MikroTik

brianlewis

Bummer, unfortunately these units wouldn't be powerful enough to funnel all traffic thru the CPU so torch is essentially useless on them

thanks

brianlewis

I've noticed recently that I'm unable to get TORCH to provide results on our CRS226/CRS317 switches. I'm running 6.44.3 and tried upgrading 6.45.1 Interface will be moving 60-200mbps but I show practically no real packets/traffic under TORCH for that interface. I've tried adjusting connection tracki...

brianlewis

set 0 and set 2 have been working fine since 3.x days. As long as the interface # listed on PRINT doesn't change I'm able to use it without issue on 6.43.13 in a script or under terminal mode

brianlewis

I have some basic scripts that we use to switch between two different hotspots. They are simply enabling an disabling various items and changing SSID. On 6.43.13 they work great! Upgrade to 6.44.1 and they don't execute at all. You can select to RUN SCRIPT and the RUN COUNT increases by 1 but none o...

brianlewis

Looks like its working, had wrong 'address list subnet' for chain input so was confused why I had 0 bytes on filter rule #0

brianlewis

CCR1009-8G-1S Router was infected by hacker, had Socks enabled, scheduler running a script, service user account. I’ve removed those but under FIREWALL the Bytes and Packets are staying ZERO. See attached M1.GIF I can’t find anything out of the ordinary in the config. I want to get firewall rules wo...

brianlewis

Either Cox Communications doesnt understand IPv6 subnetting properly or there is a bug in 6.42.3 when it comes to using /127 I'm assigned 2001:57a:e200:200::f/127 Provider has 2001:57a:e200:200::e/127 on interface Mikrotik shows 2001:57a:e200:200::e is accessible via sfp-sfpplus1 Mikrotik won't allo...

brianlewis

Same problem, disabled ND, adding another static route and it still says 2001:57a:e200:200::e unreachable even though 2001:57a:e200:200::f/127 on sfp-sfpplus1 is in the same network and router can ping 2001:57a:e200:200::e

mikrotik2.jpg

CCR1036-8G-2S+ running latest 6.42.3

brianlewis

6.42.3
IPv4 works fine. IPv6 trying to get it setup and can ping my provider 2001:57a:e200:200::e but under IPv6 Routing the ::/0 says unreachable!

Currently we can't route default ipv6 traffic back out because of this. What might I be missing?

See attached screenshot

mikrotik1.jpg

brianlewis

As great as this resource has been, in the last week it has started to block huge /16 blocks including most of Vietnam, Shopify, and many other networks that shouldn't be just added in huge /16, /19, and /24 blankets. Obviously this resource allows us to control what we want to do about these ip ran...

brianlewis

Any particular reason Microsoft’s Ajax CDN (72.21.81.200) is being blacklisted?

brianlewis

Dave, I've started using your list and I'm getting reports of legitimate sites being blocked dynamically from the filter list. salesforce.com not coming up (72.21.81.200 which isn't their primary ip, maybe an image cache server?) ssl.cdn-redfin.com (72.21.91.8) which prevents redfin.com, trulia, hil...

brianlewis

Anyone else having issues with the mynetname resolution? Its about 50-75% failure rate when I query the kissthenet.net dns servers directly (master dns for mynetname). Been happening for about a week now from any provider in US > #######.sn.mynetname.net Server: ns1.kissthenet.net Address: 81.198.87...

brianlewis

Same problem here, trying to balance interfaces with a Motorola BSR 64000. It only sends the traffic out the first interface, not both when using bonding mode 802.3ad LACP. If I change to balance-rr it works. Using Transmit Hash Policy layer 2 and 3.

brianlewis

The wiki scripts for failover don't work. Been discussed multiple times. The other main issue is you have NAT rules that are based off say ETH1 and even if mikrotik switches over the rule then needs to be modified or disabled and a second rule enabled to change the NAT over to WLAN1. I've had to cre...

brianlewis

Confirmed its down from Dallas Texas as well. Can't force update. Doesn't resolve FQDN

brianlewis

Unfortunately after extensive testing I've been unable to make this script work properly to fail back over to ISP1. I've emailed the original creator of the script but haven't been able to get a response. If anyone has had success getting this script to work I'd appreciate some feedback/comment. Thi...

brianlewis

CRS125 / RouterOS 6.25 I'm trying to setup Mangle Rules and finding no traffic from the workstation behind the router is registering on the mangle rules (0 packets) yet traffic is moving at 2mbps from the ISOLATED port 24 (guest network). Uplink port 1 is showing the traffic going out yet I have the...

