Re: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27

2018-08-05 Thread Shawn C. Peppers via Mikrotik-users 
Been cleaning this up for random clients daily nowhence the reason i am 
very strongly voicing zero open ports (except l2tp and ipsec) to the outside 
network...  

:: // Shawn Peppers
:: // DirectlinkAdmin.com

> On Aug 5, 2018, at 7:57 PM, Bob Pensworth  wrote:
> 
> We are finding an IP/Socks connection:
> We are finding an event entry in System/Scheduler
> And the (below) script in System/Script:
>  
> /ip firewall filter remove [/ip firewall filter find where comment ~ "port 
> [0-9]*"];/ip socks set enabled=yes port=11328 max-connections=255 
> connection-idle-timeout=60;/ip socks access remove [/ip socks access 
> find];/ip firewall filter add chain=input protocol=tcp port=11328 
> action=accept comment="port 11328";/ip firewall filter move [/ip firewall 
> filter find comment="port 11328"] 1;
>  
> --
> Bob Pensworth, WA7BOB | General Manager
> CresComm WiFi, LLC | (360) 928-0000, x1
>  
> From: mikrotik-users-boun...@wispa.org  On 
> Behalf Of Shawn C. Peppers via Mikrotik-users
> Sent: Friday, March 16, 2018 11:54 AM
> To: mikrotik-users@wispa.org; memb...@wisp.org
> Subject: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27
>  
> I have not tested this yet but
>  
> https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow
> 
> :: // Shawn Peppers
> :: // DirectlinkAdmin.com
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Exclude one Ip from NAT Pool

2018-02-15 Thread Shawn C. Peppers via Mikrotik-users 
Not exact on your config...but you could use the “everything else” flag on the 
source ip address in the nat rule.  If you want to just not allow the specific 
source ip address to nat out then just place the action to accept and make sure 
you place the rule itself above your other nat rules.

::://Shawn C. Peppers\\:::

> On Feb 15, 2018, at 8:02 AM, Kevin Melson via Mikrotik-users 
>  wrote:
> 
> We have 1:1 Nat setup.
> I know i can create ranges to exclude the ip address i want to but is there a 
> command I could use to just exclude one IP address.
> We are having a weird NAT issue with our aircontrol server and I would just 
> like to exclude it from the network to do some testing
> 
> Thanks,
>  
> Kevin Melson
> Eagle One Wireless\PC Station
> 2007 Hwy 72 E
> Corinth, MS 38834
> 662-287-1722
> e...@e1w.com
> www.e1w.com
> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Questing regarding bypassing hotspot.

2018-01-21 Thread Shawn C. Peppers via Mikrotik-users 
I have never understood using hotspot on a “carrier” grade level.  I would 
switch to pppoe (on the customer station, not customer CPE/Router).  Sounds 
like it will do more of what your wanting.

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Jan 21, 2018, at 5:45 PM, ralph via Mikrotik-users 
>  wrote:
> 
> I have a lot of sites using MT Hotspot with an offsite RADIUS backend that 
> handles billing and customer speed control, etc.  
> 
> This is fine for when the customer has a browser equipped device. They just 
> log in via the portal and away they go.  But now there are many new devices 
> that don't use browsers,  things like smart thermostats, smart TVs, certain 
> game consoles and who knows what else.  MT (and my backend) have MAC 
> Authentication (where you set MAC as one of the login methods in the hotspot) 
> for those sorts of devices. However that only works if the device initiates 
> an HTTP connection. On HTTPS, no auto login  and on a lot of these other 
> devices no auto login either.
> 
> So I end up having to put these device's  MACs into an IP Binding table in 
> the MT hotspot.Works great.  But I lose all tracking of the user, I can't 
> control their speed, and I don't even know they are on line.   But the worst 
> part is that now I have to manually track whether or not their subscription 
> is current. Sometimes I forget to and their devices get free service for 
> months.
> 
> But I think there must be a way I can do the following:
> 
> 1. Let their MAC just pass through without going through the hotspot.
> 2. Limit the device's speed to that of their subscription
> 3. And optionally, have the rule go away on a certain date (or after a 
> certain period of time)
> 
> I'd be ecstatic if I could just get #1 and #2.
> 
> I don't know anything about "Manual Queues", only the ones the hotspot 
> creates upon login.  
> 
> Can someone help me out?
> 
> Thanks,
> Ralph
> 
> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] CCR routers and BGP

2017-11-09 Thread Shawn C. Peppers via Mikrotik-users 
I am not seeing the same results i do on occasions see an individual cpu spike 
like what your showing in your pic but it happens on all 8 cpus at different 
times.  For the most part it stays below 30%.

