MikroTik

CR24

Awesome, I will try the 3 Interfaces and see if that works any better.

Thanks for your help.

CR24

I added this rule, and its now routing out with the VRRP IP.

/ip firewall nat
add action=src-nat chain=srcnat comment="VRRP SRC NAT" out-interface-list=WAN-LIST to-addresses=192.168.50.2

Do I just need to src nat for each of the IPs?

CR24

Yes, it's a single ISP with a /29 handoff. I have 3 IPs on VRRP because I have each IP dedicated to an app on my LAN, and I have dst nat rules on each of those IPs as well. Is it not possible to utilize multiple IPs? I am using these masq rules. /ip firewall nat add action=masquerade chain=srcnat co...

CR24

Hello! I have VRRP working great on my LAN, but is VRRP possible on WAN connections? R1 /ip address add address=192.168.50.2 interface=WAN-VRRP network=192.168.50.2 add address=192.168.50.3 interface=WAN-VRRP network=192.168.50.3 add address=192.168.50.4 interface=WAN-VRRP network=192.168.50.4 add a...

CR24

I have 2 VLANs on a Mikrotik each with a different IP subnet, I have all routing between these subnets blocked. I have a device on VLAN A that needs to communicate with a device on the VLAN B, however, I dont want the communication to simply go from LAN IP to LAN IP, I want them to use the respectiv...

CR24

Glad to know I am not the only one having the issue. I downgraded all of my devices back to 6.42.16 to resolve the problem until a new release comes out.

CR24

Which SNMP version are you using? If Version 3, which Security option?

CR24

Yeah I've never had a problem with it until today. Just downgraded a second device back to 6.43.16 and it immediately came back up as online inside Dude. No configuration change.

CR24

The SNMP "Router" probe.

CR24

I just upgraded my Dude server and a few devices to 6.44.5, all of the 6.44.5 devices are showing offline and all of my 6.43.16 devices are showing online. I downgraded one of the 6.44.5 devices to 6.43.16 and it now shows online.

Is there an issue with Dude or SNMP in 6.44.5?

CR24

So the above rules will behave like I want then correct? Anything above 20 per second will add to the address list?

CR24

I am trying to implement a request per second rate limit for DNS requests. I am wanting to put all IPs that go over the 20 requests per second to an address list, will the following rules accomplish that? /ip firewall filter add action=add-src-to-address-list address-list=DNS_LIMIT address-list-time...

CR24

Is it possible to have an address list "shared" between multiple devices? For example if 1 device added an IP to a list it could somehow sync to device 2.

CR24

The link-local addresses are not "bothering" me, link-local just creates a potential issue on my WAN network, which is not only made up of my routers/devices but also customer routers/devices. Said devices are being supplied with a Static IP address, but lets say an end-user decided to ena...

CR24

Yeah that is what I was going to look at was a script but I figured I would ask if there was a setting to disable link-local that I was missing, but I guess Mikrotik just doesnt have it.

Thank you.

CR24

Can IPv6 link-local addresses be disabled? I cant seem to find the option anywhere so I do not know if Mikrotik has the option or not. I am able to remove the addresses manually by deleting them under the addresses list, but every time I restart the device all interfaces self generate a link-local a...

CR24

Instead of running the script at the DHCP script I just had to call the system script that I was running on a schedule before. Got it working as I need.

Thanks for the help.

#Add Lease to Address List
 
 
:if ($leaseBound = "1") do={
    /system script run 0
}

CR24

My worry is once the timeout expires on the address list, will it get re-added to the address list if the lease is still active?

CR24

It worked actually, just only for new entries, I was reconnecting a current entry to the network and the lease was refreshing but it was not triggering the script. Do you know what tweaks I would need to make to get it to refresh current leases?

CR24

I tried this, no luck, did I do something wrong?

