High traffic on my network

RouterOS General
1

Good afternoon,

I'm facing a problem with one of my x86, the client has 4MB link for 15 people, for (email, AD and some Accounting software remotely (hostgator)), but since we have replaced the ISP, the client don't stop to complain of slowness on the network.

Here's the config i have implemented (i'm a newbie so please advice all the changes i need to do)

sep/12/2014 18:22:05 by RouterOS 6.17

/interface bridge
add l2mtu=9200 name=bridge1
/interface ethernet
set [ find default-name=ether4 ] name=LANLINK speed=1Gbps
set [ find default-name=ether1 ] name=WANLINK speed=1Gbps
set [ find default-name=ether2 ] speed=1Gbps
set [ find default-name=ether3 ] speed=1Gbps
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=1 name=option1
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
mac-cookie-timeout=3d
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.149
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 lease-time=12h name=dhcp1
/interface bridge port
add bridge=bridge1 interface=LANLINK
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether2
/ip address
add address=197.235.x.x/30 comment="default configuration" interface=
WANLINK network=197.235.x.x
add address=192.168.0.254/24 interface=ether2 network=192.168.0.0
/ip dhcp-server lease
add address=192.168.0.102 client-id=1:2c:59:e5:f1:b:a1 mac-address=
2C:59:E5:F1:0B:A1 server=dhcp1
add address=192.168.0.114 client-id=1:c:84:dc:3e:9:8c mac-address=
0C:84:DC:3E:09:8C server=dhcp1
add address=192.168.0.128 mac-address=C8:D7:19:36:87:6D
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.254 gateway=192.168.0.254
netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.0.254,41.76.145.2,41.76.145.130
/ip firewall address-list
add address=192.168.0.0/24 list=PWVLAN
add address=31.13.80.81 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=69.171.233.33 comment=mqtt.t.facebook.com list=facebook_dns_ips
add address=173.252.107.17 comment=chat.t.facebook.com list=facebook_dns_ips
add address=69.171.245.49 comment=mqtt.t.facebook.com list=facebook_dns_ips
add address=31.13.93.209 comment=chat.t.facebook.com list=facebook_dns_ips
add address=173.252.102.16 comment=mqtt.t.facebook.com list=facebook_dns_ips
add address=173.252.103.16 comment=mqtt.t.facebook.com list=facebook_dns_ips
add address=31.13.81.128 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=173.252.79.23 comment=mqtt.t.facebook.com list=facebook_dns_ips
add address=31.13.109.4 comment=mqtt-sweden.t.facebook.com list=
facebook_dns_ips
add address=173.252.113.2 comment=channel-proxy-07-ash2.facebook.com list=
facebook_dns_ips
add address=31.13.80.65 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.100.11 comment=mqtt-sweden.t.facebook.com list=
facebook_dns_ips
add address=31.13.100.113 comment=mqtt-sweden.t.facebook.com list=
facebook_dns_ips
add address=31.13.24.0/21 list=facebook_dns_ips
add address=31.13.64.0/18 list=facebook_dns_ips
add address=66.220.144.0/20 list=facebook_dns_ips
add address=69.63.176.0/20 list=facebook_dns_ips
add address=69.171.235.48 comment=mqtt.t.facebook.com list=facebook_dns_ips
add address=69.171.224.0/19 list=facebook_dns_ips
add address=74.119.76.0/22 list=facebook_dns_ips
add address=103.4.96.0/22 list=facebook_dns_ips
add address=173.252.64.0/18 list=facebook_dns_ips
add address=204.15.20.0/22 list=facebook_dns_ips
add address=173.252.102.24 comment=channel-proxy-06-ash2.facebook.com list=
facebook_dns_ips
add address=31.13.81.49 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.81.113 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.93.113 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.81.144 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.93.65 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.81.97 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.80.33 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=69.171.248.65 comment=mqtt.t.facebook.com list=facebook_dns_ips
