Page 1 of 1

UNKNOWN BANDWIDTH

Posted: Mon Jul 15, 2013 1:53 pm
by rini
Hello.
the past three days i see in my RB1100AHx2 an unknown bandwidth in upload.
ether10 is my input interface. I have 4 interface for my customers with pppoe server. For authentication a radius manager in ether8.

look at the pic.

where is this "traffic" coming from ???? I cant open my routerboard in winbox where the cpu is 70%.
ISP problem ???

Re: UNKNOWN BANDWIDTH

Posted: Mon Jul 15, 2013 1:57 pm
by tomaskir
How is your input firewall chain looking like? Post "/ip firewall filter export compact"

Someone is probably using your router as a web/dns proxy.

Re: UNKNOWN BANDWIDTH

Posted: Mon Jul 15, 2013 2:14 pm
by rini
How is your input firewall chain looking like? Post "/ip firewall filter export compact"

Someone is probably using your router as a web/dns proxy.

/export compact
# jul/15/2013 13:20:07 by RouterOS 6.1
# software id =
/interface pppoe-client
add disabled=no interface=ether10 name=PPPOE-CLIENT password=XXXX user=\
YYY
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=pppoe ranges=10.10.0.2-10.10.1.254
/port
set 0 name=serial0
set 1 name=serial1
/interface pppoe-server server
add authentication=pap default-profile=pppoe disabled=no interface=ether6 \
one-session-per-host=yes
add authentication=pap default-profile=pppoe disabled=no interface=\
ether2 one-session-per-host=yes
add authentication=pap default-profile=pppoe disabled=no interface=ether4 \
one-session-per-host=yes
add authentication=pap default-profile=pppoe disabled=no interface=ether5 \
one-session-per-host=yes
/interface pptp-server server
set enabled=yes
/ip address
add address=10.3.3.1/24 interface=ether8 network=10.3.3.0
/ip dns
set allow-remote-requests=yes servers=X.X.X.X,Y.Y.Y.Y
/ip firewall nat
add action=masquerade chain=srcnat src-address=10.10.0.0/16
add action=masquerade chain=srcnat src-address=10.3.3.10
/ip route
add distance=1 gateway=XXX.XXX.XXX.XXX
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes

/radius
add address=10.3.3.10 secret=XXX service=ppp
/radius incoming
set accept=yes port=1700
/system clock
set time-zone-name=Europe
/system identity
set name=RouterOS
/system logging
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
add disabled=yes topics=pppoe
/system ntp client
set enabled=yes mode=unicast primary-ntp=37.247.48.64 secondary-ntp=2.228.72.62
/system routerboard settings
set cpu-frequency=1333MHz
/tool graphing interface
add interface=PPPOE-CLIENT

Re: UNKNOWN BANDWIDTH

Posted: Mon Jul 15, 2013 5:45 pm
by tomaskir
There is the answer, you dont have any firewall at all.
Since you have "/ip dns set allow-remote-requests=yes" someone is using your router as a DNS proxy.

Secure your router in the firewall input chain.

Re: UNKNOWN BANDWIDTH

Posted: Tue Jul 16, 2013 12:10 am
by rini
There is the answer, you dont have any firewall at all.
Since you have "/ip dns set allow-remote-requests=yes" someone is using your router as a DNS proxy.

Secure your router in the firewall input chain.

can you post the configuration???
or a example ??

Re: UNKNOWN BANDWIDTH

Posted: Tue Jul 16, 2013 12:15 am
by rini
There is the answer, you dont have any firewall at all.
Since you have "/ip dns set allow-remote-requests=yes" someone is using your router as a DNS proxy.

Secure your router in the firewall input chain.

can you post the configuration???
or a example ??

thank you. i follow this topic and the traffic is no more. http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
protect your router