Community discussions

MikroTik App

Search found 36 matches

by jryanhill
Wed Apr 24, 2019 4:56 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

I don't have one handy to try myself, so I can just suggest you to try to create a bridge (named e.g. lte-bridge), set the passthrough-interface parameter of the /interface lte apn row you use to lte-bridge, and attach a manually configured dhcp client to that bridge. If all these steps succeed and...
by jryanhill
Tue Apr 23, 2019 10:25 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

I have tried two methods in a lab setup of the failover issue. In both cases, I had two ethernet interfaces (to avoid issues with LTE for now) both set up as WAN. The first method was with both interfaces using action=src-nat and the other method with both interfaces using action=masquerade. I start...
by jryanhill
Tue Apr 23, 2019 5:00 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

Yes, drop invalid fixed the main issue of internal traffic not getting NATed. However, the secondary issue that was realized while troubleshooting is that when I have multiple WAN and it fails over from one to the other, there are packets showing a source IP from WAN1 going out on the WAN2 interface...
by jryanhill
Mon Apr 22, 2019 4:33 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

Is a manual or scripted option of clearing connections the only thing anyone can see? While it wouldn't be the first time I've scripted solutions, I was hoping for a more built in solution than this.
by jryanhill
Fri Apr 19, 2019 6:40 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

As a test to see if related to Masquerade, I set up a test environment with ether1 as my primary connection and ether2 as my secondary. ether1 had an IP of 10.12.1.2/24 and ether2 had an IP of 192.168.0.2/24. Primary route was 10.12.1.1 with distance 1 and I added the Pref source (for good measure) ...
by jryanhill
Fri Apr 19, 2019 5:59 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

To clarify, my packet captures no longer show internal traffic going out either public interface after adding the rules above. So we've got that solved. Instead, after a failover, ether1's IP is seen going out on LTE. When failing back, the LTE's IP is seen going out on ether1.
by jryanhill
Fri Apr 19, 2019 5:48 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

So while adding the below rules into the firewall has helped on the connection where it was on a single connection, it has not helped during a failover situation. /ip firewall filter add action=drop chain=input comment="Drop invalid Input" connection-state=invalid add action=drop chain=forward comme...
by jryanhill
Mon Apr 15, 2019 4:38 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

You may want to try srcnat rule with action=sct-nat instead of masquerade using an address within DHCP subnet range of your cellular modem/router. Set this address on ether1 manually instead of DHCP client and also manually add the same default route as DHCP client did. I would do this where I can,...
by jryanhill
Fri Apr 12, 2019 8:10 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

That looks VERY promising. I am going to look into it, and I will update later. Thank you VERY much.
by jryanhill
Fri Apr 12, 2019 7:31 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

Anyone have any further ideas?
by jryanhill
Wed Apr 10, 2019 7:26 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

It has disconnected since I added the rule. The generic srcnat rule did not show any bytes/packets.
by jryanhill
Wed Apr 10, 2019 5:22 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

Fasttrack is indeed enabled. As for the generic SRCNAT rule, I had not. I have it added now, and I will monitor it over the next few hours.
by jryanhill
Wed Apr 10, 2019 4:32 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Re: Issues with internal traffic not getting NATed

In the case of my most recent issue, it is the only WAN interface. I have had the issue in the past, but because it was a backup connection, it was not as high of a priority. For this situation, it is connected to a Cradlepoint via Ethernet. Since it is utilizing DHCP, I am not sure how to NAT outbo...
by jryanhill
Tue Apr 09, 2019 11:58 pm
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 22
Views: 2323

Issues with internal traffic not getting NATed

I have a situation in which a Mikrotik router has internal traffic "leaking" to the public interface. Normally this would not be an issue, as most devices upstream would simply pass it on and the packets would be lost somewhere along the way. However, I have issues with cellular networks kicking me ...
by jryanhill
Thu Jan 03, 2019 10:07 pm
Forum: General
Topic: Forwarding traffic inside the same subnet without replacing the source MAC
Replies: 4
Views: 501

Forwarding traffic inside the same subnet without replacing the source MAC

The main question is whether it is possible to have a Mikrotik with only a single IP and single interface act as a router without replacing the source mac addresses with it own mac address when forwarding traffic on. See below for explanation of why. So I have a firewall router as my WAN device that...
by jryanhill
Wed Jul 18, 2018 7:08 pm
Forum: Wireless Networking
Topic: RB2011UAS-2HnD missing LTE interface for USB Modem (USB730L)
Replies: 1
Views: 701

Re: RB2011UAS-2HnD missing LTE interface for USB Modem (USB730L)