brianlewis

Under 6.25 the script running on a 15 second schedule interval does fail over to ISP2 but it then fails to reset the distance for ISP1 once its allowed to ping the checking ip (8.8.8.8 google dns in this case) http://wiki.mikrotik.com/wiki/Failover_Scripting I’ve tried FailOver Script but its not wo...

brianlewis

I'm going to give this script a try

http://wiki.mikrotik.com/wiki/Failover_Scripting

brianlewis

I'm looking to accomplish the same on a CRS125-24G-2HnD 6.25 I've got ETHER1 configured for the main DSL internet connection I've got WAN1 configured as STATION and it logs into a T-Mobile HotSpot Wifi Device I have IP/FIREWALL/NAT masquarade OUT Interface ether1 I have IP/FIREWALL/NAT masquarade OU...

brianlewis

Update: After KFSensor added a recent update to their software to set severity for 'external alerts' the use of KFSensor has really worked out great. The product installed on shared web servers but set to monitor all TCP traffic to the server including SSH, TELNET, FTP, HTTP, HTTPS and other ports. ...

brianlewis

We should have the ability to import with continue on failure toggle. And adding a duplicate 'address list' entry should be a warning not an error

brianlewis

It works great! Populates the router firewall with DSHIELD_HPB addresses on a 24 hour timeout. Scheduled it to run once a day so it keeps the list fresh and have firewall blocking any traffic from DSHIELD_HPB. Very nice! Thank you!

brianlewis

Gave it a try but it still doesn't add any lists. no error. Thanks for trying

brianlewis

How can we not quite the 'script'? Linux doesn't quit a script. Windows doesn't quite a CMD/BAT file. They both continue to execute the commands. The duplicate entry isn't an error it should just be an informational warning that the entry already exists so RouterOS should be continue execution of th...

brianlewis

A duplicate entry in the import will cause RouterOS to stop and not process further down the list (v6.16) ie (dshield.rsc below) /ip firewall address-list add list=DShield address=122.226.73.131/32 timeout=2h add list=DShield address=85.13.160.11/32 timeout=2h add list=DShield address=50.23.113.146/...

brianlewis

A duplicate entry in the import will cause RouterOS to stop and not process further down the list (v6.16) ie /ip firewall address-list add list=DShield address=122.226.73.131/32 timeout=2h add list=DShield address=85.13.160.11/32 timeout=2h add list=DShield address=50.23.113.146/32 timeout=2h add li...

brianlewis

I found the script imports both the /32 and /24 lists without issue. If you look at the lists, most of the /32 are NOT in the /24 subnet lists! If even one or two are the Mikrotik will treat them as two separate entries. I have the block/top lists processed in one python script as DSHIELD_BLOCK list...

brianlewis

I love your adaptation but I'm not able to get it to work with the HPB list $url = 'http://www.dshield.org/hpb.html?key=oiUTq74ue5KvKQXfZYxsXw=='; $listName = 'DShield_HPB'; Any ideas? No errors but no DSHIELD_HPB address lists added after its processed. In that case, using the API is a better appro...

brianlewis

Another great list to process : http://rules.emergingthreats.net/blockr ... ed-ips.txt

Be sure to use:
# : Regex Pattern To Locate IPv4 Addresses
ipv4_pattern = r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'

for processing this list in python.

brianlewis

boen thanks for the script. I did create a python version that parses BOTH lists into a single file so that it can be imported by Mikrotik automatically if anyone wants it. # : Imports import urllib.request import re # : Specify URL_File To Be Parsed dshield_url = "http://feeds.dshield.org/topips.tx...

brianlewis

Great job. Have you considered updating the script to process the top 100 list instead?

http://feeds.dshield.org/topips.txt

brianlewis

CCR1016-12S-1S+ looks neat but 1Gbps is dying here in the USA, we are upgrading our whole network to 10gbps connections at least to 24/48 port gigabit switches which have 2 SFP+ ports on them to feedback to the Mikrotik. Our CCR1016-12S-1S+ is great but we are already using both SPF+ 10gbps ports an...

brianlewis

We have tried disabling and enabling the filters, it doesn't help, prepend still not working.

brianlewis

CCR 1036 RouterOS 6.5 BGP Prepend Filter is not having any affect. I've confirmed this with both upstream providers (Cogent and TWTelecom). When I have a filter setup they are not seeing any prepend on their end and the traffic is still the same when a prepend is set or not, so I'm not able to depri...

brianlewis

Using the filter I mentioned above fixed the problem.

