Community discussions

Search found 98 matches

  • 1
  • 2
by sjoram
Fri Jul 18, 2014 7:41 pm
Forum: General
Topic: ISP requires VLAN and pbit set
Replies: 8
Views: 3939

Re: ISP requires VLAN and pbit set

Try the forward chain.
I have a mangle rule to change the MSS on packets in/out of WAN interface and mine uses forward chain.
by sjoram
Fri Jul 18, 2014 7:28 pm
Forum: General
Topic: RB750 Routerboard Upgrade problem
Replies: 7
Views: 2355

Re: RB750 Routerboard Upgrade problem

Thanks.

I currently have 2.36 RB with 5.4 ROS
There was not a newer version within 5.4
Tried copying the file to the device to do the RB upgrade but it's not taking it.

OK to upgrade direct to ROS 5.26 from the versions above?
by sjoram
Fri Jul 18, 2014 7:14 pm
Forum: General
Topic: RB750 Routerboard Upgrade problem
Replies: 7
Views: 2355

Re: RB750 Routerboard Upgrade problem

So essentially, do the ROS upgrade first, then the RouterBOARD?

I thought I saw somewhere it should be done RouterBOARD first but could be wrong?
by sjoram
Fri Jul 18, 2014 6:46 pm
Forum: General
Topic: RB750 Routerboard Upgrade problem
Replies: 7
Views: 2355

RB750 Routerboard Upgrade problem

I have 2xRB750 Managed to upgrade one RouterBOARD (& then RouterOS) fine this morning. The other is refusing to upgrade. The new RouterBOARD goes on but then after the reboot it reverts back to the old version again. Current RBOARD version is 2.36 Trying to upgrade to the current latest version, dow...
by sjoram
Fri Jul 18, 2014 5:26 pm
Forum: General
Topic: IPSec - Dynamic IP with Double NAT
Replies: 11
Views: 5331

Re: IPSec - Dynamic IP with Double NAT

Scripts will not help you here. MikroTik IPSec requires the IPSec responder [IPSec server] to directly terminate a public IP [not be behind NAT]. NAT-T only works on client side with MikroTik. So just to be clear, you think the Netgear that has worked previously must have been behaving differently?...
by sjoram
Fri Jul 18, 2014 1:58 pm
Forum: General
Topic: IPSec - Dynamic IP with Double NAT
Replies: 11
Views: 5331

IPSec - Dynamic IP with Double NAT

Hi All, I need to compile a script that will get the WAN IP address from an internet source (because the RB750 is doing double-NAT so its WAN IP address is not a public IP address). I then need this to run a script to update the local WAN IP address of an IPSec tunnel. (The other end has a fixed IP)...
by sjoram
Sat May 17, 2014 10:19 pm
Forum: General
Topic: IPSec with Dynamic IP Peer
Replies: 1
Views: 730

IPSec with Dynamic IP Peer

Hi, Apologies, I know this has been asked a number of times before but having read a few threads, I'm struggling to adapt the scripts I need to my scenario. My RB750 has a static IP address available for its side of the connection, however the remote end is using a Netgear device on a Dynamic IP add...
by sjoram
Sun Dec 29, 2013 11:15 am
Forum: Beginner Basics
Topic: Block comms between VLANs except DHCP & Public IPs
Replies: 3
Views: 1058

Re: Block comms between VLANs except DHCP & Public IPs

Resolved - devices I was creating an exception for had a mis-configured gateway!
by sjoram
Sat Dec 28, 2013 11:17 pm
Forum: SwOS
Topic: Mix untagged/tagged (access/trunk) VLANs on same port?
Replies: 2
Views: 7261

Re: Mix untagged/tagged (access/trunk) VLANs on same port?

Thanks, I'll give that a try when I get a moment.
by sjoram
Sat Dec 28, 2013 9:18 pm
Forum: Beginner Basics
Topic: Dynamic Mangle rule for reducing MSS value
Replies: 0
Views: 1920

Dynamic Mangle rule for reducing MSS value

Hi all, Previously used my RB750 on a MPoA connection but have recently moved to PPPoA. Have a Draytek Vigor 120 acting as PPPoA to PPPoE bridge. Have a PPPoE client configured on my RB750 to login to my ISP and this acts as my dialer interface. Had some problems which with the help of http://forum....
by sjoram
Fri Dec 27, 2013 2:06 pm
Forum: General
Topic: Email - error connecting to server
Replies: 14
Views: 3165

Re: Email - error connecting to server

Edit: Thought I had it sorted, but I haven't.
Getting further than before but still no success. Getting a timeout, but don't understand why as no internal nor external client has any issue connecting to my mail server.

