Community discussions

Search found 284 matches

by tws101
Wed Jun 08, 2016 12:40 am
Forum: Announcements
Topic: v6.34.5 [bugfix] is released!
Replies: 23
Views: 7260

Re: v6.34.5 [bugfix] is released!

VRRP interfaces disappeared after update...

Going from Bug Fix to Bug Fix version....

However I restored the previous backup and they appears to be up and running now.
by tws101
Mon Mar 07, 2016 11:22 pm
Forum: General
Topic: 6.34.2 Check Gateway Error
Replies: 0
Views: 459

6.34.2 Check Gateway Error

On version 6.34.2 Ping/Check Gateway is saying the route is down when it is in fact up.... Running the DHCP client Adding check gateway via routing filter Release renew to the same IP temporarily fixes the issue... In the end I had to downgrade to the stable 6.32.4 release to resolve the intermitten...
by tws101
Tue Mar 24, 2015 10:12 pm
Forum: Beginner Basics
Topic: Layer 7 Adblock?
Replies: 6
Views: 7698

Layer 7 Adblock?

Does anything have a simple method or script for blocking Ads in the router??

I wanted to use the easy list
https://easylist-downloads.adblockplus.org/easylist.txt

block everything and autoupdate it.
by tws101
Mon Oct 27, 2014 5:59 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 - Release date?
Replies: 193
Views: 47758

Re: RB850Gx2 - Release date?

What is the performance through NAT with about

10 FW
10 NAT
10 Mangle
10 Queues

All running?
500 Mbps?
by tws101
Wed Nov 06, 2013 9:53 pm
Forum: General
Topic: Port Forwarding
Replies: 4
Views: 935

Re: Port Forwarding

Did you allow this in Firewall Filter?
by tws101
Tue Nov 05, 2013 11:20 pm
Forum: Beginner Basics
Topic: 2 WAN WITHOUT LOAD BALANCING
Replies: 6
Views: 2935

Re: 2 WAN WITHOUT LOAD BALANCING

Place a routing mark on LAN 1 both subnets Place a different routing mark on LAN 2 all 3 subnets. In routes establish your WAN routes requiring that routing mark corresponding to the LAN you want routed out of it. As for communication between subnets on different LANs this happen automatically unles...
by tws101
Mon Nov 04, 2013 6:21 pm
Forum: General
Topic: Failover Solution Help
Replies: 3
Views: 830

Re: Failover Solution Help

Because your WAN connections are on different routers I do not see dynamic load balancing happening. But with VLAN separation we can do static load balancing. Example of VRRP setup with 2 vlans Router 1 VLAN 2 Master Router 2 VLAN 2 Slave Router 1 VLAN 3 Slave Router 2 VLAN 3 Master So this load bal...
by tws101
Mon Nov 04, 2013 6:03 pm
Forum: Beginner Basics
Topic: NAT
Replies: 1
Views: 503

Re: NAT

src-nat (Where it is coming from) <--Usually for an outbound request dst-nat (Where it is going to) <--- Usually for an inbound request Example I want to NAT in all requests to WAN IP 68.X.X.X:8080 to a device behind my router on port 80. DST-NAT TCP dstport 8080 Action dst-nat IP 10.0.0.8 dst port ...
by tws101
Mon Nov 04, 2013 5:54 pm
Forum: General
Topic: Bridge - NAT
Replies: 2
Views: 843

Re: Bridge - NAT

By definition the bridge is NOT transparent if you don't see the end devices MAC address.

You need to re-evaluate your bridge settings.
by tws101
Tue Oct 29, 2013 4:47 pm
Forum: Beginner Basics
Topic: How i can give bandwidth priority on ip base in mikrotik
Replies: 2
Views: 1176

Re: How i can give bandwidth priority on ip base in mikrotik

Limit at 10 priority 7 Max 10 192.168.0.1 Limit at 10 priority 7 Max 10 192.168.0.2 Limit at "Total pipe minus 20" Priority 8 Max "Total Pipe" 192.168.0.X X being everything else So how does this work so you can tweak it..... 1. Priority 1 to 8 in order reach LIMIT 2. Anything Left over goes out pri...
by tws101
Mon Oct 07, 2013 6:30 pm
Forum: General
Topic: Multiple IP addresses and switch
Replies: 1
Views: 669

Re: Multiple IP addresses and switch

Create a bridge and place the interfaces on the bridge.
by tws101
Thu Sep 26, 2013 10:32 pm
Forum: Forwarding Protocols
Topic: any way to emulate Peplink efficient load balancing?
Replies: 10
Views: 3026

Re: any way to emulate Peplink efficient load balancing?

Oh I see, and do you know any script? :)
Sorry I'm not a script guy
by tws101
Thu Sep 26, 2013 5:30 pm
Forum: Forwarding Protocols
Topic: any way to emulate Peplink efficient load balancing?
Replies: 10
Views: 3026

Re: any way to emulate Peplink efficient load balancing?

Doing it by domain name is only possible through a script as the normal input must be an IP
by tws101
Wed Sep 25, 2013 10:18 pm
Forum: General
Topic: Automatic MAC login & billing
Replies: 5
Views: 1482

Re: Automatic MAC login & billing

If someone is smart enough to change an IP to bypass your system... They are smart enough to change MAC addresses too.

I think you need to rethink your approach.
by tws101
Wed Sep 25, 2013 8:02 pm
Forum: General
Topic: NAT66 Feature how is it coming along (IPv6 Multihoming)
Replies: 2
Views: 1219

NAT66 Feature how is it coming along (IPv6 Multihoming)

As you may know many small sites that need redundancy currently have two ISPs and are using nat44. If all of them now have to use PI or BGP the routing tables would get huge and cause issues not to mention the costs to the end user. That first statement had no purpose other than to discourage those ...
by tws101
Wed Sep 25, 2013 6:28 pm
Forum: Wireless Networking
Topic: seperate VLANS for different WiFI speed
Replies: 1
Views: 816

Re: seperate VLANS for different WiFI speed

If your concern is the 802.11B clients slowing down the Wifi speed of 802.1N clients that is going to occur at the Radio not at the router. Meaning no changes to the router can help you.

If you want to throttle the Wifi clients so Cameras have more speed them you can do this with a queue.
by tws101
Wed Sep 25, 2013 12:34 am
Forum: General
Topic: Forward traffic from a router to a port on another router
Replies: 1
Views: 770

Re: Forward traffic from a router to a port on another route

Routing marks are not passed from mikrotik to mikrotik, they are internal to that router ONLY.

That being said the issue is probably an IP conflict.
by tws101
Tue Sep 24, 2013 7:00 pm
Forum: General
Topic: DHCP Make Static , Override Hostname
Replies: 2
Views: 1188

Re: DHCP Make Static , Override Hostname

Can't we just set a comment?
by tws101
Tue Sep 24, 2013 5:19 pm
Forum: General
Topic: DHCP: I want to ovveride static IP of computers
Replies: 10
Views: 2336

Re: DHCP: I want to ovveride static IP of computers

Because of the difference in subnet I do not believe proxy-arp will work.

It is a matter of the clients default gateway not being an address on the router.
by tws101
Fri Sep 20, 2013 5:33 pm
Forum: General
Topic: Port 123 Blocked - any workaround?
Replies: 4
Views: 1130

Re: Port 123 Blocked - any workaround?

Sorry for the delayed response on this.

You use NAT along with DST NAT to change the DST Port.
by tws101
Thu Sep 19, 2013 11:53 pm
Forum: General
Topic: Locating a rogue client?
Replies: 7
Views: 1883

Re: Locating a rogue client?

Well that can be complicated and take quite a bit of time...
I assume you are a WISP

Without speculating on how to hunt someone down....

Have you considered switching to PPPoE authentication?
Was WPA2-AES used to force a brute force attack or was an inferior method used?
by tws101
Thu Sep 19, 2013 10:50 pm
Forum: General
Topic: Multiple ISPs and IP Routing
Replies: 1
Views: 523

Re: Multiple ISPs and IP Routing

Mangle Routing-marks and add routes that use those marks for each ISP.
by tws101
Thu Sep 19, 2013 10:48 pm
Forum: General
Topic: Locating a rogue client?
Replies: 7
Views: 1883

Re: Locating a rogue client?

Define rogue client.

Do you mean rogue dhcp server?

Do you mean unauthorized client that hacked into the network?

Do you mean rogue AP that is mirroring yours?
by tws101
Wed Sep 18, 2013 6:00 pm
Forum: General
Topic: Dual WAN Failover with VoIP
Replies: 5
Views: 3337

Re: Dual WAN Failover with VoIP

Okay, as understand your question is: Can I have fail-over with HOT standby that will not drop a call in progress? If that is your question the answer is NO. All connected sessions are broken when the IP address changes. Meaning all streaming music, all streaming video, all VOIP calls, and all onlin...
by tws101
Wed Sep 18, 2013 5:53 pm
Forum: General
Topic: srce-nat local to public, IP on WAN interface?
Replies: 10
Views: 4201

Re: srce-nat local to public, IP on WAN interface?

Your question should I bridge the interfaces NO

In the case of subnetting you do lose those additional broadcast and network addresses.
by tws101
Wed Sep 18, 2013 12:16 am
Forum: Beginner Basics
Topic: Share 1 Gateway for 2 subnet
Replies: 7
Views: 1781

Re: Share 1 Gateway for 2 subnet

By default Mikrotik allows communication between subnets. This is on Layer 3.

Layer 2 will not work between the subnets. (Anything that requires a broadcast)

You can restrict Layer 3 as well by adding a firewall filter rule Chain Forward Action Drop and specify source and destination addresses.
by tws101
Tue Sep 17, 2013 10:45 pm
Forum: General
Topic: 100's of devices with similar mac & hostnames depleting ip's
Replies: 13
Views: 6086

Re: 100's of devices with similar mac & hostnames depleting

This is an old joke.... Assuming you don't want to secure the connection you could change the expiration time to 6 Hours and increase the pool size by a factor of 10. By the looks of it that would solve your issue. Just a thought... I wonder how it would handle you switching to a 10.0.0.0/8 and then...
by tws101
Tue Sep 17, 2013 10:18 pm
Forum: General
Topic: srce-nat local to public, IP on WAN interface?
Replies: 10
Views: 4201

Re: srce-nat local to public, IP on WAN interface?

The Router eats up two publics... One on WAN and Another on LAN... Then the remainder go to the clients with the LAN side IP as gateway. MAKE SURE Masquerade is OFF for these. Now due to the loss of two address on the router and the forced subnet division, this is the downside of this method. Now in...
by tws101
Tue Sep 17, 2013 7:03 pm
Forum: General
Topic: Port 123 Blocked - any workaround?
Replies: 4
Views: 1130

Re: Port 123 Blocked - any workaround?

