 8:05 am
Forum: RouterBOARD hardware
Topic: CCR 1036 stable firmware
Replies: 0
Views: 1116

CCR 1036 stable firmware

Any issues on CCR 1036 16GB bugs on current release 6.23? Using mikrotik copper sfp in sfp+ port for wan uplink I auto updated firmware and boot loader Replacing 1100ah Saw some stuff from a year ago mentioning beta 6.6 and some interface flopping issues, not sure if the firmware is way behind or no...
by givemesam
Sat Oct 11, 2014 1:31 pm
Forum: General
Topic: cookies and tcp filters
Replies: 0
Views: 521

cookies and tcp filters

I have been trying to learn everything i can to make my rb1100ah more resilient (if possible) and more stealthyish to DDOS. I just learned about syn_cookies and have enabled them :) they moved it to ip/settings vs ip/firewall/connections/settings Anyway, i had these rules at the top of my firewall: ...
by givemesam
Fri Oct 10, 2014 2:11 am
Forum: General
Topic: Help me with my firewall! Edge Router :)
Replies: 15
Views: 4419

Re: Help me with my firewall! Edge Router :)

so i had to add an icmp rule so i could ping the gateway. in my tests, i think it was pinging without the rule becuase the connections were already established when i loaded the new rules. then my watchdogs started rebooting when those connecttions were dropped and not allowed. I used: chain=input s...
by givemesam
Thu Oct 09, 2014 11:37 am
Forum: General
Topic: Help me with my firewall! Edge Router :)
Replies: 15
Views: 4419

Re: Help me with my firewall! Edge Router :)

OK! so i got hit with DDOS before i was able to put get things finalized. Network went down.... came back in about 10 min. i was desperate, so i started applying the rules, (in safe mode of course!) Things were going well with my new rules! Got hit with DDOS again, router could not handle it. its re...
by givemesam
Thu Oct 09, 2014 7:04 am
Forum: General
Topic: BAD IP block list - thoughts?
Replies: 1
Views: 911

BAD IP block list - thoughts?

I was working on my firewall and thought, hey, make a drop rule for known bad ips. I know its not elegant because ips can change, but i found a site called http://greensnow.co who publish about 700 of them. I know here are others, and maybe better ones, darklist, arbor, etc, im interested to know pe...
by givemesam
Thu Oct 09, 2014 6:07 am
Forum: General
Topic: Help me with my firewall! Edge Router :)
Replies: 15
Views: 4419

Re: Help me with my firewall! Edge Router :)

deleted
by givemesam
Thu Oct 09, 2014 4:42 am
Forum: General
Topic: Help me with my firewall! Edge Router :)
Replies: 15
Views: 4419

Re: Help me with my firewall! Edge Router :)

Excellent! I studied your notes, and then ran a test on my RB450G at home. Had to play with it a bit, but i think i got it. I am still a bit unclear of my order or operations on the icmp rules i have here. But what i want is the router to be stealth, but users on the lan, and the router itself to be...
by givemesam
Wed Oct 08, 2014 10:17 am
Forum: General
Topic: Help me with my firewall! Edge Router :)
Replies: 15
Views: 4419

Re: Help me with my firewall! Edge Router :)

what do you mean it could be a valuable debugging tool? how so? i have about 20 outside facing public ips, so i added dst-address to the rule so only 1 of them would ping back and since it was specified to allow, the other 19 would get caught by the drop everything rule right? ??? like this? add cha...
by givemesam
Wed Oct 08, 2014 8:15 am
Forum: General
Topic: Help me with my firewall! Edge Router :)
Replies: 15
Views: 4419

Re: Help me with my firewall! Edge Router :)

Thanks SO MUCH! you are teaching me lots! here is my rough draft now. I have a few questions on there and hoping i have things in the right order. I have some pre-filters that i am thinking can help me until i learn about pppoe, but i want to get my semi-open router mostly secured. Im worried about ...
by givemesam
Wed Oct 08, 2014 3:36 am
Forum: General
Topic: 1100AH forward rule capacity
Replies: 1
Views: 470

1100AH forward rule capacity

Am i right to assume that the 1100AH (notx2) does not have the juice to filter 250mbps/20mbps on the forward chain for lets say about 30 virus ports and accept new/est/related and drop the rest? I applied the port block on the forward chain and saw what i thought was drops from about 200mbps to less...
by givemesam
Wed Oct 08, 2014 2:06 am
Forum: General
Topic: Help me with my firewall! Edge Router :)
Replies: 15
Views: 4419

