Community discussions

MikroTik App
  4. RouterOS
  5. General

cannot download full speed

Post Reply
 
iLinux85
just joined
Topic Author
Posts: 10
Joined: Sun Sep 29, 2013 5:24 pm

cannot download full speed

Tue Jan 07, 2014 5:24 am

Hello

i have two wan from my ISP , each wan have 2048kbps downstream 512kbps upstream

Image

i merge this two wan into mikrotik server so i can have 4096kbps downstream 1024kbps upstream

Image

From ip => hotspot => userprofile ===> i set no limit for specific user

and try to download from my idm it can only download 100kbps

Image

how can i download 400kbps as it before ?

Regards
Top
 
Rudios
Forum Veteran
Forum Veteran
Posts: 973
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: cannot download full speed

Tue Jan 07, 2014 11:47 am

It depends on how you did the loadbalancing.
I've done PCC several times, and you will never get the accumulated speed when using 1 single client.
The complete accumulated speed will be shared between all the devices that are using the connections.
If you want to have the speed together you will need to have a bonding device on both ends of the line, which is highly undoable since the other end resides at your ISP's.
Top
 
nerdtron
Member Candidate
Member Candidate
Posts: 123
Joined: Sat Nov 30, 2013 7:49 am

Re: cannot download full speed

Tue Jan 07, 2014 11:52 am

How did you *merge* the two wan?
Like the above poster said, you can't connect to a server using two different ip (because you have 2 wan).
Try torrentiing and you can see improved results. On normal browsing and file downloads, you can only use one connection at a time.
Load balancing only works by distributing traffic of user on each wan.
Look at the traffic on each WAN interface when you download the file. If possible, post your config.
Top
 
iLinux85
just joined
Topic Author
Posts: 10
Joined: Sun Sep 29, 2013 5:24 pm

Re: cannot download full speed

Tue Jan 07, 2014 2:25 pm

when i disable any of wan my download goes down to half it will be 50kbps not 90kpbs

