Configuration Problem

beejan · Mon Sep 12, 2005 9:47 am

hai...
i'm 22 yrs old from borneo island...need help to configure this routeros. i'm very new to this. so please help me guys!

anyway, my problem is i already configure my IP address as well as my IP route but still cannot get through the internet. i have 2 interface. 1 is for my LAN and the other 1 is for my WAN. this is how i configure my IP address:

0 x.x.x.x/x x.x.x.x x.x.x.x LAN
1 y.y.y.y/y y.y.y.y y.y.y.y WAN1

and my ip route is:

0 S 0.0.0.0/0 y.y.y.y 1 WAN1
1 DC y.y.y.y/y 0.0.0.0 0 WAN1
2 DC x.x.x.x/x 0.0.0.0 0 LAN

I've also allow DNS remote requests (don know whether this is necessary or not)

and i'm using PPPoA instead of PPPoE. i've gone through the manual but unfortunately it cannot help. any soultions?

Mon Sep 12, 2005 10:12 am

have you configured masquerading (src-nat)? what RouterOS version do you use?

beejan · Mon Sep 12, 2005 11:13 am

hai normis! thanks for the reply.

i've done the masquerading just now by doing this:

/ip firewall src-nat add out-interface=WAN action=masquerade

the masquerading was ok but then my license just allow me to use 1 src-nat only. currently im running on MikroTik RouterOS v2.8 with license level1.

i've also try to configure my ip dhcp-client. when i try to lease print, the status is :searching.... (is it a good sign or bad?

)

i still cannot access the internet...

beejan · Mon Sep 12, 2005 11:33 am

another question is...how can i configure my gateway? each time i add the IP address, the router will automatically configure the dynamic route for me.
for instance:
DC x.x.x.x/x 0.0.0.0 x.x.x.x 0 LAN

how can i make the route static so that i can change the gateway? currently the gateway is 0.0.0.0

thank you for ur help

Mon Sep 12, 2005 12:49 pm

/ip route add gateway=1.2.3.4

beejan · Wed Sep 14, 2005 3:58 am

thanks normis! but the gateway u'r given me doesn't help as well...i've tried to ask the mikrotik support but they can't help either. so if anyone have a book of mikrotik for dummies, i need one! i've tried following the manual. i donno what i've done wrong...is it because i use a demo license that it didn't work? what if i buy the license, will the connection works?

mp3turbo2 · Wed Sep 14, 2005 6:32 am

beejan, you said:

===========================
1 60.51.128.182/30 60.51.128.180 60.51.128.183 WAN1

and my ip route is:

0 S 0.0.0.0/0 60.51.128.182 1 WAN1
1 DC 60.51.128.180/30 0.0.0.0 0 WAN1
2 DC 10.100.0.0/24 0.0.0.0 0 LAN
===========================

and then:

===========================
/ip route add gateway=1.2.3.4
thanks normis! but the gateway u'r given me doesn't help as well...
===========================

so, let's clarify things. Did you use 1.2.3.4 numbers EXACTLY as normis has said? That's bad, it cannot work of course.

In the first example, you have correctly defined external IP address from your provider to 60.51.128.182 with 30bit mask (/30). Your next output with /ip route shows me that YOU HAD WRONG GATEWAY TO YOUR ISP:

0 S 0.0.0.0/0 60.51.128.182 1 WAN1

see? Let's explain meaning of this line:
0 = first line in list
S = static route, manually entered with /ip route add gateway=
0.0.0.0/0 = default gateway. If the router doesn't know how to find destination network, it will simply send that traffic here
60.51.128.182 = gateway IP address. HERE IS THE PROBLEM.
1 = distance, cost, priority, there are more names for it :)
WAN1 = interface where to go.