Only two solutions are an external server that uses a different port or turn a PC into an NTP Server locally
by tws101
Mon Sep 16, 2013 11:53 pm
Forum: Beginner Basics
Topic: Share 1 Gateway for 2 subnet
Replies: 7
Views: 1781

Re: Share 1 Gateway for 2 subnet

Yes it will work.. You need DHCP setup as well as a decision as to whether you want routing between your local subnets but yes it should work.
by tws101
Mon Sep 16, 2013 6:30 pm
Forum: General
Topic: srce-nat local to public, IP on WAN interface?
Replies: 10
Views: 4201

Re: srce-nat local to public, IP on WAN interface?

I'm only not sure how option 2 relates to security (public IP's on my LAN!) and how to set up the internet gateway router. Does I have to make it a bridged gateway router? And set up all firewall rules on the bridge? Since the rest was answered I will try to answer this question. Firewall Filter (I...
by tws101
Fri Sep 13, 2013 5:38 pm
Forum: General
Topic: srce-nat local to public, IP on WAN interface?
Replies: 10
Views: 4201

Re: srce-nat local to public, IP on WAN interface?

Okay you have three options. 1. 1 to 1 Nat : Assign ALL public addresses being used to the WAN interface. Then use NAT to control what privates use those public. OR 2. Directly assign the Public Addresses : Assign one public to the WAN interface and subnet out the rest of your /24 to your devices. (...
by tws101
Fri Sep 13, 2013 5:21 pm
Forum: General
Topic: dst-nat puts packets on the wrong interface
Replies: 1
Views: 542

Re: dst-nat puts packets on the wrong interface

Without telling you to post your config, I would tell you just to add the route to the routing table.

Otherwise please post your config.
by tws101
Fri Sep 13, 2013 5:15 pm
Forum: General
Topic: VPN PPTP What is wrong?
Replies: 1
Views: 537

Re: VPN PPTP What is wrong?

TCP Port number=1723
Protocol=GRE (value 47)

Firewall must allow those. If you are still having issue please /print what you have done and post it here.
by tws101
Thu Sep 12, 2013 6:40 pm
Forum: General
Topic: DHCP: I want to ovveride static IP of computers
Replies: 10
Views: 2336

Re: DHCP: I want to ovveride static IP of computers

You can't override the client device IP settings. If you did find a way to do this it would be a hack and depending on where you did this would probably be a crime. However, You can change DHCP Server to add the ARP table entry. Then change ARP on the interface in question to reply only. By doing th...
by tws101
Mon Sep 09, 2013 7:06 pm
Forum: Beginner Basics
Topic: WAN merge from same ISP
Replies: 2
Views: 927

Re: WAN merge from same ISP

If your provider offers MLPPP you can combine the two circuits into one.

If this is not offered the best you can do is load balancing.



Please advise us if your provider has this option or not.
by tws101
Fri Sep 06, 2013 6:12 pm
Forum: Forwarding Protocols
Topic: how do i forward public IP to client
Replies: 2
Views: 1175

Re: how do i forward public IP to client

Situation 1 Assuming you have these addresses assigned to the WAN interface.... You must http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT 1 to 1 NAT Situation 2 Now if those addresses are not assigned to the WAN interface (Not an option if one must be on your routers wan). You can assign them on...
by tws101
Tue Sep 03, 2013 10:01 pm
Forum: Beginner Basics
Topic: two pools, two ISP
Replies: 3
Views: 1026

Re: two pools, two ISP

Okay step by step... Assuming you have static IP's via the DHCP client.... Do not add default route to routing table for both clients **If Ip's are dynamic you will go ahead and add the routes but use a routing filter to differentiate them and add the routing marks Add IP Pool for each local group I...
by tws101
Tue Sep 03, 2013 9:47 pm
Forum: Beginner Basics
Topic: measure traffic of LAN interface
Replies: 3
Views: 1111

Re: measure traffic of LAN interface

Arp-Proxy on all interfaces. Detailed explanation in the link below.
http://wiki.mikrotik.com/wiki/Manual:IP/ARP


Assign a different subnet to all interfaces
Assign different DHCP server to all infercase
by tws101
Fri Aug 30, 2013 11:45 pm
Forum: Beginner Basics
Topic: two pools, two ISP
Replies: 3
Views: 1026

Re: two pools, two ISP

All your going to need to do is Routing mark in Mangle and run static routes that refer to those routing marks. These can be one pool or two pools does not matter.
by tws101
Fri Aug 30, 2013 5:26 pm
Forum: General
Topic: Unable to route between two networks
Replies: 16
Views: 3593

Re: Unable to route between two networks

I'm lost on this one. I would suggest rolling a new thread labeled Hair Pin Nat.
by tws101
Thu Aug 29, 2013 5:39 pm
Forum: General
Topic: Unable to route between two networks
Replies: 16
Views: 3593

Re: Unable to route between two networks

IF the Hair pin nat rules are not working http://wiki.mikrotik.com/wiki/Hairpin_NAT please post firewall NAT rules ****Did you use the final masquerade rule on the hairpin nat page? *********Also, I know this is bad form but you could just put the DNS entry into the mikrotik for the local address.
by tws101
Wed Aug 28, 2013 5:41 pm
Forum: Beginner Basics
Topic: measure traffic of LAN interface
Replies: 3
Views: 1111

Re: measure traffic of LAN interface

Well I see a major issue with what you are trying.... Putting them all in the same Layer 2 does just that and puts them all in the same Layer 2. So your DHCP servers will compete with each other. Have you considered doing arp-proxy and arranging your subnets as follows: 192.168.0.0/16 (Server) 192.1...
by tws101
Mon Aug 26, 2013 8:04 pm
Forum: Beginner Basics
Topic: Changing Native VLAN between trunks
Replies: 3
Views: 8837

Re: Changing Native VLAN between trunks

The best advice is to tag everything as it leaves the switch going to the Mikrotik. No native on the trunk port going to the Mikrotik. So Mikrotik to Switch all tagged switch to other devices run in hybrid mode as needed. If you don't want to do that the Mikrotik's switch can do what you are asking ...
by tws101
Sat Aug 24, 2013 12:16 am
Forum: Beginner Basics
Topic: Basical firewall for bridge
Replies: 4
Views: 1129

Re: Basical firewall for bridge

Firewall filter not bridge filter

.................

As for the remainder of your goals
1. Firewall Mangle Mark Connections
2. Firewall Mangle based on those Connection marks mark packets
3. Queue Tree Based on those packet marks queue the traffic
by tws101
Sat Aug 24, 2013 12:12 am
Forum: General
Topic: CCR VLAN Routing Issue
Replies: 10
Views: 2200

Re: CCR VLAN Routing Issue

Please copy paste from your terminal...
Interfaces
Addresses
DHCP SERVER

Feel free to redact your public IP's
by tws101
Fri Aug 23, 2013 11:04 pm
Forum: General
Topic: CCR VLAN Routing Issue
Replies: 10
Views: 2200

Re: CCR VLAN Routing Issue

Add Interface VLAN

Add Address range to VLAN interface

Add DHCP Server to Vlan Interface

Add Firewall Mangle Routing mark

Add Route for that mark going out the public you want it to


This should be fairly straight forward.
by tws101
Fri Aug 23, 2013 11:00 pm
Forum: Beginner Basics
Topic: Route Web Traffic out Wan2 and all other out Wan1
Replies: 2
Views: 2311

Re: Route Web Traffic out Wan2 and all other out Wan1

You can't specify and Ethernet interface as a gateway.... Only a pppoe or other virtual interface. Other wise you need an ip address in there.

You can assign it but traffic misses next hop. Put an IP in instead.
by tws101
Fri Aug 23, 2013 10:57 pm
Forum: General
Topic: Unable to route between two networks
Replies: 16
Views: 3593

Re: Unable to route between two networks

Okay I see the issue. You have 0.0.0.0/0 routes at distance ZERO. Distance Zero should be all your local routes and distance 1+ should be used for your out to internet routes.

At no time should a 0.0.0.0/0 DST route be distance 0.....
by tws101
Wed Aug 21, 2013 7:46 pm
Forum: General
Topic: Unable to route between two networks
Replies: 16
Views: 3593

Re: Unable to route between two networks

Doesn't make sense information is missing. Please post the Mangle Rules as well as the routes.
by tws101
Wed Aug 21, 2013 7:42 pm
Forum: Beginner Basics
Topic: dhcp relay - two servers
Replies: 3
Views: 1161

Re: dhcp relay - two servers

The authoritative delay causes one to function as a backup. However if the main server is slow to respond it will occasionally pick up the slack.
by tws101
Wed Aug 21, 2013 12:17 am
Forum: General
Topic: Unable to route between two networks
Replies: 16
Views: 3593

Re: Unable to route between two networks

Ah I see the issue now those mangle rules don't exclude your local traffic. [admin@MikroTik] /ip firewall mangle> print Flags: X - disabled, I - invalid, D - dynamic 0 chain=prerouting action=mark-routing new-routing-mark=TC passthrough=yes src-address=192.168.88.0/24 1 chain=prerouting action=mark-...
by tws101
Tue Aug 20, 2013 10:19 pm
Forum: Forwarding Protocols
Topic: Second gateway,...
Replies: 3
Views: 1346

Re: Second gateway,...

That could be the issue also try clearing distance altogether.
by tws101
Tue Aug 20, 2013 5:30 pm
Forum: Forwarding Protocols
Topic: Second gateway,...
Replies: 3
Views: 1346

Re: Second gateway,...

Just to note the way to do this with routes only would have been ip route add dst-address=172.16.0.0/24 gateway="192.168.0.150" (You may need distance 1) Because anything going to 172.16.0.0/24 is sent to 192.168.0.150 for resolution. The router knows 192.168.0.150 is on the local bridge due to the ...
by tws101
Tue Aug 20, 2013 5:23 pm
Forum: Beginner Basics
Topic: dhcp relay - two servers
Replies: 3
Views: 1161

Re: dhcp relay - two servers

Relay is to direct to a server not on the same L2.

However you can run two servers on the same L2 as I am doing it.

Set the main to delay 2s and the backup to 10s also make sure the DHCP pool does not overlap. Each should have a unique pool.
by tws101
Tue Aug 20, 2013 5:20 pm
Forum: General
Topic: firewall problem
Replies: 3
Views: 521

Re: firewall problem

I mean in winbox IP UPNP

Enable

In other words enable Universal Plug and Play
by tws101
Mon Aug 19, 2013 10:54 pm
Forum: General
Topic: firewall problem
Replies: 3
Views: 521

Re: firewall problem

IP UPNP Enable
by tws101
Mon Aug 19, 2013 10:51 pm
Forum: General
Topic: IP Lease
Replies: 2
Views: 510

Re: IP Lease

by tws101
Mon Aug 19, 2013 10:47 pm
Forum: Beginner Basics
Topic: Port Triggering
Replies: 1
Views: 1132

Re: Port Triggering

Maybe you should explain everything. Exactly what you are trying to do. Because as is you should have no issue. The default Mikrotik firewall rules allow triggering. 0 ;;; default configuration chain=input action=accept protocol=icmp 1 ;;; default configuration chain=input action=accept connection-s...
by tws101
Mon Aug 19, 2013 10:37 pm
Forum: General
Topic: NAT from one bridge to antoher on wan ip
Replies: 1
Views: 428

Re: NAT from one bridge to antoher on wan ip

I read this 4 time and I am not quite sure what your question is....