here is my server config
Code: Select all
  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default disable-running-check=yes disabled=no full-duplex=yes mac-address=00:60:67:71:80:2D mtu=1500 \
    name=WAN2 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes cable-settings=default disable-running-check=yes disabled=no full-duplex=yes mac-address=00:60:67:78:5F:F7 mtu=1500 \
    name=WAN1 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes cable-settings=default disable-running-check=yes disabled=no full-duplex=yes mac-address=00:11:85:E1:A1:DD mtu=1500 \
    name=Lan speed=100Mbps
/interface wireless security-profiles
set [ find default=yes ] authentication-types="" eap-methods=passthrough group-ciphers="" group-key-update=5m interim-update=0s management-protection=disabled \
    management-protection-key="" mode=none name=default radius-eap-accounting=no radius-mac-accounting=no radius-mac-authentication=no radius-mac-caching=\
    disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none \
    static-key-0="" static-key-1="" static-key-2="" static-key-3="" static-sta-private-algo=none static-sta-private-key="" static-transmit-key=key-0 \
    supplicant-identity=MikroTik tls-certificate=none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" wpa2-pre-shared-key=""
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
    name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name="" hotspot-address=192.168.10.1 html-directory=hotspot http-cookie-lifetime=1h http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=hsprof2 \
    rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=d rate-limit="200k/250k 250k/300k 200k/250k 60" shared-users=100 status-autorefresh=1m \
    transparent-proxy=no
	add idle-timeout=none keepalive-timeout=2m name=user rate-limit="200k/250k 250k/300k 200k/250k 60" shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=Lan lease-time=1h name=dhcp1
/ip hotspot
add address-pool=dhcp_pool1 addresses-per-mac=10 disabled=no idle-timeout=5m interface=Lan keepalive-timeout=none name=hotspot1 profile=hsprof2
/port
set 0 baud-rate=9600 data-bits=8 flow-control=hardware name=serial0 parity=none stop-bits=1
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default remote-ipv6-prefix-pool=none use-compression=default use-encryption=default use-ipv6=yes use-mpls=\
    default use-vj-compression=default
set 1 change-tcp-mss=yes name=default-encryption only-one=default remote-ipv6-prefix-pool=none use-compression=default use-encryption=yes use-ipv6=yes \
    use-mpls=default use-vj-compression=default
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=ALL pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 \
    pcq-limit=50 pcq-rate=100k pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
set 6 kind=none name=only-hardware-queue
set 7 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 8 kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Hotspot-UP packet-mark=pacotes_hotspot parent=global-in priority=8 \
    queue=ALL
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 max-limit=0 name=queue2 packet-mark=packet_ip parent=global-out priority=8 queue=\
    default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 max-limit=0 name=queue3 packet-mark=cache parent=global-out priority=8 queue=default
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no ignore-as-path-len=no name=default out-filter="" redistribute-connected=no redistribute-ospf=\
    no redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=ospf-in metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto \
    metric-rip=20 metric-static=20 name=default out-filter=ospf-out redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no redistribute-rip=\
    no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=backbone type=default
/routing ospf-v3 instance
set [ find default=yes ] disabled=no distribute-default=never metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 \
    metric-static=20 name=default redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
    router-id=0.0.0.0
/routing ospf-v3 area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=backbone type=default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 authentication-password="" authentication-protocol=MD5 encryption-password="" encryption-protocol=DES name=public \
    read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=yes name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,api,!ftp,!write,!policy skin=default
set write name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,!ftp,!policy skin=default
set full name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api skin=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=FE:13:52:4F:22:B0 max-mtu=\
    1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=disabled \
    port=443 verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 frames-per-second=25 receive-all=\
    no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 multiple-channels=no only-headers=no receive-errors=no streaming-enabled=no \
    streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.10.1/24 disabled=no interface=Lan network=192.168.10.0
