Community discussions

 
User avatar
ashish
Long time Member
Long time Member
Topic Author
Posts: 550
Joined: Mon Feb 12, 2007 5:50 am
Location: Virginia, USA.

Mikrotik in Corporate environment - Firewall-BM

Tue Oct 16, 2007 3:29 pm

we have more than 1000 user in my company, 10 different network I have installed MT and everything is working fine, But need something extra in that.

Equal Bandwidth to every one using PCQ = 64k/64k

1. I want to create one group <Some IPs from Different Network> and want to give high bandwidth 256k/256k (To Managers and Higher Position).

2. I need Complete firewall system to stop Virus atteck. Or Some external firewall.

3. I want to filter websites with group. I.e - > for X group some websites filter, for Y group some websites including X and for other group all filtered websites - I have configured Web-Proxy for websites Blocking.

In short need complete firewall with bandwidth management....I know that MT can do all this but i am little confused with the configuration
- AP - ASHISH PATEL - 757 309 0236 -
 
User avatar
karo84
Member Candidate
Member Candidate
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

Re: Mikrotik in Corporate environment - Firewall-BM

Wed Oct 17, 2007 6:17 pm

Hi
You May create Queue Types (PCQ) For Download And For Upload
For download and Upload Limiting Per IP You must Do
/ queue type
add name="PCQ-Download 64k" kind=pcq pcq-rate=64000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
add name="PCQ-Upload 64k" kind=pcq pcq-rate=64000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
Then Mark that packets and add queue tree
Use Your Mark
/ip firewall mangle
add chain=prerouting dst-address=172.25.8.0/22 action=mark-packet new-packet-mark=25081 passthrough=no comment="" disabled=no 
add chain=prerouting src-address=172.25.8.0/22 action=mark-packet new-packet-mark=2508 passthrough=no comment="" disabled=no
choose queue type PCQ For Download choos parent global-out and for Upload choose parent global-in
/queue tree
add name="queue1" parent=global-in packet-mark=2508 limit-at=0 queue="PCQ-Upload 64k" priority=3 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s \
add name="queue2" parent=global-out packet-mark=25081 limit-at=0 queue="PCQ-Download 64k" priority=3 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s \
So You can give each of 172.25.8.0/22 network 64k/64k equally

With Regards
Karo Aznavuryan
 
User avatar
ashish
Long time Member
Long time Member
Topic Author
Posts: 550
Joined: Mon Feb 12, 2007 5:50 am
Location: Virginia, USA.

Re: Mikrotik in Corporate environment - Firewall-BM

Thu Oct 18, 2007 5:57 am

Thank you,
but the configuration is running on my mikrotik...i need something else...and it is written..
Thanks again
- AP - ASHISH PATEL - 757 309 0236 -

Who is online

Users browsing this forum: No registered users and 125 guests