MikroTik

rd228

I'm currently using my 2011 with BT FTTP 150down and 50 up and I get the full speed however I am having to use Fasttrack to get that speed and keep the CPU down however my CPU does spike still. I'm going to be moving to TalkTalk 500 down and 70 up. I did have some concerns that the 2011 might not be...

rd228

The TalkTalk help pages do not appear to have caught up with their available broadband products, having only recently started selling FTTP services via Openreach connections - PTM encoding and VLAN 101 are only applicable to FTTC / VDSL2 connections. Whilst PPPoE is often used to provide the custom...

rd228

Sure, because for DHCP, there is no way to actually use any username/password. The question is what they mean by the "automated network authentication", whether that's just a marketing BS or there is some real meaning in it. Can't you test at a friend's before signing the contract? Thanks...

rd228

Not sure if this is the solution to the setup but I may just need to follow step 1 on this guide?

https://systemzone.net/mikrotik-configu ... onnection/

However im not sure regarding the encapsulation and VLAN ID get set?

rd228

Hello, I am looking to switch from BT to talktalk as I'm getting offered a better deal. Currently using an RB2011 as my main router with BT FTTP and it was easy enough to configure a PPPoE connection to get it working. My current setup is fibre into the house connecting to a BT Fiber modem (ONT). It...

rd228

I also know its not my firewall rules as I have disabled them all and tried another speed test.

rd228

To answer all of your questions - I havent got fast track enabled. I think I decided a while ago not to turn it on as it stops some other things working in the router when its enabled that I currently used at the time. I am on the latest version, and my WAN port is in port 1 which is connected to a ...

rd228

Hi all, Looking for some help here as im now stuck after trying a few suggestions on the forums. I am using a RB2011UiAS-RM with BT Fibre to the premises broadband. I have just upgraded from 50 down 10 up to 150 down 30 up. My upload speeds are reaching 30mbps fine. My downloads however are fluctuat...

rd228

Yes - It was the ordering that messed me up. This is what I have now come up with There are a couple of forward rules in my DMZ jump rules to allow the DMZ to talk to the LAN but only over specific ports, this is because I have a couple of things in my LAN that cant be moved to the DMZ. The external...

rd228

Ok think i've sussed it!

Bare with me, just tidying up some of my rules and ill post what I have done and if you wouldn't mind confirming its correct.

rd228

If I remove the Drop rule that drops traffic from the DMZ to the lan then I can access from internal. however I dont think thats what I need to do? As if I do that I am now able to ping address on my DMZ and vice versa from my LAN

rd228

You can't isolate LAN and DMZ completely, because when you'll try to connect from LAN to DMZ, it will be exactly that, no matter if it uses internal or external address. But you don't need to do any compromises with security. First you need to make sure that dstnat rules work for connections from L...

rd228

...one post to find what the problem is... ...one post to suggest a solution... ...ten posts to convince, that it is the only solution... ...sigh... Nevermind, just grumbling :) Thanks, but as i'm sure you know with any IT problem there is no "one solution" so whilst everyone including yo...

rd228

Hi @mkx

Thank you for the detailed explanation

So basically what you are saying is, I need to open up ports between my LAN and DMZ for this to work? Ideally something I wanted to avoid.

So for normal HTTP and HTTPS traffic I would need to open up port 80 and 443 between my LAN and DMZ?

rd228

Xvo pointed out above that I need to open up firewall access from my LAN to my DMZ. I dont want to do that, I want to keep them both completely isolated... Here is the firewall/NAT rules. There are some bits in there I need to tidy up and remove but haven't had the time to go through it yet The Jump...

rd228

Can anyone assist?

rd228

Hi all I think im going to need a little more assistance on this one - I have tried a hairpin nat based on the wiki documentation but its not working This is what is showing up as the problem in my log when I try and access my external domain from within side my LAN. Capture.PNG The bit I have scrib...

rd228

Hello I have just setup a DMZ on my mikrotik. I have my LAN running from one port on my mikrotik and my DMZ connected to the other. There are firewall rules between them to stop them talking to each other, that's not the issue here. Just to also point out both the DMZ and LAN are running on differen...

rd228

... Did you see my firewall post at the bottom of page 1? Just wondering if you'd mind taking a look over what I have and if its appropriate... Firstly, it is very difficult to give pointers on firewall rules if you do not have the full picture of the network, also, from a screenshot as it does not...

