|
Atreus posted:Is there any word on whether or not they intend to do prepackaged multicore mips processors, or further move Tilera down in price? I'm looking for something that compares to the ERL/ERX from Ubnt and Mikrotik seems like it's missing a sweet spot in that area. The RB3011 was supposed to be some other processor but they've never had details outside of a mention at a MUM, and they won't have any details until they have something near production. http://routerboard.com/RB850Gx2 this is the only thing that sits between the MIPS line and the $350+ stuff. Unfortunately only sold as a bare board so you'll have to get a case from the RB450 line if your vendor doesn't build them for you, and it has a bizarre MTU limitation of 1580.
|
#
?
May 18, 2015 16:53
|
|
|
|
| # ? Apr 29, 2024 14:23 |
|
|
Gah, I need some help with NAT rules. I have a web server on the local LAN (bridge-local interface). I need the following: To forward incoming port 80 to the web server. To allow the web server to loopback (hairpin?) to itself when accessing it's FQDN (WAN IP), and to allow a normal functioning traffic to do it's thing. Here are the two rules I currently have: code:code:The second rule is the nat loopback rule to allow local traffic to hit the web server. The problem I'm having is that the local traffic can't hit the web server because on the first rule I have "in-interface=ether1-gateway". If I remove that then I can't browse the internet at all. Where am I going wrong here? edit: oh, I think I may have fixed this. I removed the in-interface from rule 1 and added a dst. address as my wan address. Does this make sense? kiwid fucked around with this message at 16:55 on May 22, 2015 |
|
#
?
May 22, 2015 16:43
|
|
|
The hairpin NAT example on their wiki looks identical to yours except they use the WAN IP address in the first rule instead of the interface. Have you tried that? edit: kept a tab open for too long 
|
|
#
?
May 22, 2015 17:03
|
|
|
thebigcow posted:The hairpin NAT example on their wiki looks identical to yours except they use the WAN IP address in the first rule instead of the interface. Have you tried that? You're refering to this, right? That's the documentation I was referencing but it looks like I may have hosed up on some of the rules. Let me clear this poo poo out and retry it. Edit: Yeah I'm all good now, I just didn't follow the documentation close enough. kiwid fucked around with this message at 18:03 on May 22, 2015 |
|
#
?
May 22, 2015 17:05
|
|
|
Looks like I'll be heading to China sometime next month, I think it'd be awesome to go ahead and setup a VPN system to connect back to my home (and real internet) from my laptop and phone. Does anyone have a link to a good tutorial on setting up that server? Or should I just spend 10 bucks on private internet access or similar?
|
|
#
?
May 24, 2015 03:17
|
|
|
This works for IPsec: https://raymii.org/s/tutorials/IPSEC_vpn_with_CentOS_7.html For OpenVPN the guide on the site is fine: https://openvpn.net/index.php/open-source/documentation/howto.html#examples You can always have something like Tunnel Bear pre-installed as a backup solution.
|
|
#
?
May 24, 2015 03:52
|
|
|
Anyone have an opinion on the Edgerouter X? I'm trying to decide whether there is specifically any reason to get the ERL over this?
|
|
#
?
May 24, 2015 19:17
|
|
|
ERL does hardware acceleration I think. I'm just looking for a small device I can use to troubleshoot on sub-100Mbps networks so the EdgeRouter X will be getting ordered once it's made it over here.
|
|
#
?
May 24, 2015 20:03
|
|
|
Before I wade into the terrible Mikrotik support wiki that usually confuses more than helps, does anyone know of a quick example script/code to actually make VLANs? I know how to do VLAN switching, like have a VLAN come from an upstream source and switch down and do egress translation and poo poo, but I've never actually made VLANs start at a Mikrotik source-- it's always been a Cisco or Vyatta doing it before.
|
|
#
?
