MikroTik

Giepie

It's been 12 years!

Giepie

Hi Danihill

How far did you get with your DaloRADIUS implementation?

I'm testing it out now, but seem to have the same difficulties you had.

Would you mind sharing your experiences?

Thanks! G

Giepie

Have you tried a different brand switch?

Another thing, you should really use a gigabit switch.

You sometimes get switching incompatibilities between devices, especially when connecting gigabit to 10/100.

Giepie

It's only our pleasure bud!

Please let us know the result.

G

Sent from my iPhone using Tapatalk

Giepie

Most probably... But it could also be a bad crimp. Remember, on gigabit links all 8 wires are used, on 10/100 only 4 are used. Sometimes if one of the two blue or browns aren't crimped properly, you may still have a link, but it does strange things. If it was me, I'd troubleshoot as follow: 1) recri...

Giepie

Make sure you're using the gigabit PoE which came with the dynadish.

Also try another Mikrotik gigabit switch.

I find that using 10/100 PoE's cause similar issues.

Sent from my iPhone using Tapatalk

Giepie

Have you removed ether2 and ether3 from the same bridge or (soft)switch? By default ether2 is a master interface, and ether2-5 are slaves - meaning they are all part of the same (soft)switch. You can change this by going to the general tab of ether2-5 and setting "master interface" to none...

Giepie

Only my pleasure [emoji4]

Thanks for sharing your findings (about nstreme causing the issue) - I really appreciate it.

G

Sent from my iPhone using Tapatalk

Giepie

Support recommended a full reinstall using netinstall, but I was lucky to get away with software reset (either with /system reset-factory-defaults or by holding reset button). I had the same concern, as one of the devices I had to reset was also on a highsite. But unfortunately there does not appear...

Giepie

I had similar results with other products too (disc5, SXTsq AC). I contacted Mikrotik support (with sipout.rif), and their advice was to reinstall RouterOS. I managed to recover all devices by doing a hardware reset. I did not try to reload my backup, in case the problem comes back. Sent from my iPh...

Giepie

Thanks Normis But as I stated in my reply, I am not able to upgrade RouterOS! And after my upgrade attempt failed, I'm no longer able to change any wireless settings either! I believe the original poster also referred to RouterOS, but incorrectly called it "firmware". Please have a second ...

Giepie

I would like to know the same thing.... I experienced this specifically with LHG AC and SXTsq AC units. Some additional information: After trying to upgrade RouterOS, the router reboots, but old RouterOS remains. The log file says: "kernel failure in previous reboot". I then tried changing...

Giepie

Did you block chain:INPUT and in-interface:<your external interface>? Make sure you don't apply these rules on your internal interfaces.

You're welcome to post your firewall, filter rules so we could have a look

Giepie

If your router is enabled for DNS ("Allow remote requests"), your router is vulnerable for DOS attacks from all sides, UNLESS you have a deliberate firewall rule to drop all TCP and UDP pot 53 traffic on your external interface(s). On all my routers, especially ones exposed to the Internet...

Giepie

Hi guys Hopefully my post would shed some more light on the problem. I have a similar setup as most of you, but with the exception of using Ubiquity radio's and Mikrotik Routers. Here is my scenario: AAA --> BBB --> CCC AAA is connected to BBB using a PtP Ubiquity link (2x Powerbeam 25dBi's), and on...

Giepie

BUMP! I just came here with the same question and the bottom line is you can't use Axxess/Afrihost L2TP Static IP's on a Mikrotik Router. Has anyone else managed to get something going? I guess Afrihost wouldn't turn off the tunnel authentication from their side, as I believe that would be the ideal...

Giepie

Hi guys I know this is an old threat, but hopefully someone could help me out here. I don't have a problem "catching" the SIP (UDP:5060) hackers, but I do have a problem rejecting them. What I mean is this: If I create a single filter rule with the hacker's IP as source, the counters goes ...

Giepie

Glad you came right

Giepie

This may be the solution to your problem: <code> /ip firewall nat add action=dst-nat chain=dstnat dst-port=1723 in-interface=Ext-IF protocol=tcp to-addresses=192.168.9.5 /ip firewall filter add action=accept chain=forward in-interface=Ext-IF protocol=gre /ip firewall filter add action=accept chain=f...

Giepie

All the active PPPoE sessions on the right suggests there is more than one authentication mechanism. Do you authenticate the connected users locally, or do you have a second Radius Server (or the like)? The error seems to have something to do with a non-unique value. I can't quite make out what it c...

Giepie

No, Mikrotik is a ROUTER, not a server. Although Mikrotik's does have some server features, SMTP is one of those things requested several times in the past, but it will never be implemented. However, what you could try is this: Mikrotik does have MetaRouter support, which works similarly to VMWare o...

Giepie

Please post your script as it is and give a printout of your existing queues, mangle rules, address lists and layer 7 address lists

Giepie

Hi 49er Do you really need more than 100mbps throughput? In theory that router is capable (as limited by ethernet ports) of 100mbps down + 100mbps up, 200mbps total throughput. Realistically you should easily get 90mbps, depending on interference on the wireless side. At the moment you don't have an...

Giepie

Hi guys I've been battling with this for the past couple of hours, couldn't find any solution on the forum or wiki. When I do the following (lets assume queue1 exist and the target-address is 192.168.1.1/24) : :put [:len [/queue simple get queue1 target-addresses ]] 1 It seems that whenever you use ...

Giepie

Use mac authentication for everybody That won't do me any good as the "hacker" (abuser) is a valid user and his MAC needs to be authenticated in any case. The problem is that he is using one of his other family members' accounts when he gets capped. My only solution (unless Mikrotik adds ...