The problem I see here: IP ADDRESS OF YOUR GATEWAY. You entered 60.51.128.182, but you should enter 60.51.128.181 (!! 181 !! at the end). Why?

your ISP assigned you address 60.51.128.182 and his router (=for you, HIS GATEWAY WHERE YOU SHOULD SEND YOUR TRAFFIC) should be 60.51.128.181. This is because of the definition of assigned "network" to you, 60.51.128.180/30 - there are four "numbers":

60.51.128.180 (address of network alone, this address is NOT USABLE for computer/router/whatever)
60.51.128.181 usable IP address - this should be gateway on providers side
60.51.128.182 usable IP address - this should be your IP address according to your output
60.51.128.183 (broadcast address, again NOT USABLE for computer/router/whatever)

leave masquerading as you have it, change only default route:

/ip route
print
remove [number of line where 0.0.0.0/0 is, so you should enter remove 0]
print
{check that there is no 0.0.0.0/0 output, right now it should look like:
1 DC 60.51.128.180/30 0.0.0.0 0 WAN1
2 DC 10.100.0.0/24 0.0.0.0 0 LAN
and nothing more
add gateway=60.51.128.181

then, your internet should be working.

bye, mp3turbo.

beejan · Thu Sep 15, 2005 4:46 am

hai mp3turbo2! thanks for the reply! i really appreciate it. actually, i did configure my gateway correctly, i wrongly typed it inside this forum. sorry my mistake!

anyway, what i did wrong was i disabled my masquerade. when i enable it, then my internet works!

thanks mp3turbo2!

to normis, i'm really sorry i misunderstood what u said....i thought just type in 1.2.3.4 hehe stupid me. but thanks for helping me!

thanks guys!

Thu Sep 15, 2005 11:01 am

just a question, is that you in the picture

?

beejan · Thu Sep 15, 2005 11:12 am

yup..that's me!

why u asking? have we met before?

jaytcsd · Thu Sep 15, 2005 11:53 am

Hey beejan, mind if those of us who never seem to get answers pass them on to you to post? With a face like yours you will always get a response, it's a guy thing about helping out pretty girls.

Jay

sten · Thu Sep 15, 2005 4:34 pm

I'd say she knows more about networking and more importantly gives better details than most on the forum.

Posting "My XYZ doesn't work?!!?! HELP?!?! Very Urgent!!" and a follow-up 5 minutes later "I run Mikrotik v2.7.STONEAGE" deserves nothing more than a reply full of insults about the posters genitalia and intellect. But that would waste more time.

csickles · Thu Sep 15, 2005 5:35 pm

I noticed a lot of attention here...

beejan · Fri Sep 16, 2005 4:41 am

i really appreciate all your comments guys...im really interested to learn more about mikrotik. i wouldn't mind sharing my experience using mikrotik with other new users like me.

csickles · Fri Sep 16, 2005 5:33 am

Thats the spirit !!
Good luck..

Craig

beejan · Thu Sep 22, 2005 5:58 am

hai guys!!!

so far...my mikrotik is working fine..however, the problem comes when i add another WAN line and try to do the load balancing. i want the load balancing to be per-packets.

so this is what i did..in Nth property in firewall manual, i use it to put 1 routing mark on the first of each two packets and another routing mark on the second of them. then i use the policy routing to route these packets to different gateways. (this solution i obtained from this forum

)

unfortunately...i doesnt seem to work...i cannot access the internet.

this is how it looks like when i print the ip firewall mangle:

 0   chain=prerouting src-address=60.51.128.180 nth=2,0,0 action=mark-routing new-routing-mark=net1 

 1   chain=prerouting src-address=60.51.128.168 nth=2,0,0 action=mark-routing new-routing-mark=net2

hmm..i think i did wrong somewhere..? any suggestions guys?

sten · Thu Sep 22, 2005 12:26 pm

how about posting a more complete configuration?

beejan · Fri Sep 23, 2005 4:29 am

hello craig! thanks for replying me.

sorry didn't mention it before...i have upgrade my MT to version 2.9.

ok. this is my configuration:
ether1 is LAN
ether2 is WAN1
ether3 is WAN2

 #   ADDRESS            NETWORK         BROADCAST       INTERFACE
 0   x.x.x.x/x       x.x.x.x      x.x.x.x    ether1   
 1   y.y.y.y/y       y.y.y.y      y.y.y.y    ether3   
 2   y.y.y.y/y       y.y.y.y      y.y.y.y    ether2

this is the IP route
ether2 is net1
ether3 is net2

 #     DST-ADDRESS        PREFSRC         G GATEWAY         DISTANCE INTERFACE
 0 ADC x.x.x.x/x        x.x.x.x                             ether1   
 1 ADC y.y.y.y/y        y.y.y.y                             ether3   
 2 ADC y.y.y.y/y        y.y.y.y                             ether2   
 3 A S 0.0.0.0/0                        r y.y.y.y            ether2   
 4 A S 0.0.0.0/0                        r y.y.y.y            ether3

this is the IP firewall mangle:

