|
Does the RB750G support UPnP? How would one put together some kind of wireless access with one of these? Would you have to also purchase this to do that? It seems like it has a pretty steep learning curve with WinBox compared to some of the typical consumer routers out there.
|
# ¿ Feb 11, 2011 05:29 |
|
|
# ¿ Apr 27, 2024 02:37 |
|
R1CH posted:Wireless with routerboards can get kind of expensive as the consumer models like the RB750G don't have mPCI slots, so you need a better board, custom case, radio card, antennas, etc. Personally I just use a standard AP in AP mode (no routing etc) hooked into the MT device. It helps that I have a high quality AP, but you can pick up something like the Ubiquiti PowerAP pretty cheap and get a nice AP to hook into your network. Yeah I wouldn't be looking into anything that extensive. I'm just thinking of a cheap, MikroTik solution in my head that would provide a wireless AP and a routing solution in a two story house. Is the Ubiquiti radio a decent solution for that or does it seem like overkill for a house? I've never played with either product but I'm guessing you'd have to disable any routing on the Ubiquiti (if it even does any routing) and just make it pass-through to the MikroTik.
|
# ¿ Feb 11, 2011 16:29 |
|
These devices seem like they have an intensive configuration behind them. Honestly that's the one thing holding me back from trying one. That and having to use a separate wireless AP device unless I shell out more money for a Mikrotik that supports a wireless card. The wireless thing doesn't sound too bad though if I just connect a WRT54GL to the Mikrotik for strictly wireless AP access.
|
# ¿ Feb 17, 2011 04:06 |
|
If someone were in the market to purchase a MikroTik for home use, what would be the ideal solution that provides Gigabit switching and wireless connectivity?
|
# ¿ Mar 20, 2011 17:19 |
|
CuddleChunks posted:It comes with a level 4 license out of the box at the $70 price point. No extra purchases needed. Sounds good, I'll just wait it out then. Do you have any more information on this? I'm interested in the learning experience behind the MikroTiks and it seems like they're fairly dependable.
|
# ¿ Mar 23, 2011 02:47 |
|
yarrmatey posted:Haven't tested performance nor LACP support I'm afraid. I'm not sure I understand the software part of the UniFi. You would essentially setup your Mikrotik and make it use the UniFi as a wireless AP, then you have to use the UniFi software to configure the UniFi? You can't just access the UniFi via its IP address in a web browser?
|
# ¿ Apr 22, 2011 16:58 |
|
krackpot posted:There are new products for 2011 (http://www.mikrotik.com/download/share/hu11.pdf). Looks like they took the PDF down. Still looks like the cheapest Gigabit router they have then is the RB435G? And that comes with the MiniPCI slots for use with the R52Hn (if wireless is desired). Then you need an enclosure for all of that with support for external antennas. PUBLIC TOILET fucked around with this message at 20:51 on May 8, 2011 |
# ¿ May 8, 2011 20:41 |
|
krackpot posted:Not sure if this is the same PDF file (http://www.mikrotik.com/download/share/generic.pdf) RB751G sounds perfect to me. Q3 2011 on the other hand, not so much.
|
# ¿ May 9, 2011 05:17 |
|
Kaluza-Klein posted:What is recommended for a home network with N wifi? I'm more or less in the same boat and have been for some time. The RB751 sounds perfect for me, but ideally I'd like internal gigabit switching. I suppose one could just connect a gigabit switch to one of the ports on the Mikrotik but that's kind of a half-rear end solution. Are there plans for something like an RB751G? I can't remember.
