Hi,

I have a few hundred PCs behind 4 public IP addresses. That's a problem because these PCs are using the web, and requesting pages from the same remote servers and these servers have limitation (reqest/sec from the same IP address I think), they are delaying to serve the reqests (banner servers for example) and that makes browsing slow.

Is there a possibility to share these IP addresses evenly among these PCs? Make src-nat firewall rules to use public IP address dynamically? Or can I drop specific packets to block the banner servers that cause the problem?

Dynamic sharing would be important because then I don't have to bother about how to divide my IPs among the public IPs.

Thanks!

NAT usually don't create this issue, as it tracks all the connections. You would have to have connection tracking on to even use nat. If this is the case, you normally would just NAT out via the first IP address entered on that interface.

if you send some configs on your nat rules, we can look at that, but i would assume the problem is somewhere else. I have shared thousands of users with ONE IP without such issues....

If it is a banner server or something of the like, limiting the number of connection's per public, then not really much you can do, else drop all data from these.

NAT usually don't create this issue, as it tracks all the connections. You would have to have connection tracking on to even use nat. If this is the case, you normally would just NAT out via the first IP address entered on that interface.

if you send some configs on your nat rules, we can look at that, but i would assume the problem is somewhere else. I have shared thousands of users with ONE IP without such issues....

If it is a banner server or something of the like, limiting the number of connection's per public, then not really much you can do, else drop all data from these.

We have tested this issue: every user had 3 public IP, the test machine had it's own public IP. When the other users had slow browsing (the browsers had been waiting always for banner servers: "Waiting for the reply from...") the test machine didn't have such issues. (In our country the biggest news-portals are using the SAME banner servers) If I look at other (off-country, etc) pages or I download files all is fine, but 70-90% of the users are browsing through these sites... (I don't think that the banner server's config will be modified just because of our request..)

As far as I know Squid can use multiple public IP addresses - choosen randomly so the Public IPs are equally shared among the internal users. Is there such a function in Mikrotik? I don't want to use PC as router because of stability..

thx!

I agree with using a PC as a router, take a look at the RB1000 line or the PoweRouter 732 product (not an MT product). These are both industrial units. The 732 though, you can do web caching with.

If these are just banners, block their IPs.