Community discussions

Search found 224 matches

by blajah
Thu Nov 22, 2018 2:28 pm
Forum: Beginner Basics
Topic: Filter traffic in bridg.
Replies: 9
Views: 641

Re: Filter traffic in bridg.

Please post your config and we should be able to help you.
by blajah
Fri Aug 31, 2018 12:13 pm
Forum: General
Topic: LNS config
Replies: 0
Views: 297

LNS config

Hello, We are looking to configure one of our CCR's as LNS as hot standby for our ASR. As i have seen in release notes, it is officially supported in ROS. I have seen couple of examples but noone posted working config. Does anyone have this in production? There are no official examples on wiki. I wo...
by blajah
Tue May 22, 2018 12:17 pm
Forum: General
Topic: WAP LTE KIT [SOLVED]
Replies: 2
Views: 581

Re: WAP LTE KIT [SOLVED]

That was solution. I was on stable branch. THX!
by blajah
Mon May 21, 2018 6:16 pm
Forum: General
Topic: WAP LTE KIT [SOLVED]
Replies: 2
Views: 581

WAP LTE KIT [SOLVED]

Hello, Can anyone help me with information about WAP LTE kit information/setup? If i configure it in routed mode, i get ip /32 ( 10.0.0.1 ) and its OK. But if i configure it as passthrough and set DHCP client on HEX it does get same IP but with /30 subnet mask and default route to .2. I have another...
by blajah
Tue Apr 10, 2018 12:00 pm
Forum: General
Topic: mikrotik - pppoe client delay connection [SOLVED]
Replies: 9
Views: 2270

Re: mikrotik - pppoe client delay connection

Beside MTU/MSS there is not much to configure. Its unclear why would you get slow dial time while directly connected to router. Only option is "PADO delay" inside PPPoE server if you have set by accident.
Connect PC again and torch that interface. Then post what you got.
by blajah
Tue Apr 10, 2018 11:39 am
Forum: Beginner Basics
Topic: Need help setting simple port forwarding to a server behind CRS-125-24G-1S-2HnD
Replies: 17
Views: 1405

Re: Need help setting simple port forwarding to a server behind CRS-125-24G-1S-2HnD

Hi, just rearrange rules: /ip firewall nat add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1-gateway log=yes protocol=tcp to-addresses=192.168.88.88 to-ports=5809 add action=dst-nat chain=dstnat dst-port=1157 in-interface=ether1-gateway log=yes protocol=tcp to-addresses=192.168.88.88 t...
by blajah
Sun Apr 08, 2018 6:41 pm
Forum: Beginner Basics
Topic: Mikrotik to dial PPTP VPN like Windows
Replies: 11
Views: 1100

Re: Mikrotik to dial PPTP VPN like Windows

Ahh, you need to specify source IP when using tunnels. ( so it triggers cryptomap).
by blajah
Sun Apr 08, 2018 6:37 pm
Forum: General
Topic: mikrotik - pppoe client delay connection [SOLVED]
Replies: 9
Views: 2270

Re: mikrotik - pppoe client delay connection

I got it form your first post. Like i said, it could be some broadcast limit. And for reconnection, maybe you have old sessions still up?
by blajah
Sun Apr 08, 2018 6:12 pm
Forum: Beginner Basics
Topic: Need help setting simple port forwarding to a server behind CRS-125-24G-1S-2HnD
Replies: 17
Views: 1405

Re: Need help setting simple port forwarding to a server behind CRS-125-24G-1S-2HnD

In that case you should not have any issue. Export config from yout router, post it here. We will help.
by blajah
Sat Apr 07, 2018 11:10 am
Forum: General
Topic: Use a gateway on a different router
Replies: 2
Views: 366

Re: Use a gateway on a different router

Do you NAT on client router?
by blajah
Sat Apr 07, 2018 11:06 am
Forum: General
Topic: mikrotik - pppoe client delay connection [SOLVED]
Replies: 9
Views: 2270

Re: mikrotik - pppoe client delay connection

Sniff traffic with wireshark or enable PPPoE debug on client side, I assume there is some broadcast issue. PADI is sent to L2 broadcast address, and maybe it gets dropped somewhere on your router on stick configuration. Broadcast storm control ?
by blajah
Sat Apr 07, 2018 10:59 am
Forum: General
Topic: How to Block Skype Using Layer7-Protocol
Replies: 2
Views: 2132

