Page 1 of 1

LIMITTING NATed packets traffic

Posted: Fri Sep 07, 2007 2:33 pm
by karo84
Hi every one,
I want to know if enyone could help me to Limit Nated Traffic from my users' Network.
I give each of my users 512kb/512kb
Sometimes its connections number become very larg. I can only Serve home users, please help me to solve this great problem.

Re: LIMITTING NATed packets traffic

Posted: Fri Sep 07, 2007 3:06 pm
by sergejs
How much traffic is given on this link ?
How many users are using this ?
Probably you may try with PCQ to divide traffic available between all users equally

Re: LIMITTING NATed packets traffic

Posted: Fri Sep 07, 2007 3:13 pm
by karo84
Thanks For Reply
But I have already done that setup
I have Queue Tree with PCQ Type
And I give my users equally traffic but I want my users don't use NAT Can You help me ???

Re: LIMITTING NATed packets traffic

Posted: Fri Sep 07, 2007 3:41 pm
by sergejs
I do not know what kind of NAT rule is used now, specify subnet for masquerade rule or add action=accept for the specific src-address before NAT rule to exclude them.
Make sure that this client uses routeable IP address, that is reached over the world.
But it will not help you, if you link is congested, you need to improve QoS settings then (or increase capacity of the link, if it is not enough).

Re: LIMITTING NATed packets traffic

Posted: Fri Sep 07, 2007 3:57 pm
by karo84
Thanks For Attention


So I have such setup for my Router
/ ip firewall nat
add chain=srcnat src-address=172.16.0.0/12 action=masquerade comment="" disabled=no
User whos VPN IP Adress is 172.17.8.25 is using NAT for his purpose On his side, on his own router but we havn't any agrees to give User to use internet and nat it for others

Can I have some firewall rules to limit or to Drop the packet that are Nated by my User who Had not do such things



With Regards K. Aznavuryan

Re: LIMITTING NATed packets traffic

Posted: Fri Sep 07, 2007 4:30 pm
by fatonk
To avoid your clients to use NAT, you can try setting TTL to the value that will expire meaning reach value of 0 after the host IP, this means that after your host nothing will work.

Regards.

Faton

Re: LIMITTING NATed packets traffic

Posted: Fri Sep 07, 2007 4:42 pm
by karo84
Thanks To All Very Much
I'll try and tell you the result of my experiments :lol:

Re: LIMITTING NATed packets traffic

Posted: Fri Sep 07, 2007 6:35 pm
by karo84
Faton Thanks for advise
I tried But there was no result
Look at my experiment's result



when I set the TTL to 64 or smaller to 8 I see
C:\Documents and Settings\Karo>tracert www.mikrotik.com

Tracing route to mikrotik.com [12.22.39.145]
over a maximum of 30 hops:

  1   487 ms   492 ms   485 ms  a039145.colo.fsr.net [12.22.39.145]

Trace complete.

C:\Documents and Settings\Karo>

But when TTL is smaller than 11 I receive reply from the 11-th hop or if TTL is 3 I receive reply from 3-rd hop
At all this time my TCP connections were working very well, I didn't see any difference.
Some Advise or something else?????????

Re: LIMITTING NATed packets traffic

Posted: Sat Sep 08, 2007 4:36 pm
by fatonk
just adjust ttl in your access router, set ttl in mangle and decrement it to 2 so this means that if you receive a packet with ttl 30 it will decrement it to 2 than next hop will be 1 (your client) and after that it will expire.

Regards.

Faton

P.S. I have done it and it works.

Re: LIMITTING NATed packets traffic

Posted: Sat Sep 08, 2007 4:43 pm
by karo84
Thanks Very Much