I have a customer on my hotspot that uses facebook for their business.
I’m struggling to figure out how to manage them.
Presently this customer has between 6 users online at a time, they show @ 1200 connections between the 6 of them .
Obviously way to many connections for that few users.
And they’re complaining.
How does one manage this and limit the connections per user?
In the pic attached it shows a LOT going back to the login page IP (10.0.0.1) and alot of one or 2 particular ports.
Not sure if those are P2P or not. Or just the way the hotspot works with the servlet?
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s
tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=“place hotspot rules here” disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=“place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat comment=“masquerade hotspot network” disabled=no src-address=10.0.0.0/24
add action=dst-nat chain=dstnat comment=“jerry nb 8002” disabled=no dst-address=98.173.. dst-port=8002
protocol=tcp to-addresses=10.0.0.2 to-ports=8002
add action=dst-nat chain=dstnat comment=“seacoast nb 8002” disabled=no dst-address=98.173.. dst-port=
8003 protocol=tcp to-addresses=10.0.0.3 to-ports=8003
add action=dst-nat chain=dstnat disabled=no dst-address=10.0.0.6 dst-port=3389 protocol=tcp to-addresses=
10.0.0.6 to-ports=3389
add action=dst-nat chain=dstnat comment=“ftp sbs server” disabled=no dst-address=98.173.. dst-port=21
protocol=tcp to-addresses=10.0.0.6 to-ports=21
add action=dst-nat chain=dstnat comment=“remote scanner” disabled=no dst-address=98.173.. dst-port=8007
protocol=tcp to-addresses=10.0.0.7 to-ports=80
add action=dst-nat chain=dstnat comment=“remote camera” disabled=no dst-address=98.173.. dst-port=8060
protocol=tcp to-addresses=10.0.0.5 to-ports=8060
add action=dst-nat chain=dstnat comment=“law st arigrid” disabled=no dst-address=98.173.. dst-port=8013
protocol=tcp to-addresses=10.0.0.13 to-ports=80
add action=src-nat chain=srcnat disabled=no protocol=tcp src-address=10.0.0.5 src-port=8060 to-addresses=
98.173.. to-ports=8060
add action=dst-nat chain=dstnat comment=“remote cam 6036” disabled=no dst-address=98.173.. dst-port=6036
protocol=tcp to-addresses=10.0.0.5 to-ports=6036
add action=src-nat chain=srcnat comment=“src scanner 8007” disabled=no protocol=tcp src-address=10.0.0.7
src-port=80 to-addresses=98.173.. to-ports=8007
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no[admin@MikroTik] > ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 address=10.0.0.1/24 network=10.0.0.0 interface=LAN actual-interface=LAN1 address=98.173../28 network=98.173.. interface=WAN actual-interface=WAN
[admin@MikroTik] /ip route> print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=98.173.. gateway-status=98.173.. reachable WAN distance=1
scope=30 target-scope=101 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=LAN gateway-status=LAN reachable distance=0 scope=10
2 ADC dst-address=98.173../28 pref-src=98.173.. gateway=WAN gateway-status=WAN reachable distance=0
scope=10[admin@MikroTik] /interface> print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name=“WAN” type=“ether” mtu=15001 R name=“LAN” type=“ether” mtu=1500
Thanks…