Giepie

Hi everyone, thanks for all the ideas.

I was hoping for a more "out of the box" solution, but I think a script would be the way to go. I don't have much time right now, but I'll start scripting and share my script here. Please give me a week or so.

Thanks a stack! G

Giepie

Hi guys Sorry for starting a new threat, but I couldn't find my answer in the other threats. In the last few years I've done plenty of HotSpots, so I'm not a nub' at all, but I ran into a issue which I can't seem to resolve myself. To sum up the situation: I installed a MT Hotspot solution (which au...

Giepie

Have you tried turning it off and back on again? ;) Just some Thursday morning humor! I've had a similar situation, where the PPPoE client wouldn't get correct IP and GW settings from the ISP. I went backwards and forward, but just couldn't resolve the problem. Finally got it working, and the culpri...

Giepie

Hi megajuras Just a thought.. not sure if it would work, but in theory it should. Have you tried creating a DST-NAT rule on your home RB750, to forward all incoming (incoming on external interface) traffic on port 53 to your RB750's local IP on port 1723? Try something like this: /ip firewall nat ad...

Giepie

Hi Hilton I would be honored to help with the testing :) If you wish, you could mail me here: giepie at itblanket dot net I also thought of doing my own dyndns system, but in order to do that 100% effectively, you need a server on a network which never goes down, or make use of multiple servers and ...

Giepie

I have been communicating with the new MD of changeIP via E-Mail. Apparently Sam isn't part of ChangeIP anymore (or perhaps just the dyndns devision). He gently hit me on the nose for flooding their helpdesk, and also explained their SLA to me. Their maximum turnaround time is 24 hours, unless it is...

Giepie

Seems to be working again, after sending a few hundred mails with the hope to get support. I pleaded with them to put a status link on their homepage where they can paste any issues, so people like us could first check the status page before contacting support. I also suggested they send a bulk mail...

Giepie

Broken again, no status updates, no response to support mails.

Seems like I'll be going to DynDNS or No-IP (or any **real** or **reliable** Dynamic DNS host). Hopefully changeip will give me a refund due to lack of service

Giepie

It certainly isn't working for me right now. Do you have a free account or do you also have your own domain? The ddns clients update fine to ChangeIP, and the correct IP is reflected in the control panel, BUT when I do a nslookup to the fqdn (example testingg.itbzone.net), it gives me an old address...

Giepie

As mentioned earlier, I did receive a reply from Scott at ChangeIP support, only to say DDNS is updating. That was 2 hours ago. I immediately replied with proof that although the DNS on the WEBUI seems to be updating, it doesn't resolve to the correct IP. Even running a nslookup against ChangeIP's s...

Giepie

I finally received this message: We are seeing successful updates by your microtik router. Sincerely, Scott Support Department ChangeIP.com And replied with this: Hi Scott Thanks for the reply. I almost fell off my chair to finally get a reply after almost a day without DDNS! Currently it does seem ...

Giepie

I withdraw my previous post. Although DDNS does seem to update, it takes for EVER to reflect. It shouldn't take more than 5min (as indicated on the ChangeIP control panel), but it takes much longer than that). I think this time Sam really died. Last time we thought he died, it only took about a day ...

Giepie

I can confirm it does appear to be working again.

I wish Sam could at least let us know what happened. If this ever had to happen again, I'l be forced to cancel immediately.

Giepie

It did seem to work for a short period, but it is not working right now. I created a test zone (testingg.itbzone.net) and manually changed the IP to 1.2.3.4 and updated the records. I waited for a looooong time for that hostname to become resolvable, and when it finally did, it had the correct IP of...

Giepie

Hi guys

I just placed another online support ticket, and I finally received one of those automated replies (those that say thanks for contacting support, your ticket number is.....). I have however not received an answer yet.

Please let us know if anyone else receive any kind of updates.

G

Giepie

Thats a good idea. I've never used Skype for PSTN calls, I guess there's always a first time for everything

Giepie

I also found this on the whois page: Administrative Contact, Technical Contact: Network Operations, ChangeIP noc@changeip.com 1200 Brickell Avenue Suite 1950 Miami, FL 33131 US 8007913367 fax: 7862246593 Unfortunately my phone is barred from making international calls. Could someone from the US perh...

Giepie

Thanks for everyone's help!

I did a whois on changeip.com and it seems they are part of http://www.networksolutions.com. I'm going to try and contact Network Solutions. Will update as soon as I have more information.

Giepie

I'm now getting desperate. I tried all means to contact ChangeIP support, but no response.

I have clients threatning to cancel their service since they can't access their office networks.

Anyone have any other ideas on how to contact Sam / ChangeIP?

Giepie

I created support tickets online to all 3 departmens (sales, abuse and support). I also sent emails to all the contact addresses on their website, but those mails came back as rejected due to spam. At this point I feel like booking a flight from South Africa and going there in person to find out wha...

Giepie

Does anyone have a contact number for Sam or ChangeIP?

Giepie

I have now managed to manually update the records online, but the fqdn's are still resolving to the old addresses. I tried nslookups too, and they confirm that.

I guess I'll have to start looking at an alternative solution too.

Giepie

It seems to be down again

Giepie

I've setup DynDNS for a client last month, as they already had a DynDNS account. They seem to be stable so far (although its probably way too early to say for sure). But I love ChangeIP, as Sam is part of the Mikrotik community. I just wish he would give better reporting. If there ARE problems, just...

