Hi everybody:
well i am still a newbie but i need some urgent help to just start up.
well i have a a sort of 20 users. my isp let me connects to the internet through a PPPOe username and password. i used to have a microsoft platform to make the connection and enabled internet conection sharing on it to let the costumers browse or use the internet. but i have some costumers that are killing my connection. so i wnat to remove the microsoft operating system and use instead a mikrotik router. i need some help in configuration just for the first configuration just to let the costumers work then i would investigate the manual for firewall and other stuf. i want the simplist configuratin pls. i prefer also my costumers to connect through pppoe connection to make limitation for each costumer alone but if a setup with ip address is easier no problem just want to know how to limit each ip to ceratin up/down no all users having same bandwidth. thanks... in advance
by the way i have 2 versions of mikrotik 2.7.14 and another one 2.8.9
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
Basic setup guide is here:
http://www.mikrotik.com/docs/ros/2.8/guide/basic
Some useful stuff here:
http://www.mikrotik.com/docs/ros/2.8/ho ... to.content
PPPoE stuff is here:
http://www.mikrotik.com/docs/ros/2.8/interface/pppoe
Regards
Andrew
http://www.mikrotik.com/docs/ros/2.8/guide/basic
Some useful stuff here:
http://www.mikrotik.com/docs/ros/2.8/ho ... to.content
PPPoE stuff is here:
http://www.mikrotik.com/docs/ros/2.8/interface/pppoe
Regards
Andrew
Basic setup guide is here:
http://www.mikrotik.com/docs/ros/2.8/guide/basic
Some useful stuff here:
http://www.mikrotik.com/docs/ros/2.8/ho ... to.content
PPPoE stuff is here:
http://www.mikrotik.com/docs/ros/2.8/interface/pppoe
Regards
Andrew
Thanks a lot man
i set up the PPOe Client and the hotspot and it works fine with me
no i have 2 other lan cards in the mikrotik
if i want to setup up PPPOE server and also some costumers based on their ip addresses should i add firewall rules and masuerading as the one generated for the hotspot.
i did a PPPoe server and i was able to connect to it but i was unable to browse it says connecting ...... then unable to find page while using the hotspot it works fine.
just one more question if i have the 3 setups (hotspot, pppoe and ip based connected to the same switch wich all my costumers are connected to can the one having ip address connect directly and thous of hotspot open their broswer to connect and of the pppoe to use their username and password, or i should split every group alone. thanks in advance
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
Don't quite follow what you mean here.if want to setup up PPPOE server and also some costumers based on their ip addresses should i add firewall rules and masuerading as the one generated for the hotspot.
Did you turn on Proxy-Arp on the PPPoE server interface?did a PPPoe server and i was able to connect to it but i was unable to browse it says connecting ...... then unable to find page while using the hotspot it works fine.
I would say you have to split your users otherwise you have no control over them and no security. Anyone who can sniff or guess a valid IP address has network access.
Regards
Andrew
i didnt understand what u mean by not having control over my costumers and the security.if i have two diferent pools for the PPPOE and the Hotspot in addition to the private addresses for the ip address users what will be the security disadvantages and the control problem..
\
also in the hotspot i made 3 profiles one with 128kbs limit one with 256kbs and one with 56kbs. is this effective to to limit the transfer rate for each costumer or this means that all users in such a profile will have to share a transfer rate of 128 or 256 or 56kbs
\
also in the hotspot i made 3 profiles one with 128kbs limit one with 256kbs and one with 56kbs. is this effective to to limit the transfer rate for each costumer or this means that all users in such a profile will have to share a transfer rate of 128 or 256 or 56kbs
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
well i have each one configured on a seperate card but all three ar connected to the same switch that then all my cable and wireless clients are connected to
ether1=========== internet
ether2==============hotspot====
=
ether3==============ip address ===== switch======clients
=
ether4==============pppoeserver=
does this design have security problems
also i am unable to give the pppoe and ip address costumers limit for their upload and download speed can anybody help
ether1=========== internet
ether2==============hotspot====
=
ether3==============ip address ===== switch======clients
=
ether4==============pppoeserver=
does this design have security problems
also i am unable to give the pppoe and ip address costumers limit for their upload and download speed can anybody help
i have been reading this example in the maual
http://www.mikrotik.com/docs/ros/2.8/ro ... t#6.54.7.5
well i need to have a similar setup but i need to have different packages for the costumers.
for example i need to have 10.20.130.4 5 and 6 have a 32/64 speed
and to have 10.20.130.88 and 10.20.130.95 to have a 64/128 speed
and lets say 10.20.130.108 , 120 and 200 to have a 64/256 speed
can any body haelp
i assume that 10.20.130.xxx is my local network
thanks again
http://www.mikrotik.com/docs/ros/2.8/ro ... t#6.54.7.5
well i need to have a similar setup but i need to have different packages for the costumers.
for example i need to have 10.20.130.4 5 and 6 have a 32/64 speed
and to have 10.20.130.88 and 10.20.130.95 to have a 64/128 speed
and lets say 10.20.130.108 , 120 and 200 to have a 64/256 speed
can any body haelp
i assume that 10.20.130.xxx is my local network
thanks again
Use mangle to mark flows from/to ip addresses that belongs to same package. Then setup different PCQ queues to match package speed.i have been reading this example in the maual
http://www.mikrotik.com/docs/ros/2.8/ro ... t#6.54.7.5
well i need to have a similar setup but i need to have different packages for the costumers.
for example i need to have 10.20.130.4 5 and 6 have a 32/64 speed
and to have 10.20.130.88 and 10.20.130.95 to have a 64/128 speed
and lets say 10.20.130.108 , 120 and 200 to have a 64/256 speed
can any body haelp
i assume that 10.20.130.xxx is my local network
thanks again
It's very simple and effective way ...