#Add Lease to Address List
#DCHP Script
 
 
:if ($leaseBound = "1") do={
    /ip firewall address-list add list=DHCP-WL address=($leaseActIP) timeout="03:00:00"
}

CR24

I currently have a script that adds bound DHCP entries to an address list, this script is set to run every 30 seconds. Rather than have it scheduled to run every 30 seconds is it possible to have another script that parses the logs and searches for an entry with "Msg-Type = ack" in it then...

CR24

Can someone help me with a script to add connections constantly in a "syn sent" state to a source address list?

CR24

Yeah, rules for Static IPs are the easy part, the hard part is allowing connectivity for Dynamic IPs and IPs from indirect customers.

Are there no filtering options for connections that are constantly in a "syn sent" state?

CR24

What would be a safe number to still allow my actual users to get through? I am running the below rules (this IP block is not being used for live users right now, so every hit is an unwanted IP and my blacklist is already over 1500 entries in the 2 minutes it has been running) /ip firewall filter ad...

CR24

I recently setup BGP with a couple ISPs but I am not having any issues on the BGP setup itself, that works perfectly. The issue I am having is I bought a /24 block off an Auction site, since ARIN is no longer giving any out this was my only option, and it seems this block was HEAVILY used, when I go...

CR24

If the queue counters are showing traffic then you should be good to go, a reboot may help. If you are still having issues after a reboot post your config.

CR24

With your interfaces in a bridge, use the following....

/interface bridge settings
set use-ip-firewall=yes

/queue simple
add max-limit=1M/1M name=ETHER1 target=ether1

CR24

Yeah I noticed "Files" was in purple so I made a new folder and it worked. Guess ROS/Dude doesn't like spaces in paths.

CR24

One more thing. Is there an argument to have plink run silently?

CR24

made a folder C:\DudeTools and now its working. Thanks for your help.

CR24

Just did this, still getting the error, grr.

C:\Program Files\PuTTY\plink.exe [Device.FirstAddress] -l [Device.UserName] -pw [Device.Password] "/system reboot"

CR24

Can you tell me how to setup a proper SSH tool? Ive been trying this.

ssh [Device.FirstAddress] -l [Device.UserName] -pw [Device.Password] "/system reboot"

CR24

Same error "The system cannot find the file specified."

CR24

Is it possible to send a terminal command with a custom tool? I get an error no matter what command I try to push.

Example: "/system reboot" (Yes I know there is a reboot option this is just an example)

CR24

I am running all of my routerboards on 6.28 and have no issues, however I installed a new one today and upgraded to 6.29.1 and am experiencing some issues. I was able to downgrade to 6.27 with an older upgrade file I have which fixed my problems. Does anyone have the 6.28 upgrade files for TILE MIPS...

CR24

Thanks for your responses, I was able to get this working by having the remote workers connect on different static IPs since the connection has a block of 5 usable. This will be my workaround while I get L2TP setup.

CR24

I have a PPTP VPN setup for remote users. Everyone can connect just fine when they are at their respective homes, but I had 2 users trying to connect from the same location and only 1 user was able to connect at a time. How can you get more than 1 PPTP connection from the same IP address?

CR24

I would like to know how to disable the Power LED as well. I was able to disable every LED except the Power.

CR24

Add these logging rules and see if anything pops up in your logs.

/system logging 
add topics=pptp
add topics=debug

CR24

I was able to fix this issue by having the PPTP address pool use the same pool as the internal DHCP server. I had a different address pool being used for PPTP clients.

CR24

I am having the same problem. But what I have noticed is that it's only happening on devices with v6. I connected to a device with v5 and it loaded the previous session just fine.

CR24

Do an export so we can see your settings.

/ip service export

/ip firewall filter export

/interface export

/interface bridge export

CR24

You could try using filter rules that search for keywords you specify and add anything matching to your address lists. You will want to add an accept filter rule for your DNS IPs, if you don't it will add your DNS IPs to the address lists. Make sure you change the IPs below to match the IPs of your ...

