Community discussions

MUM Europe 2020

Search found 77 matches

by terminal205
Fri Jan 31, 2020 12:53 am
Forum: Beginner Basics
Topic: Help - Site to Site Not Working
Replies: 4
Views: 489

Re: Help - Site to Site Not Working

Is EoIP added inside the Bridge of each router?
If you're asking if I added the EoIP interface to the local bridge on both sides, then yes.
by terminal205
Fri Jan 24, 2020 3:52 pm
Forum: General
Topic: Ping is timeout !
Replies: 8
Views: 698

Re: Ping is timeout !

Actually, I'm curious about this too.
by terminal205
Fri Jan 24, 2020 3:45 pm
Forum: Beginner Basics
Topic: Site to Site Tunnels
Replies: 12
Views: 1304

Re: Site to Site Tunnels

So I think I've made some progress. Not quite the same approach, but it seems to be accomplishing the same thing... I created enabled PPTP Server and created PPTP Client on both Mikrotiks. They have connected. Progress! I can PING... one way... but not the other way... :( Router 1 /ip ipsec mode-con...
by terminal205
Thu Jan 23, 2020 11:55 pm
Forum: Beginner Basics
Topic: Help - Site to Site Not Working
Replies: 4
Views: 489

Re: Help - Site to Site Not Working

Ok, so what are some reasons it woulndt work?

I see the EoIP established. However, I am unable to ping the LAN on the other side (keeping in mind that it's the same subnet on both sides)

Router 1 <==========> Router2
192.168.168.52/24 <----------------> 192.168.168.51/24
by terminal205
Thu Jan 23, 2020 3:17 pm
Forum: Beginner Basics
Topic: Help - Site to Site Not Working
Replies: 4
Views: 489

Help - Site to Site Not Working

I am attempting to setup a site to site L2TP or simple Layer2 "same LAN" connection between two Mikrotik RB2011s that have been factory reset with a basic startup config. The process that I am following is to create mirrored EoIP tunnels at each site with an IPSec secret. Once established I attempt ...
by terminal205
Mon Jan 13, 2020 8:33 pm
Forum: Beginner Basics
Topic: Site to Site Tunnels
Replies: 12
Views: 1304

Re: Site to Site Tunnels

I dont know what im doing wrong.
I follow the steps exactly. But I cannot pass packets past the mikrotik devices at each site. I can see the tunnels established. The logging shows the tunnels established, keep alives are sent and acknowledged, but i can't ping the other device's local bridge
by terminal205
Mon Jan 13, 2020 3:55 pm
Forum: Beginner Basics
Topic: Site to Site Tunnels
Replies: 12
Views: 1304

Re: Site to Site Tunnels

Did you follow example and added EoIP interface to the Bridge with LAN interface? https://wiki.mikrotik.com/wiki/Manual:Interface/EoIP Anyways... L2 – EoIP. L3 – varriety of other VPN solutions: IPsec, L2TP, PPTP, SSTP, OVPN. If you want L3 Create either Pure IPsec (needs some knowledge) or use one...
by terminal205
Sat Jan 04, 2020 6:54 pm
Forum: Beginner Basics
Topic: Local LAN Cannot Connect to Internet
Replies: 8
Views: 801

Re: Local LAN Cannot Connect to Internet

Still not sure what I'm missing here.
Looking at the Packet counts, I see a lot of transmit, but no receive..
by terminal205
Fri Jan 03, 2020 7:52 pm
Forum: Beginner Basics
Topic: Local LAN Cannot Connect to Internet
Replies: 8
Views: 801

Re: Local LAN Cannot Connect to Internet

Replaced IPs with simple X as /export hide-sensitive did not seem to hide everything I considered sensitive. [admin@mmcu-parkland] > /export hide-sensitive # jan/03/2020 11:41:47 by RouterOS 6.46.1 # software id = 4S0Q-PXRF # # model = 2011UiAS # serial number = 608504A51A11 /interface bridge add ad...
by terminal205
Fri Jan 03, 2020 2:39 pm
Forum: Beginner Basics
Topic: Local LAN Cannot Connect to Internet
Replies: 8
Views: 801

Re: Local LAN Cannot Connect to Internet

An additional test shows that if I use src address 192.168.168.51 with no interface and no routing table; I can ping out to 4.2.2.1
However, as soon as I ad an interface; i get timeouts

Also, if I had DNS to my network, I get timeouts...