Now all my routes say 'Distance 20'. My STATIC gateway 0.0.0.0/0 has a distance 1 which I think is taking presidence. Should I define routing filter 'Set Distance' or remove my static route?

brianlewis

What is the easiest way to force upgrade from 6.5 RC to 6.5 RELEASE? Router assumes its running 6.5 so it doesn't seem to want to upgrade from earlier 6.5 version to release 6.5

brianlewis

Reading up about BGP NEXTHOP I think thats the culprit. Looks like by default if you receive your BGP the NEXTHOP is derived from the IP on the interface, in this case its PEER B's ip at Cogent. I believe (not positive yet because I haven't tested it) that I can filter the incoming routes from Peer ...

brianlewis

Cogent Communications They want us to have a Peer A and Peer B arrangement. We have a Peer B which is just to 'receive' BGP, while PEER A we are to 'send' our network announcements. When we ask them to turn on Full Routes, our router (Router OS 5.21) starts to create a ton of dynamic routes that gat...

brianlewis

ROS 6.5 Tilex CCR1036-8G-2S+ S+85DLC03D 10gbps Fiber Transceiver When connecting to router via WinBox, if I uncheck Auto Negotiate, there is no option to set the interface to 10gbps. Within Terminal it won't accept Speed=10Gbps But if within Terminal I set 'Speed=10gbps' it does remove the speed set...

brianlewis

http://www.mikrotik.com/download/share/ ... le-6.5.npk

http://www.mikrotik.com/download/share/ ... be-6.5.npk

brianlewis

Anyone have a status update for the CCR-1036-8G-2S+ availability? It was posted as being available in JUNE......

http://forum.mikrotik.com/viewtopic.php?t=70761

CCR1036-8G-2S+ - 10Gigabit CCR, 2x SFP+, 8x Gigabit Ethernet, 36 Core Tilera, 16GB RAM, 28Gbit throughput, 42 Million PPS, Available June

brianlewis

CCR 36 core with latest 6.1 or 6.2rc can't even handle 144,000 pps attack, it will choke at 100% cpu

brianlewis

CCR1036-12G-4S Been fighting it most of today, one customer getting slammed with a DoS Packet attack, 150,000-250,000 pps, its enough to cause this CCR to overload to 100% cpu! When the attack stops the router drops to 5-10% cpu, when the attack starts back up, back to 100% cpu. This is on 6.0rc7, 6...

brianlewis

Updated commands without 'IN INTERFACE' defined because not all of us have an E3 interface /ip f f a ac=d ch=forward p2=a a ac=d ch=forward pr=u cont="d1:ad2:id20:" dst-p=1025-65535 packet-s=95-190 com="torrent-DHT-Out-Magnet d1:ad2:id20:" a ac=d ch=forward pr=t cont="info_hash=" dst-p=2710,80 com="...

brianlewis

Jetrider : Our last email to you was in March, you did not reply. Did you try v6.1 ? If problem still happens, please update the ticket. Your number is 2013022566000258 mishaM : Have you contacted support? brianlewis : Have you contacted support? Yes Ticket # 2013030966000072 (yes thats 03/09/2013)

brianlewis

Same problem here with RouterOS 6.0rc and v6.1 on CCR1036, no rhyme or reason why it stops passing traffic after XX # of hours. Seems to be related to BGP because units I have deployed without any BGP work fine for basic firewall. Hi dear Mikrotik team , i have problem on CCR1036 with routeros v6.0 ...

brianlewis

We've tried it in production but its unstable, traffic freeze or 100% cpu randomly, sometimes 3 times in one day, sometimes once in 3 days. We've had to switch back to our 5.21 x86 core i7 router to keep the users happy.

brianlewis

majkel, that build I just downloaded it and installed on the router, it says Build Time : Mar/12/2013 15:21
That is OLDER than the Mar/13/2013 12:08 build everyone else is testing and have CONFIRMED to have the traffic freeze or 100% cpu issue

brianlewis

There are about 5 of us on this forum having 'traffic freezing' issues with 6.0r12, my ticket on the issue '2013030966000072' has had no response since last Friday

brianlewis

Same issue, random traffic freeze, reboot fixes issue, running BGP! Emailed support 3/8 with supout.rif, haven't receive a reply. Running 6.0rc12

brianlewis

Dobby: Placing a 'release candidate' into production is necessary to find all the bugs. There are quite a few of us that have done this and found bugs in 6.0, without those placing these routers into production these problems would not surface and would not get fixed in the final 6.0 release. I'm po...

