Community discussions

MikroTik App

Search found 42 matches

by webpagetech
Wed May 04, 2016 7:50 am
Forum: General
Topic: Organic IPv6 prefix with 6to4 tunnel
Replies: 0
Views: 370

Organic IPv6 prefix with 6to4 tunnel

I have an office setup with one wan and multiple lans. The ISP provides one dynamic IPv4 address and one dynamic /64 prefix. I have been using a HE 6to4 tunnel with a /48 split into /64's assigned to each lan. All the lans, except one, have servers with static IPv6. The other subnet has office clien...
by webpagetech
Wed Nov 19, 2014 10:02 am
Forum: The Dude
Topic: Define alternative Winbox port
Replies: 10
Views: 8503

Re: Define alternative Winbox port

You can also just make a nat rule to forward the traffic to your winbox port.

chain=dst-nat, src-address=<dude-server>, dst-address=<ip-configured-in-the-dude>, Proto=tcp, dst-port=8291 -> action=dst-nat, to-ports=<your-webmin-port>
by webpagetech
Sat Aug 30, 2014 10:26 am
Forum: General
Topic: CRS Port-level Isolation Questions
Replies: 2
Views: 3901

Re: CRS Port-level Isolation Questions

Okay thanks. I tried both configurations, and they both work well.
by webpagetech
Fri Aug 29, 2014 3:56 am
Forum: General
Topic: CRS Port-level Isolation Questions
Replies: 2
Views: 3901

CRS Port-level Isolation Questions

I have a CRS125-24G-S1 The configuration that I'm trying to achieve is: port 1 trunk port to upstream Mikrotik. ports 2-18 access ports for different vlans ports 19-24 private lan with no routes out that only talks with itself. The reason for this is some of my servers have public traffic on eth0's ...
by webpagetech
Fri Aug 29, 2014 3:18 am
Forum: General
Topic: CRS125 - vlans and DHCP not working
Replies: 6
Views: 3765

Re: CRS125 - vlans and DHCP not working

What is you wan setup? PPPoE or DHCP client? If you receiving the PPPoE connection over a VLan then you should create that VLan on you wan interface and set the PPPoE client up on that VLan. If the PPPoE server is not communicating over a VLan than you should have your wan's master port set to none....
by webpagetech
Wed Feb 26, 2014 3:58 pm
Forum: General
Topic: v6.10 released
Replies: 248
Views: 88435

Re: v6.10 released

firewall filter dont check address lists, all rules drop connections with this features.
Works fine for me on v6.10 RB2011UAS-2HnD
by webpagetech
Fri Feb 21, 2014 10:16 pm
Forum: General
Topic: v6.10 released
Replies: 248
Views: 88435

Re: v6.10 released

just upgraded 2011UAS-2HnD to 6.10.

Confirmed that mangle routing marks are working now. I had a problem with mangle rules not sending traffic to the proper routing table via "action=mark routing" in 6.9. Working now in 6.10 :).
by webpagetech
Mon Feb 10, 2014 7:33 pm
Forum: General
Topic: 6.9 released!
Replies: 223
Views: 85156

Re: 6.9 released!

I can confirm the mangle/routing issue in test lab of 2011, 1100ah, ccr1016, and RB493. Not going to deploy this version in our production environment as it would cause many issues with our routing and qos configs(6.9 seems to work fine on my soho config... its running fine on office routers that do...
by webpagetech
Thu Dec 12, 2013 1:51 am
Forum: General
Topic: Need Help With Firewall
Replies: 70
Views: 12262

Re: Need Help With Firewall

VPN not working The rule in your forward chain to accept all traffic going out interface ether1-gateway does not accept traffic going out your dynamically created vpn interface. Since your vpn connection gets created dynamically when the connection is established it would be hard to accept via outgo...
by webpagetech
Wed Dec 11, 2013 8:38 pm
Forum: General
Topic: Need Help With Firewall
Replies: 70
Views: 12262

Re: Need Help With Firewall

It looks like your using pptp tunnel right?... To get the vpn to work the following setup should do it. input, established, accept input, related, accept input, new, tcp, dst-port=1723, accept. input, drop forward, established, accept forward, related, accept forward, new, src=<lan-subnet>, accept f...
by webpagetech
Tue Dec 10, 2013 1:10 am
Forum: General
Topic: Dns Failing over VPN Tunnel
Replies: 17
Views: 8615

Re: Dns Failing over VPN Tunnel

Mikrotik will use the DNS server that responds the fastest. It will periodically check to see how fast the servers in "/ip dns" are responding and use the fastest one.