add address=10.0.0.150/24 disabled=no interface=WAN1 network=10.0.0.0
add address=192.168.1.150/24 disabled=no interface=WAN2 network=192.168.1.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address=192.168.10.245 comment=amr disabled=no mac-address=B4:45:40:32:53:2F server=dhcp1
add address=192.168.10.182 client-id=1:0:17:69:22:3e:cb comment=user disabled=no mac-address=00:17:69:22:3E:CB server=dhcp1
/ip dhcp-server network
add address=192.168.10.0/24 dhcp-option="" dns-server=163.121.128.134,4.2.2.2 gateway=192.168.10.1 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=4.2.2.2,163.121.128.134
/ip dns static
add address=127.0.0.1 disabled=no name=http://www.update.microsoft.com ttl=165w3d22h6m56s
add address=127.0.0.1 disabled=no name=www.update.microsoft.com ttl=165w3d22h6m56s
add address=127.0.0.1 disabled=no name=http://download.windowsupdate.com ttl=165w3d22h6m56s
add address=127.0.0.1 disabled=no name=download.windowsupdate.com ttl=165w3d22h6m56s
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
    tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=\
    10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=no
add action=drop chain=output comment="8 connection exe" connection-limit=4,30 content=.exe disabled=no protocol=tcp
add action=drop chain=output comment="8 connection rar" connection-limit=4,30 content=.rar disabled=no protocol=tcp
add action=drop chain=output comment="8 connection zip" connection-limit=4,30 content=.zip disabled=no protocol=tcp
add action=drop chain=output comment="8 connection mp3" connection-limit=4,30 content=.mp3 disabled=no protocol=tcp
add action=drop chain=output comment="8 connection mp4" connection-limit=4,30 content=.mp4 disabled=no protocol=tcp
add action=accept chain=forward comment="allow established connections" connection-state=established disabled=no
add action=accept chain=forward comment="allow related connections" connection-state=related disabled=no
add action=drop chain=forward comment="drop invalid connections" connection-state=invalid disabled=no
add action=accept chain=ICMP disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=ICMP disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=ICMP disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=ICMP comment=ICMP disabled=no protocol=icmp
add action=drop chain=forward connection-state=invalid disabled=no
add action=drop chain=forward connection-limit=80,32 disabled=no protocol=tcp
add action=drop chain=forward disabled=no src-address-type=!unicast
add action=jump chain=forward disabled=no jump-target=ICMP protocol=icmp
add action=jump chain=forward disabled=no jump-target=virus
add action=drop chain=virus disabled=no dst-port=41 protocol=tcp
add action=drop chain=virus disabled=no dst-port=82 protocol=tcp
add action=drop chain=virus disabled=no dst-port=113 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2041 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3150 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3067 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3422 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6667 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6789 protocol=tcp
add action=drop chain=virus disabled=no dst-port=8787 protocol=tcp
add action=drop chain=virus disabled=no dst-port=8879 protocol=tcp
add action=drop chain=virus disabled=no dst-port=8967 protocol=tcp
add action=drop chain=virus disabled=no dst-port=9999 protocol=tcp
add action=drop chain=virus disabled=no dst-port=20034 protocol=tcp
add action=drop chain=virus disabled=no dst-port=21554 protocol=tcp
add action=drop chain=virus disabled=no dst-port=31666 protocol=tcp
add action=drop chain=virus disabled=no dst-port=43958 protocol=tcp
add action=drop chain=virus disabled=no dst-port=999 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6670 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6771 protocol=tcp
add action=drop chain=virus disabled=no dst-port=60000 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2140 protocol=tcp
add action=drop chain=virus disabled=no dst-port=10067 protocol=tcp
add action=drop chain=virus disabled=no dst-port=10167 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3700 protocol=tcp
add action=drop chain=virus disabled=no dst-port=9872-9875 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6883 protocol=tcp
add action=drop chain=virus disabled=no dst-port=26274 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus disabled=no dst-port=47262 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3791 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3801 protocol=tcp
add action=drop chain=virus disabled=no dst-port=65390 protocol=tcp
add action=drop chain=virus disabled=no dst-port=5880-5882 protocol=tcp
add action=drop chain=virus disabled=no dst-port=5888-5889 protocol=tcp
add action=drop chain=virus disabled=no dst-port=30100-30103 protocol=tcp
add action=drop chain=virus disabled=no dst-port=30133 protocol=tcp
add action=drop chain=virus disabled=no dst-port=7300-7301 protocol=tcp
add action=drop chain=virus disabled=no dst-port=7306-7308 protocol=tcp
add action=drop chain=virus disabled=no dst-port=79 protocol=tcp
add action=drop chain=virus disabled=no dst-port=5031 protocol=tcp