brianlewis

Having a major problem with a new CloudCoreRouter 36 we purchased and put into production. Running 6.0rc12 build We run 250-350mbps continuously, we have a sfp1 LC fiber feed (600mbps service) We have lost throughput on our network 3 times today, reboot of the router fixes the problem, or just waiti...

brianlewis

We went from an Intel Q9300 to the CCR 32, previously on the Q9300 our cpu load was 26% cpu at 120mbps/220mbps on 5.6 x86 using Intel NICS, after upgrading to the CCR-36, our router is at 1-2% for the same 360mbps of combined bandwidth (up/down). This 64 bit CCR 36 is definitely quite more powerful ...

brianlewis

Either the new CCR1036 is a super router that can handle 250mbps / 50,000 pps total throughput at 0% cpu or the CPU Load metric is not working in 6.0r7

brianlewis

We configure all our routers to have a 'safe' list and a 'hacker' list, any management ips are added to safe list statically and added to source allow at top of firewall rules, then anyone connecting to 8291 port is added to 'hacker' list which is blocked First line : allow safe list Second line : b...

brianlewis

I can verify the EXPI9400PFBLK (single port) and EXPI9404PFBLK (quad port) Fiber cards as well as EXPI9404PTBLK (quad copper) work on RouterOS 5 I can't verify 82580 chipset (I340-T4) quad copper will work or not, was released 2nd quarter 2010 so I would think the current RouterOS linux 2.6.x kernel...

brianlewis

What is the 500mbps handoff, copper ethernet or multimodefiber? You'll want to build a Core i7-3930k with a second network intel nic (fiber EXPI9402PF or copper EXPI9301CTBLK) The Core i7-3930k is a 3.2ghz 6 core (19.2ghz) turboboost 3.8ghz (22.8ghz) Intel BOXDH67BLB3 Motherboard (has onboard gigabi...

brianlewis

http://forum.mikrotik.com/viewtopic.php ... sx#p313710

brianlewis

We are successfully running the Intel Server PCIe (EXPI9400PF) SX Multimode Fiber Card with Cogent thru an AT&T handoff. I believe we are using a 50/125 MultiModeFiber SC-LC connection. Intel NIC uses the SC connection while the LC connection connects to AT&Ts equipment. We are using Mikrotik Router...

brianlewis

When trying to print the ethernet list, 5.0rc11 crashes

int ether print
or int, ether, then print will crash the interface

All Intel Cards, Intel PT Quad, Intel CT PCI Express, Intel PF PCI Express (Fiber Card)

int print works
int ether print crashes and logs me out

Winbox Ethernet list works fine

brianlewis

Your suggestion worked great!! I setup multiple External Alerts in KFSensor for each port I wanted the block launched for, having it run c:\windows\system32\ping.exe with arguments -n 1 -l 39 -i 2 $ipsrc Then on Mikrotik I setup a forward rule, with a source ip of the Honeypot KFSensor system, for t...

brianlewis

Anyone out there deployed KFSensor to monitor for Attacks/Intrusions, log them, and then BLOCK the source ip completely? Idea being to have KFSensor run an external application when a particular alert hits a predefined setting, that external application would maybe be a script that SSH into the Mikr...

brianlewis

How does one go about clearing the TX/RX Drops and Errors shown under Interface List in Winbox?

I tried dropping to terminal and using
interface ethernet reset-counters ether1

But it doesn't clear these values. (ROS 4.0 and 5.0beta1 tested)

brianlewis

Nice list of chipsets and version tested on here:
http://wiki.mikrotik.com/wiki/Supported_Hardware

Many have RouterOS 4.x version designations

Your best bet is to stick with the Intel network cards if you can.

brianlewis

Single core RouterOS (2.9) and Realtek NIC are your problems.
Upgrade to RouterOS 4.6 and install Intel Gigabit Network Cards EXPI9300PTBLK or EXPI9400PTBLK or the PWLA8391GT PCI version. Don't get EXPI9301CT ($30 pci express) because they are not compatible with 4.6, only RouterOS 5.0

brianlewis

What brand network cards are you using? What model Core 2 Duo are you using? What model motherboard? What version of RouterOS? Is multi-cpu set to yes?

