Community discussions

Search found 435 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 9
by lastguru
Thu Mar 09, 2017 6:06 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 72
Views: 38919

Re: Statement on Vault 7 document release

They get shell access by exploiting an unknown vulnerability. But the funny part is, we as the owner of these devices with full privileges doesnt have any shell access to play with :) It is time for mikrotik to step up and give us a basic shell where we can check suspicious files etc.. As @nuclearc...
by lastguru
Mon Dec 14, 2009 8:43 pm
Forum: General
Topic: Problem with hotspot after upgrade to 4.3
Replies: 10
Views: 1642

Re: Problem with hotspot after upgrade to 4.3

It just happened for me. I recreated /radius entry and left out "Called-Id" - and it started to work. It probably needs a bit more investigations from mikrotik.
by lastguru
Tue Jun 10, 2008 1:03 am
Forum: RouterOS v6 RC and v7 BETA
Topic: virtualization
Replies: 60
Views: 20901

Re: virtualization

i386 do support virtualization - there is just a larger overhead handling VM exceptions than on the processors supporting VT feature.
by lastguru
Tue Jun 10, 2008 12:56 am
Forum: Beginner Basics
Topic: While Web Proxy gets fixed, what can I use?
Replies: 11
Views: 2438

Re: While Web Proxy gets fixed, what can I use?

There is also Squid for windows...
by lastguru
Tue Jun 10, 2008 12:53 am
Forum: Beginner Basics
Topic: Slow browsing due to HotSpot?
Replies: 11
Views: 8129

Re: Slow browsing due to HotSpot?

HotSpot will use the proxy even if it is disabled (it is not actually disabled for the HotSpot): - walled garden uses ir regardless of the configuration; - if advertisement is enabled, then it is also used; - universal proxy feature catches all user requests if proxy configuration is detected for th...
by lastguru
Tue Jun 10, 2008 12:42 am
Forum: General
Topic: limit connections to 50 per user
Replies: 8
Views: 1559

Re: limit connections to 50 per user

why do they connect to the gateway?

As for the extemption, put an accept rule for that kind of traffic before the connection limit
by lastguru
Tue Jun 10, 2008 12:39 am
Forum: General
Topic: Default Gateway Pingable yet MT Won't Gateway To World
Replies: 6
Views: 889

Re: Default Gateway Pingable yet MT Won't Gateway To World

I see two default gateways there: 0 S ;;; DEFAULT GATEWAY dst-address=0.0.0.0/0 gateway=10.0.0.13 interface=Network gateway-state=reachable distance=1 scope=30 target-scope=10 1 ADS dst-address=0.0.0.0/0 gateway=192.168.1.1 interface=Network gateway-state=reachable distance=0 scope=30 target-scope=1...
by lastguru
Mon Jun 09, 2008 10:36 am
Forum: Beginner Basics
Topic: Training
Replies: 4
Views: 1232

Re: Training

Well, there are three options: - online courses (I have no idea how the certification would work in that case) - come to MUM or other international seminars (see training.mikrotik.com for the complete list). I will be having one of those next week, you are welcome to join ;) - you can hire some trai...
by lastguru
Mon Jun 09, 2008 10:12 am
Forum: General
Topic: Calea?
Replies: 4
Views: 784

Re: Calea?

I have done that long time ago (about the time calea appeared in ROS) and it worked fine for the test setup. The target machine was a regular PC with some average specifications. Fortunately, never had the need to deploy this in a production environment :)
by lastguru
Mon Jun 09, 2008 10:04 am
Forum: General
Topic: limit connections to 50 per user
Replies: 8
Views: 1559

Re: limit connections to 50 per user

The second value (32) in that "connection-limit" property defines the netmask of limitation. In other words, for your setup each of the /32 clients (effectively, each IP) will have the limitation set to 50 connection, which is exactly what you want to achieve.
by lastguru
Mon Jun 09, 2008 9:05 am
Forum: General
Topic: Default Gateway Pingable yet MT Won't Gateway To World
Replies: 6
Views: 889

Re: Default Gateway Pingable yet MT Won't Gateway To World

could you post a complete routing table. interface and address lists could also be important.
by lastguru
Sun May 25, 2008 8:12 pm
Forum: General
Topic: Routing question!
Replies: 5
Views: 897

Re: Routing question!

Did you add routes on both of the APs for the others' networks? like on AP .6 to the clients that are connected to the AP .10
by lastguru
Sun May 25, 2008 4:07 pm
Forum: General
Topic: Packet flow, queue tree mangle bug or something else
Replies: 10
Views: 1382

Re: Packet flow, queue tree mangle bug or something else

there is no difference, you just have to mind changing addresses, that's all
by lastguru
Sun May 25, 2008 4:01 pm
Forum: General
Topic: getting address from bgp and use it in firewall
Replies: 1
Views: 539

Re: getting address from bgp and use it in firewall

route filters can set routing-mark, which can later be checked in firewall filters. you can play with that.
by lastguru
Sun May 25, 2008 3:56 pm
Forum: General
Topic: ARP manlge
Replies: 1
Views: 591

Re: ARP manlge

bridge dst-nat can reply on ARP requests with some MAC address you set, but unfortunately cannot change IP address of the request
by lastguru
Sun May 25, 2008 3:39 pm
Forum: General
Topic: Split NAT and Not NAT
Replies: 3
Views: 853

Re: Split NAT and Not NAT

action=accept in the nat
by lastguru
Thu May 22, 2008 5:45 am
Forum: Beginner Basics
Topic: Winbox on Linux?
Replies: 47
Views: 119570

Re: Winbox on Linux?

