MikroTik

thermant

How many? Well, I'm counting 120+ (I've just started about 2 weeks ago) and they're increasing at the rate of 5-10 a day.

Well, I'll see what I can find out about setting up a dns server. Thanks for the suggestion.

-Z-

thermant

@benmikrotik: that's what I've been doing all along, and it's getting tedious. :lol: @reverged: the problem I'm having with your solution is in the sentence "the list can't be huge and the frequency of update should be reasonable". :) If not for that, I woulda used your solution. Thanks fo...

thermant

So....

Not a chance in hell I can do that using ROS alone then? <sigh>

Oh well, it's worth a try.

Thanks fewi.

thermant

Ah, yes, well, that's true.

Oh, and I clarified.

Ahem...

thermant

Darn...

So what can I do if I want to achieve the result I want?

There are quite a number of these local questionable sites that I would really want to block, and openDNS is just not filtering them. Same thing for some non-local sites and the local DNS.

-Z-

thermant

Uhh... I thought that's what I said.

Is it not?

Well, that's that then.

We have an official answer.

-Z-

thermant

Hi all, I'm trying to use openDNS-like services to help me with web-filtering. See, there's a similar service in my country that contains "questionable" sites that openDNS often miss, mostly local sites though. Probably that's why openDNS doesn't have them in their database. Anyway, I'm th...

thermant

Thought I could help clarify this matter, as I was also facing this problem not too long ago. As Tim said, "masquerade" IS a NAT. It's a src-nat for every local connection that goes through the router to the internet, changing the source addresses from local addresses (192.168.x.x) to the ...

thermant

Oh? So even though the router has its own DNS, I can still set a different DNS for the clients? But I set the router as a DNS proxy, so DNS requests would be redirected to the router itself (port 53). Will it still work, you think? I am unable to try it at the moment, I'm nowhere near the router. If...

thermant

Hi Stephen, I don't have lots of expertise with this auto failover thing, but this is how I setup my 2 ISP network, and the failover seems to work just fine. /ip route add check-gateway=ping comment="ISP1" disabled=no distance=1 \ dst-address=0.0.0.0/0 gateway=aaa.bbb.ccc.ddd scope=30 targ...

thermant

Hi all, I have 4 active interfaces on my RoS, 2 going to the net and 2 going to local networks. Can someone tell me if it's possible to set different DNSs for each of the local networks? Say, LOCAL1 will use OpenDNS's addresses, and LOCAL2 will use the ISP's addresses? If so, would you mind telling ...

thermant

Great that you have it working.

Now, about your next question, I assume you have read the basic setup guide in the wiki? If so, I would need to look at your current NAT rules, so can you post them here please?

thermant

OK, you guys, an update: First, lemme ask this to see if I'm understanding this whole mangle thing correctly: Mangle rules are processed in chains and from top to bottom, exactly like the firewall filter rules. And the only ways RoS will stop this top-to-bottom processing are: 1. when it finds a mat...

thermant

Hi guys, I'm baackk! Heh, that's kinda lame. Anyhoo, right now I have 2 WANs (one of them has just beed added a few days ago), and 2 LANs on my router. Let's call em PUBLIC1 (domestic + international), PUBLIC2 (domestic only), PRIVATE (192.168.2.0/24), and LOCAL (192.168.1.0/24), shall we? Here's ho...

thermant

Hi swiftcreek, If memory serves me right, I don't think you can have one same subnet for more than one interface. So each interface should serve different subnets, hence the "routing" task of the router. I dunno, I could be wrong. Memory's kinda foggy lately. In your situation, try to use ...

thermant

.... ... .. . IT'S DONE!!! YAAAAYYYYY!!!! Turns out I left a LAN cable laying around one of the switches, and some idiot cleaning crew thought he somehow dropped it. Hence he plugged it back in. Both ends in the same switch. D'oh! Let the storm begins. That'll teach me NOT to leave any cables laying...

thermant

So, the brute force approach, eh? Darn...

Oh well...

So what I'm looking for is the machine that, when I unplug its ethernet cable, would cause the storm to stop, yes?
Alright. I'll try it and let you all know how it goes.