Its not really random but it is kinda hidden functionality.
by webpagetech
Mon Dec 09, 2013 6:16 pm
Forum: General
Topic: Dns Failing over VPN Tunnel
Replies: 17
Views: 8615

Re: Dns Failing over VPN Tunnel

If you think about it that is what you doing when you add a dns server to "/ip dns". Your forwarding any dns requests that the mikrotik does not have in its local cache (assuming you have "Allow Remote Requests" checked and your firewall allows input on udp port 53). So what you need to do is create...
by webpagetech
Mon Dec 09, 2013 9:24 am
Forum: General
Topic: VLAN practice
Replies: 6
Views: 1922

Re: VLAN practice

You would not necessarily need to add a bridge to use vlans across ports 1-3. You should be able to use the switch functionality at wire speeds without needing to add a bridge to the CPU load. Go to routerboard.com. Download The Block diagram. It shows that Ether1-8 are wire speed on one switch chip...
by webpagetech
Wed Nov 06, 2013 5:52 am
Forum: Scripting
Topic: exit or break a loop statement
Replies: 11
Views: 11395

Re: exit or break a loop statement

+1 This would be useful... The while continue will work if you want to break at the end of the while loop but for the loop to actually stop, processing has to make it back to the ":while ($continue) do={". This means that if you set set continue to false half way though the while loop the rest of th...
by webpagetech
Fri Oct 18, 2013 10:00 pm
Forum: Forwarding Protocols
Topic: BGP peer not picking up my routes
Replies: 15
Views: 4570

Re: BGP peer not picking up my routes

Is this any help? /routing ospf instance set [ find default=yes ] disabled=no distribute-default=if-installed-as-type-1 \ in-filter=ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \ metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \ out-filter=ospf-out redistribute-bg...
by webpagetech
Wed Oct 16, 2013 11:30 pm
Forum: Forwarding Protocols
Topic: BGP peer not picking up my routes
Replies: 15
Views: 4570

Re: BGP peer not picking up my routes

you should only be concerned with your barrier router and the /30 that you share with your provider on that router. I believe this is your rb1200. It is the one that connects to your provider right? You need to figure out what chains you need to be working with here. You need to find the outgoing bg...
by webpagetech
Tue Oct 15, 2013 8:00 pm
Forum: Forwarding Protocols
Topic: BGP peer not picking up my routes
Replies: 15
Views: 4570

Re: BGP peer not picking up my routes

OK, If you privates are still being advertised then the filters are not working quite yet. We need to know what your filter chains are called. In /routing bgp peer, what are the in and out filters? ... /routing bgp peer export also in /routing ospf instances there are the other in and out filters th...
by webpagetech
Tue Oct 15, 2013 5:21 pm
Forum: Forwarding Protocols
Topic: BGP peer not picking up my routes
Replies: 15
Views: 4570

Re: BGP peer not picking up my routes

You want to make sure that you are advertising your public subnet(s) and that is it. In /routing filter you need to make sure that your BGP out chain accepts your public subnet(s) and drops all other subnets. /routing filter add action=accept chain=ISP1_Out prefix=185.xx.xx.0/22 add action=discard c...
by webpagetech
Tue Oct 15, 2013 4:45 pm
Forum: General
Topic: packet loss during load
Replies: 3
Views: 1405

Re: packet loss during load

Hello, check /tool profile and /system resources cpu, to see more info about load. In case you use later-7 filter massively you need to ensure that no unnecessary traffic goes trough it. layer-7 works with packet streams that it gets from first several packets - so it adds latency. One layer-7 filt...
by webpagetech
Tue Oct 15, 2013 4:02 pm
Forum: Beginner Basics
Topic: Mikrotik + 2 WANS + Failover
Replies: 3
Views: 1356

Re: Mikrotik + 2 WANS + Failover

The Guide that you linked has the routing table... /ip route add gateway=10.10.11.1 routing-mark=ISP2 add gateway=10.10.10.1 routing-mark=ISP1 add gateway=10.10.10.1 What you need to do is add a second default route on the main table and make sure that check gateway is enabled and add a distance. /i...
by webpagetech
Tue Oct 15, 2013 3:13 pm
Forum: General
Topic: packet loss during load
Replies: 3
Views: 1405

Re: packet loss during load

Ports 1-8 are in use. They are all routed with no bridges or bridge filters. The interfaces are all set to hardware only queues with a queue tree on the outgoing traffic of its wan port only.
by webpagetech
Tue Oct 15, 2013 1:47 am
Forum: General
Topic: packet loss during load
Replies: 3
Views: 1405

packet loss during load

I have a QOS setup that is based on the DSCP Wiki article. http://wiki.mikrotik.com/wiki/DSCP_based_QoS_with_HTB I have a couple routers that get bad packet loss as soon as I enable the config. The config is similar to the wiki and worked great on low usage sites... It starts with 6-10 rules that fi...
by webpagetech
Tue Oct 08, 2013 12:04 am
Forum: General
Topic: DDoS attack?
Replies: 16
Views: 5454

Re: DDoS attack?