Re: How to Block Skype Using Layer7-Protocol

This method does not affect HTTPS traffic. You can try different approach. Intercept and forbid DNS requests containing skype as keyword. They are not encrypted.
by blajah
Sat Apr 07, 2018 10:49 am
Forum: General
Topic: High latency [SOLVED]
Replies: 2
Views: 615

Re: High latency [SOLVED]

Check interface statistics ( uptime, errors, last downtime, duplex ). Also, it could be issue with routing, but we cannot help wthout topology or configuration.
by blajah
Sat Apr 07, 2018 10:45 am
Forum: General
Topic: Statis routes vs mangle
Replies: 2
Views: 353

Re: Statis routes vs mangle

If you have S2S tunnel, i doubt you need any additional routes. Router should see theese networks as directly connected. If you are experiencing performance issues, first thing that comes to my mind is MTU, but could be a NAT also. Can you draw a simple diagram of your topology, so we could help?
by blajah
Sat Apr 07, 2018 10:40 am
Forum: Beginner Basics
Topic: Hide HS gateway
Replies: 5
Views: 687

Re: Hide HS gateway

Of course,
here it is.
by blajah
Sat Apr 07, 2018 10:38 am
Forum: Beginner Basics
Topic: dynamic quesues
Replies: 3
Views: 475

Re: dynamic quesues

Hi, can you please start writing without all bold posts? All your posts are bold without any reason. Also, 70% of your questions are answered here on forum as well as on wiki.
by blajah
Sat Apr 07, 2018 10:33 am
Forum: Beginner Basics
Topic: Really strange IPsec Mikrotik issue [SOLVED]
Replies: 4
Views: 851

Re: Really strange IPsec Mikrotik issue [SOLVED]

We need configuration so we can help. Blind guess is like you assumed - NAT, but there could be also a lot of other things.
by blajah
Fri Apr 06, 2018 10:28 pm
Forum: Forwarding Protocols
Topic: VRRP on bridge interface
Replies: 5
Views: 1448

Re: VRRP on bridge interface

I can confirm it works as expected. Can you provide export of config or even diagram of what you are trying to achieve?
by blajah
Fri Apr 06, 2018 10:20 pm
Forum: Beginner Basics
Topic: Need help with BRIDGE and routing
Replies: 1
Views: 445

Re: Need help with BRIDGE and routing

Exclude traffic from fast-track.
by blajah
Fri Apr 06, 2018 10:17 pm
Forum: Beginner Basics
Topic: Mikrotik to dial PPTP VPN like Windows
Replies: 11
Views: 1100

Re: Mikrotik to dial PPTP VPN like Windows

Well, downside of masquerading is you have no any log which host form Mikrotik side accessed services. Masquerade rule should be like this: Source IP mikrotik LAN subnet Destination IP Bintec subnet Action masquerade Outgoing interface PPTP_interface Place this rule above your default masquerade and...
by blajah
Fri Apr 06, 2018 8:42 pm
Forum: Beginner Basics
Topic: How to block dhcp from cable modem, but not from cable company
Replies: 2
Views: 502

Re: How to block dhcp from cable modem, but not from cable company

Maybe best would be to ask your ISP to place modem in bridge mode?
In that case you would get public IP on MT, so simple metric can do the job.
by blajah
Fri Apr 06, 2018 8:39 pm
Forum: Beginner Basics
Topic: Hide HS gateway
Replies: 5
Views: 687

Re: Hide HS gateway

Add static arp entries and prohibit unwanted requests using local-proxy-arp.
by blajah
Fri Apr 06, 2018 8:30 pm
Forum: Beginner Basics
Topic: High CPU usage.
Replies: 12
Views: 5471

Re: High CPU usage.

