Community discussions

MikroTik App
 
Trekkie
newbie
Topic Author
Posts: 37
Joined: Thu Feb 07, 2013 1:48 am

RB493G Performance Issue

Sat Feb 13, 2016 5:44 am

I have had some performance issues that have come to light and trying to figure out what has happened.

My cable modem has been upgraded recently to a 300MB/20MB, and this brought the issue to light as when I wasn't seeing anywhere close to the DL speed I started testing. Right now, I'm getting roughly 15MB/20MB instead of 300MB/20MB. Before, I had 100/10MB and thought I was just congested, but I was getting the same speed roughly 15-25MB/10MB

Graph from my logging device here:

[Imgur](http://i.imgur.com/e7IBbrZ.png)

You can see in about October whatever went wrong went wrong. I to my knowledge haven't changed my configuration any, in fact I've tried tweaking my queues thinking I did something wrong, disabled them completely, and re-enabled them with no performance difference.


export of config below. Basic Firewall/src-nat with some priority queuing. This config has been stable for me for several years. The cable modem has been less stable so I was quick to blame it, but if I bypass the router on ethernet I get 175 - 250MB/s down, if I connect via ethernet through the router I'm getting 15-25MB down at best.

CPU load looks ok, 1-20% at best, maybe some spikes to 40% but nothing more.

