Community discussions

MikroTik App

Search found 3831 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 13
by changeip
Wed Mar 27, 2024 8:39 pm
Forum: RouterBOARD hardware
Topic: Pure ROS boot...
Replies: 28
Views: 1430

Re: Pure ROS boot...

Excause me but you already have it! Anyone having physical access can simply press the buttonush and router is in default config. What I want is ... no def config but clear router, so you missed the point... You can use NetInstall one time to install the default-config script you want - which is bl...
by changeip
Tue Feb 06, 2024 6:03 pm
Forum: General
Topic: TX-DROP.. IM BEGGINGGGGG
Replies: 7
Views: 712

Re: TX-DROP.. IM BEGGINGGGGG

I think its like RX Drops - when a vlan tag is passed thru the device that it doesnt know about. Turn on torch or packet sniffer and run your same tests and see if it stops.
by changeip
Wed Nov 30, 2022 4:17 am
Forum: General
Topic: question about no track action in raw firewall rules
Replies: 12
Views: 4901

Re: question about no track action in raw firewall rules

think of it this way. a 10G port will full up with DDOS traffic pretty easily. The Mikrotik will pass that 10G no problem with almost no CPU --- as long as conn-track isnt involved. Once conn-track is on it kills the router and theres no way it will keep up. He's basically asking why can a mikrotik ...
by changeip
Wed Apr 27, 2022 7:33 am
Forum: Virtualization
Topic: CHR on ESXI ring buffer exhaustion
Replies: 4
Views: 7182

Re: CHR on ESXI ring buffer exhaustion

I think we are running into this ... anyone else have other info to help? vmware 7.0.0 esxi and CHR 6.49.6. Hitting a brick wall once we hit 300k pps.

Sam
by changeip
Wed Jan 12, 2022 9:49 pm
Forum: SwOS
Topic: Voltage OID: RB260GSP
Replies: 1
Views: 5505

Re: Voltage OID: RB260GSP

wget -q -O - http://admin:password@10.10.10.1/sys.b | awk -F"," '{print $23}' | awk --non-decimal-data -F":" '{print $2+0 "\n" $2+0 "\n\n" }' I use that to spit out 4 lines that MRTG likes to use. And then use this in mrtg to run the script. Target[switch_volt...
by changeip
Mon Nov 01, 2021 7:28 pm
Forum: Forwarding Protocols
Topic: ospf and vlan
Replies: 2
Views: 3361

Re: ospf and vlan

Can you ping the ospf neighbors? Or is the layer 2/3 path not working.
by changeip
Fri Aug 27, 2021 6:04 pm
Forum: RouterBOARD hardware
Topic: Mixed 1Gb + 100 Mb connection on RB4011iGS+RM drops down the performance of 1Gb link
Replies: 9
Views: 4467

Re: Mixed 1Gb + 100 Mb connection on RB4011iGS+RM drops down the performance of 1Gb link

I also see this problem on 960 boards. Wondering if there is any fix. The ports arent even in a switch, they are all routed.
by changeip
Wed Aug 25, 2021 5:49 pm
Forum: General
Topic: Request: add user with password hash
Replies: 10
Views: 4520

Re: Request: add user with password hash

+1 yes!
by changeip
Mon Apr 26, 2021 6:07 pm
Forum: General
Topic: Loads of ARP Traffic
Replies: 3
Views: 968

Re: Loads of ARP Traffic

are these for all the unused IPs in your network? Probably traffic coming to your network trying to figure out who is going to answer them. Maybe you can blackhole/null route that traffic if its unused.
by changeip
Mon Apr 26, 2021 7:23 am
Forum: General
Topic: Blocking LLDP / Protocol 35020
Replies: 4
Views: 2633

Re: Blocking LLDP / Protocol 35020

Figures. Its probably generated in the kernel. Just seems weird you cannot block udp/5678 in the routers own firewall on the output chain. I remember a long time ago running into this with dhcp client requests as well. Makes a good case for double checking if your hardware is calling home because ev...
by changeip
Fri Apr 23, 2021 6:06 am
Forum: General
Topic: Blocking LLDP / Protocol 35020
Replies: 4
Views: 2633

Re: Blocking LLDP / Protocol 35020

I know I can turn off discovery - just wondering why I cant firewall it. Also - why does this not catch the outgoing packet? Counter never increments yet I see it in the packet capture. /ip firewall raw add action=drop chain=output comment="drop discovery out any2 exchange" dst-port=5678 o...
by changeip
Fri Apr 23, 2021 5:55 am
Forum: General
Topic: Blocking LLDP / Protocol 35020
Replies: 4
Views: 2633

Blocking LLDP / Protocol 35020

How come this doesnt work?

/ip firewall raw add chain=output protocol=35020 out-interface=vlan2-Any2Exchange action=drop
failure: ip protocol must be in range (0..255)

How can I block LLDP leaving the RouterOS?
by changeip
Thu Apr 01, 2021 10:51 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 103
Views: 60249

Re: v6.48.1 [stable] is released!

#SUP-41913
I think this is for port flapping issue debugging. But at what cost?
As an experienced user, I want to have settings for disabling such wasting features.
You can turn off this logging under /system logging. Just create a rule (or disable one).
by changeip
Wed Mar 10, 2021 10:27 pm
Forum: Scripting
Topic: Email Script When Interface Status Change (Running or Not Running) [SOLVED]
Replies: 32
Views: 16559

Re: Email Script When Interface Status Change (Running or Not Running) [SOLVED]

The built in syslog functions will put into the log when an interface goes up and down. YOu just need to add a syslog event to email that to you. We use it all the time - every time an interface goes up and down it will email our NOC. No script needed. Try it. Paste in those commands with a valid wo...
by changeip
Wed Mar 10, 2021 1:11 am
Forum: Scripting
Topic: Email Script When Interface Status Change (Running or Not Running) [SOLVED]
Replies: 32
Views: 16559

Re: Email Script When Interface Status Change (Running or Not Running) [SOLVED]

Just let the router do it internally - instead of a script... /system logging add action=emailalert disabled=no prefix="" topics=info,interface Then change your email alert settings: /system logging action remove [find name="emailalert"] add email-to=noc@youremaildomain.com name=...
by changeip
Sun Mar 07, 2021 6:33 pm
Forum: General
Topic: 100mb port slowing down 1000mb port
Replies: 4
Views: 1127

Re: 100mb port slowing down 1000mb port

Thanks Tom. I did do the upgrade before posting and it did not help. Next I will try putting a gigabit switch in the middle to see if just changing the port speed to match will fix it. I had no idea this would happen and now wonder out of the 500+ mikrotik 960s I have in the field how many have this...
by changeip
Thu Mar 04, 2021 8:16 pm
Forum: General
Topic: 100mb port slowing down 1000mb port
Replies: 4
Views: 1127

Re: 100mb port slowing down 1000mb port

I think some call this "back pressure"? Flow control on or off doesnt change anything as the traffic sources are unrelated. It just seems as though when one port hits 100mbps the other ports that were going faster can no longer go as fast as they should. CPU is still around 15%. Packets st...
by changeip
Thu Mar 04, 2021 7:48 pm
Forum: General
Topic: 100mb port slowing down 1000mb port
Replies: 4
Views: 1127

100mb port slowing down 1000mb port

I think I've seen this problem with cheap switches - but now Im seeing it on Mikrotik not in switched environment. 960 with one port linked at 100mbps, and one port linked at 1000mbps. https://i.imgur.com/Rjfj3db.png Why would one port maxing out a 100mbps slow another port down? Neither port are re...
by changeip
Tue Oct 13, 2020 8:51 pm
Forum: General
Topic: Mikrotik Simple and Quee Tree unresolved issue
Replies: 1
Views: 570

Re: Mikrotik Simple and Quee Tree unresolved issue

+1. Right now I have to create a bunch of vlans to spread out traffic across queues.
by changeip
Mon Jul 27, 2020 10:05 pm
Forum: Announcements
Topic: v6.47.1 [stable] is released!
Replies: 146
Views: 95124

Re: v6.47.1 [stable] is released!

Did you report this to support? It seems like I have the same problem but dont have the nice graphs like you do. Can you share the method you are using to graph those? I am currently using MRTG and SNMP but had problems with multiple registrations not working properly. My Mikrotik 60 GHz connections...
by changeip
Wed Jul 22, 2020 5:55 pm
Forum: Wireless Networking
Topic: w60g link stability and erratic rate selections since ROS 6.47
Replies: 24
Views: 7107

Re: w60g link stability and erratic rate selections since ROS 6.47

we see a lot of disconnects since moving to 6.47 a well. did you try the latest 6.46.x version and its not stable and 6.46.5 is most stable?
by changeip
Sat Jul 18, 2020 12:17 am
Forum: Scripting
Topic: Feature request: tool/fetch new property - no-log
Replies: 17
Views: 8335

Re: Feature request: tool/fetch new property - no-log

im not seeing fetch hit the logs on my scripts. whats the topics involved with the logging? maybe you have those enabled and so they are logging.
by changeip
Mon Jul 13, 2020 5:36 pm
Forum: General
Topic: Mikrotik breaking Wi-Fi Calling?
Replies: 22
Views: 6946

Re: Mikrotik breaking Wi-Fi Calling?

I think it has to do with fragmented packets getting dropped on mikrotik if they aren't run thru the firewall. Not sure if there is a way in RAW filter to just accept them or not.
by changeip
Tue Jul 07, 2020 1:38 am
Forum: General
Topic: export tool bug inquiry
Replies: 4
Views: 1409

Re: export tool bug inquiry

if set to auto that field is ignored. i always thought that was weird to include that.
by changeip
Fri Jul 03, 2020 1:28 am
Forum: General
Topic: Can PowerBoxPro Operate in -48VDC environment
Replies: 1
Views: 814

Re: Can PowerBoxPro Operate in -48VDC environment

what happens when you run a shielded (or not) cable to a tower with a radio on it (or anotehr customers router) and the other radios on the tower arent the same power setup. make sure you use an isolated ground somehow.
by changeip
Thu Jul 02, 2020 8:09 pm
Forum: General
Topic: Tracking down the source of jitter.
Replies: 4
Views: 1923

Re: Tracking down the source of jitter.

+30 is too hot - turn the power down. thats like shouting at your mom with a megaphone in the same room.