Thanks, all.

thermant

@rmichael: My switches are unmanaged. And YES, the lights are blinking like crazy. This one 8-port that I replaced earlier, all its lights were blinking like mad. The funny thing is, they all blink at the same time. I disconnected each cables, plugged them back, and even replaced the switch with a n...

thermant

Well... Darn, maybe I should explain things a bit more clearly first. OK, here's the situation at my workplace: I work at a sort of training center that heavily utilizes computers. All my clients can only use the computer as is. The websites that can be visited are limited, no one can download anyth...

thermant

@jwcn: Which machine? 192.168.1.210? You think so? The same problem happened on 3 machines before, remember? Or do you mean the router? I think that's not the case too, because other clients also can't connect to anywhere... Well, but that's just me. @fewi: Wireshark eh? Alright, I'll try that. Afte...

thermant

@fewi: The bad news: I scanned 210, and it came out clean. No virus, malware, or whatever. Well, that is to be expected I suppose, since I limited the users' access that much. But it is still there in the torch window, even after I turned it off. The good news: 101 and 165 is now gone. Just like tha...

thermant

Ooohh, that one. D'oh! Wonder why I didn't see it the first time. Anyway, it says 00:00:03, which I assume would be, uh, 3 seconds? How the hell does it becomes hours then? Oh, and fewi, the numbers are constantly changing, so it's not like it stays at a certain number all the time. It really seems ...

thermant

How do I look at the entry time out?

edit: Still downloading the newest AV definition, thought I would overwrite the ones that's already there. Or maybe get another AV altogether. Meh... Anyway, what I don't understand is how a turned-off PC can still broadcast?

thermant

Well, I can see why you would say what you said, but what about 192.168.1.165? The machine's been off for an hour. And just now, I turned on another PC (192.168.1.210) as a test, then turned it off again. After 5 minutes, I torched again, and the traffic appears!! So now there're three computers lis...

thermant

Hi all, My PC ROS has 3 NICs: PUBLIC, LOCAL (192.168.1.0/24), and PRIVATE (192.168.2.0/24, for my personal use). Earlier today, my LOCAL network suddenly started acting up. VERY frequent connection drops & RTOs, high latency, and it took forever to reconnect. The PRIVATE network is fine, even no...

thermant

Speaking of squid... I -am- planning to use squid as an external proxy, but am currently confused about the positioning of the proxy. You see, I have not set up my clients to use any proxy, and set up mikrotik as a transparent proxy that listens on port 80, 3128, and 8080. I also use the mikrotik pr...

thermant

@myxylplyx: Dang, your username is hard to write. :) Anyway... In your case, here's what I'll do: IF you're trying to limit the bandwidth for the devices in your home, I will use the RB at your home to do so. Just add some simple queues like so: /queue simple add name="test" target-address...

thermant

OK, the problem came back. :? The "Cache Drive" in the proxy setting in winbox shows nothing, empty, nada. Hence, nothing is cached. Well, I -think- nothing is cached. I don't know if it's just a display issue, but I don't think so. It might be fixed with a reboot, but does anyone know why...

thermant

Your mangle rule is currently disabled, since it doesn't work when I tried it... /ip fir man pr without-paging Flags: X - disabled, I - invalid, D - dynamic 0 X ;;; CACHE HIT chain=output action=mark-packet new-packet-mark=cache-packets passthrough=no dscp=4 You want -all- of the simple queues? I ha...

thermant

Hmm, still doesn't work... See, this is the simple queue that I use for testing: 14 name="Netbook" target-addresses=192.168.2.204/32 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=384k/1M burst-limit=0/0 bu...

thermant

@skillful,

Tried everything you suggested (dscp, mangle, and the new queue), then I download 2 files that I know is in the cache-content. Can't seem to bypass the existing queue... It's still in effect.

Any other ideas?

-Z-

thermant

Never mind...

Rebooted the router, and it all came back.

Hmm... Weird...

Can somebody close this thread please?
Thanks.

-Z-

thermant

@Tim: Yes, yes, I know you're looking at me. Guilty as charged.

Anyhoo... Good thing it all worked out for ya, Brian.

Cheers.

-Z-

thermant

Gaahh!!! I tried the same setup you have, and ping works both ways. OK, let's do what surfertim says: 1. unplug ethernet cable from ether1 2. run /interface ethernet print 3. copy the whole thing here -Z- edit: Yeah, it should look something like this: Flags: X - disabled, R - running, S - slave # N...

thermant

Hi guys, I've recently upgraded from ROS 3.2x to 3.30. On 3.2x, I've setup the webproxy to use the existing HD (the one ROS is installed in, let's call it " system ") for the cache, NAT redirect rules are set, and life is good. It's recently come to my notice that for some weird reason the...

thermant

Hi Bryan, OK, first things first: By "pinging the gateway", you do mean your internet gateway, yes? And second, from what I see, you have the same IP address for your ether2 and your gateway. :) You need to change the address of your gateway to the one given to you by your ISP. Here's what...

thermant

Awesome. I'll try it right away and let you know how it goes.