Any suggestions?
[admin@galaxy] > export
# feb/12/2016 22:38:09 by RouterOS 6.34.1
# software id = IKL0-U4G5
#
/interface bridge
add name=LAN
/interface ethernet
set [ find default-name=ether1 ] name=WAN
/interface ethernet switch port
set 0 vlan-mode=disabled
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc
/ip pool
add name=dhcp_pool1 ranges=172.16.0.50-172.16.254.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 authoritative=yes disabled=no interface=LAN lease-time=3d name=dhcp1
/ipv6 dhcp-server
add address-pool=twc interface=LAN name=server1
/queue tree
add max-limit=20M name=Upload_WAN1 parent=global priority=1
add limit-at=18M max-limit=20M name=UP_Interactive_WAN1 parent=Upload_WAN1 priority=1
add limit-at=2M max-limit=20M name=UP_NonInteractive_WAN1 parent=Upload_WAN1
add max-limit=300M name=Download_WAN1 parent=global priority=1
add limit-at=270M max-limit=300M name=DN_Interactive_WAN1 parent=Download_WAN1 priority=1
add limit-at=30M max-limit=300M name=DN_NonInteractive_WAN1 parent=Download_WAN1
/queue type
add kind=pcq name=Upload_WAN1 pcq-classifier=src-address pcq-rate=20M pcq-total-limit=25000KiB
add kind=pcq name=Download_WAN1 pcq-classifier=dst-address pcq-rate=300M pcq-total-limit=25000KiB
/queue simple
add name=TWC_300 queue=Upload_WAN1/Download_WAN1 target=172.16.0.0/16
/queue tree
add name=up_p1_interactive_WAN1 packet-mark=up_p1_interactive_WAN1 parent=UP_Interactive_WAN1 priority=1 queue=Upload_WAN1
add name=up_p2_interactive_WAN1 packet-mark=up_p2_interactive_WAN1 parent=UP_Interactive_WAN1 priority=2 queue=Upload_WAN1
add name=up_p3_interactive_WAN1 packet-mark=up_p3_interactive_WAN1 parent=UP_Interactive_WAN1 priority=3 queue=Upload_WAN1
add name=up_p4_interactive_WAN1 packet-mark=up_p4_interactive_WAN1 parent=UP_Interactive_WAN1 priority=4 queue=Upload_WAN1
add name=up_p5_interactive_WAN1 packet-mark=up_p5_interactive_WAN1 parent=UP_Interactive_WAN1 priority=5 queue=Upload_WAN1
add name=up_p6_interactive_WAN1 packet-mark=up_p6_interactive_WAN1 parent=UP_Interactive_WAN1 priority=6 queue=Upload_WAN1
add name=up_p7_interactive_WAN1 packet-mark=up_p7_interactive_WAN1 parent=UP_Interactive_WAN1 priority=7 queue=Upload_WAN1
add name=up_p8_interactive_WAN1 packet-mark=up_p8_interactive_WAN1 parent=UP_Interactive_WAN1 queue=Upload_WAN1
add name=up_p1_noninteractive_WAN1 packet-mark=up_p1_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=1 queue=Upload_WAN1
add name=up_p2_noninteractive_WAN1 packet-mark=up_p2_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=2 queue=Upload_WAN1
add name=up_p3_noninteractive_WAN1 packet-mark=up_p3_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=3 queue=Upload_WAN1
add name=up_p4_noninteractive_WAN1 packet-mark=up_p4_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=4 queue=Upload_WAN1
add name=up_p5_noninteractive_WAN1 packet-mark=up_p5_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=5 queue=Upload_WAN1
add name=up_p6_noninteractive_WAN1 packet-mark=up_p6_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=6 queue=Upload_WAN1
add name=up_p7_noninteractive_WAN1 packet-mark=up_p7_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 priority=7 queue=Upload_WAN1
add name=up_p8_noninteractive_WAN1 packet-mark=up_p8_noninteractive_WAN1 parent=UP_NonInteractive_WAN1 queue=Upload_WAN1
add name=down_p1_interactive_WAN1 packet-mark=dn_p1_interactive_WAN1 parent=DN_Interactive_WAN1 priority=1 queue=Download_WAN1
add name=down_p2_interactive_WAN1 packet-mark=dn_p2_interactive_WAN1 parent=DN_Interactive_WAN1 priority=2 queue=Download_WAN1
add name=down_p3_interactive_WAN1 packet-mark=dn_p3_interactive_WAN1 parent=DN_Interactive_WAN1 priority=3 queue=Download_WAN1
add name=down_p4_interactive_WAN1 packet-mark=dn_p4_interactive_WAN1 parent=DN_Interactive_WAN1 priority=4 queue=Download_WAN1
add name=down_p5_interactive_WAN1 packet-mark=dn_p5_interactive_WAN1 parent=DN_Interactive_WAN1 priority=5 queue=Download_WAN1
add name=down_p6_interactive_WAN1 packet-mark=dn_p6_interactive_WAN1 parent=DN_Interactive_WAN1 priority=6 queue=Download_WAN1
add name=down_p7_interactive_WAN1 packet-mark=dn_p7_interactive_WAN1 parent=DN_Interactive_WAN1 priority=7 queue=Download_WAN1
add name=down_p8_interactive_WAN1 packet-mark=dn_p8_interactive_WAN1 parent=DN_Interactive_WAN1 queue=Download_WAN1
add name=down_p1_noninteractive_WAN1 packet-mark=dn_p1_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=1 queue=Download_WAN1
add name=down_p2_noninteractive_WAN1 packet-mark=dn_p2_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=2 queue=Download_WAN1
add name=down_p3_noninteractive_WAN1 packet-mark=dn_p3_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=3 queue=Download_WAN1
add name=down_p4_noninteractive_WAN1 packet-mark=dn_p4_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=4 queue=Download_WAN1
add name=down_p5_noninteractive_WAN1 packet-mark=dn_p5_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=5 queue=Download_WAN1
add name=down_p6_noninteractive_WAN1 packet-mark=dn_p6_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=6 queue=Download_WAN1
add name=down_p7_noninteractive_WAN1 packet-mark=dn_p7_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 priority=7 queue=Download_WAN1
add name=down_p8_noninteractive_WAN1 packet-mark=dn_p8_noninteractive_WAN1 parent=DN_NonInteractive_WAN1 queue=Download_WAN1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=LAN interface=ether2
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=LAN interface=ether5
add bridge=LAN interface=ether6
add bridge=LAN interface=ether7
add bridge=LAN interface=ether8
add bridge=LAN interface=ether9
/ip address
add address=172.16.0.1/16 interface=LAN network=172.16.0.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=WAN use-peer-dns=no
/ip dhcp-server network
add address=172.16.0.0/16 dns-server=208.67.222.222,208.67.220.220 gateway=172.16.0.1 netmask=16 ntp-server=64.90.182.55,216.229.0.179
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip firewall address-list
add address=192.168.0.0/16 list=illegal-addr
add address=10.0.0.0/8 list=illegal-addr
add address=172.16.0.0/12 disabled=yes list=illegal-addr
add address=169.254.0.0/16 list=illegal-addr
add address=127.0.0.0/8 list=illegal-addr
add address=224.0.0.0/3 comment=multicas list=illegal-addr
add address=223.0.0.0/8 list=illegal-addr
add address=198.18.0.0/15 list=illegal-addr
add address=192.0.2.0/24 list=illegal-addr
add address=185.0.0.0/8 list=illegal-addr
add address=180.0.0.0/6 list=illegal-addr
add address=179.0.0.0/8 list=illegal-addr
add address=176.0.0.0/7 list=illegal-addr
add address=175.0.0.0/8 list=illegal-addr
add address=104.0.0.0/6 list=illegal-addr
add address=100.0.0.0/6 list=illegal-addr
add address=49.0.0.0/8 list=illegal-addr
add address=46.0.0.0/8 list=illegal-addr
add address=42.0.0.0/8 list=illegal-addr
add address=39.0.0.0/8 list=illegal-addr
add address=36.0.0.0/7 list=illegal-addr
add address=31.0.0.0/8 list=illegal-addr
add address=27.0.0.0/8 list=illegal-addr
add address=23.0.0.0/8 list=illegal-addr
add address=14.0.0.0/8 list=illegal-addr
add address=5.0.0.0/8 list=illegal-addr
add address=2.0.0.0/8 list=illegal-addr
add address=0.0.0.0/7 list=illegal-addr
add address=128.0.0.0/16 list=illegal-addr
add address=172.16.0.0/16 comment="my local network, all NATed" list=local-addr
add address=12.129.193.0/24 comment=WoW list=games
add address=12.129.222.0/23 comment=WoW list=games
add address=12.129.225.0/24 comment=WoW list=games
add address=12.129.228.0/24 comment=WoW list=games
add address=12.129.233.0/24 comment=WoW list=games
add address=12.129.252.0/23 comment=WoW list=games
add address=63.241.255.0/24 comment=WoW list=games
add address=72.5.213.0/24 comment=WoW list=games
add address=80.239.149.0/24 comment=WoW list=games
add address=80.239.179.0/24 comment=WoW list=games
add address=80.239.181.0/24 comment=WoW list=games
add address=80.239.185.0/24 comment=WoW list=games
add address=80.239.233.0/24 comment=WoW list=games
add address=192.12.244.0/24 comment=WoW list=games
