MikroTik

1littlewisp

I had considered ways that I could prevent this behavior with firewalling but my gut told me that it shouldn't even be happening. I thought that the 802.1Q tag would stop the inter-vlan communication no matter what since it works on layer2. As long as there isn't a better way to design it, I'll pro...

1littlewisp

What are your forwarding rules in /IP Firewall? Just masquerading the ranges at the Gateway. Always remember - Router OS will route all attached IP subnets by default! Since each VLAN presents a virtual interface to RouterOS it will route them unless you block that in the forwarding rules. If you c...

1littlewisp

Hello! I think vlan's settings cause the problem: [user@MikroTik] > /interface vlan print Flags: X - disabled, R - running, S - slave # NAME MTU ARP VLAN-ID INTERFACE 0 R vlan100 1500 enabled 100 lan_bridge 1 R vlan200 1500 enabled 200 lan_bridge 2 R vlan300 1500 enabled 300 lan_bridge You should c...

1littlewisp

What are your forwarding rules in /IP Firewall?

Just masquerading the ranges at the Gateway.

1littlewisp

Hello all! I've set up some vlans which appear to all be functioning properly except for one thing: traffic is allowed to pass between them unhindered. Here's the config: Gateway [user@MikroTik] > interface vlan print Flags: X - disabled, R - running, S - slave # NAME MTU ARP VLAN-ID INTERFACE 0 R v...

1littlewisp

Hello, all! Found this awesome list of up-to-date bogon IPs. http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt I'm grabbing the current version nightly. The idea is to iterate through the entries in this list and add them to an address list to be blocked on the WAN interface. There are t...

1littlewisp

Thanks much! I'll read the rest of the Dude manual before proceeding.

1littlewisp

Is this a new install or an existing install? Try username 'admin' with no password?

My god, man! You did it! How do I change the password on the agent? That was the problem. I can't leave it set at "admin" and "".

1littlewisp

So I've got the Dude module installed at a deployment and seem to be having some difficulty with it. The package is running and can be observed in Tools>Profile. I can telnet to ports 2210 and 2211. There is no banner to confirm that it's The Dude accepting the connection, but I can tell that it is ...

1littlewisp

So i've got a customer who's got some servers hosted behind a NAT and ports forwarded to it. He's also got two WAN links. We'll call them WAN1 and WAN2. I need to do some policy-based routing over WAN1 which just so happens to be the WAN link that the dst-nat rules are on. Here's what I set up: 1) R...

1littlewisp

i can haz reply?

1littlewisp

So I've got this router... It sits at (let's say) 192.168.100.230. We have assigned a block to them of 192.168.100.80/29. I'm trying to build a single queue which encompasses all traffic flowing from that customer's location. The solution I had devised to accomplish this was to mark packets with man...

1littlewisp

Okay, I corrected a couple of things here. First of all, I wasn't specifying the address list I wanted it to pull from. Second, I did have it in the output chain. I'm running a proxy on this device. My logic was that since it was a proxy redirect, it would be seen as coming from the router, but you...

1littlewisp

BTW, if you know of a more effective way to accomplish what I'm attempting here, I would not be opposed to a complete redesign. All I want is to slow *just* video traffic from youtube.

1littlewisp

/ip firewall mangle add action=jump chain=prerouting content=youtube.com disabled=no jump-target=\ youtube add action=add-dst-to-address-list address-list=Youtube address-list-timeout=\ 5m chain=youtube comment=\ "All packets processed in this chain should be added to Youtube list." \ dis...

1littlewisp

I've been dicking with this all day. I had it working once but I'm doing something wrong now. One of the objectives is to accomplish this . That part is working. Traffic being redirected by the proxy is queued as specified. Direct connections do not get queued. The next objective is to prioritize sk...

1littlewisp

Okay, so I think I've got the L7 filters put together right but the counter for the "packet-mark" rules is not getting ticked when I hit youtube and start a video. Here's how I'm identifying the traffic: /ip firewall mangle add action=jump chain=prerouting content=youtube.com disabled=no j...

1littlewisp

/ip firewall layer7-protocol add name="Extension \" .mp4 \"" regexp="\\.(mp4)" add name="Extension \" .flv \"" regexp="\\.(flv)" Thanks, Muqatil. I'll give those a try and post the results. It looks like this format would work for pretty m...

1littlewisp

I checked http://l7-filter.sourceforge.net/protocols
but it doesn't have any regexp for mp4 and flv. But it have some useful regexp and you may need them in future.

Yeah, I've already searched the forum and found that most L7 threads inevitably link to that site. Looked there first.

1littlewisp

Looking to identify video content coming from youtube. I've already got the content filter sending all traffic containing "youtube.com" to the Youtube chain. Within the Youtube chain I want to pick out only .flv and .mp4 content. To the best of my understanding, the right way to do this is...

1littlewisp

Thanks, Fewi. I think you have helped me a few times in the past as well. I believe I may be able to trick the system into appearing to work by creating a destination address list. Mwahahaha!

It's not perfect, but it will help me build a QoS system that otherwise wouldn't have worked.

1littlewisp

So I've got a location with two gateways. I want to route traffic to a certain destination through only one of the gateways. I'm testing this with ipchicken.com because it should be a good indication of whether I've got it working or not. Here's the setup that's not working: /ip firewall mangle add ...