There is probably interference. Try changing channels.
by changeip
Thu Jul 02, 2020 7:36 pm
Forum: RouterBOARD hardware
Topic: Powerbox Pro overload detection
Replies: 13
Views: 7450

Re: Powerbox Pro overload detection

I wish it could just be fixed with ether1-long-poe-in like in the old days : )
by changeip
Wed Jun 24, 2020 11:52 pm
Forum: General
Topic: Ping Issue!
Replies: 13
Views: 3438

Re: Ping Issue!

subnet masks probably dont match on the machines.
by changeip
Mon Jun 22, 2020 8:07 pm
Forum: General
Topic: View configured static routes
Replies: 11
Views: 4955

Re: View configured static routes

use the filter dropdown and select static=yes
by changeip
Wed Jun 17, 2020 9:45 pm
Forum: RouterBOARD hardware
Topic: PowerBox Pro POE overload
Replies: 13
Views: 6719

Re: PowerBox Pro POE overload

this is kinda what i observed too so if we try to run 3-4 prisms on a powerbox pro we have to redo things and run 48v stepdowns.
by changeip
Tue Jun 16, 2020 10:08 pm
Forum: RouterBOARD hardware
Topic: PowerBox Pro POE overload
Replies: 13
Views: 6719

Re: PowerBox Pro POE overload

can you run 24v? also check that the dc jack isnt loose. ive seen a few that dont engage well and cause problems.

make sure you go into routerboard settings and upgrade the bios as well. i have seen a version or two of routeros that worked weirdly with poe out on the powerboxes.
by changeip
Thu Jun 11, 2020 6:41 am
Forum: Scripting
Topic: Enable, disable the rule in NAT using the button
Replies: 22
Views: 6980

Re: Enable, disable the rule in NAT using the button

your doing this all wrong. use port knocking to have a script check an address-list if something is present make the changes you want. that way it is all self contained into the router and the button can just be a dump widget on an android screen or something similiar. no smart api needed.
by changeip
Fri May 15, 2020 8:34 pm
Forum: Forwarding Protocols
Topic: OSPF Routes not Joining Main Route Table
Replies: 10
Views: 11590

Re: OSPF Routes not Joining Main Route Table

i had major problems with ospf in that version. had to go back to 6.40.9 or up to 6.46.4 to make things work right. Also check that your MTU is consistent all the way thru.
by changeip
Thu May 07, 2020 9:02 pm
Forum: General
Topic: CCR – BGP+OSPF – Weird latencies
Replies: 4
Views: 1836

Re: CCR – BGP+OSPF – Weird latencies

what is the icmp rate limit set to? try making it 0 and seeing if that changes anything.
by changeip
Tue Apr 21, 2020 2:47 am
Forum: RouterOS beta
Topic: Mysterious 564/tcp open port 7.0beta5
Replies: 38
Views: 11308

Re: Mysterious 564/tcp open port 7.0beta5

2000 is the btest server.

are you testing using nmap on the same the same subnet, or traversing another device?

Thx!
Sam
by changeip
Wed Apr 15, 2020 12:19 am
Forum: General
Topic: Security Vulnerabilities
Replies: 13
Views: 4683

Re: Security Vulnerabilities

those seem more like bugs than security vulns.
by changeip
Wed Mar 11, 2020 11:10 pm
Forum: Forwarding Protocols
Topic: OSPF and multiple areas
Replies: 9
Views: 5989

Re: OSPF and multiple areas

How do you keep the customer routes out of OSPF and only announce them via iBGP? If I uncheck redistribute-connected I no longer get the loopbacks and link paths. Not sure how to use OSPF and iBGP and not have every route in every router still.
by changeip
Wed Mar 04, 2020 12:36 am
Forum: Forwarding Protocols
Topic: OSPF and multiple areas
Replies: 9
Views: 5989

OSPF and multiple areas

Hey all - I've searched far and wide and can't find an answer to this ... I have 300+ routers in the backbone area. I am wanting to move some off into areas of their own. 1 - Can I have a STANDARD area (0.0.0.1) with multiple connections back to the backbone? 2 - If the backbone ever breaks will it ...
by changeip
Thu Nov 28, 2019 12:57 am
Forum: Wireless Networking
Topic: 60ghz and snmp monitoring
Replies: 0
Views: 1956

60ghz and snmp monitoring

I am wondering if anyone else has ran into this problem with monitoring 60ghz stations? From https://wiki.mikrotik.com/wiki/Manual:Interface/W60G For main interfaces: 1.3.6.1.4.1.14988.1.1.1.8.1.3.1 string SSID ... 1.3.6.1.4.1.14988.1.1.1.8.1.12.1 integer RSSI 1.3.6.1.4.1.14988.1.1.1.8.1.13.1 gauge3...
by changeip
Tue Jan 08, 2019 7:36 pm
Forum: General
Topic: Mikrotik breaking Wi-Fi Calling?
Replies: 22
Views: 6946

Re: Mikrotik breaking Wi-Fi Calling?

im not in front of a router to check, but can you allow fragmented packets in the raw chain? probably not a good idea long term but a proof of concept. typically i do not use connection-tracking and so turning it off fixes our problems but with NAT you cant do that. wait ... actually its the fact th...
by changeip
Tue Jan 08, 2019 6:19 pm
Forum: General
Topic: Mikrotik breaking Wi-Fi Calling?
Replies: 22
Views: 6946

Re: Mikrotik breaking Wi-Fi Calling?

everytime this happens to our customers on our mikrotik network its because fragmented packets are getting dropped (silently). connection-tracking will stop fragmented packets if you arent letting them thru, because it cant handle a fragmented packet until it reassembles it.
by changeip
Tue Oct 16, 2018 5:00 am
Forum: General
Topic: PCQ Getting Confused?
Replies: 0
Views: 807

PCQ Getting Confused?

Im running into a situation where I think the PCQ engine is just crapping out ... does anyone else see this behavior on busy routers? Disabling all the queues and then reenabling them will make them work again for a while. It's almost like there is a limit to how many subqueues can be created before...
by changeip
Wed Sep 05, 2018 11:48 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 3987

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

im sure you are getting disconnected when you put that interface into the bridge. Wrap the entire script with { } and it wont execute until the last line is pasted in ... sometimes that helps.
by changeip
Fri May 25, 2018 5:30 am
Forum: General
Topic: LHG 60 project in Hawaii
Replies: 99
Views: 38008

Re: LHG 60 project in Hawaii

can anyone ship these? Ill buy 5-10 right now.
by changeip
Tue May 22, 2018 5:22 pm
Forum: General
Topic: LHG 60 project in Hawaii
Replies: 99
Views: 38008

Re: LHG 60 project in Hawaii

where can these be bought? I dont see anyone carrying them yet...
by changeip
Fri May 04, 2018 12:53 am
Forum: Forwarding Protocols
Topic: OSPF full to down for no reason?
Replies: 23
Views: 7337

Re: OSPF full to down for no reason?

PTP on ospf type? You dont have that. try to switch to broadcast or nbma.
by changeip
Fri Apr 27, 2018 1:31 am
Forum: General
Topic: Urgent feature request: Bind IP services to a specific IP / Interface
Replies: 6
Views: 2772

Re: Urgent feature request: Bind IP services to a specific IP / Interface

YES! Binding SNMP to a single IP so it always replies from that same IP would be super nice.
by changeip
Tue Apr 24, 2018 10:06 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 203
Views: 258440

Re: Advisory: Vulnerability exploiting the Winbox port

there is no input firewall on RAW. only prerouting and output.
by changeip
Tue Apr 24, 2018 9:10 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 203
Views: 258440

Re: Advisory: Vulnerability exploiting the Winbox port

with hundreds of routers that do not enable connection-tracking whats the best RAW firewall rules to protect a router. Has anyone got a template they can share? We cannot enable any rules in the services / ip firewall filter otherwise packet fragments are not passed.
by changeip
Tue Apr 10, 2018 2:46 am
Forum: Forwarding Protocols
Topic: BGP wierdness?
Replies: 5
Views: 2167

Re: BGP wierdness?

Butche - nice to see you again (over the forums hehe) I have run into this exact problem and am super happy you posted that link - its exactly what I need to do here because ospf just ain't cutting it. I want to read up more on this solution and see if it will help me out. Do you have more than one ...
by changeip
Wed Mar 28, 2018 7:05 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 142384

Re: Urgent security advisory

is there a known 8291 vulnerability or just 80?
by changeip
Sat Mar 24, 2018 12:01 am
Forum: General
Topic: Urgent request from Mikrotik ... Please
Replies: 24
Views: 7064

Re: Urgent request from Mikrotik ... Please

how about you create web portal where users can setup the variables, and then your router fetches them and installs the config / variables.

he's basically asking for environment variable per user security probably.
by changeip
Sat Mar 03, 2018 2:58 am
Forum: General
Topic: New router OS
Replies: 49
Views: 57823

Re: New router OS

how about a 2500$ cloud core than can queue more than the $350 version? HTB is limited to single CPU / interface and that just kills it for us.
by changeip
Sat Feb 17, 2018 7:39 am
Forum: General
Topic: CCR 0.3%+ packet loss whenever above 5% CPU
Replies: 26
Views: 8315

Re: CCR 0.3%+ packet loss whenever above 5% CPU

/ip settings
set icmp-rate-limit=0

then see if there is still packet loss...
by changeip
Sun Dec 31, 2017 4:46 am
Forum: General
Topic: Queue Tree / PCQ on CCR72
Replies: 5
Views: 2725

Re: Queue Tree / PCQ on CCR72

6.41 release thank you. I created 4 vlans and duplicated queues under each and that really helped. problems though ... i cant tell all 4 interfaces how much bandwidth the parent really has. sometimes the parent (real) interface still grabs all the traffic (no-mark) even though none of the traffic is...
by changeip
Fri Dec 29, 2017 1:22 am
Forum: General
Topic: Queue Tree / PCQ on CCR72
Replies: 5
Views: 2725

Re: Queue Tree / PCQ on CCR72

In this forum post I see MacGuiver states you can split things up by subnet, which I tried in queue tree, but they still all end up under same parent. Just so I understand, I need more interfaces not just queue entries right?

viewtopic.php?p=621530#p621530
by changeip
Fri Dec 29, 2017 1:20 am
Forum: General
Topic: Queue Tree / PCQ on CCR72
Replies: 5
Views: 2725

Re: Queue Tree / PCQ on CCR72

pcq.png
by changeip
Fri Dec 29, 2017 1:13 am
Forum: General
Topic: Queue Tree / PCQ on CCR72
Replies: 5
Views: 2725

Queue Tree / PCQ on CCR72

We are struggling with PCQ's on our network getting overloaded and things just slow down ... having a really hard time figuring out why. Until today - I read this and wonder if this is related: Queue Tree and CCR ● Currently (RouterOS v6.11) only one CPU core can take packets out from one HTB tree ●...
by changeip
Mon Dec 04, 2017 6:20 pm
Forum: General
Topic: SNMP doesn't work with asymmetric routes?
Replies: 32
Views: 13529

Re: SNMP doesn't work with asymmetric routes?

I should say - with ospf you have a loopback on each router - use that as the pref-source one that dynamic route.
by changeip
Mon Dec 04, 2017 6:11 pm
Forum: General
Topic: SNMP doesn't work with asymmetric routes?
Replies: 32
Views: 13529

Re: SNMP doesn't work with asymmetric routes?

you can use routing prefix filters to add pref-source for the one route back to your snmp monitoring station. its a hack but forces traffic leaving the router to use the pref-source you specified.
by changeip
Thu Oct 12, 2017 3:09 am
Forum: Forwarding Protocols
Topic: OSPF stuck at Init State
Replies: 3
Views: 3437

Re: OSPF stuck at Init State

if you leave them alone for up to 10 minutes do they finally figure things out or do you always have to "jiggle" it?
by changeip
Thu Oct 12, 2017 3:05 am
Forum: Scripting
Topic: OSPF state problems
Replies: 4
Views: 6605

Re: OSPF state problems

OSPF issues has plagued recent versions of RouterOS.
Do you know which version you started seeing this problem? Any reason why you don't roll back? I have been using 6.38.7 with no known ospf issues...

