Community discussions

Search found 435 matches

  • 1
  • 2
by lastguru
Thu Mar 09, 2017 6:06 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45514

Re: Statement on Vault 7 document release

They get shell access by exploiting an unknown vulnerability. But the funny part is, we as the owner of these devices with full privileges doesnt have any shell access to play with :) It is time for mikrotik to step up and give us a basic shell where we can check suspicious files etc.. As @nuclearc...
by lastguru
Mon Dec 14, 2009 8:43 pm
Forum: General
Topic: Problem with hotspot after upgrade to 4.3
Replies: 10
Views: 1832

Re: Problem with hotspot after upgrade to 4.3

It just happened for me. I recreated /radius entry and left out "Called-Id" - and it started to work. It probably needs a bit more investigations from mikrotik.
by lastguru
Tue Jun 10, 2008 1:03 am
Forum: General
Topic: virtualization
Replies: 60
Views: 21844

Re: virtualization

i386 do support virtualization - there is just a larger overhead handling VM exceptions than on the processors supporting VT feature.
by lastguru
Tue Jun 10, 2008 12:56 am
Forum: Beginner Basics
Topic: While Web Proxy gets fixed, what can I use?
Replies: 11
Views: 2584

Re: While Web Proxy gets fixed, what can I use?

There is also Squid for windows...
by lastguru
Tue Jun 10, 2008 12:53 am
Forum: Beginner Basics
Topic: Slow browsing due to HotSpot?
Replies: 11
Views: 8574

Re: Slow browsing due to HotSpot?

HotSpot will use the proxy even if it is disabled (it is not actually disabled for the HotSpot): - walled garden uses ir regardless of the configuration; - if advertisement is enabled, then it is also used; - universal proxy feature catches all user requests if proxy configuration is detected for th...
by lastguru
Tue Jun 10, 2008 12:42 am
Forum: General
Topic: limit connections to 50 per user
Replies: 8
Views: 1755

Re: limit connections to 50 per user

why do they connect to the gateway?

As for the extemption, put an accept rule for that kind of traffic before the connection limit
by lastguru
Tue Jun 10, 2008 12:39 am
Forum: General
Topic: Default Gateway Pingable yet MT Won't Gateway To World
Replies: 6
Views: 1032

Re: Default Gateway Pingable yet MT Won't Gateway To World

I see two default gateways there: 0 S ;;; DEFAULT GATEWAY dst-address=0.0.0.0/0 gateway=10.0.0.13 interface=Network gateway-state=reachable distance=1 scope=30 target-scope=10 1 ADS dst-address=0.0.0.0/0 gateway=192.168.1.1 interface=Network gateway-state=reachable distance=0 scope=30 target-scope=1...
by lastguru
Mon Jun 09, 2008 10:36 am
Forum: Beginner Basics
Topic: Training
Replies: 4
Views: 1337

Re: Training

Well, there are three options: - online courses (I have no idea how the certification would work in that case) - come to MUM or other international seminars (see training.mikrotik.com for the complete list). I will be having one of those next week, you are welcome to join ;) - you can hire some trai...
by lastguru
Mon Jun 09, 2008 10:12 am
Forum: General
Topic: Calea?
Replies: 4
Views: 889

Re: Calea?

I have done that long time ago (about the time calea appeared in ROS) and it worked fine for the test setup. The target machine was a regular PC with some average specifications. Fortunately, never had the need to deploy this in a production environment :)
by lastguru
Mon Jun 09, 2008 10:04 am
Forum: General
Topic: limit connections to 50 per user
Replies: 8
Views: 1755

Re: limit connections to 50 per user

The second value (32) in that "connection-limit" property defines the netmask of limitation. In other words, for your setup each of the /32 clients (effectively, each IP) will have the limitation set to 50 connection, which is exactly what you want to achieve.
by lastguru
Mon Jun 09, 2008 9:05 am
Forum: General
Topic: Default Gateway Pingable yet MT Won't Gateway To World
Replies: 6
Views: 1032

Re: Default Gateway Pingable yet MT Won't Gateway To World

could you post a complete routing table. interface and address lists could also be important.
by lastguru
Sun May 25, 2008 8:12 pm
Forum: General
Topic: Routing question!
Replies: 5
Views: 1016

Re: Routing question!

Did you add routes on both of the APs for the others' networks? like on AP .6 to the clients that are connected to the AP .10
by lastguru
Sun May 25, 2008 4:07 pm
Forum: General
Topic: Packet flow, queue tree mangle bug or something else
Replies: 10
Views: 1552

Re: Packet flow, queue tree mangle bug or something else

there is no difference, you just have to mind changing addresses, that's all
by lastguru
Sun May 25, 2008 4:01 pm
Forum: General
Topic: getting address from bgp and use it in firewall
Replies: 1
Views: 614

Re: getting address from bgp and use it in firewall

route filters can set routing-mark, which can later be checked in firewall filters. you can play with that.
by lastguru
Sun May 25, 2008 3:56 pm
Forum: General
Topic: ARP manlge
Replies: 1
Views: 668

Re: ARP manlge

bridge dst-nat can reply on ARP requests with some MAC address you set, but unfortunately cannot change IP address of the request
by lastguru
Sun May 25, 2008 3:39 pm
Forum: General
Topic: Split NAT and Not NAT
Replies: 3
Views: 993

Re: Split NAT and Not NAT

action=accept in the nat
by lastguru
Thu May 22, 2008 5:45 am
Forum: Beginner Basics
Topic: Winbox on Linux?
Replies: 47
Views: 129807

Re: Winbox on Linux?

Remember, Wine Is Not an Emulator ;) As for performance, it's very good (except for initialization when it loads libraries in the RAM)
by lastguru
Thu May 22, 2008 5:39 am
Forum: General
Topic: LIVE On-Line Mikrotik Training Series Now Available
Replies: 6
Views: 1521

Re: LIVE On-Line Mikrotik Training Series Now Available

Just as with any other respected certifications, MikroTik certification is only available for specially administered classes, not online.
by lastguru
Thu May 22, 2008 12:12 am
Forum: General
Topic: Bridge filtering?
Replies: 1
Views: 586

Re: Bridge filtering?

All traffic that comes through a bridge (as opposed to forwarding between the clients of the same AP), like in your configuration, between two WDS or between a WDS and an ethernet, can be filtered. check bridge filter menu to see the options
by lastguru
Wed May 21, 2008 11:06 pm
Forum: General
Topic: Mikrotik Certification test
Replies: 89
Views: 34770

Re: Mikrotik Certification test

If there is enough demand to assemble a group of 10+ participants, you can talk with independent trainers (me, for example; you can drop a line to lastguru [at] gmail.com) to make training and certification at your location. I do not mind going to UK or Serbia, because, just as Normis said, the trav...
by lastguru
Wed May 21, 2008 7:51 pm
Forum: General
Topic: International Training in Latvia: Traffic Control/HotSpot
Replies: 1
Views: 770

International Training in Latvia: Traffic Control/HotSpot

I am happy to announce that an intensive 3-day training course will be held in Riga, Latvia on June 18-20, covering Traffic Control (dhcp, proxy, firewall, queues) and User Management (PPP tunnels, HotSpot, UserManager) topics. As the course is updated to the RouterOS version 3, not only new users, ...
by lastguru
Fri Oct 19, 2007 9:23 am
Forum: General
Topic: bgp multihop error " no route to host "
Replies: 20
Views: 3366

Re: bgp multihop error " no route to host "

what version are you using? maybe send support-output to support?
by lastguru
Thu Sep 13, 2007 3:00 pm
Forum: RouterBOARD hardware
Topic: RB133 Hardware I/O lines available under ROS
Replies: 3
Views: 1200

Re: RB133 Hardware I/O lines available under ROS

User LED and Beeper can be controlled as well. And you can trace the high voltage fan signal to the controller, which receives a smaller voltage, not the input power...
by lastguru
Thu Apr 05, 2007 6:00 pm
Forum: General
Topic: MME routing protocol?
Replies: 8
Views: 4685

this is a protocol similar to b.a.t.m.a.n. . you can look it up in google.
by lastguru
Thu Jul 06, 2006 2:27 pm
Forum: General
Topic: Beta Software
Replies: 4
Views: 2287

That page for a 2.9 beta version you found is OLD-OLD-OLD, and does not contain any valid links...
by lastguru
Wed Jul 05, 2006 4:30 pm
Forum: General
Topic: QoS on incapsulated traffic
Replies: 6
Views: 1354

well... why would one need a tunnel if that allowed to control the traffic inside? no, there is no way to distinguish the traffic inside the tunnels, except on the endpoints of the tunnel
by lastguru
Tue Jul 04, 2006 11:17 am
Forum: RouterBOARD hardware
Topic: Proper Grounding of RB
Replies: 3
Views: 1928

The middle mounting holes of the RB500 (mounting holes next to U25 and U6 markings) should be connected to ground. Typically, they should be mounted with metal spacers to a metal case or backplane that is grounded.
by lastguru
Mon Jul 03, 2006 5:32 pm
Forum: The User Manager
Topic: 2.9.27 released
Replies: 4
Views: 2984