Re: Help me with my firewall! Edge Router :)

awesome. thanks! i am working on my 3rd draft, but i have a quick question. my v2 firewall that was posted above does not have a hard drop rule (yet :)) but i was wondering why the drop invalid connections count is so high? i feel like that should be before the allow established/related rules to wor...
by givemesam
Tue Oct 07, 2014 12:55 pm
Forum: General
Topic: Help me with my firewall! Edge Router :)
Replies: 15
Views: 4419

Re: Help me with my firewall! Edge Router :)

Hi Doc, I hope you are watching this tread. Your post really helped me to change my point of view of firewaling and while trying to build it, i think i understand all the login needed to make an effective edge router firewall. Here is the document i made for myself. I think it needs some editing and...
by givemesam
Tue Oct 07, 2014 9:12 am
Forum: General
Topic: Help me with my firewall! Edge Router :)
Replies: 15
Views: 4419

Re: Help me with my firewall! Edge Router :)

Wow. yes, you are right. Im learning and new at this. I had that queue in there and that was taking my routers performance :( had that in case it would help me hold access during an attack. RB1100AH i guess cant handle a queue of that size As a way to understand, help me with this: If say 20 users w...
by givemesam
Tue Oct 07, 2014 4:19 am
Forum: General
Topic: Help me with my firewall! Edge Router :)
Replies: 15
Views: 4419

Re: Help me with my firewall! Edge Router :)

router screenshot

wondering if we can share popular DDOS ports to block, and if it should be input and forward, and if output would help too.

not even sure any of this filtering will help.
by givemesam
Tue Oct 07, 2014 4:17 am
Forum: General
Topic: Help me with my firewall! Edge Router :)
Replies: 15
Views: 4419

Help me with my firewall! Edge Router :)

Hi all, DDOS. need i say more? crippled us over the last week. Had to have upstream isp blackhole the offending static route for 48 hours. Changing it didnt matter. Some LAN device is likely asking for it/report the IP. Didnt have any filter rules before. 2 years of no problems. I learned my lesson....
by givemesam
Fri Oct 03, 2014 11:04 am
Forum: General
Topic: winbox session to keep going when i disconnect
Replies: 0
Views: 716

winbox session to keep going when i disconnect

Hi there is there a way to make a winbox session keep going even if i disconnect? what im trying to go is to use terminal to ping an IP, then if i get disconnected, for it to resume and show me what the pings were like when i was not connected. This is a way to monitor uptime, stats, etc i know i ca...
by givemesam
Sat Jun 21, 2014 5:31 am
Forum: General
Topic: What CC Router is most closest to the RB1100AH (NOT x2)
Replies: 1
Views: 592

What CC Router is most closest to the RB1100AH (NOT x2)

I have an RB1100AH working as a core router. Will be doubling the traffic on it in the coming month. Its currently running around 150mbps of internet traffic for about 150 devices (all these are wireless APs, so total devices making TCP/UDP connections is more like 1,000) It is very simply setup. Th...
by givemesam
Thu May 15, 2014 9:39 am
Forum: General
Topic: 1100AH remove quickset
Replies: 5
Views: 785

Re: 1100AH remove quickset

cool
i didnt see an option to remove quickset in system/packages
by givemesam
Thu May 15, 2014 8:08 am
Forum: General
Topic: 1100AH remove quickset
Replies: 5
Views: 785

Re: 1100AH remove quickset

ok straight forward enough

Anyone know the 1100AH well enough to recommend which ones are not compatible?
by givemesam
Thu May 15, 2014 7:14 am
Forum: General
Topic: 1100AH remove quickset
Replies: 5
Views: 785

1100AH remove quickset

I updated 1100ah to v6 and installed all packages It grabbed quickset which clearly is not meant for it as it has put addresses in the fields that do not apply. It has occurred to me to take it out in case of accidental clicking or something. It also occurred to me there may be other modules in that...
by givemesam
Mon May 12, 2014 9:17 am
Forum: General
Topic: RB100AH Slave ports reporting throughput (no bridges)
Replies: 5
Views: 728

Re: RB100AH Slave ports reporting throughput (no bridges)

