Community discussions

 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

LIMITTING NATed packets traffic

Fri Sep 07, 2007 2:33 pm

Hi every one,
I want to know if enyone could help me to Limit Nated Traffic from my users' Network.
I give each of my users 512kb/512kb
Sometimes its connections number become very larg. I can only Serve home users, please help me to solve this great problem.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6616
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: LIMITTING NATed packets traffic

Fri Sep 07, 2007 3:06 pm

How much traffic is given on this link ?
How many users are using this ?
Probably you may try with PCQ to divide traffic available between all users equally
 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

Re: LIMITTING NATed packets traffic

Fri Sep 07, 2007 3:13 pm

Thanks For Reply
But I have already done that setup
I have Queue Tree with PCQ Type
And I give my users equally traffic but I want my users don't use NAT Can You help me ???
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6616
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: LIMITTING NATed packets traffic

Fri Sep 07, 2007 3:41 pm

I do not know what kind of NAT rule is used now, specify subnet for masquerade rule or add action=accept for the specific src-address before NAT rule to exclude them.
Make sure that this client uses routeable IP address, that is reached over the world.
But it will not help you, if you link is congested, you need to improve QoS settings then (or increase capacity of the link, if it is not enough).
 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

Re: LIMITTING NATed packets traffic

Fri Sep 07, 2007 3:57 pm

Thanks For Attention


So I have such setup for my Router
/ ip firewall nat
add chain=srcnat src-address=172.16.0.0/12 action=masquerade comment="" disabled=no
User whos VPN IP Adress is 172.17.8.25 is using NAT for his purpose On his side, on his own router but we havn't any agrees to give User to use internet and nat it for others

Can I have some firewall rules to limit or to Drop the packet that are Nated by my User who Had not do such things



With Regards K. Aznavuryan
 
User avatar
fatonk
Member
Member
Posts: 439
Joined: Tue Feb 22, 2005 11:06 am
Location: Mitrovica/Kosova

Re: LIMITTING NATed packets traffic

Fri Sep 07, 2007 4:30 pm

To avoid your clients to use NAT, you can try setting TTL to the value that will expire meaning reach value of 0 after the host IP, this means that after your host nothing will work.

Regards.

Faton
 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

Re: LIMITTING NATed packets traffic

Fri Sep 07, 2007 4:42 pm

Thanks To All Very Much
I'll try and tell you the result of my experiments :lol:
 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

Re: LIMITTING NATed packets traffic

Fri Sep 07, 2007 6:35 pm

Faton Thanks for advise
I tried But there was no result
Look at my experiment's result



when I set the TTL to 64 or smaller to 8 I see
C:\Documents and Settings\Karo>tracert www.mikrotik.com

Tracing route to mikrotik.com [12.22.39.145]
over a maximum of 30 hops:

  1   487 ms   492 ms   485 ms  a039145.colo.fsr.net [12.22.39.145]

Trace complete.

C:\Documents and Settings\Karo>

But when TTL is smaller than 11 I receive reply from the 11-th hop or if TTL is 3 I receive reply from 3-rd hop
At all this time my TCP connections were working very well, I didn't see any difference.
Some Advise or something else?????????
 
User avatar
fatonk
Member
Member
Posts: 439
Joined: Tue Feb 22, 2005 11:06 am
Location: Mitrovica/Kosova

Re: LIMITTING NATed packets traffic

Sat Sep 08, 2007 4:36 pm

just adjust ttl in your access router, set ttl in mangle and decrement it to 2 so this means that if you receive a packet with ttl 30 it will decrement it to 2 than next hop will be 1 (your client) and after that it will expire.

Regards.

Faton

P.S. I have done it and it works.
 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

Re: LIMITTING NATed packets traffic

Sat Sep 08, 2007 4:43 pm

Thanks Very Much

Who is online

Users browsing this forum: Google [Bot] and 109 guests