Thanks for the info, I will be cautious on upgrades now...

Sam
by changeip
Thu Oct 12, 2017 3:00 am
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 45114

Re: v6.40.4 [current]

Has the "ospf - fixed OSPF v2 and v3 neighbor election" included in rc been added silently?
No, it is not in this version yet.
Which version was this introduced? I have like 500 routers running ospf and don't want to run into it : )
by changeip
Tue May 30, 2017 6:19 pm
Forum: General
Topic: Serial connection: garbled output: spaces?
Replies: 4
Views: 1821

Re: Serial connection: garbled output: spaces?

this looks like color codes for vt100 or something ... try a different terminal emulator?
by changeip
Sat May 06, 2017 1:39 am
Forum: General
Topic: Print command - how to show the entire list of results?
Replies: 3
Views: 1546

Re: Print command - how to show the entire list of results?

/ip route print without-paging where gateway=x.x.x.x
by changeip
Tue Apr 25, 2017 9:28 am
Forum: General
Topic: ATT Microcell Port Forwarding difficulties
Replies: 15
Views: 4974

Re: ATT Microcell Port Forwarding difficulties

It has to do with packet fragments not making it. I finally was able to track this down by running a packet capture at the very first router closest to the customer, and then running one successively each hop out and figuring out where things broke. It came to the first router that had connection-tr...
by changeip
Fri Apr 21, 2017 11:02 am
Forum: RouterBOARD hardware
Topic: 960PGS availability
Replies: 7
Views: 2659

Re: 960PGS availability

excellent - can you hold some for me? also, did you get the 960pgs-pb (outdoor)? I want 10 of each if possible.
by changeip
Wed Apr 12, 2017 8:11 pm
Forum: General
Topic: Rare peaks in RouterOS graphs
Replies: 11
Views: 2640

Re: Rare peaks in RouterOS graphs

Time is changing on the router?
by changeip
Thu Apr 06, 2017 1:04 am
Forum: RouterBOARD hardware
Topic: 960PGS availability
Replies: 7
Views: 2659

960PGS availability

Where are these at? I can't find any anywhere!

Sam
by changeip
Tue Feb 21, 2017 11:32 pm
Forum: Forwarding Protocols
Topic: OSPF dropping default route
Replies: 3
Views: 1683

Re: OSPF dropping default route

i think this is limitation of mikrotik ospf. i run into this a lot where default gateway disappears even though its in LSA. disabling and reenabling the default route fixes it, but is not automatic by any means. i wish mikrotik would fix it.
by changeip
Tue Feb 21, 2017 11:29 pm
Forum: General
Topic: Powerbox deletes script on reset - 6.38.1
Replies: 3
Views: 1466

Re: Powerbox deletes script on reset - 6.38.1

your r1.rsc is stored on ram disk, not flash disk so its lost after reboot. put it into the flash folder to keep it persistent.
by changeip
Sat Feb 18, 2017 6:18 am
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27756

Re: Yet another "dhcp,warning offering lease without success" issue

the hundreds of times ive seen this its always been because of a faulty cable by the remote side thats asking for dhcp. maybe in your case the response is not making it back to the requestor for other reasons, but usually because the cable is faulty.
by changeip
Fri Jan 27, 2017 11:34 pm
Forum: General
Topic: Help on ARP
Replies: 6
Views: 1942

Re: Help on ARP

just use ip scan in mikrotik to flood the network.
by changeip
Fri Jan 13, 2017 6:06 am
Forum: Wireless Networking
Topic: spectral-scan saved file format?
Replies: 19
Views: 7717

Re: spectral-scan saved file format?

can you send format of file to me?
by changeip
Mon Dec 05, 2016 12:25 am
Forum: Scripting
Topic: how to print a list of names?
Replies: 2
Views: 1182

Re: how to print a list of names?

:foreach i in=[ip firewall filter find where action=reject] do={:put [/ip firewall filter get $i content]}

from memory, not tested, but should give you a direction to go in.
by changeip
Tue Nov 22, 2016 12:36 am
Forum: General
Topic: ATT Microcell Port Forwarding difficulties
Replies: 15
Views: 4974

Re: ATT Microcell Port Forwarding difficulties

You have to allow fragments to pass ... or turn off connection-tracking so its ignored.
by changeip
Mon Nov 07, 2016 6:37 pm
Forum: Forwarding Protocols
Topic: OSPF - loopback interface
Replies: 23
Views: 11819

Re: OSPF - loopback interface

its necessary. If your router-id /ospf lives on a physical interface that gets unplugged now that IP isn't announced anymore. On a loopback it is always "up".
by changeip
Fri Sep 30, 2016 7:12 pm
Forum: Beginner Basics
Topic: find / where + export
Replies: 3
Views: 2324

Re: find / where + export

this used to work and they removed it. . .
by changeip
Wed Sep 28, 2016 6:22 pm
Forum: General
Topic: ATT Microcell Port Forwarding difficulties
Replies: 15
Views: 4974

Re: ATT Microcell Port Forwarding difficulties

You guys didn't understand. If you have firewall rules at all - even a single one that has nothing to do with ATT microcells - and connection tracking is off it will break fragmented packets. You cannot have a single firewall rule if you disable connection tracking and wish to have att microcells or...
by changeip
Tue Sep 27, 2016 6:39 pm
Forum: General
Topic: ATT Microcell Port Forwarding difficulties
Replies: 15
Views: 4974

Re: ATT Microcell Port Forwarding difficulties

When we turned on any firewall rules on our mikrotik routed network it broke all the microcells. Esentially this started blocking fragmented packets therefore breaking the ipsec tunnels. Turning off all firewall rules fixed it. Not sure why Mikrotik starts disallowing fragmented packets once firewal...
by changeip
Thu Aug 18, 2016 9:59 pm
Forum: Announcements
Topic: SwOS version 1.17 released
Replies: 14
Views: 16105

Re: SwOS version 1.17 released

use a hex router with all 5 ports switched ... way better than a 260gs.
by changeip
Fri Aug 12, 2016 5:24 am
Forum: The Dude
Topic: Export Map interval
Replies: 34
Views: 21808

Re: Export Map interval

yes, at the moment i cannot switch to new dude because all external access has been removed. Such a shame. Please add some type of API / HTTP / etc so that we can query things from other systems.
by changeip
Wed Aug 10, 2016 7:31 am
Forum: General
Topic: Router replying to requests on SUBNET address
Replies: 0
Views: 962

Router replying to requests on SUBNET address

Why does RouterOS reply to packets destined for the subnet or broadcast address (first and last address in subnet)? This just started in newer releases - but I do not know which one. I believe 6.19 did not have this problem. RouterOS box has 192.168.1.1/24 on it. From another machine you can snmpwal...
by changeip
Fri Aug 05, 2016 8:01 pm
Forum: General
Topic: San Diego
Replies: 4
Views: 1650

San Diego

Anyone in San Diego on these forums? Looking for resources to hire.

Sam
by changeip
Fri Jun 03, 2016 5:37 am
Forum: Forwarding Protocols
Topic: OSPF losing routes randomly
Replies: 19
Views: 4748

Re: OSPF losing routes randomly

netgear gray (not the blue line) switches have this feature and break things unless you disable the storm control features. took me a long time to track it down.
by changeip
Thu May 26, 2016 7:37 pm
Forum: General
Topic: PowerBox help
Replies: 3
Views: 1377

Re: PowerBox help

/interface ethernet poe settings
set ether1-poe-in-long-cable=yes

That should be changed to default I think.
by changeip
Thu May 26, 2016 7:30 pm
Forum: General
Topic: IP Fragments and firewall rules
Replies: 6
Views: 4006

Re: IP Fragments and firewall rules

add chain=input/forward protocol=tcp fragment=yes action=accept
this sounds correct and usable, however wouldn't the implicit rule at the end of the chain just accept them anyhow?
by changeip
Thu May 26, 2016 3:11 am
Forum: General
Topic: IP Fragments and firewall rules
Replies: 6
Views: 4006

Re: IP Fragments and firewall rules

I dont want any connection-tracking, it slows things down. I am not enabling anything needing conn-track in the firewall and I for sure do not want packet reassembly. Is there no way to just route fragments as is? We have 1.5gbps of traffic and I for sure do not want to enable connection tracking on...
by changeip
Tue May 24, 2016 6:54 am
Forum: General
Topic: IP Fragments and firewall rules
Replies: 6
Views: 4006

IP Fragments and firewall rules

I have hundreds of routers - all with connection tracking disabled. I want to enter a single firewall rule to just drop dst tcp/80. As soon as I enable _any_ firewall rules routers start dropping fragmented packets. (microcell / femto's break) How can I allow fragmented packets to pass uninhibited a...
by changeip
Wed May 18, 2016 6:56 am
Forum: General
Topic: Ethernet and wireless bandwidth differences
Replies: 1
Views: 1414

Re: Ethernet and wireless bandwidth differences

google quic sessions? udp https ... run torch and see what it is.
by changeip
Tue May 10, 2016 6:05 am
Forum: General
Topic: Put a camera in the same VPN network
Replies: 6
Views: 1870

Re: Put a camera in the same VPN network

proxy arp is not on by default. if you can't send a 255.255.255.255 broadcast and see it traverse to the other side then it will not work. You need to be on the same broadcast domain / lan segment which means you need an eoip tunnel or proxy-arp. the other end of a vpn tunnel is not part of the same...
by changeip
Tue May 10, 2016 5:58 am
Forum: General
Topic: Flow Control, should I use it?
Replies: 42
Views: 43617

Re: Flow Control, should I use it?

Since then we actually started to point each CPE and every other router directly to the OpenDNS servers so request just passed the gateway router. In the last year we tried the 'dst-nat re-route to itself' with the dns cache server in the gateway again but again after a week or so we ran into dns i...
by changeip
Mon May 09, 2016 7:16 pm
Forum: General
Topic: Put a camera in the same VPN network
Replies: 6
Views: 1870

Re: Put a camera in the same VPN network

or enable proxy-arp.
by changeip
Mon May 09, 2016 7:15 pm
Forum: General
Topic: Put a camera in the same VPN network
Replies: 6
Views: 1870

Re: Put a camera in the same VPN network

use eoip tunnel to bridge the two networks.
by changeip
Mon May 09, 2016 7:12 pm
Forum: General
Topic: ROS Bugfix 6.32.4 - Bricking QRT 5 AC
Replies: 3
Views: 1609

Re: ROS Bugfix 6.32.4 - Bricking QRT 5 AC

I havent confirmed this but I believe NetMetals are also affected. Had one that wouldn't work on anything but a gigabit link after upgrade.

Sam
by changeip
Fri Mar 11, 2016 11:18 pm
Forum: Forwarding Protocols
Topic: OSPF and Latency
Replies: 1
Views: 1607

Re: OSPF and Latency

set the radios so they disconnect and dont use qpsk or similiar. that way when the signal gets bad they disconnect rather than barely hanging on.
by changeip
Wed Mar 02, 2016 6:40 am
Forum: General
Topic: winbox failed to see a brand new RB850Gx2 in neighbors
Replies: 5
Views: 1675

Re: winbox failed to see a brand new RB850Gx2 in neighbors

mikrotik hasnt fixed this I believe...

