Ack
Mike Lyon mike.l...@gmail.com wrote:
Test
Sent from my iPhone
___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
I've been using RANCID with the community MikroTik patch for years with
fantastic results. I wouldn't run any network without RANCID.
Eric Muehleisen ericm...@gmail.com wrote:
I currently do MT backups using the scheduler to do a system backup
save
name then a FTP fetch. This all works
Soon, I will be installing a routerboard (probably a 2011) for a bank as
their primary router/firewall. Based on a little light reading, I'm
probably going to be using the following as a basic IPS configuration:
/ip firewall filter
add action=jump chain=input in-interface=ether1
...@gmail.com
September 13, 2012 14:21
add action=log chain=IPS limit=10,5 log-prefix=ping_flood: protocol=icmp
This will log any ICMP upto 10 packets per second, not more - I don't
think
it's what you need.
2012/9/13 Jacob Heider jhhei...@gmail.com
-- next part --
An HTML
So far I've had the fewest issues with the RB2011L-IN of any board that
wasn't $300+.
Eric Tykwinski mailto:eric-l...@truenet.com
September 11, 2012 16:06
Any suggestions for a small MT at my house to lab out some network gear?
I'm looking at the RB2011L, which seems pretty decent for the
Definitely happened with my AppleTV and OpenDNS. Reverting to (at home)
carrier DNS fixed massive buffering issues.
Bill Prince mailto:part...@skylinebroadbandservice.com
September 5, 2012 15:46
Be careful about using public DNS. Sometimes (emphasis on the some
in sometimes), this can connect
Interesting. I was trying to determine what 497 days was 2^32 of, but
10ms didn't sound like the sort of thing the kernel would use.
Rory McCann mailto:rmm.li...@gmail.com
August 30, 2012 9:04
Yep, was just going to post this:
http://youadmin.net/wiki/Linux:RedHat_uptime_reset_after_497_days
Generally, I do PPTP, but you should be able to do L2TP+IPSEC:
http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP
TJ Burbank mailto:tjburb...@gmail.com
August 27, 2012 10:03
What does everybody use for IPSec Remote End User Client Software to
terminate to a MikroTik
Have you assignedthe public IP on the public interface of the MT? You
probably also want the reflexive rule as shown here:
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#1:1_mapping
Mike Lyon mailto:mike.l...@gmail.com
June 12, 2012 14:51
Howdy,
I'm killing myself over here. Trying to
http://forum.mikrotik.com/viewtopic.php?f=14t=50333 ?
That seems like a good place to start.
John Buwa mailto:sa...@michianawireless.com
April 17, 2012 16:24
He wants all domains in this list to be redirected to a specific site.
So if his office workers goes to porno.com or any other domain
Late night musing for the group:
How (or do) all of you monitor IPSEC tunnels? snmpwalk doesn't show
anything likely, print oid doesn't work in that tree, and the only thing
that's responding to the API is /ip/ipsec/remote-peer/getall which seems
to be printing out the output of /ip ipsec
So you can have a network drive for file sharing on your network.
Without a server. I'm as mystified as you, Josh. Seems like a waste of
dev time, and a waste of router resources.
Josh Luthman mailto:j...@imaginenetworksllc.com
January 25, 2012 2:11 PM
But what does Samba have to do with
Replacing the old OIDs or fixing the CPU issue? The CPU issue seems unfixed:
I upgraded midday yesterday, and it doesn't look appreciably different.
On 2011-11-03 12:09 AM, Josh Luthman wrote:
Was this fixed in 5.8?
What’s new in 5.8 (2011-Nov-01 10:14):
*) snmp – fixed problem where some
Nope.
# snmpbulkwalk -c $comm -v2c router_4 1.3.6.1.2.1.25.2.3.1.5.131073
HOST-RESOURCES-MIB::hrStorageSize.131073 = INTEGER: 61440
# snmpbulkwalk -c $comm -v2c router_4 .1.3.6.1.2.1.25.2.3.1.5.1
HOST-RESOURCES-MIB::hrStorageSize.1 = No more variables left in this MIB
View (It is past the end
I *think*, but haven't tested, that if you walled-garden apple.com it
should think it's connected properly, then give you the hotspot login
once you browse anywhere.
If it's not apple.com that it hits, then torch/packet sniffer/dns cache
should tell you what it's trying to do.
On 2011-10-20
Use SSH/telnet/Winbox/Webfix(v5-only). Webbox was never good for much.
On 2011-09-23 10:28 AM, Steve Jones wrote:
does it make coffeee?
I turn OFF the protect WAN because I assume it eliminate most rules. I want
a flat router with no rules other than subnet her goes there, my concern is
with
There's some community code to create an mtlogin and mtrancid for
rancid, which will allow you to use SVN for backups (with diff emails,
if you like), and you should be able to use mtlogin to run remote
commands if needed.
