|
Yeah it should be fine. There's lots of fiddly little options in the dhcp setup section.
|
| # ? May 1, 2013 22:55 |
|
|
|
| # ? May 20, 2013 18:52 |
|
|
I've got a RB2011 which is working fantastically as a router for a charity. I'm looking to setup the hotspot functionality on it (with AD as the radius server, It's going to supply the hotspot to about 150 active volunteers) however when I try and configure the hotspot and look in the router's files all I see are empty folders. I've tried factory resetting the device and uninstalling and re installing the hotspot package to see if that replaces the files, is there anything else I can try?
|
| # ? May 3, 2013 23:31 |
|
|
Has anyone seen an RB493 just suddenly begin failing to get DHCP from a cable modem? Had a customer call up with that and it was quite bizarre. Still think it's his ISP as it gets a link and everything. He can also plug in *any* other device and get his IP. In other news, I have an RB750G that needs a new home. I have too many network devices. PM me if you're interested.
|
| # ? May 4, 2013 18:23 |
|
|
CuddleChunks posted:TOOLS TOOLS TOOLS TOOLS! Fair enough. I've went into System -> Logging, configured a new topic of "interface" as well as "debug" just below it. I'm guessing the results of this debug are supposed to appear in the log through Winbox? It doesn't seem to display any diagnostics after configuring the topic. Same result if I do /log -> print in a new terminal window. Is it because of the logging rules currently configured in the IP -> Firewall?
|
| # ? May 6, 2013 02:27 |
|
|
If you unplug and replug a live ethernet connection does the log fill with diagnostic info? That's what I would expect an interface log to show.
|
| # ? May 6, 2013 07:01 |
|
|
I'm trying to segregate our LAN somewhat at the moment. We have over 100 devices or so all on the same subnet, 192.168.2.0/24 . I don't know if it's related, but we started having our so/ho routers crapping the bed. I got it in my mind that I would fix this through segregating into subnets, and separate unsecured wifi. I'm trying to figure out the best way to do this, or if it's even needed? I got a 10port + wireless routerboard, and it's pretty sweet. I need some help on how to accomplish setting this up. So our entire network is attached to (unmanaged,cheap)switches throughout the building, then connected to our router/gateway which is 192.168.2.3. We have a Windows Server that does DHCP, file and print sharing, etc on 192.168.2.10 We have a central switch I think I can replace with the Routerboard. It will have 4 switches attached, which are the switches I want to subnet. I can assign addresses to interfaces like (WAN) 192.168.2.1, ether3 192.168.3.1, ether4 192.168.4.1, and ether5 192.168.5.1. I can then assign dhcp-relays to our central dhcp server, or I can just replicate the dhcp server's settings for WINS, DNS,etc. That should be able to segregate our museum, planetarium, and art gallery into subnets and connect to our gateway. My hang-up is how should I route the subnets? I can bridge the interfaces, but from what I'm reading bridging forwards broadcasts, which is what I believe I want to cut down on. I assume this is a NAT issue, should/can I just turn NAT off, or should I forward all 192.0.0.0/8 ? I only want them isolated from broadcasts, I still want them to be able to connect to each other, or atleast be able to connect to the server. I'm in the middle of trying to learn a bunch of this stuff, so tell me if what I'm doing is idiotic darkhand fucked around with this message at May 8, 2013 around 04:38 |
| # ? May 8, 2013 04:34 |
|
|
darkhand posted:I'm in the middle of trying to learn a bunch of this stuff, so tell me if what I'm doing is idiotic It makes sense if you want to cut down on the amount of broadcast traffic. Keep in mind that: a) You'll be using RouterOS DHCP server which means no good way to register the host names of DHCP clients with your Windows server b) You'll be routing traffic between subnets on the Routerboard. This will be slower than a switch and may be a new bottleneck depending on how your network is used. Each interface getting its own subnet will need to be taken off the switch chip, will need its own DHCP server settings and pool assigned, and an IP in that subnet which will be defined as the default gateway in DHCP. You shouldn't need to set up any routing as it already knows about the networks it has an interface on. I think you'll need to set up a WINS server on your Windows machine if it isn't already running or none of the Windows Networking stuff will work between subnets, this address is handed out by DHCP. I've never done this so I'm probably missing/wrong about a few things 
|
| # ? May 8, 2013 15:00 |
|
|
I've had a RB493G for a while, and while it took a couple of days to get it working, it's been rock solid for months. However, I need to set up QoS. I currently have 2 devices hard wired with wireless running off of a Ubiquity Unifi AP. Due to my apartment layout, all of my streaming video is done over wifi. I would like to set it up so traffic on {Interface AP} has higher priority over {Interface A} and {Interface B} whenever it's required. I get the impression that what I want isn't exactly possible, but what's the easiest/most efficient way to get what I need?
