Community discussions

MikroTik App
 
Ataraxia
just joined
Topic Author
Posts: 9
Joined: Tue Feb 04, 2025 4:59 pm

Very slow download speed - Please help!

Tue Feb 04, 2025 5:06 pm

Hi, I am experiencing extremely slow upload speeds (3-4 MB per sec, to the 800-1GB I should be having) and I wonder if it's because my router has a poor config.

I have the default configuration and any change made it was randomly trying to solve this issue. I'm very far from an expert so I most likely wont be able to answer technical questions about it, I'm just a normal user at the moment.
I was hoping that some of the more experienced people could help me solve my issue, or provide some insight. I'd rather not have to put back the default router my IPS offered to me as it was giving me other issues.

I've searched how to print the config and this has been the result. Thanks in advance :)
Config:
# 2025-02-04 14:54:21 by RouterOS 7.17.1
# software id = GFWJ-36SH
#
# model = C52iG-5HaxD2HaxD
# serial number = <edited>
/interface bridge
add admin-mac=48:A9:8A:D6:D0:F4 auto-mac=no comment=defconf name=bridge \
    port-cost-mode=short
/interface wifi
set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \
    configuration.country=Spain .mode=ap .ssid=MikroTik-D6D0F9-5G disabled=no \
    security.authentication-types=wpa2-psk,wpa3-psk
set [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac \
    configuration.country=Spain .mode=ap .ssid=MikroTik-D6D0F9 disabled=no \
    security.authentication-types=wpa2-psk,wpa3-psk
/interface vlan
add interface=ether1 name=vlan20-digi vlan-id=20
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan20-digi name=\
    digi-internet use-peer-dns=yes user=387715640@digi
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=10m name=defconf
/ip smb users
set [ find default=yes ] disabled=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=wifi1 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=wifi2 internal-path-cost=10 \
    path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=digi-internet list=WAN
/interface ovpn-server server
add mac-address=FE:D5:F5:B1:BC:A7 name=ovpn-server1
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=change-mss chain=forward comment=\
    "Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu protocol=\
    tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu protocol=tcp \
    tcp-flags=syn
add action=change-mss chain=forward comment=\
    "Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu protocol=\
    tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu protocol=tcp \
    tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip smb shares
set [ find default=yes ] directory=/pub
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=yes down-script="" host=8.8.8.8 http-codes="" interval=10s \
    test-script="" type=simple up-script=""
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13266
Joined: Thu Mar 03, 2016 10:23 pm

Re: Very slow download speed - Please help!

Tue Feb 04, 2025 5:29 pm

Mangle rules and fasttrack don't cooperate. So disable the fasttrack rule in firewall filter.
 
Ataraxia
just joined
Topic Author
Posts: 9
Joined: Tue Feb 04, 2025 4:59 pm

Re: Very slow download speed - Please help!

Tue Feb 04, 2025 5:52 pm

I think I've done as you say and now both speeds (download and upload) are slower (500MBps download and 1MBps upload), or at least there is no change.

This is the new config:
# 2025-02-04 15:48:07 by RouterOS 7.17.1
# software id = GFWJ-36SH
#
# model = C52iG-5HaxD2HaxD
# serial number = HEH08KF5KKZ
/interface bridge
add admin-mac=48:A9:8A:D6:D0:F4 auto-mac=no comment=defconf name=bridge \
    port-cost-mode=short
/interface wifi
set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \
    configuration.country=Spain .mode=ap .ssid=MikroTik-D6D0F9-5G disabled=no \
    security.authentication-types=wpa2-psk,wpa3-psk
set [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac \
    configuration.country=Spain .mode=ap .ssid=MikroTik-D6D0F9 disabled=no \
    security.authentication-types=wpa2-psk,wpa3-psk
/interface vlan
add interface=ether1 name=vlan20-digi vlan-id=20
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan20-digi name=\
    digi-internet use-peer-dns=yes user=387715640@digi
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=10m name=defconf
/ip smb users
set [ find default=yes ] disabled=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=wifi1 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=wifi2 internal-path-cost=10 \
    path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=digi-internet list=WAN
/interface ovpn-server server
add mac-address=FE:D5:F5:B1:BC:A7 name=ovpn-server1
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=change-mss chain=forward comment=\
    "Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu protocol=\
    tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu protocol=tcp \
    tcp-flags=syn
add action=change-mss chain=forward comment=\
    "Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu protocol=\
    tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu protocol=tcp \
    tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip smb shares
set [ find default=yes ] directory=/pub
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=yes down-script="" host=8.8.8.8 http-codes="" interval=10s \
    test-script="" type=simple up-script=""
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13266
Joined: Thu Mar 03, 2016 10:23 pm

Re: Very slow download speed - Please help!

