Archive for the ‘routers’ Category
Posted by jpluimers on 2017/06/06
The WAN sides of my Mikrotik CCR1009 are partly behind Fritz!Box routers that do NAT and contain a truckload of port-forwards.
A while ago, I wanted the CCR1009 to do PPTP as Fritz!Box 7360 and 7490: static routes over VPN don’t work (so I could only VPN to the WAN side of the CCR1009). However, it would not pass through the Fritz!Box from the outside.
It appears you need to forward both:
Maybe one day I will ditch the Fritz!Box 7490 and directly hookup the Mikrotik to the NTU: xs4all ftth en Mikrotik router – Google Groups.
But preferably I should follow Don’t use PPTP, and don’t use IPSEC-PSK either (via: CloudCracker blog)
–jeroen
via: VPNs einrichten mit PPTP – administrator.de: Achtung mit PPTP VPN Servern hinter NAT Firewalls !
Forward both PPTP TCP port 1723 and the GRE protocol
Posted in Fritz!, Fritz!Box, Fritz!WLAN, Internet, IPSec, MikroTik, Network-and-equipment, Power User, PPTP, routers, VPN | Leave a Comment »
Posted by jpluimers on 2017/06/02
Just one example; it applies to virtually all consumer IoT and routers I know: upgrading is hard especially if it’s undocumented on how to keep your configuration.
–jeroen
Posted in Internet, IoT Internet of Things, Power User, routers, TomatoUSB | Leave a Comment »
Posted by jpluimers on 2017/05/09
For hooking up SFP and SFP+ ports on Mikrotik devices you basically have two options:
- Direct Access Cable (passive and affordable for 1 and 2 meters; active and more expensive for more than 3 meters)
- SFP/SFP+ modules with LC-LC optic fiber cable in between them (pairs of modules are more expensive than passive DAC, but the fiber is a lot cheaper)
Choosing the SFP/SFP+ modules is a bit intimidating as the MikroTik SFP module compatibility table – MikroTik Wiki has very few details.
Then I found sfp_all-150601132341.pdf (archived) which lists many of the SFP and SFP+ modules including their specifications.
Since neither the matrix nor the PDF contains links to the products, here is a small list of what I could source last year and is compatible with both the CCR1009 routeres and CRS226 switches:
- DAC allowing for two-way traffic compatible with both SFP and SFP+:
- 10G SFP+ modules (I think they are compatible with SFP as well):
- 1G SFP modules:
–jeroen
via: Connect CCR1009 with CSR226 over a longer distance than 3 meter – MikroTik RouterOS
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/04/25
MikroTik has great hardware, but getting things to work can be a bit ehm intimidating.
So here are some links that were useful getting my CCR1009 and CRS226 configurations to do what I wanted.
Read the rest of this entry »
Posted in DNS, Hardware, Internet, IPSec, MikroTik, Network-and-equipment, OpenVPN, Power User, PPTP, routers, VPN, WinBox | Leave a Comment »
Posted by jpluimers on 2017/03/13
I hadn’t done a lot with pfSense in the past, which I regret a bit since I discovered this really cool feature: Sniffers, Packet Capture – PFSenseDocs.
The coolness isn’t so much that you can capture packets, but that it’s compatible with tcpdump and Wireshark (which has become available natively for Mac like 2 years ago).
Which means that you can download captures and open them in Wireshark.
So it’s as easy as 1,2,3:
- Set-up the capture on your router https://a.b.c.d/diag_packet_capture.php and start it
- Stop the capture and download the file
- Open the file in Wireshark or convert it to text using tshark
–jeroen
Posted in *nix, *nix-tools, Internet, Monitoring, pfSense, Power User, routers, tcpdump, Wireshark | Leave a Comment »
Posted by jpluimers on 2017/01/20
For my Link Archive via linux port forwarding to external ip – Google Search:
Need to look at this more closely, but it looks like you need PREROUTING, FORWARD and POSTROUTING and two NATs (DNAT and SNAT), as this graph from Port Forwarding Using iptables – SysTutorials shows:
PACKET IN
|
PREROUTING--[routing]-->--FORWARD-->--POSTROUTING-->--OUT
- nat (dst) | - filter - nat (src)
| |
| |
INPUT OUTPUT
- filter - nat (dst)
| - filter
| |
`----->-----[app]----->------'
–jeroen
Posted in *nix, *nix-tools, Internet, Internet protocol suite, iptables, Linux, openSuSE, Power User, routers, SuSE Linux, TCP | Leave a Comment »
Posted by jpluimers on 2017/01/13
In this tutorial you will learn how to configure pfSense to load balance and fail over traffic from a LAN to multiple Internet connections (WANs) i.e.… – Joe C. Hecht – Google+
Source: In this tutorial you will learn how to configure pfSense to load balance and…
Posted in Internet, pfSense, Power User, routers | Leave a Comment »
Posted by jpluimers on 2016/12/05
Time after time issues pop up related to MAC addresses that start with a4 or a 6.
[WayBack] nanog: Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)
The underlying issue has to do with switches interpreting too much information of (un)encrypted traffic and dropping them because they wrongly think it’s plain ethernet traffic they need to handle.
MAC addresses starting with a 4 or 6 have have a common bit pattern (likekly that fails with 12 and 14 as well) that cause failure in certain network equipment that’s hard to trace as there is limited.
[WayBack] Christian Vogel – Google+ (Physics, Electronics, Software) explains this way better at [WayBack] When your MAC address starts with 4 or 6, weird things can happen and it’s not always fixable… – Kristian Köhntopp – Google+:
Read the rest of this entry »
Posted in Internet, Network-and-equipment, Power User, routers, VPN | Leave a Comment »
Posted by jpluimers on 2016/10/28
Another +ESP8266 gizmo, this time to automatically reboot your router if connection is lost in order to get 24/7 connectivity. – Jean-Luc Aufranc – Google+
Source: Another +ESP8266 gizmo, this time to automatically reboot your router if…
Posted in Internet, Power User, routers | Leave a Comment »
The Wiert Corner - irregular stream of stuff 