Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Help, I want to manage bandwidth from external proxy

Locked
 
d33cktr4zy
just joined
Topic Author
Posts: 7
Joined: Tue Nov 17, 2009 9:38 am

Help, I want to manage bandwidth from external proxy

Tue Nov 17, 2009 10:43 am

Straight to the point (due i have no idea what else can i do), here is my network topology :
Image

Here is my current NAT export :
add action=masquerade chain=srcnat comment="" disabled=no out-interface=\
Public
add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=\
192.168.1.2 dst-port=31600 protocol=tcp to-addresses=192.168.2.250 \
to-ports=31600
add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=\
192.168.1.2 dst-port=10000 protocol=tcp to-addresses=192.168.2.2 \
to-ports=10000
add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=\
192.168.1.2 dst-port=31600 protocol=tcp to-addresses=\
192.168.10.0-192.168.10.255 to-ports=31600
add action=redirect chain=dstnat comment="" disabled=yes protocol=tcp \
to-ports=3128
add action=dst-nat chain=dstnat comment="Torrent port" disabled=yes \
dst-address=125.162.48.182 dst-port=31600 protocol=tcp to-addresses=\
192.168.2.250 to-ports=31600
add action=redirect chain=dstnat comment=Proxy disabled=yes dst-port=80 \
protocol=tcp to-ports=3128
add action=redirect chain=dstnat comment=Proxy disabled=yes dst-port=3128 \
protocol=tcp to-ports=80
add action=redirect chain=dstnat comment=Proxy disabled=yes dst-port=8080 \
protocol=tcp to-ports=3128
add action=dst-nat chain=dstnat comment=Squid disabled=no dst-address-list=\
!NotNat dst-port=8080 in-interface=Local protocol=tcp to-addresses=\
192.168.2.2 to-ports=3128
add action=dst-nat chain=dstnat comment="" disabled=no dst-address-list=\
!NotNat dst-port=80 in-interface=Local protocol=tcp to-addresses=\
192.168.2.2 to-ports=3128
add action=dst-nat chain=dstnat comment="" disabled=no dst-address-list=\
!NotNat dst-port=3128 in-interface=Local protocol=tcp to-addresses=\
192.168.2.2 to-ports=3128
add action=dst-nat chain=dstnat comment=New disabled=yes dst-address-list=\
!NotNat dst-port=80 protocol=tcp src-address=192.168.10.0/24 \
to-addresses=192.168.2.2 to-ports=3128
add action=dst-nat chain=dstnat comment="" disabled=yes dst-port=8080 \
protocol=tcp src-address=192.168.10.0/24 to-addresses=192.168.2.2 \
to-ports=3128
add action=dst-nat chain=dstnat comment="" disabled=yes dst-port=3128 \
protocol=tcp src-address=192.168.10.0/24 to-addresses=192.168.2.2 \
to-ports=3128
add action=dst-nat chain=dstnat comment="" disabled=yes dst-port=8081 \
protocol=tcp src-address=192.168.10.0/24 to-addresses=192.168.2.2 \
to-ports=3128
add action=dst-nat chain=dstnat comment="" disabled=yes dst-port=8090 \
protocol=tcp src-address=192.168.10.0/24 to-addresses=192.168.2.2 \
to-ports=3128
add action=dst-nat chain=dstnat comment="" disabled=yes dst-port=3127 \
protocol=tcp src-address=192.168.10.0/24 to-addresses=192.168.2.2 \
to-ports=3128
add action=dst-nat chain=dstnat comment="" disabled=yes dst-port=8050 \
protocol=tcp to-addresses=192.168.2.2 to-ports=3128
add action=dst-nat chain=dstnat comment="coba forward" disabled=yes \
dst-address=125.162.48.182 dst-port=80 in-interface=Public protocol=tcp \
to-addresses=192.168.2.2 to-ports=80
then here is the mangle :
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward action=mark-connection new-connection-mark=RFOdown
passthrough=yes protocol=tcp dst-port=27780

1 chain=forward action=mark-connection new-connection-mark=RF-online
passthrough=yes protocol=tcp src-port=27780

2 ;;; squid hit
chain=prerouting action=mark-connection new-connection-mark=squid_HIT
passthrough=yes protocol=tcp dscp=12

3 chain=prerouting action=mark-connection new-connection-mark=http_conn
passthrough=yes protocol=tcp dst-address=!192.168.1.1 dst-port=80

4 chain=prerouting action=mark-connection new-connection-mark=http_conn
passthrough=yes protocol=tcp dst-port=443

5 chain=prerouting action=mark-connection new-connection-mark=dns_conn
passthrough=yes protocol=tcp dst-port=53

