MikroTik

joeri91942

Ok, did you try my suggestion? "If so, did you add a srcnat/accept rule from your local net to the remote network BEFORE your NAT-rule?" Did you try a traceroute to see which way your packets took? My MT box has the following rules FIRST in the list; / ip firewall nat add chain=srcnat src-...

joeri91942

With two DIFFERENT network interfaces as this 1. ether1 - ip (10.10.0.251/16) - subnet (255.255.0.0) - static IP 2. ether2 - ip (10.10.13.2/16) - subnet (255.255.0.0) - static IP You have one that is on the network 10.10.x.x (interface1, 10.10.0.251/16 ) and the second that is on network 10.10.x.x (...

joeri91942

Now that just plain doesn't work..... network 1 and network 2 are the same network. Go back to the drawing board!

/Jörgen

joeri91942

Do you have NAting on outgoing traffic? If so, did you add a srcnat/accept rule from your local net to the remote network BEFORE your NAT-rule? Otherwise it will be NATed and go out on the Internet! Try a sourceroute trace to see where your packets go....

/Jörgen

joeri91942

Yeah.. that was it, had enabled bridging to give my voip-box a public IP, I didn't have a switch on the outside of my router so I thought that I could just bridge my Internet connection to a dedicated port for the voip-box.... bad idea!

100% CPU does not make a happy router

/Jörgen

joeri91942

Hi all I've got a small network that has been working very well for some time but recently performance has been low and when checking the MT router I see a LOT of connections (10-30´!). The weird thing here is that these connections aren't even using my routers IP.. source are lots of machines on th...

joeri91942

I had this same problem about a year ago, was in communication with MT support about it back then (even offered to open up my machine so that they could run it remotely to find the problem). However the only reply I got to my questions was "It works" so I assumed that it was working the wa...

joeri91942

And it's even a defined standard!
http://www.faqs.org/rfcs/rfc1149.html

/Jörgen

joeri91942

One could only wish that MT would at least support the MS implementaton... that way we could get Windows clients and Linux client using OpenVPN working, I hate having o use a MS VPN concentrator to get my clients connected!

/Jörgen

joeri91942

Hi again You are completely correct, there is no way to handle this in-band in PPP, I wasn't trying to say that you where wrong in that.. just that MS has some special trick to actually supply DHCP information on a PPTP connection. I've been trying to find where in ***** I saw the description on how...

joeri91942

This...? http://forum.mikrotik.com/viewtopic.php ... highlight=

/Jörgen

joeri91942

Hi Savage Just to save you the trouble of googling for "classless static routes" just let me tell you that RFC3442 does define how to distribute static routes to a client. When you are saying that "you can NOT provide a mask suppler" you are thinking about the old classfull stati...

joeri91942

Actually Normis if you apply the thread title (PPTP) to the question and then look at MS implementation it DOES assign routes! We have a system running which uses MS RRAS serving WinXP clients using PPTP over Internet, the RRAS server has an internal "loopback" network adapter with a 192.1...

joeri91942

If you want to filter out "bad" emails from your system you need to look at something like SpamAssassin (or its payed-for brothers). Install a separate SMTP machine dedicated for incoming emails that runs everything through anti-virus, spam filters etc and then forwards to your internal em...

joeri91942

I wonder if this might be what you are looking for....?
http://forum.mikrotik.com/viewtopic.php ... highlight=

/Jörgen

joeri91942

Didn't I post a link to a link budget calc in one of your previuos qeustions??? Ah well, here ii is again... http://www.smarteq.com/industrial/se/su ... udget.html

/Jörgen

joeri91942

You need to tell us more about your setup if we are going to be able to help you..... just posting ping times and yelling help doesn't accomplice much. Start by giving you hardware setup, start at one card and described every single part that is in the path until we reach the next card... including ...

joeri91942

As was said in a referenced link earlier this month.... GTFW! :-) And if you Google The F***** Web for "mdi mdi-x" you will find links like this one http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci786996,00.html You need a crossover cable to connect two end-devices with each ...

joeri91942

The second rules does just what it is told to do... packet-marks all packets that are associated with http traffic (ie that has connection-mark=http-con ) That connection mark is set on all http traffic (dst-port=80) in the first rule. Rule #3 tells the system to keep track of sessions going to port...