add address=195.12.246.0/24 comment=WoW list=games
add address=199.107.6.0/23 comment=WoW list=games
add address=199.107.24.0/23 comment=WoW list=games
add address=206.16.118.0/23 comment=WoW list=games
add address=206.16.147.0/24 comment=WoW list=games
add address=206.18.148.0/23 comment=WoW list=games
add address=206.18.98.0/23 comment=WoW list=games
add address=206.16.235.0/24 comment=WoW list=games
add address=206.17.111.0/24 comment=WoW list=games
add address=213.248.123.0/24 comment=WoW list=games
add address=213.248.127.0/24 comment=WoW list=games
add address=202.9.66.0/23 comment=SC2 list=games
add address=12.129.254.0/23 comment=SC2 list=games
add address=12.129.206.0/24 comment=SC2 list=games
add address=12.129.242.0/24 comment="Diablo III" list=games
add address=12.130.245.0/24 comment="Diablo III" list=games
add address=12.130.244.0/24 comment="Diablo III" list=games
add address=12.130.246.0/24 comment="Diablo III" list=games
add address=63.150.138.0/24 comment="Dota 2" list=games
add address=103.10.124.0/24 comment="Dota 2" list=games
add address=103.10.125.0/24 comment="Dota 2" list=games
add address=103.28.54.0/23 comment="Dota 2" list=games
add address=146.66.152.0/23 comment="Dota 2" list=games
add address=146.66.154.0/24 comment="Dota 2" list=games
add address=146.66.155.0/24 comment="Dota 2" list=games
add address=146.66.156.0/23 comment="Dota 2" list=games
add address=146.66.158.0/23 comment="Dota 2" list=games
add address=185.25.180.0/23 comment="Dota 2" list=games
add address=185.25.182.0/24 comment="Dota 2" list=games
add address=192.69.96.0/22 comment="Dota 2" list=games
add address=205.196.6.0/24 comment="Dota 2" list=games
add address=208.64.200.0/24 comment="Dota 2" list=games
add address=208.64.201.0/24 comment="Dota 2" list=games
add address=208.64.202.0/24 comment="Dota 2" list=games
add address=208.64.203.0/24 comment="Dota 2" list=games
add address=208.78.164.0/22 comment="Dota 2" list=games
add address=216.111.123.0/24 comment="Dota 2" list=games
add address=31.186.224.0/24 comment="LoL Europe" list=games
add address=31.186.226.0/24 comment="LoL Europe" list=games
add address=64.7.194.0/24 comment="LoL Europe" list=games
add address=95.172.65.0/24 comment="LoL Europe" list=games
add address=95.172.70.0/24 comment="LoL Europe" list=games
add address=66.150.148.0/24 comment="LoL EU-NE" list=games
add address=192.64.168.0/24 comment="LoL NA" list=games
add address=192.64.169.0/24 comment="LoL NA" list=games
add address=192.64.170.0/24 comment="LoL NA" list=games
add address=216.133.234.0/24 comment="LoL NA" list=games
add address=59.100.95.128/25 comment="LoL Oceania" list=games
add address=203.116.112.128/25 comment="LoL Singapore/Malaysia" list=games
add address=216.240.136.162 comment="Lowerping - US West - Panther 1" list=games
add address=216.240.145.9 comment="Lowerping - US West - Panther 2" list=games
add address=64.69.36.224 comment="Lowerping - US West - Panther 3" list=games
add address=208.70.75.171 comment="Lowerping - US West - Panther 4" list=games
add address=208.70.78.93 comment="Lowerping - US West - Panther 5" list=games
add address=216.240.136.167 comment="Lowerping - US West - Panther 6" list=games
add address=64.56.65.9 comment="Lowerping - US West - Tiger 1" list=games
add address=74.222.8.249 comment="Lowerping - US West - Tiger 2" list=games
add address=216.18.198.2 comment="Lowerping - US West - Fox 1" list=games
add address=173.231.26.242 comment="Lowerping - US West - Fox 2" list=games
add address=66.212.28.128 comment="Lowerping - US West - Lion A1" list=games
add address=66.63.191.237 comment="Lowerping - US West - Lion A2" list=games
add address=72.11.142.216 comment="Lowerping - US West - Lion B1" list=games
add address=72.11.142.217 comment="Lowerping - US West - Lion B2" list=games
add address=96.44.172.186 comment="Lowerping - US West - Lion C1" list=games
add address=96.44.177.26 comment="Lowerping - US West - Lion C2" list=games
add address=96.44.177.27 comment="Lowerping - US West - Lion D1" list=games
add address=72.11.142.218 comment="Lowerping - US West - Lion D2" list=games
add address=64.120.10.178 comment="Lowerping - US West - Panda 1" list=games
add address=72.51.46.93 comment="Lowerping - US West - Rhino 1" list=games
add address=173.245.68.180 comment="Lowerping - US West - Squid 1" list=games
add address=173.245.68.178 comment="Lowerping - US West - Squid 2" list=games
add address=8.17.252.162 comment="Lowerping - US West - Koala 1" list=games
add address=8.17.252.163 comment="Lowerping - US West - Koala 2" list=games
add address=50.23.65.37 comment="Lowerping - US West - Salmon 1" list=games
add address=174.127.96.124 comment="Lowerping - US West - Salmon 2" list=games
add address=174.127.96.127 comment="Lowerping - US West - Salmon 3" list=games
add address=66.109.20.100 comment="Lowerping - US East - Cobra 1" list=games
add address=66.199.235.194 comment="Lowerping - US East - Otter 1" list=games
add address=72.9.100.90 comment="Lowerping - US East - Otter 2" list=games
add address=173.208.45.82 comment="Lowerping - US East - Spider 1" list=games
add address=69.162.127.98 comment="Lowerping - US Central - Frog 1" list=games
add address=174.133.108.202 comment="Lowerping - US Central - Tadpole 1" list=games
add address=174.34.132.50 comment="Lowerping - US Central - Toad 1" list=games
add address=70.32.43.122 comment="Lowerping - Chicago - Macaw 1" list=games
add address=184.154.38.138 comment="Lowerping - Chicago - Jaguar 1" list=games
add address=78.129.220.51 comment="Lowerping - Europe - London 1" list=games
add address=188.138.24.38 comment="Lowerping - Europe - Germany 1" list=games
add address=85.10.193.111 comment="Lowerping - Europe - Germany 3" list=games
add address=94.75.208.164 comment="Lowerping - Europe - Netherlands 1" list=games
add address=62.212.91.21 comment="Lowerping - Europe - Netherlands 2" list=games
add address=91.191.144.94 comment="Lowerping - Europe - Paris 1" list=games
add address=46.21.207.116 comment="Lowerping - Europe - Paris 2" list=games
add address=159.153.0.0/16 comment="SWTOR - USA/EUROPE" list=games
add address=206.127.144.0/20 comment="GW2 - ArenaNet (NC Interactive)" list=games
add address=64.25.32.0/20 comment="GW2 - ArenaNet (NC Interactive)" list=games
add address=207.244.72.0/24 comment="War Thunder US" list=games
/ip firewall filter
add action=drop chain=input comment="Drop Invalid Connections" connection-state=invalid
add chain=input comment="Allow Established Connections" connection-state=established
add chain=input comment="Allow ICMP" protocol=icmp
add chain=input in-interface=!WAN src-address=172.16.0.0/16
add action=drop chain=input comment="Drop Everything Else"
add chain=forward comment="Allow traffic between clients" in-interface=LAN out-interface=LAN
add action=jump chain=forward comment="Sanity Check Forward" jump-target=sanity-check
add action=jump chain=sanity-check comment="Deny illegal NAT traversal" jump-target=drop packet-mark=nat-traversal
add chain=input comment="Allow The Router to be visible via Neighbor Discovery to WinBox" dst-address=255.255.255.255 dst-port=5678 in-interface=LAN protocol=udp
add action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d chain=sanity-check comment="Block port scans" protocol=tcp psd=20,3s,3,1
add action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d chain=sanity-check comment="Block TCP Null scan" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d chain=sanity-check comment="Block TCP Xmas scan" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=jump chain=sanity-check jump-target=drop protocol=tcp src-address-list=blocked-addr
add action=jump chain=sanity-check comment="Drop TCP RST" jump-target=drop protocol=tcp tcp-flags=rst
add action=jump chain=sanity-check comment="Drop TCP SYN+FIN" jump-target=drop protocol=tcp tcp-flags=fin,syn
add action=jump chain=sanity-check comment="Dropping invalid connections at once" connection-state=invalid jump-target=drop
add chain=sanity-check comment="Accepting already established connections" connection-state=established