add address=173.252.75.17 comment=chat.t.facebook.com list=facebook_dns_ips
add address=31.13.80.70 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=69.171.233.49 comment=chat.t.facebook.com list=facebook_dns_ips
add address=173.252.106.17 comment=chat.t.facebook.com list=facebook_dns_ips
add address=31.13.81.102 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=31.13.80.49 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.81.38 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=31.13.80.86 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=31.13.80.54 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=31.13.81.149 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=173.252.100.29 comment=z-m.c10r.facebook.com list=
facebook_dns_ips
add address=66.220.152.23 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=31.13.81.118 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=179.60.192.97 comment=star.c10r.facebook.com list=
facebook_dns_ips
add address=69.171.237.25 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=31.13.81.133 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=179.60.192.113 comment=star.c10r.facebook.com list=
facebook_dns_ips
add address=69.171.247.27 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=179.60.192.17 comment=star.c10r.facebook.com list=
facebook_dns_ips
add address=179.60.192.65 comment=star.c10r.facebook.com list=
facebook_dns_ips
add address=69.171.235.19 comment=channel-proxy-13-prn1.facebook.com list=
facebook_dns_ips
add address=31.13.93.81 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.93.177 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=179.60.192.56 comment=atlas.c10r.facebook.com list=
facebook_dns_ips
add address=31.13.93.129 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=179.60.192.49 comment=star.c10r.facebook.com list=
facebook_dns_ips
add address=31.13.93.33 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=179.60.192.129 comment=star.c10r.facebook.com list=
facebook_dns_ips
add address=31.13.93.241 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=69.171.239.11 comment=a.ns.c10r.facebook.com list=
facebook_dns_ips
add address=69.171.255.11 comment=b.ns.c10r.facebook.com list=
facebook_dns_ips
add address=31.13.83.8 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=69.171.239.12 comment=a.ns.facebook.com list=facebook_dns_ips
add address=69.171.255.12 comment=b.ns.facebook.com list=facebook_dns_ips
add address=31.13.81.54 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=31.13.83.6 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=31.13.83.1 comment=atlas.c10r.facebook.com list=facebook_dns_ips
add address=69.171.248.18 comment=channel-proxy-06-frc1.facebook.com list=
facebook_dns_ips
add address=50.62.216.1 comment=frasesnofacebook.com.br list=facebook_dns_ips
add address=31.13.84.38 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=31.13.84.33 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.83.16 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.83.25 comment=instagram.c10r.facebook.com list=
facebook_dns_ips
add address=31.13.99.21 comment=www.connect.t.facebook.com list=
facebook_dns_ips
add address=66.96.147.104 comment=www.facebookentrar.com list=
facebook_dns_ips
add address=173.252.120.8 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=69.171.230.7 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=96.44.184.215 comment=go-facebook.com list=facebook_dns_ips
add address=198.58.93.44 comment="ganadinero-website-facebook-hotmail-twitter-
youtube-blogger.redpoderosa.com" list=facebook_dns_ips
add address=31.13.93.215 comment=instagram.c10r.facebook.com list=
facebook_dns_ips
add address=184.168.221.50 comment=isleofwightfacebook.co.uk list=
facebook_dns_ips
add address=82.165.94.79 comment=findmeonfacebook.com list=facebook_dns_ips
add address=198.252.102.165 comment=masfansenfacebook.net list=
facebook_dns_ips
add address=192.185.175.103 comment=sexofacebook.com list=facebook_dns_ips
add address=31.13.84.32 comment=instagram.c10r.facebook.com list=