May 24, 2015 20:13
|
|
|
jeeves posted:Before I wade into the terrible Mikrotik support wiki that usually confuses more than helps, does anyone know of a quick example script/code to actually make VLANs? You get to be the first to write one! Set up an RB2011 to replace a 13 year old Compaq EVO with a p4 and a pile of network cards. The default config has the gigabit ports switching in software instead of using the switch chip for reasons unknown. Works great now, just need to tape over the blue LED.
|
|
#
?
May 27, 2015 19:18
|
|
|
jeeves posted:Before I wade into the terrible Mikrotik support wiki that usually confuses more than helps, does anyone know of a quick example script/code to actually make VLANs? Oh yeah that Wiki is just great! Especially how it instructs you to create VLANS .. that don't work that way on several of their platforms (RB450G). Spent days getting VLANs to work .. stupid Wiki.
|
|
#
?
May 27, 2015 19:58
|
|
|
 I.. I think I setup a pair of vlans correctly. It works, it really does but I can't tell if it's spamming giant "destroy the network" packets out the WAN port or if everything is kosher and I'm just being paranoid. This mixture of fear and awe and confusion is normal for working with MikroTik.
|
|
#
?
May 27, 2015 23:29
|
|
|
CuddleChunks posted:
Yeah I've been using CRS125 switches to properly extend and tag/untag vlans, just not create the vlans as a source. I'll dive into this soon and provide a trip report.
|
|
#
?
May 28, 2015 01:37
|
|
|
Kind of a shot in the dark driven primarily by curiosity, but has anyone set up failover to a 3g/4g usb modem? It seems like all the bits are there but most of the info on the wiki seems to be written by not-US authors (implications for hw and carrier settings) and the info isn't all in one place. If I could get a cheap modem off ebay and pair it with a minimal data plan (tmo?) for an effective fallback that'd be  .
|
|
#
?
May 28, 2015 02:56
|
|
|
Any bets on nat/fasttrack fixes in the next couple of versions? What's new in 6.29 (2015-May-27 11:19): *) ssh server - use custom generated DH primes when possible; *) ipsec - allow to specify custom IP address for my_id parameter; *) ovpn server - use subnet topology in ip mode if netmask is provided (makes android & ios clients work); *) console - allow '-' characters in unknown command argument names; *) snmp - fix rare bug when some OIDs where skipped; *) ssh - added aes-ctr cipher support; *) mesh - fixed kernel crash; *) ipv4 fasttrack fastpath - accelerates connection tracking and nat for marked connections (more than 5x performance improvement compared to regular slow path conntrack/nat) - currently limited to TCP/UDP only; *) added ~fasttrack-connection~ firewall action in filter/mangle tables for marking connections as fasttrack; *) added fastpath support for bridge interfaces - packets received and transmitted on bridge interface can go fastpath (previously only bridge forwarded packets could go fastpath); *) packets now can go half-fastpath - if input interface supports fastpath and packet gets forwarded in fastpath but output interface does not support fastpath or has interface queue other than only-hw-queue packet gets converted to slow path only at the dst interface transmit time; *) trafflow: add natted addrs/ports to ipv4 flow info; *) queue tree: some queues would stop working after some configuration changes; *) tilegx: enable autoneg for sfp ports in netinstall; *) health - fix voltage on some RB4xx; *) romon - fix 100% CPU usage; *) romon - moved under tools menu in console; *) email - store hostname for consistency; *) vrrp - do not reset interface when no interesting config changes; *) fixed async. ppp server; *) sstp - fixed router lockup. *) queue tree: some queues would stop working after some configuration changes; *) fixed CRS226 10G ports could lose link (introduced in 6.28); *) fixed FREAK vulnerability in SSL & TLS; *) improved support for new hEX lite;
|
|
#
?
May 28, 2015 15:33
|
|
|
6.28 was a no-go, mostly due to the mandatory ROMON stuff they added. I downgraded everything I did test upgrades to back to 6.27. I wonder if 6.29 will be any better? I love how Mikrotik updates are basically monthly snapshots of their current build, and never an actual stable version. It's like if Firefox had their beta channel as their final builds.
|
|
#
?