rd228

http://www.dslreports.com/speedtest post results, if possible do one for each device, tik and other the isp router Here is the result with the Mikrotik -http://www.dslreports.com/speedtest/33662838 Will get the router swapped over tomorrow and run the test again with the BT Hub as I cant take the l...

rd228

My latency at idle is fine - its around 6ms or less

Download is at around 40 and upload is where the problem is at over 400ms

Nothing wrong with the fibre connection as its fine as I've mentioned above if I use the BT Supplied Router. 6ms at idle around 40 download and 6ms for an upload!

rd228

Ok so it looks like we both have the same issue then by the looks of your results? I could setup if this is possible a QOS to limit during hours I will be using the internet and then over night or weekdays when I'm at work I can set a time shedule so that it can run full speed? Did you see my firewa...

rd228

Where is PC connected that you test from, behind the Cisco switch? Have you tried as @RoadkillX suggested, test from ether2 on RB2011 to eliminate internal LAN problems? I have tried cabled into the cisco switch. But yes I have also hard wired my PC into ether2 on the mikrotik and removed my lan fr...

rd228

Whilst we are on the subject of Firewall rules - I have now tidied them up since posting my config and would like your input on them as its currently being discussed above. I thought it might be easier to post a screenshot of the order and put an explanation as to why I have put them there and you c...

rd228

I have disabled all of my firewall rules and added your ones in place

Re ran my tests and its still the same problem....

rd228

Apologies, I did not see any mention of VLAN's in the posts, there are better way to do the fasttrack and I think we need to get to a base config where the 2011 performs as it should, then we can look at the bells and whistles, i.e. VLAN's, etc. For now, think it is best we get the full config Atta...

rd228

Can you tell me where hw-offload setting is located? My cable config is as follows WAN pppoe --> Eth1 -->(CAT6) to BTs Fibre Modem (ONT) LAN SFP port on the mikrotik connects fibre to another SFP module on a Cisco SG300 Bridges - Bridge 1 has the SFP port connected Bridge 2 has ether7 and ether10 co...

rd228

Hi all

Thanks for explaining all the reasons behind it but this is definitely not an issue with the ISP because if I use the BT home hub I get none of these issues.

The issue here definitely lies with the mikrotik.....

rd228

I have run my ping tests again on my parents 750G router on their broadband line... During a download the ping went to around 70ms and an upload went to around 80/90ms So it is increasing a little on the 750G router which has a near identical setup to my 2011 but not anywhere close to the 500ms I am...

rd228

Ok - it made a difference to CPU but no difference on my ping times or the speed I got.

Before fasttrack during a download my cpu was around 70% and 30-40% on an upload
Fasttrack enabled - download was 30% CPU and upload was between 20-30% CPU

rd228

Yep and it made absolutely no difference

rd228

Problem is that I have a server that backs up all my data and VM backups and then uploads it to the cloud for off site backups. Because of the size of the backups its usually running constantly. Because its running constantly my ping times are always really high and web pages lag when trying to open...

rd228

As another note ....I also have a friend who has a RB750G who has just installed it on his virgin line which is something like 300mb down and 50mb up and he doesn't experience this issue either. The RB750 is older than my router I believe and he gets his full speed and no ping issues when uploading/...

rd228

Thanks for your reply Can anyone tell me how I do that? Its odd though - as I mentioned in my first post...this router came from my old house and nothing on the config changed when it was moved to the new house with a new line. I never had this issue before I moved house! I actually have a RB750G I ...

rd228

Ok another test I have put in a Simple queue against the machine I'm running the tests from I have allowed the machine unlimited download as thats not a problem here but only allowed 5m upload from the 10m I have available to me in my package. I ran another speed test and the queues are working as t...

rd228

I have factory reset the router and updated it to the latest configuration. Still the same problem :(. All I configured after factory resetting it was the PPPoe Interface and the NAT rule to allow traffic out. Everything else was standard of a fresh install. Ran a speed test - as before the ping jum...

rd228

Didnt get a chance to upgrade the OS last night....probably wont get a chance now till Friday so will hopefully update you then!

Ross

rd228

Could you give me an explanation of the fasttrack rule? Whats its for and what it does and how it benefits?