Image
by sjoram
Fri Dec 27, 2013 1:13 am
Forum: General
Topic: Email - error connecting to server
Replies: 14
Views: 3165

Re: Email - error connecting to server

Setup is exactly as per working mail clients.
Using System/Email in Winbox and using the sent test message option
by sjoram
Thu Dec 26, 2013 3:49 pm
Forum: General
Topic: Email - error connecting to server
Replies: 14
Views: 3165

Re: Email - error connecting to server

No fw running on server. No issues inside LAN (any VLAN) or from WAN with any other smtp access
by sjoram
Thu Dec 26, 2013 3:38 pm
Forum: General
Topic: Email - error connecting to server
Replies: 14
Views: 3165

Re: Email - error connecting to server

Correct trying to enable ROS email function.
Tried internal mail server and gmail.
With debug level logging all I get is error connecting to server. No further info.
by sjoram
Thu Dec 26, 2013 3:22 pm
Forum: General
Topic: Email - error connecting to server
Replies: 14
Views: 3165

Re: Email - error connecting to server

PCs are fine, just ROS is the issue. Can ping IP no problem.
by sjoram
Thu Dec 26, 2013 3:03 pm
Forum: General
Topic: Email - error connecting to server
Replies: 14
Views: 3165

Re: Email - error connecting to server

Tried that, only got the same as per thread summary.
by sjoram
Thu Dec 26, 2013 10:31 am
Forum: General
Topic: Email - error connecting to server
Replies: 14
Views: 3165

Re: Email - error connecting to server

Nothing at all - doesn't appear to be reaching.it.
by sjoram
Tue Dec 24, 2013 9:22 pm
Forum: SwOS
Topic: Mix untagged/tagged (access/trunk) VLANs on same port?
Replies: 2
Views: 7261

Mix untagged/tagged (access/trunk) VLANs on same port?

Sorry for posting a question that has come up on a number of other threads, but looking for clarity on the latest status. Elsewhere, I use HP Procurve 2600 series switches which can mix both untagged and tagged VLANs on the same port, no issue. I bought one of the RouterBOARD SwOS products assuming ...
by sjoram
Tue Dec 24, 2013 9:09 pm
Forum: Beginner Basics
Topic: NAT problem
Replies: 14
Views: 4755

Re: NAT problem

The above masquerade didn't work. I'm currently running a f/w version that doesn't allow export compact (reluctant to upgrade unless I have a particular issue to solve - been a victim of failed firmware upgrades on devices in the past!). Tell me what sections I need to post from the config and I'll ...
by sjoram
Tue Dec 24, 2013 9:03 pm
Forum: Beginner Basics
Topic: Block comms between VLANs except DHCP & Public IPs
Replies: 3
Views: 1058

Re: Block comms between VLANs except DHCP & Public IPs

Edited: I have this working now, except for one particular exception. I have rules set as per below Accept UDP 67-68 from 10.4.0.0/16 to 10.0.0.5 Drop all (other) from 10.4.0.0/16 to 10.0.0.0/8 I'm trying to add the following (above the drop rule), but it appears the below isn't allowing traffic to ...
by sjoram
Tue Dec 24, 2013 9:00 pm
Forum: General
Topic: Email - error connecting to server
Replies: 14
Views: 3165

Email - error connecting to server

Configured email server settings, getting the above when sending a test email. No Firewall rules to prevent this, and email server is on VLAN connected to my RB750. Other external and internal clients using the mail server normally. Router can ping/traceroute the IP address without an interface spec...
by sjoram
Tue Dec 24, 2013 8:37 pm
Forum: General
Topic: RB750 - Hotspot & DNS
Replies: 10
Views: 2331

Re: RB750 - Hotspot & DNS

I've just come across the same problem - what was the fix? i'll search out the thread when I have a mo and post link. Sorry for delay posting back. Can't find original thread to give context as to how/why this works, but filter rule added as follows (needs to be done from CLI): add action=accept ch...
by sjoram
Sat Dec 14, 2013 5:37 pm
Forum: General
Topic: PPPoE Client (WAN)
Replies: 2
Views: 709

Re: PPPoE Client (WAN)

Thanks, I'll make a note to amend the interface as well as updating the IP address it is masquerading as! :D
by sjoram
Sat Dec 14, 2013 5:24 pm
Forum: General
Topic: PPPoE Client (WAN)
Replies: 2
Views: 709

PPPoE Client (WAN)

Changing ISPs soon and will need to configure PPPoE client (first time on ROS). I've pre-configured the PPPoE interface and left disabled. Question is, I currently have some srcnat rules that specify the out interface as eth1. (Masquerade) Can I leave these rules as eth1 or will I need to change the...
by sjoram
Sat Dec 14, 2013 5:22 pm
Forum: General
Topic: Block DNS other than OpenDNS
Replies: 2
Views: 1412

Re: Block DNS other than OpenDNS

Thanks, I'll try that tomorrow.