Try using 'ip neighbors' from another router on your network and i bet you will see it. Mac-telnet to it from there and then add an ip address to it, then you can access it. Or use IPv6.
by changeip
Wed Feb 24, 2016 10:28 pm
Forum: General
Topic: iptables "-j TEE" functionality needed
Replies: 12
Views: 6775

Re: iptables "-j TEE" functionality needed

I have done this myself in the past and it works. You might need to modify your selections - post your rules you tried and the src:port -> dst:port pairs so we can see.
by changeip
Wed Feb 24, 2016 5:07 am
Forum: General
Topic: iptables "-j TEE" functionality needed
Replies: 12
Views: 6775

Re: iptables "-j TEE" functionality needed

use NAT not mangle.
by changeip
Sat Feb 06, 2016 6:11 am
Forum: General
Topic: [SOLVED] Slow HTTP download
Replies: 7
Views: 9050

Re: Slow HTTP download

probably antivirus software acting as proxy.
by changeip
Sat Feb 06, 2016 6:03 am
Forum: Wireless Networking
Topic: RB921UAGS-5SHPacT-NM as AP
Replies: 2
Views: 1509

Re: RB921UAGS-5SHPacT-NM as AP

baloney. it will work fine. tilt the antennas all different directions to catch the reflections.
by changeip
Sat Feb 06, 2016 6:00 am
Forum: Scripting
Topic: "print" to file truncating results at 80 columns
Replies: 13
Views: 5924

Re: "print" to file truncating results at 80 columns

This is what you need - very nice feature really.

http://wiki.mikrotik.com/wiki/Manual:Co ... in_process

Just use "admin+120w" as the username instead of "admin".

Sam
by changeip
Thu Dec 10, 2015 7:16 pm
Forum: The Dude
Topic: The Dude is back! v6.34rc test build released
Replies: 269
Views: 103544

Re: The Dude is back! v6.34rc test build released

I love you Mikrotik for finally caving and restarting this project. We rely on it super heavily for our network management. A few things I would love to have fixed. Export / Import / Backups Discovery / Scanning seems to hang on subnets for long periods of time if not indefinately. Needs a timeout s...
by changeip
Wed Nov 11, 2015 11:08 pm
Forum: Announcements
Topic: 6.33 version released!
Replies: 139
Views: 56325

Re: 6.33 version released!

This frees up a lot of space in the router, and ensures you always get newest Winbox. When you have no access to internet, you still have Webfig, which is 1:1 in layout and features. So how do you move firewall / other rules in webfig? There is no re-ordering capability as far as I can tell so I ha...
by changeip
Thu Oct 15, 2015 1:20 am
Forum: RouterBOARD hardware
Topic: Poor SXT Power Adapter Quality
Replies: 19
Views: 6527

Re: Poor SXT Power Adapter Quality

That capacitor on the top right is buldging and the cause of your problem. I love how this problem is still around 15 years after the industry figured it out.
by changeip
Thu Oct 08, 2015 7:27 pm
Forum: General
Topic: RouterOS v6.x with Ubiquiti AirFiber 24 v2.0 - RX Error FCS
Replies: 77
Views: 41523

Re: RouterOS v6.x with Ubiquiti AirFiber 24 v2.0 - RX Error FCS

I have many FCS errors on a 10G SPF+ port on 1009 CCR... no wireless involved - just straight fiber to Cox. Going to try placing the switch in the middle to see if they move to the switch port.
by changeip
Thu Sep 17, 2015 7:56 am
Forum: Wireless Networking
Topic: In search of less jitter: locking NetMetal5 to lower rates and/or narrower bandwidth?
Replies: 4
Views: 1736

Re: In search of less jitter: locking NetMetal5 to lower rates and/or narrower bandwidth?

i was told there is nothing in the AC spec for tuning data rates. Mikrotik support told me that.
by changeip
Thu Sep 17, 2015 7:51 am
Forum: General
Topic: UDP connection and NAT
Replies: 4
Views: 2418

Re: UDP connection and NAT

Setup your masq rules separately, one for each out-interface? Then only NAT new connections? that way 'invalid' connections will die off on their own and start new ones?
by changeip
Fri Sep 11, 2015 12:51 am
Forum: Announcements
Topic: v6.30.4 bugfix release
Replies: 103
Views: 40495

Re: v6.30.4 bugfix release

check-gateway=arp is flakey. at least when there are 100,000+ routes. fails over the secondary routes even though arp entry still exists and connectivity to original gateway is never lost. switched to =ping and works fine. supout sent.
by changeip
Wed Aug 26, 2015 6:49 am
Forum: General
Topic: Bug: Invalid rules after copying and changing chain ROS5.26
Replies: 1
Views: 873

Re: Bug: Invalid rules after copying and changing chain ROS5.26

do a '/ip firewall filter export compact' and see what the differences are that the gui isn't showing.
by changeip
Thu Jul 16, 2015 11:59 pm
Forum: General
Topic: 802.11ac spectral scan
Replies: 157
Views: 53760

Re: 802.11ac spectral scan

Im sure it is there and works, its just DUDE that isn't recognizing how to tell the unit to do it... UPGRADE DUDE!
by changeip
Wed Nov 19, 2014 5:31 am
Forum: General
Topic: New forum look & feel
Replies: 64
Views: 13053

Re: New forum look & feel

oh goodness, this is the worst theme ever. Takes me 3 times as long to read because its all big and bubbly. Please let us choose or just go back and fix it for everyone.
by changeip
Wed Nov 19, 2014 5:09 am
Forum: General
Topic: Rename Address-List
Replies: 5
Views: 5808

Re: Rename Address-List

pseudo code:
/ip firewall address-list set [find [name=original]] name=newname
by changeip
Tue Sep 09, 2014 10:30 pm
Forum: Scripting
Topic: Problem with scripts executing from scheduler - global vars
Replies: 5
Views: 2161

Re: Problem with scripts executing from scheduler - global v

try changing this:

:set previousIPUno $currentIP

to this:

:global previousIPUno $currentIP
by changeip
Mon Sep 08, 2014 6:36 am
Forum: RouterBOARD hardware
Topic: GPIO for remote installations, why not?
Replies: 7
Views: 4084

Re: GPIO for remote installations, why not?

user led can be used as gpio. just be sure to not draw current beyond what the led does.
by changeip
Wed Aug 27, 2014 6:44 pm
Forum: RouterBOARD hardware
Topic: RB 912 UAG-5hpnd+ Rocket Dish problem with MCS
Replies: 22
Views: 7841

Re: RB 912 UAG-5hpnd+ Rocket Dish problem with MCS

the 912 board has problems with timing i believe. "I believe"? Explain yourself better. Why do think timing is an issue? What does MT say about that? Is this just a problem on some 912 series boards or does it effect the whole production line? It just seemed like there was something wrong...
by changeip
Tue Aug 26, 2014 4:16 am
Forum: RouterBOARD hardware
Topic: RB 912 UAG-5hpnd+ Rocket Dish problem with MCS
Replies: 22
Views: 7841

Re: RB 912 UAG-5hpnd+ Rocket Dish problem with MCS

i swapped 912 board out for 411gl with dbii card and fixed my problems. the 912 board has problems with timing i believe. i had to remove all 6 of them i had installed and havent looked back since.
by changeip
Tue Aug 26, 2014 4:12 am
Forum: Wireless Networking
Topic: NetBox 5 lab / reallife results
Replies: 64
Views: 24806

Re: NetBox 5 lab / reallife results

who stocks these new AC units in USA?
by changeip
Sun Aug 24, 2014 1:25 am
Forum: The Dude
Topic: Dude 4.0 beta3: high CPU on cisco devices
Replies: 21
Views: 16829

Re: Dude 4.0 beta3: high CPU on cisco devices

All this talk about how to disable the mib tree on Cisco... What about on a mikrotik network with 1000 devices - same issue. I tried writing layer 7 on the router right after the dude traffic to filter it but its not quite working. Can someone help fix? /ip firewall filter add action=drop chain=forw...
by changeip
Fri Jul 11, 2014 11:05 pm
Forum: General
Topic: Changing source ip address for ICMP type 11 packets.
Replies: 6
Views: 3833

Re: Changing source ip address for ICMP type 11 packets.

I am very interested in this also. I took a different route that kind of works though - can't you just change preferred source address on routing table to be loopback address and it will reply with that? I think I have that working somewhere on my network...
by changeip
Fri Jul 04, 2014 3:05 am
Forum: General
Topic: v6.15 released
Replies: 302
Views: 133344

Re: v6.15 released

Who else is having ospf problems? Many times all routes do not make it into the routing table, only into LSA. Is this the routing engine crashing? A reboot or three will finally make it work. I finally grabbed a supout and will put together a ticket if I can.
by changeip
Thu May 08, 2014 7:16 pm
Forum: General
Topic: G-bit port issues, MT not compatible?
Replies: 2
Views: 1047

Re: G-bit port issues, MT not compatible?

what type of gigabiut poe injectors are you using? Can you post pics - some of the originals are bad / faulty I have found.
by changeip
Fri Apr 25, 2014 6:05 pm
Forum: General
Topic: Duplicate ARP entries after IP change
Replies: 8
Views: 4894

Re: Duplicate ARP entries after IP change

I am seeing it with 5.26 as well actually. I am starting to think its a mikrotik bug in the dhcp server but I can't confirm. I am trying to get better pcaps so I can submit them.
by changeip
Wed Apr 09, 2014 7:39 am
Forum: Scripting
Topic: DHCP ALERTS
Replies: 3
Views: 3918

Re: DHCP ALERTS

paste this into router: /system logging action remove [find name="emailalert"] add email-to= YOUREMAIL@ADDRESS.TLD name=emailalert target=email /system logging remove [find topics="dhcp,critical"] add action=emailalert disabled=no prefix="" topics=dhcp,critical remove [...
by changeip
Sat Apr 05, 2014 6:20 am
Forum: RouterBOARD hardware
Topic: OSPF external routes bug
Replies: 6
Views: 3561

Re: OSPF external routes bug

ive ran into this many times, i wish they would fix it. its hard to capture because the whole network is down and im frantically trying to bring it back up rather than taking screenshots and supouts. Ive seen this from version 4.x thru 6.7 at least.
by changeip
Fri Mar 28, 2014 10:18 pm
Forum: RouterBOARD hardware
Topic: RB800 heat problem advisory
Replies: 60
Views: 1371

Re: RB800 heat problem advisory

I figured it out. Mikrotik QA didn't catch the Laird thermal paste backing paper wasn't removed:

Image
by changeip
Fri Mar 28, 2014 8:08 am
Forum: RouterBOARD hardware
Topic: RB800 heat problem advisory
Replies: 60
Views: 1371