I'm scratching my head on this one..
by terminal205
Fri Jan 03, 2020 1:06 pm
Forum: Beginner Basics
Topic: Local LAN Cannot Connect to Internet
Replies: 8
Views: 801

Re: Local LAN Cannot Connect to Internet

if i remote into the the device via winbox, i can ping 4.2.2.1 without srcing any IP/interface.

however, if I src a LAN IP, I get timeouts and destination cannot be reached responses from my DNS server on the LAN Bridge

However, 0.0.0.0 is reachable via Ether1
by terminal205
Fri Jan 03, 2020 11:13 am
Forum: Beginner Basics
Topic: Site to Site Tunnels
Replies: 12
Views: 1304

Re: Site to Site Tunnels

And what exactly you did so far? Because first post didn't make it very clear, you write about one common subnet (192.168.138.0/24), but then list three completely different subnets (172.16.52.0/24, 172.16.51.0/24, 192.168.168.0/24). My mistake. The 192.168.138.0/24 is a typo. Both networks are 192...
by terminal205
Thu Jan 02, 2020 7:25 pm
Forum: Beginner Basics
Topic: Local LAN Cannot Connect to Internet
Replies: 8
Views: 801

Re: Local LAN Cannot Connect to Internet

I'm not 100% are the version I upgraded from; but the currently installed version is the current stable release as of 1/2/20: 6.46.1
by terminal205
Thu Jan 02, 2020 7:20 pm
Forum: Beginner Basics
Topic: Site to Site Tunnels
Replies: 12
Views: 1304

Re: Site to Site Tunnels

Ultimately I'm hoping to migrate the two networks away from this flat-network scheme so each with be on their own subnet, connected via Layer3 VPN tunnel instead of the Layer2 style EoIP tunnel. I can disable the DHCP server on site B and add a DNS relay to point back to the DHCP server at Site A; h...
by terminal205
Thu Jan 02, 2020 4:24 pm
Forum: Beginner Basics
Topic: Site to Site Tunnels
Replies: 12
Views: 1304

Site to Site Tunnels

I have two MT devices that I have deployed and am attempting to get site to site connectivity via VPN tunnel. I see that I have established a tunnel between the devices, but I cannot ping the LAN side of either MT. The basic config overview for each device is like this : Site A WAN : 1.1.1.1 LAN Bri...
by terminal205
Thu Jan 02, 2020 4:14 pm
Forum: Beginner Basics
Topic: Local LAN Cannot Connect to Internet
Replies: 8
Views: 801

Local LAN Cannot Connect to Internet

Clients connected to the local side of the MT cannot access the internet. I have browsed all sorts of topics trying to figure out why I am unable to get local clients to connect to the internet. I have even had a tech reset the MT and use a default config script, but still be unable to access the in...
by terminal205
Tue Dec 31, 2019 4:15 pm
Forum: Beginner Basics
Topic: Basic frustrations - VPNs and Firewalls
Replies: 4
Views: 702

Re: Basic frustrations - VPNs and Firewalls

The SDWAN device is tagging using VLAN 0.
Is there something I need to do to enable the MT to pass this traffic? I was under the impression most routers automatically accepted VLAN0
by terminal205
Tue Dec 31, 2019 1:21 am
Forum: Beginner Basics
Topic: Basic frustrations - VPNs and Firewalls
Replies: 4
Views: 702

Basic frustrations - VPNs and Firewalls

I'm attempting to setup a RB2011 as a 3rd party VPN access point for a SDWAN network. I have successfully gotten the IPSec tunnel to connect andI can ping and surf the immediate remote network located on the MT. My setup is pretty straight forward. SDWAN firewall and MT on a public /29. I have physi...
by terminal205
Wed Feb 14, 2018 6:51 pm
Forum: General
Topic: Connection Tracking - Field Explanation
Replies: 6
Views: 1630

Re: Connection Tracking - Field Explanation

In this instance, I am using a SPA112 device on the private side of the Mikrotik. The default setting in the device show 3600 for registration. That's 1 hour. I have set the udp-stream-timeout to 01:00:10 in accordance with what you wrote. However, I am still seeing the registration on this device a...
by terminal205
Wed Feb 14, 2018 5:05 pm
Forum: General
Topic: Connection Tracking - Field Explanation
Replies: 6
Views: 1630