0   chain=prerouting src-address=y.y.y.y action=mark-routing new-routing-mark=net1 

 1   chain=prerouting src-address=y.y.y.y action=mark-routing new-routing-mark=net2

i've also enable the masquerade

 0   chain=srcnat out-interface=ether3 connection-type="" action=masquerade

hmm..i've also read somewhere saying that if i use policy-routing, then do not use source nat. is it true? it seems that i've follow the manual but still cant access the internet. maybe my masquerading is wrong? any suggestions?

thanks for helping me!

beejan · Fri Sep 23, 2005 11:38 am

by the way, does MikroTik support Dlink DFE 580TX 4-port? in the manual it says not recommended...however i want to use it. is it possible?

Eugene · Fri Sep 23, 2005 12:21 pm

by the way, does MikroTik support Dlink DFE 580TX 4-port? in the manual it says not recommended...however i want to use it. is it possible?

Yes, but on your own risk. Better use via-based 4-port cards, like RB series.

beejan · Fri Sep 23, 2005 1:02 pm

thanks Eugene! i shall give it a try.

any help on the routing guys?

Eugene · Fri Sep 23, 2005 1:20 pm

0 chain=prerouting src-address=60.51.128.180 nth=2,0,0 action=mark-routing new-routing-mark=net1

1 chain=prerouting src-address=60.51.128.168 nth=2,0,0 action=mark-routing new-routing-mark=net2

Should be

0   chain=prerouting src-address=60.51.128.180 nth=2,0,0 action=mark-routing new-routing-mark=net1

 1   chain=prerouting src-address=60.51.128.168 nth=2,0,1 action=mark-routing new-routing-mark=net2

lastguru · Fri Sep 23, 2005 2:14 pm

thanks Eugene! i shall give it a try. :wink:

it is not recommended to use this 580TX adapter as it has been proved to lock up the system under more than minimal load.

beejan · Sat Sep 24, 2005 5:47 am

thanks for replying me guys!!!

Eugene, i have try the coding u gave me. still no luck..however i will try again. maybe my ISP provider got problem...i shall seek to it. anyway, thanks for your help!

Lastguru...thanks for the advice!

but if u guys have any more suggestions! don't hesitate to post me,ok?

beejan · Sat Sep 24, 2005 8:29 am

hai guyss!!!!!
my load balancing is working now!!!!

what i did wrong was in my masquerading. i solved it and now it's running!

i'm so happy!

thanks guys!!!

larmaid · Wed Sep 28, 2005 8:50 am

hi beejan...

in your profile you said that you are in borneo...borneo is kalimantan right in Indonesia ?

JimHeck · Wed Sep 28, 2005 10:45 am

hai guyss!!!!!
my load balancing is working now!!!! what i did wrong was in my masquerading. i solved it and now it's running! i'm so happy! thanks guys!!!

Bejan,

I (and I think quite a few others on this forum) would be most interested in your set up. I have been trying to get load balancing going for several weeks/months and have never met with success. Also, what version of MT are you running??

Can you post relevant extracts from your set up. I'd be very grateful!

Best regards from a sunny UK!
Jim

beejan · Fri Sep 30, 2005 11:38 am

hai larmaid!
answering ur question..i am from borneo island but not from kalimantan,indonesia. i'm from Sarawak, Malaysia.

it's a part of the borneo island as well.

beejan · Fri Sep 30, 2005 12:08 pm

hai JimHeck!

hmm....actually i'm having some problems with my load balancing...it seems that my load balancing is not successful...the transmission rate and received rate keeps on changing...sometimes it is good sometimes it is not...i'm so confused..does it means that my load balancing is configured wrongly?

i would be pleased to help u in any ways...can u be more specific of what extracts that you need?

