Mikrotik in Corporate environment - Firewall-BM

ashish · October 16, 2007, 12:29pm

we have more than 1000 user in my company, 10 different network I have installed MT and everything is working fine, But need something extra in that.

Equal Bandwidth to every one using PCQ = 64k/64k

I want to create one group and want to give high bandwidth 256k/256k (To Managers and Higher Position).
I need Complete firewall system to stop Virus atteck. Or Some external firewall.
I want to filter websites with group. I.e - > for X group some websites filter, for Y group some websites including X and for other group all filtered websites - I have configured Web-Proxy for websites Blocking.

In short need complete firewall with bandwidth management…I know that MT can do all this but i am little confused with the configuration

karo84 · October 17, 2007, 3:17pm

Hi
You May create Queue Types (PCQ) For Download And For Upload
For download and Upload Limiting Per IP You must Do

/ queue type
add name="PCQ-Download 64k" kind=pcq pcq-rate=64000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
add name="PCQ-Upload 64k" kind=pcq pcq-rate=64000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000

Then Mark that packets and add queue tree
Use Your Mark

/ip firewall mangle
add chain=prerouting dst-address=172.25.8.0/22 action=mark-packet new-packet-mark=25081 passthrough=no comment="" disabled=no 
add chain=prerouting src-address=172.25.8.0/22 action=mark-packet new-packet-mark=2508 passthrough=no comment="" disabled=no

choose queue type PCQ For Download choos parent global-out and for Upload choose parent global-in

/queue tree
add name="queue1" parent=global-in packet-mark=2508 limit-at=0 queue="PCQ-Upload 64k" priority=3 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s \
add name="queue2" parent=global-out packet-mark=25081 limit-at=0 queue="PCQ-Download 64k" priority=3 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s \

So You can give each of 172.25.8.0/22 network 64k/64k equally

With Regards
Karo Aznavuryan

ashish · October 18, 2007, 2:57am

Thank you,
but the configuration is running on my mikrotik…i need something else…and it is written..
Thanks again