facebook_dns_ips
add address=66.220.151.20 comment=ns3.facebook.com list=facebook_dns_ips
add address=69.171.245.32 comment=ns4.facebook.com list=facebook_dns_ips
add address=66.220.145.65 comment=ns5.facebook.com list=facebook_dns_ips
add address=31.13.86.33 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.83.10 comment=instagram.c10r.facebook.com list=
facebook_dns_ips
add address=173.252.107.16 comment=channel-proxy-04-frc3.facebook.com list=
facebook_dns_ips
add address=184.95.41.123 comment=www.megafacebook.com list=facebook_dns_ips
add address=188.40.132.132 comment=buy-facebook-fans.biz list=
facebook_dns_ips
add address=198.187.31.131 comment=naijafacebook.com list=facebook_dns_ips
add address=50.28.61.69 comment=proxysitesforfacebook.pen.io list=
facebook_dns_ips
add address=31.13.86.161 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.86.164 comment=z-1.c10r.facebook.com list=facebook_dns_ips
add address=192.186.196.230 comment=
marketing-craigslist-facebook-twitter-youtube-ebay.info list=
facebook_dns_ips
add address=66.96.147.113 comment=www.vufacebook.com list=facebook_dns_ips
add address=5.9.24.86 comment=www.facebooki.ir list=facebook_dns_ips
add address=31.13.86.167 comment=instagram.c10r.facebook.com list=
facebook_dns_ips
add address=50.23.136.174 comment=ns1.facebookns.com list=facebook_dns_ips
add address=50.23.136.229 comment=ns1.facebookns.com list=facebook_dns_ips
add address=50.23.136.230 comment=ns1.facebookns.com list=facebook_dns_ips
add address=50.23.136.173 comment=ns1.facebookns.com list=facebook_dns_ips
add address=50.23.75.96 comment=ns2.facebookns.com list=facebook_dns_ips
add address=50.23.75.97 comment=ns2.facebookns.com list=facebook_dns_ips
add address=50.23.75.44 comment=ns2.facebookns.com list=facebook_dns_ips
add address=50.23.75.45 comment=ns2.facebookns.com list=facebook_dns_ips
add address=67.15.253.220 comment=ns3.facebookns.com list=facebook_dns_ips
add address=67.15.47.188 comment=ns3.facebookns.com list=facebook_dns_ips
add address=67.15.47.189 comment=ns3.facebookns.com list=facebook_dns_ips
add address=67.15.253.219 comment=ns3.facebookns.com list=facebook_dns_ips
add address=184.173.150.57 comment=ns4.facebookns.com list=facebook_dns_ips
add address=184.173.150.58 comment=ns4.facebookns.com list=facebook_dns_ips
add address=184.173.149.221 comment=ns4.facebookns.com list=facebook_dns_ips
add address=31.13.83.65 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.86.65 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=173.252.112.28 comment=z-m.c10r.facebook.com list=
facebook_dns_ips
add address=31.13.83.71 comment=instagram.c10r.facebook.com list=
facebook_dns_ips
add address=31.13.81.33 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.86.70 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=188.93.150.91 comment=www.facebooksite.nl list=facebook_dns_ips
add address=31.13.81.32 comment=instagram.c10r.facebook.com list=
facebook_dns_ips
add address=173.252.110.22 comment=z.c10r.facebook.com list=facebook_dns_ips
add address=212.27.63.127 comment=appfacebook.chez.com list=facebook_dns_ips
add address=173.252.110.29 comment=z-m.c10r.facebook.com list=
facebook_dns_ips
add address=104.28.0.52 comment=ehackfacebook.net list=facebook_dns_ips
add address=104.28.1.52 comment=ehackfacebook.net list=facebook_dns_ips
add address=104.28.11.20 comment=imagenparaelfacebook.com list=
facebook_dns_ips
add address=104.28.10.20 comment=imagenparaelfacebook.com list=
facebook_dns_ips
add address=74.208.61.240 comment=www.tamilfacebook.com list=facebook_dns_ips
add address=173.252.120.7 comment=z.c10r.facebook.com list=facebook_dns_ips
add address=162.251.84.103 comment=mfacebook.in list=facebook_dns_ips
add address=31.13.91.49 comment=star.c10r.facebook.com list=facebook_dns_ips
add address=31.13.91.55 comment=instagram.c10r.facebook.com list=
facebook_dns_ips
add address=50.62.98.1 comment=asgifacebook.com list=facebook_dns_ips
add address=193.238.27.24 comment=pirateruncomptefacebookcmd.page.tl list=