2.9.27 userman is up now. you can try to upgrade
by lastguru
Wed Mar 15, 2006 1:24 pm
Forum: General
Topic: Security Issue
Replies: 9
Views: 2292

i hope it will not put you in that list... (it actually might, as you cannot predict timing)
by lastguru
Wed Mar 15, 2006 12:28 pm
Forum: General
Topic: Security Issue
Replies: 9
Views: 2292

well... i do not like that idea, since not alwas you will be the first of that one per 10 seconds... in other words, you may block yourself that way.
by lastguru
Tue Jan 31, 2006 5:35 pm
Forum: General
Topic: Simple queues
Replies: 3
Views: 1270

Re: Simple queues

Then at the end of the queues we set up a catch all queue to catch any other traffic so that our customer can't pick a different unshaped IP in the block and get more speed. 31 name="CatchAll" target-address=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all queue=Ether-Day-Business priority=8 limit-at=...
by lastguru
Fri Jan 27, 2006 1:30 pm
Forum: General
Topic: MSN Messenger disconnecting
Replies: 24
Views: 3629

I just have a rule to priorize the MSN...
just one rule to prioritize something would have the exact opposite effect, as all the unqueued traffic goes as highest priority. you need a second queue for everything else with low priority.
by lastguru
Fri Jan 27, 2006 1:18 pm
Forum: Wireless Networking
Topic: Security, WEP, WPA, what works?
Replies: 7
Views: 2383

are you sure they get hacket unintentionally? maybe they wanted it to be? ;)
by lastguru
Wed Jan 25, 2006 7:19 pm
Forum: General
Topic: Bypass Simple Queues
Replies: 1
Views: 1177

tree queues, if placed correctly, will overide simple queues.
by lastguru
Wed Jan 25, 2006 6:41 pm
Forum: The Dude
Topic: Syslog Daemon
Replies: 3
Views: 3694

use unix/macos maybe...
by lastguru
Tue Jan 24, 2006 12:36 pm
Forum: RouterBOARD hardware
Topic: Red + blue LED's on ... no connect to mikrotik :(
Replies: 5
Views: 2083

disconnect serial cable, and try once more...
by lastguru
Mon Jan 23, 2006 6:53 pm
Forum: The Dude
Topic: Support for radius packet of disconnection ( POD )
Replies: 3
Views: 2198

mikrotik supports CoA (change of autorization), which can disconnect clients. i am not sure if this is the same thing,...
by lastguru
Mon Jan 23, 2006 5:47 pm
Forum: General
Topic: De-Authenticate Hotspot user after using 10GB Monthly
Replies: 2
Views: 941

hmm... i think it is lready there, check out the user and user profile properties, i remember seeing this parameter there.
by lastguru
Mon Jan 23, 2006 5:43 pm
Forum: General
Topic: Can't access real address from fake address in the same NIC.
Replies: 9
Views: 1839

/ip firewall nat add chain=srcnat src-address=192.168.0.2 action=masquerade comment="" disabled=no
try specifying output interface, and see wat happens
by lastguru
Mon Jan 23, 2006 5:29 pm
Forum: General
Topic: Mark routing locally generated traffic (like web-proxy)
Replies: 8
Views: 4145

please post the complete output of "/ip route pring detail" and "/ip firewall mangle print"
by lastguru
Thu Jan 12, 2006 6:18 pm
Forum: General
Topic: RouterBOARD 532 + Atheros Ar5413 + NL-2511MP PLUS
Replies: 1
Views: 1292

rb500 can surely transmit more than 16Mbit/s
by lastguru
Wed Jan 11, 2006 2:16 pm
Forum: Wireless Networking
Topic: Great signal, stays connected but pings time out
Replies: 14
Views: 3306

LoL, no, i mean to type "viri"
incorrect again. the most probable plural ir "vira". "virus" is a neuter gender, but -i plural is used for masculine nouns. "viri" is a singular genetive of "virus"

http://en.wikipedia.org/wiki/Plural_of_virus
by lastguru
Wed Jan 11, 2006 12:59 pm
Forum: General
Topic: More than one packet/connection/routing mark per packet?
Replies: 2
Views: 1101

each packet may only carry one packet mark, one connection mark and one routing mark, all previuos ones are overwritten. in most cases you may workaround this by assigning combined marks. for example, one check means packetmark "a", other check sets packetmak "b". if both checks succeed, you may put...
by lastguru
Wed Jan 11, 2006 12:44 pm
Forum: Wireless Networking
Topic: Great signal, stays connected but pings time out
Replies: 14
Views: 3306

the plural virii is that of the nonexistent word virius
by lastguru
Tue Jan 10, 2006 1:48 pm
Forum: RouterBOARD hardware
Topic: Lame question (really fast answer need)
Replies: 3
Views: 1410

null-modem is like crossover: it has transmitter on one side connected to receiver on the other
by lastguru
Mon Jan 09, 2006 12:07 pm
Forum: Wireless Networking
Topic: noise floor threshold
Replies: 2
Views: 1625

the card does not provide such information as noise level. and noise treshold is the maximal nose level, the card will transmit on.
by lastguru
Thu Jan 05, 2006 6:39 pm
Forum: General
Topic: Request for Sample config. file for RouterOs + freeradius
Replies: 1
Views: 1202

yeah, it would be great if somebody put this in the wiki.
by lastguru
Wed Jan 04, 2006 1:22 pm
Forum: Wireless Networking
Topic: Mikrotik seems to ignore radius response
Replies: 13
Views: 4867

if he is not using PAP authentication, then secrets are only checked on reply, so the server may accept the authentication even though it will not be accepted by the router.
by lastguru
Wed Jan 04, 2006 11:29 am
Forum: Wireless Networking
Topic: Mikrotik seems to ignore radius response
Replies: 13
Views: 4867

do the RADIUS secret on the router match the one of the RADIUS server?
by lastguru
Tue Jan 03, 2006 3:00 pm
Forum: General
Topic: How to forward http ?
Replies: 4
Views: 1552

read up un destination NAT
by lastguru
Tue Jan 03, 2006 2:57 pm
Forum: General
Topic: p2p shaping on 2.9.10 using mangle/queues
Replies: 3
Views: 1282

global-in does not "see" the marks mange is putting in forward
by lastguru
Tue Jan 03, 2006 11:56 am
Forum: Wireless Networking
Topic: Frequences
Replies: 2
Views: 1099

mt wireless manual has links to PDFs of the actual standards.
by lastguru
Mon Jan 02, 2006 3:23 pm
Forum: General
Topic: mangle and queue with htb
Replies: 4
Views: 1602

please describe also, what were you trying to do, and what results did you have
by lastguru
Thu Dec 29, 2005 12:25 pm
Forum: General
Topic: Dynamic VPN PPTP & IP Pools?
Replies: 10
Views: 3886

do you hae any NAT on that router, or somewhere in the middle? if yes, then enable gre and pptp conntrack helpers in /ip firewall service-port
by lastguru
Tue Dec 27, 2005 3:13 pm
Forum: General
Topic: installing MKTK in SUN Ultra 20
Replies: 3
Views: 870

if you do not have "legacy" option in your bios, you will probably have to use dedicated ATA or SATA card for PCI bus, they are very cheap.
by lastguru
Tue Dec 27, 2005 2:27 pm
Forum: Scripting
Topic: how to put text scripts for firewall rule [Blok list]??
Replies: 13
Views: 5616

I have just tried it now but the system put does not match any value of file-name [admin@MikroTik] file> /import sexlist input does not match any value of file-namet i also treid this /import file-sexlist "sexlist" is the name of the file please can u give me the correct syntex Thanks for ur help U...
by lastguru
Tue Dec 27, 2005 1:24 pm
Forum: Wireless Networking
Topic: Strange reboots during some kind of traffic
Replies: 4
Views: 1314

try enabling them one by one.
by lastguru
Wed Dec 21, 2005 1:31 pm
Forum: Scripting
Topic: Malware and Bogon scripts
Replies: 6
Views: 5576

thanks, that's great! one side note: we are usually not sigining the pages as it is all written in the history page.
by lastguru
Wed Dec 21, 2005 12:58 pm
Forum: The Dude
Topic: In export config are all password readable !
Replies: 3
Views: 3216

will be fixed (read-only users will not be able to export-import config)
by lastguru
Wed Dec 21, 2005 11:56 am
Forum: RouterBOARD hardware
Topic: How to trigger the activity LED on the RB532?
Replies: 7
Views: 2731

these are hardwired to the minipci slots
by lastguru
Tue Dec 20, 2005 3:26 pm
Forum: General
Topic: Ares 1.8.8 NOT BEING DROPED
Replies: 3
Views: 1040

the filter seem to be only able to drop connections to server (i.e., running new downloads, doing searches). when you are connected and download is in progress, the rule will not have any effect, unfortunately
by lastguru
Tue Dec 20, 2005 3:17 pm
Forum: General
Topic: Wired WDS?
Replies: 1
Views: 2502

just use bridge.
by lastguru
Tue Dec 20, 2005 1:28 pm
Forum: Scripting
Topic: Malware and Bogon scripts
Replies: 6
Views: 5576

is this info added to the wiki? ;)
by lastguru
Mon Dec 19, 2005 3:02 pm
Forum: Wireless Networking
Topic: Mikrotik with Linksys WRT45G or WRT54GS
Replies: 5
Views: 4228

