MikroTik

ptsip

Have you activate proxy-arp on interface where you are running PPPoE?

ptsip

If you activate Hotspot, to see dynamic rule for hotspot, pls :

/ip firewall nat print dynamic

ptsip

Maybe, define address list in /ip fir add then make 2 (two) rules for your "Transparent Bridging" as follows: chain=forward connection-state=related action=accept chain=forward connection-state=established action=accept chain=forward connection-state=new src-address-list=... action=accept ...

ptsip

I suppose you to redirect tcp-80 to Mikrotik Proxy Server and then passthrough to your DansGuardian proxy. The traffic for redirect as follows: chain=dstnat protocol=tcp dst-port=80 src-address-list=filtered action=redirect to-ports=8080 make sure you have enabled ROS module > web-proxy, where runni...

ptsip

Miko:

Thx u so much, it works perfectly.

ptsip

have you tried with M/T ROS v3beta7?

ptsip

you could do that with VRRP or policy-routing, pls see http://wiki.mikrotik.com/wiki/Routing

ptsip

Just to make sure that your internal server for rdp and ssh have the correct gateway to internal ip mikrotik. OK?

ptsip

If possible, pls a wishlist for custom tools for device, such as Remote Desktop connection, VNC Viewer, Radmin, etc.
Currently, from tools only: WinBox, Telnet, etc.
Thx.

ptsip

Suppose if you are using NAT, pls using /queue tree with PCQ.
If you are using hotspot, pls using Server Profile and/or User Profile for UL/DL ratio.

ptsip

A lot of useful tips and trick in forum, pls search in forum.

ptsip

A little mistake you made, pls delete in-interface=public for the following chain:

chain=dstnat in-interface=public dst-address=(public IP) protocol=tcp
dst-port=22 action=dst-nat to-addresses=192.168.0.100 to-ports=22

ptsip

As far as I know, you must using routing-test for stable OSPF.

ptsip

Btw, have you installed dude module and used it?

ptsip

All of your 1000-user will be using default user-profile in hotspot.

ptsip

Using 3 sectoral antenna 120-degree with 3-wireless radio like R52 or CM9 with tx-power=21-23dbm.

ptsip

Just let you know, WRAP only support 18v.
It means (maybe): you need board powered with 48v such as RouterBOARD 532.

ptsip

Let you go to:
-http://wiki.mikrotik.com/wiki/Routing
-also search in http://forum.mikrotik.com

ptsip

Pls do not using user-manager hotspot (my me, hotspot is not time restriction.
Pls using standard transparent-proxy/proxy using nat or filter/firewall for time and days of week. Be caution, these features running well on RouterOS beta version 3.

ptsip

Using default hotspot user profile.
Just set Rate Limit (Tx/Rx).
To see if running, on WinBox pls see on Queues/Simple Queues

ptsip

For me, it is better using dynamic simple queue based on hotspot and/or user/group for ul/dl.
I ever did as you meant, hotspot environment is different, if you make /queue tree for priority where maybe work and will burden your M/T ROS. So, forget it. Let's it be as Mikrotik RouterOS doing.

ptsip

For me, pls do not burden a lot of address-list for porn-site, will make your M/T ROS getting slow. Using another solution like from http://www.iss.net or alike solutions(s).

ptsip

Several tips to block spam: from LAN > to Internal Mailserver: -use SMTP authentication in your mailserver, where it means that users from Outlook/Mozilla/etc must using their POP3 username and passwd when sending email -only permit trusted ip to send email without validation to your mailserver from...

ptsip

For me, M/T ROS v3.0 b7 is very stable, we're using M/T RouterBOARD 532 as well as WRAP. Highly recommended for testing. Also, IGP such OSPF do the best.
There are only minor (? bugs) as follows:
-console has crashed if doing: /export file xxx
-dfs not working

ptsip

Yes, I agree.
How to really know the next coming release of stable and powerful Mikrotik RouterOS if not tested in real/production. We must test it in isolated live environment.

