There are a few tools to convert Mb to bits, bytes to bits etc, but I like this one – http://www.matisse.net/bitcalc/
Directions are as follows:
direction = input or output
shaped = Speed you want to traffic shape in bits
normal burst = (shaped / 8) * 1.5
extended burst = (normal burst * 2)
For example, if you would like to ensure customer has 100Mbps speeds, you would do –
rate-limit input 104857600 19660800 39321600 conform-action transmit exceed-action drop
rate-limit output 104857600 19660800 39321600 conform-action transmit exceed-action drop
Moving a rule in ssh is easy. Just move the rule number to the destination number –
/ip firewall filter move 7 destination=4
This would move rule number 7 to position 4, moving 4 lower down the chain. Sometimes helpful when you, like me, accidentally created a rule for winbox 8291 as port 8192!
User having slowness when connecting vpn to remote office, plugged into a Mikrotik using sfp1 interface on a 100mbps connection. Speeds on site are fine, no packet loss to remote vpn point, but when connected rdp sessions are extremely slow.
Eventually I found a fix for this issue. I changed the wan interface mtu value on the Mikrotik to 1460. Since doing so the user vpn speed has drastically increased.
I needed to configure some NAT rules on a Mikrotik, but the rules only worked from outside in. The customer uses split DNS for the domain, so a local address on the mail client, and it needed a loopback rule. In the end I wrote the rules into the router using the terminal, or ssh.
Here’s an example of forwarding port 25.
Router is on 192.168.1.254
Server is on 192.168.1.250
/ip firewall nat
add chain=dstnat dst-address-type=local protocol=tcp dst-port=25 \
action=dst-nat to-address=192.168.1.250 to-port=25
/ip firewall nat
add chain=srcnat src-address=192.168.1.0/24 \
dst-address=192.168.1.250 protocol=tcp dst-port=25 \
You can then open up winbox, go to IP / Firewall / NAT and you will see your new rules.
Go into global configuration mode and type the following:
int atm 0
dsl noise-margin (a value between -3 and 3)
Most likely you will need to increase the SNR for stability. You should check the SNR via the command show dsl interface atm0/0/0 or something like show controllers VDSL 0 (or what ever atm you need this doing on). To increase the SNR try settings dsl noise-margin 1 and then check the SNR value again. You can increment it by .5, so maybe 1, then 1.5 etc.. It will resync, and you should see the SNR increase. You can gradually increase until you have a stable connection.
Note that you will get a warning doing this – WARNING: Unsupported Command. May cause violation to ADSL standards.