MikroTik

yudigadget

Hi, I have setup PPTP Server on company MikroTik, from my windows laptop use different internet connection can access the PPTP Server and connected, i also can access server on LAN with no problem. But the problem is internet access on my laptop can not access other than VPN area, so for example i c...

yudigadget

Hi, I have internet connection from 2 ISP (not same company), i will use eth1 for ISP 1 and eth2 for ISP 2. Both will get public IP Address, because the 1st ISP using cable modem and 2nd ISP using PPPoE Client. My LAN SubNet is 192.168.1.0 /24, the 192.168.1.1 /24 is the MikroTik as internet gateway...

yudigadget

Dear all, I read at http://wiki.mikrotik.com/wiki/Protecting_your_customers and there is firewall filter rules like this: /ip firewall filter add chain=forward connection-state=established comment="allow established connections" add chain=forward connection-state=related comment="allo...

yudigadget

come on? no help around here? because i already have 2 customers experience same problem..

yudigadget

So, I have 2 clients and both of them using RB433 (v 4.x), but i got report that they experience slow internet connection, for example: when their employees open a website, most of times, it just loading for moments and then connection time out. Same problem while sending email too (using SMTP). But...

yudigadget

I already bought Transcend microSD (SDHC) 8GB, but what a bad luck... my MikroTik RB433UAH v4.9 said it invalid and the size is 0 (zero), i can not do check drive, clean drive, & format drive. The CPU resources become 100% and restarted. I just read http://wiki.mikrotik.com/wiki/Supported_Hardwa...

yudigadget

Dear friends, I have problem that i want to connect my MikroTik RB433UAH to other MikroTik device (the other MikroTik device use HotSpot feature to share internet access) via Wireless. So, how to do that? I want to share the internet connection with my MikroTik. For your information, my friend is th...

yudigadget

My friend use MikroTik to share his ADSL internet connection, he use hotspot server on wireless. So, usually user need PC and then open a browser to login (get internet access). But i want to share the internet connection with my RB433UAH (already support WLAN) to my laptop and 2 PCs, i want my frie...

yudigadget

Here is the short of it.. As the RouterOS box acts like a proxy (NAT) for all devices behind it... when ANY device behind it loggs into the hotspot on the WAN side of the RouterOS box, it appears to the hotspot that the RouterOS box has logged in... Like wise any traffic crossing the RouterOS devic...

yudigadget

http://216.252.121.32/us.f451.mail.yahoo.com/ya/securedownload?clean=0&fid=Inbox&mid=1_20757_AHnFtEQAAO%2BtS9qcBQtuPCszOSc&pid=2&tnef=&prefFilename=globalwisata.doc&redirectURL=http%3A%2F%2Fus.mc451.mail.yahoo.com%2Fmc%2FshowMessage%3Fcmd%3Ddownload.failure%26fid%3DInbox%26mi...

yudigadget

Dear all2, At my customer office the internet access is blocked with WebProxy feature from MikroTik (RB450G v3.25) and only allow some sites, for example yahoo email, i already allow: *.yahoo.com *.yimg.com But the problem is can not download attachment, i found that yahoomail save the attachment fi...

yudigadget

anyone? please

yudigadget

There is small ISP at my client office building.. that ISP use MikroTik DHCP Server & hotspot feature.. So, if i want to connect to internet from PC/Laptop, turn on the wireless, obtain the IP from DHCP Server, and then need to open browser for enter username & login. Well, i need to share t...

yudigadget

One configuration item in /queue simle' can create from 0 to 3 separate queues - one queue in global-in, one queue in global-out and one queue in global-total. If all properties of a queue have default values (no set limits, queue type is default), and queue has no children, then it is not actually...

yudigadget

I bought MikroTik RB450G this is not my first time setting MikroTik, but 3.25 is new version for me, last version i use is 3.10 i just curious why the simple queue doesn't work, but torch is working... so, there is NO packet detected through simple queue.. please help me,.. thanks before 2009-11-09_...

yudigadget

if its still not being found referenced elsewhere then clear your winbox cache directory and try again.

it doesn't work either

yudigadget

If they are empty and still showing up in the Address List drop down then you are referencing them from a firewall rule. The simplest way I know of to clean it up is to export your firewall configuration. /ip firewall export file=firewall Transfer the created firewall.rsc file to your pc and do a f...

yudigadget

I'm very surprised you managed to block skype in the first place :) skype uses supernodes (other skype users nearby) to connect to the server, it also can look like SSL traffic, so it's very hard to track Yes normis, my plan is apply this configuration in emergency state. Sometime main internet con...

yudigadget

I made simple configuration of internet access limitation at our client (tour & travel company). So, the users can only access something that related to their job (browsing *limited*, YM and MSN). They (div_ticketing) can browsing sites that already listed in list_ticketing. But i have problem w...

yudigadget

It really anoying to have empty address list and i can not remove it.. because it always show in Src. List or Dst. List.
I have more than 10 empty address list

Please someone tell me how to remove it?