In case of using NAT on same box :
/ ip firewall mangle
add src-address=10.0.0.0/22 in-interface=local action=passthrough mark-connection=bronze-up mark-flow=bronze-
up
add src-address=10.10.0.0/22 in-interface=local action=passthrough mark-connection=bronze-up mark-flow=bronze
-up
add in-interface=!local connection=bronze-up action=accept mark-flow=bronze-down
add src-address=10.1.0.0/22 in-interface=local action=passthrough mark-connection=silver-up mark-flow=silver-
up
add src-address=10.11.0.0/22 in-interface=local action=passthrough mark-connection=silver-up mark-flow=silver-
up
add in-interface=!local connection=silver-up action=accept mark-flow=silver-down
/ queue type
add name="bronze-down" kind=pcq pcq-rate=65536 pcq-classifier=dst-address
add name="bronze-up" kind=pcq pcq-rate=32768 pcq-classifier=src-address
add name="silver-down" kind=pcq pcq-rate=131072 pcq-classifier=dst-address
add name="silver-up" kind=pcq pcq-rate=65536 pcq-classifier=src-address
/ queue tree
add name="all-out" parent=global-out queue=wireless-default
add name="bronze-down" parent=all-out flow=bronze-down queue=bronze-down
add name="silver-down" parent=all-out flow=silver-down queue=silver-down
add name="all-in" parent=global-in queue=wireless-default
add name="bronze-up" parent=all-in flow=bronze-up queue=bronze-up
add name="silver-up" parent=all-in flow=silver-up queue=silver-up
/ ip firewall mangle
add src-address=10.0.0.0/22 in-interface=local action=passthrough mark-connection=bronze-up mark-flow=bronze-
up
add src-address=10.10.0.0/22 in-interface=local action=passthrough mark-connection=bronze-up mark-flow=bronze
-up
add in-interface=!local connection=bronze-up action=accept mark-flow=bronze-down
add src-address=10.1.0.0/22 in-interface=local action=passthrough mark-connection=silver-up mark-flow=silver-
up
add src-address=10.11.0.0/22 in-interface=local action=passthrough mark-connection=silver-up mark-flow=silver-
up
add in-interface=!local connection=silver-up action=accept mark-flow=silver-down
/ queue type
add name="bronze-down" kind=pcq pcq-rate=65536 pcq-classifier=dst-address
add name="bronze-up" kind=pcq pcq-rate=32768 pcq-classifier=src-address
add name="silver-down" kind=pcq pcq-rate=131072 pcq-classifier=dst-address
add name="silver-up" kind=pcq pcq-rate=65536 pcq-classifier=src-address
/ queue tree
add name="all-out" parent=global-out queue=wireless-default
add name="bronze-down" parent=all-out flow=bronze-down queue=bronze-down
add name="silver-down" parent=all-out flow=silver-down queue=silver-down
add name="all-in" parent=global-in queue=wireless-default
add name="bronze-up" parent=all-in flow=bronze-up queue=bronze-up
add name="silver-up" parent=all-in flow=silver-up queue=silver-up
sorry for being dump and thanks a lot but 2 days working infront of a screen and not having time to sleep made me such a stupid. any way thanks a lot.
......
now my new problem hoe not to be a stupid problem too is not being able to let the webproxy work
i have 3 interfaces in the mikrotik one is pppoe-client which i have my connection through it
the second interface is pppoe server for my costumers
and the third is giving arange of ip address also to the costumers
now i did masquerade the range of ips i put which is 10.20.130.xxx and the range of the ppoe-pool
i also did mangle for the udp port 53 for thedns cache server
i enabled webproxy what should be the src address
and if i enabled transparent proxy what should be the parent address
......
now my new problem hoe not to be a stupid problem too is not being able to let the webproxy work
i have 3 interfaces in the mikrotik one is pppoe-client which i have my connection through it
the second interface is pppoe server for my costumers
and the third is giving arange of ip address also to the costumers
now i did masquerade the range of ips i put which is 10.20.130.xxx and the range of the ppoe-pool
i also did mangle for the udp port 53 for thedns cache server
i enabled webproxy what should be the src address
and if i enabled transparent proxy what should be the parent address
OK guys i solved my transparent proxy problems
can any body just tell me how i would block a websitefor example i want my costumers to be unable to browse http://www.xxx.com how can i do this
can any body just tell me how i would block a websitefor example i want my costumers to be unable to browse http://www.xxx.com how can i do this
Something like
Code: Select all
/ip web-proxy access add url="http://www.xxx.com" action=denythanks cmit well i still have 2 questions. the first is that can i do webfilterring in the proxy for example if i want to deny every website conatining nudity can i have a rulein proxy to do this, i read a posted topic here but i didnt understand it. the next question is that my costumers part of them are pppoe-clients and part or them have local ip address. for the ones having local ip address i used pcq as nhalachev stated for me and its working fine i did all the limits i want to , but i want to know is can i have a burst for it, for example if someone is downloading a song or uploading a picture instead of using the pcq limit i used for him for example 32k up/ 64k down i want him to use 128kup / 256k down and if he used it for more than a minute he will return to the 32/64 cause i think this will help in faster browsing and the users of small up and downs will be more satisfied.
just one more thing if somebody download a song or msn or any stuff and there is another one who wants to download the same file can this file be cashed on the mikrotik and the costumer download it with no speed limits if yes please tell me the configuration. thanks again
just one more thing if somebody download a song or msn or any stuff and there is another one who wants to download the same file can this file be cashed on the mikrotik and the costumer download it with no speed limits if yes please tell me the configuration. thanks again