I have problem on Base station similar to this thread: http://forum.mikrotik.com/viewtopic.php?f=7&t=46374 , it seems that my problem is also torrent user's
First I put this rule (10.52.152.0/24 = wireless users network)
Code: Select all
add action=drop chain=forward connection-limit=100,32 disabled=no protocol=tcp \
src-address=10.52.152.0/24
Now i put this firewall rules:
Code: Select all
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=12h \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=\
5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=forward disabled=no dst-port=25 protocol=tcp \
src-address=10.52.152.0/24
add action=accept chain=forward disabled=no dst-port=21 protocol=tcp \
src-address=10.52.152.0/24
add action=accept chain=forward disabled=no dst-port=80 protocol=tcp \
src-address=10.52.152.0/24
add action=accept chain=forward disabled=no dst-port=443 protocol=tcp \
src-address=10.52.152.0/24
add action=accept chain=forward disabled=no dst-port=53 protocol=udp \
src-address=10.52.152.0/24
add action=accept chain=forward disabled=no dst-port=110 protocol=tcp \
src-address=10.52.152.0/24
add action=accept chain=forward disabled=no dst-address=10.52.152.2 \
src-address=10.52.152.0/24
add action=log chain=forward connection-limit=100,32 disabled=no log-prefix="" \
src-address=10.52.152.0/24
add action=log chain=forward connection-limit=100,32 disabled=no dst-address=\
10.52.152.0/24 log-prefix=""
add action=drop chain=forward connection-limit=100,32 disabled=no dst-address=\
10.52.152.0/24
add action=drop chain=forward connection-limit=100,32 disabled=no src-address=\
10.52.152.0/24