Edit: Working a treat :D
by sjoram
Sat Dec 14, 2013 4:57 pm
Forum: General
Topic: Block DNS other than OpenDNS
Replies: 2
Views: 1412

Block DNS other than OpenDNS

All, Looking to add a firewall rule on the output chain that blocks all DNS packets other than to OpenDNS IP addresses. Am I correct in that I need to add 2 filter rules on the output chain to allow packets to the 2 OpenDNS IP addresses (1 per IP) and then a block rule that needs to be UNDERNEATH th...
by sjoram
Tue Oct 15, 2013 12:40 am
Forum: General
Topic: RB750 - Hotspot & DNS
Replies: 10
Views: 2331

Re: RB750 - Hotspot & DNS

I've just come across the same problem - what was the fix?
i'll search out the thread when I have a mo and post link.
by sjoram
Sat Sep 21, 2013 7:04 pm
Forum: General
Topic: RB750 - Hotspot & DNS
Replies: 10
Views: 2331

Re: RB750 - Hotspot & DNS

Managed to find another thread on here that enabled me to add a further filter rule to the pre-hotspot chain to resolve this.
by sjoram
Sat Sep 21, 2013 5:24 pm
Forum: General
Topic: RB750 - Hotspot & DNS
Replies: 10
Views: 2331

Re: RB750 - Hotspot & DNS

I've tried disabling this rule and it prevents clients from being re-directed to the login page, they have to browse to the page manually.
Any suggestions for how I can fix the routing of DNS once clients have authenticated to the hotspot?
by sjoram
Tue Sep 17, 2013 3:35 pm
Forum: General
Topic: RB750 - Hotspot & DNS
Replies: 10
Views: 2331

Re: RB750 - Hotspot & DNS

All I need is for DNS requests from hotspot clients to appear from the correct IP address to external DNS resolvers and not use the internal DNS cache. If I remove/disable the entry for DNS redirection, will clients connecting initially still be redirected to the hotspot login page? I'll give it a t...
by sjoram
Tue Sep 17, 2013 3:01 pm
Forum: General
Topic: RB750 - Hotspot & DNS
Replies: 10
Views: 2331

Re: RB750 - Hotspot & DNS

Thanks, I spotted that after my original post. Question now is can I remove this without affecting hotspot functionality?
by sjoram
Tue Sep 17, 2013 11:27 am
Forum: General
Topic: RB750 - Hotspot & DNS
Replies: 10
Views: 2331

Re: RB750 - Hotspot & DNS

*bump* Can anyone assist?
by sjoram
Sun Sep 08, 2013 4:35 pm
Forum: General
Topic: RB750 - Hotspot & DNS
Replies: 10
Views: 2331

RB750 - Hotspot & DNS

Hi, I use OpenDNS for DNS but I have a couple of different IP addresses with different filtering categories. I have different masquerade rules configured for different internal VLANs such that most appear to the outside world on one particular IP address but there is one VLAN that appears on a diffe...
by sjoram
Mon Apr 01, 2013 3:06 pm
Forum: Beginner Basics
Topic: Block comms between VLANs except DHCP & Public IPs
Replies: 3
Views: 1058

Block comms between VLANs except DHCP & Public IPs

Hi all,

Need help on how I configure RB750 to block comms between VLANs on internal IPs (10.x.0.0/16 subnets, 1 per VLAN) but allow DHCP (inc relay) and allow any traffic directed at public IPs which have NAT rules forwarding to a host on one of the VLANs.
by sjoram
Sat Mar 09, 2013 9:17 pm
Forum: General
Topic: RB750 v5.4 cannot export compact
Replies: 3
Views: 584

Re: RB750 v5.4 cannot export compact

:lol: ...sorry ignore me....for some reason my brain read 5.4 as a higher revision than 5.12 :?
by sjoram
Sat Mar 09, 2013 8:02 pm
Forum: General
Topic: RB750 v5.4 cannot export compact
Replies: 3
Views: 584

RB750 v5.4 cannot export compact

As above, RB750 v5.4 cannot use export compact
Get error 'expected end of command' suggesting it doesn't like me adding compact to the end of the export command.
Any ideas?
by sjoram
Tue Feb 26, 2013 9:33 pm
Forum: General
Topic: PPTP connection drops when user has Linksys wireless router
Replies: 26
Views: 11769

Re: PPTP connection drops when user has Linksys wireless rou

Just to advise that I seem to be having PPTP VPN on 2k3 server dropping after around 30-45mins of running OK using a RB750.
by sjoram
Tue Feb 26, 2013 8:50 pm
Forum: Beginner Basics
Topic: NAT problem
Replies: 14
Views: 4755

Re: NAT problem

Thanks, I'll wait till the weekend to move the public IPs so I'm on site if things go wrong.
Will then take a look and see what I have.
Thanks all for the input so far.
by sjoram
Tue Feb 26, 2013 7:15 pm
Forum: Beginner Basics
Topic: NAT problem
Replies: 14
Views: 4755