Fri Sep 30, 2005 1:35 pm

no, simply load balancing is not a perfect solution to increase speed. for some applications it can help, for some not.

beejan · Sat Oct 01, 2005 10:45 am

hai normis! thank you for replying me.

as what u say...

no, simply load balancing is not a perfect solution to increase speed. for some applications it can help, for some not.

then what does a mikrotik load balancing do? doesn't it suppose to load balance my bandwidth? what do u mean by some applications? what are the applications suitable for mikrotik load balancing?

the situation is like this...i have three WAN lines connected to my mikrotik. i try to experiment with the load balancing by downloading 10 files at the same time. what i get is the WAN1 shows the Rx is 2.5Mbps, WAN2 Rx is 495bps, WAN3 Rx is 495bps. what does this mean? does it means that my load balancing is not successful? what do i need to do so that my load balancing is correct?

sorry for the sooo many questions...

i hope u could explain to me what's the situation is...thanks a lot.

sten · Sun Oct 02, 2005 4:23 am

the situation is like this...i have three WAN lines connected to my mikrotik. i try to experiment with the load balancing by downloading 10 files at the same time. what i get is the WAN1 shows the Rx is 2.5Mbps, WAN2 Rx is 495bps, WAN3 Rx is 495bps. what does this mean? does it means that my load balancing is not successful? what do i need to do so that my load balancing is correct?

You can not achieve inbound load balancing without some kind of cooperation or control in both ends.
If you use NAT you could potentially achieve some kind of increase throughput but this would be only noticable over several sessions to different hosts on the wan side. Any single session or host would use only one uplink.

Eugene · Mon Oct 03, 2005 6:50 pm

Yup, load-balancing is working for outgoing traffic. As Sten wrote, for inbound load-balancing you'll need cooperation with your ISP(s).

beejan · Fri Oct 07, 2005 3:19 am

hai sten!!! hello eugene!!

thank you for the reply. i really appreciate it.

hmm...it's quite frustrating to know the truth...i thought mikrotik was supposed to increase the speed...however...the transmission rate is balance.

hmm...from my observation...when i'm using only two WAN lines...the speed is very fast...but when i try to add another one...it becomes slower. i could see that the two line are balance but not the third one. is it because mikrotik could not balance more than two lines?

thanks for explaining to me.

Eugene · Mon Oct 10, 2005 3:51 pm

Post configuration.

beejan · Wed Oct 12, 2005 6:24 pm

ok. this is my configuration:

IP address:

#   ADDRESS            NETWORK         BROADCAST       INTERFACE
 0            x.x.x.x/x             x.x.x.x              x.x.x.x               ether1   
 1            y.y.y.y/y             y.y.y.y              y.y.y.y               ether4   
 2            y.y.y.y/y             y.y.y.y              y.y.y.y               ether3   
 3            y.y.y.y/y             y.y.y.y              y.y.y.y               ether2

IP Route:

 #     DST-ADDRESS        PREFSRC         G GATEWAY         DISTANCE INTERFACE
 0 ADC x.x.x.x/x             x.x.x.x       ether1   
 1 ADC y.y.y.y/y             y.y.y.y                              ether4   
 2 ADC y.y.y.y/y             y.y.y.y                              ether2   
 3 ADC y.y.y.y/y             y.y.y.y                              ether3   
 4 A S 0.0.0.0/0                          r y.y.y.y            ether4   
                                          r y.y.y.y            ether2   
                                          r y.y.y.y            ether3

IP Firewall:

 0   chain=srcnat out-interface=ether2 action=masquerade 

 1   chain=srcnat out-interface=ether4 action=masquerade 

 2   chain=srcnat out-interface=ether3 action=masquerade

This the interface monitor-traffic:

 received-packets-per-second: 251       152       65      1
       received-bits-per-second: 871.7kbps 507.1kbps 263kbps 480bps
        sent-packets-per-second: 196       145       56      65
           sent-bits-per-second: 758.4kbps 639.4kbps 105kbps 135.9kbps

as u can see all the lines seems to be fine except for the last one which shows received-bits-per-second 480bps. so i'm curious to know why the line can't achieve kbps? is there anything i could do? or should i try other configuration?

thank you for all the help.