Tue Feb 04, 2025 6:13 pm

Disabling fasttrack can have "delayed effect", the existing connectiins are still fasttracked. It's best to reboot router to get things reset to (new) settings.

BTW, your router's test results indicate routing speed at around 900Mbps. But depending on actual configuration it can be much lower. Disabling fasttrack is one of those configs which does affect performance very much ...
 
Ataraxia
just joined
Topic Author
Posts: 9
Joined: Tue Feb 04, 2025 4:59 pm

Re: Very slow download speed - Please help!

Tue Feb 04, 2025 6:19 pm

I rebooted the router with no success even after a while. My ISP contract says my optic fiber should be symmetric, so I expect upload speeds much higher than 3/1000, even if there is a loss like the download speed.

Thanks for the advice in any case :)
 
holvoetn
Forum Guru
Forum Guru
Posts: 6973
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Very slow download speed - Please help!

Tue Feb 04, 2025 6:27 pm

Maybe best to start from scratch with default config and test.
Then make your changes (small steps) and test in between.
It should be obvious where the degradation happens. The last change is most likely your first place to look for then.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 22360
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Very slow download speed - Please help!

Tue Feb 04, 2025 6:55 pm

1. Remove this or disable it, you already are using pppoe as your ISP client interface.

/ip dhcp-client
add comment=defconf interface=ether1


2.What are these for????????? they are not attached to any interface???? If you dont know remove'......

/ip firewall mangle
add action=change-mss chain=forward comment=\
"Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu protocol=\
tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu protocol=tcp \
tcp-flags=syn
add action=change-mss chain=forward comment=\
"Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu protocol=\
tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu protocol=tcp \
tcp-flags=syn

3. With these changes report back on behaviour
 
Ataraxia
just joined
Topic Author
Posts: 9
Joined: Tue Feb 04, 2025 4:59 pm

Re: Very slow download speed - Please help!

Tue Feb 04, 2025 7:42 pm

I reset the config as advised and did it again until I got back a connection. Still having the same results in different speed tests.

Current config:
# 1970-01-02 00:36:11 by RouterOS 7.17.1
# software id = GFWJ-36SH
#
# model = C52iG-5HaxD2HaxD
# serial number = HEH08KF5KKZ
/interface bridge
add admin-mac=48:A9:8A:D6:D0:F4 auto-mac=no comment=defconf name=bridge
/interface wifi
set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \
    configuration.mode=ap .ssid=MikroTik-D6D0F8 disabled=no \
    security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
set [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac \
    configuration.mode=ap .ssid=MikroTik-D6D0F8 disabled=no \
    security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
/interface vlan
add interface=ether1 name=vlan1-Digi vlan-id=20
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan1-Digi name=\
    pppoe-out1-Digi use-peer-dns=yes user=387715640@digi
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi1
add bridge=bridge comment=defconf interface=wifi2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1-Digi list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
    dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Reply:
2.What are these for????????? they are not attached to any interface???? If you dont know remove'......

/ip firewall mangle
add action=change-mss chain=forward comment=\
"Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu protocol=\
tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu protocol=tcp \
tcp-flags=syn
add action=change-mss chain=forward comment=\
"Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu protocol=\
tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu protocol=tcp \
tcp-flags=syn
Those are from another post where someone said it solved their problem. But given I don't know anything I just put those in the terminal, I guess I really didn't do what I was supposed to.
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13266
Joined: Thu Mar 03, 2016 10:23 pm

Re: Very slow download speed - Please help!

Tue Feb 04, 2025 8:11 pm

IMO configuration from your latest post doesn't explain the extremely low throughput in download direction.

Can you check the stats on ether1 port? Does it show any errors?
 
Ataraxia
just joined
Topic Author
Posts: 9
Joined: Tue Feb 04, 2025 4:59 pm

Re: Very slow download speed - Please help!

Tue Feb 04, 2025 8:17 pm

IMO configuration from your latest post doesn't explain the extremely low throughput in download direction.

Can you check the stats on ether1 port? Does it show any errors?
I'm not sure how to check those, as I said I'm very very novel atm.
I attached a screenshot with the status of ether1 if that helps.
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 13266
Joined: Thu Mar 03, 2016 10:23 pm

Re: Very slow download speed - Please help!

Tue Feb 04, 2025 8:19 pm

It would be under Tx stats and Rx stats ...
 
Ataraxia
just joined
Topic Author
Posts: 9
Joined: Tue Feb 04, 2025 4:59 pm

Re: Very slow download speed - Please help!

Tue Feb 04, 2025 8:24 pm

I attach what appears in those sections + overall stats.
You do not have the required permissions to view the files attached to this post.