Giepie

Hi guys Does anyone know if ChangeIP is down? I keep getting "Blacklisted" and/or "Timeout" errors in my Mikrotik logs. This has major repocussions as none of my clients can access anything from outside their offices. My phones are ringing off the hook, and I can't get hold of Ch...

Giepie

Hey man! Yeah it is kind of weird. The funny thing is, I haven't experienced this, afaik, EVER happening, and now suddenly I see it on about 8 different routers with PPPoE AND l2tp clients. I sent MT support a supout.rif, really holding thumbs they could figure out my problem. All points to a bug (i...

Giepie

I'm seeing similar symptoms on 5.16 with l2tp AND pppoe connections. Does anyone have any comments on this or perhaps have a fix?

I looked at the changelogs, but nothing refers to this so I'm not sure if an upgrade would do any good.

All help would be greatly appreciated!

Giepie

You are all half-correct

You need to add one more setting for the preferred route: check-gateway=ping

Have a look here:
http://wiki.mikrotik.com/wiki/Two_gateways_failover

Hope that helps

Giepie

You should be able to rebuild the DB with this command:

/tool user-manager database rebuild

I've had to done it a few times. It is not always sucessful though.

Hope it helps

G

Giepie

Sorry for butting in but I prefer a nice clean Queue Tree with PCQ for example. No Simple Queues and no scripts - we do not need to make life harder than it is. Hi NetworkPro I too prefer to have nice "clean" rules, nicely labeled and manually configured etc, but if you have /24 or even w...

Giepie

Does anyone have the script that would make DHCP leases have a simple queue attached? Look at the last script on this page: http://forum.mikrotik.com/viewtopic.php?f=9&t=58551 I'm going to "fine tune" that script for my own use. I need extra functionality to change Queue names if the ...

Giepie

Just wondering on the graphing, most of my MTs are RB532s with 64 meg of HD space. I have 25 meg free, what is the max value with storage for 100+ queues and interfaces? Just making sure that I don't fill the thing!

Dnenis

Hi Dnenis

Did you ever get an answer to your question?

Many thanks, G

Giepie

Looks like its back up. 36 hours downtime, for a paid for service, and not a word from them... Not a good sign, just happy to have my VPN's and remote updates working on sites again. Please dont make me move back to DYNDNS !!! I'm just as glad all my services have been restored. Every and any produ...

Giepie

Hi guys

Sam is good and well, just replied to me saying all should be fixed. I tested and mine is working perfectly again.

THANKS SAM!

Giepie

That is EXCELLENT news

There are DynDNS options, but I would REALLY like to stay with ChangeIP

Giepie

I agree

I really hope nothing happened to him

Giepie

Hi guys Thank goodness I'm not the only one trying to get hold of Sam. I also left several emails and online ticket submissions. I even tried their sales channels etc. It is extremely expensive to make international calls from South Africa, so I didn't call. I really hope nothing has happened to him...

Giepie

Hi Celestius

I support your cause!

Thanks for the poll. G

Giepie

Hi Janisk You say we shouldn't reinvent the wheel. In that case, I'll buy you a case of beer if you find ONE RADIUS package which does everything I require it to do without any modifications. The reason for people like me "reinventing the wheel" is to add functionality to a product. UserMa...

Giepie

Hey Omega

I forgot to mention this, but yes, I'm aware of the LUA situation. If LUA is reintroduced, I'm certainly having a party that night!

Giepie

Hi guys I too have a great need for writing larger files. I have written a complete accounting system, based on UserManager. It has the ability to send notifications on certain levels of a user's CAP (eg 50%, 75%, 90% and when the user is finally capped). It sends the user an email and SMS. I have a...

Giepie

Hi again I had very similar problems in the past, but back then I was using high powered cards (XR5 etc) on highsites. Since then I learned from a RF engineer that by using high powered cards (similar to using amps) actually "boosts" your interference levels too. The same RF engineer also ...

Giepie

Hi Rudi No, no real luck with such a system. But, we have a general rule of thumb of always ensuring your clients link at between -70 and -75db. This ensures your links are all much more stable, and it makes it easy to see that all your clients have a 70-75db signal. When this changes to say -80 to ...

Giepie

Yes, we did go off-topic a bit, pardon us for that!

Giepie

Everything is done in one script, billing and traffic accounting. The UM logs are kept in the UM DB which keeps on growing. Depending on the amount of users, get a CF or SD card (2GB+) If you have 1000's of users RadiusManager might be the better way until UM is fully out of Beta and has the ability...

Giepie

We use RadiusManager without problems.. only they have to fix the csv export but works fine for us. I need that someone who used Radius manager and now uses usermanager tell me why they changed. With usermanager you can log all the user connection? like the CTS of Radius Manager? Thanks, I prefer U...

Giepie

Many thanks to Jacques for the info and to Mikrotik for considering adding Netcash. You most certainly have my vote reqeust for Netcash support. Many people here in South Africa are completely forced to use RadiusManager, due to UM not supporting Netcash. How about starting a poll so we can vote for...

Giepie

Hi there You should post more info on your setup, particularly what connects to that R52n card etc. I'm doing lab tests (just got my first N card today) and I got up to 51mbps downstream. My upstream is not that good, but I'm using the wrong dipole on it (it's only for testing). I'm running 5GHz-N-O...

Giepie

OKay I tested it with the new Usermanager from 4.02beta on my RB 1000, with nearly 1000 customers and my customers told me that the ping time is very high with Radius. Without everything is okay!! User Manager only does authentication, it won't cause latency to be high. How did you implement the RB...