I use MT 3.11

thanks..

yudigadget

{ :foreach k in=[/ip dns cache find] do={ :if ([:find [/ip dns cache get $k name] "res.sriwijaya-air-online.com"] > 0) do={ :log info ("sriwijaya: " . [/ip dns cache get $k name] . " (ip address " . [/ip dns cache get $k address] . ")") /ip firewall address-li...

yudigadget

no help? come on.. it should an easy question for you guys... please share your knowledge..

yudigadget

For example you have 3 divisions in office: Accounting, HRD and Management How to limit access of Accounting division: - IP of government bank (to check foreign exchange rate) - other specific accounting related website Then HRD: - Yahoo! Messenger - MSN Messenger - Human Resources Recruitment websi...

yudigadget

no help?

then how do you set limitation of ports?

thanks,
yudi

yudigadget

Follow the http://wiki.mikrotik.com/wiki/Protecting_your_customers add chain=forward action=accept protocol=tcp dst-port=80 comment="Allow HTTP" add chain=forward action=accept protocol=tcp dst-port=25 comment="Allow SMTP" add chain=forward protocol=tcp comment="allow TCP&qu...

yudigadget

I follow famous article "Dmitry on Firewalling", then i tried to modify the configuration. Why i can not mark packet with chain tcp-services ? 10 chain=tcp-services connection-mark=http action=mark-packet new-packet-mark=packet_http_in passthrough=no so, no packet detected.. :( should i us...

yudigadget

Thanks for your reply. I have done exactly that but limewire still can connect and download. It is not the encrypted version so I presume it should work but it does not . Any ideas Paul I had same problem with Limewire, our customer using this P2P software to download music, etc and it slow down ou...

yudigadget

do you have any example of it mate?
it will help me a lot... thanks!

yudigadget

I have case in our company, so the user try changing IP Address to get high speed bandwidth or break the website limitation of web-proxy that i already set depends on their IP Address. The PC clients are about 50 PCs, some of them bring their laptop. I'm planning to implement HotSpot or PPPoE Server...

yudigadget

I have 2 interface: 1. Internet Gateway: 192.168.1.1 (ADSL Modem/Router) with MikroTik IP Address: 192.168.1.1 2. dynamic public IP from Dial-Up 56k external (serial port) and the internet gateway for example: 203.11.12.13 Local Interface with IP Address: 172.16.0.1-172.16.0.20 How to route internet...

yudigadget

I'm planning to make something better for my network performance. Right now i use WebProxy feature on MikroTik,.. My plan: - Porn sites: I need content filtering (catch words like xxx,sex,nude, etc) ~ dansguardian? and can handle huge of porn sites or dangerous sites from urlblacklist (CMIIW). And o...

yudigadget

yes, you're correct

thanks alot.. now i understand some about firewallling, i'm gonna test the other

yudigadget

/ip firewall nat add chain=dstnat src-address=x.x.x.x protocol=tcp dst-port=80 action=dst-nat to-addresses=y.y.y.y to-ports=80 I test your advice, but why doesn't work: [admin@MikroTik] > ip firewall nat print Flags: X - disabled, I - invalid, D - dynamic 0 chain=dstnat src-address=172.16.100.199 p...

yudigadget

Why doesn't work with forward?? as normis said, his advice is use forward, then set the dst-address I just curious.. thanks.. I tried below, both working very well: ip firewall filter 0 chain=input src-address=202.146.255.4 protocol=tcp action=drop or 0 chain=output dst-address=202.146.255.4 protoco...

yudigadget

What about nat rules? Probably you are redirecting traffic to web proxy or something. I think you're correct... NAT rules for web-proxy is the problem.. [admin@MikroTik] > ip firewall nat print Flags: X - disabled, I - invalid, D - dynamic 0 X chain=dstnat src-address=172.168.100.201 protocol=tcp d...

yudigadget

/ip firewall filter add chain=forward dst-address=210.210.145.201/32 protocol=tcp action=drop Non-authoritative answer: Name: web.cbn.net.id Address: 210.210.145.202 It looks like that's the problem: The server has the ip address ending with .202, and you block traffic to the .201 - that's not goin...

yudigadget

Normis ever said, i don't remember when... /ip firewall filter add chain=forward dst-address=210.210.145.201/32 protocol=tcp action=drop Non-authoritative answer: Name: web.cbn.net.id Address: 210.210.145.202 Aliases: http://www.cbn.net.id http://img90.imageshack.us/img90/3446/20080108172231ap6.jpg ...

yudigadget

:if ([:find [/ip dns cache get $i name] "friendster.com"] > 0) do={

maybe there is wildcard? like *friendster.com ?
:if ([:find [/ip dns cache get $i name] "*friendster.com"] > 0) do={

so will detect all sites that have friendster.com

i need a help...