I had a look on the wiki about it but it didn't really make sense to me....

rd228

An update definitely needs to be done - I agree with you here. I used to be on top of regular updates but now am a little apprehensive as most people are when you haven't upgraded in a while to do such a major upgrade so have kept putting it off! I have backups so should be fine, this problem is jus...

rd228

Nope - Router was purchased brand new

Everything in there I have at some point put in place myself.

As I say most of it is disabled after I have tested something but I just never deleted it.

I have removed the file.

rd228

Hi

See attached config file - was a bit to long to put in a post.

There are quite a few firewall rules in there which I know you will probably pick up on and mention but most of them are switched off and were only used for testing. I do need to go through and tidy up the ones im no longer using.

rd228

weird, last resource /export hide-sensitve if you can.

Sorry I'm not sure what that is? Can you explain?

I copied /export hide-sensitive to the terminal but it says "expected end of command (line 1 column 9)

rd228

Added those rules - made no difference.

I also turned off ALL of my rules to see if it was one of those and that makes no difference either

rd228

CPU is 50-60% during a speedtest download and around 30% during an upload.

I don't have these rules but will try them now and let you know!

rd228

No Difference

Before the test starts -

Screen Shot 2018-05-13 at 21.22.44.png

During a download -

Screen Shot 2018-05-13 at 21.22.55.png

During an upload -

Screen Shot 2018-05-13 at 21.23.10.png

rd228

I cant find the MTU on the Home Hub 5 but I did the CMD test to work out what my MAX MTU is while I had the home hub connected I ran ping www.google.com -f -l xxxx changing the number till I found the largest packet I could that didn't fragment and then added 28 to it. This gave me a Max MTU with th...

rd228

Hi all Hoping for someone with a little more kwnoledge than myself to help me work this one out as I'm stumped! I have BT Infinity Broadband, Fibre to the premises - 50mb Down / 10mb Up I have replaced the BT Home Hub with a Mikrotik RB2011UiAS. I have no problems getting connected to the BT Service...

rd228

Ah my bad! Apologies!

That fixed it...not paying attention.

rd228

Hi all I am having trouble with task I am trying to run as a script I am using this to resolve my DNS name which will then update the Remote IP on my GRE Tunnel. /interface gre set "gre-tunnel1" remote-address=[:resolve "mydomain.com" This line works from the terminal perfectly.....

rd228

Thank you!

That solved my issue!

rd228

/21 would only give me from 172.28.0.1 to 172.28.7.254. My servers are already assigned static addresses in the 172.28.8.0 range and I dont want to go and have to re assign them. Workstations use 172.28.6.x and needs to be able to talk to the server range If I used /20 at R1 that would give me a ran...

rd228

Hi CZFan Thank you for the reply - so how would I go about altering this? Can I not use 172.28.10.x on the R2 LAN and have to go with another range? I.e 192.168.1.x? I need to have the /16 mask on the R1 side due to seperating Workstations / Servers into different subnets. I was hoping to still be a...

rd228

Hi all I'm having some issues with a GRE Tunnel I have created to link two sites via VPN For the sake of this post I will call the main site R1 and the secondary site R2 I have a GRE interface created at both ends GRE Interface R1 - 172.28.22.1/30 GRE Interface R2 - 172.28.22.2/30 LAN R1 - 172.28.0....

rd228

Hi yeah thanks for pointing that bit out, thats the bit I already know how to do

What main crux of my question was how to do this with a dynamic public IP address at both ends.

rd228

Hi, Ive had a search around the forums but cant seem to find a definitive answer on this What I'm trying to achieve is a mikrotik to mikrotik vpn or site to site to be official. This is for a home setup, id like to be able to connect 2 home networks each with their own mikrotiks. I already have a di...

rd228

Anyone?

rd228

Hi All, I have setup Cacti in my network to graph data from my mikrotik such as memory and CPU usage and interface statistics, this is working really well. What id like to do now that I cant seem to find any documentation on is; is it possible to graph traffic flowing through a firewall port? I.e I ...

rd228

Ask your friend to come by for a beer and fix your network. No choices huh :lol: :lol: :lol: No one on here is going to teach you how DNS works, that isnt what this forum is for. You need to go away and do your own research on how DNS works. There is plenty of information you can find on google. Th...

rd228

Anyone??

rd228

Hi Zerobyte I setup ether6 as my DMZ interface and set master port to none. The IP of the interface as 172.28.20.1 The webservers ip address is 172.28.20.254 and connected to ether6 I setup NAT as the following Chain - DST-NAT Protocol: tcp dst.port : 80 in.interface: pppoe-out1 (This is my wan conn...

rd228

Hi all, Is this possible? If so how would I go about achieving this? I'm already using a PPPoE connection with a dynamic ip address for my internet connection. I'd like to be able to put a web server in a DMZ to keep it separate from my local LAN. I've done some googling but no one seems to have def...

rd228

Thanks,

Im already running the latest version....