However it looks like you want to http://wiki.mikrotik.com/wiki/Hairpin_NAT
by tws101
Mon Aug 19, 2013 10:30 pm
Forum: General
Topic: Unable to route between two networks
Replies: 16
Views: 3593

Re: Unable to route between two networks

Disable you firewall filter rules and test again if it succeeds resolve the issue with an allow above the drop that is causing the issue. Assuming that is not the issue at all.... It is possible you have a route that is hijacking that traffic. Do a print on your routes routes and post them. ******O...
by tws101
Mon Aug 19, 2013 10:24 pm
Forum: Beginner Basics
Topic: vlans
Replies: 4
Views: 733

Re: vlans

are you tagging the traffic?
by tws101
Mon Aug 19, 2013 7:27 pm
Forum: General
Topic: Unable to route between two networks
Replies: 16
Views: 3593

Re: Unable to route between two networks

Disable you firewall filter rules and test again if it succeeds resolve the issue with an allow above the drop that is causing the issue. Assuming that is not the issue at all.... It is possible you have a route that is hijacking that traffic. Do a print on your routes routes and post them. ******On...
by tws101
Mon Aug 19, 2013 7:23 pm
Forum: The User Manager
Topic: Users Quota/Speed Limit
Replies: 1
Views: 3766

Re: Users Quota/Speed Limit

This is a BASIC overview of how to do it. You will need the Wiki to fill in the details. Feel free to reply if you are having trouble. After setting up your DHCP address reservations you need to create address lists in the firewall. Create your 3 lists as well as the fourth list that has no access. ...
by tws101
Mon Aug 19, 2013 7:11 pm
Forum: Beginner Basics
Topic: vlans
Replies: 4
Views: 733

Re: vlans

You need to start at Vlan 2

VLAN 1 is reserved for NO VLAN.
by tws101
Mon Aug 19, 2013 7:04 pm
Forum: General
Topic: Unable to route between two networks
Replies: 16
Views: 3593

Re: Unable to route between two networks

By default Mikrotik will route between two different connected networks. Unless you put in a filter rule to stop it.

When you say can't route what exactly do you mean?

1. Can't ping server via router?
2. Can't ping server via PC?
3. Ping works I can't do something else... Explain...
by tws101
Fri Aug 16, 2013 6:40 pm
Forum: General
Topic: Limits users using NAT behind my Router
Replies: 1
Views: 414

Re: Limits users using NAT behind my Router

You can only allow certain address to use the internet, but if a user uses one of those addresses and performs NAT behind it... That as they say is that. So if a user performs NAT behind a valid address you won't see the MAC address of any device except the head end device. This is the nature of lay...
by tws101
Wed Aug 14, 2013 10:00 pm
Forum: General
Topic: MTK Hotspot - Allow all except 80 - Android - IOS
Replies: 3
Views: 992

Re: MTK Hotspot - Allow all except 80 - Android - IOS

Android has a notification that it is connected to a network that requires sign in. This occurs in the upper left corner since the ICS builds.
by tws101
Mon Aug 12, 2013 6:25 pm
Forum: The User Manager
Topic: Bypass data limit for a special ip
Replies: 1
Views: 1454

Re: Bypass data limit for a special ip

Without your more configuration information it is hard to answer... I would say accept packets to that server based on that IP then PASS-THROUGH=NO on NAT. This will bypass your other rules.
by tws101
Mon Aug 12, 2013 6:20 pm
Forum: General
Topic: DHCP CRITICAL ERROR
Replies: 5
Views: 1215

Re: DHCP CRITICAL ERROR

It sounds like a rogue dhcp server was connected to your network. You need to secure your physical interfaces.
by tws101
Mon Aug 12, 2013 6:19 pm
Forum: General
Topic: port security
Replies: 1
Views: 1406

Re: port security

Why not just give out IP's to authorized devices only as well as using arp-reply only and dhcp server add arp. OR setup a pool with let say 10 IP's and expire then after 1 hour. I know you want 8 devices max but if they exchange a device you have a little coverage. OR Have you considered breaking th...
by tws101
Fri Aug 09, 2013 7:24 pm
Forum: General
Topic: Queue Tree Help Needed......
Replies: 2
Views: 489

Re: Queue Tree Help Needed......

Under the Queue Tree that is applying to ALL users as a collective. Remember limit allows highest priority queue to reach limit first. After all queues are at limit then highest may go to max limit. If you want to set individual user limits that is set in queue type PCQ. Then you would select that q...
by tws101
Tue Jul 30, 2013 10:58 pm
Forum: General
Topic: Make pool clear
Replies: 2
Views: 542

Re: Make pool clear

A reboot should resolve this issue
by tws101
Mon Jul 29, 2013 6:31 pm
Forum: Beginner Basics
Topic: port forwarding
Replies: 10
Views: 7065

Re: port forwarding

Well if you can't get to port 80 with mikrotik firewall off and port 80 service on in the router. Meaning if the routers port 80 page does not come up from the outside....

You need to look at your ISP.
by tws101
Thu Jul 25, 2013 11:40 pm
Forum: Beginner Basics
Topic: port forwarding
Replies: 10
Views: 7065

Re: port forwarding

For testing purposes I would enable port 80 service on the Mikrotik... Test it internally Disable the firewall.. Test it externally. My guess is the external test will fail because an ISP issue is blocking that port... *****Have you Considered redirecting another port to port 80 from the outside? Ex...
by tws101
Wed Jul 24, 2013 5:28 pm
Forum: General
Topic: isolate hotspot from office lan
Replies: 3
Views: 1902

Re: isolate hotspot from office lan

Assuming they are independent master ports and are not assigned to the same bridge. What you did looks good. Regardless this is what I am doing and I know it works. Network Setup 10.0.0.0/22 Office (Protected Secure Network) 10.255.1.0/29 Printer (Office and other networks need access) 10.1-5.X.X/22...
by tws101
Tue Jul 23, 2013 10:35 pm
Forum: General
Topic: isolate hotspot from office lan
Replies: 3
Views: 1902

Re: isolate hotspot from office lan

Your doing it by interface... Based on this I am guess that this is not working because the data is going through the switch chip and not the router.

Is Eth 3 on the same switch with the rest of the network?

If it is that is your problem. You must isolate it.
by tws101
Wed Jul 10, 2013 12:49 am
Forum: The Dude
Topic: ddns connection
Replies: 12
Views: 2422

Re: ddns connection

This rule exactly is working perfectly.

add action=dst-nat chain=dstnat dst-port=80 in-interface=WAN protocol=tcp to-addresses=10.0.0.2 to-ports=80

If yours is not working you need to export the exact rule that is failing and post it to this thread.
by tws101
Mon Jul 08, 2013 5:18 pm
Forum: The Dude
Topic: ddns connection
Replies: 12
Views: 2422

Re: ddns connection

You will need to give more details...
by tws101
Fri Jul 05, 2013 6:56 pm
Forum: The Dude
Topic: ddns connection
Replies: 12
Views: 2422

Re: ddns connection

I meant the routers internal web page on port 80 under services.

I was NOT suggesting a firewall rule to kill port 80.

IP - Services
port 80 www (Disable)
This kills the port 80 page that you pull up when typing in the routers IP.
by tws101
Thu Jun 27, 2013 9:50 pm
Forum: Beginner Basics
Topic: [SOLVED] Access from the internet
Replies: 4
Views: 813

Re: Access from the internet

Firewall

Post your firewall rules.
by tws101
Thu Jun 27, 2013 5:51 pm
Forum: General
Topic: VLANing
Replies: 9
Views: 1896

Re: VLANing

If you are setting the port to have a default vlan ID then you are fine. Untagged packets will be accepted into the default.

If you need to tag them later like on your trunk port.. You would tag them on egress. Also the trunk port would need to be part of the same switch.
by tws101
Wed Jun 26, 2013 5:20 pm
Forum: General
Topic: user speed limit
Replies: 6
Views: 1150

Re: user speed limit

use print or export at the terminal.
by tws101
Tue Jun 25, 2013 10:07 pm
Forum: General
Topic: user speed limit
Replies: 6
Views: 1150

Re: user speed limit

Please export the exact commands
by tws101
Tue Jun 25, 2013 7:20 pm
Forum: The Dude
Topic: ddns connection
Replies: 12
Views: 2422

Re: ddns connection

Example IP FIREWALL NAT add action=dst-nat chain=dstnat dst-port=80 in-interface=WAN protocol=tcp to-addresses=10.0.0.2 to-ports=80 With this rule a web browser going to your URL will be forwarded to the web page for 10.0.0.2 instead of the router.... Also under IP Services Disable www port 80 and t...
by tws101
Mon Jun 24, 2013 6:22 pm
Forum: General
Topic: Remove NAT
Replies: 3
Views: 1063

Re: Remove NAT

You can add a routing mark to the traffic that needs to be NATed and add the mark as required for you masquerade rule.

Or mark the opposite traffic and use the NOT rule.
by tws101
Mon Jun 24, 2013 6:20 pm
Forum: General
Topic: VLANing
Replies: 9
Views: 1896

Re: VLANing

By default in Mikrotik you can route between VLANs unless you added a firewall rule to prevent you from doing so.

And yes your configuration looks good. I assume you are getting The correct IP addresses from the vlan assigned Ethernet ports?
by tws101
Mon Jun 24, 2013 6:14 pm
Forum: Beginner Basics
Topic: Manage several IPs
Replies: 3
Views: 750

Re: Manage several IPs

You are lacking the dst-nat rule

chain=dstnat action=dst-nat to-addresses=10.0.20.0/24
dst-address=146.255.243.XX
by tws101
Fri Jun 21, 2013 7:57 pm
Forum: Beginner Basics
Topic: Wireless bridge with existing network
Replies: 2
Views: 838

Re: Wireless bridge with existing network

WDS Bridge is what you want
by tws101
Fri Jun 21, 2013 7:56 pm
Forum: The Dude
Topic: ddns connection
Replies: 12
Views: 2422

Re: ddns connection

You need to put in a DST NAT rule to redirect the traffic...