I finally found someone else having an issue with a similar Modem: https://forum.mikrotik.com/viewtopic.php?t=127343 My modem is a Novatel USB730L, whereas in that post, it is a Novatel750. The fact that I have fewer issues with the full USB router makes me think this is more of a localized issue th...
by jryanhill
Wed Jul 18, 2018 6:16 pm
Forum: Wireless Networking
Topic: RB2011UAS-2HnD missing LTE interface for USB Modem (USB730L)
Replies: 1
Views: 701

RB2011UAS-2HnD missing LTE interface for USB Modem (USB730L)

I have 3 different scenarios taking place while trying to deploy Verizon's USB730L USB modems as redundant internet sources on about 20 different RB2011UAS-2HnD models. While all of the mikrotiks are RB2011UAS-2HnD models, some have micro-USB ports and some have full USB ports. For the micro-USB mod...
by jryanhill
Tue Jun 26, 2018 10:02 pm
Forum: Beginner Basics
Topic: Forwarding broadcast traffic between two networks
Replies: 13
Views: 2841

Re: Forwarding broadcast traffic between two networks

Yikes, I missed a lot since I started this thread. I did end up getting a Cisco router in place and using the "ip forward-protocol" feature built into it. It worked like a champ. In response to "build the network better" type answers, the network was well established before this came into play. The ...
by jryanhill
Fri May 04, 2018 9:28 pm
Forum: Beginner Basics
Topic: Forwarding broadcast traffic between two networks
Replies: 13
Views: 2841

Re: Forwarding broadcast traffic between two networks

I have spare and relatively cheap Mikrotiks in my inventory, but cannot say the same about Cisco routers. However, the "ip forward-protocol" and "ip helper-address" features in Cisco OS seem to be what I am looking for. I wonder if there is anything similar in RouterOS. There's the DHCP-Relay, but t...
by jryanhill
Fri May 04, 2018 6:21 pm
Forum: Beginner Basics
Topic: Forwarding broadcast traffic between two networks
Replies: 13
Views: 2841

Re: Forwarding broadcast traffic between two networks

Yeah, and I want to turn water into wine as well. That's a very good example of a post that is both unhelpful and not related to the conversation, the exact reason posts like this become long and hard to traverse. You may try to convince MikroTik to implement some broadcast relay (I've seen program...
by jryanhill
Fri May 04, 2018 1:43 am
Forum: Beginner Basics
Topic: Forwarding broadcast traffic between two networks
Replies: 13
Views: 2841

Forwarding broadcast traffic between two networks

So I am not new to Mikrotik, but new to this issue. Here's the scenario: Customer has software on a server that uses broadcast messages (NOT multicast or unicast) to send out informational updates to workstations on the same network. We found this out AFTER we began a migration of said server to a d...
by jryanhill
Mon Sep 18, 2017 4:46 pm
Forum: General
Topic: OVPN Server on RB1100AHx2 sporadically unresponsive
Replies: 6
Views: 1035

Re: OVPN Server on RB1100AHx2 sporadically unresponsive

Existing connections do not hang. Only new connections do not work. Furthermore, the MTU is indeed set to 1500 on all connections.
by jryanhill
Tue Sep 12, 2017 6:02 pm
Forum: General
Topic: OVPN Server on RB1100AHx2 sporadically unresponsive
Replies: 6
Views: 1035

Re: OVPN Server on RB1100AHx2 sporadically unresponsive

I don't think it would be the Meraki overreacting, since it would continue to overreact after the Mikrotik was rebooted. After rebooting the Mikrotik, it comes back up with no issues. Furthermore, existing connections continue to work with no issues.
by jryanhill
Tue Sep 12, 2017 4:17 pm
Forum: General
Topic: OVPN Server on RB1100AHx2 sporadically unresponsive
Replies: 6
Views: 1035

Re: OVPN Server on RB1100AHx2 sporadically unresponsive

The logs did not show any connections coming in, nor any other major issues, even with OVPN and Error being written to disk. As for Electrical, it is possible, as these are for a client that I am not at regularly. However, we have no fluctuation from the Merakis, switches, or any other devices in ou...
by jryanhill
Thu Sep 07, 2017 9:55 pm
Forum: General
Topic: OVPN Server on RB1100AHx2 sporadically unresponsive
Replies: 6
Views: 1035

OVPN Server on RB1100AHx2 sporadically unresponsive

I have a RB1100AHx2 that sporadically does not respond to OVPN requests coming inbound. Existing OVPN connections are still live and working, but new connections are not allowed nor seen in the Mikrotik's log. Rebooting the Mikrotik resolves the issue. Disabling and re-enabling the OVPN server does ...
by jryanhill
Thu Nov 10, 2016 4:51 pm
Forum: Scripting
Topic: Super Mario Theme
Replies: 40
Views: 41073

