problem in profiles with queue

totti · May 24, 2011, 5:31pm

I’m trying to make profiles work i make the limit rate 128k/128k so i should download with 15-20kb/s but that’s not ..also queues not showing any traffics or statics I’m using 3.30
here’s a photo to explain my problem

I’ve tried to reinstall mikrotik from 0 but still have the same problem
sorry for my bad English cause it’s not my main language.

SurferTim · May 24, 2011, 6:28pm

That “target-address” should be a localnet ip. Is 9.9.9.0/24 assigned to your hotspot localnet?
Check “/ip hotspot host”. The “to-address” is the one your queue sees. If you do not understand it, please post it here.

totti · May 24, 2011, 6:31pm

How do i check that?
I type /ip hotspot host and its appers like
[admin@MikroTik] > /ip hotspot host
[admin@MikroTik] /ip hotspot host>

nothing else

SurferTim · May 24, 2011, 6:32pm

I am sorry. I forgot that. This will show you what ip is being used by each user.

/ip hotspot active
print

ADD: If you have no entries in the “/ip hotspot host”, then nobody is on the hotspot interface.

What interface is that computer downloading connected to?

totti · May 24, 2011, 6:35pm

Flags: R - radius, B - blocked

USER ADDRESS UPTIME SESSION-TIME-LEFT IDLE-TIMEOUT

0 admin 9.9.9.2 1h13m47s
1 nasasat 9.9.9.7 1h10m54s

SurferTim · May 24, 2011, 6:37pm

Those are not private ips.
What interface is the hotspot assigned to?
What interface is your WAN (internet) connection on?

totti · May 24, 2011, 6:40pm

Hotspot assigned to lan"9.9.9.9"
Wan"192.168.1.2"

I hope that’s what you mean

SurferTim · May 24, 2011, 6:46pm

I don’t understand. Please post “/ip address print”.

totti · May 24, 2011, 6:51pm

[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE                                                         
 0   192.168.1.2/24     192.168.1.0     192.168.1.255   wan                                                               
 1   9.9.9.9/24         9.9.9.9         9.9.9.9         lan                                                               
[admin@MikroTik] >

also

[admin@MikroTik] /ip hotspot host> print    
Flags: S - static, H - DHCP, D - dynamic, A - authorized, P - bypassed 
 #    MAC-ADDRESS       ADDRESS         TO-ADDRESS      SERVER                                                IDLE-TIMEOUT
 0 HA 44:87:FC:8E:7E:04 9.9.9.2         9.9.9.2         hotspot1                                             
 1 HA 00:11:5B:E8:F6:23 9.9.9.7         9.9.9.7         hotspot1                                             
 2 D  00:16:17:7A:A7:7E 192.168.1.71    9.9.9.3         hotspot1                                              5m

SurferTim · May 24, 2011, 7:01pm

Try this:

/ip address
set 1 network=9.9.9.0
set 1 broadcast=9.9.9.255

Those previous settings are the wrong settings for a /24 subnet. I do not know what else that will affect.

Please post “/ip hotspot” and “/ip hotspot profile”.

totti · May 24, 2011, 7:03pm

[admin@MikroTik] /ip hotspot profile> print
Flags: * - default 
 0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 
     smtp-server=0.0.0.0 login-by=http-chap split-user-domain=no use-radius=no 

 1   name="hsprof1" hotspot-address=9.9.9.9 dns-name="" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 
     smtp-server=0.0.0.0 login-by=http-chap split-user-domain=no use-radius=no

[admin@MikroTik] > /ip hotspot print
Flags: X - disabled, I - invalid, S - HTTPS 
 #   NAME                   INTERFACE                  ADDRESS-POOL                  PROFILE                  IDLE-TIMEOUT
 0   hotspot1               lan                        hs-pool-1                     hsprof1                  5m          
[admin@MikroTik] >

ٍstill the same problem btw

totti · May 24, 2011, 11:09pm

Well that’s how i setup My Mikrotik I added Ip address for wan/lan and added the routes and dns then setup hotspot that’s all or there’s something i need to do also for queues?

totti · May 29, 2011, 5:28pm

Please still need some help here…

fewi · May 29, 2011, 8:05pm

Just to get all the information into one post in a readable format, please post the output of “/ip address print detail”, “/ip route print detail”, “/interface print”, “/ip firewall export”, “/queue export”, “/ip hotspot export”, and an accurate network diagram.

marioclep · May 29, 2011, 9:06pm

Are you using bridges? Is your HotSpot running in a bridged interface? If so, try setting /interface bridge settings set use-ip-firewall=yes

Regards

totti · May 29, 2011, 10:45pm

/ip address print detail

[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic 
 0   address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=wan 
     actual-interface=wan 

 1   address=9.9.9.1/24 network=9.9.9.0 broadcast=9.9.9.255 interface=lan 
     actual-interface=lan 

 2 D address=192.168.1.100/24 network=192.168.1.0 broadcast=192.168.1.255 interface=wan 
     actual-interface=wan

/ip route print detail

[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0   S  dst-address=0.0.0.0/0 gateway=192.168.1.1 interface=wan gateway-state=reachable 
        distance=1 scope=30 target-scope=10 

 1 ADS  dst-address=0.0.0.0/0 gateway=192.168.1.1 interface=wan gateway-state=reachable 
        distance=0 scope=30 target-scope=10 

 2 ADC  dst-address=9.9.9.0/24 pref-src=9.9.9.1 interface=lan distance=0 scope=10 

 3 ADC  dst-address=192.168.1.0/24 pref-src=192.168.1.2 interface=wan distance=0 scope=10

/interface print

[admin@MikroTik] > /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                        TYPE             MTU   L2MTU
 0  R  lan                                         ether            1500 
 1  R  wan                                         ether            1500

/ip firewall export

#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=accept chain=forward comment=allow connection-state=established \
    disabled=no
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment="exe fils" content=.exe \
    disabled=no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=rar content=.rar disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=7z content=.7z disabled=no \
    protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=rmvb content=.rmvb \
    disabled=no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=zip content=.zip disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=bin content=.bin disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=ram content=.ram disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=asf content=.asf disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=mov content=.mov disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=wmv content=.wmv disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=mpg content=.mpg disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=mpeg content=.mpeg \
    disabled=no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=mkv content=.mkv disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=avi content=.avi disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=flv content=.flv disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=pdf content=.pdf disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=iso content=.iso disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=nrg content=.nrg disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=wav content=.wav disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=rm content=.rm disabled=no \
    protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=mp3 content=.mp3 disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=mp4 content=.mp4 disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=wma content=.wma disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=dat content=.dat disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=vcd content=.vcd disabled=\
    no protocol=tcp
add action=add-dst-to-address-list address-list=User-Download-list \
    address-list-timeout=1h chain=forward comment=cab content=.cab disabled=\
    no protocol=tcp
/ip firewall mangle
add action=mark-packet chain=forward comment="" disabled=no new-packet-mark=\
    User-Download-Fils passthrough=no protocol=tcp src-address-list=\
    User-Download-list src-port=80
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=9.9.9.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=9.9.9.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=9.9.9.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=9.9.9.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no

totti · May 29, 2011, 10:47pm

What do you mean with bridges?

totti · June 9, 2011, 11:02am

actually still need help here a lot )=

fewi · June 9, 2011, 1:20pm

You didn’t post the most important part, “/ip hotspot export”.