Thanks.

thermant

Ouch, that's harsh...

But seriously though, you REALLY don't know how to upgrade your routerOS? Wow...

Ehm... Try reading the mikrotik wiki, or maybe the download page? There should be something there...

thermant

wouldn't that just change the name "webmaster" to "NewName"?

Can you really change the word "Mikrotik"? I don't think you can...

Well, you can if there's a way to change the built-in error page to your own error page, with pictures and all. Is it possible?

thermant

Hi all, I've setup transparent proxying on my router, like so: 1 ;;; Proxy for Local LAN chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address=192.168.1.0/24 dst-address=!192.168.1.0/24 in-interface=LOCAL dst-port=80 2 chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address...

thermant

No? D'oh! That's why it doesn't show.

Anyway, tried downloading something too earlier, from http://www.pctools.com/mirror/rminstall.exe, it also doesn't show in the cache-content. Weird.

Anything I'm doing wrong?

thermant

@csickles: I'm using mikrotik's own proxy, and I don't know how to add a logging scheme to it. Eheheh... And I haven't been using any other kind of proxy. I know there's squid that can offer more detailed logging... I'll think about using it. Thanks for bringing this up. @normis: Checked your answer...

thermant

Hi again, I'm trying to create a makeshift file-server using routeros, ROS proxy, and a big HD. See, my clients regularly download program updates from the company's main db in another city, and also there's the AV updates, windows updates, etc, etc. I'm thinking of using the HD to save these update...

thermant

I know I'm getting ahead of myself here, but if such a log is possible, can I add timestamp to each entry? Or even better, the IP address of the client requesting the site.

^^

thermant

Hi all, I have a RouterOS 3.30 installed on a P4, with 3 NICs: PUBLIC, LOCAL (192.168.1.0/24), and PRIVATE (192.168.2.0/24). I'm currently using ROS's web proxy as a transparent proxy, and am currently using it as a site blacklist for users in LOCAL, since they will only be visiting sites they are a...

thermant

Hi all,

I'm wondering, would it be possible to make the dst addresses (or even src) when you do a torch in winbox to appear not as IP address, but as host names?

If so, how do I do that?

It would make things easier for me if it can be done.

Thanks.

thermant

Hi all, I read in the manual that there are several ways to limit your clients' bandwidth, right? You can use simple queue (just input tx max limit and rx max limit), or use PCQ. Currently I am using simple, and it works just fine (at least I haven't seen any troubles or heard any complaints...) My ...

thermant

Uh, you forgot to input your public IP... :) You should set the IP for the interface that you're getting your internet connection from (your "public" interface) to the IP address given by your ISP. Also, have you done the NAT masquerading? IMHO, the easiest way would be to connect to the w...

thermant

Yay! They are connected! Thank you so very much. I did the one with EoIP. Anyway, I came across a problem when I was setting the connection up. Well, more like "will" come across a problem soon in the future... Here's how: All of the articles mainly spoke of connecting -TWO- radios/network...

thermant

Dang...

I missed the "wireless" link on the main Wiki page. Turns out there ARE several articles on the issue on that section. My bad, my bad...

Well, I'll try reading the articles, and I'll be back when I'm stuck.

Sorry for the trouble. And thanks for giving me that link, Normis.

-Ted-

thermant

Oh? I'm sorry, I guess I'm not being clear enough. I'm trying to connect the two RBs, so basically I just need articles related to wireless radios, connecting 2 (or more) RBs, the likes. My experience in connecting multiple wireless radios is, sadly, limited to the various DLink products, so it's mu...

thermant

Hi all, I've just bought 2 routerboards (433 and 411) that I'm planning to use to connect the office LAN with home. Well, the thing is, I'm completely at a loss as to the setup and all. The manual I downloaded from routerboard.com doesn't really help, and mikrotik's Wiki articles on routerboard are ...

thermant

@ashish: OK. That's what I got too from reading similar previous posts. Well, back to the manual then. <sigh> Just one question though: Like I said, there will be 2 kinds of traffic going through port 80 (HTTP): the regular web browsing and the patches. Can I use queue tree to separate these two? Or...

thermant

Uhhh, you do want to CLEAR the old log entries, no? Disabling the rules then re-enabling it won't clear the old entries. In fact, it will add a "log rule changed by..." line for every rule you disable, then another one when you enable it. Oh well, if you managed to do what you want to do.....