Re: Connection Tracking - Field Explanation

I disabled SIP ALG/helper based on experience of common practice on other firewalls (it's only ever caused issues for me). I've been running through several tests: Changing the udp-timeout but leaving the udp-stream-timeout at 3M default I attempted 2m yesterday, but the registration aged. I am work...
by terminal205
Tue Feb 13, 2018 6:40 pm
Forum: General
Topic: Connection Tracking - Field Explanation
Replies: 6
Views: 1630

Connection Tracking - Field Explanation

I've seen several posts regarding recommended settings, but nothing that explains exactly what these fields represent. For example, here is a snippet from the Manual regarding UDP settings: udp-timeout (time; Default: 10s) Specifies the timeout for udp connections that has seen packets in one direct...
by terminal205
Tue Sep 26, 2017 5:47 pm
Forum: Beginner Basics
Topic: Dual WAN not responding to external telnet/WinBox requests
Replies: 11
Views: 1271

Re: Dual WAN not responding to external telnet/WinBox requests

While on site, I grabbed a copy of the entire export. Is there anything in particular that would be useful to see?
by terminal205
Mon Sep 25, 2017 4:25 pm
Forum: Beginner Basics
Topic: Dual WAN not responding to external telnet/WinBox requests
Replies: 11
Views: 1271

Re: Dual WAN not responding to external telnet/WinBox requests

Post your entire '/ip firewall mangle export' please.
That is my entire mangle export.
by terminal205
Wed Sep 20, 2017 6:34 pm
Forum: Beginner Basics
Topic: Dual WAN not responding to external telnet/WinBox requests
Replies: 11
Views: 1271

Re: Dual WAN not responding to external telnet/WinBox requests

Still no luck. I've changed the mangle to the following (just like your example) /ip firewall mangle add action=mark-routing chain=prerouting dst-address-type=!local in-interface=ether7 new-routing-mark=toISP1 passthrough=yes add action=mark-routing chain=prerouting dst-address-type=!local in-interf...
by terminal205
Fri Sep 15, 2017 6:39 pm
Forum: Beginner Basics
Topic: Dual WAN not responding to external telnet/WinBox requests
Replies: 11
Views: 1271

Re: Dual WAN not responding to external telnet/WinBox requests

I already have the mangle setup. The below commands mark the connections that come into the respective ISP ports. Following, those connections get marked with the respective routing marks. Am I missing something? 0 chain=prerouting action=mark-routing new-routing-mark=toISP1 passthrough=yes dst-addr...
by terminal205
Fri Sep 15, 2017 5:14 pm
Forum: Beginner Basics
Topic: Dual WAN not responding to external telnet/WinBox requests
Replies: 11
Views: 1271

Dual WAN not responding to external telnet/WinBox requests

I have two WAN ports assigned to two separate ISPs (eth6=ISP1, eth1=ISP2) My firewall and Mangle rules are working for outbound traffic. I am running into an issue with outside-initiated connections (Winbox, Telnet, ssh, etc). Both WAN ports respond to PING, but neither respond to WinBox or Telnet. ...
by terminal205
Fri Aug 25, 2017 6:25 pm
Forum: Beginner Basics
Topic: Routing Selected Networks over Specific WAN/ISP interfaces
Replies: 8
Views: 7485

Re: Routing Selected Networks over Specific WAN/ISP interfaces

This worked swimmingly. And to top it off, it helped me resolve an issue I had been having for some time before that: making both ISP ports active

Thank you very much for your help.
by terminal205
Fri Aug 25, 2017 4:41 am
Forum: Beginner Basics
Topic: Routing Selected Networks over Specific WAN/ISP interfaces
Replies: 8
Views: 7485

Re: Routing Selected Networks over Specific WAN/ISP interfaces

Then mark routing for A connections to use ISP1 and B connections to use ISP2. Can you elaborate a bit on this? It sounds like the PCC topic you mentioned earlier. At this point I have tagged connections originating from 182.168.0.0/24 with b_conn and connections originating from 10.0.1.0/24 with a...
by terminal205
Thu Aug 24, 2017 11:29 pm
Forum: Beginner Basics
Topic: Routing Selected Networks over Specific WAN/ISP interfaces
Replies: 8
Views: 7485