ALSO, Should i bridge my 2 switch groups? I dont have any reason for data to cross them, and each switch going to this router is vlaned to its own subnet, so broadcast traffic should not be trying to cross either (causing proccessor overhead?). If i do need to access something while managing the lan...
by givemesam
Mon May 12, 2014 9:15 am
Forum: General
Topic: RB100AH Slave ports reporting throughput (no bridges)
Replies: 5
Views: 728

Re: RB100AH Slave ports reporting throughput (no bridges)

OK! good to know! is there a way to turn it off? Also, i was watching throughput earlier, and noticed that every few seconds, it would show "0" for throughput on many of the interfaces for a moment, then show the rates again. Proc was about 30% with 120mbps throughput wondering if this is simply the...
by givemesam
Mon May 12, 2014 7:43 am
Forum: General
Topic: RB100AH Slave ports reporting throughput (no bridges)
Replies: 5
Views: 728

RB100AH Slave ports reporting throughput (no bridges)

Hi there I have an RB1100ah (not x2) and it used to be in this setup v5.xx Port 1 master port2-5 slaved Port 6 master port 6-10 slaved BRIDGE port 1+6 port 11 WAN port 12-13 unassigned Updated to most current 5.xx, then 6.xx, updated firmware newest: I changed it up to have NO Bridge, with 7 subnets...
by givemesam
Mon May 12, 2014 6:40 am
Forum: Beginner Basics
Topic: Port switching group on RB1100AH? Or something else?
Replies: 7
Views: 5150

Re: Port switching group on RB1100AH? Or something else?

Hi there Even though this is old, i thought i would chime in. I was a MT noob, and probably still am, but my understanding is of the RB1100AH (not x2) is Port 1-5 has its own switch chip with wire speed performance Port 6-10 same thing BUT port 11 is directly connected to the CPU, so what you want t...
by givemesam
Tue Jun 05, 2012 3:01 am
Forum: Scripting
Topic: Scrip for relase/renew IP DHCP Client
Replies: 12
Views: 24784

Re: Scrip for relase/renew IP DHCP Client

Hi! this is what i am looking for but i am a noob for scripting. it would be great if someone could make this a bit clearer for me. I need a script that will renew the dhcp client on ether1-gateway (i assume 'wan' was a label) if it can not ping out to 8.8.8.8 x times in 15 seconds. Ideally you can ...
by givemesam
Mon Jan 02, 2012 2:15 am
Forum: General
Topic: OpenDNS - Catch all DNS traffic
Replies: 11
Views: 13759

Re: OpenDNS - Catch all DNS traffic

Thank you for the reply! I thought i was missing some rules there. My understanding is quite primitive but i will catch on as i learn. So can this be explained as either /ip firewall nat add chain=dstnat action=dst-nat to-addresses=208.67.222.222 to-ports=53 protocol=tcp dst-port=53 add chain=dstnat...
by givemesam
Wed Aug 03, 2011 9:12 pm
Forum: General
Topic: AC Adapter Voltage/Performance Help
Replies: 0
Views: 395

AC Adapter Voltage/Performance Help

Hi Gurus, I am pretty new to Mikrotik, but have successfully put into production a 4WAN PCC load balanced 450G. Its performance is great, but sometimes things are not balancing all that well. I have narrowed it down to either our modems losing performance, or possible the ac adapter i used for it. I...
by givemesam
Wed Jul 27, 2011 1:17 am
Forum: Wireless Networking
Topic: Speedtest over winbox
Replies: 2
Views: 2851

Speedtest over winbox

I have a PCC 4 wan load balance setup on my 450g. We have wans drop out from time to time, and i need to do a speed test on the line to see if it is really down or if it is just how the load balancer is deciding to put traffic though it at the time. The alarming speeds usually look like this wan tx ...
by givemesam
Sun Jan 09, 2011 12:29 pm
Forum: RouterBOARD hardware
Topic: Advice for LOAD BALANCING Board that can handle 100mbps
Replies: 1
Views: 695

Advice for LOAD BALANCING Board that can handle 100mbps

Hi, I am newbie in these parts. I need a 4 WAN Load Balancer that can handle 4 X 25 mbps WANS. I know that the 680 mhz boards can handle a lot of throughput but according to this explanation from pfsense it should need more power to do that well. take a look http://www.pfsense.org/index.php?option=c...