MikroTik

dot-bot

Let's say we have the typical ADSL line or the coaxial cable modem that has 10Mbps down 1Mbps up. VoIP_up limit-at=555000 max-limit 666000 queue-type=pcq_up; other_up limit-at=10000 max-limit=666000 queue-type=pcq_up; their parent UploadTree limit-at=[not used?] max-liimit=677000 queue-type=default....

dot-bot

I agree with Tom, you can use bridge.

dot-bot

This is SideA for example, let me know if you would like me to paste the routing of SideB too. ... /ip address add address=192.168.21.1/24 broadcast=192.168.21.255 interface=WLan1 network=192.168.21.0 add address=192.168.2.180/24 broadcast=192.168.2.255 interface=Lan1 network=192.168.2.0 /ip dns se...

dot-bot

I think so. /export in /ip route please and paste it here.

dot-bot

With proper configuration WinBox connectivity is guaranteed. No matter what the mode etc. Did you look into routing mode or NAT mode?

dot-bot

see this: http://wiki.mikrotik.com/wiki/Queue and this: http://wiki.mikrotik.com/wiki/PCQ and this: http://wiki.mikrotik.com/wiki/HTB and this: http://wiki.mikrotik.com/wiki/Queue_Size and this: http://forum.mikrotik.com/viewtopic.php?f=2&t=27552 and this: http://forum.mikrotik.com/viewtopic.php...

dot-bot

I would look into simple static routes, without NAT and maybe with DHCP relay, or bridge + set the bridge to pass through the firewall for proper filtering and nodes isolation, to keep them wireless links transferring only the important traffic. By the way, what's your internet uplink?

dot-bot

tracert from one host to the IP of the host on the other side, see where there is no response and review IP address + gateway configuration on that hop (router, host)

dot-bot

Hi: I have a problem. when I create pppoe server with hotspot(advertise purposes) in mikrotik, when a client uses an access point to connect to another access point that is connected to a switch which is connected to the Lan(give internet to clients) in mikrotik server every thing just fine until c...

dot-bot

If you vlan it you will lose p2p bandwidth. I don't like tunnels and vlans. I like directly switched traffic as it takes the smallest route when its customer to customer.

dot-bot

A way to automatically dynamically set the limit-at and max-limit, to detect noise in the links (lowered throughput) to keep shaping/queueing/priority control in all situations, including Wi-Fi, ADSL, congested links with unknown bandwidth and unknown drop probability. Compensating for ATM overhead...

dot-bot

Current technology is good enough for FTTH, search more and you'll see.

dot-bot

So only problem right now are the frequencies? We are still limited to 2.4 and 5 GHz ? But we can use LTE equipment that works on that frequencies, as long as a manufacturer would provide it for us. But if we want 1000+ devices, we could simply purchase it. Right? Uhhh right. Just not ready today. ...

dot-bot

So only problem right now are the frequencies? We are still limited to 2.4 and 5 GHz ? But we can use LTE equipment that works on that frequencies, as long as a manufacturer would provide it for us. But if we want 1000+ devices, we could simply purchase it. Right?

dot-bot

A way to automatically dynamically set the limit-at and max-limit, to detect noise in the links (lowered throughput) to keep shaping/queueing/priority control in all situations, including Wi-Fi, ADSL, congested links with unknown bandwidth and unknown drop probability. Compensating for ATM overhead ...

dot-bot

How about jumping directly to LTE equipment?

dot-bot

If you run encrypted tunnels over the WiFi link you will lose tiny percentage of bandwidth and CPU because of overhead.

dot-bot

How about nstreme-dual? With two Wi-Fi interfaces, with one dish with dual polarization feeder?

dot-bot

This exact setup was already tested with all limit-ats and max-limits set. A problem here is the internet service used - probably similar to ADSL where bandwidth is not guaranteed, IP packets get ontop of ATM cells, cells etc. are dropped when the line gets noisy etc. etc. problems. MikroTik have de...

dot-bot

BroadBand 2.0 is a marketing trick word. Just provide EnourmousBand 999 to your customers and use whatever technology you and your economists team can calculate to be a good business for you. I would recommend digging for optics, that can be made cheaper when digging for gas+optic; optic for you+opt...

dot-bot

Yeah my scenario is similar, I need to know as well, please.