Also you may want to kill the Router OS Port 80 page.
by tws101
Fri Jun 21, 2013 7:20 pm
Forum: General
Topic: Excluding some traffic from simple queue
Replies: 2
Views: 682

Re: Excluding some traffic from simple queue

I would switch to Tree
by tws101
Fri Jun 21, 2013 7:19 pm
Forum: General
Topic: Help needed with queues
Replies: 4
Views: 725

Re: Help needed with queues

Simple Queue supports burst.... Just fill in the burst options... If unsure as to what to do read the simple queue wiki
http://wiki.mikrotik.com/wiki/Manual:Queue
by tws101
Fri Jun 21, 2013 7:14 pm
Forum: General
Topic: two interfaces in one subnet
Replies: 1
Views: 495

Re: two interfaces in one subnet

I would change your internal subnet... or arrange for the ISP to provide you a Public address.
by tws101
Fri Jun 21, 2013 7:10 pm
Forum: General
Topic: VLANing
Replies: 9
Views: 1896

Re: VLANing

Attach to the master port (Physical Port) you will be using the VLAN on. Based on your setup it looks like Port 3 "ether3-master-local"

No bridging..
by tws101
Fri Jun 21, 2013 6:31 pm
Forum: General
Topic: VLANing
Replies: 9
Views: 1896

Re: VLANing

While Mikrotik has a switch chip... It is no substitute for an actual managed switch. Add your VLAN Interface in INTERFACE Your switch will need to have default vlan set to 2 for those ports change mode to fall back. Leave as always strip. Now head to dhcp server and you will see the VLAN interface ...
by tws101
Fri Jun 21, 2013 5:39 pm
Forum: General
Topic: Port Forward without specifying without specifying WAN IP
Replies: 3
Views: 971

Re: Port Forward without specifying without specifying WAN I

Have you tried leaving DST address empty and selecting Input Interface instead? I'm pretty sure that's what I'm doing now. This worked perfect for me.... My smartphone on sprint network resolved my wan ip 72.x.x.x:4444 to a Ubiquiti NSM5 under my mikrotik router. add action=dst-nat chain=dstnat dst...
by tws101
Fri Jun 21, 2013 5:30 pm
Forum: Beginner Basics
Topic: How to set Priority Without knowing real bandwidth
Replies: 5
Views: 2243

Re: How to set Priority on Queue Tree knowing real bandwidth

In a Queue tree you have a parent queue and child queue. Place your high priority PCs IP in the High priority child queue. Have a high limit at rate set. Then place everything else in the low priority child queue.
by tws101
Thu Jun 20, 2013 9:58 pm
Forum: Beginner Basics
Topic: RB 750 Configuration Assistance
Replies: 1
Views: 485

Re: RB 750 Configuration Assistance

1. remotely access the router online
IP-Firewall

2. register and Lock- out users by Mac Address
IP-DHCP Server
IP-Fire Wall

3. Assign IP Addresses.
IP-Addresses
IP-DHCP Server
by tws101
Thu Jun 20, 2013 9:52 pm
Forum: Beginner Basics
Topic: How to set Priority Without knowing real bandwidth
Replies: 5
Views: 2243

Re: How to set Priority on Queue Tree knowing real bandwidth

I believe the answer is... You don't..

However when considering.... You could do PCQ with a VERY High max limit but put in the minimum limit at rates you want to have reserved for you priority queue.

It would be messy but it could work
by tws101
Thu Jun 20, 2013 9:44 pm
Forum: General
Topic: Port Forward without specifying without specifying WAN IP
Replies: 3
Views: 971

Re: Port Forward without specifying without specifying WAN I

Have you tried leaving DST address empty and selecting Input Interface instead?
by tws101
Thu Jun 20, 2013 12:56 am
Forum: Beginner Basics
Topic: Windows DNS server
Replies: 4
Views: 2465

Re: Windows DNS server

I think the issue is the two local hops in your dns. Have your Windows DHCP server direct DNS directly to the router 172.16.1.1 instead dhcp server relaying you over to it.
by tws101
Thu Jun 20, 2013 12:49 am
Forum: Beginner Basics
Topic: Marina WiFi
Replies: 1
Views: 455

Re: Marina WiFi

I could make a recommendation and provide quote but I am a re-seller so you will need to hit me off-list.

tyler@domainname in siganture is my email.
by tws101
Thu Jun 20, 2013 12:35 am
Forum: Beginner Basics
Topic: Manage several IPs
Replies: 3
Views: 750

Re: Manage several IPs

I am unclear as to what the goal is... Are you wanting to NAT multi local address out of all of them and balance? Are you wanting to NAT 1 to 1 some of them and multi out one? ***Assuming what you want is something like this... Assign all the Public IPs to Router A wan port. Then setup NAT rules to ...
by tws101
Fri Jun 14, 2013 6:15 pm
Forum: General
Topic: 2 WANs to 2 LANs (task more explained)
Replies: 2
Views: 737

Re: 2 WANs to 2 LANs (task more explained)

Under IP Firewall Mangle you need to routing mark the packets from the source network.

Under IP routes you need to establish a route for each of those routing marks.

That is all.
by tws101
Mon Jun 10, 2013 5:38 pm
Forum: Wireless Networking
Topic: Can you get 300Mbps WiFi connection to your router?
Replies: 5
Views: 2887

Re: Can you get 300Mbps WiFi connection to your router?

In the specs I do not see the antenna configuration
http://routerboard.com/RB951G-2HnD

Datarates should be as follows
http://en.wikipedia.org/wiki/IEEE_802.11n-2009

I would assume the antennas is a 1x1.
by tws101
Wed Jun 05, 2013 10:19 pm
Forum: Beginner Basics
Topic: Change NAT
Replies: 2
Views: 480

Re: Change NAT

You have 3 methods to choose from... I suggest you use which ever you are most comfortable with. 1. PPPoE http://wiki.mikrotik.com/wiki/PPPOE_Server 2. DHCP This is what you do now except with public addresses NO NAT, NO Masquerade. 3. 1 to 1 NAT http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT ...
by tws101
Wed Jun 05, 2013 6:25 pm
Forum: General
Topic: Three WAN connections - routing setup?
Replies: 1
Views: 524

Re: Three WAN connections - routing setup?

Yes, Your going to use Mangle Mangle based on Src-address each subnet with a routing mark. Routing mark can be anything example Wan1, Wan2, and Wan3. Now that packets are marked the next step in IP Routes Put three any address routes in (0.0.0.0/0) referring to the gateway you want to use. Also don'...
by tws101
Sat Jun 01, 2013 12:14 am
Forum: Beginner Basics
Topic: Queueing a range of IP's - sharing bandwidth
Replies: 7
Views: 5294

Re: Queueing a range of IP's - sharing bandwidth

Change to Queue Tree IP FIREWALL MANGLE add action=mark-packet chain=forward comment="Download Special" dst-address=11.11.11.230-11.11.11.235 in-interface=Ether1 new-packet-mark="Download Special" passthrough=no add action=mark-packet chain=forward comment="Download Main" dst-address=11.11.11.0/24 i...
by tws101
Fri May 31, 2013 8:47 pm
Forum: General
Topic: Tagged and Untagged VLAN on same interface
Replies: 3
Views: 1553

Re: Tagged and Untagged VLAN on same interface

Just to provide more info http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features You will notice that the mikrotik switch chips are different across most models... Head down to the final section Example - 802.1Q Trunking with Atheros switch chip in RouterOS v6 In here you read this works with AR8...
by tws101
Fri May 31, 2013 8:42 pm
Forum: Beginner Basics
Topic: Mikrotik reserve band or limite bandwith
Replies: 3
Views: 638

Re: Mikrotik reserve band or limite bandwith

Well in effect limiting can reserve as well... If the limit is set below the max limit of your connection and you not reserved some bandwidth. Please review this http://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ It will probably lead you to the solution you are looking for... If you did not mean per...
by tws101
Fri May 31, 2013 6:59 pm
Forum: General
Topic: Tagged and Untagged VLAN on same interface
Replies: 3
Views: 1553

Re: Tagged and Untagged VLAN on same interface

Mikrotik for the most part does not have that developed a switch chip. As far as I have seen to run native Vlan untagged it must have been tagged once it arrives back at the router... So you need a switch to handle that tagging on trunk and untagging on native ports. The 260GS works fine. So handle ...
by tws101
Fri May 31, 2013 6:44 pm
Forum: General
Topic: Question about possible solution on networking "masquerade"
Replies: 3
Views: 491

Re: Question about possible solution on networking "masquera

You could 1 to 1 Nat them out, and communicate with them directly.

But if you question was can I do it and "masquerade" I would say the answer is NO. At least it would not be using the same masquerade address.
by tws101
Wed May 29, 2013 11:56 pm
Forum: General
Topic: Customization Unlock Edit internal webpage
Replies: 1
Views: 463

Customization Unlock Edit internal webpage

In Router OS 6 how do we host or edit the existing internal webpage?

Do we still need to email support for customization unlock?
by tws101
Wed May 29, 2013 10:49 pm
Forum: Beginner Basics
Topic: Forward source private IP address to Public IP address
Replies: 1
Views: 532

Re: Forward source private IP address to Public IP address

Firewall NAT

DSTNAT

SRCADDRESS=Customer IP


Action=DSTNAT
DSTAddress=Your websever with the nag page
Port=port on your webserver with the nag page


You mentioned this on the customer router. I wrote this to do it the head end router.
by tws101
Wed May 29, 2013 10:44 pm
Forum: Scripting
Topic: rate limit for torrent
Replies: 3
Views: 1824

Re: rate limit for torrent

Bit Torrent clients can be configured to use any port... Than being said it is easier to just limit everyone with PCQ
by tws101
Wed May 29, 2013 10:37 pm
Forum: Beginner Basics
Topic: port forwarding
Replies: 10
Views: 7065

Re: port forwarding

This is the rule I just tested and port 80 connects perfectly through my routers WAN to my LAN device at 10.0.0.2. I put my WAN address in the browser to test it from my smartphone. add action=dst-nat chain=dstnat dst-port=80 in-interface=Ether1-Gateway-TW protocol=tcp to-addresses=10.0.0.2 to-ports...
by tws101
Thu May 16, 2013 11:52 pm
Forum: Beginner Basics
Topic: Slave Ports + Firewall
Replies: 2
Views: 837

Re: Slave Ports + Firewall

Also to be clear an enslaved port is L2 connected to the master and all remaining slaves. Thus an L2 request that does not require the Router will be forwarded by the switch and ignore all the rules as they are L3.
by tws101
Thu May 16, 2013 11:43 pm
Forum: Beginner Basics
Topic: Convert LAN port to WAN
Replies: 1
Views: 1068

Re: Convert LAN port to WAN

I believe port 2 is the master port by default so you may want to use port 5 instead.... Steps 1. Interface - Un-enslave port 5 2. Firewall - Nat - Duplicate Masquerade rule and change port to 5 3. Interface - Add PPPOE client to Port 5 ***Notes*** You will probably not want to add default routes fo...
by tws101
Thu May 16, 2013 11:24 pm
Forum: Beginner Basics
Topic: Blocking internet access on 1 port but Sharing Network
Replies: 4
Views: 1299

Re: Blocking internet access on 1 port but Sharing Network

I would separate the ports and run an independent DHCP sever for the port in question.

Then I would tag the IP range for the port in question.

