Re: [Mikrotik] Test

Ack Mike Lyon wrote: >Test > >Sent from my iPhone >___ >Mikrotik mailing list >Mikrotik@mail.butchevans.com >http://mail.butchevans.com/mailman/listinfo/mikrotik > >Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >RouterOS -

Re: [Mikrotik] Automatic config backup

I've been using RANCID with the community MikroTik patch for years with fantastic results. I wouldn't run any network without RANCID. Eric Muehleisen wrote: >I currently do MT backups using the scheduler to do a "system backup >save >name" then a FTP fetch. This all works correctly but the file

Re: [Mikrotik] "IPS" lines for financial institutions

hup...@gmail.com> September 13, 2012 14:21 add action=log chain=IPS limit=10,5 log-prefix=ping_flood: protocol=icmp This will log any ICMP upto 10 packets per second, not more - I don't think it's what you need. 2012/9/13 Jacob Heider -- next part -- An HTM

[Mikrotik] "IPS" lines for financial institutions

Soon, I will be installing a routerboard (probably a 2011) for a bank as their primary router/firewall. Based on a little light reading, I'm probably going to be using the following as a basic IPS configuration: /ip firewall filter add action=jump chain=input in-interface=ether1 jump-target=IPS

Re: [Mikrotik] Just a quick opinion needed...

So far I've had the fewest issues with the RB2011L-IN of any board that wasn't $300+. Eric Tykwinski September 11, 2012 16:06 Any suggestions for a small MT at my house to lab out some network gear? I'm looking at the RB2011L, which seems pretty decent for the pri

mikrotik@mail.butchevans.com

Definitely happened with my AppleTV and OpenDNS. Reverting to (at home) carrier DNS fixed massive buffering issues. Bill Prince September 5, 2012 15:46 Be careful about using public DNS. Sometimes (emphasis on the "some" in sometimes), this can conn

Re: [Mikrotik] Odd

Interesting. I was trying to determine what 497 days was 2^32 of, but 10ms didn't sound like the sort of thing the kernel would use. Rory McCann August 30, 2012 9:04 Yep, was just going to post this: http://youadmin.net/wiki/Linux:RedHat_uptime_reset_after_497_days

Re: [Mikrotik] IPSec Client

Generally, I do PPTP, but you should be able to do L2TP+IPSEC: http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP TJ Burbank August 27, 2012 10:03 What does everybody use for IPSec Remote End User Client Software to terminate to a MikroTik Rou

Re: [Mikrotik] Simple 1:1 NAT on Mikrotik

Cisco guy and this is my first attempt on setting up NAT on MK. Thanks, Mike Jacob Heider <mailto:jhhei...@gmail.com> June 12, 2012 15:15 And changed the dstnat rule as well? If it's working, you shouldn't be able to access the router from the outside any more. -- nex

Re: [Mikrotik] Simple 1:1 NAT on Mikrotik

o love... -Mike Jacob Heider <mailto:jhhei...@gmail.com> June 12, 2012 15:09 Based on the link, looks like you want the action "netmap", as well as the reflexive rule. -- next part -- An HTML attachment was scrubbed... URL: <http://www.butchevans

Re: [Mikrotik] Simple 1:1 NAT on Mikrotik

Based on the link, looks like you want the action "netmap", as well as the reflexive rule. Jacob Heider <mailto:jhhei...@gmail.com> June 12, 2012 14:55 Have you assignedthe public IP on the public interface of the MT? You probably also want the reflexive rule as sh

Re: [Mikrotik] Simple 1:1 NAT on Mikrotik

Have you assignedthe public IP on the public interface of the MT? You probably also want the reflexive rule as shown here: http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#1:1_mapping Mike Lyon June 12, 2012 14:51 Howdy, I'm killing myself over here. Trying to