joeri91942

You can manually change the ESX config file to provide support for IDE discs.... snippet from my running ILM-Router.vmx #scsi0:0.present = "TRUE" #scsi0:0.name = "SAN2:ILM-Router.vmdk" #scsi0:0.deviceType = "plainDisk" ide0:0.present = "TRUE" ide0:0.deviceType...

joeri91942

Well since you can't seem to find the link yourself.... http://forum.mikrotik.com/viewtopic.php ... highlight=

READ this topic, it clearly explains how to set up QoS

/Jörgen

joeri91942

Or you could at least try to use the search function in the forum...... the question HAS beeen answered before

/Jörgen

joeri91942

Also look up the owner of the offending IP and file a compliant at their abuse address.... it might not help but hopefully they'll contact the offender and tell him to quit or be disconnected

/Jörgen

joeri91942

Then it should be enough with just static routes....

/Jörgen

joeri91942

Not sure I completely understand what you want to do, you stated that you want to "entire traffic comming from/gowing to ISP1 trough ISP1 gateway "... how would you know what IPs are under a certains ISPs control? If you are saying that you want incoming traffic to your router's external I...

joeri91942

Opps, my bad! This is strange, now I have never used simple queues, I just looked at it to see if I could give you some help Winbox in my case gives a strong hint that it should be start-duration (since it default shows 1d 00:00:00 in the end field), however when I try that it doesn't work.... When ...

joeri91942

How about if you tried to read the manual or maybe just tried to look at the console and read what it says?... ok, the manual is less then readable on this subject but winbox gives a hint when the second field is "1d 00:00:00" The time field for simple queues is starttime- duration ,weekda...

joeri91942

I have had some slight problems with links bouncing up and down on link speed and getting varying ping times, resulting in lost packets and communication problems... specifically VoIP is cranky when the packet latency fluctuates! hello ( hello... hello.... ) echos are a prime symptom on that got tha...

joeri91942

Now could someone please explain to me why one would use WDS to create a transparent link over a long distance??? A long distance link would have limited bandwith, medium to high latency and generally be "thinner" then the local networks on both sides.. if you're using M$ networking (as I ...

joeri91942

Or maybe just read the example that is linked together with the package?!

http://www.mikrotik.com / Wireless Systems / Backbone + AP / click here for setup instructions

/Jörgen

joeri91942

Well.... P = I * U and U = R * I is probably the best way to explain it :-) To elaborate.... If you need say 10 Watt at the consuming point you would need either 12Volts * 0.83Amps OR 48Volts * 0.20Amps at that point So what does that mean..... and why is that important? Normally it wouldn't matter ...

joeri91942

Yes, experience is necessary... that's why I have added the "build and test" instructions :-) However if you do not have an understanding of WHY a netmask looks like it does or WHAT a port number is etc etc then you will never gain any experience no matter how much to work with the stuff.....

joeri91942

Ahlai This is an typical example of someone that hasn't even tried to figure out what is wrong and instead decided to blame their mal-config on some other part of the system else and request help with that.... normally I wouldn't even try to respond to this kind of question but since I am feeling ch...

joeri91942

Generally speaking... NO Start with reading (until you understand them) every single RFC you can find regarding IP, TCP, UDP, routing, RIP 1 & 2, OSPF, VRRP, BGP etc etc... and while reading, try to build and test it in real life.... The RFCs ARE the holy grail when it comes to IP based standard...

joeri91942

Uhm, from my view there is something fundamentaly wrong with your config.... how can you create 4 different subnets on the same LAN through the same adapter, assign each of them (by defining adresses instead of range) dynamic address from the machine having the 4 addresses and expect things to work?...

joeri91942

This works in my setup

/ ip pool
add name="dhcp-pool-1" ranges=192.168.2.100-192.168.2.254

/ ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1 \
dns-server=195.67.199.33,195.67.199.34

/Jörgen

joeri91942

I agree totally with abc123 above. My "rules" for building links - use as few parts as possible - use GOOD antennas, it's better to listen well then to scream loudly! - make sure you have short high quality cables (NOT the kind that most people call lowloss! Use real low-loss, 1/2" or...

joeri91942

Try this

/ ip dhcp-server lease 
add address=192.168.2.73 mac-address=00:11:D8:8E:B0:D5 disabled=no
add address=192.168.2.40 mac-address=00:01:80:32:DF:92 disabled=no

/Jörgen

joeri91942

Maybe he's low on hardware and wants to test a MT installation / configuration without loosing whatever's on the machine?

