Looking for a consultant.

RouterOS Beginner Basics
1

Hello Mikrotikkers.

I am looking for a person willing to take a look at a RB450G configuration and help out with fixing a few things.
I have been volunteering in India and Nepal several times, and during my last 6 month stay in Kathmandu, i took on the volunteer job as remote IT guy for a group of people sharing internet connections.
The Solution in use is the RB450G and there are 2 wan connections being loadbalanced and then dedicated to a single ethernet port on the mikrotik, and then 1 other wan connection dedicated to one of the other ethernet ports.

I managed to clean up a lot of the previous configuration mess and do some simple torrent site blocking and so forth. But I have realized that i have reached my limit in regards to my mikrotik skill level. The people using the setup really don’t have money to spend on support, so i decided to go ahead and use a bit of my own pocket money from my student savings account.

I have 54gbp(90usd) at my disposal. I do understand that this is not a lot, but i hope it can suffice. I honestly cant imagine the issues being really hard some of you guys in here. So it might just be a quick 10-30 minute check and fix. I can do bank transfer and paypal transfer. :slight_smile:
I am capable of supplying a export of the current configuration, and some log files I imagine.

I don’t really know how to do this kind of “transaction” so i am open for comments, in regards to doing this in a secure manner. I would also prefer a person with good ratings from this forum, and someone other people can recommend.

-Keywords i imagine is relevant in regards to the setup.
Load Balancing, equal load distribution per ip/mac, hotspot, bandwidth management.

The device is currently running 6.2 and should properly be upgraded to 6.7, but we can talk about that.

All the best, from a worn out Danish guy studying in Edinburgh.

2

Forum users can often help you free of charge. Depends on how much you need configured.

Please post your current config (output of command “/export compact”) and the desired goal

3

Post your config and what exactly your trying to do. We can try to help you here, but I’m also willing to consult if needed.

Sent from my SCH-I545 using Tapatalk

4

Contact me in my signature.

Send from my mobile phone using Tapatalk.

5

Contact me on babbelbox[@]zonnet.nl

6

Hey guys, i am sorry for the delay, i am currently doing my final project and i have had to focus on some python/sqlite code which has been bugging me.
Anyway. Here is the config.

I have talked with they guys and apparently they where made aware that the 2 lines which are loadbalanced, would share the connection equally between users. It seems like this is not the case though. I am told that it is possible for one single user to hog the whole connection.
The Hotspot solution is broken, as far as i can understand it has something to do with the usermanager. When loggin in via user generated in the config, everything is fine. When people try to login via users generated via the usermanager, nothing happens.

I shall do my best to supply logfiles, but it properly takes a day or to because of the time difference and the need to get in contact with the guy who is competent enough to login to the device and so forth.

[admin@MikroTik] > export compact

# jan/02/1970 06:29:21 by RouterOS 6.2
/interface ethernet
set 0 name=1-WorldLink_Wan_Port1
set 1 name=2-WorldLink_Wan_Port2
set 2 name=3-WorldLink_Wan_Port3
set 3 name=4-Namaste_AP_Free
set 4 name=5-Namaste_AP_Paid




/interface pppoe-client
add add-default-route=yes disabled=no interface=1-WorldLink_Wan_Port1 keepalive-timeout=disabled name=WorldLink_WAN_PPPoE1 password=Passw0rd user=PPPoeUser
add add-default-route=yes interface=2-WorldLink_Wan_Port2 keepalive-timeout=disabled name=WorldLink_WAN_PPPoE2 password=Passw0rd user=PPPoeUser
add add-default-route=yes disabled=no interface=3-WorldLink_Wan_Port3 keepalive-timeout=disabled name=WorldLink_WAN_PPPoE3 password=Passw0rd user=PPPoeUser



/ip firewall layer7-protocol
add name=BITTORRENT regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fi\
    d=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add name=BITTORRENT_ANNOUNCE regexp=^get.+announce.
add name=p2p_www regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova\
    |fulldls|btbot|fenopy|gpirate|commonbits).*\$"
add name=p2p_dns regexp="^.+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|fulldls|bt\
    bot|fenopy|gpirate|commonbits).*\$"

/ip hotspot profile
add dns-name=NamastePaid hotspot-address=192.168.250.1 name=hsprof1 nas-port-type=ethernet use-radius=yes


/ip pool
add name=Namaste_AP_Free_DHCP_Pool ranges=192.168.200.2-192.168.200.240
add name=Namaste_AP_Paid_DHCP_Pool ranges=192.168.250.2-192.168.250.240
add name=hs-pool-5 ranges=192.168.250.10-192.168.250.240