add chain=sanity-check comment="Also accepting related connections" connection-state=related
add action=jump chain=sanity-check comment="Drop all traffic that goes to multicast or broadcast addresses" dst-address-type=broadcast,multicast jump-target=drop
add action=jump chain=sanity-check comment="Drop illegal destination addresses" dst-address-list=illegal-addr dst-address-type=!local in-interface=LAN jump-target=drop
add action=jump chain=sanity-check comment="Drop everything that goes from local interface but not from local address" in-interface=LAN jump-target=drop src-address-list=!local-addr
add action=jump chain=sanity-check comment="Drop all traffic that comes from multicast or broadcast addresses" jump-target=drop src-address-type=broadcast,multicast
add chain=input comment="Allow local traffic (between router applications)" dst-address-type=local src-address-type=local
add action=jump chain=input comment="DHCP protocol would not pass sanity checking, so enabling it explicitly before other checks" dst-port=67 in-interface=LAN jump-target=dhcp protocol=udp src-port=68
add action=jump chain=input comment="Sanity Check" jump-target=sanity-check
add action=jump chain=input comment="Dropping packets not destined to the router itself, including all broadcast traffic" dst-address-type=!local jump-target=drop
add chain=input comment="Allow pings, but at a very limited rate (5 packets per sec)" icmp-options=8 limit=5,5:packet protocol=icmp
add action=jump chain=input comment="Allowing some services to be accessible from the local network" in-interface=LAN jump-target=local-services
add action=jump chain=input jump-target=drop
add chain=dhcp dst-address=255.255.255.255 src-address=0.0.0.0
add chain=dhcp dst-address-type=local src-address=0.0.0.0
add chain=dhcp dst-address-type=local src-address-list=local-addr
add chain=local-services comment="SSH (22/TCP)" dst-port=22 protocol=tcp
add chain=local-services comment=DNS dst-port=53 protocol=udp
add chain=local-services dst-port=53 protocol=tcp
add chain=local-services comment="HTTP Proxy (3128/TCP)" dst-port=3128 protocol=tcp
add chain=local-services comment="Winbox (8291/TCP)" dst-port=8291 protocol=tcp
add chain=local-services comment=SNMP dst-port=161 protocol=udp
add chain=local-services comment=FTP dst-port=21 protocol=tcp
add chain=local-services comment=NTP dst-port=123 protocol=udp
add chain=local-services comment="Neighbor discovery" dst-port=5678 protocol=udp
add action=log chain=local-services comment="Temporary Logging to check for things we should not drop"
add action=drop chain=local-services disabled=yes
add chain=public-services comment="SSH (22/TCP)" dst-port=22 protocol=tcp
add chain=public-services comment="PPTP (1723/TCP)" dst-port=1723 protocol=tcp
add chain=public-services comment="Winbox (8291/TCP)" dst-port=8291 protocol=tcp
add chain=public-services comment="GRE for PPTP" protocol=gre
add action=log chain=public-services comment="Temporary Logging to check for things we should not drop"
add action=drop chain=public-services disabled=yes
/ip firewall mangle
add action=log chain=notes comment="Start of QoS tree version updated on 4/4/2014"
add chain=prerouting comment="Accept traffic From QOSCustomerIPs to QOSCustomerIPs" dst-address-list=QOSCustomerIPs src-address-list=QOSCustomerIPs
add action=mark-packet chain=prerouting comment="We should start with marking everything as unknown - dn_p7_interactive WAN1" in-interface=WAN new-packet-mark=dn_p7_interactive_WAN1
add action=mark-packet chain=postrouting comment="We should start with marking everything as unknown - up_p7_interactive" new-packet-mark=up_p7_interactive_WAN1 out-interface=WAN
add action=mark-packet chain=postrouting comment="Mark all ACK packets p1 for outbound traffic." new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN protocol=tcp tcp-flags=ack
add action=mark-packet chain=prerouting comment="Mark all ACK packets p1 for outbound traffic." in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 protocol=tcp tcp-flags=ack
add action=mark-connection chain=prerouting comment="Mark p2p connections first" new-connection-mark=p2p_conn p2p=all-p2p
add action=mark-packet chain=prerouting comment="Identifiable P2P is set at p8_noninteractive with NO PASSTHROUGH. This is the lowest priority we can configure" connection-mark=p2p_conn in-interface=WAN \
    new-packet-mark=dn_p8_noninteractive_WAN1 passthrough=no
add action=mark-packet chain=postrouting comment="Identifiable P2P is set at p8_noninteractive with NO PASSTHROUGH. This is the lowest priority we can configure" connection-mark=p2p_conn new-packet-mark=\
    up_p8_noninteractive_WAN1 out-interface=WAN passthrough=no
add action=mark-packet chain=prerouting comment="Default Bittorrent as p8_noninteractive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p8_noninteractive_WAN1 passthrough=no protocol=tcp \
    src-port=6881
add action=mark-packet chain=postrouting comment="Default Bittorrent as p8_noninteractive with NO PASSTHROUGH" dst-port=6881 new-packet-mark=up_p8_interactive_WAN1 out-interface=WAN passthrough=no \
    protocol=tcp
add action=mark-packet chain=prerouting comment="Mark ISP as p1_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no src-address-list=ISP
add action=mark-packet chain=postrouting comment="Mark ISP as p1_interactive with NO PASSTHROUGH" dst-address-list=ISP new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no
add action=mark-packet chain=prerouting comment="BGP as p1_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=tcp src-port=179
add action=mark-packet chain=postrouting comment="BGP as p1_interactive with NO PASSTHROUGH" dst-port=179 new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="OSPF as p1_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=ospf
add action=mark-packet chain=postrouting comment="OSPF as p1_interactive with NO PASSTHROUGH" new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=ospf
add action=mark-packet chain=postrouting comment="Mark VoIP/ICMP Test (8080 udp) 0-1000000 as p1_interactive with NO PASSTHROUGH" connection-bytes=0-1000000 dst-port=8080 new-packet-mark=\
    up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Mark VoIP/ICMP Test (8080 udp) 0-1000000 as p1_interactive with NO PASSTHROUGH" connection-bytes=0-1000000 in-interface=WAN new-packet-mark=\
    dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=8080
add action=mark-packet chain=prerouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k dst-port=53 in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=\
    no protocol=tcp
add action=mark-packet chain=postrouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no \
    protocol=tcp src-port=53
add action=mark-packet chain=postrouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k dst-port=53 new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Mark DNS 0-64k p1_interactive with NO PASSTHROUGH" connection-rate=0-64k in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=\
    udp src-port=53
add action=mark-packet chain=postrouting comment="ICMP is p1_interactive NO PASSTHROUGH" new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=icmp
add action=mark-packet chain=prerouting comment="ICMP is p1_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=icmp
add action=mark-packet chain=postrouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k dst-port=3478,4080,5223 new-packet-mark=\
    up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=\
    dn_p1_interactive_WAN1 passthrough=no protocol=tcp src-port=3478,4080,5223
add action=mark-packet chain=postrouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k dst-port=16393-16402 new-packet-mark=\
    up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="FaceTime - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=\
    dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=16393-16402
add action=mark-packet chain=postrouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k dst-port=5060-5061 new-packet-mark=\
    up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=\