ptsip

Also happen to me (at M/T ROS v.3beta7), dfs is not working also.
Just set the M/T as: ap-bridge, band: 2.4GHz b-g, 2412MHz, scan-list: 2412,2437,2462, freq-mode: manual-txpower. dfs-mode: radar detect.

ptsip

Let's try to: -on /ip fir addr, just add the ip-addr or name of your specific website -on /ip firewall filter > on extra: hotspot select: from client -and just reject with tcp-reset for more detailed information regarding hotspot, pls: -ip firewall filter print dynamic -ip firewall nat print dynamic...

ptsip

you have 1-ISP with 3-Public ip-addr, to use all of your three public ip just pls using: - on /ip route, pls mention pref-src on default - using the other 2-public ip-address for src-nat on your src-adress-group - also, you are able to to chain=dstnat to allow traffic from INTERNET > INTERNAL LAN wi...

ptsip

It really depends on how many users on hotspot as well as how long the data will do you want to keep.
Some guidance for reliable AAA Services, pls refer to http://mum.mikrotik.com/presentations/2 ... Boingo.pdf.

ptsip

Yes, pls always do backup with:
-on WinBOX, click click File and Backup
-on Terminal, /system backup save

will guarantee if something happen on your M/T ROS beta version, pls using Netinstall to downgrade to v2.9x and wil do restore it again.
It is very simple. Ok?

ptsip

May the the newest version of Mikrotik RouterOS (currently, on version 3.0 beta 7) will outperform on OLSR, pls review some of the materials on http://mum.mikrotik.com.

ptsip

Yes, of course you could do that with:
-redirect incoming traffic on port tcp-26 (for example, not port 25/stmp), and just pls to specify src-address-list on your M/T ROS, and on your incoming mailserver in lan/private segment to allow the specific ip-address to allow smtp relaying. May help ...

ptsip

On /ip firewall nat, using dstnat on chain, for example:

chain=dstnat in-interface=Public dst-port=110 protocol=tcp dst-address-list=your-public-ip action=dst-nat to-addresses=your-internal-ip to-ports=0-65535

ptsip

Just try tcp/udp ports for: 411-413,1214,3531,4661-4665,6345-6348,6881-6889

ptsip

Yes, I agree with Cmit.
It (maybe) resolve your case.

ptsip

Yes, I agree.

Just to buy the cheap M/T RouterOS and upgrade and/or downgrade your M/T ROS to the version you like.

ptsip

or the alternative resolution to resolve your BIOS upgrade on your Mikrotik RouterBOARD are: -make sure from M/T RouterOS you are able to ping such as http://www.yahoo.com and getting good reply if not: pls just setting: /ip route, and setting the right gateway, /ip dns (setting the right 1st/2nd fo...

ptsip

from Winbox, pls see the ip-addr, change your computer ip-address with the same subnet but different ip-addr. Pls just using Winbox (for your information, there are two kind of winbox version right now, v.2.2.10 and v.2.2.11. Just using v.2.2.10, pls download from http://www.mikrotik.co.id/getfile.p...

ptsip

I agree with Normis to not running M/T ROS on USB because of USB device is not suitable for running powerful Mikrotik RouterOS (except for just for testing purposes. Pls just using the device/hardware as recommended from Mikrotik. This is very stable system that must be running on stable device(s), ...

ptsip

Just pls to mention of what: -wireless radio; -what type of antenna; -how many km to p2p or p2mp my recommendations are: -just follow the documentation from Mikrotik documentation as well as search for nstreme in all forums; -using 48v power supply -(maybe) using combination of ap/ap-bridge with wds...

ptsip

or just simply using Dude Server version 3.0 beta 6 for syslog server instead of Kiwi Syslog server.

ptsip

Let you try several tips as follows:

-on "Connection Tracking", TCP Established Time-out change from 1d to 01:00:00
-pls do not using many rules on mangle, nat, and/or filter
-pls do not activate modules on Mikrotik RouterOS you do not needed it

May help ...

ptsip

Already there in Mikrotik RouterOS v-3.0beta7.

Search found 43 matches

Custom tools in Dude!