Re: [Mikrotik] Redirecting x.com to y.com

http://forum.mikrotik.com/viewtopic.php?f=14&t=50333 ? That seems like a good place to start. John Buwa April 17, 2012 16:24 He wants all domains in this list to be redirected to a specific site. So if his office workers goes to porno.com or any other domain

[Mikrotik] Monitor IPSEC tunnels remotely

Late night musing for the group: How (or do) all of you monitor IPSEC tunnels? snmpwalk doesn't show anything likely, print oid doesn't work in that tree, and the only thing that's responding to the API is /ip/ipsec/remote-peer/getall which seems to be printing out the output of /ip ipsec stat

Re: [Mikrotik] Mikrotik Windows File server

So you can have a network drive for file sharing on your network. Without a server. I'm as mystified as you, Josh. Seems like a waste of dev time, and a waste of router resources. Josh Luthman January 25, 2012 2:11 PM But what does Samba have to do with tha

Re: [Mikrotik] Mikrotik Windows File server

Normis claims you pair it with a USB thumb drive in your RB751U-2Hn, and you can have files sitting on it that you might want quickly, or to provide to guests. That seems very necessary for a routing platform. Josh Luthman January 25, 2012 1:50 PM 5.12 *) im

Re: [Mikrotik] mibs and 5.6

-MIB::hrStorageSize.131073 = INTEGER: 61440 On 2011-11-03 9:35 AM, Josh Luthman wrote: The OIDs. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Nov 3, 2011 9:32 AM, "Jacob Heider" wrote: Replacing the old OIDs or fixing the CPU issu

Re: [Mikrotik] mibs and 5.6

some rows were missed in a few tables when walking them; Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Aug 11, 2011 at 5:29 PM, Jacob Heider wrote: Yeah, they changed that with one of the 5.0rcX. Very annoying. My external CPU probes r

Re: [Mikrotik] Hotspot and Ipads

I *think*, but haven't tested, that if you walled-garden apple.com it should think it's connected properly, then give you the hotspot login once you browse anywhere. If it's not apple.com that it hits, then torch/packet sniffer/dns cache should tell you what it's trying to do. On 2011-10-20

[Mikrotik] RB751U-2Hn woes (already)

Got my first pair of the 751s, and one of them killed itself inside of two hours. All lights rapidly blinking, no response to any management, no response to reset buttons. Second one is still running. Hopefully, that's a pretty isolated outcome. ___ M

Re: [Mikrotik] full default rb750

Use SSH/telnet/Winbox/Webfix(v5-only). Webbox was never good for much. On 2011-09-23 10:28 AM, Steve Jones wrote: does it make coffeee? I turn OFF the protect WAN because I assume it eliminate most rules. I want a flat router with no rules other than subnet her goes there, my concern is with it

Re: [Mikrotik] Password Changing & Auto backup Script

There's some community code to create an mtlogin and mtrancid for rancid, which will allow you to use SVN for backups (with diff emails, if you like), and you should be able to use mtlogin to run remote commands if needed. On 2011-09-12 12:50 PM, Alan Bryant wrote: I've been looking at both t

Re: [Mikrotik] mibs and 5.6

Yeah, they changed that with one of the 5.0rcX. Very annoying. My external CPU probes report vastly higher numbers as well. On 2011-08-11 4:53 PM, Terri Kelley wrote: Man. Just upgraded some 433AHs and 411AHs from 4.17 to 5.6 and found that they changed some MIBs/OIDs which breaks my snmp moni

Re: [Mikrotik] RB750, Switch settings, Doh

as I am going to route between port1 and the other 4 links at the site. Thank you. On Tue, Aug 9, 2011 at 11:14 AM, Jacob Heider wrote: Only reason I can think of is that ether1 isn't on the switch1 chip, and 2-5 are. If that doesn't matter (say, because you're bridging) the

Re: [Mikrotik] RB750, Switch settings, Doh

Only reason I can think of is that ether1 isn't on the switch1 chip, and 2-5 are. If that doesn't matter (say, because you're bridging) then you should be fine. Flags: X - disabled, R - running, S - slave #NAME MTU MAC-ADDRESS ARPMASTER-PORT