Re: RB800 heat problem advisory

this is an old thread, but i just dug up 2 brand new rb800s and one has this problem. I removed the resistor and continue to have the problem. Did anyone else have this problem or am I the only one? They are only 1 serial number apart. One has the problem the other doesn't. Is there a different resi...
by changeip
Tue Mar 25, 2014 5:43 pm
Forum: General
Topic: Duplicate ARP entries after IP change
Replies: 8
Views: 4894

Re: Duplicate ARP entries after IP change

I am starting to believe this is a bug on 6.x. I have encountered this a few times now and previously thought it was a ASUS router firmware causing the problem. This time I just downgraded to 5.26 on the affected segment and the problem went away. Can you downgrade to 5.26 and see if that helps? We'...
by changeip
Mon Feb 17, 2014 6:05 pm
Forum: RouterBOARD hardware
Topic: RB911G/RB912G - poor ccq/performance in benchmark setup
Replies: 17
Views: 8194

Re: RB911G/RB912G - poor ccq/performance in benchmark setup

yes. all performance after the swap improved, including no more packet loss.
by changeip
Sun Feb 16, 2014 3:38 am
Forum: RouterBOARD hardware
Topic: RB911G/RB912G - poor ccq/performance in benchmark setup
Replies: 17
Views: 8194

Re: RB911G/RB912G - poor ccq/performance in benchmark setup

okay I have had the chance to swap all our 912 boards for our usual 411gl board setup. In 3 cases we had links > 30km with ccq's all over the place and typically less than 80%. With no other changes other than the routerboard (912 to 411gl) we are now at solid performance, 99-100% ccqs, and no ether...
by changeip
Sun Feb 16, 2014 3:34 am
Forum: RouterBOARD hardware
Topic: RB912UAG LAN connection problem
Replies: 2
Views: 1515

Re: RB912UAG LAN connection problem

I've encountered multiple bad 912 boards. They aren't bad in the sense that something is wrong with these specific boards, they are bad in the sense that they are just bad design. All 912 boards have come off our network and now we are enjoying 100% ccq's again and no ethernet problems anymore. Ever...
by changeip
Fri Feb 07, 2014 4:26 am
Forum: RouterBOARD hardware
Topic: ethernet pause / drops
Replies: 9
Views: 12437

Re: ethernet pause / drops

thats what I can't understand. Are you saying the mikrotik doesn't support flow control on the tx but it does on the tx? The only thing in this segment is mikrotik...
by changeip
Thu Feb 06, 2014 6:09 pm
Forum: Forwarding Protocols
Topic: OSPF Default Gateway - Routing Table Installation
Replies: 4
Views: 2969

Re: OSPF Default Gateway - Routing Table Installation

Doesn't work - I can't yank out the body of the LSA in script, its just blank. Any other thoughts without resorting to doing traceroutes and trying to pick out which provider it leaves?
by changeip
Thu Feb 06, 2014 6:05 pm
Forum: Forwarding Protocols
Topic: OSPF Default Gateway - Routing Table Installation
Replies: 4
Views: 2969

Re: OSPF Default Gateway - Routing Table Installation

Ah, so you are saying I could query those 3 LSA entries, parse their costs and then sort them to find the lowest? That might work - will see if I can give that a shot.
by changeip
Thu Feb 06, 2014 6:03 pm
Forum: RouterBOARD hardware
Topic: ethernet pause / drops
Replies: 9
Views: 12437

Re: ethernet pause / drops

Everything plugged into that core segment is a routerboard - 411gl, 912, 2011, 750, etc. How can I tell who is sending these? They are interconnected by a netgear 5 or 8 port dumb switch.
by changeip
Thu Feb 06, 2014 9:15 am
Forum: RouterBOARD hardware
Topic: RB911G/RB912G - poor ccq/performance in benchmark setup
Replies: 17
Views: 8194

Re: RB911G/RB912G - poor ccq/performance in benchmark setup

Has anyone ever figured this out? I just came to the forums looking for this answer as I am noticing it as well. The past 3 long distance links we installed with 912UAG all show suboptimal ccqs. I am starting to wonder if I swap back to 411 / dbii or sr71 if this will fix it. Interestingly enough I ...
by changeip
Thu Feb 06, 2014 9:10 am
Forum: RouterBOARD hardware
Topic: ethernet pause / drops
Replies: 9
Views: 12437

ethernet pause / drops

Why do my new fancy 912 boards show this? Are there really packets being dropped or is it showing how many it has ignored? Also, running packet sniffer will not reveal layer 1 and who is sending these pause packets. How can I track it down?

Image

Sam
by changeip
Thu Feb 06, 2014 8:07 am
Forum: Forwarding Protocols
Topic: OSPF Default Gateway - Routing Table Installation
Replies: 4
Views: 2969

OSPF Default Gateway - Routing Table Installation

I would like to write a script to determine all my routers best path to the internet. Does anyone know a way to determine which LSA route gets installed on a router? Then I could tell from each router what its best path outbound is.

Image
by changeip
Fri Aug 30, 2013 5:47 pm
Forum: Beginner Basics
Topic: Terminal Not Responding
Replies: 18
Views: 9140

Re: Terminal Not Responding

I am using 5.25 on this router. It is multi-core enabled. I do have lots of queues and 200-300mbps of bandwidth going thru it. I wonder if its related to disk activity, it seems like the disk window also is slow, like it can't read the disk fast, or gets hung up and goes slow. I am using SSD on this...
by changeip
Fri Aug 30, 2013 9:42 am
Forum: Beginner Basics
Topic: Terminal Not Responding
Replies: 18
Views: 9140

Re: Terminal Not Responding

THIS IS ON TO SOMETHING ... I've been tracking down this problem for 2 weeks now. I just click terminal or try to ssh and its very slow, almost seems broken, but if you wait it will eventually spit a few characters out at a time. Click on Make Supout from winbox and instantly its fixed. . . Please f...
by changeip
Thu Aug 09, 2012 7:43 pm
Forum: General
Topic: Serial ports on new boards
Replies: 3
Views: 1436

Re: Serial ports on new boards

if a routerboard does not have the serial port can you still include it in the bios? I would like to be able to add max232 to some boards and use the port, but I think its disabled in the bios.
by changeip
Thu Aug 09, 2012 7:00 pm
Forum: Forwarding Protocols
Topic: BGP route failover is too slow. Any way around this?
Replies: 6
Views: 3142

Re: BGP route failover is too slow. Any way around this?

Read about hold-time. If you lower it you will improve that. You should also ask the other side to match your setting.
by changeip
Mon Aug 06, 2012 6:50 pm
Forum: The Dude
Topic: Dude v4.0beta02 export dies
Replies: 18
Views: 6582

Re: Dude v4.0beta02 export dies

i got a backup file downloaded with the web interface on dude running on routeros. its corrupt, but it gave me some file. i wonder if there is a workaround using website url to download backup.
by changeip
Thu Aug 02, 2012 8:00 am
Forum: General
Topic: SNMP doesn't work with asymmetric routes?
Replies: 32
Views: 13529

Re: SNMP doesn't work with asymmetric routes?

i only wish ... please mikrotik fix this. let us bind the snmp service to a loopback ip or something. anything ...
by changeip
Thu Jul 26, 2012 7:04 am
Forum: General
Topic: Router not routing
Replies: 6
Views: 3766

Re: Router not routing

you cant have the same /16 on two different interfaces. the local machine will not send the traffic to the router for anything on that 192.168.x.x because it thinks its local. a machine will arp for anything in its own subnet instead of sending it to the default gateway.
by changeip
Tue Jul 24, 2012 1:43 am
Forum: Scripting
Topic: Sniffer script not working ros 5.19
Replies: 1
Views: 2215

Re: Sniffer script not working ros 5.19

put filename in quotes and make sure there arent any special characters in there (like slashes and colons).
by changeip
Thu Jul 19, 2012 7:12 pm
Forum: General
Topic: Serial to ethernet converters recommend?
Replies: 1
Views: 1123

Re: Serial to ethernet converters recommend?

any mikrotik with a usb / serial port should work. enable /port remote-access features.
by changeip
Wed Jul 18, 2012 5:28 am
Forum: Wireless Networking
Topic: Too many poll time-outs
Replies: 20
Views: 17902

Re: Too many poll time-outs

if you are using nstreme go back to 4.17. it is mostly broken in 5.x.
by changeip
Fri Jul 13, 2012 7:03 pm
Forum: General
Topic: Mikrotik DNS server issues with Amazon S3 - low TTL 60sec
Replies: 118
Views: 56925

Re: Mikrotik DNS server issues with Amazon S3 - low TTL 60se

please mikrotik team - lets fix this dns server code instead of work around it with hacks : ) You should be able to identify it now and fix it since 'devil' has done such good work on tracking it down.
by changeip
Wed Jul 11, 2012 9:05 pm
Forum: General
Topic: DNS Changer Malware Identification and QuickFix for ISP
Replies: 2
Views: 1565

Re: DNS Changer Malware Identification and QuickFix for ISP

please dont try to fix it, just let their computers break so they will finally get cleaned up...
by changeip
Mon Jun 25, 2012 11:56 pm
Forum: General
Topic: Mikrotik DNS server issues with Amazon S3 - low TTL 60sec
Replies: 118
Views: 56925

Re: Mikrotik DNS server issues with Amazon S3 - low TTL 60se

are you using changed opendns configuration? Maybe their responses are different on an unconfigured network from their side.
by changeip
Mon Jun 25, 2012 11:51 pm
Forum: The Dude
Topic: Dude label stop to show/refresh data from SNMP or Script
Replies: 8
Views: 3883

Re: Dude label stop to show/refresh data from SNMP or Script

just a bug in dude ... it cant always keep up with how many probes its doing, so the snmp will timeout and not show labels properly. it could also be multihomed machine returning snmp packets via a different source ip, which wont make it back to dude. Please MT - allow SNMP to be bound to a specific...
by changeip
Mon Jun 25, 2012 6:51 pm
Forum: General
Topic: Interface TX rate much higher than queue rate
Replies: 1
Views: 1157

Re: Interface TX rate much higher than queue rate

Average rate - not actual rate. also, whats the parent set to on the queue?
by changeip
Fri Jun 15, 2012 6:36 pm
Forum: General
Topic: Unable to Upgrade RB1200
Replies: 8
Views: 2195

Re: Unable to Upgrade RB1200

replace the dot with a dash and then maybe it will make more sense. these are not decimal numbers.

5-2
is a lower version than
5-7
and still lower than
5-17

Why does this topic keep coming up? Amazing how many people misinterpret this.
by changeip
Fri Jun 08, 2012 6:21 pm
Forum: Scripting
Topic: IPSec updater with 2 dynamic addresses.
Replies: 2
Views: 1248

Re: Simple script to set a global variable from local info.