Thanks, I'll give this a bash too. Can you tell me what it does? Ya it says... Accept forward traffic that is established (connection has already been new and created from you LAN and is still the same as when it was created) Accept forward traffic that is related (connection has already been creat...
by webpagetech
Mon Oct 07, 2013 10:23 pm
Forum: General
Topic: SSl certificate create
Replies: 2
Views: 1453

Re: SSl certificate create

What version of RouterOS are you using? http://forum.mikrotik.com/viewtopic.php?f=1&t=76373&p=388289&hilit=create+certificate#p388289 Currently I'm using a older RouterOS version to create the CSR. Then have it signed. Then import into your v6 router board... Works just extra step for now. Will be f...
by webpagetech
Mon Oct 07, 2013 10:10 pm
Forum: General
Topic: DDoS attack?
Replies: 16
Views: 5454

Re: DDoS attack?

I would also set up a connection state firewall to protect you LAN if you have not already. something along the lines of. /ip firewall address-list add address=172.16.0.0/24 list=list-inside-lan /ip firewall filter add chain=forward connection-state=established add chain=forward connection-state=rel...
by webpagetech
Mon Oct 07, 2013 9:56 pm
Forum: General
Topic: DVR port forward for camera view on mikrotik
Replies: 1
Views: 3701

Re: DVR port forward for camera view on mikrotik

Two nat rules and one firewall rule should do the trick. Nat rules: /ip firewall nat add action=dst-nat chain=dstnat dst-address=106.xx.xx.51 dst-port=8921 in-interface=wan-1 protocol=tcp to-addresses=172.16.16.15 to-ports=8921 add action=dst-nat chain=dstnat dst-address=106.xx.xx.206 dst-port=8921 ...
by webpagetech
Tue Aug 27, 2013 6:25 pm
Forum: The Dude
Topic: sys logging to different log files
Replies: 1
Views: 1467

Re: sys logging to different log files

The wiki on syslog has you point everything at the syslog that is already in place. I did find how to customize this functionality. You can set up different log files in the log area. dude -> logs(left tree) -> plus/add button -> name it appropriately. Now create your custom notification. dude -> no...
by webpagetech
Fri Aug 23, 2013 10:32 pm
Forum: The Dude
Topic: sys logging to different log files
Replies: 1
Views: 1467

sys logging to different log files

dude 4.0beta3 -> click logs on tree (left side) -> plus/add button -> make new log for a router dude 4.0beta3 -> settings button at the top -> Syslog tab -> plus/add button -> ... " add src address action = accept notification = log to syslog click the little single dot button and set the target log...
by webpagetech
Sat Jun 29, 2013 10:14 am
Forum: General
Topic: Simple Queues Not showing in RB 1100
Replies: 3
Views: 733

Re: Simple Queues Not showing in RB 1100

looks like its a know issue salved in 6.1.
http://forum.mikrotik.com/viewtopic.php?f=13&t=73436


Lets us know if it works I'm about to be using allot of dynamic simple queues from hotspot on 6.1 1100ahx2.
by webpagetech
Sat Jun 29, 2013 8:36 am
Forum: General
Topic: Simple Queues Not showing in RB 1100
Replies: 3
Views: 733

Re: Simple Queues Not showing in RB 1100

What routerOS version are you running?
by webpagetech
Thu Jun 27, 2013 10:02 pm
Forum: General
Topic: Routing with 3 Upstream for getting full load balancing
Replies: 1
Views: 676

Re: Routing with 3 Upstream for getting full load balancing

well you will probably want to use bgp peering with your upstream providers. You will want to advertise subnet blocks to each of the providers depending on how much traffic you want from that provider. For instance you would want to advertise more to provider B than A and more to A than C. That took...
by webpagetech
Thu Jun 27, 2013 6:11 pm
Forum: General
Topic: Traffic prioritizing on interfaces, need crazy help
Replies: 12
Views: 2227

Re: Traffic prioritizing on interfaces, need crazy help

What is your actual internet speeds? you need to set this as parent max limit. It would help if you ran an export so we could see what is going on. /interface export compact and then past your results. I think the problem might be that logically they are on the same port (bridge or switch chip). eth...
by webpagetech
Thu Jun 27, 2013 4:27 pm
Forum: General
Topic: Traffic prioritizing on interfaces, need crazy help
Replies: 12
Views: 2227

Re: Traffic prioritizing on interfaces, need crazy help

OK so what are the bandwidth limitations of the wan port?