Then put in a firewall rule that applies to that tag.
by tws101
Tue Feb 05, 2013 11:01 pm
Forum: The User Manager
Topic: How to ban all hotspot users to hacking my inside subnets
Replies: 4
Views: 5210

Re: How to ban all hotspot users to hacking my inside subnet

They are probably slipping out with dst address 0.0.0.0/0

Have you tagged the traffic and defined internet routes for dst address 0.0.0.0/0
by tws101
Thu Jan 17, 2013 11:21 pm
Forum: The User Manager
Topic: How to ban all hotspot users to hacking my inside subnets
Replies: 4
Views: 5210

Re: How to ban all hotspot users to hacking my inside subnet

Forward
drop
src=192.168.100.0/24
dst=192.168.0.0/16

that rule will stop all but the router.
by tws101
Mon Dec 17, 2012 7:11 pm
Forum: General
Topic: having fixed server IP address for clients
Replies: 1
Views: 450

Re: having fixed server IP address for clients

In the DHCP server you want to add a src-address=X.X.X.X
by tws101
Mon Dec 17, 2012 7:09 pm
Forum: General
Topic: dual routing
Replies: 2
Views: 713

Re: dual routing

You need VRRP
by tws101
Wed Dec 05, 2012 11:27 pm
Forum: Beginner Basics
Topic: Double NATTING !
Replies: 11
Views: 2006

Re: Double NATTING !

No I would say that is exact opposite.

Load Balancing should be front end as it leads out the external gateway.

Hotspot should be back end as it must go to the front end to get out.
by tws101
Wed Dec 05, 2012 11:24 pm
Forum: General
Topic: Need help to fix IP range
Replies: 1
Views: 511

Re: Need help to fix IP range

by tws101
Wed Dec 05, 2012 10:42 pm
Forum: Beginner Basics
Topic: Double NATTING !
Replies: 11
Views: 2006

Re: Double NATTING !

Add this to your front end router and kill NAT on your back end router.


add dst-address=172.16.1.0/24 gateway=192.168.0.2 distance=1 check-gateway=ping
by tws101
Wed Dec 05, 2012 5:19 pm
Forum: Beginner Basics
Topic: Double NATTING !
Replies: 11
Views: 2006

Re: Double NATTING !

Is the front end router setup with an IP address on the same subnet as the hotspot?
by tws101
Wed Dec 05, 2012 12:56 am
Forum: General
Topic: Gateway unreachable
Replies: 8
Views: 1332

Re: Gateway unreachable

Your distance zero route to the second gateway that should have been added dynamically is missing.
by tws101
Tue Dec 04, 2012 11:30 pm
Forum: Beginner Basics
Topic: Double NATTING !
Replies: 11
Views: 2006

Re: Double NATTING !

Just disable the NAT rule on the back end router.

No need to replace the rule just KILL IT.
by tws101
Mon Dec 03, 2012 5:51 pm
Forum: General
Topic: DHCP relay
Replies: 2
Views: 755

Re: DHCP relay

If you are relaying from another subnet NO. You need to make the server aware.
by tws101
Wed Nov 21, 2012 6:19 pm
Forum: Beginner Basics
Topic: Can we Bind the IP with MAC Address
Replies: 2
Views: 1938

Re: Can we Bind the IP with MAC Address

Yes you can check out the leases tab in the DHCP server in winbox.
by tws101
Wed Nov 21, 2012 6:16 pm
Forum: General
Topic: strange ip range in my network
Replies: 2
Views: 640

Re: strange ip range in my network

Try to isolate the issue one client at a time.
by tws101
Mon Nov 19, 2012 6:05 pm
Forum: General
Topic: PPPoE Client route marking problem
Replies: 3
Views: 871

Re: PPPoE Client route marking problem

Are the NAT rules for the PPPoE connection auto populating? I have DSL Connection that is PPPoE up in a mikrotik as a route for one of my VLANS. It is working just fine. I am doing the same thing you and and not adding the default route. Then using routing marks to direct the traffic to the connecti...
by tws101
Fri Nov 16, 2012 11:27 pm
Forum: General
Topic: Connecting between subnets
Replies: 6
Views: 2080

Re: Connecting between subnets

Does traceroute in the Mikrotik work?
Does ping work?

Why does it look like they are added to a bridge through the cpu instead of using the switch?
by tws101
Fri Nov 16, 2012 10:11 pm
Forum: General
Topic: Connecting between subnets
Replies: 6
Views: 2080

Re: Connecting between subnets

Post your route table and highlight the subnet routes Example: 2 ADC 10.0.0.0/22 10.0.0.11 Ether5-Out to S... 0 3 ADC 10.0.0.0/32 10.0.0.1 vrrp Office 0 4 ADC 10.1.0.0/22 10.1.0.11 vlan100 0 5 ADC 10.1.0.0/32 10.1.0.1 vrrp Main 0 6 ADC 10.2.0.0/22 10.2.0.11 vlan200 0 7 ADC 10.2.0.0/32 10.2.0.1 vrrp ...
by tws101
Fri Nov 16, 2012 7:32 pm
Forum: General
Topic: help me about Rate setting
Replies: 2
Views: 508

Re: help me about Rate setting

1.5M should work.

If it does not the decimal is the issue. It may only take 1M or 2M. You may need to use K in the thousands instead of the decimal.
by tws101
Fri Nov 16, 2012 7:29 pm
Forum: General
Topic: Connecting between subnets
Replies: 6
Views: 2080

Re: Connecting between subnets

Mikrotik automatically routes between subnets. (Unless you added a firewall drop rule)

Broadcasts do not leave the subnet. (This is the basic design)
by tws101
Thu Nov 15, 2012 10:45 pm
Forum: General
Topic: PPPoE Client route marking problem
Replies: 3
Views: 871

Re: PPPoE Client route marking problem

Are you adding the Ethernet interface the PPPoE connection runs on or are you adding the PPPoE interface?

It needs to be the PPPoE interface. I have that working fine for me.
by tws101
Thu Nov 15, 2012 10:41 pm
Forum: SwOS
Topic: Egress untag + tagged vlans
Replies: 2
Views: 2429

Re: Egress untag + tagged vlans

Mikrotik employees have told us multiple times that this is a hardware limitation.

Sadly this limitation made this product useless to me. One would think Mikrotik would make a switch to conform to the industry standard on untagging the default VLAN on egress...... But NO
by tws101
Thu Nov 15, 2012 7:36 pm
Forum: General
Topic: Ip routing on Mikrotik
Replies: 2
Views: 640

Re: Ip routing on Mikrotik

Adjusts your firewall and nat setting to accommodate
by tws101
Thu Nov 15, 2012 7:33 pm
Forum: General
Topic: VRRP for home, DHCP, VLAN and etc. Need some help.
Replies: 1
Views: 903

Re: VRRP for home, DHCP, VLAN and etc. Need some help.

For your DHCP Server Don't sync it... Setup reach router with a different IP pool to eliminate the chance of getting duplicates.
by tws101
Wed Nov 14, 2012 8:07 pm
Forum: Beginner Basics
Topic: block ip in lan interface
Replies: 2
Views: 1335

Re: block ip in lan interface

Put that PC on a different subnet and put firewall drop rules in place.
by tws101
Wed Nov 14, 2012 7:17 pm
Forum: General
Topic: DHCP and VRRP
Replies: 4
Views: 1324

Re: DHCP and VRRP

It will remember the detection for the remainder of the lease. If Mikrotik A goes down and Mikrotik B needs to hand out an IP to a client it broadcasts to detect if the IP is in use. The response carries with it the lease time and it add that lease with the lease time to the table. So if the client ...
by tws101
Tue Nov 13, 2012 12:09 am
Forum: General
Topic: DHCP and VRRP
Replies: 4
Views: 1324

Re: DHCP and VRRP

The router will issue the client an IP from its pool regardless of the client previous address. If it is possible that you could run out of addresses then make you pool bigger or have a spill over secondary pool. If the original come back online and some of its pool are in use issue by the second ro...
by tws101
Fri Nov 09, 2012 11:48 pm
Forum: General
Topic: Forcing clients to get a different IP
Replies: 1
Views: 386

Re: Forcing clients to get a different IP

Please see this thread for the script you need to make this work

http://forum.mikrotik.com/viewtopic.php ... w=previous
by tws101
Fri Nov 09, 2012 10:29 pm
Forum: General
Topic: Multi subnet DHCP
Replies: 1
Views: 494

Re: Multi subnet DHCP

IP Address
ADD BOTH

DHCP Pool
Add Only your 192.168.1.x pool

DHCP Server
Add both but assign no pool to 192.168.2.x
Under leases add statically the leases you want the 192.168.2.x server to hand out. (You will need end devices MAC address)
by tws101
Fri Nov 09, 2012 10:18 pm
Forum: General
Topic: Using routes to force a connection
Replies: 2
Views: 615

Re: Using routes to force a connection

Okay to solve your first issue... I use these two filter two solve two of my issues. Both of these seem to be your first issue.. Rule 1 adds the check gateway function to a dynamic route Rule 2 drops the route if it gets an IP within range 192.168.100.0/24... Normally if the modem has connectivity i...
by tws101
Fri Nov 09, 2012 9:57 pm
Forum: General
Topic: Facebook users and how to manage
Replies: 3
Views: 713

Re: Facebook users and how to manage

I would queue them
by tws101
Thu Nov 01, 2012 4:34 pm
Forum: General
Topic: Miikrotik with Ubiquiti's Unifi
Replies: 2
Views: 4017

Re: Miikrotik with Ubiquiti's Unifi

If you have guest policy enabled on Unifi then the restricted subnet feature sounds like it is your issue.
by tws101
Wed Oct 31, 2012 10:08 pm
Forum: General
Topic: Lan port management
Replies: 15
Views: 2070

Re: Lan port management

When you un-enslaved the ports did you assign them Addresses?

They will need unique addresses and DHCP servers assigned in order to work.
by tws101
Wed Oct 31, 2012 10:03 pm
Forum: Beginner Basics
Topic: Question regarding NAT and more specifically Src-Nat
Replies: 10
Views: 1685

Re: Question regarding NAT and more specifically Src-Nat

Sorry for delayed response have been out of town at the Wispa convention. 1. It would seem that I can only ping over the tunnel if I receive a ping from the other end first - is there something I may have overlooked or missed here? Check your firewall rule... Add a rule and exempt this traffic. 2. ...
by tws101
Fri Oct 19, 2012 7:31 pm
Forum: General
Topic: NAT question
Replies: 6
Views: 762

Re: NAT question

Did you exempt them from the masquerade rule?
by tws101
Fri Oct 19, 2012 12:45 am
Forum: General
Topic: Port forwarding with (loop) please help.
Replies: 16
Views: 2211

Re: Port forwarding with (loop) please help.

Well it does not make sense to me that a web server is internally referring to an IP. It should just refer to a directory.

Are you sure you DNS is setup correctly on the Mikrotik to access the web server from within?
by tws101
Thu Oct 18, 2012 5:21 pm
Forum: General
Topic: I need to forbid generating some dynamic IP address.
Replies: 1
Views: 561

Re: I need to forbid generating some dynamic IP address.