My timeout is currently 60 which I had on my 750g mikrotik with no issues.

Is a lower time better then? Ill try 10.

rd228

I guess no ones going to offer any advice then?

rd228

Another thing I just though of is,

The modem is going into ether1 which is the "poe in" port for the mikrotik should I want to power it via POE instead of the power brick..

Would this cause an issue?

rd228

I've also noticed before it happens in the logs a set of IP addresses in DHCP assign and deassign constantly. A different IP each time. Most of my decives in my network have been statically assigned from the mikrotik and have 8 day leases. The devices in this screenshot still have 6 days to go on th...

rd228

Hi All, Having the following error in the subject line happen at least 10 times or more a day! I Previously had a 750G but just upgraded to a RB2011. I copied all of my settings over by hand to make sure everything was correct and the same from the 750 over to the 2011 board. My broadband provider i...

rd228

Not to worry, apologies.

Managed to get it back! It was in the multicasing package. A little misleading seeing as it puts it in the routing menu so I was trying to install the routing package! Doh!

rd228

Hi Ive just got hold of a Mikrotik RB2011 device, I currently have also a RB750G Im using the RB2011 to replace the 750. The RB2011 is running version 6.34.1. I've noticed that IGMP Proxy isnt avaliable in routing section! On my 750g under routing its there with version 6.27.......why isnt it on the...

rd228

Just to add to this,

I am also running with a dynamic public IP address. Are either of the above options possible with a dynamic IP? I need to expose the web server to the public but keeping it separate from the LAN should it get compromised

rd228

Hi all, I would like your opinion on what im trying to achieve here and the best way to do it. I have a web server amongst other servers sat on my ESXi box on a Dell R610. I want to expose my web server to the outside world so I can access it without having to VPN in and access it locally. Its curre...

rd228

I can't see that it is as I was only using it successfully the other week.

rd228

Hello, If im connected via my LAN I can log into winbox fine. If I teather my iphone to my laptop where there is no free wifi and then connect via my L2TP VPN connection I can log into winbox but no data shows in any of the windows....i.e if I go onto DHCP Server --> Leases nothing shows or in the f...

rd228

Is anyone able to help me with this please??

rd228

Any one got any ideas?

rd228

Just to add to this.... If I add a forward drop rule with the Source as the FTPAllowedUsers list and leave the destinations blank and put this rule directly under the accept forward rule for the FTPallowedusers this works and blocks all traffic to the network apart from 172.28.8.82 So something in m...

rd228

Apologies, Here is my input and forward chains. Ive left out the virus jump chain as that wont show you much. Its just blocking a few known ports for viruses. Its the standard virus script on the mikrotik wiki. Ether 1 connects to an ADSL 2 modem via cat 5 PPPoE is set to use Ether 1 and dial out LA...

rd228

Just double checked and there is not space on the mikrotik, its definitely pointing to the correct list. Think It was just a mistake with the copy/paste to the thread. The address list is being created and the IP populated into the list. I can see data traveling through the forward firewall rule tha...

rd228

Ah Amazing, got this working. The User connects and an address list is created on the mikrotik. I have set the forward rule in the firewall as you said above.....the only issue im having now is that the restriction isnt working. The user can still pass traffic over the whole network.....If I set the...

rd228

Any ideas?

Thanks

rd228

Yes Basically I have a list of users in RADIUS that have access to my Mikrotik L2TP VPN for network access. I would like say user Bob - allow access to only my ftp server at 172.28.8.96 but not be able to access any other services I have running on the network should he know the IP of those services...

rd228

Hello, I have a L2TP VPN setup on my mikrotik, authentication is done via my AD server using RADIUS I was wondering is there a way to control what each user has access to on my network? I.e User 1 can only access 1 ip address on the network or a set subnet and user 2 can access the whole network/sub...

Search found 81 matches