dot-bot

P.S. proper caching is always a good idea, if you can afford the energy and time and hardware for it : http://cachevideos.com/

dot-bot

Good day to you my friend. This should work just as well as giving priority to web traffic - the same way. If you want the traffic to get more of all the internet you must do something in your main router/access concentrator. Is it RouterOS ?

dot-bot

My friend this smells like corrupt RAM or binary files on HDD. What platform is this?

dot-bot

maybe just mark packets with connection-type=new? =)

This catches (ACK,FIN,PSH) as well. What are these? I will not prioritize these.

dot-bot

Just as I suspected: http://doc.m0n0.ch/handbook/faq-ackprio.html ..., IP packet length 0-80, TCP flags: ACK = set, everything else = don't care. It is not sufficient to classify packets into the high-priority queue based on the ACK flag only, because (big) upstream TCP data packets can have the ACK...

dot-bot

How to catch to acks that are critical for letting the sender now what we already have? Are these critical acks the ones without payload? How to match them?

dot-bot

Thank you Chupaka, you are very helpful. I have this problem now: This mangle rule matches all uTorrent upload: add chain=postrouting action=accept tcp-flags=ack protocol=tcp Why is all the upload 'ack' ? I want to match all the packets that carry information about what has been already transferred....

dot-bot

Did you try to put a rule in the bridge filter?

How do you distinguish the DHCP packets of one network to filter them?

I would filter the DHCP server as well as all other DHCP related packets from clients, but would require a little reading and/or analyzing what those are, to match them.

dot-bot

That is there yes, but this discussion is about limit and total limit.

There is just a little in janism.pdf about it, but what we really want NOW is results of experiments with pcq-limit and pcq-total limit presented in color graphic + short explanations. Thank you.

dot-bot

Packet rearrangement occurs in a well built HTB/Queue. Priorities determine which child leaf gets the available limit-at/max-limit of it's parent. First prio 1 gets it's traffic, then 2, then 3 etc to 8 for limit-at. After this is done first prio 1 gets for max-lmit, then prio 2 gets for max-limit e...

dot-bot

Thanks

Give us more! Maybe some PCQ diagrams and charts?

dot-bot

It's impossible to limit speed of encrypted traffic (modern P2P). It has no pattern, or specific port, it is not possible to tell whether it's just some random data, or P2P. So what you mean is, uTorrent encrypted traffic is not TCP, therefore TCP Window option will not work on it? What if our Inte...

dot-bot

I agree. And they must optimize it so it would not make much CPU usage - the graphing.

dot-bot

I am currently identifying them with

add chain=postrouting action=mark-packet new-packet-mark=acknoledgements passthrough=no tcp-flags=ack protocol=tcp

but I'm not sure this is right. I found some info here: http://en.wikipedia.org/wiki/ACK_(TCP)

dot-bot

Welcome to the Identifying CRITICAL packets Quality of Service discussion topic. 8) First - TCP ACK packets must be sent out and not dropped, how to correctly mark them with mangle? TCP ACK packets are the ones that tell the sending host, how much data the receiving host has gotten already and are i...

dot-bot

My guess is that v3.x chews on packets longer before it spits 'em out, creating more CPU+RAM work per packet, leaving less resources and higher CPU usage statistics. Could be due to Layer 7 functionality or due to source code used not optimized enough.

dot-bot

I hope they will coexist like a piece of art, in my QoS setup. With extra effort to make it good.

dot-bot

To fix delay of important traffic - give it more priority in your QoS setup. Post it in the forums for discussion.

dot-bot

...what happens if queue is full - packets are dropped, because, there is no place to put them. so, TCP traffic is important one, and as you know, when tcp packet is dropped, it is resend again, after some time, therefore, TCP knows, that you have to send packets at slower rate.... Thank you for an...

dot-bot

I guess they are not dropped but queued with the next pcq cycle and the first ones are sent up the tree/out to interface. But why waste energy guessing when MIKROTIK IS RESPONSIBLE FOR documenting it !!! Normis, Janis, Sergej, please. PCQ---> "MikroTik prorietary" TELL US HOW IT WORKS.

dot-bot

export AP config and CPEs configs, remove unneeded and default settings and look well at your config and think. and post them here, after removing default settings and unneeded configs from them, for us to see and be able to tell

dot-bot

Upper ones will get traffic first, lower ones will not catch that traffic. This is why your ICMP rule stays ontop of Simple Queues. I currently use only Queue Tree - I've got complete control over what I need there. If you have queues in Queue Simple - they will catch traffic first and it won't get ...