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Nov 9, 2017, at 10:00 PM, Mike Francis <mfran...@jmfsolutions.net> wrote:
> 
> Totally agree with Faisal... Every CCR I have ever seen doing BGP looks just 
> like the attached screenshot. Interestingly a similar config and number of 
> peers on a CHR has very different results.. Maybe it is something that vmware 
> or intel is doing? See both snips.
> 
> Thank you,
> 
> John Michael Francis II
> JMF Solutions, Inc
> Wavefly - Internet | Voip | Cloud
> INC 5000 #2593
> CRN Fast Growth #105
> 251-517-5069
> http://jmfsolutions.net
> http://wavefly.com
> 
> "People are unreasonable, illogical, and self-centered. Love them anyway. If 
> you do good, people may accuse you of selfish motives. Do good anyway. If you 
> are successful, you may win false friends and true enemies. Succeed anyway. 
> The good you do today may be forgotten tomorrow. Do good anyway. Honesty and 
> transparency make you vulnerable. Be honest and transparent anyway. What you 
> spend years building may be destroyed overnight. Build anyway. People who 
> really want help may attack you if you help them. Help them anyway. Give the 
> world the best you have and you may get hurt. Give the world your best 
> anyway." By: Mother Teresa
>> On 11/9/2017 9:45 PM, Faisal Imtiaz via Mikrotik-users wrote:
>> #1) Not sure which CPU core you are looking at when you say CPU is less then 
>> 20%
>> 
>> Look deeper, and you will see the each cpu core utilization.. aggregate view 
>> is mis-guiding
>> 
>> #2)  As I shared before, using default routes in conjunction with full 
>> tables, with any traffic engineering (as padding does not count), you can 
>> very well have traffic that will make it to where it is supposed to go, one 
>> way or another.
>> 
>> However when you start traffic engineering, i.e. selecting both incoming and 
>> outgoing paths across particular carriers, and you have traffic destined for 
>> particular places in the world. you can see your changes or any other 
>> changes taking 10-15min to become active... as opposed to 1-3min...
>> 
>> Now put a bunch of them in the mix (lots of peers) and you now have a Route 
>> Table which is out of sync
>> and if you are providing them to others.. you have interesting and strange 
>> behavior...
>> 
>> Regards.
>> 
>> 
>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> http://www.snappytelecom.net
>> 
>> Tel: 305 663 5518 x 232
>> 
>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>> 
>> - Original Message -
>>> From: "Shawn C. Peppers" <videodirectwispal...@gmail.com>
>>> To: "Faisal Imtiaz" <fai...@snappytelecom.net>
>>> Cc: "Mikrotik Users" <mikrotik-users@wispa.org>, "Josh Luthman" 
>>> <j...@imaginenetworksllc.com>
>>> Sent: Thursday, November 9, 2017 10:35:42 PM
>>> Subject: Re: [Mikrotik Users] CCR routers and BGP
>>> Just check router and its passing a gig, has firewall configured, and 
>>> hasn't hit
>>> over 20% CPU.  ccr1009-8g
>>> 
>>> Router has been up for 377days, not a hiccup even heard.
>>> 
>>> Not sure what kind of hidden issue your speaking of but this setup works 
>>> fine
>>> for under a 1 gigbit networks, i have it configured for multiple isps and 
>>> never
>>> hear or see any complaints.
>>> 
>>> Shawn C. Peppers
>>> Video Direct
>>> 866-680-8433 Toll Free
>>> http://www.video-direct.tv
>>> 
>>>> On Nov 9, 2017, at 9:00 PM, Faisal Imtiaz <fai...@snappytelecom.net> wrote:
>>>> 
>>>> LOL !...
>>>> 
>>>> Believe me your router is having issues (aka struggling in keeping up with 
>>>> the
>>>> full tables and updates).
>>>> 
>>>> You just might not be aware of it or have been affected by them to notice.
>>>> 
>>>> Yes it is possible to have a network, where one is happy and unaware of 
>>>> mundane
>>>> / yet intricate BGP issues..
>>>> Consider yourself fortunate.. but at the same time do not use this as a
>>>> 'standard' of measure that all networks are just like yours :)
>>>> 
>&

Re: [Mikrotik Users] CCR routers and BGP

2017-11-09 Thread Shawn C. Peppers via Mikrotik-users 
Just check router and its passing a gig, has firewall configured, and hasn't 
hit over 20% CPU.  ccr1009-8g

Router has been up for 377days, not a hiccup even heard.  