Remember, Wine Is Not an Emulator ;) As for performance, it's very good (except for initialization when it loads libraries in the RAM)
by lastguru
Thu May 22, 2008 5:39 am
Forum: General
Topic: LIVE On-Line Mikrotik Training Series Now Available
Replies: 6
Views: 1384

Re: LIVE On-Line Mikrotik Training Series Now Available

Just as with any other respected certifications, MikroTik certification is only available for specially administered classes, not online.
by lastguru
Thu May 22, 2008 12:12 am
Forum: General
Topic: Bridge filtering?
Replies: 1
Views: 511

Re: Bridge filtering?

All traffic that comes through a bridge (as opposed to forwarding between the clients of the same AP), like in your configuration, between two WDS or between a WDS and an ethernet, can be filtered. check bridge filter menu to see the options
by lastguru
Wed May 21, 2008 11:06 pm
Forum: General
Topic: Mikrotik Certification test
Replies: 89
Views: 32271

Re: Mikrotik Certification test

If there is enough demand to assemble a group of 10+ participants, you can talk with independent trainers (me, for example; you can drop a line to lastguru [at] gmail.com) to make training and certification at your location. I do not mind going to UK or Serbia, because, just as Normis said, the trav...
by lastguru
Wed May 21, 2008 7:51 pm
Forum: General
Topic: International Training in Latvia: Traffic Control/HotSpot
Replies: 1
Views: 697

International Training in Latvia: Traffic Control/HotSpot

I am happy to announce that an intensive 3-day training course will be held in Riga, Latvia on June 18-20, covering Traffic Control (dhcp, proxy, firewall, queues) and User Management (PPP tunnels, HotSpot, UserManager) topics. As the course is updated to the RouterOS version 3, not only new users, ...
by lastguru
Fri Oct 19, 2007 9:23 am
Forum: General
Topic: bgp multihop error " no route to host "
Replies: 20
Views: 2998

Re: bgp multihop error " no route to host "

what version are you using? maybe send support-output to support?
by lastguru
Thu Sep 13, 2007 3:00 pm
Forum: RouterBOARD hardware
Topic: RB133 Hardware I/O lines available under ROS
Replies: 3
Views: 1111

Re: RB133 Hardware I/O lines available under ROS

User LED and Beeper can be controlled as well. And you can trace the high voltage fan signal to the controller, which receives a smaller voltage, not the input power...
by lastguru
Thu Apr 05, 2007 6:00 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: MME routing protocol?
Replies: 8
Views: 4444

this is a protocol similar to b.a.t.m.a.n. . you can look it up in google.
by lastguru
Thu Jul 06, 2006 2:27 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Beta Software
Replies: 4
Views: 2121

That page for a 2.9 beta version you found is OLD-OLD-OLD, and does not contain any valid links...
by lastguru
Wed Jul 05, 2006 4:30 pm
Forum: General
Topic: QoS on incapsulated traffic
Replies: 6
Views: 1248

well... why would one need a tunnel if that allowed to control the traffic inside? no, there is no way to distinguish the traffic inside the tunnels, except on the endpoints of the tunnel
by lastguru
Tue Jul 04, 2006 11:17 am
Forum: RouterBOARD hardware
Topic: Proper Grounding of RB
Replies: 3
Views: 1829

The middle mounting holes of the RB500 (mounting holes next to U25 and U6 markings) should be connected to ground. Typically, they should be mounted with metal spacers to a metal case or backplane that is grounded.
by lastguru
Mon Jul 03, 2006 5:32 pm
Forum: The User Manager
Topic: 2.9.27 released
Replies: 4
Views: 2806

2.9.27 userman is up now. you can try to upgrade
by lastguru
Wed Mar 15, 2006 1:24 pm
Forum: General
Topic: Security Issue
Replies: 9
Views: 2115

i hope it will not put you in that list... (it actually might, as you cannot predict timing)
by lastguru
Wed Mar 15, 2006 12:28 pm
Forum: General
Topic: Security Issue
Replies: 9
Views: 2115

well... i do not like that idea, since not alwas you will be the first of that one per 10 seconds... in other words, you may block yourself that way.
by lastguru
Tue Jan 31, 2006 5:35 pm
Forum: General
Topic: Simple queues
Replies: 3
Views: 1156

Re: Simple queues

Then at the end of the queues we set up a catch all queue to catch any other traffic so that our customer can't pick a different unshaped IP in the block and get more speed. 31 name="CatchAll" target-address=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all queue=Ether-Day-Business priority=8 limit-at=...
by lastguru
Fri Jan 27, 2006 1:30 pm
Forum: General
Topic: MSN Messenger disconnecting
Replies: 24
Views: 3438