Re: [Mikrotik] WGet Like Command

e commands. On Aug 4, 2011 11:11 PM, "Jacob Heider" wrote: http://gnuwin32.sourceforge.net/packages/wget.htm http://curl.haxx.se/download.html (bottom) On 2011-08-04 7:33 PM, Don Gould wrote: I'm mucking about with the netwatch commands. I can see in the wiki that I can send an ema

Re: [Mikrotik] WGet Like Command

http://gnuwin32.sourceforge.net/packages/wget.htm http://curl.haxx.se/download.html (bottom) On 2011-08-04 7:33 PM, Don Gould wrote: I'm mucking about with the netwatch commands. I can see in the wiki that I can send an email on an event. What I'm wondering is if I can put a web pages? eg wg

Re: [Mikrotik] Compare Mikrotik Exports

ault != Default and I always end up having to fix it manually. Works mostly though. I do get the constant revisions from MAC changes but I just ignore them. On 8/1/2011 10:19 AM, Jacob Heider wrote: There's also Mikrotik scripts for RANCID that mostly work. It looks like the routers will occas

Re: [Mikrotik] Compare Mikrotik Exports

There's also Mikrotik scripts for RANCID that mostly work. It looks like the routers will occasionally spit out bad data in the license section, or, if not set, the ovpn-server mac will change frequently causing false positives on the changes, but otherwise it works fantastically. On 2011-08-0

Re: [Mikrotik] OSPF not getting neighbors

=default /routing ospf network add area=backbone comment="" disabled=no network=0.0.0.0/0 Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Jul 11, 2011 at 2:02 PM, Jacob Heider wrote: Not all the networks you want distributed, but

Re: [Mikrotik] OSPF not getting neighbors

of the routers. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Jul 11, 2011 at 1:42 PM, Jacob Heider wrote: Hm. Have you tried specifying the literal networks you're one, rather than everything? The docs suggest that what you're d

Re: [Mikrotik] OSPF not getting neighbors

-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Jul 11, 2011 at 1:17 PM, Jacob Heider wrote: And you've added the networks those IPs come in on under /rout ospf net ? On 2011-07-11 1:15 PM, Josh Luthman wrote: I've septuple checked to make sure the timing was all the same. ech

Re: [Mikrotik] OSPF not getting neighbors

f the OSPF neighbors, one per log echo. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Jul 11, 2011 at 1:11 PM, Jacob Heider wrote: /sys log add topics=ospf action=echo You should see what's going on. I've had it fail due to ti

Re: [Mikrotik] OSPF not getting neighbors

/sys log add topics=ospf action=echo You should see what's going on. I've had it fail due to timer mismatches. On 2011-07-11 1:08 PM, Josh Luthman wrote: I have three sites (not really towers) that I want to all talk OSPF. Looking at it from left to right I have The office with two play RBs in

Re: [Mikrotik] Hotspotting a transparent bridge

ld be pretty easy to show it works or doesn't work in a few minutes. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Jul 6, 2011 at 10:40 AM, Jacob Heider wrote: Does anyone know if you can run hotspot successfully on a transparent b

[Mikrotik] Hotspotting a transparent bridge

Does anyone know if you can run hotspot successfully on a transparent bridge? The idea would be to provide hotspot functionality, but on pass-through ports, in case anything goes wrong on the device to allow traffic to continue un-authed. I'm thinking something like this (on an RB1100AH): bri

[Mikrotik] RouterOS SIP ALG "weirdness"

All, We had a report from one of the VoIP providers that the routerOS SIP ALG produces some unexpected results when transferring phone calls. This was in, iirc, RouterOS 5.2 on an RB750. I didn't pursue the question of "weirdness" any further, as they were swapping out the router with a netop

Re: [Mikrotik] Hopefully a stupid question about VLANs

e-0/1/0 { description "L2 Aggregation"; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ Voice Management ]; } native-vlan-id default; } }