Not sure what kind of hidden issue your speaking of but this setup works fine 
for under a 1 gigbit networks, i have it configured for multiple isps and never 
hear or see any complaints. 

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Nov 9, 2017, at 9:00 PM, Faisal Imtiaz <fai...@snappytelecom.net> wrote:
> 
> LOL !... 
> 
> Believe me your router is having issues (aka struggling in keeping up with 
> the full tables and updates).
> 
> You just might not be aware of it or have been affected by them to notice.
> 
> Yes it is possible to have a network, where one is happy and unaware of 
> mundane / yet intricate BGP issues..
> Consider yourself fortunate.. but at the same time do not use this as a 
> 'standard' of measure that all networks are just like yours :)
> 
> I am not trying to be condescending, but offering a technical perspective for 
> you and anyone else who wants to reconcile the two sets of commentary that 
> happens every time the question of CCR and BGP is asked !
> 
> :)
> 
> Regards. 
> 
> Faisal Imtiaz
> Snappy Internet & Telecom
> http://www.snappytelecom.net
> 
> Tel: 305 663 5518 x 232
> 
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
> 
> - Original Message -
>> From: "Shawn C. Peppers via Mikrotik-users" <mikrotik-users@wispa.org>
>> To: "Josh Luthman" <j...@imaginenetworksllc.com>, "Mikrotik Users" 
>> <mikrotik-users@wispa.org>
>> Sent: Thursday, November 9, 2017 7:24:33 PM
>> Subject: Re: [Mikrotik Users] CCR routers and BGP
> 
>> I am running a CCR with two peers, full ipv4 and ipv6 routes, large ospf, 
>> qos,
>> and pppoe customer and seeing zero issues.  Actually it is probably my most
>> reliable router.
>> 
>> Shawn C. Peppers
>> Video Direct
>> 866-680-8433 Toll Free
>> http://www.video-direct.tv
>> 
>>> On Nov 9, 2017, at 4:54 PM, Josh Luthman via Mikrotik-users
>>> <mikrotik-users@wispa.org> wrote:
>>> 
>>> I remember the CCR had a lot of issues running BGP and would crash.  I'm not
>>> worried about it takes a couple of minutes to build routes when it first 
>>> boots
>>> up.  Are the issues resolved at this point?
>>> 
>>> I'm running an older x86 box for BGP and want to replace the Powercode BMU 
>>> (x86)
>>> with a more power efficient unit, possibly a second CCR?  Does this sound 
>>> like
>>> a good idea at this point or will I have Mikrotik problems?  Is there 
>>> something
>>> better than the CCR for these jobs?
>>> 
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>> ___
>>> Mikrotik-users mailing list
>>> Mikrotik-users@wispa.org
>>> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>> ___
>> Mikrotik-users mailing list
>> Mikrotik-users@wispa.org
>> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] CCR routers and BGP

2017-11-09 Thread Shawn C. Peppers via Mikrotik-users 
I am running a CCR with two peers, full ipv4 and ipv6 routes, large ospf, qos, 
and pppoe customer and seeing zero issues.  Actually it is probably my most 
reliable router.  

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Nov 9, 2017, at 4:54 PM, Josh Luthman via Mikrotik-users 
>  wrote:
> 
> I remember the CCR had a lot of issues running BGP and would crash.  I'm not 
> worried about it takes a couple of minutes to build routes when it first 
> boots up.  Are the issues resolved at this point?
> 
> I'm running an older x86 box for BGP and want to replace the Powercode BMU 
> (x86) with a more power efficient unit, possibly a second CCR?  Does this 
> sound like a good idea at this point or will I have Mikrotik problems?  Is 
> there something better than the CCR for these jobs?
> 
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] BGP Question

2017-11-01 Thread Shawn C. Peppers via Mikrotik-users 
Also you will need to set the bgp prepend path appropriately for you inbound 
traffic desires.  I use this on multiple networks and it works fine. 