Giepie

The router I need to get it working on is 3.10, but I have also tried on 3.20 (which I have on most of my routers)

Giepie

Hi albertdal The content field will block all packets which contain the word "facebook". Allthough it's not the best thing to do, I tried it, but it can't block encrypted packets. I'm specifically looking for a way to block certain websites on the URL level as with some cheap off-the-shelv...

Giepie

Hi all I've been using the webproxy method to block sites for a while now, but it only work for http traffic on port 80. I'm trying to block secure sites eg https://login.facebook.com. I added this rule: /ip proxy access add dst-host=login.facebook.com action=deny But, I don't get any hits on it. Th...

Giepie

Hi all Great news! Netcash replied to me with the following message: "Hi Giepie, Many thanks for your enquiry and for your enthusiastic support for Netcash on the forum and I will be only too happy to contact the necessary individuals at Mikrotik as requested. However, I do need to point out th...

Giepie

Hi uldus I sent an email to Netcash requesting some info. I also asked for them to send a mail to support at mikrotik dot com. I sent them the link of this thread incase they wish to join the forum. Unfortunately I have not used Netcash before as User Manager doesn't support it, thus I can't give yo...

Giepie

I fully agree with andreacoppini (post regarding difference with connectors) I think antA: ufl and antB:SMA would be a great solution. Ubiquity cards are already much larger than normal cards so miniPCI placement would have to be rethinked on future RouterBoards ANYWAY, why not plan ahead by going t...

Giepie

The MT P2P rules work on the Layer 7 protocol. Layer 7 protocols are established connections, and due to the connections being established already, you can't route it as you'd be breaking the connection. The only solution I know works, is as follow: Route ALL traffic to one gateway(1). On that gatew...

Giepie

I don't want to hack UM. I wanna create my own "User Manager". My task is to create application which is better than User Manager. I don't know how to pull information from MikroTik. Later I want to to use some kind of CMS application. You're making me think of a old friend who planned on...

Giepie

I'm sure the CPU would be able to keep up with that amount of users, but you may need more storage space for logs etc. On about 100 users over a period of a year, my UMDB grew to about 40MB. Maybe this could give you some sort of indication on potential disk space required. Currently I run UM on a R...

Giepie

custom 3rd party, would be great, since i'm living in South Africa, and none of those payment modules support South African places. Want to make use of http://www.netcash.co.za CC API I second Jeeva in this request. Netcash is the only payment gateway aimed at the smaller service provider. Paypal i...

Giepie

Are you getting a BLACK email or BLANK email? If the email is BLACK, I don't believe the problem is with the script. The mail shouldn't be blank either. Perhaps put some text in the body field of the /tool e-mail command and see if it makes any difference.

Giepie

Hi KameelperdZA! (vanaf 'n donderstormende weskaap!) I would like to help you with your problems. I am still using the same script (perhaps a few additions and modifications) and it works with all versions except MTROS4B. Could you perhaps give some more info on what exactly isn't working, and perha...

Giepie

Hi xordi

Sorry for sending a public message, but could you please send me an email at: giepie [at] itblanket [dot] net
I'd appreciate it a lot.

G

Giepie

That only apply to UM4+

If you have a spare router/PC, try MT4 Beta, the interface looks very nice, although it's not yet ready to be used in production

Giepie

Hi I missed your last reply You should also add wlan1 (or whatever your wireless distribution interface is called) to the bridge. Then it's a good idea to also add a DHCP Client to the bridged interface so you can access it using it's IP address: /ip dhcp-client add interface=bridge1 disabled=no Tha...

Giepie

Do you want to use the second MT as a repeater in the house? Please give some more info. If it's a inhouse repeater, you could use the second MT in bridged mode and setup a DHCP-Client on the bridge interface. That way the router will have also have internet access, plus you can access it on the dhc...

Giepie

Hi pjotr What exactly isn't working with your script? Are you aware of the fact that the SAIX IP address have changed? SAIX recommends you use smtp.saix.net instead of it's IP, as certain segments of their network resolve to different addresses. If your problem is that the script won't send out the ...

Giepie

Mike

I think you should post your MT config here

It could be some DNS issue, or like I said, if you're doing loadbalancing, or routing local and international traffic differently, it could have an affect on certain PC's

Giepie

ONO

Was worth a try

I'll see what I can do!

I'm actually busy with something really interesting which will raise eyebrows regarding Mikrotik!

Thanks man!

Talk again soon!

Giepie

Thanks Normis!

I uploaded a new Vid to TikTube, hopefully I'll get a free L6 license

G

Giepie

That is rather interesting... I'm actively monitoring users I know use ShareAZA and other edonkey etc applications. I have never picked up any loose traffic (ie random ports) on my higher priority lines. On the other hand, as a fail safe, I do block P2P on the higher dedicated lines. (I have a MT on...

Giepie

I have done it this way: /ip firewall mangle add p2p=all-p2p action=mark-routing packet-mark=p2ppacketmark Then I setup a static route to route the P2P in whichever direction. I also have a dedicated P2P line using "cheaper" bandwidth to help save costs, but more importantly, give higher t...

Giepie

Everything is written in the manual or in quick setup guide http://www.mikrotik.com/documentation/rosmE.pdf /ip address add address=78.138.29.170/29 interface=internet /ip route add gateway=78.138.29.169 /ip dns set primary-dns=83.229.88.30 To add to what mrz said, you should do the following tests...

Giepie

I believe Microsoft updates mainly does two things: 1) Break stuff that was working before 2) Make your computer run slower Both of those are great if you bill clients by the hour to fix, but it cause headaches if it's your own systems. MS likes to make you believe they do "security" "...