Do you have default deny rule in input chain? What is in your connection tracking table? Sources you added to address list, you can drop in RAW firewall.
by blajah
Fri Apr 06, 2018 8:26 pm
Forum: Beginner Basics
Topic: Mikrotik to dial PPTP VPN like Windows
Replies: 11
Views: 1100

Re: Mikrotik to dial PPTP VPN like Windows

Like CZFan said, you need reverse route ( in any way you preffer to achieve it - on server directly or on router ) and if both subnets know about each other then you do not need a masquerade. In your expample with windows PC, after getting PPTP up, PC is getting IP on virtual adapter and your Bintec...
by blajah
Wed Mar 21, 2018 5:47 pm
Forum: General
Topic: Add source to address list [SOLVED]
Replies: 2
Views: 432

Re: Add source to address list [SOLVED] [SOLVED]

Thanks alot.
by blajah
Wed Mar 21, 2018 5:24 pm
Forum: General
Topic: Add source to address list [SOLVED]
Replies: 2
Views: 432

Add source to address list [SOLVED]

Hello all,
I'm getting bit confused about firewall action in subject. After packet is matched with rule criteria, is that packet passed further in firewall or it is not matched against any other rule?
by blajah
Tue Jan 16, 2018 11:57 am
Forum: Beginner Basics
Topic: Changing Static IP to Dynamic IP?
Replies: 2
Views: 869

Re: Changing Static IP to Dynamic IP?

Firstly you need to know how ISP will provide you with ip address. Is it PPPoE, DHCP, L2TP.... After that we will help you without any problem.
by blajah
Tue Jan 16, 2018 11:54 am
Forum: Beginner Basics
Topic: What product and set-up is needed? [SOLVED]
Replies: 4
Views: 544

Re: What product and set-up is needed? [SOLVED]

Hi,

It mainly depends on your topology. Will you use router + couple AP's or combo devices ( like 951 or HAP AC). Go for capsman setup + hotspot and you will be good to go.
by blajah
Tue Dec 12, 2017 2:45 pm
Forum: Beginner Basics
Topic: CCR1009-7G-1C-1S+PC basic setup
Replies: 7
Views: 2254

Re: CCR1009-7G-1C-1S+PC basic setup

Do you have default route on your MT router?
by blajah
Mon Dec 04, 2017 3:15 pm
Forum: General
Topic: RB 3011 Multicast problem
Replies: 9
Views: 1277

Re: RB 3011 Multicast problem

Guess not :(
by blajah
Sun Dec 03, 2017 5:16 pm
Forum: General
Topic: RB 3011 Multicast problem
Replies: 9
Views: 1277

Re: RB 3011 Multicast problem

Hi,
try latest RC
"*bridge - fixed multicast forwarding (introduced in v6.40rc36);"
by blajah
Sun Dec 03, 2017 4:59 pm
Forum: Beginner Basics
Topic: Forcing single URL to use specific WAN
Replies: 3
Views: 783

Re: Forcing single URL to use specific WAN

Actually,
way better is to read this:
https://wiki.mikrotik.com/wiki/Policy_Base_Routing
by blajah
Mon Nov 27, 2017 10:34 pm
Forum: Beginner Basics
Topic: General port question
Replies: 10
Views: 786

Re: General port question

Is that a windows pc? Try setting network to home if it's not.
by blajah
Mon Nov 27, 2017 2:06 pm
Forum: Beginner Basics
Topic: gateway router config failure, DHCP clients do not get addresses, DNS doesn't work properly [SOLVED]
Replies: 31
Views: 4378

Re: gateway router config failure, DHCP clients do not get addresses, DNS doesn't work properly [SOLVED]

It's this rule

add action=drop chain=forward comment=" Drop all else forward requests!"

Allow icmp in forward chain without more matchers. Just rule
add action=accept chain=forward protocol=icmp
by blajah
Mon Nov 27, 2017 11:27 am
Forum: General
Topic: NAT table not cleared correctly [SOLVED]
Replies: 77
Views: 6428

Re: NAT table not cleared correctly [SOLVED]

You're right, i wasn't thinking enough :)
by blajah
Mon Nov 27, 2017 10:49 am
Forum: Beginner Basics
Topic: gateway router config failure, DHCP clients do not get addresses, DNS doesn't work properly [SOLVED]
Replies: 31
Views: 4378

Re: gateway router config failure, DHCP clients do not get addresses, DNS doesn't work properly [SOLVED]

I just saw, you need to accept ISP's DNS servers in input. You are currently allowing DNS requests only for LAN.
by blajah
Mon Nov 27, 2017 10:44 am
Forum: General
Topic: NAT table not cleared correctly [SOLVED]
Replies: 77
Views: 6428

Re: NAT table not cleared correctly [SOLVED]