|
# ¿ Dec 12, 2011 16:54 |
|
Does anyone know how difficult it may be to configure a commercial VPN service with a MikroTik? I've been experimenting with various VPN services on my current router (Linksys WRT54GL w/TomatoUSB ) but I'm experiencing the same download speed issues regardless of the VPN service I choose. I'm starting to believe that this router just can't handle the load required to download any large files while it's connected to a VPN. I've been meaning to buy RB751G-2HnD for a while now, but I don't know if it's going to have the same issue or not. Has anyone configured a commercial VPN with the RB751G-2HnD and can attest to its file download performance while it's connected to the VPN? How complicated would it be to configure this in the RouterOS? Or would I achieve better VPN performance with something like the RB2011UAS-2HnD-IN? PUBLIC TOILET fucked around with this message at 21:24 on Sep 30, 2012 |
# ¿ Sep 30, 2012 21:11 |
|
The_Franz posted:I can't comment on commercial VPN providers, but I did recently setup a VPN with a 750GL (same CPU as the 751G) on one end and an RB2011 on the other. With both units in my Wow. That's pretty impressive. I'm looking at the CPU usage in TomatoUSB now when I'm downloading a file through the VPN. I'm hitting 100% on average every minute and around 60% every five minutes.
|
# ¿ Sep 30, 2012 22:58 |
|
CuddleChunks posted:A quick trip report - we couldn't get stocks of the RB751 wireless routers in at work in the quantities we needed. They had them backordered to hell and back so we ended up switching to the RB951 series. Thanks for the heads up. Now I can wait until the RB951G-2HnD hits the market instead of having to buy the 7 series.
|
# ¿ Jan 31, 2013 04:36 |
|
CuddleChunks posted:Yup. We finally got our 751's in off backorder. Hooray for seeing stacks of those sleek white boxes on our shelves again. It's been incredibly frustrating to consider having to move to another platform as our vendors got their supply chain sorted out. What's this script that's being spoken about? I haven't purchased a Mikrotik yet so I haven't had a chance to dabble with one yet. If I can get the hang of it then I'll probably use it as the standard router for anyone I support outside of work.
|
# ¿ Feb 12, 2013 00:50 |
|
falz posted:MikroTik has a splash setup page for new/home users. For provisioning many, you can just paste a stock text config with a few variables changed. Oh you mean through the web interface? I'm just trying to get a feel for how it's going to function without actually touching it yet. I noticed the IPSEC note in the OP where the router has the possibility of tripping on itself when it comes to handling the load. Would this be a potential issue if I were only utilizing a VPN tunnel (with regards to large file transfers)?
|
# ¿ Feb 13, 2013 03:46 |
|
thebigcow posted:r0c-n0c has RB951G-2hnd in stock and bumped the price down on the RB751G I actually just finally bought the RB951G-2HnD today. We'll see how well it works. I've been putting it off and finally decided to just pull the trigger. The WRT54GL I have with Tomato on it is getting long in the tooth.
|
# ¿ Mar 14, 2013 03:29 |
|
ManicJason posted:Am I still the only person with nightmarish Apple vs. Mikrotik issues? I see tons of people on other forums complaining about the same since iOS 6 on something like 50% of the Apple wireless radios (all Broadcom, I believe.) There are recommendations about changing pre-amble settings and explicitly setting the protocol as 802.11, but all of my Apple devices (MacBook Pro, iPad 2, iPhone 4) get 100% packet loss at random intervals between a minute of use and 30 minutes of use even after messing with those settings. Rarely it will fix itself after five minutes or so, but it is always fixed by turning the wireless radio off and back on on the Apple device. I'm glad I'm not going insane then. I don't yet have a MikroTik router, but I've been noticing issues with iOS devices connecting to my current wireless network and I'm using WPA-2 with AES. If I can even get the device to connect (usually after telling it to keep trying because I know it's the correct password), it will stay connected for a while but then eventually drop off. It will then repeat the process of me having to try again and again. I eventually just gave up on it. If I see the same issues with the MikroTik then at least I know it's not going to be the router's fault. Apple needs to get their poo poo together.
|
# ¿ Mar 20, 2013 00:20 |
|
CuddleChunks posted:Good lord I am tired of the RB751's and their stupid bullshit with Apple products and everyone else. I've spent the last few days tweaking and fiddling and reading the angry forums at Mikrotik.com to get some guidance on how these should be setup. Thing is, they have so drat many features that it's anyone's guess what you should change. Still, I hope the following is helpful and this constitutes the best knowledge I have for how to set one of these up for home use: Thanks for this. I just received an e-mail this week stating my RB951G-2HnD shipped from Latvia so if I have issues with Apple products I'll give your script a try.