Re: Routing Selected Networks over Specific WAN/ISP interfaces

After reading the PCC entry in the manual, I decided there might be a better way. What if I used the two separate internal switches to separate the traffic? Below is my new approach. Please let me know if this is even possible with the RB2011 or if I am wasting my time. ETH1 : ISP2 ETH2 : Master (gu...
by terminal205
Wed Aug 23, 2017 11:51 pm
Forum: Beginner Basics
Topic: Routing Selected Networks over Specific WAN/ISP interfaces
Replies: 8
Views: 7485

Routing Selected Networks over Specific WAN/ISP interfaces

I have roamed the forums long enough that I have seen similar questions, but try as I might I am unable to solve this issue. My setup is like this : RB2011, 2 separate ISPs (eth1, eth2), two separate networks(10.0.1.0/24 and 192.168.0.0/16) for office and guests. What I am attempting to accomplish i...
by terminal205
Mon Aug 21, 2017 8:35 pm
Forum: Beginner Basics
Topic: Master-Slave vs Same Bridge
Replies: 7
Views: 2184

Re: Master-Slave vs Same Bridge

There is apparently something in the default configuration of the CRS-125 that keeps you from turning this into a dumb L2 switch. While I don't know exactly what part of the default configuration keeps the brains, I do know I was able to get my dumb switch by resetting the config, and not loading a ...
by terminal205
Mon Aug 21, 2017 7:59 pm
Forum: Beginner Basics
Topic: Master-Slave vs Same Bridge
Replies: 7
Views: 2184

Re: Master-Slave vs Same Bridge

Hi! Short answer: MasterSlave means: use switch chip --> few features, high performance For a dump switch, use master slave. How come when I slave all ports to Ether1, and set Ether1 master to "None", I can no longer connect to the switch? Not only that, but I can't pass traffic through the switch ...
by terminal205
Sat Aug 19, 2017 12:08 am
Forum: Beginner Basics
Topic: Master-Slave vs Same Bridge
Replies: 7
Views: 2184

Master-Slave vs Same Bridge

I have a CRS-125, and I've seen quite a few
Is there a difference between adding all ports to the local bridge and setting all ports slave to ether1?

I'm essentially looking for a way to turn the switch into a dumb switch.
by terminal205
Mon Aug 07, 2017 11:43 pm
Forum: Beginner Basics
Topic: Domain and URL Filtering failures
Replies: 3
Views: 903

Re: Domain and URL Filtering failures

Ah yes. All the posts and videos seem to be dated. Well, that makes things more difficult.
by terminal205
Mon Aug 07, 2017 9:28 pm
Forum: Beginner Basics
Topic: Domain and URL Filtering failures
Replies: 3
Views: 903

Domain and URL Filtering failures

So I have attempted multiple modes of filtering to block specific domains: various adult websites, various social websites, etc. However, each method I have attempted to deploy has failed. My two most recent failures were using the Web Proxy method and Content method, however I could still access th...
by terminal205
Mon Jul 31, 2017 7:17 pm
Forum: Beginner Basics
Topic: Accept only List of MAC address to access my local network from Internet.
Replies: 4
Views: 1459

Re: Accept only List of MAC address to access my local network from Internet.

What if you setup a VPN connection that allowed you to tunnel into your inside network, and instead disabled all other forms of outside access from the public IPs?
by terminal205
Mon Jul 31, 2017 6:15 pm
Forum: General
Topic: MAC Whitelist by FDB on CRS125-24G-1S
Replies: 1
Views: 472

Re: MAC Whitelist by FDB on CRS125-24G-1S

So I was messing around with Raw firewall settings and I got this to work. However i would make sure you assign this specifically to an inside interface. The steps are something along these lines: 1) IP > Firewall 2) Raw > New Raw rule 3) chain : prerouting 4) In-Interface : pick one 5) Advanced: Sr...
by terminal205
Mon Jul 31, 2017 5:43 pm
Forum: Beginner Basics
Topic: basic query
Replies: 1
Views: 349

Re: basic query

Instead of a username/password approach, why not use MAC-based access? This method will allow you to both control who is connected and monitor bandwidth utilization based on the physical address of the network interface card. Take a look at Sob's last post in this thread: https://forum.mikrotik.com/...
by terminal205
Fri Jul 28, 2017 4:50 pm
Forum: Beginner Basics
Topic: LAN-to-LAN VPN
Replies: 7
Views: 2743

