Community discussions

MikroTik App
 
compgeeks
just joined
Topic Author
Posts: 13
Joined: Tue Jul 27, 2004 11:39 pm

Bandwidth limiting...need some good examples

Thu May 04, 2006 6:01 pm

I just upgraded some Mikrotiks to 2.9.23 that are covering an apartment complex. Does anyone have some good firewall and bandwidth limiting examples that they want to share. The rules in the docs are very basic. I assume that I also need to limit connections per client? If there is some information out there I can use with my Mikrotik, I would greatly appreciate it.

Thanks,
Steve
 
dfwair
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Wed Dec 29, 2004 11:24 pm
Location: Dallas, TX
Contact:

Fri May 05, 2006 6:26 pm

Are you using RADIUS to authenticate clients and PPPoE? You can set the bandwidth limiting preferences through the RADIUS controls. If they are static, a simple queue per user will suffice.

As far as firewalling goes, it is going to be best to firewall the whole box. I am not sure how to do dynamic firewall rules on PPPoE, or if it is even possible. This could be tested with the ascend packet in/out filters, but the question still is will it work at all? Anybody else have an answer for this?

Some basic rules can be created for your firewall if you want to give an example of what all you are trying to block inbound. Outbound filters are very similar, but include what you are looking for.

The bottom line is that the question is too vague.
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 700
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Fri May 05, 2006 6:45 pm

 
User avatar
fatonk
Member
Member
Posts: 438
Joined: Tue Feb 22, 2005 11:06 am
Location: Mitrovica/Kosova

Sat May 06, 2006 10:16 am

does all clients have the same bandwitdh capacity UP and DOWN.

regards

faton
 
compgeeks
just joined
Topic Author
Posts: 13
Joined: Tue Jul 27, 2004 11:39 pm

Tue May 09, 2006 8:53 pm

The network is pretty open. I'm allowing all access but I wanted to limit download speed per user to about 512Kand upload to about 128K. Then within that, limit P2P traffic to 64k up and down, and also block numerous connection to limit virus/spyware activity. Any suggestions on this specifically?

Thanks,

Steve
 
rz8168
newbie
Posts: 43
Joined: Tue Jun 01, 2004 2:10 pm

Tue May 09, 2006 10:01 pm

I'm trying to set up like what you are requesting but unfortunately, no success. And as far as I know, no one has done that. I'm trying to set up PCQ 1.5Mbps/256Kbps per connection and within that, limit P2P down to 128K/128K.
 
rz8168
newbie
Posts: 43
Joined: Tue Jun 01, 2004 2:10 pm

Tue May 09, 2006 10:15 pm

oh by the way, if you want to just limit per connection to 512Kb/128Kb, you can use simple queue or queue tree.

Add two PCQ queue type
download-limit 512K
upload-limit 128K

In simple queue, add target-address subnet (your client ip subnet say 123.123.123.0/24), setup Upload Limit queue type to "upload-limit" and Download-Limit queue type to "download-limit".

Now your client is limited.

As for viruses, use filter to drop the viruses.

queue tree, you'll need to mangle your packets but for simple queue, all you need is ip address subnet.
 
rz8168
newbie
Posts: 43
Joined: Tue Jun 01, 2004 2:10 pm

Tue May 09, 2006 10:25 pm

Here's the config from my firewall. I substituted the real ips with 123.123.x.x. This config will limit each IP to 1600K/256K on an DS3 pipe.
[sysadmin@LAX-Firewall] queue simple> pr
Flags: X - disabled, I - invalid, D - dynamic
0 name="Global Traffic" target-addresses=123.123.121.0/24,123.123.122.0/24,123.123.123.0/24,123.123.127.0/24,123.123.128.0/24 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=5 limit-at=0/0 max-limit=35000000/35000000 total-queue=default

1 name="Management" target-addresses=123.123.128.0/24 dst-address=0.0.0.0/0 interface=all parent=Global Traffic direction=both priority=1 queue=default/default limit-at=0/0 max-limit=0/0 total-queue=default

2 name="Tenants" dst-address=0.0.0.0/0 interface=all parent=Global Traffic direction=both priority=8 queue=outbound-limit/inbound-limit limit-at=0/0 max-limit=0/0 total-queue=default

[sysadmin@LAX-Firewall] queue type> pr
0 name="inbound-limit" kind=pcq pcq-rate=1600000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000

1 name="outbound-limit" kind=pcq pcq-rate=256000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
 
onowojemma
Member Candidate
Member Candidate
Posts: 129
Joined: Sun Sep 11, 2005 5:27 pm
Location: Nigeria

Tue May 23, 2006 9:51 pm

I need some help before now my network was very bad untill us use the config below it work but there are some site that don't just work and are not able to sign in to http://www.mail.yahoo.com hotmail .com gmail.com and yahoo messenger when i increase the pcq rate thelink will be slow and can't even open a webpage
/ queue type

add name="pcq-download" kind=pcq pcq-rate=64000 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000
add name="pcq-upload" kind=pcq pcq-rate=34000 pcq-limit=50 \
pcq-classifier=src-address pcq-total-limit=2000
add name="default-small" kind=pfifo pfifo-limit=10
/ queue tree
add name="Upload" parent=internet packet-mark=users limit-at=0 \
queue=pcq-upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="Download" parent=dhcp packet-mark=users limit-at=0 \
queue=pcq-download priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
[admin@SCPC] queue>
 
cibernet
Long time Member
Long time Member
Posts: 610
Joined: Fri Jan 28, 2005 7:22 pm
Location: Marcos Juárez, Córdoba, Argentina
Contact:

Wed May 24, 2006 1:17 am

I need some help before now my network was very bad untill us use the config below it work but there are some site that don't just work and are not able to sign in to http://www.mail.yahoo.com hotmail .com gmail.com and yahoo messenger when i increase the pcq rate thelink will be slow and can't even open a webpage
/ queue type

add name="pcq-download" kind=pcq pcq-rate=64000 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000
add name="pcq-upload" kind=pcq pcq-rate=34000 pcq-limit=50 \
pcq-classifier=src-address pcq-total-limit=2000
add name="default-small" kind=pfifo pfifo-limit=10
/ queue tree
add name="Upload" parent=internet packet-mark=users limit-at=0 \
queue=pcq-upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="Download" parent=dhcp packet-mark=users limit-at=0 \
queue=pcq-download priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
[admin@SCPC] queue>
Don´t post the same more than one time please...

Who is online

Users browsing this forum: flapviv, Google [Bot], massinia and 90 guests