Community discussions

 
ljguerci
just joined
Topic Author
Posts: 3
Joined: Wed Feb 06, 2019 3:03 am

[RB951G-2HnD] 300Mbps Internet bottleneck

Wed Feb 06, 2019 3:26 am

Hi, first time round here.

Today I've upgraded my internet connection from 100/8 to 300/10 Mbps and for my surprise, my router can't seem to handle it.

Here is the configuration of the router:
# feb/05/2019 21:13:41 by RouterOS 6.43.8
# software id = NJEQ-QH3R
#
# model = 951G-2HnD
# serial number = xxxxxxxxxxxxx
/interface bridge
add fast-forward=no name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto \
    mode=ap-bridge ssid=WifiSSID wps-mode=push-button-virtual-only
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=\
    WifiPassword
/ip pool
add name=dhcp_pool1 ranges=192.168.0.120-192.168.0.199
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
    interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 hw=no interface=ether2
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 hw=no interface=ether4
add bridge=bridge1 hw=no interface=ether5
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.0.1/24 interface=bridge1 network=192.168.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1,8.8.8.8 gateway=192.168.0.1
/ip firewall filter
add action=drop chain=input comment="Drop Invalid connections" \
    connection-state=invalid
add action=accept chain=input comment="Allow ICMP" protocol=icmp
add action=accept chain=input comment="Allow SSH" dst-port=60000 protocol=tcp
add action=accept chain=input comment="Allow winbox connections" dst-port=\
    8291 protocol=tcp
add action=accept chain=input comment="Allow Established connections" \
    connection-state=established
add action=drop chain=input comment="Drop anything else" log-prefix=drop_
/ip firewall nat
add action=masquerade chain=srcnat comment="Nat General" log-prefix=nat_ \
    out-interface=ether1 src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment="Nat General" log-prefix=nat_ \
    out-interface=ether1 src-address=192.168.1.0/24
/ip firewall service-port
set irc disabled=yes
set h323 disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes port=2121
set www disabled=yes
set ssh port=60000
set api disabled=yes
set api-ssl disabled=yes

This prints are with the PC connected directly to the modem

Image

Image


And these ones with the router in the middle:

Image

Image

Am I doing something wrong? is this router really not capable of 300mbps?

Something that I found extrange to me is that I can actually copy a file from one PC to another and get a 1 gigabit transfer without any problems, but still can't from the modem.
 
Pea
Member Candidate
Member Candidate
Posts: 166
Joined: Fri Jul 17, 2015 11:07 pm
Location: Czech

Re: [RB951G-2HnD] 300Mbps Internet bottleneck

Wed Feb 06, 2019 8:21 am

1. Do not open SSH and Winbox to wild internet (use e.g. address list, VPN, port knock)
2. Use Fast track for better throughput https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
3. Consider router upgrade
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 23797
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: [RB951G-2HnD] 300Mbps Internet bottleneck

Wed Feb 06, 2019 11:01 am

Is this over ethernet or wireless ?
Yes, fasttrack should help a lot.
No answer to your question? How to write posts
 
ljguerci
just joined
Topic Author
Posts: 3
Joined: Wed Feb 06, 2019 3:03 am

Re: [RB951G-2HnD] 300Mbps Internet bottleneck

Wed Feb 06, 2019 11:59 am

1. Do not open SSH and Winbox to wild internet (use e.g. address list, VPN, port knock)
2. Use Fast track for better throughput https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
3. Consider router upgrade
Thanks a lot for the security advice. I've used this commands of the wiki link:
/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related
/ip firewall filter add chain=forward action=accept connection-state=established,related
Now everything works as expected:

Image

Now i have some questions:
1) I see that if fasttrack is enabled the traffic evades every check including firewall, does this means a internet security issue?
2) In case of upgrade, wich router should i go for? a 4011 will be fine?
 
baragoon
Member Candidate
Member Candidate
Posts: 112
Joined: Thu Jan 05, 2017 10:38 am
Location: Kyiv, UA

Re: [RB951G-2HnD] 300Mbps Internet bottleneck

Wed Feb 06, 2019 12:05 pm

2) In case of upgrade, wich router should i go for? a 4011 will be fine?
any requirements?
 
mkx
Forum Guru
Forum Guru
Posts: 1621
Joined: Thu Mar 03, 2016 10:23 pm

Re: [RB951G-2HnD] 300Mbps Internet bottleneck

Wed Feb 06, 2019 12:20 pm

1) I see that if fasttrack is enabled the traffic evades every check including firewall, does this means a internet security issue?

Not all traffic evades firewall, only traffic with configured connection state, which is "established" and "related". New connections won't match the fast-track rule and will be checked against all the regular rules. Only after the connection passes on to "established" (for TCP connection this could mean finished exchange of SYN, SYNACK, ACK packets), it'll get fast-tracked. The second rule (same criteria but with action=accept) is necessary as fast-tracked connection gets "normal-tracked" from time to time ... to make sure connection states are properly maintained (or something like that as per rumours).

2) In case of upgrade, wich router should i go for? a 4011 will be fine?

A nice step between your current RB951G and mentioned RB4011 would be RBD52G (hAP ac²). With a very friendly price tag.
BR,
Metod
 
ljguerci
just joined
Topic Author
Posts: 3
Joined: Wed Feb 06, 2019 3:03 am

Re: [RB951G-2HnD] 300Mbps Internet bottleneck

Fri Feb 08, 2019 9:52 pm

I'm thinking on future-proof. I work for the biggest ISP in my country, so I have very cheap high speed connections. I'm also into streaming and I have a hp dl380 server that will probably be followed of more servers and a big redundant storage as I want to make some startup projects. Even when it is for my home, I guess it'll be a good purchase and will last for many years. Am I right?

Who is online

Users browsing this forum: krafg and 32 guests