Hi Paul, thanks - I’ll give that a try at the sites where I’m still having issues. Ben On 28 Oct 2014, at 8:35 am, Paul Julian <paul@oxygennetworks.com.au> wrote:
Hi Ben, at 1452 this could still be too high, this is assuming that your ISP is running a true 1500 byte MTU on their network, I usually go with an MTU of 1480 to play it safe and an MSS of 1440, it seems to be a reliable combination.
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Ben Jackson Sent: Monday, 27 October 2014 8:39 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] ADSL: The Sequel
Hi Mike,
I always set the only allowed subnet via winbox to be the internal LAN, and we would only ever connect from the internal LAN. I've tested this setting thouroughly and I know my rule is OK, so I don't believe this is the problem. This has also happened on routers that I haven't personally set up, and that don't have that rule in the firewall config.
Regarding MTU, I have done exactly as you guys have mentioned with the mangle rule, testing the maximum packet size using ping with the do not fragment bit set, normally this comes out to be 1452, however I am still having problems with some of my clients.
I'm starting to think perhaps I have just had a run of bad luck with crappy ADSL lines on residential customer sites.
Ben
On 27 Oct 2014, at 2:18 pm, Mike Everest <mike@duxtel.com> wrote:
Hi!
1) Any idea why a routerboard which has not had an admin password assigned to it would suddenly not accept the blank password and give a "incorrect password" error through winbox? Firewall rules were in place to only allow ip addressed from the internal LAN to connect so I'm pretty sure they weren't hacked and the password changed.
Allowed addresses? If you set allowed address attribute for user, then when attempt to access from some other address will fail as if bad credentials. Watch out for '0.0.0.0' instead of '0.0.0.0/0'! ;-)
2) ADSL and MikroTik - the ongoing saga. I was following with much interest the recent thread started by Mike about which ADSL modem to use. Seems the TP-Link 8817 is the one to go for, however I have tried this modem in various installs and have still has intermittent slowness and just plain weird packet loss / latency.
Check MTU on pppoe client? Sometimes MTU discovery can be broken by bad bridges on ISP access network causing unexpected fragmentation of pppoe packets. Try reducing MTU on your pppoe session like so:
/ip firewall mangle add protocol=tcp tcp-flags=syn action=change-mss new-mss=<new-size> chain=forward out-interface=<interface-name>
Change '<interface-name>' for the actual interface, e.g. 'pppoe-out1' Change '<new-size>' for a smaller value, start with something VERY small, like 1300 and then work your way up again until it breaks.
Cheers!
Mike.
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au