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Nov 1, 2017, at 8:06 AM, Ethan E. Dee via Mikrotik-users 
>  wrote:
> 
> I am multihomed. I have a router that peers with charter and advertises 
> a few subnets. (Let's call it C)
> 
> I have a router that peers with AT at a tower (lets call it A)
> 
> And a router that peers with Spirit at a tower (lets call it S)
> 
> AT seems to have quite a low preference to the world. And I have no 
> idea what I'm doing. Though I feel like I do.
> 
> Nothing works.
> 
> All three routers are mikrotik. How do I tell the world to forget about 
> Charters advertisements unless you can no longer see AT?
> 
> 
> 
> 
> --
> This message has been scanned by E.F.A. Project and is believed to be clean.
> 
> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] BGP Question

2017-11-01 Thread Shawn C. Peppers via Mikrotik-users 
Use bgp local preference to add ASN “weight” out the specific undesired primary 
upstream provider.  

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Nov 1, 2017, at 8:06 AM, Ethan E. Dee via Mikrotik-users 
>  wrote:
> 
> I am multihomed. I have a router that peers with charter and advertises 
> a few subnets. (Let's call it C)
> 
> I have a router that peers with AT at a tower (lets call it A)
> 
> And a router that peers with Spirit at a tower (lets call it S)
> 
> AT seems to have quite a low preference to the world. And I have no 
> idea what I'm doing. Though I feel like I do.
> 
> Nothing works.
> 
> All three routers are mikrotik. How do I tell the world to forget about 
> Charters advertisements unless you can no longer see AT?
> 
> 
> 
> 
> --
> This message has been scanned by E.F.A. Project and is believed to be clean.
> 
> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Graphing specific traffic

2017-10-12 Thread Shawn C. Peppers via Mikrotik-users 
QoE device like Sansei’s devices would be the ideal way.

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Oct 12, 2017, at 11:40 AM, Lewis Bergman via Mikrotik-users 
>  wrote:
> 
> Any f the flow tools are how this is normally done. Probably the least 
> resource intensive way as well.
> 
>> On Thu, Oct 12, 2017 at 1:19 PM RickG via Mikrotik-users 
>>  wrote:
>> Does PRTG do this?
>> 
>>> On Thu, Oct 12, 2017 at 1:27 PM, mike.lyon--- via Mikrotik-users 
>>>  wrote:
>>> Maybe use netflow?
>>> https://www.plixer.com/blog/network-traffic-monitor/mikrotik-netflow-support/
>>> 
>>> 
 On Oct 12, 2017, at 10:18, Josh Luthman via Mikrotik-users 
  wrote:
 
 Use Mikrotik.  Create a firewall mangle to identify the traffic and a 
 queue to graph it.
 
 
 Josh Luthman
 Office: 937-552-2340
 Direct: 937-552-2343
 1100 Wayne St
 Suite 1337
 Troy, OH 45373
 
> On Thu, Oct 12, 2017 at 1:12 PM, Ethan E. Dee via Mikrotik-users 
>  wrote:
> I am looking to be able to find how much traffic is going to specific
> places i.e. google, amazon. netflix, etc. And possibly graphing that
> data as well.
> 
> I use mikrotik at my core and edge.
> 
> Can anyone recommend a product for this?
> 
> 
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
> 
> 
> 
> --
> This message has been scanned by E.F.A. Project and is believed to be 
> clean.
> 
> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
 
 ___
 Mikrotik-users mailing list
 Mikrotik-users@wispa.org
 http://lists.wispa.org/mailman/listinfo/mikrotik-users
>>> 
>>> ___
>>> Mikrotik-users mailing list
>>> Mikrotik-users@wispa.org
>>> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>>> 
>> 
>> 
>> 
>> -- 
>> -RickG
>> ___
>> Mikrotik-users mailing list
>> Mikrotik-users@wispa.org
>> http://lists.wispa.org/mailman/listinfo/mikrotik-users
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Speed Limit

2017-10-02 Thread Shawn C. Peppers via Mikrotik-users 
With PCQ/Mangle or you could just create a simple queue for each /32 ip in the 
/24 subnet. 

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Oct 2, 2017, at 10:46 AM, Ethan E. Dee via Mikrotik-users 
>  wrote:
> 
> Does anyone here know how I could speed limit individual ip's within a 
> subnet as opposed to the subnet or interface as a whole?
> 
> Say I wanted everyone in 10.1.0.0/24 to only be allowed 10mb/10mb 
> individually.
> 
> Can I do that in RouterOS?
> 
> 
> 
> --
> This message has been scanned by E.F.A. Project and is believed to be clean.
> 
> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] VOIP Optimization settings

2017-07-12 Thread Shawn C. Peppers via Mikrotik-users 
Make voip connection with appropriate dscp tag, and also mark everything else.  
Build Queue Tree, Done. 

