Hey!

I am using the RB951 and my home router. It's connected directly to the ISP, so no modems in front of it. I used the Quick Set to set it up as a Home AP with PPPoE, enabled "Firewall Router", "NAT" and UPnP.

I have a symmetric 40Mbps connection and with the old router I was easily getting 45Mbps Down and 70Mbps Up. With the RB I am getting 39Mbps Down (which is fine) but the upload is 20Mbps and it struggles to get to that. I know the ISP is not throttling me.

I did some research and found that Queues might be causing the issue, so I changed the Interface Queues to multi-queue-ethernet-default and the upload speed did increase but now it's 30 Mbps.

The second issue I'm having is I can't seem to open the ports I need for my web server and other devices. I've searched for tutorials but none of them worked. I disabled the web interface and created the rule on NAT tab in the Firewall window.

Here are my firewall rules:
Thank's for your time.

NOTE: With the old router all ports were working perfectly. So nothing changed except the router.

Your dstnat rules use in-interface=ether1-wan, while your srcnat masquerade rule uses out-interface=beogrid

Since your internet is working, you should probably change your dst-nat rules to use the beogrid interface.
Remember, this interface is the IP interface, not the physical interface, so if beogrid is a pppoe client interface, sure the pppoe might be entering ether1, but it's just pppoe traffic at that point, it's not IP traffic. It's only IP traffic when it arrives on the beogrid interface.

I didn't read the rest of the rules, but fix this and it should probably work, or you may also need to modify the rest of your rules if they refer directly to ether1-wan

EDIT: You'll also need to fix filter rules 3 and 7

Your dstnat rules use in-interface=ether1-wan, while your srcnat masquerade rule uses out-interface=beogrid

Since your internet is working, you should probably change your dst-nat rules to use the beogrid interface.
Remember, this interface is the IP interface, not the physical interface, so if beogrid is a pppoe client interface, sure the pppoe might be entering ether1, but it's just pppoe traffic at that point, it's not IP traffic. It's only IP traffic when it arrives on the beogrid interface.

I didn't read the rest of the rules, but fix this and it should probably work, or you may also need to modify the rest of your rules if they refer directly to ether1-wan

EDIT: You'll also need to fix filter rules 3 and 7

Yes this fixed the issue. However I am still having issues with the internet speed.

The speeds could be from buffer bloat or policing issues- if the ethernet connections are 1Gbps connections, and the ISP is policing your traffic to 40Mbps, then I can assure you that policing is causing the issue. Policing simply discards packets in excess of some subscribed bitrate. Remember that if your ethernet connection is 1Gbps - that the packets are actually going to the Internet across the wire at 1Gbps - it doesn't take many packets for the connection to be momentarily above 30Mbps average throughput - after which point packets are being discarded by the rate policing.... then when the avg goes under the threshold, packets are allowed, but one more 1500byte packet will put the average over budget.....

TCP sees this and backs off its speeds, and then when it's working, speeds up again, gets policed, backs off, works, speeds up, gets policed, etc.... this makes your actual momentary speed all choppy. It would be like if you drove your car by rapidly accelerating to 100, realizing that you were speeding (say the limit is 80) hitting the brakes until you're doing 50, then slamming the gas up to 100 again, then the brakes.... doing this, you may average 75, where it would be better to just drive at 80.....

Try finding a howto for traffic shaping and shape your traffic to a rate like 39Mbps. You'll probably get better performance that way.

The speeds could be from buffer bloat or policing issues- if the ethernet connections are 1Gbps connections, and the ISP is policing your traffic to 40Mbps, then I can assure you that policing is causing the issue. Policing simply discards packets in excess of some subscribed bitrate. Remember that if your ethernet connection is 1Gbps - that the packets are actually going to the Internet across the wire at 1Gbps - it doesn't take many packets for the connection to be momentarily above 30Mbps average throughput - after which point packets are being discarded by the rate policing.... then when the avg goes under the threshold, packets are allowed, but one more 1500byte packet will put the average over budget.....

TCP sees this and backs off its speeds, and then when it's working, speeds up again, gets policed, backs off, works, speeds up, gets policed, etc.... this makes your actual momentary speed all choppy. It would be like if you drove your car by rapidly accelerating to 100, realizing that you were speeding (say the limit is 80) hitting the brakes until you're doing 50, then slamming the gas up to 100 again, then the brakes.... doing this, you may average 75, where it would be better to just drive at 80.....

Try finding a howto for traffic shaping and shape your traffic to a rate like 39Mbps. You'll probably get better performance that way.

Thanks for the detailed answer. Yeah they do policies and I'm connected to a 100Mbps line on their side.
I though about making a Queue on the PPPoE port, but I'm also running IPTV devices which use additional 30Mbps. However that bandwidth doesn't get caught by ISP policies so my Internet speed is not affected. Maybe I can do the same...