Re: LAN-to-LAN VPN

It is better to use GRE over IPsec transport. In a MikroTik that is easy, just create a GRE interface and enter IPsec secret. Of course you need to set the other side to the same mode but this mode is "invented by cisco" so they support it well (although I have experience only with IOS routers, not...
by terminal205
Fri Jul 28, 2017 4:39 pm
Forum: Beginner Basics
Topic: ASA 5505 <=> MikroTik RB2011 IPSec Tunnel
Replies: 3
Views: 1080

Re: ASA 5505 <=> MikroTik RB2011 IPSec Tunnel

I have successfully gotten the IPSec tunnel established, but now I am unable to pass traffic across it (no responses to PING requests) I've followed several guides and watched several videos, but have been unable to resolve this issue. I have the following NAT: Flags: X - disabled, I - invalid, D - ...
by terminal205
Fri Jul 28, 2017 4:29 pm
Forum: Beginner Basics
Topic: LAN-to-LAN VPN
Replies: 7
Views: 2743

Re: LAN-to-LAN VPN

With a GRE/IPsec tunnel as I recommended you don't have that issue. pe1chl, can you go into more depth on GRE over IPSec, or point us to a document that can help. I have been trying (unsuccessfully) for a week to pass traffic across an establish IPSec tunnel where an ASA 5505 is one end and a MT RB...
by terminal205
Wed Jul 26, 2017 7:54 pm
Forum: Beginner Basics
Topic: ASA 5505 <=> MikroTik RB2011 IPSec Tunnel
Replies: 3
Views: 1080

Re: ASA 5505 <=> MikroTik RB2011 IPSec Tunnel

Making progress. I am now getting an error : payload missing : SA
I think this is because there's no IKEv2 secret configured on the ASA side...

For some reason my MT seems to stop even trying to connect (the logs show no more errors after ~30 ipsec, error entries)
by terminal205
Wed Jul 26, 2017 6:45 pm
Forum: Beginner Basics
Topic: ASA 5505 <=> MikroTik RB2011 IPSec Tunnel
Replies: 3
Views: 1080

Re: ASA 5505 <=> MikroTik RB2011 IPSec Tunnel

Since the first post, I have updated to version 6.40.
The ASA is utilizing IKEv2, so I correctly configured that (I think) on the MT.

MT Log is now showing :
Phase 1 negotiation failed due to time up: X.X.X.X[500]<=>Y.Y.Y.Y[500]
initiate new phase (Identify protection): X.X.X.X[500]<=>Y.Y.Y.Y[500]
by terminal205
Wed Jul 26, 2017 6:37 pm
Forum: Beginner Basics
Topic: ASA 5505 <=> MikroTik RB2011 IPSec Tunnel
Replies: 3
Views: 1080

ASA 5505 <=> MikroTik RB2011 IPSec Tunnel

I am attempting to setup a site-to-site tunnel between an ASA 5505 and a MT RB2011 device. I have the two tunnels pointed at each other, but I continuously get the following Log entries: MT : phase1 negotiation failed due to time up X.X.X.X[500]<=>Y.Y.Y.Y[500] ASA : Debug Log : IP = x.x.x.x, Error p...
by terminal205
Thu Jul 20, 2017 1:12 am
Forum: Beginner Basics
Topic: Primary WAN Unreachable
Replies: 6
Views: 994

Re: Primary WAN Unreachable

So I think I resolved this issue. Apparently the WISP carrier doesn't have their equipment to respond to PING, so when I have PING check enabled, it gets no response and says it's down. However, when I switch it to ARP, it keeps the connection alive. Now it's time to dive into some failover and load...
by terminal205
Wed Jul 19, 2017 9:37 pm
Forum: Beginner Basics
Topic: Primary WAN Unreachable
Replies: 6
Views: 994

Re: Primary WAN Unreachable

So given the above output, why is the default route with a distance of 1 being flagged as unreachable ? I have tested this connection while directly connected to my laptop and it works fine.
by terminal205
Tue Jul 18, 2017 11:20 pm
Forum: Beginner Basics
Topic: Primary WAN Unreachable
Replies: 6
Views: 994