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Jul 12, 2017, at 8:06 PM, Tommy Adams via Mikrotik-users 
>  wrote:
> 
> There was a great presentation at the Dallas MUM two years ago on voip. Check 
> it out on YouTube. I work with a voip provider in Dallas who exclusively used 
> RB2011's as their gateway router for clients. 
> 
> 
> 
> Tommy A.
> Digitex.com
> 
> 817.558.6230 V
> 817.558.1204 F
> 
>> On Jul 12, 2017, at 7:41 PM, Hexis via Mikrotik-users 
>>  wrote:
>> 
>> Not really that definitive, but:
>> https://wiki.mikrotik.com/wiki/Voip
>> 
>> Mostly you want to:
>> 
>> 1. queue it separately from other data so there will always be sufficient 
>> bandwidth. (piece of cake on mikrotik)
>> 2. Make sure your L2 equipment supports QOS/DSCP tags
>> 
>> 
>> 
>>> On 7/12/2017 5:53 PM, Rick Boucher via Mikrotik-users wrote:
>>> Anyone have definitive VOIP optimization setup for Mikrotik.
>>> 
>>> Looking for a definitive guide / setup to optimize my routers, both border 
>>> and interior for VOIP.
>>> 
>>> 
>>> 
>>> Rick
>>> 
>>> 
>>> 
>>> -
>>> 
>>> 
>>> Rick Boucher
>>> Webmaster / Systems Admin
>>> Orcas Online / San Juan Web  
>>> (360) 376-6411
>>> http://www.orcasonline.com 
>>> http://www.sanjuanweb.com
>>> The information source for the San Juan Islands
>>> 
>>> 
>>> 
>>> Plans for the next day - "Work, work from early to late. In fact
>>> I have so much to do that I shall spend the first three hours in prayer."
>>> - Martin Luther
>>> 
>>> 
>>> ___
>>> Mikrotik-users mailing list
>>> Mikrotik-users@wispa.org
>>> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>> 
>> ___
>> Mikrotik-users mailing list
>> Mikrotik-users@wispa.org
>> http://lists.wispa.org/mailman/listinfo/mikrotik-users
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Am I just blind?

2017-06-23 Thread Shawn C. Peppers via Mikrotik-users 
2011but poe out only on port 10.  Has a sfp interface which you will use a 
fiber sfp module.

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Jun 23, 2017, at 5:22 PM, Blair Davis via Mikrotik-users 
>  wrote:
> 
> Looking for a routerboard with 4-8 Ethernet ports and a fiber cage...
> 
> POE out on the Ethernet ports would be nice...
> 
> But I need ROS, not a switch.
> 
> --
> 
> 
>> On 6/21/2017 1:13 PM, Nick Bright via Mikrotik-users wrote:
>>> On 5/28/2017 12:46 PM, Jan-OOLLC via Mikrotik-users wrote:
>>> Joe,
>>> 
>>> I too have spent thousands of hours building my networks.  I'm tired
>>> of wasting time and $$ on dis-information, half-way there solutions
>>> and thought that perhaps I should be asking this particular group as
>>> the members of this group should be the ones who would have good
>>> helpful answers.
>>> 
>>> I'm looking for articles, documents covering solutions for the authors
>>> and setups that actually worked.  I want to avoid making more
>>> expensive mistakes and I want to read about other peoples successes
>>> and how they got there.  Has anyone actually published?  What traps
>>> did they hit and what were the fixes?
>>> 
>>> Jan V
>>> 
>> If you can get there, I highly suggest that you attend WISPAPALOOZA and
>> WISPAmerica shows. You will learn much of what you're asking at these
>> kinds of events.
>> 
> 
> -- 
> West Michigan Wireless ISP
> Allegan, Michigan  49010
> 269-686-8648
> 
> A Division of:
> Camp Communication Services, INC
> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] love/hate

2017-06-10 Thread Shawn C. Peppers via Mikrotik-users 
The ccr1016-12g doesnt have sfp cage ports according to the mikrotik site. 

