CCR1009-7G-1C-1S+PC Slow Upload

beargfr · June 25, 2019, 1:47am

Brand new Mikrotik user here, CCR1009-7G-1C-1S+PC. My ISP connection is 20/20 Mbps (point to point wifi - I live in a rural area and that’s all that’s available). When I run speedtest.net, I get the full rated speeds on downloads but only about half-speed on uploads. I’m positive the problem is in the router, because I can switch back to my previous less-expensive and less capable router (TP-Link ER6020 - Version 1) and it runs at rated speeds in both directions. I’ve been experimenting with config settings but so far haven’t found the magic bullet. I’m running two static WAN IP’s configured on ether1 and ether 2 respectively. The remaining ports are configured as bridge1 (currently not using the combo port at all). Fastpath is enabled on the bridge. Surely this router ought to be able to run circles around my old tp-link? I probably am missing something in the configuration, but where should I be looking?
Thanks,
Bear

# jun/24/2019 20:45:26 by RouterOS 6.44.3
# software id = ZALE-QXTI
#
# model = CCR1009-7G-1C
# serial number = A7E00A468BFC
/interface bridge
add forward-delay=20s mtu=1500 name=bridge1
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
/interface list
add name=WAN
add name=LAN
add name=WAN-ALL
add name=WAN1
add name=WAN2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/system logging action
set 3 remote=192.168.2.33 src-address=192.168.2.4
add bsd-syslog=yes name=SyslogWatcher remote=192.168.2.33 src-address=192.168.2.4 target=remote
/interface bridge port
add bridge=bridge1 interface=LAN
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether1 list=WAN-ALL
add interface=ether2 list=WAN-ALL
add interface=ether1 list=WAN1
add interface=ether2 list=WAN2
/ip address
add address=192.168.2.1/24 interface=bridge1 network=192.168.2.0
add address=107.178.1.54/30 interface=ether1 network=107.178.1.52
add address=107.178.1.58/30 interface=ether2 network=107.178.1.56
add address=192.168.2.4/24 interface=ether3 network=192.168.2.0
/ip cloud
set update-time=no
/ip dhcp-client
add dhcp-options=hostname,clientid interface=combo1
/ip dns
set servers=192.168.2.33,192.168.2.35,8.8.8.8
/ip firewall address-list
add address=107.178.1.54 comment="Our public WAN IP addresses" list=WAN-ALL
add address=192.168.2.0/24 comment="Local LAN addresses" list=LAN
add address=192.168.0.0/16 list=reserved-addresses
add address=0.0.0.0/8 list=reserved-addresses
add address=172.16.0.0/12 list=reserved-addresses
add address=10.0.0.0/8 list=reserved-addresses
add address=169.254.0.0/16 list=reserved-addresses
add address=127.0.0.0/8 list=reserved-addresses
add address=224.0.0.0/4 list=reserved-addresses
add address=198.18.0.0/15 list=reserved-addresses
add address=192.0.0.0/24 list=reserved-addresses
add address=192.0.2.0/24 list=reserved-addresses
add address=198.51.100.0/24 list=reserved-addresses
add address=203.0.113.0/24 list=reserved-addresses
add address=100.64.0.0/10 list=reserved-addresses
add address=240.0.0.0/4 list=reserved-addresses
add address=192.88.99.0/24 list=reserved-addresses
add address=107.178.1.58 comment="Our public WAN IP addresses" list=WAN-ALL
add address=192.168.2.0/24 list=manage-router
/ip firewall filter
add action=fasttrack-connection chain=forward comment="Enable fasttrack for established+related connections" connection-state=established,related
add action=accept chain=forward comment="Accept for established+related connections" connection-state=established,related
add action=drop chain=forward comment="Drop invalid connections" connection-state=invalid in-interface-list=WAN-ALL log=yes log-prefix=DROP:InvalidConnectState
add action=drop chain=forward comment="Drop outbound LAN packets to external private address blocks" dst-address-list=reserved_addresses in-interface=bridge1 log=\
    yes log-prefix=DROP:SendReservedAddr
add action=drop chain=forward comment="Drop incoming non-NATed packets" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN-ALL log=yes \
    log-prefix=DROP:NonNATedInbound
add action=drop chain=forward comment="Drop inbound external packets from private address blocks" in-interface-list=WAN-ALL log=yes log-prefix=\
    DROP:InboundReservedAddr src-address-list=reserved_addresses
add action=drop chain=forward comment="Drop outbound packets from non-LAN addresses" in-interface=bridge1 log=yes log-prefix=DROP:OutboundNonLAN src-address-list=\
    !LAN
add action=accept chain=input comment="Accept established+related connections" connection-state=established,related
add action=accept chain=input comment="Accept LAN addresses" src-address-list=manage-router
add action=accept chain=input comment="Accept ICMP traffic" protocol=icmp
add action=drop chain=input comment="Block everything else"
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 to-addresses=107.178.1.54
add action=src-nat chain=srcnat out-interface=ether2 to-addresses=107.178.1.58
add action=dst-nat chain=dstnat comment=HTTP dst-address-list=WAN-ALL dst-port=80 protocol=tcp to-addresses=192.168.2.33-192.168.2.35