On 2011-09-12 12:50 PM, Alan Bryant wrote:
I've been looking at both
Only reason I can think of is that ether1 isn't on the switch1 chip, and
2-5 are. If that doesn't matter (say, because you're bridging) then you
should be fine.
Flags: X - disabled, R - running, S - slave
#NAME MTU MAC-ADDRESS
ARP
If you're willing to bridge rather than switching, you could avoid the
cable swap. This will use more CPU, of course, so it depends on the site
needs.
On 2011-08-09 2:35 PM, Jeromie Reeves wrote:
Ah fooies that is exactly what I was worried about. Going to need to
go swap the cables then as I
http://gnuwin32.sourceforge.net/packages/wget.htm
http://curl.haxx.se/download.html (bottom)
On 2011-08-04 7:33 PM, Don Gould wrote:
I'm mucking about with the netwatch commands.
I can see in the wiki that I can send an email on an event.
What I'm wondering is if I can put a web pages?
eg
There's also Mikrotik scripts for RANCID that mostly work. It looks like
the routers will occasionally spit out bad data in the license section,
or, if not set, the ovpn-server mac will change frequently causing false
positives on the changes, but otherwise it works fantastically.
On
having to fix it manually.
Works mostly though. I do get the constant revisions from MAC changes
but I just ignore them.
On 8/1/2011 10:19 AM, Jacob Heider wrote:
There's also Mikrotik scripts for RANCID that mostly work. It looks
like
the routers will occasionally spit out bad data in the license
/sys log add topics=ospf action=echo
You should see what's going on. I've had it fail due to timer mismatches.
On 2011-07-11 1:08 PM, Josh Luthman wrote:
I have three sites (not really towers) that I want to all talk OSPF.
Looking at it from left to right I have
The office with two play RBs
And you've added the networks those IPs come in on under /rout ospf net ?
On 2011-07-11 1:15 PM, Josh Luthman wrote:
I've septuple checked to make sure the timing was all the same.
echo: route,ospf,debug Received packet from an unknown network: source=
where source is all three of the OSPF
Hm. Have you tried specifying the literal networks you're one, rather
than everything? The docs suggest that what you're doing should work,
but I'd try it the other way. And you have the interfaces added in /rout
osp int, right? Try the bridges and ethernets, or one or the other. I'm
guessing
Not all the networks you want distributed, but all the ones neighbors
are on. In my network, that's a /30 with the two routers on it, but I'm
thinking basically the same network defined in /ip address on which
you're listening.
On 2011-07-11 1:47 PM, Josh Luthman wrote:
Note the *OSPF*
Josh, that all looks similar to my configuration, with the exception
that I'm specifying the specific networks, and that I don't see your
interface config. Did you use interface=all, or have you specified the
interfaces?
On 2011-07-11 2:13 PM, Josh Luthman wrote:
As suggested, I specified
Does anyone know if you can run hotspot successfully on a transparent
bridge? The idea would be to provide hotspot functionality, but on
pass-through ports, in case anything goes wrong on the device to allow
traffic to continue un-authed. I'm thinking something like this (on an
RB1100AH):
It definitely should. I was just wondering if anyone knew for certain
before I get to it. :-)
On 2011-07-06 11:01 AM, Josh Luthman wrote:
Just thoughts...
The hotspot acts as an ARP proxy. It will catch anything and everything it
can. If a user does static ARP the hotspot is bypassed.
As a
All,
We had a report from one of the VoIP providers that the routerOS SIP ALG
produces some unexpected results when transferring phone calls. This was
in, iirc, RouterOS 5.2 on an RB750. I didn't pursue the question of
weirdness any further, as they were swapping out the router with a
0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ Voice Management ];
}
native-vlan-id default;
}
}
}
On 18/06/2011 10:49 a.m., Jacob Heider wrote:
Are you sure
I wouldn't ask this, if I hadn't been burned by Juniper on this very
issue. Anyone able to state definitively if RouterOS will support both
vlan 1 (untagged) and higher number (tagged) traffic on the same
interface? Cisco devices could care less, but for some reason, fully
confirmed by Juniper
. This was on J-series routers (J2320s).
On 2011-06-17 6:40 PM, Andrew Thrift wrote:
JunOS devices can do this, I have a large number of clients running
these configurations. Juniper J Series, EX, MX and SRX devices.
On 18/06/2011 4:39 a.m., Jacob Heider wrote:
I wouldn't ask this, if I hadn't been
And with it, we get the RB750GL... I guess they ran out of 680MHz CPUs?
On 2011-05-25 5:43 PM, Justin Miller wrote:
ROS 5.3 is out with many SNMP fixes.
What's new in 5.3 (2011-May-25 15:19):
*) snmp - fix table get next with partial row keys;
*) snmp - respond from correct source address when
Weird that routeros-$arch-$ver.npk is still pullable from their server then.