Go reserve those IPs in the DHCP server by setting them up to be static bound to nonexistent mac addresses.
by tws101
Thu Oct 18, 2012 5:19 pm
Forum: Beginner Basics
Topic: Dual WAN, Problem when Interface is down
Replies: 2
Views: 751

Re: Dual WAN, Problem when Interface is down

The default action is: If no routes in the routing table correspond to the routing mark. The router places it in the main routing table.

In order to get around this your may want to put in a black hole route with that routing mark at higher priority.
by tws101
Thu Oct 18, 2012 12:14 am
Forum: Beginner Basics
Topic: Question regarding NAT and more specifically Src-Nat
Replies: 10
Views: 1685

Re: Question regarding NAT and more specifically Src-Nat

It seems to me you would want to use both of these rules..... /ip firewall nat add chain=dstnat dst-address=11.11.11.1-11.11.11.254 \ action=netmap to-addresses=2.2.2.1-2.2.2.254 /ip firewall nat add chain=srcnat src-address=2.2.2.1-2.2.2.254 \ action=netmap to-addresses=11.11.11.1-11.11.11.254 WITH...
by tws101
Wed Oct 17, 2012 10:37 pm
Forum: General
Topic: Lan port management
Replies: 15
Views: 2070

Re: Lan port management

Okay I have never done this with a wifi interface...

Try doing it by IP or by packet mark instead of interface
by tws101
Wed Oct 17, 2012 8:35 pm
Forum: Beginner Basics
Topic: Question regarding NAT and more specifically Src-Nat
Replies: 10
Views: 1685

Re: Question regarding NAT and more specifically Src-Nat

That depends on what you are wanting to do.


Please review this and make that decision.
http://www.corecom.com/external/livesec ... to1nat.htm
by tws101
Wed Oct 17, 2012 8:22 pm
Forum: General
Topic: Lan port management
Replies: 15
Views: 2070

Re: Lan port management

Why not just select the wifi interface under queue? should work fine.
by tws101
Tue Oct 16, 2012 11:16 pm
Forum: General
Topic: Lan port management
Replies: 15
Views: 2070

Re: Lan port management

1 is the highest
by tws101
Tue Oct 16, 2012 5:48 pm
Forum: Beginner Basics
Topic: Question regarding NAT and more specifically Src-Nat
Replies: 10
Views: 1685

Re: Question regarding NAT and more specifically Src-Nat

Yes the key action is Netmap Your chain would be srcnat or dstnat based on the direction your are going (Yes to source and dst address as well). You will need two rules for it to map both directions. The example in the article is really good. /ip firewall nat add chain=dstnat dst-address=11.11.11.1-...
by tws101
Tue Oct 16, 2012 5:40 pm
Forum: General
Topic: Lan port management
Replies: 15
Views: 2070

Re: Lan port management

Here is how to do it by port 1. Change master port of VOIP device port to none (Unless it is the mater port if this is the case use a different port for it) 2. Address - Assign a different IP address to the port VOIP is plugged into. 3. Assign your dhcp server to that port 4. Setup a simple queue re...
by tws101
Mon Oct 15, 2012 11:51 pm
Forum: General
Topic: Lan port management
Replies: 15
Views: 2070

Re: Lan port management

enslaved ports only show up under the master. Since you are setup that way you can't do it by port since you have them all on the same L2 switch. You will need to specify the devices by IP address.
by tws101
Mon Oct 15, 2012 10:34 pm
Forum: General
Topic: Lan port management
Replies: 15
Views: 2070

Re: Lan port management

http://wiki.mikrotik.com/wiki/Manual:Queue

If you want it to work by port you will need to mangle the traffic based on interface.
by tws101
Mon Oct 15, 2012 8:15 pm
Forum: Beginner Basics
Topic: Question regarding NAT and more specifically Src-Nat
Replies: 10
Views: 1685

Re: Question regarding NAT and more specifically Src-Nat

You need two rules to accomplish this....

In this article use the 1 to 1 mapping example at the bottom
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT
by tws101
Fri Oct 12, 2012 5:53 pm
Forum: General
Topic: HOW TO BLOCK PROXY ON INTERNET TO BROWSE FACEBOOK
Replies: 2
Views: 1192

Re: HOW TO BLOCK PROXY ON INTERNET TO BROWSE FACEBOOK

Assuming this is the business environment and you own and control all PC in the office.... You need to remove/restrict access to Internet Properties/Internet Options in the control panel. Otherwise you are going to be on an endless journey of banning proxy server after proxy server.... Forever fight...
by tws101
Wed Oct 10, 2012 12:25 am
Forum: General
Topic: DNS server order?
Replies: 1
Views: 836

Re: DNS server order?

1 I would write down your isp dns server address. 2 Then disable use peer dns in the DHCP client. 3 Goto IP DNS and put the servers you want to use in manually. (They will be used in that order) (I use google 8.8.8.8 and 8.8.4.4) 4 Make sure your dhcp server assigns your network the routers address ...
by tws101
Wed Oct 10, 2012 12:21 am
Forum: General
Topic: Accessing device on network with different IP Range, RB750UP
Replies: 1
Views: 1260

Re: Accessing device on network with different IP Range, RB7

The router needs a route to get you there.

Assign 192.168.2.1/24 to the interface that it is plugged into. Then the router will build that route into the routing table and you can reach the device from the other network.
by tws101
Wed Oct 03, 2012 12:36 am
Forum: Beginner Basics
Topic: how to set priorities on IPTV?
Replies: 2
Views: 1236

Re: how to set priorities on IPTV?

Your going to need to setup queue and guarantee the IPTV a base rate along with a high priority.
by tws101
Thu Sep 27, 2012 11:54 pm
Forum: Beginner Basics
Topic: add route for 1 host
Replies: 14
Views: 2058

Re: add route for 1 host

Will you please post your routing table and highlight routes that are failing with the marked traffic?
by tws101
Fri Sep 21, 2012 7:18 pm
Forum: Beginner Basics
Topic: add route for 1 host
Replies: 14
Views: 2058

Re: add route for 1 host

@tws101 You are wrong, there is a difference between 'action=passthrough' and 'passthrough' property. passthrough (yes | no; default: yes) - whether to let the packet to pass further (like action passthrough) after marking it with a given mark (property only valid if action is mark packet, connecti...
by tws101
Thu Sep 20, 2012 5:30 pm
Forum: Beginner Basics
Topic: add route for 1 host
Replies: 14
Views: 2058

Re: add route for 1 host

Disable passthrough

per this page
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle

Passthrough ignores the rule and just tracks it.
by tws101
Wed Sep 19, 2012 5:33 pm
Forum: Wireless Networking
Topic: Mangle with address list
Replies: 1
Views: 642

Re: Mangle with address list

Two ways to do this. 1. (I would not use this method) a Use Mangle with action add to address list b Setup the routing mark for that address list 2. (I would use this method) a Use mangle to mark an address range with routing mark b Remove that address range from the DHCP pool c Add static address a...
by tws101
Wed Sep 19, 2012 5:14 pm
Forum: Beginner Basics
Topic: add route for 1 host
Replies: 14
Views: 2058

Re: add route for 1 host

I don't understand what you mean. The default behavior is if no route with the mark is present it will use the main routing table.
by tws101
Tue Sep 18, 2012 12:28 am
Forum: General
Topic: IPv6 Dual Wan
Replies: 4
Views: 1181

Re: IPv6 Dual Wan

What if BGP is not an option?
by tws101
Mon Sep 17, 2012 6:01 pm
Forum: General
Topic: Routing question
Replies: 13
Views: 1064

Re: Routing question

Why are tower and core going to same gateway?

Tower to Core then Core to Upstream Provider

It is probably saying unreachable as it is already a distance 0 route on the core.
by tws101
Mon Sep 17, 2012 5:09 pm
Forum: General
Topic: IPv6 Dual Wan
Replies: 4
Views: 1181

Re: IPv6 Dual Wan

That is not my understanding. I understand that the addresses you would be assign would be rout-able and reachable only through the provider they link back to. Meaning if my provider TWC IP address was assigned to clients and that gateway goes down the client would need a new IP address from ATT or ...
by tws101
Fri Sep 14, 2012 11:36 pm
Forum: General
Topic: Routing question
Replies: 13
Views: 1064

Re: Routing question

Right I'm sorry been doing Queue Trees all day on forward chains.... You need prerouting
by tws101
Fri Sep 14, 2012 10:10 pm
Forum: General
Topic: IPv6 Dual Wan
Replies: 4
Views: 1181

IPv6 Dual Wan

I currently have a 750gl setup for dual wan using ATT and TWC as the isps. Since we have locally assigned IP addresses this works fine. How will this work when we switch to IPv6? Currently my route table handles the requests from different VLAN to different ISPs. Certain subnets go to one or the oth...
by tws101
Fri Sep 14, 2012 10:10 pm
Forum: General
Topic: Upload QueueTree for 2 Wan
Replies: 1
Views: 456

Re: Upload QueueTree for 2 Wan

It would not be correct making that bridge. In order to make an upload queue for WAN2 you need to mark the packets separably and create a different queue tree for them. Example IP Firewall Mangle Chain=forward sourceip=X.X.X.X(local) output interface=wan2 Action: Mark Packet=Upload WAN2 Then make a ...
by tws101
Fri Sep 14, 2012 10:03 pm
Forum: General
Topic: Hosts communitation on hotspot
Replies: 10
Views: 812

Re: Hosts communitation on hotspot

walled-garden system, access to some web pages without authorization

That is a hotspot feature
http://wiki.mikrotik.com/wiki/Manual:IP/Hotspot
by tws101
Fri Sep 14, 2012 8:32 pm
Forum: Beginner Basics
Topic: Beginner: Need help with Load Balancing & Fail Over
Replies: 1
Views: 571

Re: Beginner: Need help with Load Balancing & Fail Over

Two ways you can do this.... 1. Load Balancing based on source IP (Easy) 2. Round Robin load balancing (Complicated) Method 2 has plenty of guides regarding it and uses a ton of rules. I will quickly address method 1. Using IP Firewall Mangle we will mark packets from specific IPs with a routing mar...
by tws101
Fri Sep 14, 2012 8:06 pm
Forum: Beginner Basics
Topic: add route for 1 host
Replies: 14
Views: 2058

Re: add route for 1 host

IP Firewall Mangle Chain=prerouting put in the source IP address go to action tab Mark routing Insert name of routing mark (Make a name up) Ip route distance=1 dst-address=0.0.0.0/0 gateway="Ip of destination router) routing-mark="The name you made up in the first rule" pref-src=0.0.0.0 scope=30 tar...
by tws101
Fri Sep 14, 2012 7:58 pm
Forum: General
Topic: Routing question
Replies: 13
Views: 1064

Re: Routing question

Source would be 2.2.2.0/24 also the second line you have routing mark="Name" "Name" need to be the name of the routing mark... Which from the first line is "Public". The first line tags traffic with a mark that you name. The second rule tells the router where to send the traffic. Now in your last qu...
by tws101
Fri Sep 14, 2012 7:53 pm
Forum: Beginner Basics
Topic: Problem with untagged traffic.
Replies: 4
Views: 1033

Re: Problem with untagged traffic.