??? :shock:
i think a misunderstanding has happened: "work with" vs. "run"...
by lastguru
Thu Dec 15, 2005 12:02 pm
Forum: Wireless Networking
Topic: Atheros 5114 chipset, which card?
Replies: 4
Views: 1399

what is AR5114 chipset? and where did you hear such shings? i think CM9 worked with narrow channels...
by lastguru
Wed Dec 14, 2005 12:42 pm
Forum: Wireless Networking
Topic: SRx's and compression
Replies: 6
Views: 2098

doesn't it support that already?
by lastguru
Tue Dec 13, 2005 10:54 pm
Forum: General
Topic: Dlink DFE-580
Replies: 5
Views: 1277

it looks like this card has unstable PCI bus connection, which will hang your PCI bus after some time under high load. i am not sure if watchdog will be able to help you, you can try it... but the best solution is just through it away. use RouterBOARD or Intel multiport cards - they are stable.
by lastguru
Tue Dec 13, 2005 10:51 pm
Forum: General
Topic: Configuration Problem
Replies: 77
Views: 23439

yes, it is called parent-proxy
by lastguru
Thu Dec 08, 2005 1:59 pm
Forum: General
Topic: Connecting to a DSL modem in bridge mode
Replies: 9
Views: 1663

interface ethernet blink
by lastguru
Mon Dec 05, 2005 2:44 pm
Forum: General
Topic: Anyone pushing more than 100Mbps on GigE?
Replies: 18
Views: 4374

weren't jumbo-frames already supported on some cards (like Intel)?
by lastguru
Mon Dec 05, 2005 2:12 pm
Forum: General
Topic: Configuration Problem
Replies: 77
Views: 23439

routeros does not support software and so-called-hardware RAID controllers, which require additional drivers. transparent (true hardware RAID) controlles do not need any additional support from OS, are completely undetectable for it, and thus are supported by any OS, including RouterOS.
by lastguru
Wed Nov 30, 2005 1:04 pm
Forum: General
Topic: SSH Login: One login failure for every successful login?
Replies: 2
Views: 831

Not a bug.
most SSH clients try out empty passwor first to prompt you for one. So the first failure is empty password.
by lastguru
Thu Nov 24, 2005 6:42 pm
Forum: General
Topic: Step by Step Idiots Guide
Replies: 10
Views: 1929

connect keyboard and monitor. if it shows login prompt, write there usernae "admin" and press [enter] key when asked for password. if it does not show the login prompt at all, tell us what happens on the screen.
by lastguru
Thu Nov 24, 2005 3:28 pm
Forum: General
Topic: Step by Step Idiots Guide
Replies: 10
Views: 1929

but first to do this you need a winbox tool itself. i suppose you can get one from demo2.mt.lv
by lastguru
Thu Nov 24, 2005 1:55 pm
Forum: General
Topic: Could I change the MAC address of vlan interface?
Replies: 1
Views: 893

VLAN is just a tag for a packet, not a full-fledged tunnes, so it does not contain any MAC address information. In other words, it cannot be changed on individual VLANs. However I believe there is a workaround, though: the bridge firewall is able to change MAC addresses depending on VLAN ID (in "/in...
by lastguru
Tue Nov 22, 2005 12:09 pm
Forum: RouterBOARD hardware
Topic: Ip Telephony on RB532
Replies: 2
Views: 1434

telephony support has just never been there for RB500...
by lastguru
Mon Nov 21, 2005 6:29 pm
Forum: The Dude
Topic: Dude usage notes in WIKI
Replies: 3
Views: 2459

Dude usage notes in WIKI

The latest (however, not very up-to-date) version of the Dude usage notes is on the mikrotik wiki: http://wiki.mikrotik.com/wiki/Dude_usage_notes . We will try to update some information there, but you are also weclome to contribute.
by lastguru
Mon Nov 21, 2005 12:49 pm
Forum: General
Topic: Limiting small packets
Replies: 4
Views: 1132

and also, what are these packets? ports, source/destination... maybe you have identified the cause, or at least the protocol...
by lastguru
Mon Nov 21, 2005 12:34 pm
Forum: General
Topic: Issues with NAT
Replies: 25
Views: 9181

one of the possible solutions is to use internal address inside, and external - from other networks. another solution is to put src-nat on router for these requests, to that the server would believe the requests are coming from the router. Concerning your other solution, I already have this: 0 src-...
by lastguru
Thu Nov 17, 2005 7:52 pm
Forum: General
Topic: vajadzig biks palizib...
Replies: 5
Views: 3352

kads lielakais no kadiem mazakiem ?
varbuut Internet?
by lastguru
Thu Nov 17, 2005 7:40 pm
Forum: General
Topic: Issues with NAT
Replies: 25
Views: 9181

ah, the second question is a common enigma ;) when you are requesting page by its external address, it gets dst-natted and resent to the local server address. now the server wants to send a reply and goes through its routing table to find out how to send it out, and discovers the reply may be sent d...
by lastguru
Thu Nov 17, 2005 4:40 pm
Forum: General
Topic: Issues with NAT
Replies: 25
Views: 9181

for the first problem - add "protocol=tcp"
by lastguru
Wed Nov 16, 2005 12:34 pm
Forum: General
Topic: application examples / scripts WIKI
Replies: 16
Views: 4116

Re: Hello

I have been busy lately so I had to stop for a while, but now I will dedicate some time to get it done. I hope I can than upload the booklet. Can that be done Normis? what do you mean by upload? if that will be a .doc document, then it should not go to the wiki. I would suggest you to start writing...
by lastguru
Wed Nov 16, 2005 11:52 am
Forum: The Dude
Topic: Can it run as Service?
Replies: 2
Views: 2000

AFAIK, no, but you can use tools such as SrvAny to start any program as a service
by lastguru
Tue Nov 15, 2005 4:41 pm
Forum: General
Topic: cannot login with serial consol or lan
Replies: 3
Views: 891

The RouterBOARD manual has a known-to-be-good full null-modem cable pinout. I have a cable made after that design on my desk, and it is working flawlessly (if it does not, try playing with flow-control option of your terminal program). Also, for the RB500, the default bitrate is 115200.
by lastguru
Mon Nov 14, 2005 1:42 pm
Forum: General
Topic: Saved password in winbox.cfg
Replies: 4
Views: 9075

How would you imagine that? If they are encrypted and decrypted by the same software, there is no point of that, and also note that the passwod is to be used for authentication, and this task requires a plain-text password to be available on the local machine
by lastguru
Thu Nov 10, 2005 12:56 pm
Forum: General
Topic: SR5 and 230 RB ........ safe ???
Replies: 3
Views: 921

What horror stories are you talking about? Do card die and return at night as zombies? :twisted: Please explain.
by lastguru
Tue Nov 08, 2005 11:03 pm
Forum: General
Topic: ISDN Drivers not available
Replies: 4
Views: 927

install isdn package
by lastguru
Tue Nov 08, 2005 4:55 pm
Forum: Scripting
Topic: Hotspot: Get file through ftp and execute it's commands
Replies: 4
Views: 1432

and why can't the server just connect to the router and do what it please?
by lastguru
Thu Nov 03, 2005 10:02 pm
Forum: General
Topic: domain redirect in MT
Replies: 1
Views: 664

i think i have described how to do that yesterday. please see my last posts, I am too lazy to chack them myself :)
by lastguru
Thu Nov 03, 2005 2:47 pm
Forum: General
Topic: What is "route rule configuration" in 2.9.7?
Replies: 3
Views: 859

these should be almost the same as in 2.8. manual will be updated in few days to cover this feature
by lastguru
Thu Nov 03, 2005 2:44 pm
Forum: General
Topic: One Time Homepage redirection
Replies: 4
Views: 1246

it is just a matter of modifying the servlet pages. you can make them to autologin each user with a given username and follow the link you decide after the login procedure (i.e., they open any page, hotspot overtakes, automatically logs the user in, and shows another page). it is also possible to po...
by lastguru
Thu Nov 03, 2005 2:12 pm
Forum: Scripting
Topic: Dynamic DNS from behind NAT
Replies: 31
Views: 7164

I am known to be the greatest magician of 'em all :D can your gateway have a dns name (any name, for example, literally "my.domain")? on any dns server, even in itself. the main point is to get it to reply its IP with dns protocol. if it is possible to do that, then make the MT resolve DNS through t...
by lastguru
Wed Nov 02, 2005 8:13 pm
Forum: General
Topic: One Time Homepage redirection
Replies: 4
Views: 1246

try looking at hotspot for this functionality
by lastguru
Mon Oct 31, 2005 4:08 pm
Forum: General
Topic: Filter Incoming Web Site connection to Server
Replies: 4
Views: 1304