Either way.... VmWare's the way to go! I did an test installation at home with 6 MT (24 hour machines) at home, work real sweet!

/Jörgen

joeri91942

Search for my posts, there's a complete config dump in one of those that works very well

/Jörgen

joeri91942

Maybe the "How to buy" link on MTs homepage would be of help?

http://www.mikrotik.com/1howtobuy.html

Otherwise, if you're ordering enough boxes you could order directly from MT... last time I ordered the minimum was USD1000 for a direct order

/Jörgen

joeri91942

Hi all

To do this you must provide the IP addresses for the incoming machines from a DHCP server that provides option 121, classless static route.

With that you can add address/subnet pairs that are sent to the client and imported into its route table

/Jörgen

joeri91942

Exactly what type of LMR-400 are you using??? There's several types and some of then do not have 50 Ohms impedance!

/Jörgen

joeri91942

Well... as Normis clearly wrote this was done indoors, and as you can easily see if you look at the pictures the units are just a few feet apart! I'm pretty sure that you will have a very hard time duplicating their signal strengths on a 25km link! However.... as we can see from the pictures they ar...

joeri91942

Hi Michael I was waiting to hear from you on this... thought it was solved since you didn't post anything in the other thread. For those of you just catching up it's here http://forum.mikrotik.com/viewtopic.php?t=7230&highlight= We did talk some about the polarization on the grid antenna, have y...

joeri91942

Newer done it with Virtual Server (like to stay away from MS product until at least one SP, or two, has been released). However I have done quite a few things in VmWare.... and since they are releasing their midrange product (GSX) as freeware I think that is the way to go. This link http://forum.mik...

joeri91942

There's a topic discussing this at http://forum.mikrotik.com/viewtopic.php ... highlight=

Should give you some pointers on how to do it.... for more detailed help you need to tell us more about your setup. Like;
- who's talking to who?
- internal or external voip servers?
- etc

/Jörgen

joeri91942

Hi Matt Unless there is any legal requirements you would do well in avoiding the 2.4GHz band! It's full of home router equipment, microwaves, DECT phones, Bluetooth etc.... it just isn't usable anymore, well unless you are in a completely virgin area :-) Instead you should take a look at 5.7GHz, lot...

joeri91942

Do the math.... Signalstrength from point A to point B; Pout - Ltx + Gtx - FSPL + Grx - Lrx - Lrx = Pin And then just check Pin against what the card ais specified at each level! If you do not want (or know how) to do to the math then google for a link budget application... there's a pretty good one...

joeri91942

If you went ahead and bought RB's and cards then why didn't you go all the way and got the integrated 522 model?

No fuss in building boxes of your own, no problem with pigtails/adapters/ cables... just one box with proper weatherproofed connectors!

/Jörgen

joeri91942

Are you going to move the RB's up to the antenna or will you still use the 25m LMR400?

/Jörgen

joeri91942

Oh yes you can do that... all you need is big enough ears (read high-gain antennas) and absolutely clear line-of-sight (including fresnel zone!) Just run a link budget calculator (for example this one http://www.antennspecialisten.se/se/support/WDT_linkbudget.html) and plug in the values you want to...

joeri91942

The way I have made it, wich is sort of reversed since I have my VOIP servers internally is to connection mark all traffic coming from a specific server/IP OR going to the same IP, tag all packets with that connection mark with a proper VOIP tag and then put them in the top-prio queue Some code add ...

joeri91942

Hi Michael

Any luck on this? Have you gotten the link up to a decent signal level?