Giepie

Hi guys I tried finding my answer in the forums and license page, but I'm not 100% sure. I would like to transfer a Level6 license from a x86 router to a RB600 based router. Is there any way of doing or requesting this? The L6 license is currently on a 4GB CF card, and my original idea was to use it...

Giepie

Hi Serge Is it possible with the new UM to add more variables? I'm specifically trying to add a secondary E-Mail address to a client's profile (one to send usage statistics to and another to send invoices to). It is also crytical for me to have more variable fields for scripting purposes. Currently ...

Giepie

LEt's simplify: I run wireless community network. It is open, meaning, there are no restrictions for users to connect. However, I've set network to recognize registered members from visitors. Registered members get static IP leases, and guest get IP's from the pool. Network is subnetted, and any re...

Giepie

same user for each subnet I admit that I missed this part of the problem. You're right, that does complicate things... the only approach that I can think of to address this would be to not specify an IP in usermanager, and then set up a static ip reservation to that MAC in each of the (2) different...

Giepie

Hi pedja In UM it is possible to make use of IP pools. On each NAS (Network Authentication Server) or Mikrotik, you could use the same IP Pool name, but with a different IP range. The other option is to specify a default IP pool to be used ON the NAS, and not type anything in the Client IP or Client...

Giepie

First of all, open Winbox Terminal on your User Manager server, or simply connect to it using a Telnet program. Then go to "/tool user-manager log" and type "print". Look in the log for any authentication attempts and paste on the forum. Are you sure the IP address of the NAS (PP...

Giepie

After the upgrade, didn't your PPPoE Servers perhaps jump to your ether3, and when you dial your ADSL it actually connect to a PPPoE server running on ether3? The only way this could happen is if you have a PPPoE secret which is the same as your ADSL account. What IP's do you hand out to your client...

Giepie

Do you have any other IP's on that interface, and perhaps in that 10.x.x.x range?

Please give us a bit more info on your setup

Giepie

I added the same rules from CLI on a RB532A running 3.10, and it definitely comes as 0.0.0.0/0. Did you perhaps upgrade from 2.9, or was that a clean MTROS3.x installation? My RB532A was upgraded regularly throughout all the 2.9.x ranges up to 2.9.50 and then straight to MTROS3.0, then 3.4 I think a...

Giepie

Hi Alex It really is weird that the router reboots! The only funny thing I can see in your rules are the to-address. Usually 0.0.0.0 would be entered as 0.0.0.0/0 and not 0.0.0.0-255.255.255.255. I haven't tried it your way, but don't really want to risk a router rebooting. Perhaps you should mail t...

Giepie

Hi Alex Yes, according to your explanation you should use ether1's IP. If you have more than one address on that interface and still not sure what address to exclude, you could setup an IP address list (/ip firewall address-lists) with all IP's ON your CORE router, and choose =! <ip-address-list-of-...

Giepie

Now its making much more sense, thanks! It's interesting that only D-Link causes that to happen. Although I really don't like sh1tlink products at all, I can't see how the problem could be with specifically D-Link... Are you by any chance using load balancing on your system? Utilities making use of ...

Giepie

I have done personal tests on RB133 and RB133c's and you get a stable 14mbps throughput. Above that other factors like interference causes the throughput to play yoyo. The actual problem here is that the RB crashes (or CPU skyrockets) as soon as a wireless card is installed. I'm merely stating the p...

Giepie

The Processor doesn't have much to do with your problem.

A RB133 is capable of doing up to 14mbps of total throughput, as long as you don't have resource intensive tasks running like queues, proxy etc.

Giepie

If you really wish to find the virus, I might have a good suggestion. If not already using the world's best antivirus (Avast), install it on a PC connected to the backend of your network (ie, the PC is not behind it's own NAT firewall or something). Disable al Windows firewalls on that PC so the the...

Giepie

If you wish to make a point to point link for your backbone links, you should use bridge to bridge. For clients you should use ap-bridge on the highsite and station at the clients.

bridge->bridge = point to point
ap-bridge->station = point to multipoint

Hope this helps

Giepie

Now we still don't know how your setup works. Is the D-Link installed inside your computer? (Sorry, I'm not familiar with D-Link as I had too many problems with it). Is the D-Link connecting to a highsite (in client mode), or is it distributing signal locally at your house (AP mode) and you connect ...

Giepie

You could do it that way, but some clients like static IP addresses and use any DNS server they can think of. Then they complain to you about bad service, meanwhile the problem is on their side. I prefer to FORCE everyone to use the DNS I want them to use. If you setup your CORE/DNS router to use it...

Giepie

Yes, I forgot to mention that!

Giepie

I agree with jorj. It is not a good idea to have the same address for 2 bandwidth sources. I would suggest making ISP 1's ip eg 1.1.1.254/24 and ISP 2's IP eg 1.1.2.254/24 on your routers connecting to your ISP's. You could add static routes to route two hardly ever used IP's via both ISP's. (eg, ro...

Giepie

Hi headstrong I have a general "rule of thumb" way of setting up all highsites/relay sites. Say we have the setup where we have one server room, one highsite, a smaller relay site and a client connected via PPPoE. SERVER ROOM/MAIN SITE: BANDWIDTH ROUTER(ADSL or whatever): IP Address: 192.1...

Giepie

Is it at all possible to disable your masquerading rules for 10min and testing your DST NAT rule then? I am not sure what your interfaces are called and does, so I can't say for sure if it would help. What I would suggest, of possible, is to disable all NAT rules and only enable the rule you are try...

Giepie

The simple queue monitors both outgoing and incoming traffic between the router (the interface you choose) and the target address. If you don't specify an interface, you in some cases find that the incoming and outgoing traffic seems to be the same. That is because the same traffic is counted on mor...