CR24

Just wanted to verify, on your last post you said the filter rule was setup for port 222, is that a typo or is your rule setup for port 222?

Make sure the ssh IP service is enabled.

/ip service
set ssh disabled=no

CR24

Port policer and switch shaper gave me horrible results. For example while doing a speedtest the test was very inconsistent, the speeds went up and down through the entire test. It seemed like the traffic was not passing smoothly while using port policer and switch shaper. Queues are best way to acc...

CR24

I posted this before I saw the other thread, which nobody was even helpful on. You and a few others kept saying to use queues, which I stated in on the other post I had already tried. However I was eventually able to get my setup working correctly by turning bridge firewall on THEN using queues. /in...

CR24

I have updated the code to reflect a fix for in-game NAT issues such as, your NAT type showing as OPEN on the Xbox Live Dashboard but MODERATE or STRICT in-game. I was having this issue while playing Call of Duty Advanced Warfare, it would prevent me from joining certain friend's parties. The fix wa...

CR24

For anyone having Strict or Moderate NAT issues on Xbox Live implement the following firewall rules to get Open NAT. There is no need to add the rules for ports 80 and 53. After I implemented the rules the counters were not showing anything until after I rebooted the router, so make sure to give you...

CR24

I removed all IPs and rules associated with the address list named "Blocked-IPs" and created a new address list named "Blacklist" I associated all the IP addresses from "Blocked-IPs" to "Blacklist" I even made sure to change the filter rules to reflect the &qu...

CR24

I have several address lists configured on the firewall, I have just removed all IPs and all filter rules associated with this address list but it still shows up as an address list to add IPs too. It is not causing any configuration issues, its just more of an OCD thing. Is there a way to manually d...

CR24

Thank you very much Skot!

CR24

I am looking for a script to renew my DHCP Client lease every six hours.

Any help is much appreciated!

CR24

I am having this same issue with a CRS125, wont let me set bandwidth at the interface level. I have tried to setup simple queues but I am having no luck. I am running v6.15 and I have the simple queue setup with port 5 as the target and both upload and download set to 10M for max limit, but there is...

CR24

I am using a CRS125 on 6.14 and I am wanting to limit bandwidth usage based on port not IP address. I have tried going into the interface settings and setting the limit there but I get the following error; "Couldn't change interface <ether5> not supported on this interface (6)" doesnt matt...

CR24

Double topic. Refer to http://forum.mikrotik.com/viewtopic.php?f=3&t=79908

CR24

[admin@MT] /ip firewall> filter print Flags: X - disabled, I - invalid, D - dynamic 0 chain=input action=accept src-address-list=WHITELIST dst-address-list=ALLIPs 1 chain=forward action=accept src-address-list=WHITELIST dst-address-list=ALLIPs 2 chain=input action=drop src-address-list=BLOCKED-IPs d...

CR24

Right now I have a filter rule setup to add any IP going over 50 connections to be added to a source IP blacklist. I am wondering if I can setup a similar filter rule but instead of basing it off 50 connections it will use an online blacklist such as, b.barracudacentral.org, to automatically populat...

CR24

When connecting to PPTP VPN I can only connect to web admin of other devices, i.e. switches, if I have "Use default gateway on remote network" under TCP/IP Settings checked, which settings do you need to implement to be able to not use remote gateway and still reach other devices. Thank yo...

CR24

When connecting to PPTP VPN I can only connect to web admin of other devices, i.e. switches, if I have "Use default gateway on remote network" under TCP/IP Settings checked, which settings do you need to implement to be able to not use remote gateway and still reach other devices. Thanks i...

CR24

Well that was easier than I was making it out to be!

Thank you very much

CR24

The setup I am trying to accomplish is to be able to monitor the Tx and Rx rate of a certain port on a switch, I select my device from the device list and go to SNMP > Interface tab and it will show the list of ports and current usage that way, but I would like to put this info into a chart that I c...

Search found 61 matches