facebook_dns_ips
add address=38.126.102.114 comment=www.insidefacebook.com list=
facebook_dns_ips
add address=173.252.73.51 comment=z-m.c10r.facebook.com list=facebook_dns_ips
add address=192.241.142.203 comment=www.facebookog.com list=facebook_dns_ips
add address=173.192.215.131 comment=msgparafacebook.org list=facebook_dns_ips
add address=31.13.93.183 comment=instagram.c10r.facebook.com list=
facebook_dns_ips
add address=92.222.108.224 comment=tchat-facebook.fr list=facebook_dns_ips
add address=199.204.44.240 comment=hkfacebook.com list=facebook_dns_ips
add address=184.173.149.222 comment=ns4.facebookns.com list=facebook_dns_ips
add address=72.10.36.93 comment=www.facebook.cowww.middleeasy.com list=
facebook_dns_ips
add address=104.28.9.5 comment=bbs.facebook-game.tw list=facebook_dns_ips
add address=104.28.8.5 comment=bbs.facebook-game.tw list=facebook_dns_ips
add address=50.63.202.39 comment=med-facebook.com list=facebook_dns_ips
add address=209.99.40.223 comment=www.007facebook.com list=facebook_dns_ips
add address=94.23.38.44 comment=epfacebook.eu list=facebook_dns_ips
add address=173.254.28.117 comment=bestfacebookstories.com list=
facebook_dns_ips
add address=148.251.128.237 comment=www.facebook.com.ipaddress.com list=
facebook_dns_ips
/ip firewall filter
add action=drop chain=input connection-state=invalid
add action=drop chain=forward connection-state=invalid
add action=add-src-to-address-list address-list=100-plus-connection
address-list-timeout=1d chain=input comment=
"Add ip after 85 connections (input)" connection-limit=85,32 protocol=tcp
add action=add-src-to-address-list address-list=1-plus-connection chain=input
comment="Add ip after 1+ connections (input)" connection-limit=1,32
protocol=tcp time=21h-23h59m59s,sun,mon,tue,wed,thu,fri,sat
add action=add-dst-to-address-list address-list=1-plus-connection-dst chain=
input comment="Add ip after 1+ connections (input)" connection-limit=
1,32 protocol=tcp time=21h-23h59m59s,sun,mon,tue,wed,thu,fri,sat
add action=add-dst-to-address-list address-list=100-plus-connection-dst
address-list-timeout=1d chain=input comment=
"Add ip after 85 connections (input)" connection-limit=85,32 protocol=tcp
add action=add-src-to-address-list address-list=100-plus-connection
address-list-timeout=1d chain=forward comment=
"Add ip after 85 connections (forward)" connection-limit=85,32 protocol=
tcp
add chain=input dst-address=162.144.xx.xx src-address-list=PWVLAN
add chain=forward dst-address=162.144.xx.xx src-address-list=PWVLAN
add chain=forward dst-address-list=PWVLAN src-address=162.144.xx.xx
add chain=input dst-address-list=PWVLAN src-address=162.144.xx.xx
add action=add-dst-to-address-list address-list=yoube_dns_ip chain=forward
comment="Youtube http" content=youtube dst-port=80 protocol=tcp
src-address-list=PWVLAN
add action=add-dst-to-address-list address-list=yoube_dns_ip chain=forward
comment="Youtube https" content=youtube dst-port=443 protocol=tcp
src-address-list=PWVLAN
add action=drop chain=forward comment="Drop Youtube_List" src-address-list=
yoube_dns_ip time=0s-18h,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment="Block Facebook" dst-address-list=
facebook_dns_ips time=0s-18h,mon,tue,wed,thu,fri
add chain=input comment="Allow Traffic to Proxy" dst-port=8080 protocol=tcp
src-address-list=PWVLAN
add chain=input comment="Aceita o input da Lista PWVLAN list"
src-address-list=PWVLAN
add chain=input comment="Accept Connection Established" connection-state=
established
add chain=input comment="Accept Connection Related" connection-state=related
add chain=input comment="Accept Connection New" connection-state=new
add action=drop chain=input comment="Drop All other connection from input"
add action=drop chain=input comment="Block Traffic to Proxy" dst-port=8080
protocol=tcp src-address-list=PWVLAN
add chain=forward comment="Aceita NEW to Forward da Lista PWVLAN list"
connection-state=new src-address-list=PWVLAN
add chain=forward comment="Aceita todas ESTABLISHED " connection-state=