Eugene · Wed Oct 12, 2005 9:29 pm

That the way how load-balancing works.

Consider the following: your router receives a bunch of packets from various connections directed towards one particular host on the Internet, say host A. Since your router knows it should load-balance these connections, it tries to distribute these evenly across your upstream links. Everything goes fine and the data arrives to the host A, which in turn should send something back to computers on your local LAN and it does so.
With your present configuration, no other host in the Internet knows that you want to load-balance incoming traffic. Most likely, all replies from host A will come back through the same path, leaving all other unused. You should collaborate with your ISPs to get ingress load-balancing to work. (Hint: use BGP)

beejan · Fri Oct 14, 2005 11:29 am

hai eugene!! thanks for ur reply. i really appreciate it.

referring to what u said earlier..

You should collaborate with your ISPs to get ingress load-balancing to work. (Hint: use BGP)

does this mean that mikrotik cannot do the load-balance incoming traffic? is there any configuration to enable this? or the only solution is to collaborate with my ISPs...? if im going to collaborate with them...using BGP is not possible. any other suggestions?

i really appreciate all the replies...thank u very much.

beejan · Fri Oct 14, 2005 11:39 am

im really sorry for all the questions guys...i know i've been asking the same question all over again...so any suggestions from u guys will be highly appreciated ^^

Eugene · Fri Oct 14, 2005 12:56 pm

does this mean that mikrotik cannot do the load-balance incoming traffic?

No other router could do inbound load-balancing without collaboration with upstream routers. They are doing it, not you. You have NO control over your inbound links. Try to explain it to your boss.

lastguru · Fri Oct 14, 2005 1:30 pm

I like the analogy with paper letters in these cases:

1. inbond load balancing. can you expect letters to be delivered by different mailmen depending on what colour you paint your mailbox and how wide and deep you make it without prior agreement with the post office?

2. inbond queue. can you limit or influence the number of letters you are receiving by not reading them?

beejan · Sun Oct 16, 2005 6:10 am

thanks for the reply Eugene...Lastguru...

now i understand

i've tried explaining that to my boss...he just keeps quite..im not sure if that's a good sign or not. hehe anyway, thanks for all the help guys...u have helped me to increase my knowledge.

there's one thing i would like to ask..currently, i have several users running on mikrotik. i've received complains from them saying that when they connected to Yahoo Messenger...they always get disconnected. they have to reconnect each time that happens.

is this because i didn't put any firewall settings in my mikrotik? how can i solved this problem?

icommunity · Sun Oct 16, 2005 2:35 pm

Are you still using dual gateways?

I also had this problem with Yahoo and MSN messenger when I started to use two gateways. I think it was because MT was switching between the two gateways for messenger connections - dropping the established connections that went through one gateway and switches it through the other gateway.

I solved the problem by forcing the messenger traffic to go through one of the two gateways:

1. Mangle traffic on port 5050 and 1863
2. Policy route this traffic through one gateway.

Not sure if this works for you. Try it - it worked for me.

beejan · Tue Oct 18, 2005 1:57 am

hai icommunity...thanks for ur reply

ok. this is how my configuration looks like:

0 X chain=prerouting src-port=5050 action=mark-routing new-routing-mark=net1 

 1 X chain=prerouting src-port=1863 action=mark-routing new-routing-mark=net1

and i route this to one gateway which i already mark as net1.

is this correct? when i did this...i couldn't sign in into the yahoo messenger..so i guess this configuration is wrong..?

any help?

Ronnie123 · Tue Oct 18, 2005 2:57 am

i have a similar multi-wan issue. I would like to simply bind a few static NAT addresses on my network to a a specific wan interface. I assume that can be done easilly, but I just got this router a few days ago, and I havent found a way to do it yet.

icommunity · Tue Oct 18, 2005 5:58 am

It seems you're using MTv2.9. I'm not familiar with MTv2.9 yet. But tHis is my setup using v2.8 which might help you further:

This is how I mangle the traffic:

IP>FIrewall>Mangle
1 src-address=192.168.1.0/24 in-interface=LAN dst-address=:1863 protocol=tcp action=passthrough mark-connection=chat_con
2 src-address=192.168.1.0/24 in-interface=LAN dst-address=:5050
protocol=tcp action=passthrough mark-connection=chat_con
3 in-interface=LAN protocol=tcp connection=chat_con action=accept
mark-flow=chat_Flow

THis is how I route the chat traffic to go through a gateway specified as Gateway1 (I had to create that one routing table called Gateway1 first):

ip >policy-routing >rule
Dst=0.0.0.0/0 Src=0.0.0.0/0 InterFc=LAN Flow=chat_Flow
Action=lookup Table=Gateway1

Good Luck!

