Hi Everybody, I have the following scenario (only for testing the limiter, this is not a production environment): PC->CCR eth3 (vlan id: 2205 untagged) CCR eth2->RB600eth3 (2205, 2206, 2207 vlans configured, all traffic are tagged) RB600 eth2->Server (vlan id: 2205 untagged). On th CCR I have a brid...

Ok, I check it again, it is a quite complicated config. Thank you!

I've tried both methods. Mangle->Output->if src-address=2.2.2.2 then mark routing to ISP2. No success.
Routing lookup (as you mentioned) no success.
Despite of these settings, the router wants to route the ipsec traffic always to ISP1. Very strange....

Hello, I have a router with 2 WAN interfaces (and many LAN interfaces...). WAN1 (1.1.1.2) -> ISP1, WAN2 (2.2.2.2) -> ISP2. In the routing table, there are 2 default gateways: 0.0.0.0 Gw=1.1.1.1, 0.0.0.0 (routing-mark=to-ISP2) Gw=2.2.2.1 I have an IPSEC site-to-site tunnel between local address=2.2.2...

10GB. Currently the 3 CRS are in router mode, but configured all ports in one bridge with VLAN support. I would try the switch mode of the CRS, but I caanot find any setting for default gw for managing the switch remotly.

And what about the uplinks? Using VRRP, how should I configure the 3rd switch? Bridging?

I'm not sure, but as I know, LACP cannot be set when there is only 1 connection between switches (sw1->sw3 and sw2->sw3). How to set LACP in this scenario?

Thank you, I try this configuration.

Hello, See the scenario: I have 2 Hyper-V servers, 2 network cards in each. They are configured as "switch independent teaming" mode: Hyper-V_sm.jpg The 2 CRS (1 and 2) configured as bridges. Each CRS has an uplink to the third router. I found no information about how to configure the thir...

In my case, the backup starts without error, but before it finishing, I get the autosupout file.

Thank you for your help, I send the rif to the support...

It is an Alix 1C ITX board, x86 architecture.

Disk is almost empty, I have 1GB free space. The system backup runs without error, only the dude export fails.

Hi Guys, I have a dude install. When I export the dude database (/dude export-db backup-file=dude), the export does not generate any file, instead of an autosupot.rif file is created. The log doesn't contains any error message. I have no idea, what could be the problem. Has anybody experienced this ...

Hi,

It was my mistake . In the forward chain there was a filter rule Sorry

Sorry about it, but this is a core router of many companies, I'm not allowed to put the whole config to here... Tomorrow I build up a test environment with 3 routers, set up just these rules for this situation, and I will test it. I will be back with my experiences.

My NAT rules are very complex, the important rule is here (this rule is at the top of the rule set): add action=src-nat chain=srcnat \ dst-address-list=NONAT_ADDRESSES src-address=10.10.11.0/24 \ to-addresses=10.10.10.253 dst address list with name "NONAT_ADDRESSES" contains: add address=1...

The strange thing, that the ping works well. If the far end has some routing problem, ping wouldn't work. I have the feeling, that the rc12 has some bug. I have 4 log rule at the beginning of the forward chain: 1. icmp to the other end, 2. icmp from the other end, 3. dst port 80 to the other end, 4....

Hi Folks, I have the following config: Private net 1: 10.10.11.0/24 Private net 2: 10.10.10.0/24 Private net 3: 192.168.206.0/24 Private net 2 and 3 connected by IPSEC. Net 1 and net 2 is connected by PPTP. On net 2 router there is an src-nat rule: if src address is 10.10.11.0/24 then src-nat to 10....

I think I found the solution: the dnat rule works when I remove the input interface restriction from the rule.

Thank you for the ideas!

Thanks for the help. But the problem is more complex, because I wrote just an example, but there are other services: for example, I have the same problem with the e-mail servers (LAN1 and LAN2 have an internal mail server, when LAN1 wants to send an email to LAN2, the MX record of the LAN2 will be t...

Yes, you are right, all traffic is blocked between the 2 LANs. My big problem is that the name server resolves the external ip address of the LAN1. From LAN2, this public ip is on the same router (but on the other interface), and as I can see, the router interprets this traffic as INPUT. But in this...

Hello, I have the following situation: ETH1: 1.1.1.1 (LAN1) ETH2: 1.1.2.1 (LAN2) ETH10: WAN (2 public ip, one for LAN1, the other is for LAN2) ETH1->ETH10 src-nat to public ip1 ETH2->ETH10 src-nat to public ip2 LAN1 and LAN2 is separated, no traffic is allowed between them. There is a hosted server ...

Hello guys, I have the following scenario: MT1 <-> Unmanaged switch <-> MT2 <-> Internet MT1: 2 Virtual APs + 1 LAN port (RB411AH), names: OFFICE, GUEST MT2: 2 LAN ports (1 for LAN, 1 for Internet) Unmanaged switch: connect office network (computers, printers...) MT1 and MT2 have a VLAN interface (V...

I try to establish an IPSEC VPN connection over an MT Hotspot (authenticate myself in a browser, and try to start my Ciso VPN client). It seems that MT does not pass trough the VPN traffic (over normal MT router without hotspot it works well, even if NAT is used). How can I configure my MT hotspot t...

You are right... Compaq Deskpro EN BIOS error. No BIOS upgrade, so I need to search for an another PC.

Hello,

I set up a PC with 2 ethernet cards (same type). The physical links ok (leds on the cards), but MT says that on one of the two cards there is no link. I replaced the network card, the result is the same. The other network card works well.

Any idea?

Gabor

I have a dot in the name ("fagus.hotspot"). I tried to change the name, no success...
It seems that the problem could be related to ipv6, because on the clients there were ipv6 protocoll installed. But after disabling it the problem remained...

Hello, I've set up a hotspot, it works well, except on some computers. I have a very strange problem: some of the clients cannot resolve the name of the hotspot gateway. Ping <gateway name> -->Cannot resolve the name, error BUT!!! nslookup <gateway name> -->WORKS ip -a <ip of hs gateway> -->WORKS, g...

Hello Guys, I have a freeradius server + mysql backend, and I would like to use the MT's realm. In the documentationof MT: realm (text) - explicitly stated realm (user domain), so the users do not have to provide proper ISP domain name in user name How does it work? I thought that the MT automatical...

I created a pptp server, added clients. The connection works fine, but how can I setup my firewall to route traffic between the dynamic pptp interface and the lan? The rules I created for the pptp connection will be invalid after I disconnect the client...