Re: Primary WAN Unreachable

We have 2 ISPs with a public /29 WAN block each. Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 S 0.0.0.0/0 (ISP1) 1 1 AS 0.0.0.0/0 (ISP2) 2 2 ADC 10.10...
by terminal205
Tue Jul 18, 2017 8:58 pm
Forum: Beginner Basics
Topic: Primary WAN Unreachable
Replies: 6
Views: 994

Re: Primary WAN Unreachable

I'll take a look at the slides (Video streams are blocked at work =/ ). My concern (which I should have added in my original post) is that even when I manually set the first WAN link to priority, it says unreachable and defaults back to the second wan link, which in an ideal situation would be great...
by terminal205
Tue Jul 18, 2017 5:11 pm
Forum: Beginner Basics
Topic: Primary WAN Unreachable
Replies: 6
Views: 994

Primary WAN Unreachable

My Primary WAN link becomes unreachable when I have a secondary WAN link configured. Not entirely sure why.
by terminal205
Fri Mar 31, 2017 11:47 pm
Forum: Beginner Basics
Topic: CRS Throughput Bottleneck
Replies: 8
Views: 1387

Re: CRS Throughput Bottleneck

The Port setup is like this: Ports 2,4,5,6,8,10, and 12 are in a bridge. None are slaved to another port (just the bridge: sponsor_bridge). ISP is connected to port 5. It occurs to me after reading your post that I haven't done anything in the Switch menu. # software id = R3NY-Q3CI # /interface brid...
by terminal205
Thu Mar 30, 2017 9:37 pm
Forum: Beginner Basics
Topic: CRS Throughput Bottleneck
Replies: 8
Views: 1387

Re: CRS Throughput Bottleneck

I plugged in a public IP to my laptop, connected the ISP connection to the switch, still couldn't break 100.

Maybe I'm not understanding, but in the above method, it is acting as a switch. Why would it not get above 100 in speed tests?
by terminal205
Thu Mar 30, 2017 5:59 pm
Forum: Beginner Basics
Topic: CRS Throughput Bottleneck
Replies: 8
Views: 1387

CRS Throughput Bottleneck

I am utilizing a CSR125-24G at a customer site that has a 250/250Mbps (verified by testing directly connected to ISP equipment). However, Once my CSR125 is plugged in, I can only pull at most 100/100. I am utilizing 50/50Mb simple queues on ports assigned to customers, while having a unlimited/unlim...
by terminal205
Sat Mar 18, 2017 8:05 pm
Forum: Beginner Basics
Topic: Multi-Tennant setup
Replies: 4
Views: 596

Re: Multi-Tennant setup

Each client will provide, or be provided, a router to connect back to the gateway IP for internet access. Each router will provide local DHCP.

The FW rules to prevent cross-talk is intriguing. Which rules would you implement to prevent cross-talk?
by terminal205
Fri Mar 17, 2017 7:35 pm
Forum: Beginner Basics
Topic: Multi-Tennant setup
Replies: 4
Views: 596

Multi-Tennant setup

I am in the process of ordering a CRS125-24G switch for an upcoming event that my company is in charge of providing network infrastructure for. At this event, there will be multiple clients that will provide their own firewalls, and we will assign them individual IPs. So the setup we plan to have is...
by terminal205
Fri Mar 17, 2017 6:31 pm
Forum: Beginner Basics
Topic: dst-nat in NAT doesn't appear to be working
Replies: 5
Views: 847

Re: dst-nat in NAT doesn't appear to be working

I'm using to business class data services at my office in our lab setup. WAN1 and WAN2 (eth2). General browsing is working fine.
I assigned the 10.10.1.x network to the local bridge which uses ether 3-10
by terminal205
Thu Mar 16, 2017 11:01 pm
Forum: Beginner Basics
Topic: dst-nat in NAT doesn't appear to be working
Replies: 5
Views: 847