May 28, 2015 16:10
|
|
|
jeeves posted:I love how Mikrotik updates are basically monthly snapshots of their current build, and never an actual stable version. It's like if Firefox had their beta channel as their final builds.  Is bestest version. Always is bestest. You install now. Send support.out to moose. Moose bring to programmer. Programmer tell you is not bug, is feature.
|
|
#
?
May 28, 2015 19:38
|
|
|
CuddleChunks posted:
No, is potato.
|
|
#
?
May 29, 2015 10:44
|
|
|
CuddleChunks posted:
Haves you not seen our testings station? Is rack that have all of ours routers. We do bestest test version by putting new firmwares on at least two or threes random ones and seeings if they boots. Is best Latvia way!
|
|
#
?
May 29, 2015 16:23
|
|
|
Anyone actually had issues with fasttrack on 6.29? No issues on a 951G-2HnD home network so far, seems to work fine. I'm not actually speed limited router-wise at home, just tempting my latvian fate. I'm just fasttracking established connections on the forward chain at the moment, since they seem to be the majority of traffic.
|
|
#
?
May 31, 2015 09:02
|
|
|
Bought a couple of hAP lites to use as a managed router at a few "customers" sites (read friends) and so far so good. The wifi distance doesn't seem to be as good, but tolerable. Since these things seem pretty good, could someone school me in the finer nature of creating a wireless mesh? If I were to set out several of these to create a wireless mesh with something like these, is there a way to make sure I still get a full 100Mbps from say one of the ethernet ports? I remember reading something about wireless is half duplex, but using different chains or antennas to alleviate it. It's all confusing.
|
|
#
?
Jun 5, 2015 21:36
|
|
|
edit: nvm, looks like I've asked this before. kiwid fucked around with this message at 16:12 on Jun 8, 2015 |
|
#
?
Jun 8, 2015 14:15
|
|
|
Atreus posted:Bought a couple of hAP lites to use as a managed router at a few "customers" sites (read friends) and so far so good. The wifi distance doesn't seem to be as good, but tolerable. Good luck? I can fairly reliably get about 100Mbps (actual throughput, not link rate) over 802.11n dual-chain on my 951G. In a traditional mesh, each extra hop should cut the throughput in half. Wifi is half duplex, so picture it this way: if you have 3 wifi routers in a mesh, with router 2 essentially acting as a repeater from router 1 (connected to the internet or other wired network) to router 3 (the wifi AP you are wired into), while router 2 is receiving from router 1, it cant also send to router 3. Thus, for traffic from 1->3, 2 is constantly switching between receiving and transmitting, cutting your throughput in half. Maybe there are creative ways around this using multiple chains and and multiple frequencies, but I would be pretty surprised to see 100Mbps over mesh on 802.11n, especially using something low end like a hAP lite.
|
|
#
?
Jun 10, 2015 04:04
|
|
|
drk posted:Good luck? I can fairly reliably get about 100Mbps (actual throughput, not link rate) over 802.11n dual-chain on my 951G. In a traditional mesh, each extra hop should cut the throughput in half. Wifi is half duplex, so picture it this way: if you have 3 wifi routers in a mesh, with router 2 essentially acting as a repeater from router 1 (connected to the internet or other wired network) to router 3 (the wifi AP you are wired into), while router 2 is receiving from router 1, it cant also send to router 3. Thus, for traffic from 1->3, 2 is constantly switching between receiving and transmitting, cutting your throughput in half. Maybe there are creative ways around this using multiple chains and and multiple frequencies, but I would be pretty surprised to see 100Mbps over mesh on 802.11n, especially using something low end like a hAP lite. This is kind of what I needed to know, I figured there could be an option with a wireless mesh that had two antennas or something that would use one to transmit for "backhaul" and one to do wireless AP, the haps might not be the best, was just curious overall.
|
|
#
?