Giepie

If you do a traceroute to that PUBLIC IP, does the trace actually go via the router you are doing the routing on? And if you do a trace to the IP of the internal server, does the traffic also go via the router you are doing the routing on? It sounds like all your traffic might not go via that router...

Giepie

-76dBm is a better signal than -84dBm.

Does your signals go down to -84dBm when your problem occurs, or does it go up to -76dBm?

Giepie

Could you post them on the WiKi and place the direct links here? Then we go back to the original topic again!

Sorry guys!

Giepie

Could you paste the queue list from your CLI?

Giepie

also note what power supply you are using and whether its going via POE and the distance. It could have to do with voltage drop to the routerboard. I can't think of any other reason. Have you tried upgrading to the latest ROS?

Giepie

Hi Bill

Thankx for the useful link. I am not from an RF background and am always very happy to learn from RF people! I consult with some RF friends whenever I'm unsure, as they almost forgot years ago what we still have to learn!

Re, G

Giepie

Hi Joe

It's our pleasure to serve you

Yes, if your harddrive packs up, it will cost you $10US for a replacement key. Always a good idea to have a backup drive handy grr.

Have you considered making use of RB600's, perhaps with a daughterboard?

Have a good one! G

Giepie

I also use log entries, and specify variables so I can see the variables's actual values at that time eg:

:log info "The A variable's value is: $a and B Variable's value is $b"

This is extremely useful when working with foreach, while, etc loops

Giepie

I'm sure you didn't make a mistake, but are you sure theres not perhaps a MAC filter somewhere locking you out?

Otherwise I really don't know! Thats probably why I moved away from Shinaio completely

Verskoon die Afrikaans!

Giepie

It is a good idea to block these UDP and TCP ports: 135, 137, 138, 139 and especially 445 on all highsites. They have to do with Netbios and file shares (SAMBA). Most worms and some trojans use these ports to find their way to other open shares, even if nothing is open they still manage to flood you...

Giepie

Hi trs

I think we both are correct. Perhaps we should wait for him to reply so we can see exactly what he means

Giepie

To block ALL P2P:
/ip firewall filter> /ip firewall filter add action=drop p2p=all-p2p chain=forward

To block all udp except port 53:
/ip firewall filter add action=drop protocol=udp port=!53 chain=forward

Giepie

This should do it:

http://wiki.mikrotik.com/wiki/Nstreme_dual_Step-by-Step

Giepie

This should do it: :log info ("Creating router Backup") /system backup save name="email"; /tool e-mail send to="user@domain.co.za" from="router@domain.co.za" server=<your smtp IP> subject=([/system identity get name] . " Backup " . [/system clock get...

Giepie

Omni's are well-known for picking up static and blowing your wireless card. The card will still work, but very poorly. Omni antenna's are NOT DC grounded, even though some less experienced sales people might tell you they are. The best would be not to use an Omni, rather use some sectors, or ask an ...

Giepie

We are willing to help, but need some info from you first Could you paste your attempts so we could have a look at them? Please indicate which interfaces and addresses are connected to what and where it needs to forward. The easiest is to go to the terminal screen and to type: /ip firewall nat print...

Giepie

Perhaps your screensaver is using a lot of resources....

Are you sure there's no traffic passing through the router on other interfaces? The CPU usage shouldn't go up when idle.

Giepie

Usermanager is still under development. Currently it's not possible to have a backup UM, or to even loadbalance to another UM.

You can backup your userdatabase and restore to another router, but it doesn't backup your users's usage, only the attributes such as rate limits, IP, Pool, user/pass etc.

Giepie

Remember the upgrade from 2.8 to 2.9 and 2.9 to 3 is a very big upgrade. When going from 2.8 to 2.9 we also had many things that wouldn't upgrade. It's always a good idea to install new hardware and make sure everything is working fine in the lab. You could now either install the new router you conf...

Giepie

Hi

did you ever manage to resolve your problem?

I am willing to give you a hand where I can. I'll do my best to help you with the language boundary

G

Giepie

Do you really need the hotspot to run on both interfaces? Cant you setup the hotspot interface as a hotspot, and the other interface as a normal AP (no hotspot) and use WEP encryption on it? All you need in that case is an IP address on the interface and a DHCP server for that interface. Be sure to ...

Giepie

Where do you see this error?

Please provide us with more info!

Giepie

I never had the need to add a ACL to limit all, I only use default forwarding, but it's possible to work. Try 00:00:00:00:00:00:00 and see what happens. Be sure to first set it to enable all users (or simply disable the interface), and make sure your own MAC is right to the top of the ACL list in or...

Giepie

Does your hotspot users connect to this interface?:
Wlan (atheros 5114 - 192.168.5.2) IN AP BRIDGE MODE SIRVING 10 CLIENTS APs

I missed the last line of your post regarding hotspot users.

Giepie

You gave very little information, but from what I can see your client probably connects using a 2.4GHz AP/Bridge, and you have default forwarding on on your highsite. I suggest disabling default forward on your 2.4GHz distribution interface, and make sure all Access List entries are also set to not ...

Giepie

The DNS settings specified during your hotspot setup will be used as your primary setup. Since you installed 3 hotspot interfaces with a different DNS server for each of them, it probably changes your primary DNS at random. I usually use these firewall dst-nat entries to force all tcp and udp ports ...

Giepie

Won't the MT connect to the Senao, or does it connect but not pass DHCP/Traffic? What you said in the forum should really work, it is rather odd. You didn't by any chance setup the Senao to use WPA instead of WEP? One more thing I can think of, is that if you're using a 802.11b Senao AP (Prism2/2.5 ...