brianlewis

We like the Transcend DOM Flash units, they come in SATA and IDE versions. SATA 1gb is $28 http://shop.transcendusa.com/product/ItemDetail.asp?ItemID=TS2GSDOM22V If your motherboard has IDE on a supported ide chipset (newer boards DO NOT) you can use the IDE versions which start at $15 http://ec.tra...

brianlewis

hehe Tom I'm with you on that, lets add switch chip to the list too!

brianlewis

Nope, but a 3U case will provide 7 interfaces and 4 times the power of an RB1000. Cleary the RB1000 has a particular market but its single core 4 port solution has limited applications. Unfortunately it seems you'll need to wait until RouterOS 4.7 to support the current Intel Network interfaces that...

brianlewis

I just found out today that that RouterOS 4.5 lacks support for the current Intel network interfaces on the market in our Intel motherboard and Intel PCI-e Network cards P55 Chipset ONBOARD 82578DC Intel (Not Recognized by RouterOS 4.5) Intel PCI Express x1 PRO 1000 Network Cards EXPI9301CT (Chipset...

brianlewis

Looks like RouterOS 4.5 doesn't support Intel's current motherboard chipsets or network card chipsets :( I used an older system (with ide cdrom) to image the boot ssd (since CDROM image cd doesn't support SATA CDROM drives) and have RouterOS 4.5 running but it doesn't show any Intel network interfac...

brianlewis

Support for Intel SATA for CDROM installs would be helpful. Currently if you boot the ISO image on an x86 system with Intel chipset/SATA and SATA DVD drive, it gives a 'FATAL ERROR: no CD-ROM found', although it does show 'Found hard drive as SATA 0' so its loading the controller, but currently seem...

brianlewis

A quad core i5/i7 will give you the best performance, then it goes core i3, core 2 duo, dual core, atom. What kind of bandwidth do you need to handle? What kind of configuration/firewalling are you doing? How much IPsec traffic? Our experience is an Intel E4600 Core 2 Duo running in 2 core mode (ena...

brianlewis

I asked the same question and was told a new more powerful router is coming. Hopefully one based on the dual core version... In the meantime, we'll just continue to custom build our routers. We have a design we are using now with the Intel DP55WG motherboard, Core i5-750 processor, kingston ddr3-133...

brianlewis

I'm having a problem building some new routers. We are building new Core i5-750 based routers that will run Mikrotik RouterOS 4.5 Problem is that I'm running NetInstall 4.6 (latest available) and the new router boots from PXE onboard Intel 82578DC, obtains an ip, and obtains the Mikrotik netinstall ...

brianlewis

That worked! Added a source 192.168.80.0/24 to dst 10.48.239.0/24 rule at the top and packets are now passing. Thank you!

brianlewis

Upgrading to 4.1 didn't make a difference. Maybe something with the NAT rules is causing the packets to not transverse back across the ipsec tunnel?

brianlewis

I do have NAT rules for the systems behind the Mikrotik [admin@mikrotik] /ip firewall nat> print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; ESourceSQL to Internet NAT chain=srcnat action=masquerade src-address=192.168.80.5 1 ;;; SQL to ESourceSQL1 chain=dstnat action=dst-nat to-addresses=19...

brianlewis

I have an RB1000U running RouterOS 4.0 (3.30 did the same thing) trying to setup an IPSEC tunnel between this unit and a Cisco at another company. They have configured their end and provided the ipsec details for me to finish the connection. Private Network on my side is 192.168.80.0/24 Private Netw...

brianlewis

/ip firewall nat add action=src-nat chain=srcnat comment="" disabled=no src-address=192.168.80.6 to-addresses=92.65.182.44 add action=src-nat chain=srcnat comment="" disabled=no src-address=192.168.80.7 to-addresses=92.65.182.45 add action=src-nat chain=srcnat comment="" disabled=no src-address=192....

brianlewis

We tried using a 21 weight in 3 seconds as shown for the Port Scan and found it would flag pretty much anyone downloading a directory full of small files. Passive FTP uses a unique port # on each file transfer, and CuteFTP Pro defaults to 5 concurrent connections, as you can imagine a weight of 21 c...

brianlewis

Sounds like the subnet at Network A is not defined as a route on the router at network B ie network A 10.0.5.0/24 Router Tunnel IP 10.0.10.1 Router LAN 10.0.5.1 System 10.0.5.5 Network B Router Tunnel IP 10.0.10.2 Router LAN 10.0.6.1 System 10.0.6.20 For System 10.0.6.20 to ping 10.0.5.5 and vice ve...