Ronnie123 · Tue Oct 18, 2005 6:37 am

I haven't got my router hooked to the second WAN yet... I am starting to realize from reading here that I am going to have issues with games, messenger and VOIP dropping the connection when it changes to a different WAN port.

I have searched the forum for a few hours and I have seen a lot of people with these issues, but I haven't seen the solution yet. Is there one? Will I be able to have two WAN ports connected with the MT balancing the traffic and not breaking current connections to do so?

JimHeck · Tue Oct 18, 2005 9:47 am

Ronnie,

When we were running ver 2.8 we had two WAN (ADSL) connections and separate ethernet cards. We have a small hotspot based comminity on the private site of the router. We didn't use load balancing, but we did use mangle firewall rules to route all the port 80 packets down one ADSL link, and used the other link for the remainder of the traffic.

This worked well. I think another way to do a similar 'split' might be to use mange rules to send traffic from different clients down different WAN links. This could be based on their IP number.

Unfortunately, now we have upgraded to ver 2.9 we are having difficilties getting the mangle rules to work. We are still working on this problem, and just hope we can come up with a solution.

Hope this is of interest/help
rgds
Jim Heck

Ronnie123 · Tue Oct 18, 2005 3:30 pm

I was thinking I might have to manually split the traffic, but I'm not sure what the best way to do that is.

I am also running 2.9 with a routerboard 500. I have 2 outgoing connections, one wired T1 and one wireless link that is 3.0 up and down. We have a router (xincom) that balances the traffic now, but it has other serious issues. I have roughly 140 customers on the LAN side of the router.

I was thinking I might force 30 or 40 clients with static addresses out the wired T1 and then let all my dhcp clients go out the wireless connection. Can anyone suggest a method for setting that up?

beejan · Mon Oct 31, 2005 7:02 pm

hai!

first of all...thanks to all that have posted the replies for me..

to icommunity..thanks for the configuration..however, i didn't work with my mikrotik..

but im still trying to figure it out! no worries!

oh ya, one thing i would like to know....mikrotik does support AAA rite? however does the mikrotik AAA functions same like IP3? i mean does it have a login page/admin page like IP3?

thanks for your reply!

Tue Nov 01, 2005 5:17 pm

There is Hotspot feature in MikroTik RouterOS, which provides your with many options:
http://www.mikrotik.com/docs/ros/2.9/ip/hotspot
there will be login page for network local users.

beejan · Tue Nov 01, 2005 8:07 pm

hai sergejs!! thanks for ur information.

i shall have a look into it.

beejan · Sun Nov 06, 2005 9:19 pm

hai there! i've been busy studying the manual for hotspot and then try to get it running. however there is a problem after i login into the page. i cannot view the status, instead it shows "the page cannot be displayed".

how to solve this problem?

thank u very much for the replies.

Mon Nov 07, 2005 10:33 am

if you type http://router_address/status or http://router_address/login ,than you get page cannot be displayed ?

HarvSki · Tue Nov 08, 2005 1:50 pm

I've had loadbalance working well with a test router and 2.9.6 but found that I needed a separate ethernet port for each WAN connection.... Why is that am I not understanding something obvious?

Any info much appreciated.