1littlewisp

After hours of troubleshooting, I just discovered independently of this thread what was going on. Yes, it was shared users. :facepalm: Thanks for wasting your time reading/replying to this!

1littlewisp

I'm trying to set up a MT hotspot for the sole purpose of redirecting new users to a web page the first time they connect to the network. The only things I have changed from the default Hotspot setup are: 1. Changed authentication from CHAP to PAP 2. Added a username "admin" with the passw...

1littlewisp

This did pretty much what I wanted. How would you configure it just to add .flv and .mp4 content to the list, though? With this, if someone googles "youtube.com" Google will be throttled for 5 minutes. Nice to hear that helped you. Abt flv & mp4 ... well, I guess it's necessary then t...

1littlewisp

This is working for me: Ip Firewall Mangle: to add Youtube server to address list for 5 minutes. ;;; Youtube Address List chain=prerouting action=add-dst-to-address-list protocol=tcp address-list=Youtube address-list-timeout=5m in-interface=!(PUBLIC) dst-port=80 content=youtube.com Ip Firewall Mang...

1littlewisp

So I've got this client with a seemingly innocent request. He doesn't want to block Youtube outright, he just wants to queue traffic down so that the video streams don't kill his 3Mbps connection. Simple enough, right? Here's the solution I had come up with: 1) We can't throttle Youtube by name, but...

1littlewisp

When I get RB450G's from a certain vendor, the pc speaker has a different startup beep than normal. I've read how to do this with /system scheduler and /system script, but the default configuration does not have anything set up here. How, then, did they change the startup beep?

1littlewisp

Thanks, fewi. I'm not well trained in programming logic, so learning the CLI can be especially difficult. I've written a few scripts with conditional statements, but anything C-like really starts to screw with me. I've been trying to figure it out by trial and error, picking up bits of information h...

1littlewisp

Oh, I see. I just needed to escape the values of burst-limit because the "/" is a special character. I'll tell you what the ultimate goal is here: to change the bust limits of queues that meet certain conditions. In other words, "if the queue's burst-limit is 5120k/5120k, set it to 10...

1littlewisp

so I'm trying to use find to change queues. what I'd like to do is change them based on what they're set at now. So I'm using find like this: /queue simple print from=[find burst-limit=5120k/5120k] just to try to get the data that I want to change. the command above doesn't work. it does work when I...

1littlewisp

Hey, guys! What I'm doing seems like it should be simple, but I'm just not getting the hang of it. All I want to do is change the values of all of my simple queues from the command line. In specific, I want to change the values of max-limit, burst-limit, burst-threshold, and burst-time. I have about...

1littlewisp

1littlewisp who can copy from winbox text with color :S Yeah, I just used color tags. Sorry if it made it more difficult to read. I thought it would be helpful. I find it to be extremely helpful on the command line. syntax highlighting helps me determine what the different parts of my command/scrip...

1littlewisp

thank you. that was perfect! good thing someone has already done all of the hard work for me. this has really fueled my desire to delve into routeros scripting, though.

1littlewisp

#This is the first time I have written a RouterOS script and what I'm trying to do is to isolate the IPs of three entries in my firewall ruleset, compare them to the [:resolve]'d value, and replace the value if it is different. I can't seem to get my output to only display the IP address present in ...

1littlewisp

So I work for a WISP in Northwest IL, and I just got connected through them. Our towers all run RouterOS, and we generally Winbox into them. All of our towers have Hotspot enabled. If a user connects to a tower with their computer, it pukes out a hotspot page to them. So here's my predicament... In ...

Search found 36 matches

Re: vlan isolation not working

Re: vlan isolation not working

Re: vlan isolation not working

Re: vlan isolation not working

vlan isolation not working

`cat` equivalent for scripting / for loop / exclude comments

Re: Dude Agent Won't Accept Connections

Re: Dude Agent Won't Accept Connections

Dude Agent Won't Accept Connections

Masquerade, dst-nat and policy based routing

Re: traffic identification for queue misbehaving

traffic identification for queue misbehaving

Re: L7 RegExp for .mp4 and .flv file types

Re: L7 RegExp for .mp4 and .flv file types

Re: L7 RegExp for .mp4 and .flv file types

QoS: prioritizing certain content while slowing other

Re: L7 RegExp for .mp4 and .flv file types

Re: L7 RegExp for .mp4 and .flv file types

Re: L7 RegExp for .mp4 and .flv file types

L7 RegExp for .mp4 and .flv file types

Re: Policy Based Routing test with ipchicken.com

[SOLVED] Policy Based Routing test with ipchicken.com

Re: Hotspot HTML Redirect

[SOLVED] Hotspot HTML Redirect

Re: An Interesting Challenge... ~or~ Choking Youtube Videos

Re: An Interesting Challenge... ~or~ Choking Youtube Videos

[SOLVED]An Interesting Challenge... ~or~ Choking Youtube...

Routerboard PC Beep

Re: having some troubles with [find...]

Re: having some troubles with [find...]

having some troubles with [find...]

[Solved] changing queues from the command line

Re: Scripting n00b with what is probably a stupid question..

Re: Scripting n00b with what is probably a stupid question..

Scripting n00b with what is probably a stupid question...

Que list...