:global localSite [/ip address get [find interface="2-dmz"] address]
:env print
"localSite"="10.40.4.1/24"

You will need to handle if there are more than 1 ip address on an interface, it will give an error if so.
by changeip
Wed Jun 06, 2012 6:20 pm
Forum: Forwarding Protocols
Topic: OSPF overlapping backbone network IPs
Replies: 0
Views: 1992

OSPF overlapping backbone network IPs

I have a 100+ routers in our backbone currently. I always used on all routers: /routing ospf network> print Flags: X - disabled, I - invalid # NETWORK AREA 0 10.10.10.0/23 backbone Recently I started using only the /30 subnets between peers ... which gets me to wondering now, if I want to make anoth...
by changeip
Thu May 31, 2012 7:03 pm
Forum: General
Topic: New Ethernet port flap issue enquiery, PLS JOIN!
Replies: 247
Views: 113803

Re: New Ethernet port flap issue enquiery, PLS JOIN!

how many are having this issue when using the included routerboard poe injectors that come with the SXT/OmniTiks, etc? It seems the ones I had problems with were caused by the injectors being flaky. Are those wires even 24 gauge?
by changeip
Sun May 27, 2012 7:59 pm
Forum: Scripting
Topic: Changeip script only works 1 time after a reboot
Replies: 5
Views: 2570

Re: Changeip script only works 1 time after a reboot

Hello,

Use this script instead of the one you modified - the number=1 is not a valid command.

http://www.changeip.com/mikrotik/5.x.txt

or if you prefer the older one:

http://www.changeip.com/mikrotik/

Sam
by changeip
Fri May 25, 2012 6:24 pm
Forum: Scripting
Topic: Dividing in a ROS script?
Replies: 4
Views: 2796

Re: Dividing in a ROS script?

this works fine for me:

[] > :global ram [/system resource get free-memory]
[] > :put $ram
978020
[] > :set ram ($ram/1024)
[] > :put $ram
955


Sam
by changeip
Wed May 23, 2012 6:00 pm
Forum: General
Topic: Why is default gateway reachable through two interfaces?
Replies: 9
Views: 3165

Re: Why is default gateway reachable through two interfaces?

can you change the dhcp client on wan2 to have a higher default gateway cost?
by changeip
Wed May 23, 2012 5:46 pm
Forum: General
Topic: Mikrotik DNS server issues with Amazon S3 - low TTL 60sec
Replies: 118
Views: 56925

Re: Mikrotik DNS server issues with Amazon S3 - low TTL 60se

to get this resolved, take a packet capture of port 53 on the external interface and highlight the query and the response in wireshark. then send a supout along with those results. if you can prove that the response came back in but didnt get used, then maybe mikrotik will finally look at it.
by changeip
Sat May 19, 2012 8:14 pm
Forum: Forwarding Protocols
Topic: hide bgp AS
Replies: 3
Views: 1883

Re: hide bgp AS

thats strange. i assume your upstream will get a call from someone shortly about leaking privates into the tables. this is not normal, they should be filtering those out before they reannounce.
by changeip
Sat May 12, 2012 5:43 am
Forum: Forwarding Protocols
Topic: BGP Advertisement Issue
Replies: 5
Views: 2661

Re: BGP Advertisement Issue

most likely your provider is filtering them out. probably because they are not expecting you to be passing additional AS paths and/or prefixes.
by changeip
Fri May 11, 2012 5:47 pm
Forum: Beginner Basics
Topic: PPTP Static routes lose gateway when DSL disconnects
Replies: 4
Views: 4195

Re: PPTP Static routes lose gateway when DSL disconnects

its probably better to add the routes to the ppp secret, that way they get installed when its active only.
by changeip
Wed May 09, 2012 2:35 am
Forum: Forwarding Protocols
Topic: hide bgp AS
Replies: 3
Views: 1883

Re: hide bgp AS

you need your ISP3 provider to either strip it, or provide you with a private AS number for your peering.
by changeip
Tue May 01, 2012 7:13 pm
Forum: General
Topic: General ISP Question - What do you do with your unneeded bw?
Replies: 9
Views: 2686

Re: General ISP Question - What do you do with your unneeded

find a radio station that you can provide streaming to - either comp it to them by asking for advertising in return, or just charge them cost on it.
by changeip
Sun Apr 29, 2012 2:06 am
Forum: General
Topic: v5.15 released!
Replies: 150
Views: 40939

Re: v5.15 released!

were having problems with vlans > 99 in 5.15. Didnt have a chance to get supouts as it was in production and had to roll back to 5.14 to fix it. Will see if we can reproduce.
by changeip
Wed Apr 25, 2012 4:53 am
Forum: Forwarding Protocols
Topic: Level 3 BGP communities.
Replies: 3
Views: 2182

Re: Level 3 BGP communities.

yeah ive ran into this before as well, i cant remember if i got it to work on the CLI or not. It would be nice to have this feature working.
by changeip
Mon Apr 16, 2012 7:24 pm
Forum: The Dude
Topic: RouterOS + Dude Web Interface problems...
Replies: 34
Views: 31578

Re: RouterOS + Dude Web Interface problems...

Disable www under ip services. Make sure you don't have a filter rule that blocks 80
does this work for you? I just transitioned from windows to dude package on x86 routeros. web service access does not work with 5.14. Please fix : )
by changeip
Mon Apr 16, 2012 5:53 am
Forum: General
Topic: Anything happened to Changeip / Sam Norris?
Replies: 51
Views: 12803

Re: Anything happened to Changeip / Sam Norris?

Sorry guys - was just on vacation with horrible cell reception. The problem that occurred was not notifying us because it only affected a few zones on the system ... we've put some measures in to catch this problem in the future should it ever happen again ( shouldn't! ).

Sam
by changeip
Wed Apr 04, 2012 6:07 pm
Forum: General
Topic: Feature Request : Winbox Plugin inside Winbox like Telnet
Replies: 9
Views: 4940

Re: Feature Request : Winbox Plugin inside Winbox like Telne

setup a single dstnat rule to forward port 8292 to insideip:8291 and then just use winbox from the outside.
by changeip
Mon Apr 02, 2012 4:58 am
Forum: Beginner Basics
Topic: How to login XBox 360's on hotel RouterOS setup
Replies: 24
Views: 8937

Re: How to login XBox 360's on hotel RouterOS setup

1 - you have no control over the hotspot whatsoever. 2 - there is a username and password assigned, but no way to enter it. 3 - if the hotel isnt running B mode wireless you can connect with a mt/ubnt radio and setup your own wireless. 4 - you still need a way to enter a password. 5 - refer to 1, an...
by changeip
Mon Apr 02, 2012 12:40 am
Forum: Beginner Basics
Topic: How to login XBox 360's on hotel RouterOS setup
Replies: 24
Views: 8937

Re: How to login XBox 360's on hotel RouterOS setup

i didnt get this from the conversation - are you the hotel with the routeros setup, or the guest trying to connect? I would probably find the first 3 octets of the MAC addresses that XBox 360's use and then write a script that once a minute finds them and bypasses them. I ran into this exact same pr...
by changeip
Tue Mar 27, 2012 10:09 pm
Forum: General
Topic: PPTP classless route vs. class routing
Replies: 20
Views: 11330

Re: PPTP classless route vs. class routing

you are right in the end, im just saying without dhcp on ppp it defaults to a /8.

mikrotik needs to make it so dhcp server can run on a ppp interface to make it work. right now the ppp service hands out the ips, not the dhcp service.
by changeip
Tue Mar 27, 2012 4:52 am
Forum: The Dude
Topic: ATTN normis / Mikrotik -- bug identified
Replies: 3
Views: 2038

Re: ATTN normis / Mikrotik -- bug identified

ooo you might be onto something : )
by changeip
Tue Mar 27, 2012 4:50 am
Forum: General
Topic: PPTP classless route vs. class routing
Replies: 20
Views: 11330

Re: PPTP classless route vs. class routing

this is not a mikrotik thing, its a windows things. Windows connects pptp clients with classful routes. . . so if you get assigned a 10.x.x.x anything, windows will stick a 10.0.0.0/8 in its routing table and bork things up. I always use a 172.16.x.x address on pptp to get around that. Again, not mi...
by changeip
Fri Mar 23, 2012 5:05 pm
Forum: Forwarding Protocols
Topic: OSPF on an interface with two ip addresses
Replies: 4
Views: 2325

Re: OSPF on an interface with two ip addresses

are you using a loopback interface with a /32 ip on it and thats the routerid ?
by changeip
Fri Mar 23, 2012 6:33 am
Forum: Forwarding Protocols
Topic: OSPF on an interface with two ip addresses
Replies: 4
Views: 2325

Re: OSPF on an interface with two ip addresses

this works fine, i have interface that have multiple ips on them, and it works fine... whats the issue, it just wont fully establish?

Sam
by changeip
Fri Mar 16, 2012 11:30 pm
Forum: Scripting
Topic: Writing interfaces address to a file
Replies: 6
Views: 2394

Re: Writing interfaces address to a file

ah, I see ... working around a limitation that you can't create a file by writing directly to it first. I see. Maybe the delay just gives the script enough time to close the file properly. . . can you live with a :delay 1 in the script?
by changeip
Fri Mar 16, 2012 5:37 pm
Forum: General
Topic: Release Date? For Version 6?
Replies: 18
Views: 11363

Re: Release Date? For Version 6?

Check this tab, and see what value is in there: http://h1x.com/jing/2012-03-16_0834.png And then go to this tab and set 'card rates' and something 5-6db lower to start with. Then adjust from there 1 at a time (up or down). Never go higher than what was in that field to start with. Review the signal ...
by changeip
Fri Mar 16, 2012 3:01 am
Forum: General
Topic: Release Date? For Version 6?
Replies: 18
Views: 11363

Re: Release Date? For Version 6?

turn that freakin -40db into -65db and try it again ... it's yelling so loud its distorting the signal.
by changeip
Wed Mar 14, 2012 1:38 am
Forum: Scripting
Topic: Writing interfaces address to a file
Replies: 6
Views: 2394

Re: Writing interfaces address to a file

/file print file=test

the above prints the directory listing to file=test. You dont want that, you want to print the contents of the file, not write to it. Try something like:

/file get "test.txt" contents (not exact syntax, but you get the idea)

Sam
by changeip
Tue Mar 13, 2012 3:13 am
Forum: Wireless Networking
Topic: Odd problem
Replies: 10
Views: 1714

Re: Odd problem

post a picture of how you taped the connectors. probably all wet inside of the threads.
by changeip
Sun Mar 11, 2012 7:40 am
Forum: General
Topic: Feature request: "DHCP Renew" script event
Replies: 2
Views: 2060

Re: Feature request: "DHCP Renew" script event

better yet would be a way to create a logging action that could run a script. the data of the log entry would be available in a variable the script could access. this would extend it way past just a dhcp renewal event.
by changeip
Sat Mar 10, 2012 8:52 pm
Forum: Forwarding Protocols
Topic: Speed to loopback IP
Replies: 3
Views: 2338

Re: Speed to loopback IP

i was wondering this same thing last week... not sure if it has something to do with the bridge interface or what. would be nice to figure it out.
by changeip
Fri Mar 09, 2012 9:27 am
Forum: Forwarding Protocols
Topic: OSPF Type 5 LSA flooding but not added to route table?
Replies: 14
Views: 8635

Re: OSPF Type 5 LSA flooding but not added to route table?