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Jun 10, 2017, at 12:34 PM, David Milholen via Mikrotik-users 
>  wrote:
> 
> I am beginning to hate mikrotik on so many levels that I think I need a more 
> reliable solution for my sites.
> 
> We have a 1016-12G Router with Mikrotik SFP copper modules in place and we 
> have it upgraded to the latest firmware.
> 
> For some odd unknown reason it decided to port flap on several ports that are 
> on the same bridge interface. Every thing 
> I have tried to stabilize the ports has failed using winbox or terminal. I 
> tried to downgrade to 6.27 and no bueno .
> 
> Now I am making a trip to replace the stupid thing with a tile router that 
> doesnt use sfp.
> 
> I am so sick  of the sfp madness of the mikrotik drama.
> 
> If anyone has anything or experience to share about this stupidness please 
> share.
> 
> Thanks
> 
> Dave
> 
>   
> 
> -- 
> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] love/hate

2017-06-10 Thread Shawn C. Peppers via Mikrotik-users 
I am having zero problems with this.  Are you confident that its the router 
itself?  What brand of sfp module is it?

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Jun 10, 2017, at 12:34 PM, David Milholen via Mikrotik-users 
>  wrote:
> 
> I am beginning to hate mikrotik on so many levels that I think I need a more 
> reliable solution for my sites.
> 
> We have a 1016-12G Router with Mikrotik SFP copper modules in place and we 
> have it upgraded to the latest firmware.
> 
> For some odd unknown reason it decided to port flap on several ports that are 
> on the same bridge interface. Every thing 
> I have tried to stabilize the ports has failed using winbox or terminal. I 
> tried to downgrade to 6.27 and no bueno .
> 
> Now I am making a trip to replace the stupid thing with a tile router that 
> doesnt use sfp.
> 
> I am so sick  of the sfp madness of the mikrotik drama.
> 
> If anyone has anything or experience to share about this stupidness please 
> share.
> 
> Thanks
> 
> Dave
> 
>   
> 
> -- 
> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Dude issue

2017-05-30 Thread Shawn C. Peppers via Mikrotik-users 
Interestingwhat did you do?  Auto purge config?

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On May 30, 2017, at 7:12 PM, Jason Wilson <ja...@remotelylocated.com> wrote:
> 
> I believe that is hard Drive full.  I had the same issue before.
> 
> 
> 
> Jason Wilson
> Remotely Located
> Providing High Speed Internet to out of the way places.
> 530-651-1736
> 530-748-9608 Cell
> www.remotelylocated.com
> 
>> On Tue, May 30, 2017 at 5:06 PM, Shawn C. Peppers via Mikrotik-users 
>> <mikrotik-users@wispa.org> wrote:
>> Getting a odd message from a dude server running on a CCR.  Seem to be 
>> database related, im thinking maybe the database needs repaired or 
>> something
>> 
>> The Dude is saying "server status: db failure: I/O error: stopped"
>> 
>> Shawn C. Peppers
>> Video Direct
>> 866-680-8433 Toll Free
>> http://www.video-direct.tv
>> ___
>> Mikrotik-users mailing list
>> Mikrotik-users@wispa.org
>> http://lists.wispa.org/mailman/listinfo/mikrotik-users
> 
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

[Mikrotik Users] Dude issue

2017-05-30 Thread Shawn C. Peppers via Mikrotik-users 
Getting a odd message from a dude server running on a CCR.  Seem to be database 
related, im thinking maybe the database needs repaired or something

The Dude is saying "server status: db failure: I/O error: stopped"

Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Queues per user per subnet

2017-04-06 Thread Shawn C. Peppers via Mikrotik-users 
:for IPADDRS from 2 to 254 do={/queue simple add name="172.16.16.$IPADDRS" 
target="172.16.16.$IPADDRS" max-limit="2M/9M"}

You will have to do it a /24 at a time but it will only take a sec


Shawn C. Peppers
Video Direct
866-680-8433 Toll Free
http://www.video-direct.tv

> On Apr 6, 2017, at 2:35 PM, Paul McCall via Mikrotik-users 
>  wrote:
> 
> Is there a simple way to add queue(s) for an entire /20 without having to 
> have a queue for each one?  To be clear, I'm not concerned with how to get 
> that many queues in (we have a spreadsheet that makes that easy), but moreso 
> not wanting to have that many queues.
> 
> Looking to limit each user to a maximum of 5Mbit down / 1Mbit up with a 25Mb 
> burst up/down.
> 
> Paul
> 
> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] RB 3011 - Intermittent packet loss between first 5 and second 5 ports

2017-01-31 Thread Shawn C. Peppers via Mikrotik-users 
Could have a STP problem.