dot-bot

This is true. But my question is what will be the behavior when packets are rearranged. Example: http://wiki.mikrotik.com/wiki/HTB When limit-at=0 how much will it take from it's parent. After that, when max-limit=0, how much will it take from it's parent?

dot-bot

Try to test and monitor the config under load. Try tweaking a little to see any difference. Post your observations here

dot-bot

Try it, if all works fine - leave it that way. Sergej probably meant that it's not Best Practice to do it (in his opinion. probably may have later complications and more CPU and mem usage of router, etc, etc) but if it works - nothing can stop you from using it. May become your Best Practice he he.

dot-bot

What will happen if max-limit and limit-at are not set for some of the Child queues in a Queue tree? My guess from testing is - their priority works, but they are not guaranteed to get any bandwidth yet they get just a little anyway, in case other queues with set limit-ats choke up the link.

dot-bot

My current understanding (untested) is that: In the case of Simple Queues, the order is for 'catching traffic' (mangle) and the priority is for packet rearrangement in the HTB.

dot-bot

They will work together. Example can be seen here: http://mum.mikrotik.com/presentations/EG07/sunday.pdf Pages 24 & 25. more: Each simple queue creates 3 separate queues: One in global-in (“direct” part) One in Global-out (“reverse” part) One in Global-total (“total” part) Simple queues are orde...

dot-bot

Please, if someone attends training, post useful material in WiKi afterward. Some PDFs + a little explanation would be great.

he he.

P.S. I am planning to become a certified consultant but now is too early for these classes. Thanks.

dot-bot

All VoIP features must be usable, one by one. Maybe SIP first - yes.

dot-bot

When a device is unplugged, its config could be remembered in a disabled state. When enabling it, ROS could ask for a "apply-to=" setting so we could attach the old config to a newly plugged interface. All Queues and Firewall rules attached to unplugged interface should be reattached to ne...

dot-bot

1)yes 2)right now for upgrade and backup of DSL modem firmware and configuration, all other scenarios posted above as well in the future. 3)per IP access restrictions like current MT services or better, tftp folder be a subfolder of ftp folders unless hidden by user, upload fast upload and download ...

dot-bot

I shape Inbound Traffic The key is to set your upper limit about 15% lower than your service can push. so if I had 10Mbps from my supplier I would set my top to 9Mbps. i think if you just do the queue tree and the MAIN QUEUE for upload and the MAIN QUEUE for download for an example 95% of your tota...

dot-bot

It's not explained in maximum detail. All possible scenarios must be covered. PCQ behavior is much more complex than what is talked about in the PDF as I have tested.

dot-bot

The reason is because due to HTB structure and queue lengths (pcq-limit, pcq-total-limit) the traffic which gets more bandwidth is able to push more packets. I had the same problem with my dedicated p2p machine. Remarked it's traffic and problem was solved. In your case you must be more careful to a...

dot-bot

Here's the answer my friend. Set queue=pcq-*** to all childs. Adjust it according to upload and according to download - to separate queue types. Then PCQ will work like a charm. Tested and will probably use it for the future like this.

dot-bot

Bump. All need extended maximum explanation to pcq-limit and pcq-total-limit. In WiKi. By Janis & Normis preferably.

dot-bot

I am RT FFFF M since 200 FFFF 4 . F. :) Paste links. Say it with your words. Help here. Not just RT FFFFFFFFFFFFFFFF M. F. :lol: better - paste quotes and say it with ur words. P.S. My dear friend. MikroTik manual and related resources on this website have never been designed to be easily understood...

dot-bot

I agree with Gerard. I have spent days in editing rsc and txt.

dot-bot

Here are some answers hopefully helpful to all: ...But what if our ISP has MikroTik as well and prioritizes packets as well? How will this affect our results on our end? My guess is - we will see poor/different results and start to think it does not work. Why is this? What is the IP theory behind th...

dot-bot

QoS etc will work only for TCP traffic. Currently in my setup I apply the BW management and QoS only to TCP protocol. I still have to test if this will work well on the upload channel of a DSL line though where the max limit is set by the technology itself.

dot-bot

QoS includes several facilities, in the following order: 1. Mangle chain prerouting 2. HTB global-in 3. Mangle chain forward 4. Mangle chain postrouting 5. HTB global-out 6. HTB out interface So, in one router, you can shape twice if you use: a) #1 and #2 for first marking and shaping, and #3+#5 fo...