|
# ¿ Mar 30, 2013 17:51 |
|
I finally received my RB951G-2HnD from Latvia via USPS. Poked through this thread, some Google searching and the MikroTik wiki site in order to configure it and understand its intricacies. It's been a couple days and I finally just put it in production. I'm loving the poo poo out of this little mother fucker. I'm seriously impressed so far, it's practically light-years ahead of my old WRT54GL. I'm still working on configuring the static entries and some port forwarding but otherwise its been seamless. I didn't have to do any crazy workarounds to get iOS devices to work, either.
|
# ¿ Apr 11, 2013 04:14 |
|
I could actually use some help with a couple of issues I haven't had luck resolving. The first one is probably simple. I have a static IP entry for my Windows Home Server so it always gets 192.168.88.200. The Windows Home Server has a domain on homeserver.com so it can happily associate itself to that domain for remote access. However, part of making this successful is to forward at least two out of three ports through the router. I've done some Googling and also browsed the MikroTik wiki but so far everything I've tried has created more problems. I've been trying to configure port forwarding through IP -> Firewall -> NAT. I've created two separate entries, one that tells the router to allow external connections on TCP inbound to port 443 only to 192.168.88.200. The other one is the same way only it allows external connections inbound to port 4125 only to 192.168.88.200. When I set this and enable it, it doesn't work, but it also causes my workstation to not reach some websites. So if the two rules are enabled, they also cause my workstation to not establish a connection to various websites. When I removed those two port forward entries, my workstation returned to normal. Scratch that last part, apparently it doesn't seem to do that any longer. I just tried to access http://192.168.88.200/ in a browser and it went to the server this time. Mind you I don't have any port forwarding rules configured at the moment. Here's what my current firewall configuration looks like: code:
PUBLIC TOILET fucked around with this message at 03:33 on Apr 12, 2013 |
# ¿ Apr 11, 2013 23:09 |
|
zennik posted:I would change your two NAT rules to one rule, as such: I removed the rules I created and added the one you created above. No luck. Is that correct, though? You have the src-address as the internal network and the to-addresses go directly to the server. Wouldn't that only allow internal traffic to go to the server and not external Internet traffic? You also don't specify any action ports so I presume I don't need to input any if I've already specified ports 443 and 4125? The filter rules you mention were the pre-configured ones that have been there since I hooked up the router. Not sure if they're safe to remove or not.
|
# ¿ Apr 12, 2013 22:04 |
|
zennik posted:Notice the ! before the subnet, that means to match anything NOT in that subnet as the source. It shouldn't ever be an issue, but in rare cases it can be. I can simply disable them and not have to delete them, correct? If so, disabling them hasn't resolved the issue. The NAT rule you provided is in there and enabled. I've also tried it with and without specifying the "In. Interface" as "ether1-gateway" but that doesn't seem to have an effect either.