brianlewis

I emailed Mikrotik support and they gave me this advise for linking multiple ethernet ports together without using the bridge option Hello, Lets say wan interface is ether1 and the rest should be switched. Configuraton: /interface ethernet set ether3 master-port=ether2 set ether4 master-port=ether2 ...

brianlewis

I'm proposing an RB450 Mikrotik router to be used as a transparent firewall for 3 servers. This device has 4 ethernet ports. I would like to use PORT 1 to connect as the WAN I would like to use PORT 2, 3, and 4 for Server 1, Server 2, and Server 3. I want to use it transparently so that I can firewa...

brianlewis

Works great, thanks!

brianlewis

I am trying to bridge an ethernet network to two different locations. I have the initial bridge setup and EOIP is working great. Now I need to bridge that same ethernet network to a second location. When I try to add ether2 to a second bridge under Bridge / Ports I get 'Couldn't add New Bridge Port ...

brianlewis

Good news, just upgraded one of the routers to 3.14 and was able to enable multi-cpu and reboot, now it shows cpu count 2!

So the problem that existed in 3.5/3.6 doesn't seem to exist any longer.

brianlewis

Try /system hardware set multi-cpu=no Now ftp up (or paste via winbox) the 3.7 packages you use. We have found 3.4 works on an E4600 processor but only a single core. If you upgrade to 3.7 you must have multi-cpu off or else it will freeze on bootup. I've opened a ticket with Mikrotik Support about ...

brianlewis

This system is unable to boot with multi-cpu=yes, if I wipe it clean and use the default multi-cpu=no, 3.7 will boot. If I then enable multi-cpu=yes and reboot, it will freeze at

ACPI: PCI Root Bridge [PCI0] (0000:00)

JPEG screenshot attached

brianlewis

I have 2 brand new routers that run RouterOS 3.4, unfortunately upgrading them to 3.5 or 3.6 results in it hanging at bootup when loading the kernel! These are Intel DQ965GFEKR (D41676) LGA775 MicroATX Motherboard, Intel Q965 Express Chipset motherboards with E4600 Core 2 Duo processors, can't get ...

brianlewis

Well unfortunately both 3.5 and 3.6 fail to boot into Mikrotik. Uncompresses kernel and just sits there. I booted these servers off NetInstall and did fresh new installs of 3.6 and 3.5, neither work, did a fresh install of 3.4 and it boots again. Since these are fresh installs multi-cpu is off. Chan...

brianlewis

I have 2 brand new routers that run RouterOS 3.4, unfortunately upgrading them to 3.5 or 3.6 results in it hanging at bootup when loading the kernel! These are Intel DQ965GFEKR (D41676) LGA775 MicroATX Motherboard, Intel Q965 Express Chipset motherboards with E4600 Core 2 Duo processors, can't get m...

brianlewis

I have 2 brand new routers that run RouterOS 3.4, unfortunately upgrading them to 3.5 or 3.6 results in it hanging at bootup when loading the kernel! These are Intel DQ965GFEKR (D41676) LGA775 MicroATX Motherboard, Intel Q965 Express Chipset motherboards with E4600 Core 2 Duo processors, can't get m...

brianlewis

Mikrotik Support says this will be resolved in version 3.5

brianlewis

Well after waiting 3 days for a reply from Mikrotik support, they tell me to set multi-cpu = yes, I guess they didn't bother to read my email or my supout.rif file because I clearly had already set that and rebooted! :( The two identical routers I built have the identical problem, yet I can throw a ...

brianlewis

Thanks Travis, the E6400 is an older Conroe design, the E4600 replaced the E6400 as the new Allendale design. Its also very likely you are running a difference chipset, I'm running the Q965 Express chipset. Vista clearly sees and uses both cores, so it looks like there is a bug in RouterOS with the ...

brianlewis

Yea its turned on in the Bios. If I boot into BARTPE, VistaPE, or CentOS it shows both cores, but RouterOS 3.4 does not. You'd think I wouldn't have this problem with a 965 Chipset and Intel processor

I did open a ticket wtih a supout.rif, we'll see if they have any comments.

brianlewis

Turned off all services except for Winbox, worked great!! Thank you

brianlewis

That looks like a great solution but how do I get to a linux prompt to paste those commands in? All I can get is to the Mikrotik menu.