Shawn C. Peppers
Video Direct Satellite & Entertainment
866-680-8433 Toll Free
480-287-9960 Fax
http://www.video-direct.tv

> On Jan 31, 2017, at 7:33 PM, James Wilson via Mikrotik-users 
>  wrote:
> 
> The router is set up pretty as a switch except for port 10 that's set up as a 
> router to act as a CPE radio for local WiFi for the premises.
> 
> Every minute or five it will lose two to four pings when the pings cross the 
> from one set of ports to the other.
> 
> I don't know my way around MikroTik very well yet, but have had someone more 
> knowledgeable set it up.  He's just not very available right now.
> 
> The router is running at around 1% to 4% CPU.
> 
> This router jut replaced an RB 2011 that was exhibiting the same symptoms.
> 
> Any ideas about where to start looking?  Any questions about how it is set up?
> 
> Thanks!
> 
> 
> 
> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

[Mikrotik Users] Send commands via The Dude

2017-01-23 Thread Shawn C. Peppers via Mikrotik-users 
Anyone had success sending commands to remote mikrotik routers via The Dude?   
I would like to be able to send command to be able to change settings, etc.

Shawn C. Peppers
Video Direct Satellite & Entertainment
866-680-8433 Toll Free
480-287-9960 Fax
http://www.video-direct.tv
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Need help with my mikrotik configuration

2017-01-18 Thread Shawn C. Peppers via Mikrotik-users 
Alex,

We can help you with this.  Email me off list. 

videodirectwispal...@gmail.com

Shawn C. Peppers
Video Direct Satellite & Entertainment
866-680-8433 Toll Free
480-287-9960 Fax
http://www.video-direct.tv

> On Jan 18, 2017, at 11:34 AM, Alejandro Perez via Mikrotik-users 
>  wrote:
> 
> Hello.
> Does anyone know a compaby that remotely can help me to configure my mikrotik 
> router? Im almost done with my configuration, but im having some issues with 
> the Pppoe and management vlans.
> 
> Regards,
> 
> 
> Alex Perez
> 
> 956.236.4772
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Does anyone uses RB260gsp?

2016-11-25 Thread Shawn C. Peppers via Mikrotik-users 
I use lots of them.  We never have any issues. 

Shawn C. Peppers
Video Direct Satellite & Entertainment
866-680-8433 Toll Free
480-287-9960 Fax
http://www.video-direct.tv

> On Nov 25, 2016, at 2:44 PM, OWS Optimum Wireless via Mikrotik-users 
>  wrote:
> 
> Hello.
> 
> I just got a RB260gsp to test it, but don't know if I should just throw into 
> production right away.
> 
> Wanted to know if anyone in the list currently uses this product on its 
> network, if so, how reliable are they?
> 
> Thanks.
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] HTTP -> HTTPS redirect

2016-11-02 Thread Shawn C. Peppers via Mikrotik-users 
You can try dst nat rule.  With dst address as the server and dst port 80.  
Action redirect port 443 or even just dst-nat to same address but port 443.



Shawn C. Peppers
Video Direct Satellite & Entertainment
866-680-8433 Toll Free
480-287-9960 Fax
http://www.video-direct.tv

> On Nov 2, 2016, at 1:32 PM, Nick Bright via Mikrotik-users 
>  wrote:
> 
> Is there a way to use the firewall to redirect an HTTP connection to HTTPS?
> 
> Specifically for a site X, that site should only be available on HTTPS. 
> Clients connecting to HTTP should get a redirect to the HTTPS site, like 
> doing an HTTP redirect with HTML, but right in the firewall?
> 
> -- 
> ---
> -  Nick Bright-
> -  Vice President of Technology   -
> -  Valnet -=- We Connect You -=-  -
> -  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
> -  Web http://www.valnet.net/ -
> ---
> - Are your files safe?-
> - Valnet Vault - Secure Cloud Backup  -
> - More information & 30 day free trial at -
> - http://www.valnet.net/services/valnet-vault -
> ---
> 
> This email message and any attachments are intended solely for the use of the 
> addressees hereof. This message and any attachments may contain information 
> that is confidential, privileged and exempt from disclosure under applicable 
> law. If you are not the intended recipient of this message, you are 
> prohibited from reading, disclosing, reproducing, distributing, disseminating 
> or otherwise using this transmission. If you have received this message in 
> error, please promptly notify the sender by reply E-mail and immediately 
> delete this message from your system.
> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Share single public ip to multiple private IP address

2016-09-21 Thread Shawn C. Peppers via Mikrotik-users 
Why you say it has to be masqueraded?  Src nat to a ip works just fine and adds 
control.