add action=drop chain=virus disabled=no dst-port=5321 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6400 protocol=tcp
add action=drop chain=virus disabled=no dst-port=7777 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1047 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6969-6970 protocol=tcp
add action=drop chain=virus comment=SubSeven-1 disabled=no dst-port=2774 protocol=tcp
add action=drop chain=virus comment=SubSeven-2 disabled=no dst-port=27374 protocol=tcp
add action=drop chain=virus comment=SubSeven-3 disabled=no dst-port=1243 protocol=tcp
add action=drop chain=virus comment=SubSeven-4 disabled=no dst-port=1234 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6711-6713 protocol=tcp
add action=drop chain=virus comment=SubSeven-7 disabled=no dst-port=16959 protocol=tcp
add action=drop chain=virus disabled=no dst-port=25685-25686 protocol=tcp
add action=drop chain=virus disabled=no dst-port=25982 protocol=tcp
add action=drop chain=virus disabled=no dst-port=31337-31339 protocol=tcp
add action=drop chain=virus comment=Trojan disabled=no dst-port=8102 protocol=tcp
add action=drop chain=virus comment=WAY.Trojan disabled=no dst-port=8011 protocol=tcp
add action=drop chain=virus comment=Trojan.BingHe disabled=no dst-port=7626 protocol=tcp
add action=drop chain=virus disabled=no dst-port=19191 protocol=tcp
add action=drop chain=virus disabled=no dst-port=23444-23445 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2583 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3024 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4092 protocol=tcp
add action=drop chain=virus disabled=no dst-port=5714 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1010-1012 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1015 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2004-2005 protocol=tcp
add action=drop chain=virus disabled=no dst-port=9878 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2773 protocol=tcp
add action=drop chain=virus disabled=no dst-port=7215 protocol=tcp
add action=drop chain=virus disabled=no dst-port=54283 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1003 protocol=tcp
add action=drop chain=virus disabled=no dst-port=5598 protocol=tcp
add action=drop chain=virus disabled=no dst-port=5698 protocol=tcp
add action=drop chain=virus disabled=no dst-port=31554 protocol=tcp
add action=drop chain=virus disabled=no dst-port=18753 protocol=tcp
add action=drop chain=virus disabled=no dst-port=20432 protocol=tcp
add action=drop chain=virus disabled=no dst-port=65000 protocol=tcp
add action=drop chain=virus disabled=no dst-port=11831 protocol=tcp
add action=drop chain=virus disabled=no dst-port=29559 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1784 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3586 protocol=tcp
add action=drop chain=virus disabled=no dst-port=7609 protocol=tcp
add action=drop chain=virus disabled=no dst-port=12348-12349 protocol=tcp
add action=drop chain=virus disabled=no dst-port=12478 protocol=tcp
add action=drop chain=virus disabled=no dst-port=57922 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3127 protocol=tcp
add action=drop chain=virus disabled=no dst-port=6777 protocol=tcp
add action=drop chain=virus disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2556 protocol=tcp
add action=drop chain=virus disabled=no dst-port=20742 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4751 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus disabled=no dst-port=5238 protocol=tcp
add action=drop chain=virus comment=Worm.Sasser.a disabled=no dst-port=1068 protocol=tcp
add action=drop chain=virus disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus disabled=no dst-port=9996 protocol=tcp
add action=drop chain=virus comment=Worm.Sasser.d disabled=no dst-port=9995 protocol=tcp
add action=drop chain=virus disabled=no dst-port=10168 protocol=tcp
add action=drop chain=virus disabled=no dst-port=20808 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1092 protocol=tcp
add action=drop chain=virus disabled=no dst-port=20168 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1363-1364 protocol=tcp
add action=drop chain=virus comment=screen.cast disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus comment=cichainlid disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus disabled=no dst-port=8888 protocol=tcp
add action=drop chain=virus disabled=no dst-port=44444 protocol=udp
add action=drop chain=virus disabled=no dst-port=8998 protocol=udp
add action=drop chain=virus comment=Worm.Sobig.f-1 disabled=no dst-port=123 protocol=udp
add action=drop chain=virus disabled=no dst-port=3198 protocol=tcp
add action=drop chain=virus disabled=no dst-port=139 protocol=tcp
add action=drop chain=virus disabled=no dst-port=135 protocol=tcp
add action=drop chain=virus disabled=no dst-port=445 protocol=tcp
add action=accept chain=forward disabled=no
add action=accept chain=input disabled=no
add action=drop chain=input disabled=no
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" disabled=no dst-port=135-139 protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214 protocol=tcp
add action=drop chain=virus comment="ndm requester" disabled=no dst-port=1363 protocol=tcp