|
# ¿ Apr 12, 2013 22:39 |
|
zennik posted:Correct. I know that Time Warner blocks port 80 access, but I don't believe they block port 443 (HTTPS). That's why on the old router (WRT54GL w/Tomato), I had it set so that accessing the WAN IP or the DNS name with "https://" would go through the router directly to the server and the webpage would appear. For some reason that's not working with the MikroTik even after trying what you suggested, and after trying what other websites have suggested either. So I never bothered configuring port 80 access on the old router, but I did configure port 443 and port 4125 as required for WHS and it was working fine. Maybe there's a configuration/setting somewhere else in the router that's stopping it? Not sure where to look, though. PUBLIC TOILET fucked around with this message at 15:31 on Apr 13, 2013 |
# ¿ Apr 13, 2013 00:31 |
|
CuddleChunks posted:When you try to access your server, exactly what URL are you going to? Are you putting in its internal IP address or trying to use the external IP? When I test the site internally, I'm able to reach the server via https://192.168.88.200/. When I test it externally after creating a NAT rule, I've tried it via the WLAN IP and by the DNS name as well. Neither one works, I receive an error in Chrome stating the connection was refused. I've also been testing with this site and this site. Both are stating that my IP and my DNS respond, but on port I think I have OpenDNS configured properly by using the following: code:
code:
code:
PUBLIC TOILET fucked around with this message at 15:30 on Apr 13, 2013 |
# ¿ Apr 13, 2013 03:30 |
|
CuddleChunks posted:How are you testing this externally? Are you remoted into another machine and are trying to reach your site? Do you have a buddy trying to reach this page for you? Really? Huh. I'll have to check that. Does my OpenDNS configuration look okay? By the way, I've checked the logs this morning and unsurprisingly I see an IP address from China has been trying to login through SSH. What is with these routers just allowing everything turned on by default? So now I have to specifically drop attempts via port 22 in the rules AND dig through logs? I'm just going to poke around some MikroTik wiki pages on securing the router. PUBLIC TOILET fucked around with this message at 15:44 on Apr 13, 2013 |
# ¿ Apr 13, 2013 15:17 |
|
CuddleChunks posted:Go to IP -> Services and turn off all the services you don't want the Mikrotik to advertise. In other words, turn off the web server, the FTP port, SSH, telnet, etc. Turn off everything except winbox if you like and that should stop the bulk of probe attempts against your router. You and zennik have been a big help, thank you. I've combed through some security practice information in the MikroTik wiki and modified/applied it to my router. The only services I currently have enabled are "ssh", "winbox" and "www". However, I do believe I have my firewall rules configured properly so that external access is denied to those services. Below is the current configuration, maybe either of you can tell me if I've done anything incorrectly. One thing I'm not sure about is if I should specify an in-interface for the "From LAN network" rule. I also have BitTorrent configured to utilize UPnP for port forwarding, but also allow incoming connections to port 29793. Not sure if the rules below screw that up. code:
|
# ¿ Apr 13, 2013 17:27 |
|
SamDabbers posted:You may want to take a look at the packet flow diagram for RouterOS. The "input" chain in the firewall is for packets destined to the router itself, not packets that will ultimately be forwarded (the "forward" chain) somewhere else. Right now there's an implicit "accept all" rule in the "forward" chain, which is why things appear to be working. Look at the counters on the rules you have in Winbox; some of them are likely not being hit. Not sure what caused it, but I've just had to completely reset my MikroTik thanks to your configuration (on my birthday no less). I made a backup of my firewall configuration, then input yours through the terminal verbatim and then after doing so I could no longer load websites and then couldn't reconnect to the router through SSH or WinBox. Not sure if they'll offer it, but I've e-mailed MikroTik support for assistance with cleaning up my firewall rule-set and better explaining how it should be configured, etc. I think the biggest trouble I have so far with this router is understanding the proper implementation and design of the firewall. I understand what you were explaining in your post with regards to input/forwards rules and actually seeing the rule-set built within WinBox makes it easier for me to comprehend. However, after making those changes and reading it over again, I just don't understand what the problem was that caused it to stop functioning. PUBLIC TOILET fucked around with this message at 20:37 on Apr 16, 2013 |
# ¿ Apr 16, 2013 18:57 |
|
SamDabbers posted:Sorry to hear that! (Also happy birthday!) Yeah what I did was clear out all of the Filter Rules first, then input yours line-by-line through a new terminal window. One thing I did notice was when I reached the point of adding the ones allowing the outgoing traffic from the LAN, the paste didn't look correct. There were spaces and periods between the forward-slash and the next command. I also didn't know what the ideal single rule would have been that you mentioned as being an alternative to the multiple outgoing traffic rules. After the filter rules were done, I erased the NAT rules and then did those line-by-line as well. With regards to DNS resolution, I've done it a different way this time through WinBox. Under IP -> DNS, I've specific both OpenDNS servers under the "Servers" fields. Under "Static", I've also added both OpenDNS servers there as well. I then went to IP -> DHCP Client, disabled "Use Peer DNS". This appears to be working. PUBLIC TOILET fucked around with this message at 20:43 on Apr 16, 2013 |