brianlewis

Is there a way to turn off or at least change the ports on RouterOS for SSH and FTP? My logs fill up constantly since this is an Internet router of attempted hacks on both ports. The problem is the router has many ip addresses configured on its interfaces, so it would be a page long for me to setup ...

brianlewis

I had this problem, it was the system I was running Netinstall from. I tried another workstation and it worked great. Also I found using PXE boot was even more efficient than the floppy, so try setting your bios to boot from ethernet.

brianlewis

Don't know about the 'Intel 82571GB Gigabit Controllers', they don't list the PT on the support list, only the MT, maybe someone who has used this card before can chime in. I recommend reconsideration the hard drive, thats a weak link that can/will fail. Do you need the storage space for something? ...

brianlewis

Processor : Intel E4600 Core 2 Duo Motherbrd: Intel DQ965GFEKR OS : RouterOS 3.4 [admin@FEA_TW] /system hardware> pri multi-cpu: yes [admin@FEA_TW] /system resource> pri uptime: 6m5s version: "3.4" free-memory: 998236kB total-memory: 1010636kB cpu: "Intel(R)" cpu-count: 1 cpu-frequency: 2397MHz cpu-...

brianlewis

I bought two new Intel Pro 1000 Gigabit nics for my 2.9.42 Mikrotik router. Currently I have Ether 1 and Ether 2, both Intel Pro 100 (onboard and PCI). Plan is to power down, disable onboard, replace PCI with Gigabit card and insert another Gigabit card next to it in another PCI slot. Question is ho...

brianlewis

An affordable Xeon Dual motherboard I use alot is the Asus PC-DL, it goes for $196 out the door on the internet, supports dual hyperthreading 533mhz fsb Xeon processors, works great for servers or powerful workstations. Intel 875P Chipset Built in Serial ATA Raid Built in Intel CSA based Gigabit LAN...

brianlewis

These are just my personal experiences with using common hardware to run Mikrotik as a Router (first two) and a Bridge (last) P4 2.8ghz (533mhz) 512mb Kingston DDR333 INTEL BOXD845GVSRL-2 INTEL 845GV CHIPSET Motherboard Onboard LAN: Intel 82562ET 10/100Mbps Fast Ethernet PCI LAN : Intel 82559 Pro 10...

brianlewis

Normis That is EXACTLY what I am looking for. I just installed 2.9 beta 15 on a blank drive, grabbed the winbox.exe from it, connected to my 2.8.23 router and it doesn't display the ASCII, but if I connect to the 2.9 beta 15 test router I just installed it DOES display!! Looking forward to the 2.9 r...

brianlewis

Normis, can you explain what CLI means? I have Winbox 2.8 and when I go to packet sniffer, I doubleclick on the packet and can view the raw data. How do I convert this to ASCII? changeip - Ethereal will convert this raw data to ascii? Do I just highlight the raw data, do a copy out of Winbox, and pa...

brianlewis

When using the Packet Sniffer, the RAW PACKET DATA is useless because it would take forever for me to translate it into ascii text to attempt to identify a URL in the packet for instance. It would be nice to have a View Ascii button on the RAW PACKET DATA page so that I can attempt to translate the ...

brianlewis

Just an update for all, seems the Cox provided AT 8724XL switch couldn't handle some packet spikes we were receiving from the internet. We would go from 4000 pps to 8-12,000 pps for a few seconds, during that time the switch would drop packets! They replaced the switch with a higher end Cisco 3550 w...

brianlewis

Thanks guys, well the Marvell driver definitely has a bug where it doesn't detect RATE or FD status, that I am sure of. Doing some PingPlotter tests from inside going out and from outside going in I find the Cox provided Switch seems to be dropping packets between tis fiber and ethernet interfaces, ...

brianlewis

yes, all ports open, only microsoft SMB (135-139,445) and SNMP blocked, nothing else, its all internet traffic, no need for hard firewalling

brianlewis

The router is setup with internet IPs on both sides, a WAN ip on the outside, and Internet ips on the inside, it just routes a /21 network of IPs on the internet, there is no NAT enabled so there shouldn't need to be any additional settings on the Mikrotik since its just routing the traffic with no ...

brianlewis

Yes, the Intel driver reports GREEN FULL DUPLEX and I can confirm with the Cox Switch its in 100mbps full duplex mode and happy. This is forced 100mbps full duplex with auto off. Tried both ways. The Marvell/SKConnect driver for the gigabit interface is forced 100mbps full duplex and plugged into a ...

