Hello,
Hope you have a good day.
I have PCC LoadBalanced of 6 WANs on Mikrotik RB5009.
I have only PPPoE users connected to this router, but some users say they are facing very slow Internet. Browsing & streaming etc Even full bandwidth of all WAN's connection is not consuming.
I'm not controlling the user's speed with the PPPoE profile. I have Static Queues for each user to control the user's bandwidth.
One more: sometimes the PPPoE user is connected. data is not (no traffic) passing on pppoe active connection. I do disconnect and on reconnect the user again
Are all WANs from the same ISP = Yes
Is all WANs has Public IP = NO
Do all WANs have the same bandwidth = Yes
Are all WANs directly connected in RB? = Yes
Are all WANs connected via PPPoE Client in RB? = Yes
Filter Rule:NAT Rule:Mangle Rule:Regards
Hope you have a good day.
I have PCC LoadBalanced of 6 WANs on Mikrotik RB5009.
I have only PPPoE users connected to this router, but some users say they are facing very slow Internet. Browsing & streaming etc Even full bandwidth of all WAN's connection is not consuming.
I'm not controlling the user's speed with the PPPoE profile. I have Static Queues for each user to control the user's bandwidth.
One more: sometimes the PPPoE user is connected. data is not (no traffic) passing on pppoe active connection. I do disconnect and on reconnect the user again
Are all WANs from the same ISP = Yes
Is all WANs has Public IP = NO
Do all WANs have the same bandwidth = Yes
Are all WANs directly connected in RB? = Yes
Are all WANs connected via PPPoE Client in RB? = Yes
Filter Rule:
Code:
/ip firewall filteradd action=accept chain=input comment=Wireguard dst-port=13231 protocol=udpadd action=accept chain=input comment="Router Access Remotely" dst-port=\ 8295,8296 protocol=tcpadd action=drop chain=input comment="Block Attack" dst-port=\ 25,53,87,512-515,543,544,7547,8080 protocol=tcpadd action=drop chain=input comment="Block Attack" dst-port=\ 53,80,87,161,162,1900,4520-4524,8080 protocol=udpadd action=drop chain=input comment="Block Ping" in-interface-list=\ WAN-Interface-List protocol=icmpadd action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "Port Scanners to Address List " protocol=tcp psd=21,3s,3,1add action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "TCP Flag-NMAP FIN Stealth scan" protocol=tcp tcp-flags=\ fin,!syn,!rst,!psh,!ack,!urgadd action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "TCP Flag-FIN/SYN scan" protocol=tcp tcp-flags=fin,synadd action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "TCP Flag-RST/SYN scan" protocol=tcp tcp-flags=syn,rstadd action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "TCP Flag-FIN/PSH/URG scan" protocol=tcp tcp-flags=\ fin,psh,urg,!syn,!rst,!ackadd action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "TCP Flag-ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urgadd action=add-src-to-address-list address-list="Port Scanners" \ address-list-timeout=none-dynamic chain=input comment=\ "TCP Flag-NMAP NULL scan" protocol=tcp tcp-flags=\ !fin,!syn,!rst,!psh,!ack,!urgadd action=drop chain=input comment="Dropping Port Scanners" \ src-address-list="Port Scanners"Code:
/ip firewall natadd action=masquerade chain=srcnat comment=wireguard1 src-address=\ 192.168.217.0/24add action=masquerade chain=srcnat comment=PPPoE out-interface-list=\ WAN-Interface-List src-address=172.30.30.10-172.30.30.250Code:
/ip firewall mangleadd action=mark-connection chain=input comment="Old PCC" connection-mark=\ no-mark connection-state=new in-interface=1_WAN1 new-connection-mark=\ wan1_connadd action=mark-connection chain=input connection-mark=no-mark \ connection-state=new in-interface=2_WAN2 new-connection-mark=wan2_connadd action=mark-connection chain=input connection-mark=no-mark \ connection-state=new in-interface=3_WAN3 new-connection-mark=wan3_connadd action=mark-connection chain=input connection-mark=no-mark \ connection-state=new in-interface=4_WAN4 new-connection-mark=wan4_connadd action=mark-connection chain=input connection-mark=no-mark \ connection-state=new in-interface=5_WAN5 new-connection-mark=wan5_connadd action=mark-connection chain=input connection-mark=no-mark \ connection-state=new in-interface=6_WAN6 new-connection-mark=wan6_connadd action=mark-routing chain=output connection-mark=wan1_conn \ new-routing-mark=to_wan1add action=mark-routing chain=output connection-mark=wan2_conn \ new-routing-mark=to_wan2add action=mark-routing chain=output connection-mark=wan3_conn \ new-routing-mark=to_wan3add action=mark-routing chain=output connection-mark=wan4_conn \ new-routing-mark=to_wan4add action=mark-routing chain=output connection-mark=wan5_conn \ new-routing-mark=to_wan5add action=mark-routing chain=output connection-mark=wan6_conn \ new-routing-mark=to_wan6add action=accept chain=prerouting in-interface=1_WAN1add action=accept chain=prerouting in-interface=2_WAN2add action=accept chain=prerouting in-interface=3_WAN3add action=accept chain=prerouting in-interface=4_WAN4add action=accept chain=prerouting in-interface=5_WAN5add action=accept chain=prerouting in-interface=6_WAN6add action=mark-connection chain=prerouting connection-mark=no-mark \ connection-state=new dst-address-type=!local new-connection-mark=\ wan1_conn per-connection-classifier=src-address-and-port:6/0 src-address=\ 172.30.30.10-172.30.30.250add action=mark-connection chain=prerouting connection-mark=no-mark \ connection-state=new dst-address-type=!local new-connection-mark=\ wan2_conn per-connection-classifier=src-address-and-port:6/1 src-address=\ 172.30.30.10-172.30.30.250add action=mark-connection chain=prerouting connection-mark=no-mark \ connection-state=new dst-address-type=!local new-connection-mark=\ wan3_conn per-connection-classifier=src-address-and-port:6/2 src-address=\ 172.30.30.10-172.30.30.250add action=mark-connection chain=prerouting connection-mark=no-mark \ connection-state=new dst-address-type=!local new-connection-mark=\ wan4_conn per-connection-classifier=src-address-and-port:6/3 src-address=\ 172.30.30.10-172.30.30.250add action=mark-connection chain=prerouting connection-mark=no-mark \ connection-state=new dst-address-type=!local new-connection-mark=\ wan5_conn per-connection-classifier=src-address-and-port:6/4 src-address=\ 172.30.30.10-172.30.30.250add action=mark-connection chain=prerouting connection-mark=no-mark \ connection-state=new dst-address-type=!local new-connection-mark=\ wan6_conn per-connection-classifier=src-address-and-port:6/5 src-address=\ 172.30.30.10-172.30.30.250add action=mark-routing chain=prerouting connection-mark=wan1_conn \ new-routing-mark=to_wan1 passthrough=no src-address=\ 172.30.30.10-172.30.30.250add action=mark-routing chain=prerouting connection-mark=wan2_conn \ new-routing-mark=to_wan2 passthrough=no src-address=\ 172.30.30.10-172.30.30.250add action=mark-routing chain=prerouting connection-mark=wan3_conn \ new-routing-mark=to_wan3 passthrough=no src-address=\ 172.30.30.10-172.30.30.250add action=mark-routing chain=prerouting connection-mark=wan4_conn \ new-routing-mark=to_wan4 passthrough=no src-address=\ 172.30.30.10-172.30.30.250add action=mark-routing chain=prerouting connection-mark=wan5_conn \ new-routing-mark=to_wan5 passthrough=no src-address=\ 172.30.30.10-172.30.30.250add action=mark-routing chain=prerouting connection-mark=wan6_conn \ new-routing-mark=to_wan6 passthrough=no src-address=\ 172.30.30.10-172.30.30.250Statistics: Posted by miankamran7100 — Tue Mar 11, 2025 7:25 pm