Re: [Mikrotik] Hopefully a stupid question about VLANs

; traffic. This was on J-series routers (J2320s). On 2011-06-17 6:40 PM, Andrew Thrift wrote: JunOS devices can do this, I have a large number of clients running these configurations. Juniper J Series, EX, MX and SRX devices. On 18/06/2011 4:39 a.m., Jacob Heider wrote: I wouldn't ask th

[Mikrotik] Hopefully a stupid question about VLANs

I wouldn't ask this, if I hadn't been burned by Juniper on this very issue. Anyone able to state definitively if RouterOS will support both vlan 1 ("untagged") and higher number ("tagged") traffic on the same interface? Cisco devices could care less, but for some reason, fully confirmed by Juni

Re: [Mikrotik] Memory Leak in ROS 5

And with it, we get the RB750GL... I guess they ran out of 680MHz CPUs? On 2011-05-25 5:43 PM, Justin Miller wrote: ROS 5.3 is out with many SNMP fixes. What's new in 5.3 (2011-May-25 15:19): *) snmp - fix table get next with partial row keys; *) snmp - respond from correct source address when

Re: [Mikrotik] Thud Thud Thud Thud

Are you graphing memory usage? I've seen some weird issues with the 750 line going OOM from scripts, or snmp, or some other problem MT won't cop to. On 2011-05-25 3:46 PM, Ryan Spott wrote: That is almost exactly what is happening here. It's killing me. ryan On 5/25/2011 11:15 AM, Justin Mil

Re: [Mikrotik] Upgrading 3.30 to 4.17/5.2

me superstitious, but certain versions are more favorable in my book when I know they have been doing what I need for a while w/o issues. I hate that I have to do that, but oh well. bp On 5/20/2011 1:08 PM, Butch Evans wrote: On Fri, 2011-05-20 at 15:02 -0400, Jacob Heider wrote: Weird that

Re: [Mikrotik] Upgrading 3.30 to 4.17/5.2

Weird that routeros-$arch-$ver.npk is still pullable from their server then. On 2011-05-20 2:56 PM, Butch Evans wrote: On Fri, 2011-05-20 at 07:32 -0700, Bill Prince wrote: Now why doesn't MT provide that. They don't even want me to provide it. They don't want people using the old versions.

Re: [Mikrotik] Upgrading 3.30 to 4.17/5.2

http://download.mikrotik.com/routeros-mipsbe-3.30.npk still works for me. Just because you can't see it doesn't mean it's not there. I usually just use /tool fetch to upgrade software, so I'm used to typing that out. No 5.3 or 6.0rc1 yet, however... On 2011-05-19 3:23 PM, Jeromie Reeves wrote:

Re: [Mikrotik] Memory Leak in ROS 5

If they've been touching the SNMP engine, I wonder if this is related to the incorrect CPU data I've been seeing. It *looks* like Cacti's snmpbulkwalk of the device is causing a spike which it records, but which isn't sufficient to make it to the internal rrd. So my CPU looks like it's running

Re: [Mikrotik] Mangle for an HVAC system?

It sounds like the device (unwisely) puts its IP address in the data stream. That's the only reason I can think of why it might need to be mangled. A la FTP, SIP, etc. Usually such protocols require application-layer gateways to fix up their traffic. At least, that's my inference from their re

[Mikrotik] Cacti CPU utilization

So, I've been seeing issues since upgrading a bunch of 750 and 750Gs to 5.0rcX, 5.1 and 5.2. I did have to change the OIDs I was graphing, due to changes in the system, but more worrying is this: RB750: Cacti: vs. Router: Clearly, the spikes aren't actually occurring. My working theory i

Re: [Mikrotik] VRRP

obvious here, unless it's that you must use on-backup= and on-master= to enable/disable the IP address... On 2011-04-28 3:30 PM, Jacob Heider wrote: I see. So, thinking back, the VRRP creates a kind of virtual router, which will be the gateway for the LAN (ideally), and which both physical

