Community discussions

Search found 3799 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 76
by changeip
Fri May 25, 2018 5:30 am
Forum: Announcements
Topic: LHG 60 project in Hawaii
Replies: 35
Views: 3579

Re: LHG 60 project in Hawaii

can anyone ship these? Ill buy 5-10 right now.
by changeip
Tue May 22, 2018 5:22 pm
Forum: Announcements
Topic: LHG 60 project in Hawaii
Replies: 35
Views: 3579

Re: LHG 60 project in Hawaii

where can these be bought? I dont see anyone carrying them yet...
by changeip
Fri May 04, 2018 12:53 am
Forum: Forwarding Protocols
Topic: OSPF full to down for no reason?
Replies: 23
Views: 797

Re: OSPF full to down for no reason?

PTP on ospf type? You dont have that. try to switch to broadcast or nbma.
by changeip
Fri Apr 27, 2018 1:31 am
Forum: General
Topic: Urgent feature request: Bind IP services to a specific IP / Interface
Replies: 4
Views: 205

Re: Urgent feature request: Bind IP services to a specific IP / Interface

YES! Binding SNMP to a single IP so it always replies from that same IP would be super nice.
by changeip
Tue Apr 24, 2018 10:06 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 67400

Re: Advisory: Vulnerability exploiting the Winbox port

there is no input firewall on RAW. only prerouting and output.
by changeip
Tue Apr 24, 2018 9:10 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 67400

Re: Advisory: Vulnerability exploiting the Winbox port

with hundreds of routers that do not enable connection-tracking whats the best RAW firewall rules to protect a router. Has anyone got a template they can share? We cannot enable any rules in the services / ip firewall filter otherwise packet fragments are not passed.
by changeip
Tue Apr 10, 2018 2:46 am
Forum: Forwarding Protocols
Topic: BGP wierdness?
Replies: 5
Views: 345

Re: BGP wierdness?

Butche - nice to see you again (over the forums hehe) I have run into this exact problem and am super happy you posted that link - its exactly what I need to do here because ospf just ain't cutting it. I want to read up more on this solution and see if it will help me out. Do you have more than one ...
by changeip
Wed Mar 28, 2018 7:05 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 47277

Re: Urgent security advisory

is there a known 8291 vulnerability or just 80?
by changeip
Sat Mar 24, 2018 12:01 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Urgent request from Mikrotik ... Please
Replies: 24
Views: 1769

Re: Urgent request from Mikrotik ... Please

how about you create web portal where users can setup the variables, and then your router fetches them and installs the config / variables.

he's basically asking for environment variable per user security probably.
by changeip
Sat Mar 03, 2018 2:58 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New router OS
Replies: 42
Views: 5976

Re: New router OS

how about a 2500$ cloud core than can queue more than the $350 version? HTB is limited to single CPU / interface and that just kills it for us.
by changeip
Sat Feb 17, 2018 7:39 am
Forum: General
Topic: CCR 0.3%+ packet loss whenever above 5% CPU
Replies: 26
Views: 1686

Re: CCR 0.3%+ packet loss whenever above 5% CPU

/ip settings
set icmp-rate-limit=0

then see if there is still packet loss...
by changeip
Sun Dec 31, 2017 4:46 am
Forum: General
Topic: Queue Tree / PCQ on CCR72
Replies: 5
Views: 360

Re: Queue Tree / PCQ on CCR72

6.41 release thank you. I created 4 vlans and duplicated queues under each and that really helped. problems though ... i cant tell all 4 interfaces how much bandwidth the parent really has. sometimes the parent (real) interface still grabs all the traffic (no-mark) even though none of the traffic is...
by changeip
Fri Dec 29, 2017 1:22 am
Forum: General
Topic: Queue Tree / PCQ on CCR72
Replies: 5
Views: 360

Re: Queue Tree / PCQ on CCR72

In this forum post I see MacGuiver states you can split things up by subnet, which I tried in queue tree, but they still all end up under same parent. Just so I understand, I need more interfaces not just queue entries right?