Andrew, I doubt it could be made the way you probose because you probably break the TCP connection. The HTTP header is transmitted after the TCP connection is established. What can be done is to separate by domains. I.e., register multiple domains with the same IP address, then setup MT as a proxy o...
by lastguru
Mon Oct 31, 2005 3:49 pm
Forum: RouterBOARD hardware
Topic: Graps not stored on disk
Replies: 15
Views: 3966

indeed it is normal (although I always thought you need to power-cycle the device to reset the clock, but I am not 1000% sure, though) as RB500 lacks the battery-sustained RTC support, so you have to use NTP.
by lastguru
Fri Oct 28, 2005 7:40 pm
Forum: General
Topic: WHat is the Best ethernet interface card
Replies: 13
Views: 2567

and what is the point of decreasing speed?
by lastguru
Thu Oct 27, 2005 7:02 pm
Forum: General
Topic: Custom Kill Command ?
Replies: 3
Views: 961

what do you mean by "kill" hotstop user? if you want to log him out, try CoA (change of authentication, or something like that) feature in radius
by lastguru
Thu Oct 27, 2005 6:58 pm
Forum: Scripting
Topic: bantwidth limit per connection
Replies: 4
Views: 1738

no, you shouldn't ;) , you should read the queue manual. But if you absolutely want to ask, ask in the general networking forum.
by lastguru
Thu Oct 27, 2005 1:58 pm
Forum: General
Topic: [req] 2.9.6 spyware n virus ports
Replies: 21
Views: 3504

thx andrew....!
i ve blok every port except 80 for http..!
the script is like this

ip firewall>add src-address=10.10.0.0/16 dst-port=!80 action=drop chain=forward

why is port 80 also drop....?
because you did not specify the protocol
by lastguru
Thu Oct 27, 2005 1:24 pm
Forum: Scripting
Topic: bantwidth limit per connection
Replies: 4
Views: 1738

this is done with a Per-Connection Queue, not scripts.
by lastguru
Wed Oct 26, 2005 3:16 pm
Forum: General
Topic: WHat is the Best ethernet interface card
Replies: 13
Views: 2567

if you just need a NIC that works, you can use Realtek. For performace and stability use Intel, preferably, Gigabit card.
by lastguru
Tue Oct 25, 2005 4:23 pm
Forum: General
Topic: Compact Flash on /dev/hdc
Replies: 3
Views: 853

please try the latest version of 2.9 and report back. if that will not work, you can try the method which should have worked since version 2.8 - install the routeros in the same configuration you will be using it, i.e., if you use it as sec. master, install it as sec. master.
by lastguru
Tue Oct 18, 2005 1:15 pm
Forum: General
Topic: How to Upgrade without Buy Again and again...
Replies: 13
Views: 2781

simply upgrade the 2.8 software to 2.9 software. to upgrade the software version, upload the new NPK packages to the router with FTP and then reboot the router. it will be upgraded. you do not need to buy a new license! by the way, 2.8.9 was released in April 2004, which is 1.5 years ago. It is not...
by lastguru
Mon Oct 17, 2005 6:33 pm
Forum: General
Topic: Small (but useful!) feature request, move.
Replies: 2
Views: 2281

I doubt this feature would be added in the near future, but you can print out the list selectively. for example, you can print the list without the dynamic interfaces like that:

print from=[find dynamic=no ]
by lastguru
Mon Oct 17, 2005 3:51 pm
Forum: General
Topic: Hot Spot, error messages language...
Replies: 4
Views: 823

it is not possible in 2.8, use 2.9
by lastguru
Fri Oct 14, 2005 1:30 pm
Forum: General
Topic: Configuration Problem
Replies: 77
Views: 23439

I like the analogy with paper letters in these cases: 1. inbond load balancing. can you expect letters to be delivered by different mailmen depending on what colour you paint your mailbox and how wide and deep you make it without prior agreement with the post office? 2. inbond queue. can you limit o...
by lastguru
Fri Oct 14, 2005 12:27 pm
Forum: Wireless Networking
Topic: Wirelles prism 2.5 isolation on AP
Replies: 2
Views: 1460

see the "default-forwarding" parameter
by lastguru
Thu Oct 13, 2005 12:17 pm
Forum: Scripting
Topic: How to get registered-clients number in a script
Replies: 10
Views: 4365

and what does the console say to you?
by lastguru
Thu Oct 13, 2005 11:53 am
Forum: Wireless Networking
Topic: 129 Km Link
Replies: 26
Views: 9835

what kind of antenna are you using?
by lastguru
Wed Oct 12, 2005 4:49 pm
Forum: General
Topic: Bridge translating addresses (NAT/mapping/masquerading) ????
Replies: 7
Views: 1554

I think it is possible to do that using ip firewall nat, although this would only apply to IP traffic (if that SMB is not nun on NetBEUI, which nowadays is very unlikely; and if you do not have any IPX/SPX equipment, like legacy Novell Netware products (I think the new NetWare abandoned the IPX/SPX)...
by lastguru
Fri Oct 07, 2005 10:13 pm
Forum: The Dude
Topic: How to upgrade or uninstall The Dude?
Replies: 2
Views: 5926

stop the local dude server first (you can do it from the dude client)
by lastguru
Thu Oct 06, 2005 8:22 pm
Forum: Wireless Networking
Topic: How to reconfigure Mikrotik Wireless with RouterBoard 230
Replies: 9
Views: 3022

you should not loose the license if you simply reinstall the router. just remember not to use lowlevel disk tools, lke fdisk for it: the routeros installer is the only thing you will need.
by lastguru
Thu Oct 06, 2005 1:14 pm
Forum: Wireless Networking
Topic: How to reconfigure Mikrotik Wireless with RouterBoard 230
Replies: 9
Views: 3022

no, you cannot change or reset password.
by lastguru
Wed Oct 05, 2005 6:23 pm
Forum: Wireless Networking
Topic: How to reconfigure Mikrotik Wireless with RouterBoard 230
Replies: 9
Views: 3022

straight cable will not work, you need nullmodem cable (in other words, crossover) which has its TX and RX wires (as well as some other wires also) crossed
by lastguru
Tue Oct 04, 2005 8:15 pm
Forum: Scripting
Topic: detecting first day of month
Replies: 9
Views: 2760

check system date perhaps...
by lastguru
Tue Oct 04, 2005 7:54 pm
Forum: Scripting
Topic: != Bug?
Replies: 4
Views: 1786

find command may only check equasions (i.e., whether the value of the given property is equal to something). please use something like that:
:foreach i in=[/interface find] do={:if ([/interface get $i type] != "ether") do={ :put $i}}
by lastguru
Tue Oct 04, 2005 7:35 pm
Forum: RouterBOARD hardware
Topic: led management
Replies: 2
Views: 1562

a bit inconsistent, but there is a "/blink" command
by lastguru
Mon Oct 03, 2005 7:30 pm
Forum: General
Topic: natting on bridge
Replies: 1
Views: 700

natting is possible on the bridge, there is IP natting (which does not, or at least should not, change MAC address on the paket forwarded through the bridge) configurable in regular IP firewall, as well as MAC nat configurable within the bridge submenu. Note that MAC nat lacks connection tracking.
by lastguru
Mon Oct 03, 2005 3:33 pm
Forum: Wireless Networking
Topic: Mikrotik Stability in Geode Board with limited RAM (32MB)
Replies: 5
Views: 2195

well, it should be fine. without tunnels, extensive queues, firewall, BGP the router will run happily even in 32MB.

but i would not suggesst to use 2.8 at all :) , everybody should upgrade to 2.9
by lastguru
Fri Sep 30, 2005 5:06 pm
Forum: Wireless Networking
Topic: Mikrotik Stability in Geode Board with limited RAM (32MB)
Replies: 5
Views: 2195

newer version, 2.9 works very good on 32MB of memory. It has special optimization to minimize memory footprint
by lastguru
Fri Sep 30, 2005 1:13 pm
Forum: General
Topic: Prioritizing Skype - How to?
Replies: 3
Views: 2498

actually you can in 2.9 check packet size and connection size. don't know whether it will help to identify skype connection, though.
by lastguru
Fri Sep 30, 2005 12:49 pm
Forum: Scripting
Topic: 2 ISP
Replies: 10
Views: 3613

no, Christian, wrong, you should probably fix your browser or install additional fonts ;) this is Chinese...
by lastguru
Wed Sep 28, 2005 11:53 am
Forum: General
Topic: blocking clients with static ip
Replies: 4
Views: 1442

no, you should configure dhcp server accordingly (this configuration is only valid if the dhcp server and the gateway are in fact one machine; we will have to think of something else if this is not the case). i think there is a config option for dhcp server to add arp entries automatically for each ...
by lastguru
Tue Sep 27, 2005 4:58 pm
Forum: General
Topic: blocking clients with static ip
Replies: 4
Views: 1442

set arp mode on the interface to the reply-only
by lastguru
Tue Sep 27, 2005 4:56 pm
Forum: General
Topic: Mikrotik keeps writing to disk... :-/
Replies: 21
Views: 4432

Yeah, so everybody should upgrade ;)
by lastguru
Mon Sep 26, 2005 4:53 pm
Forum: General
Topic: sangoma settings problem.
Replies: 16
Views: 2516

... it can be even cheaper to have external DSL modem that an internal card, IMHO
by lastguru
Fri Sep 23, 2005 2:14 pm
Forum: General
Topic: Configuration Problem
Replies: 77
Views: 23439

thanks Eugene! i shall give it a try. :wink:
it is not recommended to use this 580TX adapter as it has been proved to lock up the system under more than minimal load.
by lastguru
Thu Sep 22, 2005 1:32 pm
Forum: General
Topic: 2 gateway in HOTSPOT
Replies: 9
Views: 1771