# ¿ Apr 16, 2013 20:41 |
|
Okay, I've removed the OpenDNS servers from the Static DNS section. I've still left them specified under IP -> DNS and I've went ahead and modified the DNS servers under the DHCP Server section so that it points to the two OpenDNS servers and not the router (192.168.88.1). Thank you for that. I had thought about that when I was re-configuring the router (why am I trying to NAT OpenDNS? There has to be a way to statically force the server upon the clients.) Glad you pointed me in the right direction, I just couldn't locate the proper area to input that. It might just be a WinBox bug but when I opened a new terminal window, went to "ip firewall filter" and pasted: code:
code:
|
# ¿ Apr 16, 2013 23:05 |
|
SamDabbers posted:You should remove the '\' from the middle when you make it all one line. That backslash is there to tell the terminal that the next line is technically part of the current one, so it's not needed when it is actually all one line. No luck. I removed all of my firewall configuration, imported yours once more line-by-line but it still caused the router to stop functioning properly. After I import it, I can see the log dropping connection attempts and whatnot. However, once I try to open a website, it fails to resolve it. Below is an export of the firewall after re-configuring it with your settings: code:
|
# ¿ Apr 18, 2013 00:14 |
|
SamDabbers posted:By removing these it'd change the default policy to allow everything from everywhere. Linux/Mikrotik firewalling is first-match, and traffic coming from the LAN to either the router or the outside world should be matched by the rules above these. Sure, here you go. These are all the default. The only option I recall changing was making all of the ethernet interfaces 1Gbps.
|
# ¿ Apr 18, 2013 02:46 |
|
CuddleChunks posted:Out of curiosity, why aren't you using the default ruleset? The built-in one you get after a sys reset works right out of the box. Just trying to secure it a little bit is all and create decent logging rules so I can see what's actually going on. I'm also trying to customize some things (the remote access server for instance) and learn/understand how the firewall itself works. It's probably my biggest weakness with this router and I'd like to be able to work with it a bit. Ideally I'd like to obtain a paper-back manual or decent book on it but I don't really see much with regards to learning RouterOS. I'd like to use MikroTik hardware moving forward if I have to set one up for family, friends, etc. but obviously I need to learn it first. For instance, right now I don't understand why it has to be changed to the local bridge from the local master interface. I should check out that flowchart again. PUBLIC TOILET fucked around with this message at 04:19 on Apr 18, 2013 |
# ¿ Apr 18, 2013 04:04 |
|
SamDabbers posted:So I take it that worked? The reason that it has to be changed to the bridge interface is because the IP address is assigned to the bridge interface. Look under IP -> Addresses. Traffic sent to the router's IP will appear to the firewall to come in on the bridge interface. I actually didn't try it yet, but looking at the IP Addresses, there's only the ether1-gateway specified grabbing the IP from the ISP and there's also the wireless LAN interface in the list. Did you mean the DHCP Server? Because that has the bridge-local interface specified.
|
# ¿ Apr 18, 2013 05:00 |
|
SamDabbers posted:Think of the bridge as a virtual switch in software. It has 3 ports assigned to it: wlan1, ether2-master-local (and, implicitly, all its slaves), and the router CPU. The "port" that "connects" to the router CPU is labeled "bridge-local" in the config, and is treated just like any other interface when it comes to the IP layer stuff like DHCP and firewall. So there should be two IP addresses under IP -> Addresses: your ISP public address on ether1-gateway, and 192.168.88.1 on bridge-local. I think I understand what you mean. Everything hits the bridge-local first, then it's funneled to the appropriate interface(s) rather each interface acting independently when it comes to the initial switching? So in essence, it would go bridge-local -> ether1-gateway -> ether2-master-local AND/OR wlan1 with regards to the way this is configured and what is being utilized. After modifying the script to use bridge-local, it would appear as though we're good now. Much appreciated, thank you. I've been referencing the MikroTik wiki for direction on most things, but are there any actual paper-backs out there on RouterOS/MikroTik? It seems like the closest thing I can find are the planned training events they hold across the country. My next objective is to work on IPsec. PUBLIC TOILET fucked around with this message at 06:25 on Apr 19, 2013 |
# ¿ Apr 19, 2013 06:16 |
|
What's the best way for me to do a diagnostic of a specific device that connects to the network through the MikroTik router? I have a device that I want to complete network diagnostics on and see what's happening behind the scenes when it tries to communicate with the router. I can see in the normal log that it establishes a connection at 10mbit, then it disconnects, then it reconnects at 100mbit. After that it receives the DHCP lease but sometimes the device still won't have network connectivity.