I make sure that all my externals are flooded only from one place in the network. For example an /28 flooded from 2 locations (main link, backup link). Change to 2x /29 (main link) and /28 backup link. I don´t have a problem since a make this changes a week ago. Are you saying that instead of havin...
by changeip
Wed Mar 07, 2012 9:46 am
Forum: General
Topic: Who's using the bandwidth?
Replies: 2
Views: 5358

Re: Who's using the bandwidth?

right click on an interface in winbox and choose torch.
by changeip
Thu Mar 01, 2012 6:48 am
Forum: Beginner Basics
Topic: Open port for entire network?
Replies: 6
Views: 6027

Re: Open port for entire network?

bummer. if you only have a single public IP you can only forward those ports to one machine or the other. However, is it possible to do some trickery with address-lists and somehow put their game servers in an address-list and use alternate dst-nat rules that are run on for those sources? If you can...
by changeip
Wed Feb 29, 2012 7:13 pm
Forum: Beginner Basics
Topic: Open port for entire network?
Replies: 6
Views: 6027

Re: Open port for entire network?

do you only have a single external IP? You can only forward those ports to one machine if you only have 1 ip. You could forward them to multiple machines in round robin/random fashion, but I doubt that helps. How do you suppose the router would know which gaming machine the request on 5222 would be ...
by changeip
Mon Feb 27, 2012 12:57 am
Forum: Scripting
Topic: dynDNS Update Script
Replies: 158
Views: 132105

Re: dynDNS Update Script

changeip.com - we are the only ones that have ssl updates in routeros, and actually support and use routeros. everyone else will just ban you for too many updates ; )
by changeip
Wed Feb 22, 2012 8:40 am
Forum: General
Topic: firewall filter on ipsec, how to identify the IPSec intrfce
Replies: 53
Views: 34347

Re: firewall filter on ipsec, how to identify the IPSec intr

your still not listening / reading: But if a packet with those same source and destination addresses can be passed to the WAN interface of your ROS device - even if it's not inside the ipsec tunnel, your ROS device will pass it into your privileged LAN - EVEN THOUGH IT DIDN'T COME FROM THE IPSEC TUN...
by changeip
Wed Feb 22, 2012 5:25 am
Forum: General
Topic: firewall filter on ipsec, how to identify the IPSec intrfce
Replies: 53
Views: 34347

Re: firewall filter on ipsec, how to identify the IPSec intr

trust me, if you have an ipsec policy in place that traffic will either need to be successfully decrypted, or dropped. it will be dropped before it even hits the forward chain in the firewall if it didnt come thru the tunnel.
by changeip
Sat Feb 18, 2012 9:13 am
Forum: General
Topic: firewall filter on ipsec, how to identify the IPSec intrfce
Replies: 53
Views: 34347

Re: firewall filter on ipsec, how to identify the IPSec intr

you didnt understand / read my post correctly. I agree you cannot identify by interface, and i wish we could because I have use for it as well. However, see below: http://h1x.com/jing/2012-02-17_2310.png If ANY packet comes from 192.168.117.x on any interface it will be forced to be decrypted FIRST ...
by changeip
Sat Feb 18, 2012 9:03 am
Forum: General
Topic: PPTP: Bad performance over Mikrotik, works fine with windows
Replies: 7
Views: 6003

Re: PPTP: Bad performance over Mikrotik, works fine with win

no, problem is packet reordering / reassembly I believe. with encryption it is very bad because it has to resync/rekey encryption. Someone should packet sniff both ends and compare to see if packets are not in same order when they are received. same issue with 2 powerful routers.
by changeip
Sat Feb 18, 2012 8:24 am
Forum: General
Topic: Dynamic Port Forwards - Multiple Internal Hosts
Replies: 5
Views: 1624

Re: Dynamic Port Forwards - Multiple Internal Hosts

to make 'related' connections across IP addresses you probably have to either use address-lists, or use mangling to mark the tcp connection and somehow tie the 2 additional udp NAT rules to the initial TCP connection. I don't know if it will happen quickly enough but maybe, depends on the sequence o...
by changeip
Sat Feb 18, 2012 2:40 am
Forum: General
Topic: tftp-server-name option in DHCP-SERVER
Replies: 17
Views: 34791

Re: tftp-server-name option in DHCP-SERVER

ps - i was not successful in using routeros tftp or centos atftp, i had to use windows tftpd32 version 3.23 on the local subnet to make it work. not sure why, files would time out using routeros and atftpd, probably some EOF block that it didnt like or something.
by changeip
Sat Feb 18, 2012 2:39 am
Forum: General
Topic: tftp-server-name option in DHCP-SERVER
Replies: 17
Views: 34791

Re: tftp-server-name option in DHCP-SERVER

i just did this yesterday. funny.

the option 150 is not straight ip address, you need to encode it in hex some weird way.

better way is to just set 'next-server' to your tftp ip on the 'dhcp-server network' to include the tftp server ip... works fine.
by changeip
Sat Feb 18, 2012 2:35 am
Forum: General
Topic: firewall filter on ipsec, how to identify the IPSec intrfce
Replies: 53
Views: 34347

Re: firewall filter on ipsec, how to identify the IPSec intr

you are basically saying that if traffic arrives from that source on the wan interface, and its not part of the ipsec established tunnel, it will be dropped no matter what, because it doesnt match the ipsec policy... correct? It will be dropped before it even hits the firewall because there is an ip...
by changeip
Fri Feb 17, 2012 7:17 pm
Forum: General
Topic: firewall filter on ipsec, how to identify the IPSec intrfce
Replies: 53
Views: 34347

Re: firewall filter on ipsec, how to identify the IPSec intr

Yes, I would like to not allow 192.168.1.0/24 into my WAN interface unless its thru an IPSec tunnel as well. I dont have a choice what the remote end uses, so I have to allow 192.168.1.0/24 in from WAN? I believe if anything comes from that IP on the wan it will fail because of the ipsec rules, but ...
by changeip
Thu Feb 09, 2012 5:21 am
Forum: Scripting
Topic: set field to blank
Replies: 2
Views: 1386

Re: set field to blank

can u use 'unset' ?
by changeip
Thu Feb 09, 2012 3:37 am
Forum: Scripting
Topic: Script to login to several routers and run a script?
Replies: 20
Views: 19127

Re: Script to login to several routers and run a script?

Any recommendation to get a list of Mikrotik IPs on my network to feed into this script? IP Neighbor will only give me adjacent. IP Scan will get me everything. part of one of my shell scripts to find a list of devices out of the dude: # getting file from dude server echo "Authorizing..."...
by changeip
Tue Feb 07, 2012 9:14 pm
Forum: General
Topic: format hd retain license key
Replies: 1
Views: 1112

Re: format hd retain license key

use netinstall. it will read and keep key, and then format and reinstall.
by changeip
Tue Feb 07, 2012 6:51 pm
Forum: Wireless Networking
Topic: Vlans over wireless
Replies: 3
Views: 3809

Re: Vlans over wireless

i had a few times where a vlan over wireless (nothing specially setup, just vlan on wireless interface) and I would have to jiggle both ends to make it start passing traffic. Jiggle meaning disable and reenable the vlan interfaces. What happens if you just remove the vlans, do you still see bad perf...
by changeip
Thu Feb 02, 2012 6:13 pm
Forum: Scripting
Topic: ChangeIP and Mikrotik 5.0
Replies: 22
Views: 11650

Re: ChangeIP and Mikrotik 5.0

I believe you might have a prpoblem with variable script. You are defining 'current' inside of an "if" statement, which makes that variable only valid in that code block. Try moving the definition of 'current' above and use :set to change its value maybe? local current [:resolve "$ppt...
by changeip
Wed Feb 01, 2012 7:50 pm
Forum: The Dude
Topic: The future of The Dude?
Replies: 10
Views: 3844

Re: The future of The Dude?

yes - more development please!
by changeip
Tue Jan 31, 2012 6:41 pm
Forum: Beginner Basics
Topic: MikroTik - uTorrent behing NAT does not work
Replies: 9
Views: 11639

Re: MikroTik - uTorrent behing NAT does not work

yep - just remove src-port=42056 from the rules you posted.
by changeip
Tue Jan 31, 2012 5:49 am
Forum: General
Topic: Using a PPTP interface in "in-interface" or "out-interface"
Replies: 3
Views: 1464

Re: Using a PPTP interface in "in-interface" or "out-interfa

/ip firewall filter add action=jump chain=forward comment="ppp shim" disabled=no jump-target=ppp Move that rule somewhere appropriate in your forward chain. /ip firewall filter add action=drop chain=ppp-in disabled=no dst-port=445 protocol=tcp add action=accept chain=ppp-in disabled=no add...
by changeip
Tue Jan 31, 2012 2:11 am
Forum: General
Topic: Using a PPTP interface in "in-interface" or "out-interface"
Replies: 3
Views: 1464

Re: Using a PPTP interface in "in-interface" or "out-interfa

this is what the ppp-in and ppp-out chains are for. Jump to them in the forward chain. You can also make the server interfaces static so they can be named explicitly in firewall rules, since they won't disappear when they are disconnected.
by changeip
Mon Jan 30, 2012 11:16 pm
Forum: Beginner Basics
Topic: MikroTik - uTorrent behing NAT does not work
Replies: 9
Views: 11639

Re: MikroTik - uTorrent behing NAT does not work

just open port 42056 (udp/tcp) to your internal ip and it should work. dstnat rule inbound ...
by changeip
Mon Jan 30, 2012 4:03 am
Forum: General
Topic: SNTP Client can't sync time
Replies: 10
Views: 5412

Re: SNTP Client can't sync time

it a stratum problem im guessing. RouterOS wont use a Microsoft stratum value - too high.
by changeip
Wed Jan 25, 2012 7:24 pm
Forum: General
Topic: SNMP no Response
Replies: 33
Views: 24672

Re: SNMP no Response

you can disable and then enable the snmp service to restart it. do you only have a single ip on that interface? have you run packet sniffer to confirm its not replying but with wrong source?
by changeip
Wed Jan 25, 2012 6:55 pm
Forum: General
Topic: SNMP no Response
Replies: 33
Views: 24672

Re: SNMP no Response

multihomed? are the packets coming and going on the same interface? RouterOS will reply with src ip from whatever route it takes, so if you are not using the default gateway you will get no snmp responses from the router (they dont come from the requested ip). i wish you could bind snmp to the loopb...
by changeip
Wed Jan 25, 2012 9:35 am
Forum: General
Topic: Export compact (new in v5.12)
Replies: 76
Views: 42396

Re: Export compact (new in v5.12)

what's the difference? import them both and get same result
i think he was mentioning this: address=0.0.0.0/8, the /8 is not accounted for.
by changeip
Tue Jan 24, 2012 9:33 am
Forum: Scripting
Topic: how to know if ethernet is not running
Replies: 9
Views: 2813

Re: how to know if ethernet is not running

you must be on x86?

/interface ethernet> set [find] disable-running-check=no

that will disable the interface automatically when its not linked.
by changeip
Mon Jan 23, 2012 7:06 pm
Forum: General
Topic: v5.12 released
Replies: 144
Views: 38007

Re: v5.12 released

export compact is very nice. thank you!