dot-bot

Sure friend. Here you go: http://mum.mikrotik.com/presentations/US08/janism.pdf . And if you use this http://wiki.mikrotik.com/wiki/Basic_traffic_shaping_based_on_layer-7_protocols for QoS you will be a HERO for all. Please paste your configs when you are ready. P.S. for Layer 7 QoS (which is much b...

dot-bot

? Client must download from cache at higher speed than his limit-at speed? It's explained in that PDF DOCUMENT I gave you above. You need v3.x for this or external Squid cache.

dot-bot

Problem is you are setting the pcq-down-256k on a parent queue (that has at least one child queue). http://wiki.mikrotik.com/wiki/Queue#Queue_Tree Queue tree creates a unidirectional queue in one of the HTBs. It is also the only way to add a queue on a separate interface. This way it is possible to ...

dot-bot

Yes, remove XEN and test if it works. Post the results here, thank you.

dot-bot

What do you mean? Can you write a question in proper English?

This document is very good on caching issues:
http://mum.mikrotik.com/presentations/EG07/sunday.pdf

Read it. Then ask a proper question.

dot-bot

"Hardware is fine" and "with no load" do not fit into one sentence. You must STRESS that CPU and RAM. Last time I used Stress Prime 2004 Orthos. But that Router was a x86 PC and I was able to boot Win32 to run that test. Under MT ROS you should run a bandwidth test with UDP to st...

dot-bot

What I'm talking about have been discussed by other members as well: from Is (( PRIORITY )) Really working ??? topic: create main queue with 100% upload or download respectively. then make child queues, * queue for ping, high priority, 1% of traffic * queue for http, high priority -1, say, % dependi...

dot-bot

Latest test show that PCQ misbehaving could be due to not enough processor power, and the need to install RouterOS on a better machine. Queue management on upstream routers could be not so important after all. Will test more soon.

dot-bot

If you want to use your CF on a PC simply use it in a CF<->IDE adapter, not in a USB adapter. I'm 90% sure it should work then. Problem is in USB adapter interpretation of medium and/or access geometry. WRAP boards (2E and 1E) I'm doing tests. I enabled on both boards the USB feature, normally disab...

dot-bot

This is possible. Mangle the traffic you want and setup a simple queue for it with the time limitation. See manual for more details. If you are not an IP professional already, you may have trouble understanding the mechanisms of Mangle + Queue. See examples in WiKi: http://wiki.mikrotik.com/wiki/Ban...

dot-bot

I suspect /interface bridge settings set use-ip-firewall=no to be the problem but I AM NOT SURE. Post some configs here. Post the entire config with the

 tags (omit passwords).

dot-bot

For 'priority', queue type 'default' should be OK.

Are you trying something like this? http://wiki.mikrotik.com/wiki/Mangle%2C ... lmost_done

Does PCQ work for you? How are you testing it.

dot-bot

Simply guesses: External squid cache not having enough resources? Not enough connections/too much tcp conns at once to the squid server? Not enough bandwidth? Bad RAM on the Squid server? Simply guesses. Actually a better one: check Event Viewer (eventvwr.msc on the clients machines) for EventID 422...

dot-bot

Are you following these rules:

When marking packets and creating Queues for them, you must not forget other packets that you may have not marked that would travel the same direction. Because they will have unlimited speed.

dot-bot · Re: 100 procent and stays... RB1000 OS3.15-3.16 Problem still there with v3.17?

Problem still there with v3.17?

dot-bot

In this case I would see any BIOS boot protections. Then I would try a low level format/hdd erase/zerofill/wipe. Connecting the HDD to another PC, installing there and reconnecting it to the one with the problem. And some other stuff.

Tell us how you solved it.

dot-bot

In my case and opinion Clients re-associating causes client IP address changes, causing these ack packets you are seeing. p2p activity increases these. Currently I have decided to leave them alone since they seem to be dropped and later remote hosts stop transmitting due to timeouts. Another approac...

dot-bot

Maybe trying to combine it with PCQ creates a problem? ( http://forum.mikrotik.com/viewtopic.php?f=2&t=28383 ) Maybe trying to use it on different outgoing interfaces creates a problem? ( http://wiki.mikrotik.com/wiki/Queue_Tre ... interfaces )

dot-bot

In case of PCQ: problem is PCQ works when bandwidth (max-limit) is lowered less than what our ISP has to offer. They sell me 20Mbit, p2p downloads at 27Mbit, PCQ max-limit works at 19Mbit.