    dn_p1_interactive_WAN1 passthrough=no protocol=tcp src-port=5060-5061
add action=mark-packet chain=postrouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k dst-port=5060-5061 new-packet-mark=\
    up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="VOIP - SIP - 0-512k connection rate Set for p1_interactive with NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=\
    dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=5060-5061
add action=mark-connection chain=prerouting comment="VOIP - mark DSCP 46 with voip connection mark" dscp=46 new-connection-mark=voip
add action=mark-packet chain=postrouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip connection-rate=0-512k new-packet-mark=\
    up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip connection-rate=0-512k in-interface=WAN \
    new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip connection-rate=0-512k new-packet-mark=\
    up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="For the voip connection mark - 0-512k set to p1_interactive with NO PASSTHROUGH" connection-mark=voip connection-rate=0-512k in-interface=WAN \
    new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="NTP is set at p1_interactive." dst-port=123 in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=udp src-port=123
add action=mark-packet chain=postrouting comment="NTP is set at p1_interactive." dst-port=123 new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="WINBOX p1_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p1_interactive_WAN1 passthrough=no protocol=tcp src-port=8291
add action=mark-packet chain=postrouting comment="WINBOX p1_interactive NO PASSTHROUGH" dst-port=8291 new-packet-mark=up_p1_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="### SITE SPECIFIC ADDRESS LIST ### p2_interactive NO PASSTHROUGH" dst-address-list=site-specific new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
    passthrough=no
add action=mark-packet chain=prerouting comment="### SITE SPECIFIC ADDRESS LIST ### p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no src-address-list=\
    site-specific
add action=mark-packet chain=postrouting comment="Game Server IPs (games) p2_interactive NO PASSTHROUGH" dst-address-list=games new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no
add action=mark-packet chain=prerouting comment="Game Server IPs (games) p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no src-address-list=games
add action=mark-packet chain=postrouting comment="RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=0-1M dst-port=3389,5900 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=0-1M in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=tcp src-port=3389,5900
add action=mark-packet chain=prerouting comment="RDP/VNC 0-1Mbps set at p2_interactive NO PASSTHROUGH" connection-rate=0-1M in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=tcp src-port=3389,5900
add action=mark-packet chain=postrouting comment="Steam (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=27000-28999 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Steam (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=udp src-port=27000-27015
add action=mark-packet chain=postrouting comment="Runes of Magic (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=21002,16401-16402,16502 new-packet-mark=\
    up_p2_interactive_wan out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Runes of Magic (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_wan passthrough=\
    no protocol=udp src-port=21002,16401-16402,16502
add action=mark-packet chain=postrouting comment="GunZ (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=7700-7800 new-packet-mark=up_p2_interactive_WAN1 out-interface=\
    WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="GunZ (games) 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=udp src-port=7700-7800
add action=mark-packet chain=prerouting comment="Trickster Online (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
    passthrough=no protocol=tcp src-port=10006,13339,22006
add action=mark-packet chain=postrouting comment="Trickster Online (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=10006,13339,22006 new-packet-mark=\
    up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="Battle.net (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=6112-6119 new-packet-mark=up_p2_interactive_WAN1 out-interface=\
    WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Battle.net (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=udp src-port=6112-6119
add action=mark-packet chain=postrouting comment="Warcraft 3 and WoW 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=6112-6119 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Warcraft 3 and WoW 0-512k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
    passthrough=no protocol=tcp src-port=6112-6119
add action=mark-packet chain=postrouting comment="World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=1119 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="World of Warcraft (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
    passthrough=no protocol=tcp src-port=1119
add action=mark-packet chain=prerouting comment="World of Warcraft (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
    passthrough=no protocol=tcp src-port=3724
add action=mark-packet chain=postrouting comment="World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=3724 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="EVE Online (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=\
    no protocol=tcp src-port=26000
add action=mark-packet chain=postrouting comment="EVE Online (games) 0-512k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=26000 new-packet-mark=up_p2_interactive_WAN1 out-interface=\
    WAN passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=1513 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=udp src-port=1513
add action=mark-packet chain=postrouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=7456 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=tcp src-port=7456
add action=mark-packet chain=postrouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=8687 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Garena 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=tcp src-port=8687
add action=mark-packet chain=postrouting comment="Lineage 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=2000,2003 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Lineage 0-128k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=tcp src-port=2000,2003
add action=mark-packet chain=postrouting comment="PlayStation Network (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=3478,3479,3658 new-packet-mark=\
    up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="PlayStation Network (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
    passthrough=no protocol=udp src-port=3478,3479,3658
add action=mark-packet chain=postrouting comment="PlayStation Network (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=5223 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="PlayStation Network (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
    passthrough=no protocol=tcp src-port=5223
add action=mark-packet chain=postrouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" dst-port=3074 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=3074
add action=mark-packet chain=postrouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" dst-port=3074 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Xbox Live (games) p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=3074
add action=mark-packet chain=postrouting comment="Guild Wars (games) 0-1024k up p2_interactive NO PASSTHROUGH" connection-rate=0-1024k dst-port=6112,6600 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Guild Wars (games) 0-2048k down p2_interactive NO PASSTHROUGH" connection-rate=0-2048k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
    passthrough=no protocol=tcp src-port=6112,6600