Shawn C. Peppers
Video Direct Satellite & Entertainment
866-680-8433 Toll Free
480-287-9960 Fax
http://www.video-direct.tv

> On Sep 21, 2016, at 12:21 PM, T tech via Mikrotik-users 
>  wrote:
> 
> Assigning a public IP should be done with routing not nating public on 
> customer router.  Nating a private IP /24 to a public is a masquerade.  
> Multiple /24 private to different public IP multiple routers is best.
> 
>> On Sep 21, 2016 12:32 PM, "Ken Patrick via Mikrotik-users" 
>>  wrote:
>> Sort of this is what i have now with src-nat
>> 
>> /ip firewall nat add chain=srcnat action=src-nat src-address=192.168.0.64/27 
>> to-address=8.8.8.1;
>> /ip firewall nat add chain=srcnat action=src-nat src-address=192.168.0.96/27 
>> to-address=8.8.8.2;
>> /ip firewall nat add chain=srcnat action=src-nat 
>> src-address=192.168.0.128/27 to-address=8.8.8.3;
>> /ip firewall nat add chain=srcnat action=src-nat 
>> src-address=192.168.0.160/27 to-address=8.8.8.4;
>> /ip firewall nat add chain=srcnat action=src-nat 
>> src-address=192.168.0.192/27 to-address=8.8.8.5;
>> /ip firewall nat add chain=srcnat action=src-nat 
>> src-address=192.168.0.224/27 to-address=8.8.8.6;
>> 
>> Do i need to change it to masquerade and then add out interface ether1
>> 
>> 
>> 
>>> On Wed, Sep 21, 2016 at 4:23 PM, Shawn C. Peppers 
>>>  wrote:
>>> Your confusing me a bit.  Are you thinking you can src nat a bunch of 
>>> private ips out one public ip and expect to dst nat from one outside public 
>>> ip to a bunch of private ips?
>>> 
>>> You need to research carrier grade natting long term if you plan to keep 
>>> natting you customers.
>>> 
>>> Shawn C. Peppers
>>> Video Direct Satellite & Entertainment
>>> 866-680-8433 Toll Free
>>> 480-287-9960 Fax
>>> http://www.video-direct.tv
>>> 
 On Sep 21, 2016, at 10:18 AM, Ken Patrick  wrote:
 
 Socket I also need dst nat rules as currently with Src nat rules the users 
 complain they can't access Playststion network and streaming video on some 
 sites is slow whereas if I assign a static public ip the issues go away 
 but can't continue since I am running out
 
 
> On Wed, Sep 21, 2016 at 4:10 PM Shawn C. Peppers 
>  wrote:
> I don't understand your dst nat question.
> 
> You can src nat the the /24 by breaking up the /24 subnet into smaller 
> subnets in the firewall/nat rules.
> 
> Shawn C. Peppers
> Video Direct Satellite & Entertainment
> 866-680-8433 Toll Free
> 480-287-9960 Fax
> http://www.video-direct.tv
> 
>> On Sep 21, 2016, at 10:03 AM, Ken Patrick via Mikrotik-users 
>>  wrote:
>> 
>> Hi list,
>> I have run out of public IPV4 address and not ready to go to IPv6 yet.
>> 
>> I am trying to share 6 public IP address /27 to my /24 private IP 
>> address using a mikrotik router and want the Same public IP address to 
>> be used by theSrc Nat and dst-Nat   
>> 
>> I.e. 24 private hosts will always be assigned a particular IP address 
>> and next batch of 24 will shared the next IP address 
>> 
>> Regards
>> 
>> 
> 
>> ___
>> Mikrotik-users mailing list
>> Mikrotik-users@wispa.org
>> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>> 
>> 
>> ___
>> Mikrotik-users mailing list
>> Mikrotik-users@wispa.org
>> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>> 
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

[Mikrotik Users] Ios 10 L2TP/IPSec

2016-09-16 Thread Shawn C. Peppers via Mikrotik-users 
Anyone else having issue connection to mikrotik on ios 10 via l2tp/ipsec?  
Works fine on all other devices but fails from iphone. 

Shawn C. Peppers
Video Direct Satellite & Entertainment
866-680-8433 Toll Free
480-287-9960 Fax
http://www.video-direct.tv___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users