Ah you have one of those RB that wont do it on port 1....

Use port one for WAN only... Use port 2 and 3 for what your attempting and it will work.

That is a hardware limitation on a few boards.
by tws101
Fri Sep 14, 2012 12:31 am
Forum: General
Topic: Routing question
Replies: 13
Views: 1064

Re: Routing question

IP firewall Mangle

add action=mark-routing chain=forward disabled=no new-routing-mark="Name" passthrough=no src-address=10.X.X.X/28

IP Routes
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.X.X.X routing-mark="Name" pref-src=0.0.0.0 scope=30 target-scope=10
by tws101
Thu Sep 13, 2012 11:40 pm
Forum: General
Topic: Routing question
Replies: 13
Views: 1064

Re: Routing question

Then do the routing marks on both routers mark traffic according to source address. Then follow up with assigning a route that checks for the mark.
by tws101
Thu Sep 13, 2012 6:56 pm
Forum: General
Topic: Routing question
Replies: 13
Views: 1064

Re: Routing question

The routing marks need to be on the head end router. NAT exemption must be on both.

Also are your vlans bridged between WAN and LAN on the head end router? Do you have one WAN interface on the head end router with both connection in as VLANS or do you have 2 physical interfaces in use?
by tws101
Thu Sep 13, 2012 5:38 pm
Forum: Beginner Basics
Topic: Problem with untagged traffic.
Replies: 4
Views: 1033

Re: Problem with untagged traffic.

You have over complicated this. DO NOT BRIDGE ANY OF THEM.

Under ETH2 Interface set its master port to ETH1. Now ETH1 and ETH2 will be on the same switch. ALSO you don't need to have the VLAN interfaces on ETH2 anymore, the interfaces on VLAN 1 will take care of it all in this configuration.
by tws101
Thu Sep 13, 2012 5:28 pm
Forum: General
Topic: Routing question
Replies: 13
Views: 1064

Re: Routing question

1. Make sure you routing mark the packets from the /24 in IP firewall mangle.
2. Make sure you exempt them from NAT
3. Make sure your default route for them has the routing mark from step one.
by tws101
Thu Sep 13, 2012 5:23 pm
Forum: Beginner Basics
Topic: add route for 1 host
Replies: 14
Views: 2058

Re: add route for 1 host

Yes

IP Firewall Mangle
Action=Routing Mark specify source IP

IP Routes
add route distance 1 to other router for 0.0.0.0/0 then require the routing mark.
by tws101
Wed Sep 12, 2012 11:03 pm
Forum: General
Topic: Simple Queue Problem. No TX showing
Replies: 12
Views: 8971

Re: Simple Queue Problem. No TX showing

I suggest you Mangle the packets marking upload and download packets then queue tree them. Simple Queue are not specific enough. Example from my RB IP Firewall Mangle add action=mark-packet chain=forward comment="Download Office" disabled=no dst-address=10.0.0.0/16 in-interface=Ether1-Gateway-TW new...
by tws101
Wed Sep 12, 2012 10:59 pm
Forum: Forwarding Protocols
Topic: Problem with DNAT... I guess
Replies: 1
Views: 690

Re: Problem with DNAT... I guess

2 things 1. IP Firewall Mangel 2. IP Routes (Make these changes in Winbox, this is not exact code) IP Firewall Mangel Add Action Routing Mark="Create Name" SRC=192.168.200.172 Ip Routes Add Route 0.0.0.0/0 DST=192.168.254.16 Routing Mark Required="Same name you created above" Distance=1 So we mark t...
by tws101
Wed Sep 12, 2012 6:53 pm
Forum: General
Topic: Port authentication
Replies: 3
Views: 685

Re: Port authentication

Okay at L2 on Mikrotik no you can't do that. However you can: 1. Deny by mac the TV a DHCP address 2. subnet it out on its own port 3. create a second DHCP server with one reserved IP address for it on that subnet 4. Enable 1 to 1 NAT to allow broadcasts (Enable and disable when you need to allow/de...
by tws101
Tue Sep 11, 2012 10:27 pm
Forum: General
Topic: Trouble mapping 1 private address to another private address
Replies: 1
Views: 611

Re: Trouble mapping 1 private address to another private add

The issue for problem 3 is your NAT rules.

The src-nat replaces the source address... I think you need the netmap rule

netmap - creates a static 1:1 mapping of one set of IP addresses to another one. Often used to distribute public IP addresses to hosts on private networks
by tws101
Tue Sep 11, 2012 5:29 pm
Forum: General
Topic: Port authentication
Replies: 3
Views: 685

Re: Port authentication

1. In the DHCP server give the TV a static IP 2. In the firewall drop the forward chain for the TV's IP (Enable/Disable this rule as needed) 3. Tell the kid if he attempts to subvert your will again, that he will burn in perdition's flames. If the issue is not internet access but network access inst...
by tws101
Tue Sep 11, 2012 5:20 pm
Forum: Beginner Basics
Topic: Mikrotik 1200 using three ports for the same hotspot ????
Replies: 6
Views: 1440

Re: Mikrotik 1200 using three ports for the same hotspot ???

Yes and it will add everything connected to those ports to the hotspot as well.
by tws101
Mon Sep 10, 2012 6:08 pm
Forum: Beginner Basics
Topic: Mikrotik 1200 using three ports for the same hotspot ????
Replies: 6
Views: 1440

Re: Mikrotik 1200 using three ports for the same hotspot ???

You can use the switch in the mikrotik.

Set Eth 4 and 5 master port to Eth 3. That will link them using the Mikrotik Switch.
by tws101
Fri Sep 07, 2012 5:51 pm
Forum: Beginner Basics
Topic: Facebook https block help
Replies: 8
Views: 3456

Re: Facebook https block help

http://forum.mikrotik.com/viewtopic.php?f=2&t=44809

Use that except allow the one address that has access.
by tws101
Wed Sep 05, 2012 6:25 pm
Forum: Beginner Basics
Topic: Unable to configure router 450G to route internet traffic
Replies: 3
Views: 1053

Re: Unable to configure router 450G to route internet traffi

It would be a good idea to ask your provider to bridge the modem.
by tws101
Wed Sep 05, 2012 6:06 pm
Forum: General
Topic: Access to external router on WAN2
Replies: 1
Views: 452

Re: Access to external router on WAN2

If I understand you correctly. We want internet access to go out via a specific WAN port but local traffic to use both WAN ports. The solution was NOT NAT. You need to mangle the packets and add some routes. You will need to restore some of your original NAT rules. Ip Firewall Mangle Chain=Forward s...
by tws101
Wed Sep 05, 2012 12:40 am
Forum: General
Topic: in 450g router how to get wan ip to punlic lan ip
Replies: 3
Views: 657

Re: in 450g router how to get wan ip to punlic lan ip

I would not split those public IP into smaller subnet because you have so few of them. I would assign this 123.xxx.119.193/29 to the eth interface the customer is on tell them which two they can have from that range you have 194-198 left over. Make sure you exempt 123.xxx.119.193/29 from NAT and Fir...
by tws101
Tue Aug 28, 2012 5:53 pm
Forum: General
Topic: re: How to monitor the Upload/download rate of clients?
Replies: 7
Views: 8099

Re: re: How to monitor the Upload/download rate of clients?

Why not just put in a PCQ Queue and call the issue resolved.

Then you can exempt your private computers from the rules so you have all the bandwidth you need.
by tws101
Thu May 24, 2012 12:07 am
Forum: Scripting
Topic: Access two different network Range
Replies: 1
Views: 874

Re: Access two different network Range

You have placed them on different subnets.... By definition you need the router to connect them.

If you are on 192.168.0.0/24 and destination is on 192.168.100.0/24

Any request outside of 192.168.0.0/24 will be handed to the router for resolution.
by tws101
Wed May 23, 2012 11:58 pm
Forum: General
Topic: Why is default gateway reachable through two interfaces?
Replies: 9
Views: 1862

Re: Why is default gateway reachable through two interfaces?

In Mangle mark your source address range with the action to add a routing mark.

In routing filter add filter for dynamic routes to use your routing mark.
by tws101
Wed May 23, 2012 5:56 pm
Forum: Wireless Networking
Topic: Trying to understand and setup a wireless backhaul
Replies: 3
Views: 1029

Re: Trying to understand and setup a wireless backhaul

Your not going to get 100 Full Duplex out of Mikrotik wireless equipment in real throughput. For that powerful a backhaul you are going to pay for it. Estimated costs are $2500 for the complete link (if this isn't an outdoor long distance link find a way to wire it). If 100 full duplex is a must and...
by tws101
Wed May 23, 2012 5:45 pm
Forum: General
Topic: Why is default gateway reachable through two interfaces?
Replies: 9
Views: 1862

Re: Why is default gateway reachable through two interfaces?

Have you considered tagging the traffic normal internet traffic and the incoming traffic with different routing marks. Adding routing filter to modify your dynamic route then editing your other route?
by tws101
Thu May 03, 2012 11:02 pm
Forum: General
Topic: Multihoming IPV6
Replies: 6
Views: 3911

Multihoming IPV6

What protocols are being developed to Multihome without using BGP in IPv6? ****In case that question is not understood I am providing more information**** Reference http://www.theipv6experts.net/2011/enterprise-multihoming-ipv6/ My current setup 2 Gateways (Load balancing and redundancy) (VLAN 1-3 t...
by tws101
Tue May 01, 2012 10:52 pm
Forum: Beginner Basics
Topic: Configuring 2 adsl lines for pppoe
Replies: 5
Views: 1083

Re: Configuring 2 adsl lines for pppoe

I would say it probably is a provider problem... however I am hoping someone else will respond to this thread and say otherwise as I would like to know for sure.
by tws101
Tue May 01, 2012 6:43 pm
Forum: Beginner Basics
Topic: Configuring 2 adsl lines for pppoe
Replies: 5
Views: 1083

Re: Configuring 2 adsl lines for pppoe

Your issue with one connection not re-establishing is normal if your provider is ATT. I have it all the time. I have a TWC connection and an ATT connection. ATT never comes back up properly after a reboot. For me they are a cheap backup so I keep them around.
by tws101
Mon Apr 30, 2012 10:39 pm
Forum: General
Topic: web proxy: how to deny all .exe except a certain one
Replies: 3
Views: 846

Re: web proxy: how to deny all .exe except a certain one

try adding that one as an allow rule and place it above the deny rule.
by tws101
Fri Apr 27, 2012 9:36 pm
Forum: General
Topic: NAT
Replies: 3
Views: 622