brianlewis

I've finding the Mikrotik Router is dropping packets at times, for up to a 5 second interval, while I do a continuous ping to it from outside. I am trying to find out why it does this and thought that maybe the interface queue is backing up. Is there any way to increase this queue size? I have tons ...

brianlewis

Found one of the issues, basically the AT&T Voice over IP Linksys Router can't talk to any machine behind the Mikrotik Router, if you remove either the Mikrotik or the Linksys, the VPN connects just fine.

brianlewis

Two different Windows XP Systems connecting to the same server behind a Mikrotik router. They both send the packet to authenticate, one receives it a thousandth of a second, the other times out with 'Recv timeout' after 2 seconds of waiting so it resends again. No rhymne or reason but the failing sy...

brianlewis

I am wondering if anyone has seen an issue where Mikrotik 2.8.23 might possibly block PPTP traffic from making a connection. I have a client who has two servers on our network. He was able to connect to them from the internet using PPTP without a problem. He is running PPTP VPN on W2003 so its not u...

brianlewis

Eugene, maybe you didn't read it correct Same Switch (24 port) 1 NIC - Onboard Realtek - Public IP ADDRESS 1 NIC - PCI 3COM 3c905 - Private IP 1 EoIP Tunnel 1 EoIP Bridge The 3COM + EoIP are BRIDGE1 This caused instability. I changed it 1 NIC - Onboard RealTek - Public IP Address - Plugged into dedi...

brianlewis

You know what guys, one other thing I did that might have corrected this issue for me! I was using this unit as a 'tunnel router' to send ethernet over ip between and old location and new location. I had both network cards hooked to the same switch, one for the ip connectivity, one to watch the lan ...

brianlewis

Yesterday I swapped out the 3com 3c905 pci for an intel 82559 pci, since then it hasn't crashed yet!!!
2.8.24

So it seems possibly the 3com drivers have an issue if mixed with another driver or used in a tunnel setup

brianlewis

Well I did a fresh install today of 2.8.24, it just crashed so that version doesn't fix the Kernel Panic issue I have. I know its not an irq issue since I made sure neither of the network cards or the video card are sharing an IRQ. The harddrive has been swapped to three different computers with dif...

brianlewis

Well I downgraded to 2.8.19 which is the oldest version available from Mikrotik and it STILL CRASHES!!! This isn't fun. Its a kernel panic and doesn't seem to be hard drive related. This is the only think I haven't swapped out is the hard drive itself.

brianlewis

New install Mikrotik 2.8.23 Tested on 3 different systems!! Literally moved the hard drive from computer to computer, does the same on all three Two Network cards (3Com 3c509 for both and also had one 3c509 and one RealTek 8139) Both cards hooked to the same switch 1 Card has routeable IP to interne...

brianlewis

You nailed it! The 3com and Intel nics I tested both did not auto negotiate properly. In Mikrotik it did not have Full Duplex Green, yet the Allied Cox Switch had a green light for full duplex! I unchecked auto negotiate and Mikrotik Full Duplex turned green and now packet loss is history!

brianlewis

I am trying to diagnose an issue we are having with a new router we built to serve as our main router for our 25mbps traffic network. We have a Celeron 2.8ghz, 512mb, 128mb flash drive, Intel 865 Chipset Marvell Gigabit interface (LAN) and 3Com 3c509b Interface (WAN) using software Mikrotik v2.8.23 ...

brianlewis

http://www.mikrotik.com/docs/ros/2.8/interface/eoip.content Documents how to setup EoIP over a secure PPP connection. I like to perform this same function without PPP, do I just start setup similiar to STEP#2 and go forward from there, ignoring Step #1? Or do I need to configure something else for S...

brianlewis

What kind of hardware is needed to efficiently handle 45mbps of traffic that will burst up to 100mbps? We are getting a 100mbps ethernet feed from our new provider and plan to use RouterOS 2.8 on a Pentium 4 Hyperthreading 800mhz bus system as our Router. It will have to handle 45mbps continuously w...

brianlewis

I need to temporarily bridge two web server rooms together that are at different locations. Both have a 45mbps DS3 connection so bandwidth isn't an issue. I need to be able to bridge 2-5mbps for a few weeks during the move from one server room to the other. I am considering using EoIP on a computer ...

Search found 131 matches