Any comments on the subject?

dot-bot

Have you upgraded to ver 3.17? There is still hope. RouterOS could have a bug/faulty hardware. Best practice - contact support if something is misbehaving, because history has shown - some Queues stop working in some versions of RouterOS. Then paste entire configuration here :) Also, IP is complex. ...

dot-bot

Hi. I am trying to save myself from the MikroTik paranoia here. I love MikroTik. This is an important topic for the hardcore old-school all-knowing network pros. They must help here. Many efforts have been made to prioritize packets. But what if our ISP has MikroTik as well and prioritizes packets ...

dot-bot

To backup your license, simply log in with winbox and export it to a file. Later when reinstalling any version of RouterOS (compatible with your hardware!!!) The unique SoftwareID should be the same. You should be able to then import back your license. Furthermore, it should be kept in your mikrotik...

dot-bot

You are right - it there is no Queue in the tree for certain packets - they will escape the max-limit of that Queue. The meaning of the previous post is: you were seeing good pings because of this behavior, but you should not configure your router like that. I think what macgaiver is saying is the r...

dot-bot

Sounds to me that somebody just would like to get everything ready for him.... I am trying to do this just right since the year of 2004 and MT version 2.9.6. and There are lots of materials in wiki: You should start with: http://wiki.mikrotik.com/wiki/Packet_Flow Then you should be clear on what ha...

dot-bot

The last post is very powerfully educating. A verified bigger tutorial of this sort Must be put on the wiki! Thank you.

dot-bot

Maybe settings on your ISPs must be made for correct routing the packets through your both connections. Sounds good to me if they're nice enough to do it for you. Let's say you have a router that is connect to your ISP1 link and ISP2 link. Your router must have Inrenet IP address and routes must be ...

dot-bot

This is hard, probably not currenlty possible. Whats the uplink of the 4mbit downlink ? 0? how come ?

give more details ...

dot-bot

Please explain your problem in simple English. Also share exports from your config

dot-bot

Don't BLOCK the users from accessing mp3, mpg and ftp! You seriously risk them going to the alternative provider

dot-bot

I think the answer to the 2nd question is - it will not work - still a script would be needed - due to simplified ROS software design~

dot-bot

I thought the packet-drop technique works just fine ? And when you limit RB-B the TCP WINDOW adjusts accordingly ?

Also why limit to 400K? (karyal's post) It should work just as fine when limited to the max of the link - 500K.

dot-bot

Or is your case ~ you want your customers to be able to open ports so that others from outside connect to your customers' VPNs? Can't be done without portforwarding.... Mapping internet IP addresses to LAN ip addresses is explained in the manual. But you would need to map 10 to 10, not 10 to 100! Di...

dot-bot

Check Gateway config... Also your provider may be dropping default ports, try setting the router services to upper ports and connect to them~ Also paste here the router config

dot-bot

Difficult to understand. Explain. Get a friend that knows English.

dot-bot

Take an IP course. Your suggested config is bogus by design.

dot-bot

Did you set the NAT option in the first config ?

Equal bandwidth is shown in the manual as well as NAT coniguration.

Be careful as problems tend to slip in configurations.

dot-bot

Running this scenario for months now w WinXP SP2 az a host on a Intel P III 1000MHz 512SDRAM w VMWare. I use the host WinXP SP2 for a dedicated download machine + smb server. No problems whatsoever except maybe just a little more latency (or less latency) no real way to tell. I have noticed before o...

dot-bot

I didn't have this problem when I was starting: http://forum.mikrotik.com/viewtopic.php?p=31345

and you can see my config was completely simple (too simple in fact insecure)

dot-bot

Yeah but does the IP proxy work as a transparent proxy? I think not.

dot-bot

The cheaper APC Back-UPS models would be nice to have support for. It seems silly to not support them - not every situation calls for an expensive Smart-UPS product!