On 2011-05-20 2:56 PM, Butch Evans wrote:
On Fri, 2011-05-20 at 07:32 -0700, Bill Prince wrote:
Now why doesn't MT provide that.
They don't even want me to provide it. They don't want people using the
old versions.
me superstitious, but certain versions are more favorable in my
book when I know they have been doing what I need for a while w/o issues.
I hate that I have to do that, but oh well.
bp
On 5/20/2011 1:08 PM, Butch Evans wrote:
On Fri, 2011-05-20 at 15:02 -0400, Jacob Heider wrote:
Weird
http://download.mikrotik.com/routeros-mipsbe-3.30.npk still works for
me. Just because you can't see it doesn't mean it's not there. I usually
just use /tool fetch to upgrade software, so I'm used to typing that
out. No 5.3 or 6.0rc1 yet, however...
On 2011-05-19 3:23 PM, Jeromie Reeves
If they've been touching the SNMP engine, I wonder if this is related to
the incorrect CPU data I've been seeing. It *looks* like Cacti's
snmpbulkwalk of the device is causing a spike which it records, but
which isn't sufficient to make it to the internal rrd. So my CPU looks
like it's running
It sounds like the device (unwisely) puts its IP address in the data
stream. That's the only reason I can think of why it might need to be
mangled. A la FTP, SIP, etc. Usually such protocols require
application-layer gateways to fix up their traffic.
At least, that's my inference from their
So, I've been seeing issues since upgrading a bunch of 750 and 750Gs to
5.0rcX, 5.1 and 5.2. I did have to change the OIDs I was graphing, due
to changes in the system, but more worrying is this:
RB750:
Cacti:
vs. Router:
Clearly, the spikes aren't actually occurring. My working theory
Josh,
How does that work with respect to the WAN interface. As I understand
you'd have:
Internet
|
v
WAN Device (modem, etc)
|
v
switched device
||
vv
VRRP MasterVRRP Backup
||
vv
LAN
So, the backup is only accessible at its internal, real IP while in
backup-mode? So, it wouldn't, for example, have internet access for
itself? Maybe I just need to set this up and take a look, but what would
the box do if you tried to do a /tool fetch
:16 PM, Butch Evans wrote:
On Thu, 2011-04-28 at 14:24 -0400, Jacob Heider wrote:
So, the backup is only accessible at its internal, real IP while in
backup-mode? So, it wouldn't, for example, have internet access for
itself?
Yes and no. With VRRP, there are 2 parts to the configuration
Seconded. I've run a few routers out of memory, slowly, over weeks or
months. What am I failing to properly account for?
On 2011-04-23 10:37 PM, Stuart Pierce wrote:
What are some of the biggest reasons for scripts to leak memory ?
With luck they broke it while adding the new RB751s to their hardware
page...
On 2011-04-18 9:46 PM, Josh Luthman wrote:
Down
http://www.downforeveryoneorjustme.com/mikrotik.com
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Mon, Apr 18,
c) Cacti SNMP graphing of cpu load shows massively elevated load
(60-80%) even on routers running 4%.
On 2011-04-06 3:10 PM, Andrew Cox wrote:
Only problems I've seen so far are
a) some issues with SNMP polling the devices
b) issue where the dynamichs-hotspot simple queues are shown in
They're linked at the right of: http://www.mikrotik.com/download.html
4.x is http://www.mikrotik.com/download/CHANGELOG_4
On 3/1/11 2:04 PM, Rory McCann wrote:
Is there a changelog available for RouterOS anywhere? I see 4.16 is
available now and am wondering what has changed since 4.10.
Nope. Very limited rule set. Allow from a few IPs on the outside, drop
everything else. Masquerade from the inside, dstnat a couple of ports.
No layer-7 inspection or anything else.
On 12/23/10 12:20 AM, Josh Luthman wrote:
Did you put Kerrys first Netflix rule on it? That happened to me.
On
out. I
have seen this when the IP buffer is full. Only way I know to fix it
is reboot and i have not figured out what causes it. And since I am
running 3.30 I don't get any supout help from Mikrotik.
On 12/22/2010 11:47 PM, Jacob Heider wrote:
So, we had a weird issue last night. We have
So, we had a weird issue last night. We have an RB750 at a customer
location which suddenly stopped responding to
HTTP/HTTPS/SSH/telnet/FTP/Winbox/API. All traffic continued to pass from
the inside to the outside. We asked the customer to reboot the box in
the morning, and everything returned
I haven't tried it, but I think http://wiki.mikrotik.com/wiki/Flashfig
is what you want. If you do roll the dice with flashfig, I'd be
interested in hearing about your successes/gotchas.
On 10/6/10 1:20 PM, Jeromie Reeves wrote:
Is it possible to set the 'default config' that a RB goes to
51 matches
Mail list logo