/Jörgen

joeri91942

Hi Michael Seems I misunderstood your question, I thought you asked HOW to set the tx-power... the values of max tx-power can easily be found if you look at the specifications for each card, you might be able to tweak the card above those values but you usually end up with horrible side-frequencies ...

joeri91942

Hi again Well, basically the command should state which card you are tampering with set wlan1 manual-tx-powers=1Mbps:24,2Mbps:24,.... would be the card wlan1 and set wlan2 manual-tx-powers=1Mbps:24,2Mbps:24,.. would be the card wlan 2 etc I guess your browser did a line break on the config line, her...

joeri91942

Ah yes.... I forgot about those, #1, Easiest way to see/set the tx-power would be to use winbox, it's all there in the interface (interfaces / wireless / tx-power). Granted the CLI is the "proper" way for us old timers to go but still there is a few things to be said for GUIs to :-D Otherw...

joeri91942

Hi again Looking forward to hearing the results... problems like this is fun when you're not the one having to fix them! :-) If I where to do your link, knowing what I do from the few installations I have done AND if I was sure I would not need NStreme2 I would go with the integrated rb500/22dB ante...

joeri91942

Hi again Michael I see some different information in in your posts.. you started by stating that you had 6 feet low-loss cable and now you say that you have 25 feet lmr-400? Could you check that you haven't accidentally gotten the LMR-400-75? That could explain your bad numbers! Also, a "detail...

joeri91942

Hi again I have to agree with Nick here... that link should perform very well! One stupid question, how about polarization? Have you checked so that all antennas are aligned the same way... and double-checked by rotating one? Bad polarization can cause a loss of 20-30dB Also, what's the box that the...

joeri91942

Hi Michael You are clearly having some kind of link loss that you shouldn't have according to your description.... but let's start with some replies to your questions. Antenna gain is used by the router OS to calculate the maximum "legal" output power, what it does is to; - take the countr...

joeri91942

Just did a bw test on my latest installation, 3.5km link, about 32dB S/N, cards capped to 24Mb, 5GHz turbo mode, nstreme - dynamic-size TCP - both ways 12 Mb/s - 100% CPU TCP - send 19 Mb/s - 100% CPU TCP - receive 19 Mb/s - 100% CPU for some strange reason I'm not getting anything on the UDP test.....

joeri91942

Hmmm..... any special time of day you loose connection? When you loose the link, is there any kind of debug/log/message/status information on the DLink unit stating why it lost the link? Normally it would just reestablish the link in case of disturbances so it sounds strange that you have to restart...

joeri91942

Hi there With that setup you shouldn't have much problem, while i haven't done that many long distance setups though, the last I did was a 4km this weekend and that worked real sweet.. could even reduce output power to fit inside regulatory demands :-) anyway, back to your issue.... Since you are us...

joeri91942

Hi again I did spend some time with this yesterday and I had no luck at all getting a machine from the "inside" succesfully connecting to an external IP/port that dst-nat back in to the same local network.... not sure if it is even possible to do! I know that MS ISA server in previous vers...

joeri91942

Hmm.... I think I will have to wake up my testbed for this, unfortunately I have a traning session tonight so I might not be able to do anything until tomorrow evening. I'll let you know what I find....

/Jörgen

joeri91942

I think that this is another version of the problem I had when I didn't add the "in-interface=ether4 " on my mangle. What happens is that the traffic gets tagged with route-eth2 packet mark and the only routing rule you have handling that traffic doesn't know where to send the packets (it ...

joeri91942

valcoman, your ping problem.... have you done a dst-nat for ping to your web-server? I don't think that it will be handled by your connection-tracker / policy routing unless you run the pings through the MT (that is not having the MT answer them)... if you let the MT answer then the packets will nev...

joeri91942

Thanks for your kind words, it feels good to be appreciated (sp?, English is not my native language) This was a interesting problem so I spent some extra time on it... and it worked more or less the way I thought it should work. For those of you that wonder how someone can have 6 MT routers availabl...

joeri91942

As I said above... a quick drawing http://www.twoalpha.com/MT/MTDualISP.jpg And some code User1 /interface enable ether1 /ip address add address=192.168.101.50/24 interface=ether1 /ip route add dst-address=0.0.0.0/0 gateway=192.168.101.1 User2 /interface enable ether1 /ip address add address=192.168...

joeri91942

I've got it!!!!!!! Had some time over so I decided to set up a test environment and try to figure this out..... I can say that it wasn't completely clear and I had quite a few thoughts about just giving up on the whole thing :-) Anyway, here's the setup. 6 MT routers User1, ether1 192.168.101.50/24 ...

joeri91942

The manual says: "passthrough - ignore this rule and go on to the next one. Acts the same way as a disabled rule, except for ability to count packets" Yes.... however if you look at the detailed explanation in the manual it states the following; passthrough (yes | no; default: yes) - whet...

joeri91942

My understanding of passthrough is as follows; All packets flow through each chain, starting with the first rule and continues through to the next rule UNLESS the packet is matched in a rule AND the passthrough option is set to no. If the option is set to no then the packet is kicked out of the chai...

joeri91942

You're welcome, it's feels good to be able to help!