I agree. But I guess implementing support for them is low on the priority list for development.

dot-bot

I myself and several others tried plink.exe to no avail. I suppose it has to do with the way RouterOS is spawing a shell (not not), that you can't execute RouterOS commands from there. I don't think that plink.exe can't be made to work... My tool would be made exactly for such purposes. I will have...

dot-bot

As far as I can remember Traceroute is ICMP type 30. Try to block type 30 only and see if that does it..

dot-bot

What would I consider: 1. Help these users config their routers and hosts. 2. Try to see a patternt in most of the packets and drop the packets by this pattern. 3. Disconnect users that damage the network and tell them "fix your sh*t and you're back online" note: I would consider these, no...

dot-bot

Blocking certain services has always been a problem for many here on the forums. You can block some ports but you can never catch them all. Users will find another program that makes another type of connection that your routers aren't prepared to "catch". So unless you want to block a part...

dot-bot

What's new in 2.9.18: *) fixed bug - dhcp server, dhcp client and hotspot could show up as invalid in case of many (> 10) vlan interfaces; *) added back ospf logs, they were removed since 2.9.13; *) fixed vrrp mac address restoring after reboot; *) upgraded SysKonnect SK-98xx/SK-95xx Gigabit Etherne...

dot-bot

Put whatever you can find, If CPU etc is too high or speed is too low, upgrade/change it. A 1GHz + CPU is a good start. Intel NICs too. (As some have recommended these here on the forum, not tried myself...)

dot-bot

According to some Converter proggy I found here, -40 F is -40 C and +120 F is 48.8 C so you seem to need wifi equipment for hell

Say hello to satan from me.

dot-bot

This soft is like swiss cheese mate

dot-bot

I've tested it on the latest ver. 2.9.17 too. I installed it with all packages, didn't touch any config, I only enabled pptp server. Scanned with the nmap command and the problem is there.

This is a serious DenialOfService issue. Shame on all of you @ mikrotikls...

dot-bot

Successfully reproduced on the older 2.9.7: nmap v4.00 command: (the first time I used 4.01 & same cmd) nmap <IPaddr> -P0 -sV -O -A http://www.geocities.com/dot_bot_id/pptp-experiment.gif - screenshot http://www.geocities.com/dot_bot_id/pptp-experiment2.gif - screenshot of CPU graph http://www.g...

dot-bot

Mikrotik RouterOS ver.: 2.9.7 nmap ver.: 4.10 pptp server: not enabled pptp port: nmap reported open problem: after nmap scanned ROS host, ROS reported weird pptp connect tries in the log and created two bogus buggy pptp dynamic connections that when tried to remove crashed winbox, and CPU usage go...

dot-bot

Correct me if I'm wrong, but to use IP Packing you need to have MT at both ends and you need to let them find themselves by MT/CISCO Discovery Protocol (Neighbour Discovery) so that they can establish the compression.... something...

dot-bot

Similar problem here: Can't open a webpage, not just AIM not working.

dot-bot

:twisted: Hahaha! Here's something fresh and cool: I need to run a second virtual ethernet interface with its own MAC address and IP address on the already existing one. How can I do this? I tried to bridge the real ethernet interface with two EoIP tunnels that would hopefully connect to one another...

dot-bot

but if you're using PPPoE you can apply the traffic shaping on the ppp profile. and I don't think you can manage it from the queue. and if you please Mac. can you post the settings in brief !if yours work without any problem thank you in advance Regardsm Let me say the same thing more clearly: 1. Y...

dot-bot

Well, you could workaround this .... write a script to MOVE the static rule to top of the table. and schedule it to be run every hour. this is a patch but will keep things working till MT comes up with a proper fix. And risk it not working for an hour until the script is executed ? Could'nt we dete...

dot-bot

No, that's not bonding in MT. If you had ANOTHER MT box on the other side of those two DSL/whatever lines and the bonding was performed AT BOTH ENDS then its the bonding feature of MT. But if the two DSL lines provide gateways you need to setup Static Equal Cost Multi-Path routing (or something like...

dot-bot

Not sure what your setup really is but here's an idea: Make IP lists in MT with the addresses traffic would not be counted to. Add Mangle rules to mark that traffic or mark and count not that traffic. (put a ! in there). Use your imagination..

dot-bot

I've been through the same issue. You can add the PPPoE interfaces for each user and make them static. This way they will always be there even when user disconnects and their graphs will remain with that flat line when they're disconnected, etc. To do it: in winbox go to PPP, click the + red button,...

dot-bot

Configuring QoS is very very hard, understanding it, etc.. So don't tell me "read the manual" it's more like "study" the manual. Only the MT manual is written bad, not translated properly etc. so ... reading the Lniux QoS docs is neccessary.... Will get back on those soon :shock:...

dot-bot

Not mut knowledge about Skype here, but p2p connections should be direct (no in-the-middle node that traffic goes "through"). Can your clients establish a tcp connection directly (traffic going only through your routers)? Probably Yes. Try a tracert command. Post results here. Regards dot-...