/ip dhcp-server
add address-pool=Namaste_AP_Free_DHCP_Pool disabled=no interface=4-Namaste_AP_Free lease-time=6h name=AP_Free_DHCP-Server
add address-pool=hs-pool-5 authoritative=after-10sec-delay disabled=no interface=5-Namaste_AP_Paid lease-time=6h name=dhcp1



/ip hotspot
add address-pool=hs-pool-5 addresses-per-mac=1 disabled=no interface=5-Namaste_AP_Paid name=hotspot1 profile=hsprof1
/ip hotspot user profile
set [ find default=yes ] address-pool=hs-pool-5 mac-cookie-timeout=1d

/port
set 0 name=serial0

/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100

/tool user-manager customer
add backup-allowed=yes disabled=no login=NamasteAdmin password=Passw0rd paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no permissions=owner signup-allowed=no time-zone=-00:00

/tool user-manager profile
add name=NamastePaidUsers5GB name-for-users="" override-shared-users=off owner=NamasteAdmin price=150 starts-at=logon validity=0s

/tool user-manager profile limitation
add address-list="" download-limit=5368709120B group-name="" ip-pool="" name="5GB Limitation Package" transfer-limit=0B upload-limit=0B uptime-limit=0s
add address-list="" download-limit=0B group-name="" ip-pool="" name="Time Limit: 12 hours" transfer-limit=0B upload-limit=0B uptime-limit=12h

/ip address
add address=192.168.200.1/24 interface=4-Namaste_AP_Free network=192.168.200.0
add address=192.168.250.1/24 interface=5-Namaste_AP_Paid network=192.168.250.0

/ip dhcp-server network
add address=192.168.200.0/24 dns-server=192.168.200.1 gateway=192.168.200.1
add address=192.168.250.0/24 comment="hotspot network" gateway=192.168.250.1

/ip dns
set allow-remote-requests=yes servers=8.8.8.8

/ip dns static
add address=8.8.8.8 name=GoogleDNS

/ip firewall address-list
add address=192.168.250.10-192.168.250.250 list=NamastePaid_Addresslist

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=drop chain=forward p2p=all-p2p src-address=192.168.200.0/24
add action=drop chain=forward comment="block p2p_www" layer7-protocol=p2p_www
add action=drop chain=forward comment="block p2p_dns" dst-port=53 layer7-protocol=p2p_dns protocol=udp

/ip firewall mangle
add action=mark-connection chain=input comment="Mark new inbound connection wan1" connection-state=new in-interface=WorldLink_WAN_PPPoE1 new-connection-mark=wan1
add action=mark-connection chain=input comment="Mark new inbound connection wan2" connection-state=new in-interface=WorldLink_WAN_PPPoE2 new-connection-mark=wan2
add action=mark-connection chain=prerouting comment="Mark established inbound connection wan1" connection-state=established in-interface=WorldLink_WAN_PPPoE1 new-connection-mark=wan1
add action=mark-connection chain=prerouting comment="Mark established inbound connection wan2" connection-state=established in-interface=WorldLink_WAN_PPPoE2 new-connection-mark=wan2
add action=mark-connection chain=prerouting comment="Mark related inbound connection wan1" connection-state=related in-interface=WorldLink_WAN_PPPoE1 new-connection-mark=wan1
add action=mark-connection chain=prerouting comment="Mark related inbound connection wan2" connection-state=related in-interface=WorldLink_WAN_PPPoE2 new-connection-mark=wan2
add action=mark-routing chain=output comment="Mark new inbound route wan1" connection-mark=wan1 new-routing-mark=static-wan1 passthrough=no
add action=mark-routing chain=output comment="Mark new inbound route wan2" connection-mark=wan2 new-routing-mark=static-wan2 passthrough=no
add action=mark-connection chain=prerouting comment="Mark traffic that isn't local with PCC mark rand (2 possibilities) - option 1" connection-state=new dst-address-type=!local in-interface=4-Namaste_AP_Free new-connection-mark=wan1_pcc_conn per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="Mark traffic that isn't local with PCC mark rand (2 possibilities) - option 2" connection-state=new dst-address-type=!local in-interface=4-Namaste_AP_Free new-connection-mark=wan2_pcc_conn per-connection-classifier=both-addresses:2/1
add action=mark-connection chain=prerouting comment="Mark established traffic that isn't local with PCC mark rand (2 possibilities) - option 1" connection-state=established dst-address-type=!local in-interface=4-Namaste_AP_Free new-connection-mark=wan1_pcc_conn per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="Mark established traffic that isn't local with PCC mark rand (2 possibilities) - option 2" connection-state=established dst-address-type=!local in-interface=4-Namaste_AP_Free new-connection-mark=wan2_pcc_conn per-connection-classifier=both-addresses:2/1
add action=mark-connection chain=prerouting comment="Mark related traffic that isn't local with PCC mark rand (2 possibilities) - option 1" connection-state=related dst-address-type=!local in-interface=4-Namaste_AP_Free new-connection-mark=wan1_pcc_conn per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="Mark related traffic that isn't local with PCC mark rand (2 possibilities) - option 2" connection-state=related dst-address-type=!local in-interface=4-Namaste_AP_Free new-connection-mark=wan2_pcc_conn per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment="Mark routing for  PCC mark - option 1" connection-mark=wan1_pcc_conn new-routing-mark=wan1
add action=mark-routing chain=prerouting comment="Mark routing for  PCC mark - option 2" connection-mark=wan2_pcc_conn new-routing-mark=wan2
add action=mark-routing chain=prerouting new-routing-mark=NamastePaid_PPPoe3 passthrough=no src-address-list=NamastePaid_Addresslist