|
# ¿ Apr 29, 2013 00:05 |
|
CuddleChunks posted:TOOLS TOOLS TOOLS TOOLS! Fair enough. I've went into System -> Logging, configured a new topic of "interface" as well as "debug" just below it. I'm guessing the results of this debug are supposed to appear in the log through Winbox? It doesn't seem to display any diagnostics after configuring the topic. Same result if I do /log -> print in a new terminal window. Is it because of the logging rules currently configured in the IP -> Firewall?
|
# ¿ May 6, 2013 03:27 |
|
daita posted:19:35:45 interface,info ether1 link down Pretty much. Just as an update, I have to fiddle with the device to get it to connect and pull a lease from the router. Supposedly the device may be overheating (at least the NIC might be) and that's why this problem occurs. I just chalk it up to age and build quality. Sometimes if I erase the DHCP lease, disconnect the patch cable while it's powered on then plug it back in, it will reconnect, grab a lease and then connect at 100M. It is a strange one but unsurprising.
|
# ¿ May 22, 2013 23:23 |
|
CuddleChunks posted:Yeah. The new icons are nifty, it seems to solve some problems with nstreme 2 which is good news. Seems stable though we don't have it in general use across the network yet. I've got the release candidate installed at home and it has been fine. I may update to the full version this weekend or something. Yeah I see they have a new release (6.1) that came out on 6/12. I was going to ask if there are any known issues before upgrading from 5.25.
|
# ¿ Jun 13, 2013 23:55 |
|
Before I bitch to Time Warner again, has anyone heard of common issues with regards to a MikroTik router randomly experiencing packet loss? Just started this past week and I've had to call Time Warner support once already. Connection was experiencing 25-50% packet loss according to the RouterOS ping tool then the whole connection went dead. Overseas support did something to the cable modem that brought it back to normal. Now I'm experiencing the problem again only this time RouterOS is telling me it's around 15-25% packet loss. I'm quick to blame Time Warner for the issue but I just want to make sure there aren't any known random packet loss issues related to the MikroTik equipment.
|
# ¿ Jul 4, 2013 05:10 |
|
Remit posted:None that I am aware of. What are you pinging? Do a tracert and set up smokeping or pingplotter to at least narrow down where the loss is happening. Strangest thing but so far the problem hasn't come back. Last night I was tired of the random packet loss so I started going through hardware. I removed one of the switches connected to a port on the MikroTik but that didn't help. I then even went and measured the voltage from the electrical outlet to the MikroTik and the cable modem. The voltage was where it should be. Unplugged the power strip both devices are connected to from the electrical outlet and plugged it back in so both devices received a full power-cycle. After that I decided to do a ping test from the MikroTik to google.com and the problem never came back. I haven't had any packet loss since. I have no idea what had changed but so far the problem hasn't reappeared. So I don't know if the electrical outlet the power strip is connected to is going bad, or if the power strip was holding a charge causing the device(s) to fail. It just sounds impossible though so I'm at a loss as to what was causing the issue. I had done numerous power-cycles before that and the problem had persisted. PUBLIC TOILET fucked around with this message at 00:36 on Jul 7, 2013 |
# ¿ Jul 7, 2013 00:34 |
|
|
# ¿ Apr 27, 2024 02:37 |
|
Remit posted:Have any queues or interface limits that would cause it? None to my knowledge. I don't recall configuring any limitations on the interfaces or queues.
|
# ¿ Jul 7, 2013 16:54 |