I think it is possible with policy routing. i have successfully forgot previous versions, and actually only aware of the latest one, but I think it is also possible in 2.8 to specify a separate address pools for different user profiles. now place these two users in two different profiles and set a p...
by lastguru
Thu Sep 22, 2005 1:21 pm
Forum: General
Topic: packet sniffer and filter (v2.8)
Replies: 3
Views: 1149

If im not too tired right now - I believe dhcp is not ip ...
Sam, you are tired. DHCP is a UDP protocol.
by lastguru
Thu Sep 22, 2005 1:04 pm
Forum: General
Topic: Mangle Reliability Question
Replies: 3
Views: 1007

try 2.9.4
by lastguru
Wed Sep 21, 2005 8:30 pm
Forum: General
Topic: explanation idle timeout keepalive timeout
Replies: 6
Views: 29690

:?: :?: :?:
in other words, idle timeout checks traffic, keepalive timeout checks availability. if user is online but is just not sending./receiving anything, he may reach its idle timeout. keepalive timeout may only be reached if client is physicaky disconnected or turned off.
by lastguru
Wed Sep 21, 2005 8:25 pm
Forum: Scripting
Topic: firewall rule disable script
Replies: 3
Views: 1901

it is written allover this place, and the manual... numbers may only be used after print command. in scripts please use find command to point on the particular rule.
by lastguru
Fri Sep 16, 2005 12:35 pm
Forum: Wireless Networking
Topic: [Help] Does RouterOS support Dual Band Wireless Card ?
Replies: 1
Views: 1675

it is not possible to have one card work on two bands simultaneously (at least none of the current production cards support this). this card can work on either 2.4 or 5 ghz band. i think the documentation of this cards states this clearly enough.
by lastguru
Thu Sep 15, 2005 5:58 pm
Forum: General
Topic: Winbox Memory/Uptime/CPU load display 2.9.2
Replies: 1
Views: 905

click on the place you see these graphs on demo2.mt.lv, you will see a menu there.
by lastguru
Wed Sep 14, 2005 8:54 pm
Forum: General
Topic: ROUTING-TEST Disappeared in 2.9.2? HELP!
Replies: 7
Views: 3407

maybe use system upgrade feature? it will select the needed packages for you from your local ftp server if you put a newer version there.
by lastguru
Tue Sep 13, 2005 12:40 pm
Forum: Wireless Networking
Topic: RB500 and Nstreme slowness
Replies: 32
Views: 8106

Hi, WDS is easier to set up, and allows bridging of the WDS interface with the ethernet. I recommend this. EOIP I tried early on, it caned the CPU on the slow Geode-based system, and the advise from MT was not to use it. Not sure how that looks on an RB532, but assume it still takes up a lot more C...
by lastguru
Mon Sep 12, 2005 7:49 pm
Forum: General
Topic: DNScache: allow-remote-requests Help??
Replies: 1
Views: 1124

Re: DNScache: allow-remote-requests Help??

Hi, I have read the manual and used the search function but found no real help. What does the "allow-remote-requests" on/off switch mean? Is a remote-request a dns request coming in from WAN port? Is a remote-request a dns request coming in from LAN port with destination dns server in the internet ...
by lastguru
Mon Sep 12, 2005 7:44 pm
Forum: General
Topic: Duplicate MAC Addresses
Replies: 5
Views: 2666

Re: Duplicate MAC Addresses

I have a Media Access Control (MAC) address conflict with another router in the network. Is it possible to change the address in the 2.8.28 RouterOS? The MAC addresses are assigned to the NIC in the motherboard, and I do not feel to rip it out and replace it with a new one. Thanks in advance. It is...
by lastguru
Mon Sep 12, 2005 6:53 pm
Forum: General
Topic: Traffic shaping with HTB. Need help.
Replies: 4
Views: 1324

the htb is already there, you do not nees to enable it. the queue hierarchy is built with htb. the queue type you are to specify there is only useful for leaf queues (i.e. such queues which do not have any child-queues), and specify the algorithm of how the packets will be stored in memory.
by lastguru
Fri Sep 02, 2005 2:49 pm
Forum: General
Topic: Hotspot Radius Support
Replies: 2
Views: 946

Re: Hotspot Radius Support

The ROS 2.9 documents (http://www.mikrotik.com/docs/ros/2.9/guide/aaa_radius)
said Radius Rate-Limit Attributes only used with ppp.
rate-limit should be usable also for hotspot.

the manual does not say that it is for PPP only anymore :)
by lastguru
Thu Sep 01, 2005 3:36 pm
Forum: General
Topic: Feature request: Advanced outbond load balancing
Replies: 5
Views: 3747

the ECMP cannot break any connecton, as it is not connection-based, but IP-pair based. quick google search finds the following (something similar mentioned in the docs, I believe): Linux kernel performs multipath routing at flow-based principle. "Flow" here means "all connections with same source an...
by lastguru
Tue Aug 30, 2005 8:29 pm
Forum: General
Topic: Seting outside proxy
Replies: 5
Views: 1155

Not-a-bug. source nat looses destination IP address of the request, so the proxy does not know what page do you want to open. local proxy gets that information through internal kernel calls, but there is no way external proxy to know that information. Use local proxy on MT router and configure it to...
by lastguru
Tue Aug 30, 2005 4:08 pm
Forum: General
Topic: new user
Replies: 9
Views: 1894

better upgrade to 2.9, instaed of 2.8
by lastguru
Tue Aug 30, 2005 1:26 pm
Forum: General
Topic: How about renaming this forum?
Replies: 6
Views: 2210

they should. normis once told somebody that they are writing to the wrong forum section if they are asking about 2.9 full release.
by lastguru
Tue Aug 30, 2005 1:24 pm
Forum: General
Topic: Install through USB Pen-drive
Replies: 1
Views: 657

short answer: no.
by lastguru
Tue Aug 30, 2005 12:48 pm
Forum: General
Topic: How about renaming this forum?
Replies: 6
Views: 2210

this is not a 2.9 forum, but rather a beta/rc forum. or do you think 2.9 is the last beta version MT will ever make? :)
by lastguru
Mon Aug 29, 2005 6:32 pm
Forum: General
Topic: Mikrotik doesn't support SATA drives
Replies: 1
Views: 695

yes there is - enable legacy mode in the bios
by lastguru
Mon Aug 29, 2005 3:03 pm
Forum: General
Topic: URL filtering possible?
Replies: 5
Views: 2854

if filtering is just allowing/disallowing, then URL keywords (substrings) may examined by transparent web proxy on routeros
by lastguru
Thu Aug 25, 2005 6:59 pm
Forum: Scripting
Topic: How to schedule by winbox ?
Replies: 12
Views: 4157

can't you just put them sequentially one after another?
by lastguru
Wed Aug 24, 2005 6:31 pm
Forum: RouterBOARD hardware
Topic: Cooling @ RB532 .... 12V on RB532?
Replies: 5
Views: 2460

There is no place you can find 12V on the RB500 board at all, I think not even in power supply.
by lastguru
Wed Aug 24, 2005 12:30 pm
Forum: General
Topic: Compatible IDE controllers?
Replies: 5
Views: 921

Are you sure the issue is the card, and not the BIOS? If it won't allow an init13 boot loader to be loaded, that would cause issues. AFAIK, System BIOS is supposed to run all other PCI device BIOS when it is initializing PCI bus. That way the BIOS of videocard must be run it in order for you to get...
by lastguru
Tue Aug 23, 2005 10:31 pm
Forum: General
Topic: Compatible IDE controllers?
Replies: 5
Views: 921

Re: Compatible IDE controllers?