thermant

This is how I usually do it:
1. Go to system > logging > actions
2. double click the ones you want to change (e.g: disk), change the "Lines" value to 1. It will delete all previous entries.
3. Change it back to the desired number of lines.
4. All done. ^^

thermant

Hi guys, OK, first lemme just ask this one question: Are ALL traffic generated from browsing the net go through port 80 (HTTP)? Oh, and HTTPS for secure sites (what port number is that again)? No download, FTP, nothing else. Just plain simple browsing. Now, to lay out the background situation: I hav...

thermant

Hi, I just have a question about the item ordering in NAT. See, in my NAT window, I have the main route masquerade, some port forwarding, and the transparent proxy line. If memory serves me right, the order of items in the firewall filter rules does matter, but I'm not sure about NAT... So are there...

thermant

Hmm... That's not quite it. I know about the "Load previous session" thing, and I have no problem when the router is on. The problem is, when the router is rebooted/turned off, the "load previous session" checkbox doesn't work. Whether it's checked or not, it still loads an empty...

thermant

Gah, I forgot about this post entirely. ^^

Yeh, I tried doing a reprobe on a faster computer, and it's updated almost instantly. Guess it's the old computer that's causing the delay.

Thanks much for all your explanations. ^^

thermant

Letni,

Thanks for replying, but I don't see any posts by parrini in the thread you gave me.

Could you maybe check the link again? ^^

Thanks again.

thermant

Heya guys, Just have one small question here: See, I have these windows, like ping, torch, interface, and such already open in router os, right? Set up just the way I like it. Problem is, whenever I rebooted the router, these window would disappear. I would need to reopen each one and put them in th...

thermant

Hmm, looks like it works. Thanks much beerfiend. One question though: If I want to update the status of my clients RIGHT NOW, what do I do? There are some instances when I need to know which clients are up and down immediately. I tried drag-selecting them all, then right-click, settings, then "...

thermant

/ip proxy> pr enabled: yes src-address: 0.0.0.0 port: 8080 parent-proxy: 0.0.0.0 parent-proxy-port: 0 cache-drive: system cache-administrator: "theSuperAdmin" max-cache-size: 8000000KiB cache-on-disk: yes max-client-connections: 600 max-server-connections: 600 max-fresh-time: 3w serialize-...

thermant

Hmm... Tried those steps, tried downloading a 12+MB file from download.com.

Typed this:
/ip proxy cache-contents pr where file-size>12000

But the file didn't show up.

How odd.

What am I doing wrong?

thermant

Regular proxy, eh? Ouch... :( I'm gonna need some help here, you guys. Mikrotik noob alert. :) Correct me if I'm wrong, but are these the steps that I need to do? 1. Remove the transparent proxy from the NAT rules. 2. Set the proxy address for EACH client using, say, IE's internet options: Change pr...

thermant

Lesse if I'm getting this right. Since AV & some game updates don't use HTTP (don't go through port 80) so there's NO WAY I can have a local copy if I only use RouterOS? At all? :shock: Ouch, that's a big let-down... :cry: What do I do then, if I want to store a local copy of the update files?

thermant

Neat, I'll try it and see how it goes.

Thanks so much for the answer.

thermant

Hi all, I need to configure my proxy to cache not only stuff accessed through web browsers, but also through the various auto-patches performed by other applications that doesn't go through port 80 (http), say auto-patch for the anti virus, online games, etc. I have 80+ clients, and I don't want my ...

thermant

Hi all, I am really new to Dude, so I don't know if my question has been answered before or not. Tried reading several posts, can't understand them. ^^ Anyway, I have this problem here (if you can call it a problem): I'm using Dude to monitor the number of clients that are on or off at any given tim...

thermant

Yay! Thanks a lot for the answers. Will try it later.

Thanks again, mrz.

Now, can anyone answer my 2nd question? The one about port 80?

Thanks.

thermant

One more thing, you guys... I need to configure my proxy to cache not only stuff accessed through web browsers, but also through the various auto-patches performed by other applications that doesn't go through port 80 (http), say auto-patch for the anti virus, some online games, etc. I don't want my...

thermant

Hi all, I'm making a script (run by netwatch) to send me emails whenever the router is up/down, right? Well, there are some things that I'm unclear about, and am wondering if you guys can help. ^_^ 1. I'm trying to make it so that the email would read "Router is down at dd-mm-yyyy hh:mm:ss"...

thermant

uhh... Anyone can help? Please?

thermant

Uh, changed LOCAL to PUBLIC, didn't see anything different... I'm keeping it at PUBLIC at the moment, hope I'm doing it right. Do correct me if I'm wrong... Anyway, I have some more questions, hope you guys can lend me a hand one more time... 1. Well, I see a ton of 0kb files in the cache, mainly av...

thermant

So the way I'm doing it now (using LOCAL) does actually opens up the proxy for public? ack...