Re: dst-nat in NAT doesn't appear to be working

eth1 and eth2 are not connected to any bridges and are not slaved interfaces. I flushed the connections and tried again, but to no avail. I went in and modified the settings and it seems to work.. sort of. I'm still having some issues, but it seems to be accessible from the outside world now. I chan...
by terminal205
Thu Mar 16, 2017 8:19 pm
Forum: Beginner Basics
Topic: dst-nat in NAT doesn't appear to be working
Replies: 5
Views: 847

dst-nat in NAT doesn't appear to be working

I have an @record that points to my public IP. For now, we'll use 192.168.10.1/30 as my public IP on eth2. I am attempting to route all web traffic that goes to this interface via the @record to an internal IP. Let's use 10.10.1.0/24 as my internal network. See the attachments for the setup for the ...
by terminal205
Sat Mar 11, 2017 12:06 am
Forum: Beginner Basics
Topic: Interface Inactive on Dual WAN Config
Replies: 0
Views: 294

Interface Inactive on Dual WAN Config

I have a setup with two ISP connections plugged into my MT for redundancy purposes. My post's question is two-fold: -Is having 1 default route with two separate gateways the same at setting up 2 route statements? If so, does the second gateway become inactive until the first gateway fails? -Does hav...
by terminal205
Sat Aug 20, 2016 12:58 am
Forum: Beginner Basics
Topic: VoIP - Static and Dropped Calls
Replies: 9
Views: 1101

Re: VoIP - Static and Dropped Calls

I'll give this a try and see what the results are on Monday. Set a limit-at to 512K
That should in theory give them enough minimum bandwidth for their VoIP calls
by terminal205
Fri Aug 19, 2016 11:20 pm
Forum: Beginner Basics
Topic: VoIP - Static and Dropped Calls
Replies: 9
Views: 1101

Re: VoIP - Static and Dropped Calls

Yes. I see dropped packets in my Best Effort queue. Should I limit this queue to 2500K instead of 2700K ? I'm seriously at a loss for what I can do to fix this VoIP issue.
by terminal205
Fri Aug 19, 2016 6:47 pm
Forum: Beginner Basics
Topic: VoIP - Static and Dropped Calls
Replies: 9
Views: 1101

Re: VoIP - Static and Dropped Calls

Ok. Here's another piece to the puzzle: The site has a a bonded T1 connection: 3M up, 3M down. They are stating they still get heavy static on calls. Below is my current Queue Tree. Maybe I didn't set it up correctly? 0 name="PRI_UP" parent=ether1-WAN packet-mark="" limit-at=0 queue=default priority...
by terminal205
Wed Aug 17, 2016 11:08 pm
Forum: Beginner Basics
Topic: VoIP - Static and Dropped Calls
Replies: 9
Views: 1101

Re: VoIP - Static and Dropped Calls

My further attempts include setting up Mangle to tag connects and packets going to or from a specific public IP address (outside the network) as VOIP, and everything else as OTHER I then created a queue trees : PRI_UP, PRI_DOWN, BE_UP, and BE_DOWN. I set the max-limit to 2700K on all 4 parents, then...
by terminal205
Thu Aug 11, 2016 5:27 pm
Forum: Beginner Basics
Topic: VoIP - Static and Dropped Calls
Replies: 9
Views: 1101

VoIP - Static and Dropped Calls

I'm running into a problem where the internal traffic (high volume, large data files) is causing issues with VoIP traffic (static, dropped calls, the whole shabang) My setup is like this : Total of 3M pipe. common local-bridge, common internal DHCP network (192.168.1.0/24). I have one interface on t...
by terminal205
Fri Apr 15, 2016 10:44 pm
Forum: Beginner Basics
Topic: Queues and Policies (QoS)
Replies: 7
Views: 1235

Re: Queues and Policies (QoS)

I'd start with my suggestion and then work from there. Yes you are correct about my example providing a guarantee and a limit. Is it possible to also add a simple queue that does the same thing for any traffic that originates from the SBC? I don't really see a way to indicate a source address. Or w...
by terminal205
Fri Apr 08, 2016 7:08 pm
Forum: Beginner Basics
Topic: Queues and Policies (QoS)
Replies: 7
Views: 1235

Re: Queues and Policies (QoS)

/queue simple add limit-at=1M/1M max-limit=2M/2M name=Voice target=192.168.22.24/32 So this goes back to my first question a few posts ago: is it possible to set custom limits or am I limited to what options are hard coded into the router? (see my 75Mb example above). Is this queue per-connection, ...
by terminal205
Wed Apr 06, 2016 12:17 am
Forum: Beginner Basics
Topic: Queues and Policies (QoS)
Replies: 7
Views: 1235