Harvey

beejan · Mon Nov 14, 2005 3:49 am

hai sergejs! thank u for the reply. i've fixed the problem already. now my hotspot is working successfully!!!

thank u very much.

beejan · Tue Nov 15, 2005 7:30 am

Hai there! Hmm...once i did mention that i'm having problem with Yahoo Messenger and MSN Messenger. and thanks to icommunity posted me this:

IP>FIrewall>Mangle
1 src-address=192.168.1.0/24 in-interface=LAN dst-address=:1863 protocol=tcp action=passthrough mark-connection=chat_con
2 src-address=192.168.1.0/24 in-interface=LAN dst-address=:5050
protocol=tcp action=passthrough mark-connection=chat_con
3 in-interface=LAN protocol=tcp connection=chat_con action=accept
mark-flow=chat_Flow

ip >policy-routing >rule
Dst=0.0.0.0/0 Src=0.0.0.0/0 InterFc=LAN Flow=chat_Flow
Action=lookup Table=Gateway1

However...it didn't work. I try to change it so that it can be used by mikrotik v2.9. but it didn't work as well. can anyone show me how to solve this problem?

wonderlan · Wed Nov 16, 2005 2:17 am

basically you want to mark certain types of packets seperately and force them to go through a certain gateway, some services really require this to work effectively such as most instant message applications, termianl services, some vpn connections (L2TP i believe), and VNC in my experience. One thing you might want to try that we have done over here is analyize what traffic is flowing over your network on average and force different traffic to use different gateways via policy routing rules. Just remember to add some scripts into your microtik to adjust the policy routing rules if lines go down... basically what our script does is if any line goes down it forces all traffic through one gateway that works until all lines are back up.... not the best configuration but i couldnt figure out how to write a neat script that would rebalance everything across only the remaining lines without resorting to an insane ammount of code. Anyway good luck, but the key is using packet marking to tag certain types of traffic, and policy routing to make sure you route that traffic across 1 gateway and to make sure your load balancing rules do not affect that marked traffic.

cabana · Wed Nov 16, 2005 10:44 am

I wish I had a Beejan working in my dept....nice pic

beejan · Sun Nov 20, 2005 5:26 am

thanks wonderlan! thanks for ur advice.

thanks for dropping by cabana!

there's one more thing i would like to share it with everybody...currently im running my mikrotik on level 3 license. i tried to enable my transparent web-proxy...however it didn't work. i follow the mikrotik manual and add this to my firewall:

chain=dstnat protocol=tcp in-interface=ether1 dst-port=80 action=redirect
     to-ports=8000

after i did this...the mikrotik can't access any webpages! i cant access the internet. why is this happening? does my mikrotik 2.9.6 does not support this configuration? any suggestions?

thank you for all the replies. i really appreciate it.

jaytcsd · Mon Nov 21, 2005 3:45 am

the default port for web proxy is 3128 in ver 2.9, that changed from 2.8.
The manual shows examples for 8000 and 8080, maybe that's what has you hung up.

beejan · Wed Nov 23, 2005 4:39 pm

hai jaytcsd! thanks for the reply! my transparent proxy is running now.

there's a few questions that i would like to ask:

1) does proxy reside on ram or hard disk? does it use a lot of hard disk or ram?

2) does RAID1 can be use with HDD on my mikrotik? what i want to use is the IDE RAID hardware not the software. i want to use it for mirroing.

thanks for the reply.

jaytcsd · Wed Nov 23, 2005 6:31 pm

>>does proxy reside on ram or hard disk? does it use a lot of hard disk or ram?

I'm no expert on proxy, but it looks like it uses both. The manual is not clear on the internal functions of the proxy.
I guess the system swaps out cache to the hard drive based on avaliable RAM and the sizes you set, like a windows swap file.

I have a second drive in my routers and use it for the proxy since it gets so much more read write activity, that reduces wear on the system drive.
There were some threads on the forum way back about whether or not the compact flash drives would die early due to the large number of write cycles.

I don't know about the IDE RAID, if it's in the bios I imagine Mikrotik doesn't even know it's talking to a RAID and would work fine.

beejan · Mon Nov 28, 2005 6:11 pm

hai jaytcsd! thanks for ur reply. it clears some of my doubts. however, if there are more suggestions, please post me!

thank u.

beejan · Mon Dec 05, 2005 8:21 am

Hai there! there's something that i would like to ask..

i have read the manual on mikrotik 2.9 specs..under IA32 Hardware requirements...this is what i found:

RAID controllers that require additional drivers
are not supported

does this mean that Mikrotik does not support RAID? RAID controllers here refer to RAID hardware or RAID software?

thank u.