viewtopic.php?p=621530#p621530
by changeip
Fri Dec 29, 2017 1:20 am
Forum: General
Topic: Queue Tree / PCQ on CCR72
Replies: 5
Views: 360

Re: Queue Tree / PCQ on CCR72

pcq.png
by changeip
Fri Dec 29, 2017 1:13 am
Forum: General
Topic: Queue Tree / PCQ on CCR72
Replies: 5
Views: 360

Queue Tree / PCQ on CCR72

We are struggling with PCQ's on our network getting overloaded and things just slow down ... having a really hard time figuring out why. Until today - I read this and wonder if this is related: Queue Tree and CCR ● Currently (RouterOS v6.11) only one CPU core can take packets out from one HTB tree ●...
by changeip
Mon Dec 04, 2017 6:20 pm
Forum: General
Topic: SNMP doesn't work with asymmetric routes?
Replies: 31
Views: 5319

Re: SNMP doesn't work with asymmetric routes?

I should say - with ospf you have a loopback on each router - use that as the pref-source one that dynamic route.
by changeip
Mon Dec 04, 2017 6:11 pm
Forum: General
Topic: SNMP doesn't work with asymmetric routes?
Replies: 31
Views: 5319

Re: SNMP doesn't work with asymmetric routes?

you can use routing prefix filters to add pref-source for the one route back to your snmp monitoring station. its a hack but forces traffic leaving the router to use the pref-source you specified.
by changeip
Thu Oct 12, 2017 3:09 am
Forum: Forwarding Protocols
Topic: OSPF stuck at Init State
Replies: 3
Views: 526

Re: OSPF stuck at Init State

if you leave them alone for up to 10 minutes do they finally figure things out or do you always have to "jiggle" it?
by changeip
Thu Oct 12, 2017 3:05 am
Forum: Scripting
Topic: OSPF state problems
Replies: 1
Views: 447

Re: OSPF state problems

OSPF issues has plagued recent versions of RouterOS.
Do you know which version you started seeing this problem? Any reason why you don't roll back? I have been using 6.38.7 with no known ospf issues...

Thanks for the info, I will be cautious on upgrades now...

Sam
by changeip
Thu Oct 12, 2017 3:00 am
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 17797

Re: v6.40.4 [current]

Has the "ospf - fixed OSPF v2 and v3 neighbor election" included in rc been added silently?
No, it is not in this version yet.
Which version was this introduced? I have like 500 routers running ospf and don't want to run into it : )
by changeip
Tue May 30, 2017 6:19 pm
Forum: General
Topic: Serial connection: garbled output: spaces?
Replies: 4
Views: 415

Re: Serial connection: garbled output: spaces?

this looks like color codes for vt100 or something ... try a different terminal emulator?
by changeip
Sat May 06, 2017 1:39 am
Forum: General
Topic: Print command - how to show the entire list of results?
Replies: 3
Views: 301

Re: Print command - how to show the entire list of results?

/ip route print without-paging where gateway=x.x.x.x
by changeip
Tue Apr 25, 2017 9:28 am
Forum: General
Topic: ATT Microcell Port Forwarding difficulties
Replies: 15
Views: 1851

Re: ATT Microcell Port Forwarding difficulties

It has to do with packet fragments not making it. I finally was able to track this down by running a packet capture at the very first router closest to the customer, and then running one successively each hop out and figuring out where things broke. It came to the first router that had connection-tr...
by changeip
Fri Apr 21, 2017 11:02 am
Forum: RouterBOARD hardware
Topic: 960PGS availability
Replies: 7
Views: 757

Re: 960PGS availability

excellent - can you hold some for me? also, did you get the 960pgs-pb (outdoor)? I want 10 of each if possible.
by changeip
Wed Apr 12, 2017 8:11 pm
Forum: General
Topic: Rare peaks in RouterOS graphs
Replies: 11
Views: 668

Re: Rare peaks in RouterOS graphs

Time is changing on the router?
by changeip
Thu Apr 06, 2017 1:04 am
Forum: RouterBOARD hardware
Topic: 960PGS availability
Replies: 7
Views: 757

960PGS availability

Where are these at? I can't find any anywhere!