So we want to put in an IDE controller that will be compatible with Mikrotik. We had a couple old Promise cards lying around, but they cause a Kernel panic when booting to do the install, so I'm assuming they're not compatible. Can anyone recommend some IDE controller cards that will definitely wor...
by lastguru
Tue Aug 23, 2005 4:53 pm
Forum: General
Topic: Native VLANs
Replies: 6
Views: 1605

Basic functionality again... Yes it is possible. Just create the vlan interfaces on ethet1 with the appropiate VLAN IDs, and bride one of them with one of the WLAN interfaces, and the other one - with the second of the WLAN interfaces. Just remember that you can not bridge with WLAN interfaces in st...
by lastguru
Tue Aug 23, 2005 3:42 pm
Forum: Scripting
Topic: How to schedule by winbox ?
Replies: 12
Views: 4157

cant you make two rules: one 10pm-12pm, second from 12pm to 10am?
by lastguru
Wed Aug 17, 2005 7:00 pm
Forum: General
Topic: EoIP tunnel needs packets fragmented?
Replies: 11
Views: 4747

when MTU problems are observed, I usually advise going from 1300 and up to the poing when it stops working.
by lastguru
Tue Aug 16, 2005 1:07 pm
Forum: General
Topic: HOW TO REINSTALL HOTSPOT TO ROUTER?
Replies: 9
Views: 1385

P.S.
if you use 2.8 version, I suggest to upgrade to 2.9 and than make configurations, because HotSpot is differ in this versions.
yeah, and it is also much much easier to configure
by lastguru
Tue Aug 16, 2005 1:05 pm
Forum: General
Topic: How to set user on hotspot without loging
Replies: 6
Views: 1338

maybe MAC login method is what you need? see hotspot manual on this
by lastguru
Mon Aug 15, 2005 3:37 pm
Forum: General
Topic: Radius Auth, limit total time (not session time) in minutes
Replies: 4
Views: 3485

The feature is calles RADIUS CoA (Change-of-Authorization) and is described in RFC3576.
by lastguru
Mon Aug 15, 2005 1:31 pm
Forum: General
Topic: Radius Auth, limit total time (not session time) in minutes
Replies: 4
Views: 3485

maximum uptime is a bit tricky. please think of it: router must not remember any information about radius users between sessions, and router is not able to modify radius datbase, so scripts on the radius server itself must be implemented to decrease the session timeout each time user logs out. radiu...
by lastguru
Fri Aug 12, 2005 5:39 pm
Forum: General
Topic: Instructions for Proxy-ARP without use of PPPoE
Replies: 6
Views: 10074

well, this example is not for pppoe, have you tried this:
http://www.mikrotik.com/docs/ros/2.9/ip ... 5832968955
by lastguru
Fri Aug 12, 2005 1:00 pm
Forum: The Dude
Topic: Where is the dude going
Replies: 16
Views: 5489

me likes the current icons very much. some other suggestions are very interesting
by lastguru
Wed Aug 10, 2005 5:14 pm
Forum: RouterBOARD hardware
Topic: Via c3 mini-ITX - Supported by mikrotik
Replies: 8
Views: 3668

Oh dear, the edit button seems to have vanished ...
appeared back...
by lastguru
Wed Aug 10, 2005 12:10 pm
Forum: General
Topic: How do I use RoutrOS as an Internet Access Manager for wifi?
Replies: 3
Views: 811

Use HotSpot feature for this. see the manual on how to put license agreement instead of login page
by lastguru
Tue Aug 09, 2005 2:51 pm
Forum: General
Topic: Mikrotik users meeting
Replies: 34
Views: 7133

Prague is not in Latvia, but rather in Czech Republic
by lastguru
Fri Aug 05, 2005 2:11 pm
Forum: General
Topic: Change telnet and ssh login prompt
Replies: 4
Views: 1391

you should not get any "mikrotik login" texts over ssh
by lastguru
Tue Aug 02, 2005 8:18 pm
Forum: General
Topic: Per-Packet T1 Load Balancing?
Replies: 2
Views: 839

see "nth" property in firewall manual. you can use it to put one routing mark on the first of each two packets, and another routing mark on the second of them. then use policy routing to reote these packets to different gateways. you should not use source nat in this configuration as this might brea...
by lastguru
Mon Aug 01, 2005 8:14 pm
Forum: General
Topic: can I turn off connection tracking ?
Replies: 3
Views: 1069

turning conntrack off will improve performance. but you will loose NAT (including masquerading), connection marking, connection state matching, P2P matching... and maybe somthing else that i forgot - see the manual for more info.
by lastguru
Mon Aug 01, 2005 8:07 pm
Forum: General
Topic: "login" and "logout" urls
Replies: 7
Views: 9659

that is only a small problem since you may edit the status page that way so it would instantly redirect the browser to the logout page.
by lastguru
Fri Jul 29, 2005 5:16 pm
Forum: General
Topic: Samba over MT?
Replies: 1
Views: 810

no, you cannot install anything on MT. try using FTP or SFTP protocols
by lastguru
Fri Jul 29, 2005 4:54 pm
Forum: General
Topic: Disable logout from Hotspot ??
Replies: 7
Views: 2813

well... of course one thing you can do is to disable completely all traffic from authenticated clients to the hotspotpages at all (not only to logoff page, but also to status page and other) by using "hotspot" matcher ininputchain of the firewall (something like add chain=input hotspot=auth,local-ds...
by lastguru
Thu Jul 28, 2005 6:06 pm
Forum: Scripting
Topic: find command???
Replies: 2
Views: 4621

Re: find command???

/ip address find address=10.0.20.1

it doesn't give me any output...
try something like this:
:put [/ip address find address=10.0.20.1]
(don't forget the colon sign before "put")
by lastguru
Wed Jul 27, 2005 12:43 pm
Forum: Scripting
Topic: 2 ISP
Replies: 10
Views: 3613

抱歉, 我不了解中文
by lastguru
Tue Jul 26, 2005 2:10 pm
Forum: General
Topic: Ping Latency
Replies: 5
Views: 1251

umm... would you like it more disconnecting all the time instead of changing rates? router lowering data rate is caused by bad links, period.
by lastguru
Tue Jul 26, 2005 2:01 pm
Forum: General
Topic: Faster BGP router switching?
Replies: 9
Views: 2330

2.9
by lastguru
Tue Jul 26, 2005 1:29 pm
Forum: General
Topic: Faster BGP router switching?
Replies: 9
Views: 2330

The beta release of the package (yes, it is testing package, that is why it is called "routing-test") is on the web (look inside the "all-packages" archive). The documentation is in works, just as the package itself.

:lol: about "rerouting"...
by lastguru
Tue Jul 26, 2005 1:20 pm
Forum: General
Topic: New Routerboard - Can I use two 5.8 cards and one 2.4 card?
Replies: 11
Views: 1917

You should be able to use two SR5 cards on the onboard slots but then you should not install any other minipci cards. You should also be able to use all 6 standard minipci cards that consume not more than 2W. You can also try to combine something.
by lastguru
Mon Jul 25, 2005 7:53 pm
Forum: General
Topic: Faster BGP router switching?
Replies: 9
Views: 2330

try the routing-test package.
by lastguru
Mon Jul 25, 2005 7:48 pm
Forum: General
Topic: Hotspot Servlet vars (session-id and var)
Replies: 1
Views: 743

If i remember correctly, these variables are derived from the request itself, i.e., if you request tha page containing the variables by specifying the values of these variables in that request, the variable names will get substituted. Though I may be wrong... long time has past since I've known this...
by lastguru
Fri Jul 22, 2005 11:58 am
Forum: General
Topic: Ares P2P not being blocked in 2.9rc7
Replies: 9
Views: 4698

Ares canot be speed-limited, but it should be possible to drop it...
by lastguru
Thu Jul 21, 2005 11:59 am
Forum: Scripting
Topic: [CONTRIB] ssh perl script - automate batch commands *UPDATED
Replies: 41
Views: 24146

Let me give you a one-liner, just in case somebody cares about it:

expect -c "spawn ssh user@1.1.1.1 \"/ip route print\"; expect \"password: \"; send \"userpass\r\"; interact"

Note that the host you are connecting to should be previously added to SSH known hosts. Also note that it is for 2.9 only
by lastguru
Mon Jul 18, 2005 4:31 pm
Forum: General
Topic: battery monitoring
Replies: 2
Views: 894

Serial ports may not monitor voltage - they only have two discrete levels: 1 (higher than 3V) and 0 (lower than -3V). there is also an undefined level (between -3V and +3V), but that can not be read from an application. The only standard port that can read analog values is Game port, but that port i...
by lastguru
Fri Jul 15, 2005 2:46 pm
Forum: General
Topic: Usb Modem
Replies: 3
Views: 765

Well, RouterOS does support USB, just not usb modems. usb keyboards and ethernet cards are supported.
by lastguru
Thu Jul 14, 2005 9:04 pm
Forum: General
Topic: Native VLANs
Replies: 6
Views: 1605

And what is so difficult to understand there? Doesn't the phrase "local default defines the VLAN to which untagged or priority-tagged frames are presumed to belong" mean there is no way to find out which VLAN do they belong except the presumptions administratively put on the port? I repeat once more...
by lastguru
Thu Jul 14, 2005 5:55 pm
Forum: General
Topic: IPV-6 - Paying to get it put in
Replies: 3
Views: 1672

It is planned, but just no exact date has been set for this feature to be added.
by lastguru
Wed Jul 13, 2005 6:13 pm
Forum: General
Topic: How to see what connections are affected with mangling?
Replies: 2
Views: 613

You can mark connection in mangle, and then look up the specified connection mark in the "/ip firewall connection" table.
by lastguru
Wed Jul 13, 2005 4:49 pm
Forum: General
Topic: Reply-Only ARP doesn't work
Replies: 3
Views: 931

What version? Have you tried the latest 2.9 version?
by lastguru
Wed Jul 13, 2005 4:42 pm
Forum: General
Topic: login.html edit prevents user login
Replies: 7
Views: 1403

I have no idea what that netscape tool does. could you compare the document you originally have (unmodified) and the document you get as the result? there are many different comparing tools for windows, or you can just use "diff" command if you use linux/unix. Then see, what has actually happened to...
by lastguru
Wed Jul 13, 2005 4:28 pm
Forum: General
Topic: Native VLANs
Replies: 6
Views: 1605