lastguru · Mon Dec 05, 2005 2:12 pm

routeros does not support software and so-called-hardware RAID controllers, which require additional drivers. transparent (true hardware RAID) controlles do not need any additional support from OS, are completely undetectable for it, and thus are supported by any OS, including RouterOS.

beejan · Wed Dec 07, 2005 2:58 am

thanks lastguru! i appreciate ur reply.

currently, im facing a problem with port forwarding. i have read inside this forum about port forwarding and i've found good examples on how to do it. this is how i did my port forwarding:

chain=dstnat in-interface=WAN protocol=tcp dst-port=80 action=dst-nat to-addresses=10.100.0.36 to-ports=80

however, this settings didnt work for me. when i type the WAN address, i cant open the page that i forwarded. is there any other way on how to do this? is my settings wrong?

thank u.[/code]

cmit · Wed Dec 07, 2005 10:32 am

From where do you try to access the dst-natted server? from your internal LAN (where the server is sitting)? This won't work, as your dst-nat rule only redirects traffic coming in from the WAN interface.

See my recent post here for (I think) the same problem:
http://forum.mikrotik.com//viewtopic.php?t=5823

Best regards,
Christian Meis

beejan · Sun Dec 11, 2005 3:11 pm

thanks Christian!! u have been very helpful! my port forwarding working perfectly now!

u never know how much i've fallen in love with mikrotik...hehe nothing else in my life now..just mikrotik! haha

i do really wish i could attend the mikrotik meeting. however it's too far from my country. i do hope that the meeting will be held again somewhere near.

thanks!

beejan · Tue Dec 13, 2005 4:32 am

hai there!

just want to ask something..is it possible if i point my mikrotik proxy to another proxy server? if it's possible..how can i do it?

thanks

lastguru · Tue Dec 13, 2005 10:51 pm

yes, it is called parent-proxy

beejan · Wed Dec 14, 2005 9:05 am

i've just realized that when i read the manual...

thanks! i've enable it already.

hmm..another question..is it possible to access VPN remotely using mikrotik? i mean does mikrotik allows the VPN connection to go through?

thanks.

cmit · Wed Dec 14, 2005 10:32 am

Hi beejan,

first an "organizational" hint: Please start a new topic for a new question - just adding a (completely different) question to an existing post is not a good idea. People will never get the idea that you are asking for VPN passthrough help when they read the original topic title...

Regarding your question:
MikroTik will let the VPN connection through, if you don't filter it out. What you need to let through depends on the VPN type you are using: IPsec, PPTP, OpenVPN, ...

Best regards,
Christian Meis

beejan · Wed Dec 28, 2005 5:01 pm

thanks cmit!

thanks for replying me.

raymonvdm · Wed Jan 04, 2006 11:02 pm

by the way, does MikroTik support Dlink DFE 580TX 4-port? in the manual it says not recommended...however i want to use it. is it possible?

Im using the DFE570TX 4 port and is working fine, the only problem is dat MT doest see a link up or down. it always says link up

beejan · Sun Jan 08, 2006 6:54 am

hai raymonvdm!

previously, im running my mikrotik on version 2.8.6. this version didn't support DFE 580TX 4-port. it doesn't sow on te interface list. however, when i upgrade it to version 2.9.6, i can use the 4-port interface card.

it is working fine.

i am really agreed with u that MT doesnt not see whether the link is up or down. when i do torch, then i can see whether there is traffic going through that link. hope the next version can solve this problem.

ceylan · Mon Apr 08, 2019 4:21 pm

hi I'm trying to learn scripting shortly since and i have a BIG question. for example i am writing any script as follows...
system script add .....
/interface ethernet monitor ether1 once do={
:if ($rate = "10Mbps") do={
/system.........
}}

script is working when i press "run script" button. but i want the script always check the variables and when rate =10Mbps start do command.i know i can use "system scheduler" bu i want to know if i have another possibility?

ceylan · Tue Apr 09, 2019 6:09 pm

hi, i am trying to set sms sending but I get this error "couldn't perform action-no such channel".Actually it was working, i dont know what happend????

Configuration Problem

Configuration Problem

Please tell us how you did it !!

always check the variables

SMS SEND PROBLEM

Who is online