Giepie

Hi I also use MT for my DNS. At the end/core router I have a dst-nat rule which targets ALL port 53 UDP and TCP ports and dst-nat it to that router's address. Under I have two dst-nat firewall rules, one for port53 UDP and one for port53 TCP. It dst-nat all DNS requests to that router's IP. I have s...

Giepie

You should really use dedicated backbone links

You can also add an ACL entry, and set authentication=disabled for that entry. Do not disable the ACL rule itself, set the authentication flag / tickbox to disabled/off.

Giepie

If you remove your PC Box's default gateway, can you then ping the MT box and the ADSL router? If not, the problem is on your PC, but I doubt it. I would really suggest adding another ethernet interface on your MT and connect your PC to that interface with a DHCP server. From what you wrote in your ...

Giepie

More than willing to help

Giepie

When you say signal grows, do you mean it becomes weaker or stronger? Be a bit more specific on your power source and what wireless cards you are using.

Giepie

Are any of your interfaces bridged together?

Please give us more info on your configuration

Giepie

Linux and MT doesn't like booting from secondary IDE ports. It will always look for the bootloader on the primary master IDE device.

Giepie

If you REALLY want to use loadbalancing, why not use MT instead of third party loadbalancers? Search for the ECMP script on the MT WIKI. I do not trust loadbalancing. I make use of src-routing and dst-routing, much more stable and reliable. I reckon loadbalancing is fine for WISPS with fewer clients...

Giepie

You should assign the IP to the BRIDGE interface and not the ether1 and wlan1 interfaces. You only need one IP. I suggest adding 192.168.5.254 on the bridge interface, and set your pool to hand out 192.168.5.10-.250. Reconfigure your DHCP server, and make sure to only use ONE DHCP server on the BRID...

Giepie

Have you tried other cards? Was it perhaps a R52H? I had similar problems with a R52H, but when replacing it the CPU was fine again. Only difference was I only had the one card installed, disabled works fine, enabled, no go.

Giepie

Brilliant script!!!

Congrats man!

I'll be sure to use it soon.

G

Giepie

Your problem is the RB133's CPU being way to slow to handle the DUDE. I had DUDE running fine on a RB532A, but as my configuration grew, it started crashing until it wouldn't work at all. Best is to run DUDE on a PC based router, or Windows PC. If you use DUDE for notifications, I wrote a script to ...

Giepie

It seems the SMTP server is not reachable. Go to the CLI (terminal) and go /tool e-mail send to=x@x.com from=y@y.com subject"hello" body="hello again" server=your_smtp_server

See if the same error occurs

Giepie

Hi

You were right trying to access the DUDE from your DUDE CLIENT on your PC. The default DUDE password is blank and username is admin.

Giepie

It seems MT doesn't like addresses like ::/3

Did you type ::/3 in the destination field, or did it happen some other way?

Giepie

Hi there I honestly have no idea how to break the file up in chunks or what the maximum variable size is. I have similar questions, as for now my scripts are running smooth, but I'm afraid that I might run into the same problem once the files get much bigger. The only solution I can think of is to t...

Giepie

Hi

I tried this which worked:
set [find name="queue1"] disabled=no

Then I tried this which didn't work:
set [find queue=default-small/default-small ] disabled=yes

It could be a bug...

I used ROS 3.10

Giepie

You should search under failover scripts. Many people wrote scripts for this purpose. You could always adopt it to your needs. The command you need to run in your script, is something like: /ip address set [find name="interfacename'] interface=ether1/wlan2/pppoe-out1 Try and write a script from...

Giepie

Some boards doesn't switch themselves off upon low voltage. I'm not sure about RB133's, but I know RB112's doesn't switch off, resulting in the voltage regulator packing up. RB532's 600's and I suspect most new boards have protection for this by turning off the board completely until there is suffic...

Giepie

Are you installing ROS using netinstall or a CD?

When installing using either of the above settings, the CF card will be formatted automatically (upon package selection) and everything should be done for you.

Could you be more specific on what you are doing?

Giepie

Why not use different IP Pools, one for Public IPs and one for Local IPs. In Usermanager (or your RADIUS server), specify from what pool the user needs to get an IP address. I tried figuring out what exactly it is you wish to accomplish by reading all your settings. Is there any specific reason for ...

Giepie

We really need more info, but it could be that your routers are running one of the first ROS3 or even ROS3 BETA versions, and they were known to be very slow when logging into Winbox. Perhaps open Winbox and wait until the windows are loaded, or Winbox freezes. You could also TELNET into the router,...

Giepie

Have you tried DUDE 3 beta 7/8 yet? Although it's still in BETA, it is really stable and many functions have been fixed.

Giepie

It's really hard to say what exactly could have caused it. Did you perhaps update that router without restarting straight away?

Please give us more info on what happened (what you or someone configured or did on the router) before the restart which didn't work as expected.

G

Giepie

How are you attempting it? I suspect you have scripts to backup your userdatabase and import it to the other router. If that is the case, remember that only usernames, passwords, comments, shaping info, private info, IP's, IP Pools etc will be exported/imported. Your clients' actual usage will not b...

Giepie

In that case I would rather do the following: Create an IP list under ip/firewall/addresslists which contain all the clients you wish to control's source IP's. Then create a firewall rule which drops that addresslist (if the firewall rule is on, those IP's are blocked, if firewall rule is disabled, ...

Giepie

Yes, it is by far better to use dedicated links. For example: BACKBONE to HIGHSITE: use 2x 5.8 grids pointing to each other YOUR HOUSE to HIGHSITE: use a sector on the HS and a grid at your house HIGHSITE to CLIENTS: use grids at clients and sector on HS The routing is really not difficult once you ...