Here is a possible bug with export? See red syntax error markers:

Image
by changeip
Mon Jan 23, 2012 6:58 pm
Forum: General
Topic: SMB
Replies: 14
Views: 8977

Re: SMB

please add a fat32 driver so we can move external disks between windows box and routeros without having to reformat. thanks for adding it, hopefully it doesnt bloat the os. it is nice to have in my opinion as long as its stable. on slower usb drives you could possibly cause iowait to go so high and ...
by changeip
Sun Jan 22, 2012 10:30 am
Forum: General
Topic: support@mikrotik.com response time?????
Replies: 2
Views: 1267

Re: support@mikrotik.com response time?????

use netinstall. the license changed back in 3.18 or so to be based on version instead of time.
by changeip
Fri Jan 20, 2012 9:30 am
Forum: RouterBOARD hardware
Topic: r52hn power offset ??
Replies: 7
Views: 3507

Re: r52hn power offset ??

look under the tx powers tatus tab and find the actual to see what its using.
by changeip
Thu Jan 19, 2012 7:42 pm
Forum: RouterBOARD hardware
Topic: r52hn power offset ??
Replies: 7
Views: 3507

Re: r52hn power offset ??

the default is the max.
by changeip
Thu Jan 19, 2012 1:02 am
Forum: General
Topic: TCP/IP over DNS/ICMP/HTTP - deceive proxy / firewall
Replies: 6
Views: 5479

Re: TCP/IP over DNS/ICMP/HTTP - deceive proxy / firewall

can you just create l2tp tunnel using udp/53 ?
by changeip
Sun Jan 15, 2012 7:27 pm
Forum: Virtualization
Topic: Bridge not forwarding traffic on ESXi host
Replies: 11
Views: 14809

Re: Bridge not forwarding traffic on ESXi host

isnt there something in vmware you have to enable to allow a port to become promiscuous and see all traffic on a bridge?
by changeip
Thu Jan 12, 2012 7:54 pm
Forum: Scripting
Topic: Public interest in blacklist service w/ MikroTik script?
Replies: 6
Views: 10972

Re: Public interest in blacklist service w/ MikroTik script?

or turn it into a bgp feed and then you can use my script to turn that back into an address-list.
by changeip
Thu Jan 12, 2012 6:58 pm
Forum: Beginner Basics
Topic: number of BGP networks is limited to 200
Replies: 1
Views: 1078

Re: number of BGP networks is limited to 200

you are better off using the routing table to enter the prefixes, and just set the destination to blackhole. this will get them announced without using the networks command.
by changeip
Mon Jan 09, 2012 1:17 am
Forum: General
Topic: new x86 server. HDD vs CF vs USB Flash.
Replies: 3
Views: 1766

Re: new x86 server. HDD vs CF vs USB Flash.

do not use usb for the OS in later versions of routeros - the disk will keep getting ejected and then your admin password will be reset to blank and changes wont be saved. there is a problem with hotplug storage for some reason it seems.
by changeip
Fri Jan 06, 2012 1:33 am
Forum: Scripting
Topic: Script to login to several routers and run a script?
Replies: 20
Views: 19127

Re: Script to login to several routers and run a script?

best to use ssh from another box to run cmd's... #!/bin/sh mt=( 1.1.1.1 2.2.2.2 3.3.3.3 4.4.4.4) for router in ${mt[@]} do echo $router ssh -n -i ~/mt/mt.dsa admin-ssh@$router -p 22 "/ip pool print; /ip pool used print count-only where address~\"^2.*\"" done as an example ...
by changeip
Thu Jan 05, 2012 6:12 am
Forum: General
Topic: Old School BBS - Rate Limit to 300BPS
Replies: 3
Views: 1769

Re: Old School BBS - Rate Limit to 300BPS

can you make the mtu 1 ?
by changeip
Fri Dec 23, 2011 5:10 am
Forum: General
Topic: masquerade bug
Replies: 13
Views: 2168

Re: masquerade bug

probably winbox caching the info ... i doubt its stored in the routeros config anywhere.
by changeip
Thu Dec 22, 2011 9:48 pm
Forum: General
Topic: masquerade bug
Replies: 13
Views: 2168

Re: masquerade bug

you sure this is a bug? i think you should be allowed to masq ports on the way out to a specific range, ie; 40000-65535 only ... the default is 0-65535 and you can just limit the src range to something smaller if you want.
by changeip
Thu Dec 22, 2011 6:48 am
Forum: General
Topic: Hotspot giving out IPS to devices behind router
Replies: 9
Views: 2518

Re: Hotspot giving out IPS to devices behind router

using station mode or station-wds mode? you need station-wds.
by changeip
Wed Dec 21, 2011 7:44 pm
Forum: Scripting
Topic: dynDNS Update Script
Replies: 158
Views: 132105

Re: dynDNS Update Script

I am working on a udp ddns update client for routeros that hopefully will make everyones lives easier. Will just be tied to the MAC / serial of the units and calls home with a lightweight udp packet. You then come to our site (ChangeIP.com) to tell us which units are yours and then you can tie them ...
by changeip
Mon Dec 19, 2011 5:55 pm
Forum: General
Topic: pptp vs l2tp
Replies: 5
Views: 4874

Re: pptp vs l2tp

i agree, l2tp is best. . . however, since its udp it will severely be impacted by packets being out of order - encryption gets out of sync and everything comes to a halt.
by changeip
Mon Dec 19, 2011 5:51 pm
Forum: General
Topic: Connection Tracking Feature Suggestion - Per destination CT.
Replies: 5
Views: 1912

Re: Connection Tracking Feature Suggestion - Per destination

No, he is asking for selective conntrack. I would love to exclude certain traffic from it as well, ie the trillions of udp/53 packets coming into our network from 2+ million source ip addresses. No need to create conntrack entry for them.

Ive seen linux be able to do this I believe ...
by changeip
Mon Dec 19, 2011 5:30 am
Forum: Beginner Basics
Topic: Question about arp-requests
Replies: 1
Views: 1075

Re: Question about arp-requests

what is your subnet mask on the internal interface? it should only be arp'ing for stuff in the local subnet and just routing everything else to the default gateway.
by changeip
Fri Dec 16, 2011 7:32 am
Forum: General
Topic: Can not open yahoo mail, gmail, facebook........
Replies: 10
Views: 4970

Re: Can not open yahoo mail, gmail, facebook........

are you blocking outbound icmp / udp 344xx ports? If youre not allowing all outbound traffic you are probably breaking things.
by changeip
Mon Dec 12, 2011 2:49 am
Forum: Beginner Basics
Topic: Basic NAT configuration problem
Replies: 3
Views: 1607

Re: Basic NAT configuration problem

remove the src-address. put it in the to-addresses field.
by changeip
Sun Dec 11, 2011 8:56 pm
Forum: Wireless Networking
Topic: Dbii F52 pro is no more.
Replies: 5
Views: 2137

Re: Dbii F52 pro is no more.

if anyone has these cards and wants to sell them to me let me know. I am not using them for 2.4, only 5ghz and they work excellent in that band.
by changeip
Fri Dec 09, 2011 9:03 pm
Forum: Wireless Networking
Topic: GigaBit POE for RB/800??
Replies: 5
Views: 2265

Re: GigaBit POE for RB/800??

No, you need more than 24v to use POE on that board. Use this one with a 48v adapter:

http://streakwave.com/Itemdesc.asp?ic=RB%2FGPOE

Sam
by changeip
Fri Dec 09, 2011 8:01 pm
Forum: Scripting
Topic: DynDns scripts HTTPS
Replies: 5
Views: 2926

Re: DynDns scripts HTTPS

If you use the ChangeIP.com Dynamic DNS it will use SSL on RouterOS. the "/tool dns-update" uses SSL to our site whereas the 'fetch' command will not.

Sam
by changeip
Fri Dec 09, 2011 7:16 pm
Forum: General
Topic: SNMP bug in 4.17
Replies: 2
Views: 1298

Re: SNMP bug in 4.17

That is very strange. I cannot reproduce that on 4.17 on routerboards. If you delete that entry via terminal, and then hit undo button, does it come back and show under gui ?
by changeip
Tue Dec 06, 2011 7:19 pm
Forum: General
Topic: Can i use pci wireless card with routeros?
Replies: 2
Views: 1061

Re: Can i use pci wireless card with routeros?

almost any with an atheros chip on it should work.
by changeip
Mon Dec 05, 2011 6:45 pm
Forum: Scripting
Topic: interference to two way radios
Replies: 5
Views: 3434

Re: interference to two way radios

thats not a good test because you dropped the load on the power supply (its not producing). try using a different power source just temporarily to see if it helps. Maybe run them directly from battery without the charger on.
by changeip
Mon Dec 05, 2011 6:35 pm
Forum: General
Topic: RouterOS v5.9 released
Replies: 166
Views: 56611

Re: RouterOS v5.9 released

I can agree to some of your points. To clarify again to others - we only recently added the ethernet status to log. Your ports probably always "flapped" but only now you see it in the log. I agree this probably isnt really affecting traffic, however, is it more a case of the software repo...
by changeip
Sun Dec 04, 2011 4:49 am
Forum: Scripting
Topic: interference to two way radios
Replies: 5
Views: 3434

Re: interference to two way radios

maybe your power supply? switching power supplies are very noisy.
by changeip
Fri Dec 02, 2011 7:40 pm
Forum: General
Topic: static route and ospf, mark packets
Replies: 3
Views: 1151

Re: static route and ospf, mark packets

you want to mark packets after they have been routed, based on the route they took?
by changeip
Fri Dec 02, 2011 7:37 pm
Forum: General
Topic: Feature request - add find command to export command
Replies: 6
Views: 3493

Re: Feature request - add find command to export command

[admin@br2] ip firewall address-list> export from=[find list="ddos-20111101"] # dec/02/2011 09:35:21 by RouterOS 2.9.51 # software id = SZZ3-6RT # / ip firewall address-list add list=ddos-20111101 address=218.93.127.70 comment="" disabled=no add list=ddos-20111101 address=219.14...
by changeip
Fri Dec 02, 2011 7:07 am
Forum: General
Topic: Can not open yahoo mail, gmail, facebook........
Replies: 10
Views: 4970

Re: Can not open yahoo mail, gmail, facebook........

it just tests different packet sizes along the way and reports back: C:\>o:\bin\ mturoute.exe -t yahoo.com mturoute to yahoo.com, 30 hops max, variable sized packets * ICMP Fragmentation is not permitted. * * Speed optimization is enabled. * * Maximum payload is 10000 bytes. * 1 +- host: 10.0.1.1 ma...
by changeip
Fri Dec 02, 2011 4:07 am
Forum: Forwarding Protocols
Topic: BGP Stable for production?
Replies: 6
Views: 2739

Re: BGP Stable for production?

1gb is plenty. please test it and let me know if im safe to upgrade mine to 5.x : ) Ive been thinking 'if it aint broke dont fix it' but would like to get the multicpu stuff working better ...
by changeip
Fri Dec 02, 2011 4:06 am
Forum: Forwarding Protocols
Topic: OSPF not working after reboot
Replies: 2
Views: 1451

Re: OSPF not working after reboot

do you have more than 1 ospf neighbor on the same subnet / interface on that AP?
  • 1
  • 2
  • 3
  • 4
  • 5
  • 13