add action=mark-packet chain=postrouting comment="Company of Heroes (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=30260 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Company of Heroes (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
    passthrough=no protocol=udp src-port=30260
add action=mark-packet chain=postrouting comment="Heroes of Newerth (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=11235-11335 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Heroes of Newerth (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
    passthrough=no protocol=udp src-port=11235-11335
add action=mark-packet chain=postrouting comment="Heroes of Newerth (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=11031 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Heroes of Newerth (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
    passthrough=no protocol=tcp src-port=11031
add action=mark-packet chain=postrouting comment="AVA (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=28004 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="AVA (games) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=\
    tcp src-port=28004
add action=mark-packet chain=prerouting comment="World of Warcraft (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 \
    passthrough=no protocol=tcp src-port=3724
add action=mark-packet chain=postrouting comment="World of Warcraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=3724 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=5223,3074 new-packet-mark=up_p2_interactive_WAN1 out-interface=\
    WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=tcp src-port=5223,3074
add action=mark-packet chain=postrouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=2005,3074,3075 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Steam (codMW2) PS3 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=udp src-port=2005,3074,3075
add action=mark-packet chain=postrouting comment="Steam (codMW2) 0-64k down p2_interactive NO PASSTHROUGH" connection-rate=0-64k dst-port=1500,3005,3101,28960 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Steam (codMW2) 0-64k up p2_interactive NO PASSTHROUGH" connection-rate=0-64k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=udp src-port=1500,3005,3101,28960
add action=mark-packet chain=postrouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" dst-port=18390,18395,13505 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=\
    18390,18395,13505
add action=mark-packet chain=postrouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" dst-port=18395 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="BFBC2 (games) p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=udp src-port=18395
add action=mark-packet chain=postrouting comment="Requiem Online 0-256k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=7110,7230 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Requiem Online 0-256k (games) p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=tcp src-port=7230,7110
add action=mark-packet chain=postrouting comment="Crysis 2 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=64100 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Crysis 2 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp \
    src-port=64100
add action=mark-packet chain=prerouting comment="UT3 (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=udp src-port=7777,3783
add action=mark-packet chain=postrouting comment="UT3 (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=7777,3783 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=udp
add action=mark-packet chain=postrouting comment="Rift (games) 0-128k down p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=6520-6540 new-packet-mark=up_p2_interactive_WAN1 out-interface=\
    WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Rift (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=tcp src-port=6520-6540
add action=mark-packet chain=postrouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=4321,6660-6669,28900,29900,2901 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=\
    udp src-port=4321,6660-6669,28900,29900,2901
add action=mark-packet chain=postrouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=6515,6500,13139,27900 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Red Alert 3 (games) p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=\
    tcp src-port=6515,6500,13139,27900
add action=mark-packet chain=prerouting comment="Freelancer (games) 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=\
    no protocol=udp src-port=2302-2304
add action=mark-packet chain=postrouting comment="Freelancer (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=2302-2304 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="Minecraft (games) 0-512k down p2_interactive NO PASSTHROUGH" connection-rate=0-512k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=tcp src-port=25565
add action=mark-packet chain=postrouting comment="Minecraft (games) 0-128k up p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=25565 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=postrouting comment="SSH 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=22 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no \
    protocol=tcp
add action=mark-packet chain=prerouting comment="SSH 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp \
    src-port=22
add action=mark-packet chain=postrouting comment="ICQ p2_interactive NO PASSTHROUGH" dst-port=5190 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="ICQ p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=5190
add action=mark-packet chain=postrouting comment="MSN p2_interactive NO PASSTHROUGH" dst-port=1863 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="MSN p2_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp src-port=1863
add action=mark-packet chain=postrouting comment="NateON (Messenger) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=5004 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="NateON (Messenger) 0-128k p2_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=tcp src-port=5004
add action=mark-packet chain=postrouting comment="telnet 0-64k up p2_interactive NO PASSTHROUGH" connection-rate=0-64k dst-port=23 new-packet-mark=up_p2_interactive_WAN1 out-interface=WAN passthrough=no \
    protocol=tcp
add action=mark-packet chain=prerouting comment="telnet 0-64k down p2_interactive NO PASSTHROUGH" connection-rate=0-64k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no protocol=tcp \
    src-port=23
add action=mark-packet chain=postrouting comment="IPSEC-ESP - Set for p3_interactive with PASSTHROUGH" new-packet-mark=up_p3_interactive_WAN1 out-interface=WAN protocol=ipsec-esp
add action=mark-packet chain=prerouting comment="IPSEC-ESP - Set for p3_interactive with PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p3_interactive_WAN1 protocol=ipsec-esp
add action=mark-packet chain=postrouting comment="IPSEC-AH - Set for p3_interactive with PASSTHROUGH" new-packet-mark=up_p3_interactive_WAN1 out-interface=WAN protocol=ipsec-ah
add action=mark-packet chain=prerouting comment="IPSEC-AH - Set for p3_interactive with PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p3_interactive_WAN1 protocol=ipsec-ah
add action=mark-packet chain=postrouting comment="IPSEC NAT-Traversal p3_interactive NO PASSTHROUGH" dst-port=4500 new-packet-mark=up_p3_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="IPSEC NAT-Traversal p3_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p3_interactive_WAN1 passthrough=no protocol=udp src-port=4500
add action=mark-packet chain=postrouting comment="This will match Hulu and similar streams - p6_interactive NO PASSTHROUGH" dst-port=1935 new-packet-mark=up_p6_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="This will match Hulu and similar streams - p6_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p6_interactive_WAN1 passthrough=no protocol=\
    tcp src-port=1935