add action=dst-nat chain=dstnat comment=FTP dst-address-list=WAN-ALL dst-port=20-21 protocol=tcp to-addresses=192.168.2.33
add action=dst-nat chain=dstnat comment=DNS dst-address-list=WAN-ALL dst-port=53 protocol=tcp to-addresses=192.168.2.33-192.168.2.35
add action=dst-nat chain=dstnat comment=DNS dst-address-list=WAN-ALL dst-port=53 protocol=udp to-addresses=192.168.2.33-192.168.3.35
add action=dst-nat chain=dstnat comment=IMAP dst-address-list=WAN-ALL dst-port=143 protocol=tcp to-addresses=192.168.2.33
add action=dst-nat chain=dstnat comment=IMAP-SSL dst-address-list=WAN-ALL dst-port=993 protocol=tcp to-addresses=192.168.2.33
add action=dst-nat chain=dstnat comment=SMTP dst-address-list=WAN-ALL dst-port=25 protocol=tcp to-addresses=192.168.2.33
add action=dst-nat chain=dstnat comment=SMTP-SSL dst-address-list=WAN-ALL dst-port=465 protocol=tcp to-addresses=192.168.2.33
add action=dst-nat chain=dstnat comment=HTTPS dst-address-list=WAN-ALL dst-port=443 protocol=tcp to-addresses=192.168.2.33
add action=dst-nat chain=dstnat comment=VPN-PPTP-TCP dst-address-list=WAN-ALL dst-port=1723 protocol=tcp to-addresses=192.168.2.33
add action=dst-nat chain=dstnat comment=VPN-PPTP-TCP dst-address-list=WAN-ALL dst-port=1723 protocol=udp to-addresses=192.168.2.33
add action=dst-nat chain=dstnat comment=Unifi-Controller dst-address-list=WAN-ALL dst-port=8443 protocol=tcp to-addresses=192.168.2.35
add action=dst-nat chain=dstnat comment=GARNAS001 dst-address-list=WAN-ALL dst-port=44300 protocol=tcp to-addresses=192.168.2.84
add action=dst-nat chain=dstnat comment=GARNAS001 dst-address-list=WAN-ALL dst-port=44300 protocol=udp to-addresses=192.168.2.84
add action=dst-nat chain=dstnat comment=VPN-L2TP-4500 dst-address-list=WAN-ALL dst-port=4500 protocol=udp to-addresses=192.168.2.114
add action=dst-nat chain=dstnat comment=VPN-L2TP-500 dst-address-list=WAN-ALL dst-port=500 protocol=udp to-addresses=192.168.2.114
add action=dst-nat chain=dstnat comment=Exchange dst-address-list=WAN-ALL dst-port=587 protocol=tcp to-addresses=192.168.2.33
add action=dst-nat chain=dstnat comment=Exchange dst-address-list=WAN-ALL dst-port=587 protocol=udp to-addresses=192.168.2.33
add action=dst-nat chain=dstnat comment=PlexMediaServer dst-address-list=WAN-ALL dst-port=32400 protocol=udp to-addresses=192.168.2.84
add action=dst-nat chain=dstnat comment=PlexMediaServer dst-address-list=WAN-ALL dst-port=32400 protocol=tcp to-addresses=192.168.2.84
add action=dst-nat chain=dstnat comment="SRV01 RDP" dst-address-list=WAN-ALL dst-port=8933 protocol=tcp to-addresses=192.168.2.33 to-ports=3389
add action=dst-nat chain=dstnat comment="Laura RDP" dst-address-list=WAN-ALL dst-port=8963 protocol=tcp to-addresses=192.168.2.63 to-ports=3389
add action=dst-nat chain=dstnat comment="SRV02 RDP" dst-address-list=WAN-ALL dst-port=8935 protocol=tcp to-addresses=192.168.2.35 to-ports=3389
add action=dst-nat chain=dstnat comment="DADASUS RDP" dst-address-list=WAN-ALL dst-port=8928 protocol=tcp to-addresses=192.168.2.28 to-ports=3389
add action=dst-nat chain=dstnat comment="SRV03 RDP" dst-address-list=WAN-ALL dst-port=8910 protocol=tcp to-addresses=192.168.2.110 to-ports=3389
add action=dst-nat chain=dstnat comment="MyCloud SSL" dst-address-list=WAN-ALL dst-port=10443 protocol=tcp to-addresses=192.168.2.10 to-ports=443
add action=dst-nat chain=dstnat comment=MyCloud dst-address-list=WAN-ALL dst-port=8010 protocol=tcp to-addresses=192.168.2.10 to-ports=80
add action=dst-nat chain=dstnat comment="FTP Herc" dst-address-list=WAN-ALL dst-port=39020-39021 protocol=tcp to-addresses=192.168.2.211 to-ports=20-21
add action=dst-nat chain=dstnat comment="Hercules 3270" dst-address-list=WAN-ALL dst-port=32700 protocol=tcp to-addresses=192.168.2.33 to-ports=3270
add action=dst-nat chain=dstnat comment=Vuze dst-address-list=WAN-ALL dst-port=63324 protocol=tcp to-addresses=192.168.2.28
add action=dst-nat chain=dstnat comment=Vuze dst-address-list=WAN-ALL dst-port=63324 protocol=udp to-addresses=192.168.2.28
/ip route
add distance=1 gateway=107.178.1.57
add distance=1 gateway=107.178.1.53
/ip service
set telnet address=192.168.2.0/24
set ftp address=192.168.2.0/24
set www address=192.168.2.0/24
set ssh address=192.168.2.0/24
set www-ssl address=192.168.2.0/24 disabled=no
set api address=192.168.2.0/24
set winbox address=192.168.2.0/24
set api-ssl address=192.168.2.0/24
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote strong-crypto=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
add interface=ether2 type=external
/system clock
set time-zone-name=America/Chicago
/system identity
set name="MikroTik Router"
/system logging
add action=SyslogWatcher topics=info
add action=SyslogWatcher topics=error
add action=SyslogWatcher topics=warning
add action=SyslogWatcher topics=critical
/system ntp client
set enabled=yes primary-ntp=192.168.2.33 server-dns-names=srv.garrettfamily.us,pool.ntp.org

/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

beargfr · July 1, 2019, 2:04pm

Still looking for help on this…