Giepie

Can anybody say why there is no syntax highlighting in the editor an why you don't get ANY information why a script isn't running? :wink: Is there a hidden feature to get debug informations ? Heiko Hi Heiko Unfortunately there is no debugger or syntax highlighting in the editor. I have also request...

Giepie

I fully agree with Hilton

Never ever ever try these dangerous stunts on a live system! Or you will get your fingers burnt!

Giepie

More info is needed

What happens when you use another kind of AP/bridge?
Are you connecting to your own network, or are you the client of another WISP and connecting to their highsite?

Please give us more info

Giepie

This would be nice, but the solution MT has for this problem is to make use of an external SysLog server. The DUDE does offer this functionality, allthough I haven't tried it yet.

G

Giepie

A dynamic queue is created upon authentication of the PPPoE session. Dynamic entries can never be changed, only removed. It would be nice if UM could kick a user when rates are modified from the UM GUI. Perhaps another button which says SAVE AND KICK instead of only SAVE on the UM GUI. I normally ki...

Giepie

When a user gets an IP from the Hotspot DHCP server, what DNS servers are they getting? Are they getting the propper DNS settings or not?

Giepie

The address that needs to be typed in under /router on your UM, is the address from which the NAS (Network Authentication Server or remote hotspot in your case) will use to authenticate itself on the RADIUS/UM. The simplist way of finding out what that address is, is to login to your hotspot using W...

Giepie

Hi Nathan

Please make sure that the PATA drive is the primary drive on the primary IDE interface when installing. Linux and MT doesn't like running of secondary interfaces and also not when it used to be primary and is now secondary.

Please let us know if it works

Giepie

Hi spire

Do you mind posting your fixes so others might also be helped?

thanx! G

Giepie

The address you are trying to access, is it accessible from that PC? What happens if you try to do a tracert to it? From what I can figure out, you are trying to access the internal address of your wireless network, but you are connected via internet and not your own network. If this is true, you'll...

Giepie

You have to "kick" the active user. Try this command: /ppp active remove [find name="farqad"] This will only work if the user is connected to the site where the script is run from. You could use the :if command to first see if the user is actually online, but the above script sho...

Giepie

Hi kamal I'm trying to figure out if your clients can't authenticate during night time, or whether they do authenticate but just can't browse. Does it happen to all your clients or only some of them? If the users can't authenticate during night time, what happens to users who was already authenticat...

Giepie

Who ever said our industry is easy? :D I am very skeptical and careful when upgrading any MT. I only upgrade when I need a new feature or when something isn't working as expected.My rule of thumb is to upgrade highsites at a time where it will be possible to "quickly" go out and fix if nee...

Giepie

First of all, if you wish for the MT to dial out, the Zyxel router needs to be set to BRIDGE mode and the correct VPI/VCI/Encapsulation settings. If you cant get the above to work, you could always forward all incoming traffic on your Zyxel router to your MT. First try setting the Zyxel to bridge mo...

Giepie

It is likely a bad signal problem. Please let us know what the signal strength's of all connected clients are and which one is giving the problem. Also give us the signal level on both sides (both the highsite and client side). Do you have clear line of site (LOS) from the problem site to your highs...

Giepie

I suggest changing your DST Nat rule so it doesn't cache your router's IP:

/ip firewall nat add chain=dstnat dst-port=80 dst-address=!192.168.1.254 action=dst-nat to-ports=8080

(Where 192.168.1.254 is your router's IP). You could also make use of an address list.

Giepie

I suspect your error message was: Authentication Failed, RADIUS time-out AFAIK you can't specify the RADIUS server as 127.0.0.1. Open the terminal window (from THAT router), type: "/users active print". It will show all active users. Find the active user using TELNET and see what that addr...

Giepie

/ip firewall nat add chain=dstnat dst-address=0.0.0.0/0 dst-port=807 action=dst-nat to-addresses=PUBLICIP to-ports=1433

That should do it!

Giepie

Hi ntmanxp Perhaps you misunderstand the concept of PPPoE The LOCAL address on your profile is in fact the default gateway your PPPoE Clients will obtain. I suggest using eg 192.168.0.254 for the LOCAL address. For your clients' IP pool, use 192.168.0.1 to 192.168.0.253 and use that in your profile ...

Giepie

Are you using burst on your queues?

Giepie

The best is to have default authenticate setting OFF and adding each client's MAC address manually in the access list. Then you can disable a certain MAC manually. What is the reason for not wanting weaker signals to connect?

Giepie

Is there a reason for using WDS other than saving on hardware?

I strongly suggest using dedicated backbone links and routing your network properly.If I'm missing your point, please explain your network in a bit more detail.

G

Giepie

Hi Egate I agree, it could be confusing. I spent a good few hours on it the other day. You have to specify on what interface you'd like the queue to monitor. And remember, if you have a 0.0.0.0/0 monitor on a certain interface, all queues below that one on the same interface will not count anything....

Giepie

The source code for UM is unfortunately not open. Your best bet would be to use FreeRADIUS or similar. Otherwise, make use of UM and use some scripts you could easily find on this forum. Why would you like to create your own UM? Is it to modify your GUI, or do you need to add certain features?

Giepie

Hi w2jo Remember when restoring a backup, your exact settings will be transferred. Since the address you added before restoring the backup was NOT on the previous router, it will be cleared together with any other settings and ONLY the backup's settings will be restored. Lucky for us Winbox now has ...

Search found 432 matches