yudigadget

I want to make script to do auto add address of website to address list, then proxy will look to that address list and deny it. Tired for me to re-add address of some sites, example: friendster.com (209.11.168.112, 209.11.168.113, 209.11.168.122, 209.11.168.123) and after some days or weeks the IP i...

yudigadget

normis, why your team create IP\Proxy? So, does IP Proxy better than IP\Web-Proxy? What is the advantages of using IP\Proxy?
How about web-proxy-test?

thanks..
Yudi

yudigadget

any help? please..

yudigadget

I tried create a backup of internet access using dial-up with external modem - serial interface. 1st of all, please check my configuration below.. does what i did is correct? specially on ppp profile, i create 2.. but i'm not sure whether it's correct or not. I just follow guide from book at local b...

yudigadget

I use DHCP Server and give IP Address base on MAC Address, then i do limitation (speed and access) on each IP Address Example, for my boss i give more speed than others and give unlimited access to any website; but for other employee i give lower speed and limit their access, like cannot access frie...

yudigadget

/ip dhcp-server leases add address=x.x.x.x mac-address=xx:xx:xx:xx:xx:xx

where to specify the gateway, subnet mask and dns?

thank you

yudigadget

I want to give IP 172.168.100.241 to MAC Address XX-XX-XX-XX-XX-XX how to do that?

thank you

yudigadget

oh i already solve for the 1st problem... redirect 80, 8080, 3128, etc to my proxy server (ex: 3128)

how to solve the 2nd problem and other possibility

yudigadget

There are some trick to open blocked sites,.. As far as i know use Proxy... there are 2 methods of using Proxy, setting the proxy from browser (in example: Internet Explorer - Internet Options), 2nd.. use web that give service open URL with proxy (example: http://www.freeproxy.ca/) How to prevent it...

yudigadget

I repost this question, because i think this question related to General Networking (previously i put this question at Scripting).. Ok, at my office many employee access http://www.myspace.com, http://www.friendster.com, etc. Actually, they already access those sites after office hours, because i bl...

yudigadget

is there any help?

yudigadget

Do this rule in your web-proxy: =================================== /ip web-proxy access add dst-port=80 url="http://www.google.com" action=deny =================================== Work fine, almost in my machine. Chao. Ok, so you want to block http://www.google.com, i believe if i were y...

yudigadget

then i tried mangle the connection, mark the packet from that IP, then limit it ip firewall mangle 6 chain=prerouting src-address=172.168.100.231 action=mark-connection new-connection-mark=clients-test passthrough=yes 7 chain=prerouting dst-address=203.84.155.150 connection-mark=clients-test action=...

yudigadget

I already tried with: subnet mask 255.255.255.0 or 24 on 203.84.155.150 and mikrotik force it to 203.84.155.0, well it's ok for testing.. so will affect to all ip in that subnet, once again.. it's ok for testing. 0 name="queue-test" target-addresses=172.168.100.231/32 dst-address=203.84.15...

yudigadget

yes i already do that... i already deny that site in my proxy list. but for a site (http://www.anything.com), block the http://www.anything.com is not enough.. because client still can access it by type it's IP to browser So, i need to add all IPs related to that site in proxy... and i already do th...

yudigadget

How to limit connection to an IP ? 0 name="queue-test" target-addresses=172.168.100.231/32 dst-address=203.x.x.x/32 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/24000 total-queue=default-small So, i want to limit connection ...

yudigadget

i already add those IPs in my Address List then i did: ip firewall filter print chain=forward dst-address-list=www.myspace.com action=drop why i still can access that site? ok,i tried ping those IP and got request time out... but once again, why i still can access that site? is this because i use we...

yudigadget

C:\Documents and Settings\Normunds>nslookup myspace.com Non-authoritative answer: Name: myspace.com Addresses: 216.178.32.50, 216.178.32.51, 216.178.32.52, 216.178.32.137 216.178.32.48, 216.178.32.49 for example there are lot of MySpace.com IPs.. how to add them all in single Address List? I tried u...

yudigadget

any solution for this problem?

yudigadget

I want the schedulle running on Monday - Friday (08:30 and 17:00) then Saturday (09:00 and 14:00). How to do that? because right now, i only can set for every day...

thanks

Yudi

yudigadget

Right now my office use ADSL connection and sometime there is probem with it, so i'm planning to use internal (PCI) voiceband modem 56K v.92 as backup connection. My questions are: 1. How to setup that modem on MikroTik, does it use PPP-Client? Do you know further information about this? because loo...

yudigadget

Hello, I use ADSL unlimited and planning to use limited connection (1 GB a month and will be charge for additional megabyte) for office use. I use firewall & web proxy to limit the internet usage, block images, website, etc. 1. How to know total traffic upload & download of an interface (eac...

Search found 60 matches