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat src-address=192.168.200.0/24
add action=masquerade chain=srcnat src-address=192.168.250.0/24

/ip hotspot user
add name=admin password=Passw0rd server=hotspot1
add name=Michael password=Passw0rd server=hotspot1

/ip proxy
set parent-proxy=0.0.0.0

/ip route
add check-gateway=arp comment="Static Route - WAN1" distance=1 gateway=WorldLink_WAN_PPPoE1 routing-mark=static-wan1
add check-gateway=arp comment="Static Route - WAN2" distance=2 gateway=WorldLink_WAN_PPPoE2 routing-mark=static-wan2
add check-gateway=arp comment="WAN 1  - Distance 1" distance=1 gateway=WorldLink_WAN_PPPoE1 routing-mark=wan1
add check-gateway=arp comment="WAN 1  - Distance 2" distance=2 gateway=WorldLink_WAN_PPPoE2 routing-mark=wan1
add check-gateway=arp comment="WAN 2  - Distance 1" distance=1 gateway=WorldLink_WAN_PPPoE2 routing-mark=wan2
add check-gateway=arp comment="WAN 3  - Distance 2" distance=2 gateway=WorldLink_WAN_PPPoE1 routing-mark=wan2
add distance=1 gateway=WorldLink_WAN_PPPoE3 routing-mark=NamastePaid_PPPoe3
add check-gateway=arp comment="Default Route - Distance 1" distance=1 gateway=WorldLink_WAN_PPPoE1
add check-gateway=arp comment="Default Route - Distance 2" distance=2 gateway=WorldLink_WAN_PPPoE2

/ip service
set telnet disabled=yes
set ftp address=192.168.200.0/24 disabled=yes
set www address=192.168.200.8/32,192.168.200.9/32,94.138.75.100/32 port=8080
set ssh address=192.168.200.8/32,192.168.200.9/32
set api disabled=yes
set winbox address=192.168.200.9/32,192.168.200.8/32

/ip traffic-flow
set interfaces=4-Namaste_AP_Free

/radius
add address=127.0.0.1 secret=NamasteRadiusPassw0rd service=login,hotspot timeout=3s

/radius incoming
set accept=yes

/system clock
set time-zone-name=Asia/Kathmandu

/tool user-manager profile profile-limitation
add from-time=8h limitation="5GB Limitation Package" profile=NamastePaidUsers5GB till-time=23h weekdays=\
    sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=8h limitation="Time Limit: 12 hours" profile=NamastePaidUsers5GB till-time=23h weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday

/tool user-manager router
add coa-port=1700 customer=NamasteAdmin disabled=no ip-address=127.0.0.1 log=auth-ok,auth-fail,acct-ok,acct-fail name=NamasteRouter shared-secret=NamasteRadiusPassw0rd use-coa=no

/tool user-manager user
add customer=NamasteAdmin disabled=no name=umila password=wf0jfa shared-users=unlimited wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=NamasteAdmin disabled=no name=boost-ebj698 password=4krrru shared-users=1 wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=NamasteAdmin disabled=no name=boost-hahycp password=p2xy46 shared-users=1 wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=NamasteAdmin disabled=no name=boost-4ts6yf password=na3v2f shared-users=1 wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=NamasteAdmin disabled=no name=boost-c96t5q password=ufpgfp shared-users=1 wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=NamasteAdmin disabled=no name=boost-dqbsje password=5jyvkd shared-users=1 wireless-enc-algo=none wireless-enc-key="" wireless-psk=""