Re: NAT

1. Okay first lets remove Ethernet 4 from the switch under interfaces change its master port to none. Interface - Edit Ethernet 4 Edit change master port to none This is removing Ethernet 4 from the switch interface. 2. Ip Addresses assign a public address to Eth4 and apply the network range IP - Ad...
by tws101
Thu Apr 26, 2012 6:31 pm
Forum: General
Topic: NAT
Replies: 3
Views: 622

Re: NAT

1. Okay first lets remove Ethernet 4 from the switch under interfaces change its master port to none. 2. Ip Addresses assign a public address to Eth4 and apply the network range 3. Firewall mangle prerouting src=public network range action=apply routing mark "Public" 4. Firewall nat EDIT do not add ...
by tws101
Mon Apr 23, 2012 6:33 pm
Forum: General
Topic: Bonding Wireless links
Replies: 14
Views: 6662

Re: Bonding Wireless links

Okay after further research I think I have found the issue. We are losing the VLAN tags when the packets go through the router to the bonded interfaces. Lets re-tag them in the RB switch. Switch Rule Select ports and IP range Action New VLAN ID. I have not tested this but you may need to add the VLA...
by tws101
Fri Apr 20, 2012 11:40 pm
Forum: Forwarding Protocols
Topic: Routing VLAN Traffic
Replies: 7
Views: 11426

Re: Routing VLAN Traffic

Enslave the other interface Example Ethernet 5 has VLAN 10 and VLAN 20 Now we want to add Ethernet 4 to this. Select Ethernet 4 and specify a master as Ethernet 5. (Now Ethernet 4 and 5 and VLANS on both are connected) Remember Mikrotik will automatically try and route between vlans. You will need t...
by tws101
Fri Apr 20, 2012 11:23 pm
Forum: General
Topic: Limits using NAT?
Replies: 2
Views: 435

Re: Limits using NAT?

What hardware?

How much of your routers resources are being used up?
by tws101
Fri Apr 20, 2012 11:06 pm
Forum: Beginner Basics
Topic: Rb433AH Block Or Limit Torrents??
Replies: 1
Views: 530

Re: Rb433AH Block Or Limit Torrents??

Torrent can be a real issue especially if the torrentor uses a secure connection.

I suggest a PCQ Queue to limit the bandwidth of each connected user.

http://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ
by tws101
Thu Apr 19, 2012 6:12 pm
Forum: Beginner Basics
Topic: PCQ Total bw.
Replies: 2
Views: 738

Re: PCQ Total bw.

Add the queue under Queue Type one for up and one for down. Then when you create the simple queue on the advanced TAB select your PCQ queue under the queue type drop box. In the simple queue the max rate is the cap for the total connection. U Example Simple Queue Maxrate 1M PCQ max 512 2 users conne...
by tws101
Tue Apr 17, 2012 8:55 pm
Forum: General
Topic: VRRP with WAN failover
Replies: 2
Views: 914

Re: VRRP with WAN failover

In routes add check gateway to your primary route.

Then add a secondary route with greater distance and point to the other router.
by tws101
Tue Apr 17, 2012 8:38 pm
Forum: General
Topic: Bonding Wireless links
Replies: 14
Views: 6662

Re: Routed Vlans

Yes you add Vlans to the mikrotik interface. Your native vlan 60 will need to be tagged before it reaches the mikrotik.
by tws101
Tue Apr 17, 2012 6:03 pm
Forum: General
Topic: Bonding Wireless links
Replies: 14
Views: 6662

Re: Routed Vlans

okay bonding the interfaces on the two RB was the correct thing to do for load balancing and fail over. Now to make it transparent L2 bridge... This will get your VLANS across. Login to the AIROS of the Rocket WIRELESS TAB WIRELESS MODE WDS (Access Point WDS or Station WDS respectively) [If you are ...
by tws101
Tue Apr 17, 2012 12:52 am
Forum: Beginner Basics
Topic: Untagged VLANs
Replies: 2
Views: 1146

Re: Untagged VLANs

The Mikrotik router is not a VLAN switch. You need a switch working in concert with the router to accomplished this. As a general rule the Mikrotik does not tag anything. It just handles tagged traffic. Your switch should tag all traffic going to the Mikrotik on the trunk port. A cheap model is the ...
by tws101
Tue Apr 17, 2012 12:43 am
Forum: General
Topic: Bonding Wireless links
Replies: 14
Views: 6662

Re: Routed Vlans

Okay first thing... You control both sides so standard load balancing is not required. Use INTERFACE BONDING
http://wiki.mikrotik.com/wiki/Manual:Interface/Bonding

Make sure your UBNT equipment is in transparent bridge mode so your VLAN tags are passed.
by tws101
Mon Apr 16, 2012 8:51 pm
Forum: Beginner Basics
Topic: how to isolate vlan
Replies: 10
Views: 18050

Re: how to isolate vlan

The chain may need to be input instead of forward.

But, yes you will need alot of rules.
by tws101
Fri Apr 13, 2012 8:42 pm
Forum: Beginner Basics
Topic: how to isolate vlan
Replies: 10
Views: 18050

Re: how to isolate vlan

This will isolate them.

Ip firewall filter

chain=forward action=drop src=192.168.2.0/24 dst=192.168.4.0/24

chain=forward action=drop src=192.168.4.0/24 dst=192.168.2.0/24
by tws101
Wed Apr 11, 2012 7:56 pm
Forum: General
Topic: Load Balancing with Auto Failover
Replies: 5
Views: 2152

Re: Load Balancing with Auto Failover

Just put the routes into the routing table. WAN 2 distance 1 (check gateway). WAN 1 distance 2.

Is that not working?

What have you done so far?
by tws101
Fri Apr 06, 2012 6:43 pm
Forum: General
Topic: DHCP blocking
Replies: 1
Views: 519

Re: DHCP blocking

DHCP is a broadcast on L2. By definition those are not forwarded by the router. Your issue is the switch.

Break the L2 connection and have the router forward all your data packets between the networks. Subnet it out.
by tws101
Wed Apr 04, 2012 11:29 pm
Forum: Beginner Basics
Topic: 1 server 2 DSL lines
Replies: 27
Views: 3544

Re: 1 server 2 DSL lines

Those dst addresses are your servers static ip addresses. What do i have to change anything in "dst-address"? And why is there a second? Code: add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=ether3 add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=...
by tws101
Thu Mar 22, 2012 4:03 pm
Forum: Forwarding Protocols
Topic: BGP Load Balancing two gateway
Replies: 12
Views: 9002

Re: BGP Load Balancing two gateway

We have many guides for this.

http://aacable.wordpress.com/2011/07/27 ... t-by-zaib/

Give it a try and report back with issues.
by tws101
Wed Mar 21, 2012 11:04 pm
Forum: Forwarding Protocols
Topic: [SOLVED] Unable routing PPPoE public IP over Private network
Replies: 6
Views: 4907

Re: Unable routing PPPoE public IP over Private network

Try giving the router a public address without masquerading for the PPPoE clients.
by tws101
Tue Mar 20, 2012 10:49 pm
Forum: Beginner Basics
Topic: 1 server 2 DSL lines
Replies: 27
Views: 3544

Re: 1 server 2 DSL lines

I think I found the issue and I am sorry this took so long. The issue is when a client contacts the sever on the second connection the server is responding on the first connection. I am posting information from my earlier post below it has your answer. In the post below notice how the mangle rules i...
by tws101
Tue Mar 20, 2012 8:34 pm
Forum: General
Topic: How to filter iTunes and Apple Store traffic ?
Replies: 1
Views: 1289

Re: How to filter iTunes and Apple Store traffic ?

Apple owns the entire 17.0.0.0/8 most things are located there. To be certain you get it all connect to the services you want to redirect and monitor the IP address that you connect to. Start by blocking (Black hole the traffic with a route) them and keep retesting until you get them all black holed...
by tws101
Tue Mar 20, 2012 8:21 pm
Forum: Beginner Basics
Topic: two routes over one MT device
Replies: 3
Views: 648

Re: two routes over one MT device

Okay for LAN 3 you need to mark those packets IP/ FIREWALL / MANGLE prerouting source address X.X.X.X/X (corresponds to the LAN 3 IP range) Action mark routing "Any Name" Now you add your route IP / Routes dst 0.0.0.0/0 Gateway "The IP for second gateway" Routing mark "The name of the mark in the ma...
by tws101
Tue Mar 20, 2012 4:45 pm
Forum: Forwarding Protocols
Topic: How to Copy dynamic Route to another route table
Replies: 6
Views: 1666

Re: How to Copy dynamic Route to another route table

I do not believe this is possible.

You can use a filter to modify a dynamic route but it can't be copied.

If this can be done without making static routes I would like to know how as well.
by tws101
Tue Mar 20, 2012 4:40 pm
Forum: Beginner Basics
Topic: two routes over one MT device
Replies: 3
Views: 648

Re: two routes over one MT device

Yes it should be possible reference the articles on dual wan.

An easy fix could be just editing the DHCP Server info for LAN 3 and give it the other gateway.
by tws101
Mon Mar 19, 2012 4:56 pm
Forum: Beginner Basics
Topic: Block all websites except few and allow other for some users
Replies: 14
Views: 10040

Re: Block all websites except few and allow other for some u

hawkeye,

Just block the IP range and do it 10 times.
by tws101
Fri Mar 16, 2012 5:02 pm
Forum: General
Topic: How to change gateways when internet fails?
Replies: 7
Views: 1335

Re: How to change gateways when internet fails?

Edit your /IP routes Remove the Dynamic PPPoE ADSL remove and add it as static use the check gateway option (distance 1). If the route fails it is removed. Add a new route to your VPN at distance 2 (route will only be used if dsl goes down) This is all assuming you can each the VPN on some alternate...
by tws101
Fri Mar 16, 2012 4:58 pm
Forum: General
Topic: Is it possible to set VLANs on PPPoE?
Replies: 1
Views: 296

Re: Is it possible to set VLANs on PPPoE?

Firewall filter
drop src-ip X.X.X.X to dst IP Not x.x.x.x or x.x.x.x
by tws101
Fri Mar 16, 2012 4:46 pm
Forum: Beginner Basics
Topic: 1 server 2 DSL lines
Replies: 27
Views: 3544

Re: 1 server 2 DSL lines

Could be 9 13 or maybe 2 I am not sure. I'm not that big a firewall guy.

Try disabling the drop rules and retesting. If it works go back through enabling them one at a time.
by tws101
Thu Mar 15, 2012 10:57 pm
Forum: Beginner Basics
Topic: 1 server 2 DSL lines
Replies: 27
Views: 3544

Re: 1 server 2 DSL lines

That is incomplete only 8 rules coming up... You need to show them all as I am assuming you have some rules toward the bottom that are dropping input on your first dsl connection.
by tws101
Thu Mar 15, 2012 10:25 pm
Forum: Beginner Basics
Topic: 1 server 2 DSL lines
Replies: 27
Views: 3544

Re: 1 server 2 DSL lines

From what I can see it all looks perfectly fine. However I assume the issue must be with some vestigial firewall rule that is left over from before your changes.

what do you have under /ip firewall filter print