|
| # ? May 11, 2013 02:18 |
|
|
Can someone idiot check what I'm doing here? I found something online which said the only thing I need to do to have a service on my LAN accessible from outside is to do this:code:Edit: Scratch that. One of the dynamic routes has a preferred source which is one of the IPs that I don't want to use as our gateway and it's using this for some reason. Anyone got any ideas? Caged fucked around with this message at May 19, 2013 around 14:00 |
| # ? May 19, 2013 13:50 |
|
|
Caged posted:Can someone idiot check what I'm doing here? I found something online which said the only thing I need to do to have a service on my LAN accessible from outside is to do this: Looks good, but you'll also need to create a filter rule on the forward chain to allow the NAT'd traffic in. Use the private address in the filter rule, because NAT happens before filtering. code:
|
| # ? May 19, 2013 13:55 |
|
|
Thanks, that makes sense but this still isn't working. Should the new NAT and Firewall rules be above the defaults if these are in Winbox? The default masquerade NAT rule is still in there which I believe is what's giving me working internet at the moment.
|
| # ? May 19, 2013 14:06 |
|
|
Can you post an export of the /ip firewall section? Remember to sanitize your external IPs.code:
|
| # ? May 19, 2013 14:12 |
|
|
code:
|
| # ? May 19, 2013 14:16 |
|
|
I have a hunch that the counters for all your dst-nat rules are zero. Change the src-port=x to dst-port=x in each rule and it should work. You want to match a packet destined to port x, no matter what the source port is. As far as rule ordering goes, the only hard requirement is that the "accept" rules in the filter section have to go above the "drop" rule at the end of each chain. I'd put the "connection-state=established" and "connection-state=related" rules above your port forward rules, simply because the majority of your packets will be matched by them. SamDabbers fucked around with this message at May 19, 2013 around 14:32 |
| # ? May 19, 2013 14:29 |
|
|
They were at zero, I changed those. However I think there's a more fundamental issue as there isn't a ping response to that address from the WAN side, and HTTPS connections still don't work. Pings to other addresses in the same IP block from our ISP work fine. I've moved the HTTPS stuff onto the address that is working and everything's fine. I think I'll be calling the ISP next. Thanks for your help with everything though. Do you want a forums upgrade?
|
| # ? May 19, 2013 14:48 |
|
|
Nah, I'm cool on the forums upgrades; just pay it forward Good luck getting it straightened out with your ISP. Is the address that works, by chance, the address assigned in your Mikrotik to ether1? It won't respond to pings sent to addresses that aren't on one of its interfaces, and that's normal. You may need to configure your other addresses as secondary IPs on ether1 to get things working: code:SamDabbers fucked around with this message at May 19, 2013 around 14:59 |
| # ? May 19, 2013 14:55 |
|
|
|
| # ? May 20, 2013 18:52 |
|
|
This is what that section looks like:code:code:Edit again: I've removed all the addresses above except for code:Edit again again: Spoke to the ISP, ended up setting a src-nat to send a client out of each of the IP addresses in turn after adding them back in, and it worked fine (verified it was going out on the correct IP as well). Pinged them all from outside the network and everything worked except .212. I'm lost now but I've worked around things and things are at a point where they are working well enough for now. Just SIP calls take ages to go out but I can live with that. Caged fucked around with this message at May 19, 2013 around 16:43 |
| # ? May 19, 2013 15:09 |
|