Re: NAT problem

This is what I have at the moment. The masquerade issue aside, should the below work? Yes I know some are disabled - I disabled them after they didn't work as expected, until I had the chance to look at it again. /ip firewall filter add action=passthrough chain=unused-hs-chain comment=\ "place hotsp...
by sjoram
Mon Feb 25, 2013 7:38 pm
Forum: Beginner Basics
Topic: NAT problem
Replies: 14
Views: 4755

Re: NAT problem

This is why I don't think masquerade will work on VLAN10. Do I actually need the IP addresses assigned to VLAN10 for NAT to work? I have srcnat rules running to mask external traffic going to the internet behind two IPs (rather than using the default masquerade), one of these is not included on the ...
by sjoram
Mon Feb 25, 2013 8:58 am
Forum: Beginner Basics
Topic: NAT problem
Replies: 14
Views: 4755

Re: NAT problem

Yep, problem I have is I'm not sure I can use masquerade as I have a number of IP addresses assigned to that particular interface, so how would it know which to use for masquerade?
by sjoram
Sun Feb 24, 2013 11:35 am
Forum: Beginner Basics
Topic: NAT problem
Replies: 14
Views: 4755

Re: NAT problem

OK today I have tried Chain srcnat Src Add 10.0.0.0/16 Dst Add 46.65.209.241 Proto TCP Dst Port 443 action = src-nat to 46.65.209.241 No joy Interestingly, I have IIS running on port 80 NAT'ed against one IP address and that works without one of the above rules. Services directed at port 80 on anoth...
by sjoram
Sat Feb 23, 2013 10:17 pm
Forum: Beginner Basics
Topic: NAT problem
Replies: 14
Views: 4755

Re: NAT problem

Hmm, looks like what I need but can't make it work. The example command on the wiki won't work for me because the interface has multiple IP addresses assigned so I can't use masquerade. Tried customising the rule to my situation but no joy. Essentially for my situation, for example, I have Web serve...
by sjoram
Sat Feb 23, 2013 5:39 pm
Forum: Beginner Basics
Topic: NAT problem
Replies: 14
Views: 4755

NAT problem

Hoping someone can assist with the below. New to RouterOS, gone live on a RB750 today. Having an issue with one of my NAT rules. Works great for users on other VLANs or on the Internet, but users on the same VLAN as the server are not connecting. My old Netgear used to run its NAT rules on internal ...
by sjoram
Sun Feb 10, 2013 10:07 pm
Forum: Beginner Basics
Topic: RB750 - VLANs/Bridges/Interfaces
Replies: 6
Views: 2513

Re: RB750 - VLANs/Bridges/Interfaces

I'd have thought a cisco AP could send Vlan Tagged packets.
It can, other than the native VLAN as far as I can tell...(which is the problem!)
by sjoram
Sun Feb 10, 2013 9:56 pm
Forum: Beginner Basics
Topic: RB750 - VLANs/Bridges/Interfaces
Replies: 6
Views: 2513

Re: RB750 - VLANs/Bridges/Interfaces

I don't think that's what I'm trying to do. Essentially over my two sites I would have: VLAN 10 = 10.0.0.0/16 <--> 10.5.0.0/16 VLAN 20 = 10.1.0.0/16 <--> 10.6.0.0/16 VLAN 40 = 10.2.0.0/16 <--> 10.7.0.0/16 VLAN 60 = 10.3.0.0/16 <--> 10.8.0.0/16 VLAN 80 = 10.4.0.0/16 <--> 10.9.0.0/16 I don't need to h...
by sjoram
Sun Feb 10, 2013 9:43 pm
Forum: Beginner Basics
Topic: RB750 - VLANs/Bridges/Interfaces
Replies: 6
Views: 2513

Re: RB750 - VLANs/Bridges/Interfaces

Essentially what I'm trying to do is: Port 1 - WAN Port 2 - VLAN10 client (no tag) Port 3 - VLAN10 client (no tag) Port 4 - VLAN10 client (no tag) Port 5 - Cisco WAP (VLAN10 no tag, VLANs20,40,60,80 with tags) No need to firewall between VLAN10 clients, but I'd want to firewall off the VLANs from co...
by sjoram
Sun Feb 10, 2013 8:55 pm
Forum: Beginner Basics
Topic: RB750 - VLANs/Bridges/Interfaces
Replies: 6
Views: 2513

RB750 - VLANs/Bridges/Interfaces

Hi guys, Relatively new to RouterOS and need some help. Working with a RB750 and need to know if there's a solution to the below, or whether I'm trying to do the impossible. I'm going to be running two RB750s in two separate locations, one of which is running VLAN-capable switches, one of which is n...
  • 1
  • 2