Will try it. Thanks.

thermant

Anyone? Help, please?

thermant

Hi all, I'm trying to configure a transparent web proxy, and am not sure if I'm doing everything correctly, so if some of you can take a gander and tell me if I'm doing this right or wrong, that would be great. I'm not a network tech, so please reply in layman terms. ^^ OK, here goes: //ip firewall ...

thermant

Oh, hi sergejs, long time no see. Well, the problem is the timeout never lasted long enough for me to do anything about it. Like I said, usually it only lasted for several seconds. I know it's not that long, but since most of my customers play online games, even 1-2 seconds of timeout can cause them...

thermant

Hey guys, I have a regular Intel PC installed with RouterOS 2.9.50 or something, and I have a problem with it timing out every day at the same time (around 10.30 in the morning). It's always around that time that the router would time out for several seconds (sometimes it can go for as long as 5 min...

thermant

Something's wrong, you guys...

I saw occasional bandwidth usage that jumps above 128k. The highest I've seen so far is 250k-ish. Did I do something wrong? I don't have burst on, so this shouldn't happen, right?

Any ideas?

Thanks.

-Ted-
EGS

thermant

:o :o :o Hmm... Tried promind's advice, used chain=forward with everything... /ip firewall mangle add chain=forward src-address = 192.168.1.100 action=accept passthrough=no /ip firewall mangle add chain=forward dst-address = 192.168.1.100 action=accept passthrough=no /ip firewall mangle add chain=fo...

thermant

Hmm... It won't work, you guys... Sure, it limits the bandwidth to 128k, but it limits EVERY station on the network to 128k, INCLUDING the consultant stations... This is what I used: /ip firewall mangle add chain=prerouting src-address = 192.168.1.100 action=accept passthrough=no /ip firewall mangle...

thermant

You mean chain=forward?

Why do you suggest that? Will it perform better or something?

thermant

OK then, I'll try it out tonight.

Thanks much for replying, you two.
You're the best!

thermant

So to sum things up, here's what I think I should do: /ip firewall mangle add chain=prerouting src-address = 192.168.1.100 action=accept passthrough=no /ip firewall mangle add chain=prerouting dst-address = 192.168.1.100 action=accept passthrough=no /ip firewall mangle add chain=prerouting src-addre...

thermant

Thanks a lot for replying. The thing is, I really have no idea on how to go about doing it... Sorry, I'm really new at this (I'm not a network guy...) So anyway, according to the wiki page, I add this line first, right? /ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=all ...

thermant

Hi all, I've read the article from http://wiki.mikrotik.com/wiki/PCQ_Examples , and turns out that is just the thing I need for my network. Thank you for all who posted the link. One question though. In that example, EVERY client is limited to 32k up / 64k down, right? Well, I want to allow one or t...

thermant

Hey all, I've just recently upgraded to a lv 4 license, and am trying my hands on setting NATs. Any help would be appreciated. Anyway, I want to set my clients to be able to host a Warcraft III game on BattleNet. I'm going to go and assume that some (only some, a very small "some" :) ) of ...

thermant

Actually, it's not silly at all. :) I've heard that 3Com boards are more picky about the quality of cable, connector, and so on. That's why I changed to the DLink, which is more, well, lenient on such items. Like I said, the first few days are fine. But now it's back to the old trouble again... The ...

thermant

board? Oh, you mean routerboard? No, I'm using a PC.

Sorry I forgot to mention that in my post.

thermant

mneumark: Like you suggested, I upgraded to .42. Also added some firewall rules through the winbox web interface (enabled both protect router and protect customer). I also changed the Public interface to use the DLink card. Things were fine for a few days. Now the same problem is back, although slig...

thermant

No one can help me with this? :cry: Well, the only fiewall rule I use is the one for the NAT: chain=srcnat out-interface=PUBLIC action=masquerade Just like in the quick start, and nothing else. Does this help anyone answer my question somewhat? Whenever this problem happens, I look in the "Pack...

thermant

Heya guys, A newbie with a strange problem here. :) I've just recently installed RouterOS 2.9.40 on my router, and I have this weird problem with a LAN Card suddenly disconnecting (usually) once a day. I'm using the onboard LAN Card (Local) and a 3Com 3c905B-TX (Public)on the router, and the one tha...

Search found 93 matches