Ok, one more thing you can try is to use RAW firewall, matching src/dst addresses with no-track action. This would skip connection tracker.
by blajah
Sun Nov 26, 2017 8:29 pm
Forum: Beginner Basics
Topic: port forwarding confusion
Replies: 8
Views: 1249

Re: port forwarding confusion

This means that traffic is hitting rule correctly, but probably host is droping it.
by blajah
Sun Nov 26, 2017 3:15 pm
Forum: Beginner Basics
Topic: port forwarding confusion
Replies: 8
Views: 1249

Re: port forwarding confusion

You can test ports via numerous methods (yougetsignal, portforward as websites, and nmap/zenmap as applications) Regarding your OS, whats your network described as? Public, work or private? Sometimes, you need to set ports in windows firewall also, even if it says its disabled. I had couple of issue...
by blajah
Sat Nov 25, 2017 10:01 pm
Forum: General
Topic: NAT table not cleared correctly [SOLVED]
Replies: 77
Views: 6428

Re: NAT table not cleared correctly [SOLVED]

Try to disable SIP helper in
/ip firewall service-port
by blajah
Sat Nov 25, 2017 9:43 pm
Forum: Beginner Basics
Topic: Need help blocking IP from accessing device in my internal network behind NAT
Replies: 26
Views: 1560

Re: Need help blocking IP from accessing device in my internal network behind NAT

Consider using port-konocking. No overhead nor increase in CPU usage.
by blajah
Sat Nov 25, 2017 9:33 pm
Forum: Beginner Basics
Topic: Connect to LAN behind mikrotik router over ipsec
Replies: 4
Views: 466

Re: Connect to LAN behind mikrotik router over ipsec

Show us routing tables on both sides. I assume your routers do not know where are remote neworks, so they are sending traffic via default routes.
by blajah
Fri Nov 24, 2017 9:22 pm
Forum: General
Topic: Mapping static local IP to external dynamic IP
Replies: 3
Views: 430

Re: Mapping static local IP to external dynamic IP

I just have tested it on one side ( latest rOs RC ) and it saves fqdn in remote address field. You should be good to go.
by blajah
Wed Nov 22, 2017 11:24 pm
Forum: General
Topic: MTU Question
Replies: 12
Views: 1448

Re: MTU Question

@idlemind, I know this, and this way is the simplest way if a packet is fragmenting. Thanks, this is clear but I remember seing on older versions of RouterOS an MTU of 1508 on PPPoE and going to dig this up and test if the displayed 1508 was only cosmetical or a real value. Check this out https://w...
by blajah
Tue Nov 21, 2017 9:51 pm
Forum: Beginner Basics
Topic: Setup Pppoe over vlan 100 connection
Replies: 16
Views: 6151

Re: Setup Pppoe over vlan 100 connection

Hello,

No, you do not need to bridge VLAN interface and PPPoE client, because PPPoE client is "living" inside VLAN. Can you enable PPPoE debug and show us what gets logged? Also, if you do PPPoE scan from VLAN 100 interface, do you see any PPPoE server/BNG/BRASS/RADIUS/WhateverYourISPIsUsing
by blajah
Tue Nov 21, 2017 9:37 pm
Forum: General
Topic: PPPoE client default MTU
Replies: 15
Views: 7646

Re: PPPoE client default MTU

If you create PPPoE client on router, you would see that default value isn't 1460 or 1480, its auto. Why such a big deal? Auto would work even better then fixed value, and assuming you are leaving it @ default value, you do not care about it ( you do not have any specific requirement setting it thi...
by blajah
Sun Nov 19, 2017 10:47 pm
Forum: General
Topic: PPPoE client default MTU
Replies: 15
Views: 7646

Re: PPPoE client default MTU

If you create PPPoE client on router, you would see that default value isn't 1460 or 1480, its auto. Why such a big deal? Auto would work even better then fixed value, and assuming you are leaving it @ default value, you do not care about it ( you do not have any specific requirement setting it this...
by blajah
Sun Nov 19, 2017 10:28 pm
Forum: General
Topic: Mapping static local IP to external dynamic IP
Replies: 3
Views: 430

Re: Mapping static local IP to external dynamic IP

HI,
If you have a Mikrotiks on both sides easiest way is to configure EoIP tunnel.
by blajah
Sun Nov 19, 2017 9:56 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Interface DSL exists [SOLVED]
Replies: 3
Views: 994

Re: Interface DSL exists [SOLVED]

Thanks alot!