Jun 10, 2015 15:15
|
|
|
No way around it - you need multiple radios. Traditionally this is why people got dual-band APs (2.4G+5G) and did the backhaul on 5G.
|
|
#
?
Jun 10, 2015 21:45
|
|
|
So I'm looking to put together a new router/WiFi solution for someone to be used indoors within their home. The problem I'm concerned about is the WiFi range I might need to cover as much of the house as possible. The current router is located on the first floor at the east end of the house in an enclosed room. It's a crappy Linksys WRT54GL but it's been chugging along for a while now. People in said house currently complain about poor WiFi reception in the basement, upstairs on the second level and in the living room (which is the next room over from the enclosed room.) I can't truly move the router/WiFi to a different room because that would require re-cabling. I was leaning towards a MikroTik with built-in WiFi like the RB951G-2HnD, but my fear is it won't have the range needed to cover the house. Would it make sense to get a standard MikroTik router without built-in WiFi and connect a Ubiquiti AP to it? I was leaning towards a mix of something like a RB750 with a Ubiquiti UAP-LR or PicoStation. Or would it make more sense to just do Ubiquiti across the board (router and all)? I haven't tried using the Ubiquiti hardware yet.
|
|
#
?
Jun 17, 2015 04:21
|
|
|
Coverage is a tricky thing. Sometimes you can get away with a couple routers in key locations and let their clients figure out which has the strongest signal and hop to the one they hear best. Or you can try range extenders and other trickery. Here are some options Option 1: 1 Apple Airport Extreme basestation 2 Apple Airport Express units for range extension Plug those in, configure it up and walk away. Should be a minimum of hassle but cost a fair amount. Option 2: 2 or 3 MikroTik RB951's 4x Powerline networking adapters (they come in pairs) Setup one MikroTik as the headend, then setup the others with matching SSID's and WPA keys. Set them to auto-channel but otherwise leave them as bridges. Plug in the powerline networking adapters around the house to give them their backhaul back to the main router. This makes a nice flat network and should move plenty of data from each AP to the main router. Option 3: Same as above but use one MikroTik and one powerline networking kit. Match the SSID and WPA to what the Linksys is using and then put the MikroTik at the other end of the house. That should fill in the gaps in coverage without getting too complicated. Hell, I'd switch that around and make the MikroTik the headend and setup the Linksys as a wifi bridge (turn off DHCP, set a static LAN IP so you can manage it later and plug ethernet into its LAN instead of WAN). Now you've got excellent routing at the front of the network and a known decent performer out near the edges. All of this comes with the caveat of "weird poo poo happens with wireless and networking and maybe it won't work well for you".
|
|
#
?
Jun 17, 2015 05:17
|
|
|
Option two doesn't sound too bad especially if I just try it with two MikroTiks first without the power-line adapters. So you're saying two MikroTik units with built-in WiFi, set only the WiFi portion of the routers to bridge mode but disable the remaining functionality of one router while the other one remains intact?
|
|
#
?
Jun 17, 2015 16:37
|
|
|
PUBLIC TOILET posted:Option two doesn't sound too bad especially if I just try it with two MikroTiks first without the power-line adapters. So you're saying two MikroTik units with built-in WiFi, set only the WiFi portion of the routers to bridge mode but disable the remaining functionality of one router while the other one remains intact? Basically. There is a quickset for access points, this might be as easy as two mouse clicks. If you want to complicate things you can try the new capsman package for access point management.
|
|
#
?
Jun 17, 2015 16:41
|
|
|
The recent newsletter shows an RB2011 routing 860 Mb/s with fast track turned on in 6.29 so I thought I'd give it a try. I'm still getting a ton of CPU usage from the firewall and only hit 550, but that's still a nice jump from the 330 it used to top out at and I'm probably missing something. Unfortunately it's IPv4 only at this point and will probably remain that way like their MPLS implementation.
|
|
#
?