Re: Queues and Policies (QoS)

So lets say that my SBC is at IP 192.168.22.24.
What kind of Queue do I setup so that UDP traffic going to and from that address have highest priority going through my Mikrotik?
by terminal205
Fri Apr 01, 2016 10:06 pm
Forum: Beginner Basics
Topic: Queues and Policies (QoS)
Replies: 7
Views: 1235

Re: Queues and Policies (QoS)

There are a number of ways one could tackle this, since each user has a unique IP address, you can look at per connection queuing with a set pool of bandwidth, making sure there is enough left for voice. 1. Another option would be to reserve an amount of bandwidth for the number of concurrent calls...
by terminal205
Wed Mar 30, 2016 12:39 am
Forum: Beginner Basics
Topic: Queues and Policies (QoS)
Replies: 7
Views: 1235

Queues and Policies (QoS)

So now that I seem to have figured out (with the help of some good Samaritans) why my firewall wasn't behaving like all the documentation and online help said it should, I can move on to the next part of my learning journey: Queues. I am assuming (and hopefully correctly) that Queues are MT's versio...
by terminal205
Tue Mar 29, 2016 6:53 am
Forum: Beginner Basics
Topic: New to MikroTik
Replies: 15
Views: 1498

Re: New to MikroTik

Here is my updated firewall settings. Everything is working swimmingly now. Guess I need to tackle why this isn't working from the office. Then I get to tackle QoS policies. Thank you everyone for your help. /ip firewall filter add action=drop chain=input comment="Disallow weird packets" \ connectio...
by terminal205
Tue Mar 29, 2016 6:46 am
Forum: Beginner Basics
Topic: New to MikroTik
Replies: 15
Views: 1498

Re: New to MikroTik

You don't allow web interface (tcp/80) and telnet (tcp/23) from WAN. But WinBox (tcp/8291) should be allowed from anywhere by first rule. Btw, "verbose" option for export is not a good idea. It exports all options, including those with default values, and result is too long and very hard to read. a...
by terminal205
Tue Mar 29, 2016 12:16 am
Forum: Beginner Basics
Topic: New to MikroTik
Replies: 15
Views: 1498

Re: New to MikroTik

Edit** With the below rules I am able to PING the interface now, however I still am unable to connect from a remote IP address: either WebGUI, WinBox, or Telnet /ip firewall filter add action=accept chain=input comment="Remote Winbox" !connection-bytes \ !connection-limit !connection-mark !connectio...
by terminal205
Tue Mar 29, 2016 12:15 am
Forum: Beginner Basics
Topic: New to MikroTik
Replies: 15
Views: 1498

Re: New to MikroTik

What do I need to do to post this information? run this command: /export verbose file=MyFile.rsc then paste the output between the forums' code blocks. Sorry this is taking me so long. A lot of projects came up at work. So I ran the /export command. Where does this file live so I can open it? Never...
by terminal205
Tue Mar 29, 2016 12:04 am
Forum: Beginner Basics
Topic: New to MikroTik
Replies: 15
Views: 1498

Re: New to MikroTik

What do I need to do to post this information?
run this command:
/export verbose file=MyFile.rsc

then paste the output between the forums' code blocks.
Sorry this is taking me so long. A lot of projects came up at work.

So I ran the /export command. Where does this file live so I can open it?
by terminal205
Wed Mar 23, 2016 3:39 pm
Forum: Beginner Basics
Topic: New to MikroTik
Replies: 15
Views: 1498

Re: New to MikroTik

What do I need to do to post this information?
by terminal205
Tue Mar 22, 2016 5:10 pm
Forum: Beginner Basics
Topic: New to MikroTik
Replies: 15
Views: 1498

Re: New to MikroTik

I should note that I have been browsing the forums and have tried several of the methods mentioned. I even went as far as factory resetting my equipment and only allowed PING, but to no avail.
by terminal205
Tue Mar 22, 2016 5:04 pm
Forum: Beginner Basics
Topic: New to MikroTik
Replies: 15
Views: 1498

New to MikroTik

I got my first MikroTik and while I'm happy with the overall features I'm seeing in the WinBox interface, I am having some problems getting this router to be deployable in one of our standard VoIP situations. I was able to quickly configure the WAN and LAN addressing schemes. I got on the internet a...