I just have a rule to priorize the MSN...
just one rule to prioritize something would have the exact opposite effect, as all the unqueued traffic goes as highest priority. you need a second queue for everything else with low priority.
by lastguru
Fri Jan 27, 2006 1:18 pm
Forum: Wireless Networking
Topic: Security, WEP, WPA, what works?
Replies: 7
Views: 2266

are you sure they get hacket unintentionally? maybe they wanted it to be? ;)
by lastguru
Wed Jan 25, 2006 7:19 pm
Forum: General
Topic: Bypass Simple Queues
Replies: 1
Views: 1048

tree queues, if placed correctly, will overide simple queues.
by lastguru
Wed Jan 25, 2006 6:41 pm
Forum: The Dude
Topic: Syslog Daemon
Replies: 3
Views: 3579

use unix/macos maybe...
by lastguru
Tue Jan 24, 2006 12:36 pm
Forum: RouterBOARD hardware
Topic: Red + blue LED's on ... no connect to mikrotik :(
Replies: 5
Views: 1955

disconnect serial cable, and try once more...
by lastguru
Mon Jan 23, 2006 6:53 pm
Forum: The Dude
Topic: Support for radius packet of disconnection ( POD )
Replies: 3
Views: 2096

mikrotik supports CoA (change of autorization), which can disconnect clients. i am not sure if this is the same thing,...
by lastguru
Mon Jan 23, 2006 5:47 pm
Forum: General
Topic: De-Authenticate Hotspot user after using 10GB Monthly
Replies: 2
Views: 861

hmm... i think it is lready there, check out the user and user profile properties, i remember seeing this parameter there.
by lastguru
Mon Jan 23, 2006 5:43 pm
Forum: General
Topic: Can't access real address from fake address in the same NIC.
Replies: 9
Views: 1685

/ip firewall nat add chain=srcnat src-address=192.168.0.2 action=masquerade comment="" disabled=no
try specifying output interface, and see wat happens
by lastguru
Mon Jan 23, 2006 5:29 pm
Forum: General
Topic: Mark routing locally generated traffic (like web-proxy)
Replies: 8
Views: 3826

please post the complete output of "/ip route pring detail" and "/ip firewall mangle print"
by lastguru
Thu Jan 12, 2006 6:18 pm
Forum: General
Topic: RouterBOARD 532 + Atheros Ar5413 + NL-2511MP PLUS
Replies: 1
Views: 1215

rb500 can surely transmit more than 16Mbit/s
by lastguru
Wed Jan 11, 2006 2:16 pm
Forum: Wireless Networking
Topic: Great signal, stays connected but pings time out
Replies: 14
Views: 3141

LoL, no, i mean to type "viri"
incorrect again. the most probable plural ir "vira". "virus" is a neuter gender, but -i plural is used for masculine nouns. "viri" is a singular genetive of "virus"

http://en.wikipedia.org/wiki/Plural_of_virus
by lastguru
Wed Jan 11, 2006 12:59 pm
Forum: General
Topic: More than one packet/connection/routing mark per packet?
Replies: 2
Views: 1010

each packet may only carry one packet mark, one connection mark and one routing mark, all previuos ones are overwritten. in most cases you may workaround this by assigning combined marks. for example, one check means packetmark "a", other check sets packetmak "b". if both checks succeed, you may put...
by lastguru
Wed Jan 11, 2006 12:44 pm
Forum: Wireless Networking
Topic: Great signal, stays connected but pings time out
Replies: 14
Views: 3141

the plural virii is that of the nonexistent word virius
by lastguru
Tue Jan 10, 2006 1:48 pm
Forum: RouterBOARD hardware
Topic: Lame question (really fast answer need)
Replies: 3
Views: 1308

null-modem is like crossover: it has transmitter on one side connected to receiver on the other
by lastguru
Mon Jan 09, 2006 12:07 pm
Forum: Wireless Networking
Topic: noise floor threshold
Replies: 2
Views: 1535

the card does not provide such information as noise level. and noise treshold is the maximal nose level, the card will transmit on.
by lastguru
Thu Jan 05, 2006 6:39 pm
Forum: General
Topic: Request for Sample config. file for RouterOs + freeradius
Replies: 1
Views: 1117

yeah, it would be great if somebody put this in the wiki.
by lastguru
Wed Jan 04, 2006 1:22 pm
Forum: Wireless Networking
Topic: Mikrotik seems to ignore radius response
Replies: 13
Views: 4547

if he is not using PAP authentication, then secrets are only checked on reply, so the server may accept the authentication even though it will not be accepted by the router.
by lastguru
Wed Jan 04, 2006 11:29 am
Forum: Wireless Networking
Topic: Mikrotik seems to ignore radius response
Replies: 13
Views: 4547

do the RADIUS secret on the router match the one of the RADIUS server?
by lastguru
Tue Jan 03, 2006 3:00 pm
Forum: General
Topic: How to forward http ?
Replies: 4
Views: 1427

read up un destination NAT
  • 1
  • 2
  • 3
  • 4
  • 5
  • 9