Re: [Mikrotik] VRRP

:16 PM, Butch Evans wrote: On Thu, 2011-04-28 at 14:24 -0400, Jacob Heider wrote: So, the backup is only accessible at its internal, real IP while in backup-mode? So, it wouldn't, for example, have internet access for itself? Yes and no. With VRRP, there are 2 "parts" to the config

Re: [Mikrotik] VRRP

ast v3 I would expect you'd be all right, but I haven't used VRRP since 2.9. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Apr 28, 2011 at 2:15 PM, Jacob Heider wrote: Josh, How does that work with respect to the WAN interfac

Re: [Mikrotik] VRRP

Josh, How does that work with respect to the WAN interface. As I understand you'd have: Internet | v WAN Device (modem, etc) | v switched device || vv VRRP MasterVRRP Backup || vv LAN

Re: [Mikrotik] Script Memory Leaks

Seconded. I've run a few routers out of memory, slowly, over weeks or months. What am I failing to properly account for? On 2011-04-23 10:37 PM, Stuart Pierce wrote: What are some of the biggest reasons for scripts to leak memory ? ___

Re: [Mikrotik] MT.com down?

With luck they broke it while adding the new RB751s to their hardware page... On 2011-04-18 9:46 PM, Josh Luthman wrote: Down http://www.downforeveryoneorjustme.com/mikrotik.com Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Apr 18, 20

Re: [Mikrotik] Fwd: RouterOS v5.0 released

c) Cacti SNMP graphing of cpu load shows massively elevated load (60-80%) even on routers running < 4%. On 2011-04-06 3:10 PM, Andrew Cox wrote: Only problems I've seen so far are a) some issues with SNMP polling the devices b) issue where the dynamic simple queues are shown in router graphs

Re: [Mikrotik] RouterOS Changelog?

They're linked at the right of: http://www.mikrotik.com/download.html 4.x is http://www.mikrotik.com/download/CHANGELOG_4 On 3/1/11 2:04 PM, Rory McCann wrote: Is there a changelog available for RouterOS anywhere? I see 4.16 is available now and am wondering what has changed since 4.10.

Re: [Mikrotik] RB750 access loss

ping out. I have seen this when the IP buffer is full. Only way I know to fix it is reboot and i have not figured out what causes it. And since I am running 3.30 I don't get any supout help from Mikrotik. On 12/22/2010 11:47 PM, Jacob Heider wrote: So, we had a weird issue last night.

Re: [Mikrotik] RB750 access loss

Dec 22, 2010 11:47 PM, "Jacob Heider" wrote: So, we had a weird issue last night. We have an RB750 at a customer location which suddenly stopped responding to HTTP/HTTPS/SSH/telnet/FTP/Winbox/API. All traffic continued to pass from the inside to the outside. We asked the customer to

[Mikrotik] RB750 access loss

So, we had a weird issue last night. We have an RB750 at a customer location which suddenly stopped responding to HTTP/HTTPS/SSH/telnet/FTP/Winbox/API. All traffic continued to pass from the inside to the outside. We asked the customer to reboot the box in the morning, and everything returned t

Re: [Mikrotik] RB450/RB750 Defaults

I haven't tried it, but I think http://wiki.mikrotik.com/wiki/Flashfig is what you want. If you do roll the dice with flashfig, I'd be interested in hearing about your successes/gotchas. On 10/6/10 1:20 PM, Jeromie Reeves wrote: Is it possible to set the 'default config' that a RB goes to whe

[Mikrotik] Multiple VPN setup

I'm wondering how many other nightowls in the Mikrotik world are fleshing out configs at 10pm, but I guess I'll find out. My setup is this (at the moment): 2 RB750Gs, connected with ports 1 and 2 back to back (with a /30 on each) and a "lan" on ports 3-5. We're trying to pin up a pair of VPNs (e