add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 protocol=tcp
add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 protocol=tcp
add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=3127-3128 protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=10080 protocol=tcp
add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=no dst-port=65506 protocol=tcp
add action=jump chain=forward comment="jump to the virus chain" disabled=no jump-target=virus
/ip firewall mangle
add action=mark-connection chain=input disabled=no hotspot=auth in-interface=WAN1 new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=input disabled=no hotspot=auth in-interface=WAN2 new-connection-mark=wan2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=wan1_conn disabled=no hotspot=auth new-routing-mark=WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=wan2_conn disabled=no hotspot=auth new-routing-mark=WAN2 passthrough=yes
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=Lan new-connection-mark=wan1_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=Lan new-connection-mark=wan2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no hotspot=auth in-interface=Lan new-routing-mark=WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no hotspot=auth in-interface=Lan new-routing-mark=WAN2 passthrough=yes
add action=mark-connection chain=prerouting comment="HotSpot Down" disabled=no new-connection-mark=conn_hotspot passthrough=yes protocol=tcp src-port=\
    64872-64875
add action=mark-connection chain=output disabled=no new-connection-mark=conn_hotspot passthrough=yes protocol=tcp src-port=64872-64875
add action=mark-connection chain=input disabled=no new-connection-mark=conn_hotspot passthrough=yes protocol=tcp src-port=64872-64875
add action=mark-packet chain=prerouting connection-mark=conn_hotspot disabled=no new-packet-mark=pacotes_hotspot passthrough=no
add action=mark-packet chain=output connection-mark=conn_hotspot disabled=no new-packet-mark=pacotes_hotspot passthrough=yes
add action=mark-packet chain=input connection-mark=conn_hotspot disabled=no new-packet-mark=pacotes_hotspot passthrough=yes
add action=mark-connection chain=postrouting comment="QoS OF PING" disabled=yes new-connection-mark=ping-ip passthrough=yes protocol=icmp
add action=mark-packet chain=postrouting comment="QoS OF PING" connection-mark=ping-ip disabled=yes new-packet-mark=packet_ip passthrough=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat disabled=no src-address=192.168.10.0/24 to-addresses=0.0.0.0
add action=redirect chain=dstnat disabled=yes dst-port=80 protocol=tcp to-addresses=0.0.0.0 to-ports=8080
add action=masquerade chain=srcnat disabled=no out-interface=WAN1
add action=masquerade chain=srcnat disabled=no out-interface=WAN2
add action=masquerade chain=srcnat disabled=no
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot ip-binding
add address=192.168.10.200 comment="acses shapsy" disabled=no server=hotspot1 to-address=192.168.10.200 type=bypassed
add address=192.168.10.220 comment=polit disabled=no server=hotspot1 to-address=192.168.10.220 type=bypassed
add address=192.168.10.244 comment=abdo disabled=yes server=hotspot1 to-address=192.168.10.244 type=bypassed
add address=192.168.10.44 disabled=no mac-address=00:13:8F:30:5E:48 server=hotspot1 to-address=192.168.10.44 type=bypassed
add address=192.168.10.221 comment=ersal disabled=no server=hotspot1 to-address=192.168.10.221 type=bypassed
add address=192.168.10.222 comment="estkbal adel" disabled=no server=hotspot1 to-address=192.168.10.222 type=bypassed
add address=192.168.10.223 comment=moner disabled=no server=hotspot1 to-address=192.168.10.223 type=bypassed
add address=192.168.10.225 comment=refay disabled=no server=hotspot1 to-address=192.168.10.225 type=bypassed
add address=192.168.10.203 disabled=no mac-address=00:13:8F:8E:6C:0B server=hotspot1 to-address=192.168.10.203 type=bypassed
add address=192.168.10.245 comment=amr disabled=no mac-address=B4:45:40:32:53:2F server=hotspot1 to-address=192.168.10.245 type=bypassed
add address=192.168.10.229 comment=hantery disabled=no server=hotspot1 to-address=192.168.10.229 type=bypassed
add address=192.168.10.230 comment=khalifa disabled=no server=hotspot1 to-address=192.168.10.230 type=bypassed
add address=192.168.10.254 disabled=no mac-address=D8:5D:4C:A3:25:81 server=hotspot1 to-address=192.168.10.254
add address=192.168.10.235 comment="gar refay" disabled=no server=hotspot1 to-address=192.168.10.235 type=bypassed
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add disabled=no name=user password=00000 profile=user server=hotspot1
/ip neighbor discovery
set WAN2 disabled=no
set WAN1 disabled=no
set Lan disabled=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=8 cache-on-disk=yes enabled=no max-cache-size=13000000KiB max-client-connections=1000 \
    max-fresh-time=2d max-server-connections=1000 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=10.0.0.150
/ip proxy access
add action=deny comment="block telnet & spam e-mail relaying" disabled=no dst-port=23-25
/ip proxy cache
add action=deny disabled=no dst-host=":cgi-bin \\\?" dst-port="" local-port=""