:?: :?: :?:
Untagged frames have nothing to do with VLAN or that mythical "native VLAN". Untagged means that there is no VLAN tags on the packets, so they are regular Ethernet packets without need to perform anything additional to support them. as they already are standard Ethernet packets.
by lastguru
Tue Jul 12, 2005 9:39 pm
Forum: General
Topic: login.html edit prevents user login
Replies: 7
Views: 1403

Is it possible that you are downloading the pages using HTTP from the router? I have seen similar problems when people hope they can save login.html as it is shown in their broser, then modify it and upload back. You should use FTP to download original pages.
by lastguru
Tue Jul 12, 2005 12:17 pm
Forum: RouterBOARD hardware
Topic: UPS monitoring via USB port on RB2XX?
Replies: 9
Views: 2960

USB APC UPSes are supported in 2.9
by lastguru
Mon Jul 11, 2005 11:57 am
Forum: General
Topic: Hotspot users on ver rc_5 - Use of Zone Alarm etc on clients
Replies: 1
Views: 906

What does that ZoneAlarm firewall say about the hotspot system? maybe inspect logs or something, so that we would know what actions exactly trigger the alarm.
by lastguru
Mon Jul 04, 2005 9:57 pm
Forum: The Dude
Topic: Wine compatibility?
Replies: 12
Views: 4186

it should work under the latest wine version.
by lastguru
Mon Jul 04, 2005 7:07 pm
Forum: General
Topic: Queue precedence
Replies: 4
Views: 1259

It depends... In the same interface, rules put in tree queue are applied first. simple queues are always put in global-in ("direct queue") and global-out ("reverse queue"). that mean that if you put tree queues in queue tree, it is going to be executed first. in other places, both queues are execute...
by lastguru
Fri Jul 01, 2005 2:23 pm
Forum: General
Topic: Web proxy probs?
Replies: 16
Views: 11333

but why on earth does
*lunarstorm* block http://www.lunarstorm.se
while
*snuttis* does NOT block http://www.snuttis.com

What am I doing wrong?? Or is it a......a.....bug??!! :shock: :wink:
well, work for us :) maybe a typo somewhere...
by lastguru
Thu Jun 30, 2005 10:46 pm
Forum: General
Topic: Web proxy probs?
Replies: 16
Views: 11333

OK, more info will be put there shortly (i was sure there have been more examples earlier... weird). for now comments on your config: 1. the URL is a wildcard by default, that is it only supports "*" for any number of any symbols, and "?" for any one symbol. it means that dots "." do not need escapi...
by lastguru
Wed Jun 29, 2005 10:19 pm
Forum: General
Topic: Web proxy probs?
Replies: 16
Views: 11333

Really no-one that uses "URL" to block sites??? If I put a rule in the webproxy like "deny all", I get the Access denied page, but I can not use the URL field? I just upgraded to RC6, but no difference regardning this issue. Maybe the problem is that the field now requires the complete string rathe...
by lastguru
Tue Jun 28, 2005 6:09 pm
Forum: General
Topic: disabling rules by comment beginnings
Replies: 4
Views: 1256

maybe ":pick" command would be of a help here (available in version 2.9 only)?
by lastguru
Tue Jun 28, 2005 2:58 pm
Forum: General
Topic: Hotspot setup on 2.9 rc6
Replies: 1
Views: 814

by lastguru
Mon Jun 27, 2005 1:55 pm
Forum: General
Topic: rc5 - ARP being sent on wrong interfaces! Multihomed
Replies: 9
Views: 2491

ECMP gets sticky just because you are dealing with two gateways and all packets have the possibility of using either gateway. Its not necessarily the local network that causes the problem, its the IM gateways - they do not like to see you switching ips every few minutes. Switching IPs means droppin...
by lastguru
Mon Jun 27, 2005 12:12 pm
Forum: General
Topic: New World Record in wireless transmition
Replies: 4
Views: 1668

What bandwidth (in MHz) did they have to utilize? what distance did they achieve?
by lastguru
Thu Jun 16, 2005 7:04 pm
Forum: RouterBOARD hardware
Topic: Vlan and 802.1Q Tagging
Replies: 1
Views: 1680

Yes!
by lastguru
Thu Jun 16, 2005 11:25 am
Forum: RouterBOARD hardware
Topic: RB18s and such...
Replies: 5
Views: 2956

And also you can use any power supply from a regular PC (you will just have to shorten two pins on the motherboard connector, so that power supply know would switch on - search google for detailed instructions)
by lastguru
Wed Jun 15, 2005 2:05 pm
Forum: General
Topic: queue question
Replies: 5
Views: 1732

Did I tell to look in winbox manual??? Look in the queues manual, my friend...
by lastguru
Wed Jun 15, 2005 1:24 pm
Forum: General
Topic: queue question
Replies: 5
Views: 1732

I suppose it is written in the manual.
by lastguru
Tue Jun 14, 2005 9:52 pm
Forum: General
Topic: Traffic shaping between clients
Replies: 7
Views: 1641

You are true, then they can't communicate, so I don't have anything to control.
Well, you do have - just force them to use different networks (with AP performing routing between them) :)
by lastguru
Tue Jun 14, 2005 3:47 pm
Forum: General
Topic: Traffic shaping between clients
Replies: 7
Views: 1641

What are you all talking about? Since when did queues work between wireless clients of the same AP? As long as there is no routing between them, no queues will work because data stream directly between AP stations is not seen by the router. Router will only see traffic that is routed between differe...
by lastguru
Tue Jun 14, 2005 11:28 am
Forum: General
Topic: Channel Size
Replies: 11
Views: 1945

Surely they do work on 4.9. RouterOS with Atheros cards had support for this for ages (well, maybe for a year or two). And about that bandwidth - nominally (according to standard) it is 20MHz on 5GHz, but no card is perfect (and the magnitude of imperfectness varies from manufacturer to manufacturer...
by lastguru
Mon Jun 13, 2005 7:04 pm
Forum: General
Topic: Blocking known open proxy IPs?
Replies: 14
Views: 3573

Motor Traktoru 2.8.26....
:shock:
by lastguru
Mon Jun 13, 2005 6:20 pm
Forum: General
Topic: Bridging Vlans?
Replies: 6
Views: 1443

Well, they do work properly. The thing is that VLAN frames do not incorporate additional MAC addresses, which render VLAN useless for bridging if it is put on wireless interface in station mode. routing through VLAN should work fine, as well as bridging VLAN interfaces put on wireless AP. If you are...
by lastguru
Tue Apr 26, 2005 8:17 pm
Forum: General
Topic: Full remote controlling
Replies: 6
Views: 1306

Regarding the device you posted - it will probably work, but you have to install a driver on the laptop/PC from which you want to connect to it. There are several "telnet-serial" converters out there - try Google. If you can't come up with something I'll dig my archives... As far as I remember, Mox...
by lastguru
Mon Apr 25, 2005 7:55 pm
Forum: General
Topic: Support for IPSEC accelerators???
Replies: 10
Views: 2776

On Cisco they could probably make a difference as it is not based on PCI architecture. But all MiniPCI cards provide no or little improvement (or even a decrease in spead on fast processors!!!) as all the information has to travel at least 3 times on PCI bus, no matter how fast the device is (and no...
by lastguru
Mon Apr 25, 2005 2:11 pm
Forum: General
Topic: Amplifiers
Replies: 13
Views: 3100

Re: Amplifiers

There are two ways to correct this trouble. Increasing the signal level out on both ends and not amplifing the receive is the best of all worlds. You can do this by using a transmit only amp with no receive amp; none have been built for sale that I have ever seen on the market That's maybe why the ...
by lastguru
Thu Apr 21, 2005 12:18 pm
Forum: RouterBOARD hardware
Topic: RouterBOOT booter 1.0beta3
Replies: 1
Views: 1621

How did you make this image? there are slight notes on how to make this in the latest RB500 manual. I think, it is enough for you to start. If not, see how the reference image is made.
by lastguru
Wed Apr 20, 2005 11:37 am
Forum: General
Topic: New RouterOS Features and new RouterBOARDs
Replies: 38
Views: 10574

The only small foot print board that runs all the way to 165 deg F. is the Inter mini ATX boards. 30 out of 30 have never died for 1 year. The are all running in Death Valley California. The hotest spot in the United States.
So RB500 is also crashing in these conditions?
by lastguru
Tue Apr 19, 2005 4:08 pm
Forum: General
Topic: DNS Cache Issue
Replies: 18
Views: 3657

Wait, do you have anu kind of input/output firewalls? maybe its just that you do not allow DNS access to the router's 53 UDP and TCP pots? Requests to the router IPs and to the 127.0.0.1 should be enabled (as far as i remember, web proxy asks from and to 127.0.0.1 address)
by lastguru
Tue Apr 19, 2005 2:21 pm
Forum: RouterBOARD hardware
Topic: RB 500 ends up in Starting Services..and stays there forever [SOLVED]
Replies: 5
Views: 3892