Sam
by changeip
Tue Feb 21, 2017 11:32 pm
Forum: Forwarding Protocols
Topic: OSPF dropping default route
Replies: 3
Views: 371

Re: OSPF dropping default route

i think this is limitation of mikrotik ospf. i run into this a lot where default gateway disappears even though its in LSA. disabling and reenabling the default route fixes it, but is not automatic by any means. i wish mikrotik would fix it.
by changeip
Tue Feb 21, 2017 11:29 pm
Forum: General
Topic: Powerbox deletes script on reset - 6.38.1
Replies: 3
Views: 327

Re: Powerbox deletes script on reset - 6.38.1

your r1.rsc is stored on ram disk, not flash disk so its lost after reboot. put it into the flash folder to keep it persistent.
by changeip
Sat Feb 18, 2017 6:18 am
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 7256

Re: Yet another "dhcp,warning offering lease without success" issue

the hundreds of times ive seen this its always been because of a faulty cable by the remote side thats asking for dhcp. maybe in your case the response is not making it back to the requestor for other reasons, but usually because the cable is faulty.
by changeip
Fri Jan 27, 2017 11:34 pm
Forum: General
Topic: Help on ARP
Replies: 6
Views: 550

Re: Help on ARP

just use ip scan in mikrotik to flood the network.
by changeip
Fri Jan 13, 2017 6:06 am
Forum: Wireless Networking
Topic: spectral-scan saved file format?
Replies: 18
Views: 2640

Re: spectral-scan saved file format?

can you send format of file to me?
by changeip
Mon Dec 05, 2016 12:25 am
Forum: Scripting
Topic: how to print a list of names?
Replies: 2
Views: 386

Re: how to print a list of names?

:foreach i in=[ip firewall filter find where action=reject] do={:put [/ip firewall filter get $i content]}

from memory, not tested, but should give you a direction to go in.
by changeip
Tue Nov 22, 2016 12:36 am
Forum: General
Topic: ATT Microcell Port Forwarding difficulties
Replies: 15
Views: 1851

Re: ATT Microcell Port Forwarding difficulties

You have to allow fragments to pass ... or turn off connection-tracking so its ignored.
by changeip
Mon Nov 07, 2016 6:37 pm
Forum: Forwarding Protocols
Topic: OSPF - loopback interface
Replies: 23
Views: 2967

Re: OSPF - loopback interface

its necessary. If your router-id /ospf lives on a physical interface that gets unplugged now that IP isn't announced anymore. On a loopback it is always "up".
by changeip
Fri Sep 30, 2016 7:12 pm
Forum: Beginner Basics
Topic: find / where + export
Replies: 3
Views: 459

Re: find / where + export

this used to work and they removed it. . .
by changeip
Wed Sep 28, 2016 6:22 pm
Forum: General
Topic: ATT Microcell Port Forwarding difficulties
Replies: 15
Views: 1851

Re: ATT Microcell Port Forwarding difficulties

You guys didn't understand. If you have firewall rules at all - even a single one that has nothing to do with ATT microcells - and connection tracking is off it will break fragmented packets. You cannot have a single firewall rule if you disable connection tracking and wish to have att microcells or...
by changeip
Tue Sep 27, 2016 6:39 pm
Forum: General
Topic: ATT Microcell Port Forwarding difficulties
Replies: 15
Views: 1851

Re: ATT Microcell Port Forwarding difficulties

When we turned on any firewall rules on our mikrotik routed network it broke all the microcells. Esentially this started blocking fragmented packets therefore breaking the ipsec tunnels. Turning off all firewall rules fixed it. Not sure why Mikrotik starts disallowing fragmented packets once firewal...
by changeip
Thu Aug 18, 2016 9:59 pm
Forum: Announcements
Topic: SwOS version 1.17 released
Replies: 14
Views: 4790

Re: SwOS version 1.17 released

use a hex router with all 5 ports switched ... way better than a 260gs.
by changeip
Fri Aug 12, 2016 5:24 am
Forum: The Dude
Topic: Export Map interval
Replies: 12
Views: 1559

