Community discussions

MUM Europe 2020

Search found 11 matches

by Inigma
Fri Jul 19, 2019 11:20 pm
Forum: General
Topic: Firewall Causing Low Throughput
Replies: 19
Views: 1891

Re: Fir2ewall Causing Low Throughput

I'm afraid you'll have to dedicate a couple of hours during night or weekend to an upgrade of the machine. Yeah, fair enough. Okay, thanks for the recommendation, I'll go ahead and suggest this to the boss and reply back with hopefully successful results! Thanks again for all your help in this, it'...
by Inigma
Fri Jul 19, 2019 12:25 am
Forum: General
Topic: Firewall Causing Low Throughput
Replies: 19
Views: 1891

Re: Firewall Causing Low Throughput

And, stupid question, have you zeroed all the packet/byte counters after adding the ! to the first rule? Yeah, I had. I was watching the vlan 99 packets go up and up whilst the first rule had nothing going through it. # /interface ethernet set 0 arp=enabled auto-negotiation=yes disabled=yes full-du...
by Inigma
Thu Jul 18, 2019 11:12 pm
Forum: General
Topic: Firewall Causing Low Throughput
Replies: 19
Views: 1891

Re: Firewall Causing Low Throughput

So, I've noticed that the number indicating bytes/packets aren't increasing all that much on first mangle rule "if a packet already belongs to a connection, then go straight to packet marking". In fact in total, I have 4.3GiB on this rule vs 14.4Gib on Eth2 mark packets on upload alone. If I create ...
by Inigma
Wed Jul 17, 2019 10:15 am
Forum: General
Topic: Firewall Causing Low Throughput
Replies: 19
Views: 1891

Re: Firewall Causing Low Throughput

Thanks so much for taking the time to get back to me! First rule, first mistake which ruins the whole concept. It should have been add action=jump chain=prerouting comment="If a packet already belongs to a marked connection, then go to packet marking." connection-mark=!no-mark disabled=no jump-targe...
by Inigma
Wed Jul 17, 2019 1:57 am
Forum: General
Topic: Firewall Causing Low Throughput
Replies: 19
Views: 1891

Re: Firewall Causing Low Throughput

Hi, sorry for the super late reply, I went on leave. So, I went through what you have said and have made the following changes to mangle: add action=jump chain=prerouting comment="If a packet already belongs to a marked connection, then go to packet marking." connection-mark=no-mark disabled=no jump...
by Inigma
Tue Jul 02, 2019 11:58 pm
Forum: General
Topic: Firewall Causing Low Throughput
Replies: 19
Views: 1891

Re: Firewall Causing Low Throughput

Wow, thanks heaps for looking through all that! There's a lot to unpack there. A few questions: Will changing the mangle rules, as you have stated, cause down time? i.e. should I be scheduling to do this outside of business hours? You've stated "It's up to you which approach suits you best". Do you ...
by Inigma
Tue Jul 02, 2019 12:47 pm
Forum: General
Topic: Firewall Causing Low Throughput
Replies: 19
Views: 1891

Re: Firewall Causing Low Throughput

Okay so here it is, hopefully helpful, there's heaps to go through, though! I will post the CPU info tomorrow, once I'm at work! Thanks all! # jul/02/2019 19:39:12 by RouterOS 5.14 # software id = 8P8D-PQK5 # /interface ethernet set 0 arp=enabled auto-negotiation=yes disabled=yes full-duplex=yes l2m...
by Inigma
Tue Jul 02, 2019 10:47 am
Forum: General
Topic: Firewall Causing Low Throughput
Replies: 19
Views: 1891

Re: Firewall Causing Low Throughput

I'm afraid efficiency with rules won't help much as you also use queues. On the other hand, I hesitate to believe that 1100 AHx2 would be that weak, can you post your configuration following the anonymisation hint in my automatic signature? I can post the config, though it's something like 3667 lin...
by Inigma
Tue Jul 02, 2019 10:13 am
Forum: General
Topic: Firewall Causing Low Throughput
Replies: 19
Views: 1891

Re: Firewall Causing Low Throughput

please mention Router type, Firewall packages are handled by the CPU, so on slower CPU models you might not get wire speed on your firewalled connection. Sorry! It's an RB1100AHx2. So since it's handled by the cpu, how could I offload some of the rules, is there a way to be more efficient with the ...
by Inigma
Tue Jul 02, 2019 5:36 am
Forum: General
Topic: Firewall Causing Low Throughput
Replies: 19
Views: 1891

Firewall Causing Low Throughput

Hi all We currently have a 500Mbps connection running in to our building. I have tested directly from the ONT and we are getting 500Mbps exactly, but once I patch in to the router, I'm getting max 300Mbps but usually around 220 down and 150 up. We do have a lot of filter rules (around 140 or so) but...
by Inigma
Mon May 13, 2019 2:01 am
Forum: Beginner Basics
Topic: Port still closed after forwarding
Replies: 4
Views: 538

Port still closed after forwarding

Hi all Yet another post about failed port forwarding :) I've read a bunch of the other posts and none have helped so far. Here is what I'm trying to do: Open ports 9000-9002 for vlan 300 network 192.168.100.0/24 on our firewall. Here is the rule I have in the web gui at the moment: Filter Rules ENAB...