Jun 17, 2015 16:48
|
|
|
thebigcow posted:Basically. There is a quickset for access points, this might be as easy as two mouse clicks. If you want to complicate things you can try the new capsman package for access point management. Hahah they build some neat options into winbox that I have never bothered to use because I've got my pile of scripts (and now a web page) for programming these things. For me, it's "enter user, pass, ssid, wpa" and click GENERATE SCRIPT. Apply the script and ta-da, a programmed router that's ready to go for our network. I just finished building a bridge mode script too so for the situation above you can program up one router, then switch over to bridge mode in my programming page and build a bridge with no fuss. I'm sure quickset makes it even easier.
|
|
#
?
Jun 17, 2015 16:57
|
|
|
On the Mikrotik forums, Normis is mentioning the "upcoming release" of a dual band home product, and requesting information on how to do their SSIDs. I'm personally excited for 5ghz AC. Hooray.
|
|
#
?
Jun 22, 2015 14:30
|
|
|
Atreus posted:On the Mikrotik forums, Normis is mentioning the "upcoming release" of a dual band home product, and requesting information on how to do their SSIDs. I'm personally excited for 5ghz AC. Hooray. http://wiki.mikrotik.com/wiki/MUM_2015_CZ Click the first link for Janis' presentation on their upcoming products.
|
|
#
?
Jun 22, 2015 14:37
|
|
|
Awesome, didn't know that existed, but I only follow announcements. oops.
|
|
#
?
Jun 22, 2015 19:29
|
|
|
Atreus posted:Awesome, didn't know that existed, but I only follow announcements. oops. All the cool stuff gets mentioned at the MUM before anywhere else. I hope the price on the hAP AC and lite aren't double the current models. I'd rather they make a 5ghz only model.
|
|
#
?
Jun 22, 2015 20:47
|
|
|
There's still a lot of old gear in the typical household. Something that's 5GHz only will just disappoint a lot of your customers for the foreseeable future. I hope it's not too expensive. I don't think I've been excited about a wireless device since I left my job at a WISP, but this looks cool.
|
|
#
?
Jun 23, 2015 04:22
|
|
|
A lot of the hardware sounds nice, but the items I'm interested in don't yet have prices. I also see a decent amount of the hardware doesn't include Gigabit ports which is a shame. Unless of course "fast ethernet" is Latvian for "Gigabit".
|
|
#
?
Jun 24, 2015 02:03
|
|
|
PUBLIC TOILET posted:A lot of the hardware sounds nice, but the items I'm interested in don't yet have prices. I also see a decent amount of the hardware doesn't include Gigabit ports which is a shame. Unless of course "fast ethernet" is Latvian for "Gigabit". The hardware with 10/100 ports is low powered enough that it will never push more than that, or is intended as CPE for WISPS.
|
|
#
?
Jun 24, 2015 04:52
|
|
|
thebigcow posted:Basically. There is a quickset for access points, this might be as easy as two mouse clicks. If you want to complicate things you can try the new capsman package for access point management. So I'm beginning to research this now and I'm wondering about something. Is it feasible/supported for me to do something like: Main router: RB951Ui-2HnD (located in one room connected via Ethernet to Verizon DSL modem) -> *WiFi bridge* (supplies connectivity to WiFi AP #1 & #2) -> WiFi AP #1: mAP 2n (located in another room, connects back to main router via WiFi bridge but also provides Internet access via WiFi) WiFi AP #2: mAP 2n (located in another room, connects back to main router via WiFi bridge but also provides Internet access via WiFi) Is this even possible or do I have to use power line network adapters to build the backbone between the mAP 2n units <-> RB951Ui-2HnD? It seems like the mAP 2n units spread around the house and making them connect back to the main router would resolve the WiFi coverage issues. PUBLIC TOILET fucked around with this message at 00:14 on Jun 26, 2015 |
|
#
?
Jun 26, 2015 00:03
|
|
|
|
| # ? Apr 29, 2024 14:23 |
|
|
You have to have two radios in a router if you want to have it be an AP and also bridge back to another.
|
|
#
?
Jun 26, 2015 00:25
|
|