The RouterBOARD manual ( http://www.routerboard.com/PDF/rb500ugE.pdf ) has just been updated with the following: The bootloader is made so that you must first try a different frequency before it could be set permanently, and if you do not apply a frequency permanently, it would fall back to the prev...
by lastguru
Tue Apr 19, 2005 12:11 pm
Forum: General
Topic: Has Anyone Been Working WithBonding *Feeling black balled*
Replies: 22
Views: 6287

me thinks you can already do it with routeros v 2.9, marking all ack packets in mangle, and then prioritizing them in queue tree. please note that no prioritization will happen if you will not mark and enqueue also everything else except the ack, so at least two mangles and at least two queues would...
by lastguru
Tue Apr 05, 2005 3:12 pm
Forum: General
Topic: Bandwidth tester @ Gigabit line rates
Replies: 7
Views: 1747

IMO you can use these dual-cpu boards with just one cpu installed
by lastguru
Thu Mar 31, 2005 3:20 pm
Forum: General
Topic: Why would I use the new Routerboard?
Replies: 9
Views: 1710

cheaper, faster, smaller, more integrated (no need for additional RAM and CF modules), ...
by lastguru
Wed Mar 30, 2005 7:06 pm
Forum: RouterBOARD hardware
Topic: RouterBoard 532 and CM-9 performances
Replies: 11
Views: 4794

It is better to test the performace through the router, as the bandwidth tester program itself uses some CPU power.
by lastguru
Tue Mar 29, 2005 11:39 am
Forum: General
Topic: IPSec experiences with 2.9.beta15
Replies: 2
Views: 1121

What are those "strange" logs?
by lastguru
Tue Mar 29, 2005 11:37 am
Forum: RouterBOARD hardware
Topic: IDE Master/Slave
Replies: 4
Views: 2220

It is not so much tragic :) If you do not use CF, I am almost sure you can use two HDDs. No need to disable CF. There is no such thing as additional CF controller, just the same wires going to both connectors (with a little additional stuff on CF conector). At least that is how I personally understa...
by lastguru
Tue Mar 29, 2005 1:13 am
Forum: General
Topic: Mikrotik PREROUTING
Replies: 1
Views: 959

PLEASE reread the string you put as an example...
You do not do the PREROUTING - it is just a place where you put something. The thing you add there is DNAT, which is called dst-nat in Mikrotik RouterOS
by lastguru
Tue Mar 29, 2005 12:18 am
Forum: RouterBOARD hardware
Topic: IDE Master/Slave
Replies: 4
Views: 2220

Never tried (and never saw a cable for) connecting two HDDs to that header, but I am full of hopes that it should work as it is just a standard ATA/IDE interface. Another issue you have unconsciously risen is secondary ATA controller existence which is absent on RB200 (well, maybe the controller doe...
by lastguru
Mon Mar 28, 2005 3:54 am
Forum: General
Topic: Policy routing in beta15
Replies: 2
Views: 1302

no - they are just integrated...
put routing marks in mangle, and use them in routing table.
by lastguru
Sat Mar 26, 2005 12:53 pm
Forum: General
Topic: AP-CONFIG---HELP
Replies: 9
Views: 1462

reboot the router after you have uploaded the packages
by lastguru
Fri Mar 25, 2005 9:57 pm
Forum: General
Topic: Layer 2 Isolation for Hotspot users ??
Replies: 8
Views: 5034

I do not know, what other vendors say, I will just tell, what can be done theoretically on the Ethernet network, and what can not. Ethernet is a big mess when it comes to traffic control. Using regular equipment there is no way you can separate those users, as most hubs/switches are designed to conn...
by lastguru
Fri Mar 25, 2005 9:28 pm
Forum: General
Topic: Request : Ability to convert Raw Packet Data into ASCII!
Replies: 8
Views: 2852

The winbox.exe is just a loader - the real stuff is on the router, so upgrading the loader will not add any single feature to the GUI interface
by lastguru
Thu Mar 24, 2005 11:41 am
Forum: General
Topic: PCQ
Replies: 11
Views: 2775

by lastguru
Thu Mar 24, 2005 11:35 am
Forum: General
Topic: NAT issues problem
Replies: 1
Views: 613

This is because the server knows that the address requesting the page is in the local network and tries to send replies directly, not through the router. At least three workarounds posible: 1. Configure internal DNS so that local clients would resolve the DNS name of that server to a private IP 2. P...
by lastguru
Wed Mar 23, 2005 2:00 pm
Forum: General
Topic: Hotspot static IP addresss
Replies: 4
Views: 958

Seems like everybody is talking different problems :) There are two possibilities of changing IP addresses of clients depending on their login name: one in version 2.8, and one in version 2.9 1. Only in 2.8 (well, this method is also present in 2.6 and 2.7, but not in 2.9) there is a dhcp-pool login...
by lastguru
Wed Mar 23, 2005 12:56 pm
Forum: General
Topic: Hotspot Service and PPtP simultaneous ?
Replies: 6
Views: 1258

Usually, HotSpot is working on a particular interface. any tunnel established a new [virtual] interface, so the existing HotSpot should not interfere with these tunnels, imho
by lastguru
Wed Mar 23, 2005 12:50 pm
Forum: General
Topic: Best way to bypass the hotspot
Replies: 4
Views: 3456

You mean that those from 192.168.2.0/24 are still required to authenticate? Did you put this rule to "ip hotspot walled-garden" or to "ip hotspot walled-garden ip"?
by lastguru
Tue Mar 22, 2005 9:00 pm
Forum: General
Topic: Best way to bypass the hotspot
Replies: 4
Views: 3456

In 2.9 hotspot is working completely differently. either "/ip hotspot ip-binding" or "ip hotspot walled-garden ip" is your friend, I suppose. There is a manual for the new hotspot if you want some weekend reading.
by lastguru
Mon Mar 21, 2005 2:41 pm
Forum: General
Topic: Hotspot Service and PPtP simultaneous ?
Replies: 6
Views: 1258

How would he? I think it is possible to provide him a possibility to connect to the PPTP server, or else he will be obligated to use HotSpot
by lastguru
Mon Mar 21, 2005 2:38 pm
Forum: General
Topic: Radio disables itself sometime
Replies: 4
Views: 1149

The reasom might be all sorts of hardware-related problems. First I would suggest to insert the card in a different slot (and tripple-check that the card has indeed a good contact with the slot)
by lastguru
Mon Mar 21, 2005 1:25 pm
Forum: General
Topic: Hotspot Service and PPtP simultaneous ?
Replies: 6
Views: 1258

I think, yes
by lastguru
Mon Mar 21, 2005 1:08 pm
Forum: General
Topic: connection-limit question
Replies: 26
Views: 9254

0.0.0.0/32 dst address would limit connections to EACH host by x per local IP I do not follow, what makes you think so? The 0.0.0.0/32 source address is for connections that router makes itself, and for which no source address has been determined yet. I have no idea how would the destination of 0.0...
by lastguru
Mon Mar 21, 2005 12:59 pm
Forum: General
Topic: 4 adsl lines as One
Replies: 9
Views: 2475

We can download from the radius servers speed test page at 250KB and a single ADSL line can only get 150KB, so we know the bonding works. In fact if we download from anything in the co-lo it's at least 250KB but if we download from NVIDIA it only gets 80KB. Please give me the address and route list...
by lastguru
Fri Mar 18, 2005 3:07 pm
Forum: General
Topic: 4 adsl lines as One
Replies: 9
Views: 2475

I am not sure I understand your setup and your problem. Is it so that you have one (lets call it "server") location with one interface and one IP on it, and another unit (lets call it "client" here) with two interfaces each connected to a DSL line (both having different IPs)? Now, establishing EoIP ...
by lastguru
Thu Mar 17, 2005 1:19 pm
Forum: General
Topic: Default page change?
Replies: 7
Views: 1618

No. You can either disable it at all, or redirect it to, say, google.com. You can also try some tricks with web proxy (like access lists or parent proxies), but i do not know if it will solve this problem.
by lastguru
Wed Mar 16, 2005 3:44 pm
Forum: General
Topic: New winbox in 2.9beta15
Replies: 16
Views: 4613

Does the term "some" include alphanumeric icons? like numbers and letters... maybe that could be a reasonable solution. maybe it could also be possible to use these "icons" as shorcut keys for that menus...

just a thought :)
by lastguru
Wed Mar 16, 2005 3:08 pm
Forum: General
Topic: Default page change?
Replies: 7
Views: 1618

yeah, and also you can dst-nat all that requests to an internal network server
by lastguru
Wed Mar 16, 2005 1:09 pm
Forum: General
Topic: PCQ
Replies: 11
Views: 2775

quote again from the manual: pcq-limit (integer; default: 50) - how many packets to hold in a PCQ that does not mean speed - that means amount. in pther words, when the queue is already full (i.e., the speed has reached the maximal value, and PCQ is not allowing any more packets to pass), how many p...
by lastguru
Tue Mar 15, 2005 2:56 pm
Forum: General
Topic: PCQ
Replies: 11
Views: 2775

pcq-rate (integer; default: 0) - maximal data rate allowed for each PCQ sub-queue. Value 0 means that there is no limitation set this property sets the maximum for each client in your case. how much network traffic do you have? the number of simultaneous connections may be limited in firewall. plea...
by lastguru
Mon Mar 14, 2005 4:58 pm
Forum: General
Topic: PCQ
Replies: 11
Views: 2775

what classifiers did you use in /queue type? could you please put here the printout from that menu
  • 1
  • 2