dot-bot

example: /ip firewall filter add chain=input protocol=tcp dst-port=21-23 \ action=drop comment="" disabled=no you can put in there a port range : 21-23 this way ports 21, 22, and 23 will be dropped But is it possible to put multiple ranges in one rule lets say with commas? If not, please M...

dot-bot

But sharing an internet conenction shouldn't be prohibited. Does your water supplier company tell you: you shouldnt let your friends drink your water. You should't water the garden Outside your home, only if it's inside. That's lame. :lol: No, but my water company does say that I cannot run a pipe ...

dot-bot

You have to match the traffic by protocol:tcp and port:someportnumber

this way packets sent to the specific port will get will be deatlh with and the others - passed throu to the next rule.

Being an experienced user you should be doing this right hmmm... post your configs properly in here...

dot-bot

Scripting in MT,... scripting on anoter puter that talks to MT via telnet...

dot-bot

When I tried the same thing I had the same problem (as well as tons and tons of unexpected behaviour when I tried different things from the forum etc. etc...)

dot-bot

No, you should send the data to multiple destination addresses, this method is "multicast".

Don't know what the BBC FAQ means by Multicast though...

dot-bot

You mean acting like a HUB and send the same data to two (or more ports)?

dot-bot

Some games are lmited themseves to 192.168.0.255 or 10.0.0.255 or 192.?.?.255 .... so may be the game's fault. Running (selecting from game menu) an Internet server (that requeres internet conenction to the master cd-key validation server) is needed in most of these cases. Try the program Hamachi wi...

dot-bot

TTL ideas are easily beaten with MT/Linux. Sharerer just uses MT/other, turns on the certain functions and TTL is working and/or normalized as if he's not sharing. If someone is haring his internet connection, browsers often send HTTP replies to servers that differ from PC to PC. Writing scripts/sof...

dot-bot

Yes, your router should have the 256 IP addresses on the Internet interface of the router. But with MikroTik RouterOS being so poerful, you could do it the ordinary way and directly route the Internet and your LAN. This is if your LAN has the internet real IP addresses set. If you don't want to reco...

dot-bot

Is there an idiots guide out there for Mikrotik?

Is there an idiots guide for rocket science?

dot-bot

I mean really old piece-o-sh*t puters, like they should pay You money to take such crap. As long as it has at least 64 megs of RAM. Or just take the HDDs from them if the rest of the machine is too slow. Depends on what kind of router you need and what bandwidth it will handle, how many users, what ...

dot-bot

Use old computers, they are cheap, have small HDs etc. And for most cases are powerful enough (for smaller bandwidths?).

dot-bot

There are some nice examples on the forums

But they haven't made my connections go much faster.... I'm still trying to figure it out...

Also what if I have transparent proxy ? How can I make it's conenctions with high priority?

dot-bot

Did you try to acheve that by using mangle facility and queue trees ? Maybe "equal bandwidth sharing amongst users" from the manual will work for you. Actually I have the same problem. THE PROBLEM WILL BE THAT THERE IS NO "LOCAL" INTERFACE TO attache the queue to. There are multi...

dot-bot

I always like to use latest software. A lot of ppl are experiencing problems updateing their routers without loosing configs. This is bad. MT Team: keep up the good work... fix those problems, add those features...

dot-bot

Fix your network dude. Get rid of the bad liniks. Packet delivery on every cable should be flawless. High network load shouldnt be a problem for pppoe packets. Or just do what you said in the first post :) Although L2TP tunnels may syffer the same/similar problems like PPPoE. Good luck. In most case...

dot-bot

If you're talking about 100mbit ethernet connection just put a cheap 5 port switch to act as a repeater between the two machines. Should work. Or make the cable between the two longer.

dot-bot

Here's the config for steps 1 & 2, please review 'em, check 'em out.. Post comments. Thanks. I'm now woriking on steps 3 & 4.... The problem with step 3 (bandwidth) is that the ISP provieds 128kbits/s internet channel and 512kbits/s channel in the city. All-In-One connection. I'll try like t...

dot-bot

Use another MT box (or any router that can do it) to connect to one of the PPPoE connections and configure it to serve as a gateway itself with another IP address. Problem could be that you would need to buy a license for the other MT box if you want/need to play by the rules . Isnt there a .. featu...

dot-bot

Your tips can not be understood or are simply not true. Try explaining more in plain English what are you trying to say here or where do we fail to understand each other.

dot-bot

Strange. You shouldn't have any problems with even 500 switches along the line. Only some small insignificant delay. Maybe some of your switches arent performing as they should. Try resettign all the switches ( if you have the power centralised). Are some of the switches Managed Switches ? Is networ...

dot-bot

You want to spoof a part of a web service and make your HTTP server act as the original on some URLs ? If you replace content without the user knowing on sites that include information submitting... This is kinda illegal. Do not do it you'll get busted.

dot-bot

What would they have to do to use their default uplink ? Dial via a modem ? Do they have to dial a special ISP or they ca dial .. any ISP.

dot-bot

Well, at least we can block port 6881....