add action=deny disabled=no dst-port="" path=*.exe
add action=deny disabled=no dst-port="" path=*.rmvb
add action=deny disabled=no dst-port="" path=*.zip
add action=deny disabled=no dst-port="" path=*.rar
add action=deny disabled=no dst-port="" path=*.avi
add action=deny disabled=no dst-port="" path=*.doc
add action=deny disabled=no dst-port="" path=*.flv
add action=deny disabled=no dst-port="" path=*.3gp
add action=deny disabled=no dst-port="" path=*.mp4
add action=deny disabled=no dst-port="" path=*.mp3
add action=deny disabled=no dst-port="" path=*.wav
add action=deny disabled=no dst-port="" path=*.wmv
add action=deny disabled=no dst-port="" path=*.wma
add action=deny disabled=no dst-port="" path=*.msi
add action=deny disabled=no dst-port="" path=*.mpeg
add action=deny disabled=no dst-port="" path=*.mpe
add action=deny disabled=no dst-port="" path=*.rm
add action=deny disabled=no dst-port="" path=*.ram
add action=deny disabled=no dst-port="" path=*.img
add action=deny disabled=no dst-port="" path=*.bin
add action=deny disabled=no dst-port="" path=*update.microsoft.com
add action=deny disabled=no dst-port="" path=*download.windowsupdate.com
add action=deny disabled=no dst-port="" path=*voice2page.com
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.0.0.138 routing-mark=WAN1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.254 routing-mark=WAN2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.0.0.138 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.254 scope=30 target-scope=10
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/ipv6 nd
set [ find default=yes ] advertise-dns=no advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all managed-address-configuration=no mtu=\
    unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 use-explicit-null=\
    no
/port firmware
set directory=firmware ignore-directip-modem=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set WAN2 queue=ethernet-default
set WAN1 queue=ethernet-default
set Lan queue=ethernet-default
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s multiplier=5
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m gateway-selection=no-gateway origination-interval=5s preferred-gateway=0.0.0.0 timeout=1m \
    ttl=50
/routing pim
set switch-to-spt=yes switch-to-spt-bytes=0 switch-to-spt-interval=1m40s
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no routing-table=main timeout-timer=3m update-timer=30s
/routing ripng
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no timeout-timer=3m update-timer=30s
/snmp
set contact=";;;;;;;;;;;;;;;;;;;;" enabled=no engine-id="" location=..................................................... trap-generators="" trap-target="" \
    trap-version=1
/system clock
set time-zone-name=Africa/Cairo
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/1970 00:00:00" time-zone=+00:00
/system console
set [ find port=serial0 ] channel=0 disabled=no port=serial0 term=vt102
set [ find vcno=1 ] channel=0 disabled=no term=linux
set [ find vcno=2 ] channel=0 disabled=no term=linux
set [ find vcno=3 ] channel=0 disabled=no term=linux
set [ find vcno=4 ] channel=0 disabled=no term=linux
set [ find vcno=5 ] channel=0 disabled=no term=linux
set [ find vcno=6 ] channel=0 disabled=no term=linux
set [ find vcno=7 ] channel=0 disabled=no term=linux
set [ find vcno=8 ] channel=0 disabled=no term=linux
/system console screen
set blank-interval=10min line-count=25
/system gps
set channel=0 enabled=no set-system-time=no
/system hardware
set multi-cpu=yes
/system health
set state-after-reboot=enabled
/system identity
set name=MikroTik
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set Lan disabled=yes display-time=5s
set WAN1 disabled=yes display-time=5s
set WAN2 disabled=yes display-time=5s
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=192.43.244.18 secondary-ntp=0.0.0.0
/system ntp server
set broadcast=no broadcast-addresses="" enabled=no manycast=yes multicast=no
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
set 5 cpu=auto
set 6 cpu=auto
set 7 cpu=auto
set 8 cpu=auto
set 9 cpu=auto
set 10 cpu=auto
set 11 cpu=auto
set 12 cpu=auto
/system scheduler
add disabled=no interval=1m name=ip on-event=ip policy=reboot,read,write,policy,test,password,sniff,sensitive start-time=startup
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=10
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 starttls=no user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
/tool mac-server
set [ find default=yes ] disabled=no interface=all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol="" filter-mac-address="" filter-mac-protocol="" filter-port="" filter-stream=yes \
    interface=all memory-limit=100KiB memory-scroll=yes only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin parent=admin password="" paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no permissions=owner \
    signup-allowed=no time-zone=-00:00
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s use-radius=no
Top
 
iLinux85
just joined
Topic Author
Posts: 10
Joined: Sun Sep 29, 2013 5:24 pm

Re: cannot download full speed

Wed Jan 08, 2014 5:52 am

any help ??
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 115 guests
  4. RouterOS
  5. General