add action=mark-packet chain=postrouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" dst-port=554 new-packet-mark=up_p6_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p6_interactive_WAN1 passthrough=no protocol=\
    tcp src-port=554
add action=mark-packet chain=postrouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" dst-port=554 new-packet-mark=up_p6_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="RTSP (Real time streaming protocol) set at p6_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p6_interactive_WAN1 passthrough=no protocol=\
    udp src-port=554
add action=mark-packet chain=postrouting comment="Pop3 - Set at p4_interactive with NO PASSTHROUGH" dst-port=110 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Pop3 - Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=110
add action=mark-packet chain=postrouting comment="SMTP traffic will be p4_interactive by default NO PASSTHROUGH " dst-port=25 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no \
    protocol=tcp
add action=mark-packet chain=prerouting comment="SMTP traffic will be p4_interactive by default NO PASSTHROUGH " in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp \
    src-port=25
add action=mark-packet chain=postrouting comment="Secure SMTP - Set at p4_interactive with NO PASSTHROUGH" dst-port=465 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment="Secure SMTP - Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=465
add action=mark-packet chain=postrouting comment="Secure IMAP- Set at p4_interactive with NO PASSTHROUGH" dst-port=485 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Secure IMAP- Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=485
add action=mark-packet chain=postrouting comment="IMAP over SSL- Set at p4_interactive with NO PASSTHROUGH" dst-port=993 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment="IMAP over SSL- Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=993
add action=mark-packet chain=postrouting comment="IMAP - Set at p4_interactive with NO PASSTHROUGH" dst-port=143 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="IMAP - Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=143
add action=mark-packet chain=postrouting comment="POP3 over SSL- Set at p4_interactive with NO PASSTHROUGH" dst-port=995 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment="POP3 over SSL- Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=995
add action=mark-packet chain=postrouting comment="Subversion - Set at p4_interactive with NO PASSTHROUGH" dst-port=3690 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=prerouting comment="Subversion - Set at p4_interactive with NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=tcp src-port=3690
add action=mark-packet chain=postrouting comment="SNMP set at p4_interactive NO PASSTHROUGH" dst-port=161 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="SNMP set at p4_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=udp src-port=161
add action=mark-packet chain=postrouting comment="OpenVPN set at p4_interactive NO PASSTHROUGH" dst-port=1194 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="OpenVPN set at p4_interactive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no protocol=udp src-port=1194
add action=mark-packet chain=postrouting comment="Steam (login) 0-128k p4_interactive NO PASSTHROUGH" connection-rate=0-128k dst-port=27014-27050 new-packet-mark=up_p4_interactive_WAN1 out-interface=WAN \
    passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Steam (login) 0-128k p4_interactive NO PASSTHROUGH" connection-rate=0-128k in-interface=WAN new-packet-mark=dn_p4_interactive_WAN1 passthrough=no \
    protocol=tcp src-port=27014-27050
add action=mark-packet chain=postrouting comment="Steam (downloads) p2_noninteractive NO PASSTHROUGH" dst-port=27014-27050 new-packet-mark=up_p2_noninteractive_WAN1 out-interface=WAN passthrough=no \
    protocol=tcp
add action=mark-packet chain=prerouting comment="Steam (downloads) p2_noninteractive NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p2_noninteractive_WAN1 passthrough=no protocol=tcp src-port=\
    27014-27050
add action=mark-packet chain=postrouting comment="NNTP is set at p7_noninteractive, NO PASSTHROUGH" dst-port=119 new-packet-mark=up_p7_noninteractive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="NNTP is set at p7_noninteractive, NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p7_noninteractive_WAN1 passthrough=no protocol=tcp src-port=119
add action=mark-packet chain=postrouting comment="NNTP - Alt port p7_noninteractive, NO PASSTHROUGH" dst-port=433 new-packet-mark=up_p7_noninteractive_WAN1 out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="NNTP - Alt port p7_noninteractive, NO PASSTHROUGH" in-interface=WAN new-packet-mark=dn_p7_noninteractive_WAN1 passthrough=no protocol=tcp src-port=433
add action=mark-packet chain=prerouting comment="http download will be treated as dn_p3_interactive" in-interface=WAN new-packet-mark=dn_p3_interactive_WAN1 passthrough=no protocol=tcp src-port=\
    80,443,8080
add action=mark-packet chain=postrouting comment="http upload will be treated as up_p3_interactive" dst-port=80,443,8080 new-packet-mark=up_p3_interactive_WAN1 out-interface=WAN passthrough=no protocol=\
    tcp
add action=mark-packet chain=postrouting comment="War Thunder 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=3478-3480,20010-20500 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=udp
add action=mark-packet chain=prerouting comment="War Thunder 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=udp src-port=3478-3480,20010-20500
add action=mark-packet chain=postrouting comment="War Thunder 0-256k down p2_interactive NO PASSTHROUGH" connection-rate=0-256k dst-port=5222,7850-7854,7800-7802 new-packet-mark=up_p2_interactive_WAN1 \
    out-interface=WAN passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="War Thunder 0-256k up p2_interactive NO PASSTHROUGH" connection-rate=0-256k in-interface=WAN new-packet-mark=dn_p2_interactive_WAN1 passthrough=no \
    protocol=tcp src-port=5222,7850-7854,7800-7802
add action=log chain=notes comment="End QoS tree"
/ip firewall nat
add action=masquerade chain=srcnat src-address=172.16.0.0/24 to-addresses=0.0.0.0
add action=redirect chain=dstnat disabled=yes dst-address=!172.16.0.1-172.16.0.4 dst-port=80 protocol=tcp to-ports=8080
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set anonymous=yes cache-administrator="" cache-on-disk=yes cache-path=micro-sd max-fresh-time=3h parent-proxy=0.0.0.0 src-address=172.16.0.0
/ip service
set telnet disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=LAN type=internal
add interface=WAN type=external
/ipv6 address
add address=2606:a000:1128:a0a5:: eui-64=yes interface=LAN
/ipv6 dhcp-client
add add-default-route=yes interface=WAN pool-name=twc request=prefix
/ipv6 firewall filter
add chain=input connection-state=related
add chain=input connection-state=established
add chain=forward connection-state=established
add chain=input in-interface=LAN
add chain=forward connection-state=related
add chain=input dst-port=546 protocol=udp
add chain=input protocol=icmpv6
add chain=forward protocol=icmpv6
add chain=forward out-interface=WAN
add action=drop chain=input
add action=drop chain=forward
/ipv6 nd
set [ find default=yes ] advertise-dns=yes
/ipv6 nd prefix
add interface=LAN
/ipv6 nd prefix default
set preferred-lifetime=4h valid-lifetime=4h
/snmp
set contact=trekkie@nomorestars.com location="1722 Lambton Ave"
/system clock
set time-zone-autodetect=no time-zone-name=EST5EDT
/system identity
set name=galaxy
/system logging
add action=disk topics=error,warning
add topics=l2tp
add topics=ipsec
add topics=ovpn
/system ntp client
set enabled=yes primary-ntp=64.90.182.55 secondary-ntp=216.229.0.179
/system script
add name="upgrade script" owner=admin source="/system package update\
    \ncheck-for-updates\
    \n:delay 1s;\
    \n:if ( [get current-version] != [get latest-version]) do={ upgrade }"
/tool graphing interface
add
/tool romon port
add
/tool user-manager database
set db-path=user-manager1
 