Re: Export Map interval

yes, at the moment i cannot switch to new dude because all external access has been removed. Such a shame. Please add some type of API / HTTP / etc so that we can query things from other systems.
by changeip
Wed Aug 10, 2016 7:31 am
Forum: General
Topic: Router replying to requests on SUBNET address
Replies: 0
Views: 251

Router replying to requests on SUBNET address

Why does RouterOS reply to packets destined for the subnet or broadcast address (first and last address in subnet)? This just started in newer releases - but I do not know which one. I believe 6.19 did not have this problem. RouterOS box has 192.168.1.1/24 on it. From another machine you can snmpwal...
by changeip
Fri Aug 05, 2016 8:01 pm
Forum: General
Topic: San Diego
Replies: 4
Views: 423

San Diego

Anyone in San Diego on these forums? Looking for resources to hire.

Sam
by changeip
Fri Jun 03, 2016 5:37 am
Forum: Forwarding Protocols
Topic: OSPF losing routes randomly
Replies: 19
Views: 1728

Re: OSPF losing routes randomly

netgear gray (not the blue line) switches have this feature and break things unless you disable the storm control features. took me a long time to track it down.
by changeip
Thu May 26, 2016 7:37 pm
Forum: General
Topic: PowerBox help
Replies: 3
Views: 416

Re: PowerBox help

/interface ethernet poe settings
set ether1-poe-in-long-cable=yes

That should be changed to default I think.
by changeip
Thu May 26, 2016 7:30 pm
Forum: General
Topic: IP Fragments and firewall rules
Replies: 6
Views: 825

Re: IP Fragments and firewall rules

add chain=input/forward protocol=tcp fragment=yes action=accept
this sounds correct and usable, however wouldn't the implicit rule at the end of the chain just accept them anyhow?
by changeip
Thu May 26, 2016 3:11 am
Forum: General
Topic: IP Fragments and firewall rules
Replies: 6
Views: 825

Re: IP Fragments and firewall rules

I dont want any connection-tracking, it slows things down. I am not enabling anything needing conn-track in the firewall and I for sure do not want packet reassembly. Is there no way to just route fragments as is? We have 1.5gbps of traffic and I for sure do not want to enable connection tracking on...
by changeip
Tue May 24, 2016 6:54 am
Forum: General
Topic: IP Fragments and firewall rules
Replies: 6
Views: 825

IP Fragments and firewall rules

I have hundreds of routers - all with connection tracking disabled. I want to enter a single firewall rule to just drop dst tcp/80. As soon as I enable _any_ firewall rules routers start dropping fragmented packets. (microcell / femto's break) How can I allow fragmented packets to pass uninhibited a...
by changeip
Wed May 18, 2016 6:56 am
Forum: General
Topic: Ethernet and wireless bandwidth differences
Replies: 1
Views: 492

Re: Ethernet and wireless bandwidth differences

google quic sessions? udp https ... run torch and see what it is.
by changeip
Tue May 10, 2016 6:05 am
Forum: General
Topic: Put a camera in the same VPN network
Replies: 6
Views: 563

Re: Put a camera in the same VPN network

proxy arp is not on by default. if you can't send a 255.255.255.255 broadcast and see it traverse to the other side then it will not work. You need to be on the same broadcast domain / lan segment which means you need an eoip tunnel or proxy-arp. the other end of a vpn tunnel is not part of the same...
by changeip
Tue May 10, 2016 5:58 am
Forum: General
Topic: Flow Control, should I use it?
Replies: 35
Views: 5703

Re: Flow Control, should I use it?

Since then we actually started to point each CPE and every other router directly to the OpenDNS servers so request just passed the gateway router. In the last year we tried the 'dst-nat re-route to itself' with the dns cache server in the gateway again but again after a week or so we ran into dns i...
by changeip
Mon May 09, 2016 7:16 pm
Forum: General
Topic: Put a camera in the same VPN network
Replies: 6
Views: 563

Re: Put a camera in the same VPN network

or enable proxy-arp.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 76