L0L

dot-bot

I don't have any wireless experience but here's what I would look out for if I was doing that: - Finding out whether you do not interfere with other such wireless equipment. Staying away from crossing the path of wirelss devices on near or SAME frequencies. Maybe you should sniff/snoop first to see ...

dot-bot

kapulan, if your 15 users are behind a NAT do what I said in my first post and thats it. If they have real internet IP addresses, you most probably do not have to change anything. Opening a port will then be a matter of firewall configuration, seeing if firewall is turned on for all ports.... Maybe ...

dot-bot

You want to set up a MT caching web-proxy to speed-up your web server ? And translate the service from port 8080 to port 80? And maybe to block some URL requests or URL requests that contain a certain string from getting to your web-server ?

dot-bot

Leave what as it is ?

DO NOT leave torrent clients incapable of opening a port.

dot-bot

Mnaaah just use UPnP - start the UPnP service on the local interface on MT and enable UPnP on all 15 BitTorrent client applications. If UPnP is not supported try another client like uTorrent that supports it. NOT TESTED or if want to do it the oldschool way: You'll have to set up each puter to use a...

dot-bot

Oh no! Just the answers I felt I would get. I thought I could cheat on this one and ask for some more help than usual. I guess I'll have to do it on my own now. Will cost me a huge effort. Oh god please give me strenght. :lol: OK if someone can help with the bandwidth allocation only - please do. ed...

dot-bot

There are a Local Network and a ISP Network coming to MT: Local Network: on ether2 - 10/100Mbit LAN 192.168.0.0/24 ISP Network: on ether1 - 10/100Mbit LAN with PPPoE service, no IP address on the interface required. There are three "users" connecting to MT via local ether2, wich means thre...

dot-bot

@dannyboy i've done this and its work: rule forward: add src-address=10.x.x.x/16 protocol=tcp dst-port=80! action=drop/reject it means that all port except port 80 will be drop/reject...... i think blocking the port is more effesiens more than have to block by the name of the p2p because more p2p p...

dot-bot

Yes, change the limit to match your case.

dot-bot

internet --->(ether port1) MT Hotspot (ether port2) --> Hotspot LAN I'm not completely familiar with wireless but i assume that: http://forum.mikrotik.com//images/smiles/icon_arrow.gif 1. Hotspot means more than one users connect to the internet via the wireless ("Hotspot LAN") device. ht...

dot-bot

Are you talking about the clients ip, dns, and gateway configuration? Can you just add a gateway on both networks on the same MT box? You can have more than 1 IP on an interface. Maybe im missing something... Sam I don't want to bother people with adding configs, besides their ISP admins will come ...

dot-bot

hello, The two networks are SEPARATED, no cables, switches, etc. connect twe two nets. Why not just put a switch between the two networks? Sam Becouse IP addresses ranges used by clients are different and I don't want to touch any client configuration that's already established (by their ISP) (beca...

dot-bot

I've found something about this when I searched "braodcast": http://forum.mikrotik.com//viewtopic.php?t=3546&highlight=broadcast (Broadcast traffic in routed network) there sten suggests something like this: No idea if it will work, i havent really tested it. Say you have 192.168.1.0/2...

dot-bot

We are running TCP/IP only. We also need our TCP/IP braodcasts(packets with funny destination such as 255.255.255.255, etc. destined to ALL hosts in the network). I tried the NAT of course but id dind't work (Bridge mode) (p firewall nat). I managed to make it ALMOST work by disabling the Bridhe and...

dot-bot

:arrow: We have several PCs on the 192.168.0.x net and some others on 10.0.100.x. The two networks are SEPARATED, no cables, switches, etc. connect twe two nets. We want to put a MT Router in the middle to connect the two. We want to use bridging and we don't want any of the PC users to have to touc...

Search found 164 matches