Are they both on the same subnet? If so is there any differences in the addresses that users on port two would have vs users on port five?
by webpagetech
Thu Jun 27, 2013 10:18 am
Forum: General
Topic: Traffic prioritizing on interfaces, need crazy help
Replies: 12
Views: 2227

Re: Traffic prioritizing on interfaces, need crazy help

Are ether2 and ether5 bridged? do they have different subnets? what is the lan set up? I set a little test up but I'm on a bridge so I used src address instead of interface. you could try having your wan as the parent target and eth2 and eth5 as your child targets. You will need to follow a couple r...
by webpagetech
Thu Jun 27, 2013 7:33 am
Forum: Beginner Basics
Topic: nat related question ... need help
Replies: 7
Views: 1418

Re: nat related question ... need help

Assuming the web proxy is still on the customer facing router, that would make sense because the web proxy is doing src nat in a way, but only with port 80. Assuming you are running a translucent proxy, I would add a dst nat rule on the isp facing router that would redirect port 80 to a web proxy ru...
by webpagetech
Wed Jun 26, 2013 11:40 pm
Forum: General
Topic: Feature Request: support multi dynamic address list
Replies: 14
Views: 4843

Re: Feature Request: support multi dynamic address list

Was there ever any resolution to this feature request?... +1 How about a work around involving one address list from radius and then a script to take that src and add it to the appropriate address list(s). For instance you could have customer A with address list from radius "list-fire-walled-gold". ...
by webpagetech
Wed Jun 12, 2013 8:39 pm
Forum: Beginner Basics
Topic: nat related question ... need help
Replies: 7
Views: 1418

Re: nat related question ... need help

No Problem glad I could help :-).
by webpagetech
Tue Jun 11, 2013 3:38 pm
Forum: Beginner Basics
Topic: nat related question ... need help
Replies: 7
Views: 1418

Re: nat related question ... need help

Yes the two routers need to have a shared network between them so that they can have an address to use as a gateway for routes. For instance instead you could put 10.1.1.1/30 on router one and 10.1.1.2/30 on router two. The subnet would have the following properties. 10.1.1.0 network address 10.1.1....
by webpagetech
Mon Jun 10, 2013 8:07 am
Forum: Beginner Basics
Topic: nat related question ... need help
Replies: 7
Views: 1418

Re: nat related question ... need help

Don't use nat on the internal router. Then just add a /30 between the two and in your isp facing router add routes to the lans on the internal router. Do the nat masquerade on your isp facing router. That would allow you to expose the src addresses from your internal router to isp facing router.
by webpagetech
Mon Jun 10, 2013 7:27 am
Forum: Beginner Basics
Topic: Problem with "Wlan Bridge"
Replies: 1
Views: 651

Re: Problem with "Wlan Bridge"

make a rule in /ip firewall filter. match in interface wlan match !wan action drop /ip firewall filter add action=drop chain=forward disabled=no in-interface=wlan1 out-interface=!1-wan The ! stands for not. So if the traffic is coming from your wlan and not going to the internet it should be dropped.
by webpagetech
Mon Jun 10, 2013 2:15 am
Forum: General
Topic: Traffic prioritizing on interfaces, need crazy help
Replies: 12
Views: 2227

Re: Traffic prioritizing on interfaces, need crazy help

You want to look into /ip firewall mangle to identify the traffic going to and from you lan interfaces. You can use queues to prioritize and shape your traffic using the identification tags that you set up in you mangle rules.
by webpagetech
Mon Mar 18, 2013 10:06 pm
Forum: General
Topic: Winbox for Mac OSx & Windows & Linux
Replies: 48
Views: 42232

Re: Winbox for Mac OSx & Windows & Linux

A winbox version that worked in Linux desktops would be awesome! However winbox has worked in wine for me with no problems for over two years. I do have issues pushing and pulling files though winbox but I did't realize that that worked in windows anyways lol. I have tried on ubuntu 11.10-12.10, cen...