Re: Super Mario Theme

It wouldn't sound quite like the dial up noise, since the speaker can only play single tones, where as the dialing and several other aspects of the dial up noise require dual tones. I can't really think of a way to make it play the static sound.
by jryanhill
Tue Sep 15, 2015 12:43 am
Forum: Scripting
Topic: Super Mario Theme
Replies: 40
Views: 41073

Re: Super Mario Theme

I haven't made any new songs in quite a while, but here's Final Countdown that I made a few years ago: :beep frequency=880 length=100ms; :delay 100ms; :beep frequency=784 length=100ms; :delay 100ms; :beep frequency=880 length=400ms; :delay 400ms; :beep frequency=587 length=800ms; :delay 400ms; :dela...
by jryanhill
Thu Dec 12, 2013 7:15 pm
Forum: Scripting
Topic: Super Mario Theme
Replies: 40
Views: 41073

Re: Super Mario Theme

Oh, and here is one of my favorite songs to play for people: :delay 1000ms; :beep frequency=523 length=100ms; :delay 100ms; :beep frequency=587 length=100ms; :delay 100ms; :beep frequency=698 length=100ms; :delay 100ms; :beep frequency=587 length=100ms; :delay 100ms; :beep frequency=880 length=275ms...
by jryanhill
Thu Dec 12, 2013 7:12 pm
Forum: Scripting
Topic: Super Mario Theme
Replies: 40
Views: 41073

Re: Super Mario Theme

Sorry to Sadeghrafie for never getting that Lady Gaga song done. However, a few months back, it was requested to make the Jurassic Park Theme... so here you go: :beep frequency=466 length=275ms; :delay 300ms; :beep frequency=440 length=275ms; :delay 300ms; :beep frequency=466 length=1775ms; :delay 1...
by jryanhill
Tue Mar 05, 2013 11:27 pm
Forum: General
Topic: Vulnerability scan fails on OVPN Port: RSH Service Detected
Replies: 5
Views: 1728

Re: Vulnerability scan fails on OVPN Port: RSH Service Detec

Agreed, but it's hard to argue that against the PCI compliance company that credit card companies are asking the tests of. The purpose of the test is so that the credit card processing company that my client uses knows that it can trust my client's network. This particular company is HIGHLY dependen...
by jryanhill
Tue Mar 05, 2013 10:17 pm
Forum: General
Topic: Vulnerability scan fails on OVPN Port: RSH Service Detected
Replies: 5
Views: 1728

Re: Vulnerability scan fails on OVPN Port: RSH Service Detec

When I use rlogin (related to RSH) over TCP port 1194 to ANY RouterOS device that I have been trying, I do indeed get more response than the normal "rlogin username:". Specifically, I get "rlogin username: @Vú°XÒQPuTTY" or other varying random characters after the username.
by jryanhill
Tue Mar 05, 2013 9:35 pm
Forum: General
Topic: Vulnerability scan fails on OVPN Port: RSH Service Detected
Replies: 5
Views: 1728

Re: Vulnerability scan fails on OVPN Port: RSH Service Detec

It is trustwave. We have a few customers that use it.
by jryanhill
Tue Mar 05, 2013 8:04 pm
Forum: General
Topic: Vulnerability scan fails on OVPN Port: RSH Service Detected
Replies: 5
Views: 1728

Vulnerability scan fails on OVPN Port: RSH Service Detected

Hey Guys, I hope someone can help. I have been using RouterOS for some years now, but only recently has this started popping up on my routers that have vulnerability scans running on them. I use OpenVPN for many of my clients to access their networks. However, I am now getting errors on vulnerabilit...
by jryanhill
Sun Nov 13, 2011 3:12 pm
Forum: Scripting
Topic: Super Mario Theme
Replies: 40
Views: 41073

Re: Super Mario Theme

Give me a song request, and you got it.
by jryanhill
Tue Nov 08, 2011 12:15 am
Forum: Scripting
Topic: Super Mario Theme
Replies: 40
Views: 41073

Re: Super Mario Theme

So this is the closest forum post for creating music for Mikrotiks, so I decided to add to this a bit. I've made some music of my own after seeing the Mario theme. Thus far, I've made (not all, but recognizable parts of) Crazy Train, Dust In the Wind, Final Countdown, Mexican Hat Dance, Party in the...
by jryanhill
Wed Aug 03, 2011 7:59 pm
Forum: General
Topic: Invalid policies in IPsec
Replies: 2
Views: 2711

Re: Invalid policies in IPsec

I came across this post while trying to troubleshoot another issue. I know its been almost two months, but hopefully this will help someone in the future. Whenever I have multiple subnets going to the same endpoint, on the first policy I set up encrypt, require, and tunnel, just like you did. Howeve...