established
add chain=forward comment="Aceita Todas outras Related" connection-state=
related
add action=drop chain=forward comment="Drop All other traffic"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WANLINK src-address-list=
PWVLAN
add action=redirect chain=dstnat dst-port=80 protocol=tcp src-address-list=
PWVLAN to-ports=8080
/ip ipsec policy
add template=yes
/ip proxy
set anonymous=yes cache-hit-dscp=10 enabled=yes
/ip proxy access
add action=deny comment=ytb disabled=yes dst-host=*youtube.com redirect-to=
http://www.google.com/en/site
add action=deny disabled=yes dst-host=*facebook.com redirect-to=
http://www.google.com/en/site
add action=deny disabled=yes dst-host=https://www.facebook.com redirect-to=
http://www.google.com/en/site
/ip route
add distance=1 gateway=197.235.x.x
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no
/system identity
set name=PVMKT01
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge1 disabled=yes display-time=5s
set WANLINK disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set LANLINK disabled=yes display-time=5s
/system scheduler
add interval=1m name=fb-script-run-schedule on-event=facebook-list policy=
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api
start-date=aug/13/2014 start-time=19:02:11
/system script
add name=facebook-list policy=
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api
source="# Script to add Facebook DNS IP addresses\r
\n# Syed Jahanzaib / aacable@hotmail.com\r
\n# Script Source: N/A / GOOGLE : )\r
\n \r
\n:log warning "Script Started ... Adding Facebook DNS ip's to address li
st name facebook_dns_ips"\r
\n:foreach i in=[/ip dns cache find] do={\r
\n:local bNew "true";\r
\n:local cacheName [/ip dns cache all get $i name] ;\r
\n:if ([:find $cacheName "facebook"] != 0) do={\r
\n:local tmpAddress [/ip dns cache get $i address] ;\r
\n:put $tmpAddress;\r
\n:if ( [/ip firewall address-list find ] = "") do={\r
\n:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress
");\r
\n/ip firewall address-list add address=$tmpAddress list=facebook_dns_ips
_comment=$cacheName;\r
\n} else={\r
\n:foreach j in=[/ip firewall address-list find ] do={\r
\n:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
\r
\n:set bNew "false";\r
\n}\r
\n}\r
\n:if ( $bNew = "true" ) do={\r
\n:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress
");\r
\n/ip firewall address-list add address=$tmpAddress list=facebook_dns_ips
_comment=$cacheName;\r
\n}\r
\n}\r
\n}\r
\n}\r
\n# FB DNS IP ADD Script Ended ..."
add name=youtube-list policy=
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api
source="# Script to add Youtube DNS IP addresses\r
\n# By Silvio Mhula editing Syed Jahanzaib / aacable@hotmail.com\r
\n \r
\n:log warning "Script Started ... Adding Youtube DNS ip's to address lis
t name youtube_dns_ips"\r
\n:foreach i in=[/ip dns cache find] do={\r
\n:local bNew "true";\r
\n:local cacheName [/ip dns cache all get $i name] ;\r
\n:if ([:find $cacheName "youtube"] != 0) do={\r
\n:local tmpAddress [/ip dns cache get $i address] ;\r
\n:put $tmpAddress;\r
\n:if ( [/ip firewall address-list find ] = "") do={\r
\n:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress
");\r
\n/ip firewall address-list add address=$tmpAddress list=youtube_dns_ips
comment=$cacheName;\r
\n} else={\r
\n:foreach j in=[/ip firewall address-list find ] do={\r
\n:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
\r
\n:set bNew "false";\r
\n}\r
\n}\r
\n:if ( $bNew = "true" ) do={\r
\n:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress
");\r
\n/ip firewall address-list add address=$tmpAddress list=youtube_dns_ips
comment=$cacheName;\r
\n}\r
\n}\r
\n}\r
\n}\r
\n#

i'm attaching the graph the ISP sent to us:
your help is much appreciated.

The ISP says all is fine on their side, so what's wrong with my setup and what would be the best approach.
if this was already discussed please point me to the link.

Regards

Screen Shot 2014-09-15 at 1.16.50 PM.png
Screen Shot 2014-09-15 at 1.16.50 PM.png529×218 84.2 KB