User avatar
inteq
Member Candidate
Member Candidate
Posts: 208
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: RB493G Performance Issue

Sat Feb 13, 2016 7:38 am

Maybe try http://forum.mikrotik.com/viewtopic.php?f=2&t=104555
I had the same problem.
PS: There will come a day when we will be able to do 250 MBps but not just now.
 
Trekkie
newbie
Topic Author
Posts: 37
Joined: Thu Feb 07, 2013 1:48 am

Re: RB493G Performance Issue

Sat Feb 13, 2016 8:01 am

unfortunately for me, no windows in my configuration. The device doing the monitoring is a hardware device provided by the US FCC.

The other computers are IOS or Mac OS X, I've tested over ethernet and via the wifi hotspots (RB951s) plugged into.

I'm not expecting 250MB, but I'd like at least 150 or so, I used to be able to get 100 out of it easy.
 
Trekkie
newbie
Topic Author
Posts: 37
Joined: Thu Feb 07, 2013 1:48 am

Re: RB493G Performance Issue

Sat Feb 13, 2016 6:44 pm

I've stripped out all mangling, I've removed the queues, still no change in performance.

CPU utilization is now <4% and never goes any higher.

New export:
 feb/13/2016 11:44:13 by RouterOS 6.32.4
# software id = IKL0-U4G5
#
/interface bridge
add name=LAN
/interface ethernet
set [ find default-name=ether1 ] name=WAN rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether2 ] rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether3 ] rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether4 ] rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether6 ] rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether7 ] rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether8 ] rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether9 ] rx-flow-control=auto tx-flow-control=auto
/interface ethernet switch port
set 0 vlan-mode=disabled
set 1 vlan-mode=disabled
set 2 vlan-mode=disabled
set 3 vlan-mode=disabled
set 4 vlan-mode=disabled
set 5 vlan-mode=disabled
set 6 vlan-mode=disabled
set 7 vlan-mode=disabled
set 8 vlan-mode=disabled
set 9 vlan-mode=disabled
set 10 vlan-mode=disabled
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc
/ip pool
add name=dhcp ranges=172.16.0.50-172.16.254.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp authoritative=yes disabled=no interface=LAN lease-time=3d name=dhcp1
/ipv6 dhcp-server
add address-pool=twc disabled=no interface=LAN name=server1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=LAN interface=ether2
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=LAN interface=ether5
add bridge=LAN interface=ether6
add bridge=LAN interface=ether7
add bridge=LAN interface=ether8
add bridge=LAN interface=ether9
/ip address
add address=172.16.0.1/16 interface=LAN network=172.16.0.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=WAN use-peer-dns=no
/ip dhcp-server network
add address=172.16.0.0/16 dns-server=208.67.222.222,208.67.220.220 gateway=172.16.0.1 netmask=16 ntp-server=64.90.182.55,216.229.0.179
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip firewall address-list
add address=192.168.0.0/16 list=illegal-addr
add address=10.0.0.0/8 list=illegal-addr
add address=172.16.0.0/16 disabled=yes list=illegal-addr
add address=169.254.0.0/16 list=illegal-addr
add address=127.0.0.0/8 list=illegal-addr
add address=224.0.0.0/3 comment=multicast list=illegal-addr
add address=223.0.0.0/8 list=illegal-addr
add address=198.18.0.0/15 list=illegal-addr
add address=192.0.2.0/24 list=illegal-addr
add address=185.0.0.0/8 list=illegal-addr
add address=180.0.0.0/6 list=illegal-addr
add address=179.0.0.0/8 list=illegal-addr
add address=176.0.0.0/7 list=illegal-addr
add address=175.0.0.0/8 list=illegal-addr
add address=104.0.0.0/6 list=illegal-addr
add address=100.0.0.0/6 list=illegal-addr
add address=49.0.0.0/8 list=illegal-addr
add address=46.0.0.0/8 list=illegal-addr
add address=42.0.0.0/8 list=illegal-addr
add address=39.0.0.0/8 list=illegal-addr
add address=36.0.0.0/7 list=illegal-addr
add address=31.0.0.0/8 list=illegal-addr
add address=27.0.0.0/8 list=illegal-addr
add address=23.0.0.0/8 list=illegal-addr
add address=14.0.0.0/8 list=illegal-addr
add address=5.0.0.0/8 list=illegal-addr
add address=2.0.0.0/8 list=illegal-addr
add address=0.0.0.0/7 list=illegal-addr
add address=128.0.0.0/16 list=illegal-addr
add address=172.16.0.0/16 comment="my local network, all NATed" list=local-addr
/ip firewall filter
add action=drop chain=input comment="Drop Invalid Connections" connection-state=invalid
add chain=input comment="Allow Established Connections" connection-state=established
add chain=input comment="Allow ICMP" protocol=icmp
add chain=input in-interface=!WAN src-address=172.16.0.0/16
add action=drop chain=input comment="Drop Everything Else"
add chain=forward comment="Allow traffic between clients" in-interface=LAN out-interface=LAN
add action=jump chain=forward comment="Sanity Check Forward" jump-target=sanity-check
add action=jump chain=sanity-check comment="Deny illegal NAT traversal" jump-target=drop packet-mark=nat-traversal
add chain=input comment="Allow The Router to be visible via Neighbor Discovery to WinBox" dst-address=255.255.255.255 dst-port=5678 in-interface=LAN \
    protocol=udp
add action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d chain=sanity-check comment="Block port scans" protocol=tcp psd=\
    20,3s,3,1
add action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d chain=sanity-check comment="Block TCP Null scan" protocol=tcp \
    tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d chain=sanity-check comment="Block TCP Xmas scan" protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=jump chain=sanity-check jump-target=drop protocol=tcp src-address-list=blocked-addr
add action=jump chain=sanity-check comment="Drop TCP RST" jump-target=drop protocol=tcp tcp-flags=rst
add action=jump chain=sanity-check comment="Drop TCP SYN+FIN" jump-target=drop protocol=tcp tcp-flags=fin,syn
add action=jump chain=sanity-check comment="Dropping invalid connections at once" connection-state=invalid jump-target=drop
add chain=sanity-check comment="Accepting already established connections" connection-state=established
add chain=sanity-check comment="Also accepting related connections" connection-state=related
add action=jump chain=sanity-check comment="Drop all traffic that goes to multicast or broadcast addresses" dst-address-type=broadcast,multicast \
    jump-target=drop
add action=jump chain=sanity-check comment="Drop illegal destination addresses" dst-address-list=illegal-addr dst-address-type=!local in-interface=LAN \
    jump-target=drop
add action=jump chain=sanity-check comment="Drop everything that goes from local interface but not from local address" in-interface=LAN jump-target=drop \
    src-address-list=!local-addr
add action=jump chain=sanity-check comment="Drop all traffic that comes from multicast or broadcast addresses" jump-target=drop src-address-type=\
    broadcast,multicast
add chain=input comment="Allow local traffic (between router applications)" dst-address-type=local src-address-type=local
add action=jump chain=input comment="DHCP protocol would not pass sanity checking, so enabling it explicitly before other checks" dst-port=67 \
    in-interface=LAN jump-target=dhcp protocol=udp src-port=68
add action=jump chain=input comment="Sanity Check" jump-target=sanity-check
add action=jump chain=input comment="Dropping packets not destined to the router itself, including all broadcast traffic" dst-address-type=!local \
    jump-target=drop
add chain=input comment="Allow pings, but at a very limited rate (5 packets per sec)" icmp-options=8 limit=5,5 protocol=icmp
add action=jump chain=input comment="Allowing some services to be accessible from the local network" in-interface=LAN jump-target=local-services
add action=jump chain=input jump-target=drop
add chain=dhcp dst-address=255.255.255.255 src-address=0.0.0.0
add chain=dhcp dst-address-type=local src-address=0.0.0.0
add chain=dhcp dst-address-type=local src-address-list=local-addr
add chain=local-services comment="SSH (22/TCP)" dst-port=22 protocol=tcp
add chain=local-services comment=DNS dst-port=53 protocol=udp
add chain=local-services dst-port=53 protocol=tcp
add chain=local-services comment="HTTP Proxy (3128/TCP)" dst-port=3128 protocol=tcp
add chain=local-services comment="Winbox (8291/TCP)" dst-port=8291 protocol=tcp
add chain=local-services comment=SNMP dst-port=161 protocol=udp
add chain=local-services comment=FTP dst-port=21 protocol=tcp
add chain=local-services comment=NTP dst-port=123 protocol=udp
add chain=local-services comment="Neighbor discovery" dst-port=5678 protocol=udp
add action=log chain=local-services comment="Temporary Logging to check for things we should not drop"
add action=drop chain=local-services disabled=yes
add chain=public-services comment="SSH (22/TCP)" dst-port=22 protocol=tcp
add chain=public-services comment="PPTP (1723/TCP)" dst-port=1723 protocol=tcp
add chain=public-services comment="Winbox (8291/TCP)" dst-port=8291 protocol=tcp
add chain=public-services comment="GRE for PPTP" protocol=gre
add action=log chain=public-services comment="Temporary Logging to check for things we should not drop"
add action=drop chain=public-services disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN src-address=172.16.0.0/16 to-addresses=0.0.0.0
add action=redirect chain=dstnat disabled=yes dst-address=!172.16.0.1-172.16.0.4 dst-port=80 protocol=tcp to-ports=8080
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set anonymous=yes cache-administrator="" cache-on-disk=yes cache-path=micro-sd max-fresh-time=3h parent-proxy=0.0.0.0 src-address=172.16.0.0
/ip service
set telnet disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=LAN type=internal
add interface=WAN type=external
/ipv6 dhcp-client
add add-default-route=yes interface=WAN pool-name=twc
/ipv6 firewall filter
add chain=input connection-state=related
add chain=input connection-state=established
add chain=forward connection-state=established
add chain=input in-interface=LAN
add chain=forward connection-state=related
add chain=input dst-port=546 protocol=udp
add chain=input protocol=icmpv6
add chain=forward protocol=icmpv6
add chain=forward out-interface=WAN
add action=drop chain=input
add action=drop chain=forward
/ipv6 nd
set [ find default=yes ] advertise-dns=yes
/ipv6 nd prefix
add interface=LAN
/ipv6 nd prefix default
set preferred-lifetime=4h valid-lifetime=4h
/system clock
set time-zone-autodetect=no time-zone-name=EST5EDT
/system identity
set name=galaxy
/system ntp client
set enabled=yes primary-ntp=64.90.182.55 secondary-ntp=216.229.0.179
/system package update
set channel=bugfix
/system script
add name="upgrade script" owner=admin source=\
    "/system package update\
    \ncheck-for-updates\
    \n:delay 1s;\
    \n:if ( [get current-version] != [get latest-version]) do={ upgrade }"
/tool bandwidth-server
set enabled=no
/tool romon port
add
/tool user-manager database
set db-path=user-manager1
 
User avatar
inteq
Member Candidate
Member Candidate
Posts: 208
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: RB493G Performance Issue

Sun Feb 14, 2016 2:19 am

I am sorry i cannot help you with your specific problem, but just a friendly reminder MBps is not Mbps.
Getting those two mixed can get confusing.

Who is online

Users browsing this forum: jprietove, marypoppins and 133 guests