/Jörgen

joeri91942

Hi again As I said... I was typing straight out of my test without any test that it actually worked :-) I have a MT available now and you can't do a != (not like) in /ip route If you just try with add dst-address=0.0.0.0/0 gateway=158.247.x.x routing-mark=pkt-eth3 Does that work? If you run winbox y...

joeri91942

Ah.. ok, now it makes sense! You have two ISPs for locally hosted services! Hmm.... you need to do some kind of source-routed return traffic How about if you..... and I am just typing without any verification now since I don't have two ISP nor the possibility to test anything right now so all typos ...

joeri91942

Uhm.... passthrough=no is the way to go, here's parts of my config (I've deleted lines and config-statemenets to bring it down to a readable size) /ip fire mang exp add chain=prerouting dst-address=192.168.2.40 protocol=tcp dst-port=5061 action=mark-connection new-connection-mark=voip-con passthroug...

joeri91942

Hi Mezlo Not sure what you are trying to do here.. .are you saying that you want all traffic generated on Ether3 (158.247.x.x/29) to be sent out again to the ISP gateway on that network? If so, why would that traffic ever reach your Ether3? Traffic generated on that subnet should have the proper gat...

joeri91942

A nice CPE unit would be the client packages that Mikrotik has... Routerboard 5xx mainboard integrated into a 22dB antenna (no loss from cables, connectors), level 4 license, POE

Available in both 5GHz and 2.4GHz for a mere $350!

/Jörgen

joeri91942

Anyone? Any ideas on where to look? I'm out of ideas now

/Jörgen

joeri91942

It's not really that hard to setup.. as written above just read the manual and you should get the tunnel "established". Getting data through it might be another thing though! Been bumping my head against this for quite some time (on my spare hours since it wasn't critical) and finally foun...

joeri91942

I have the exact same behavior, on three different WinXP boxes against two MT (RB500 / 2.9.7) boxes... have contacted MT about this and got the reply "It works" When I replied that I was willing to allow them to remote control one of my machines to see for themselfs I got the reply "I...

joeri91942

Similar config (policy based routing different due to ROS version) in a x86 machine with 2.8.8 works properly! We actually tested and build everything on 2.8.8 running in VmWare before purchasing the units... so we knew that it worked.... but not :-( The screenshot below shows two pings, both from t...

joeri91942

Hi All I am having a very strage problem with a MT <-> W2K3 routing scenario, can not ping with large payload and neither does large packet TCP/UDP work properly. I get about 3% packets through my link with 1400 bytes payload, other links that are running W2K3 <-> W2K3 properly fragments so that a p...

joeri91942

Not on mine... 2.9.4 on a Routerboard 5xx unit

uptime: 2w1h26m19s
cpu: "MIPS 4Kc V0.10"
write-sect-since-reboot: 0
write-sect-total: 0

However even when I change something (like system identity) these numbers doesn't change so I am not sure how valid they are

/Jörgen

joeri91942

Thanks for your input, I have indeed run quite a few of the link budget calcs but, paraniod as I am, I would like to get some input on "real-world" performance..... been working with comms and computers since '86 and one thing I have learned is that reality and theory rarely agree :-) Anyo...

joeri91942

Thanks for your input, some additional questions if I may?

What kind of distance are your gear on? Type of cards and antennas? What's the signal strength you get?

I need to be able to trust this link even in foul weather...

/Jörgen

joeri91942

Hi all I'm trying to figure something out here... planning on building a private link between two locations, a mere 5km so there shouldn't be hard to get a stable and well performing link. My idea was to use Routerboard 230 kit with the SR5 cards and 22dB antennas, that should work well right? Howev...

Search found 88 matches

Massive amount of connections

Not completely unknown...

Wierdness #2

PPtP, MTU large packet ping

Routerboard 230 versus 532 performance?