6 chain=prerouting action=mark-connection new-connection-mark=zynga
passthrough=no connection-state=new protocol=tcp in-interface=Local
dst-port=9339

7 chain=prerouting action=mark-connection new-connection-mark=dns_conn
passthrough=yes protocol=udp dst-port=53

8 chain=prerouting action=mark-connection new-connection-mark=ym_conn
passthrough=yes protocol=tcp dst-port=5050-5061

9 chain=prerouting action=mark-connection new-connection-mark=cs_conn
passthrough=yes protocol=udp dst-port=27015

10 chain=prerouting action=mark-connection new-connection-mark=gb_conn_1
passthrough=yes protocol=udp dst-port=0

11 chain=prerouting action=mark-connection new-connection-mark=gb_conn_2
passthrough=yes protocol=tcp dst-port=8400

12 chain=prerouting action=mark-connection new-connection-mark=gb_conn_3
passthrough=yes protocol=udp dst-port=1028

13 chain=prerouting action=mark-connection new-connection-mark=irc_conn
passthrough=yes protocol=tcp dst-port=6000-7000

14 chain=prerouting action=mark-connection new-connection-mark=mt_conn
passthrough=yes protocol=tcp dst-port=8291

15 chain=prerouting action=mark-connection new-connection-mark=email_conn
passthrough=yes protocol=tcp dst-port=110

16 chain=prerouting action=mark-connection new-connection-mark=email_conn
passthrough=yes protocol=tcp dst-port=25

17 chain=prerouting action=mark-connection new-connection-mark=ssh_conn
passthrough=yes protocol=tcp dst-port=22

18 chain=prerouting action=mark-connection new-connection-mark=zynga
passthrough=no connection-state=new protocol=udp in-interface=Squid

19 chain=prerouting action=mark-connection new-connection-mark=zynga
passthrough=no connection-state=new protocol=tcp in-interface=Squid
dst-port=9339

20 chain=prerouting action=mark-connection new-connection-mark=zynga
passthrough=no connection-state=new protocol=udp in-interface=Local

21 chain=forward action=mark-packet new-packet-mark=squiddl passthrough=no
dst-address=192.168.2.2 in-interface=Public

22 chain=forward action=mark-packet new-packet-mark=rfodn passthrough=no
connection-mark=RF-online

23 chain=forward action=mark-packet new-packet-mark=rfoup passthrough=no
connection-mark=RFOdown

24 chain=prerouting action=mark-packet new-packet-mark=http passthrough=no
connection-mark=http_conn

25 chain=prerouting action=mark-packet new-packet-mark=dns passthrough=no
connection-mark=dns_conn

26 chain=prerouting action=mark-packet new-packet-mark=ym passthrough=no
connection-mark=ym_conn

27 chain=forward action=mark-connection new-connection-mark=local
passthrough=yes connection-state=new src-address=192.168.10.0/24

28 chain=forward action=mark-connection new-connection-mark=local
passthrough=yes connection-state=new dst-address=192.168.10.0/24

29 chain=forward action=mark-packet new-packet-mark=Squid-HIT passthrough=no
protocol=tcp connection-mark=local dscp=12

30 chain=prerouting action=mark-packet new-packet-mark=SMB passthrough=no
protocol=tcp src-port=445 connection-mark=local

31 chain=forward action=mark-packet new-packet-mark=SMB passthrough=no
protocol=tcp port=445 connection-mark=local

32 chain=prerouting action=mark-packet new-packet-mark=irc passthrough=no
connection-mark=irc_conn

33 chain=prerouting action=mark-packet new-packet-mark=mt passthrough=no
connection-mark=mt_conn

34 chain=prerouting action=mark-packet new-packet-mark=email passthrough=no
connection-mark=email_conn

35 chain=prerouting action=mark-packet new-packet-mark=ssh passthrough=no
connection-mark=ssh_conn

36 chain=forward action=mark-packet new-packet-mark=billing passthrough=no
protocol=tcp src-address=192.168.10.200 connection-mark=local

37 chain=forward action=mark-packet new-packet-mark=billing passthrough=no
protocol=tcp dst-address=192.168.10.200 connection-mark=local

38 chain=forward action=mark-packet new-packet-mark=meja1 passthrough=no
protocol=tcp src-address=192.168.10.1 connection-mark=local

39 chain=forward action=mark-packet new-packet-mark=meja1 passthrough=no
protocol=tcp dst-address=192.168.10.1 connection-mark=local

40 chain=forward action=mark-packet new-packet-mark=meja2 passthrough=no
protocol=tcp src-address=192.168.10.2 connection-mark=local

41 chain=forward action=mark-packet new-packet-mark=meja2 passthrough=no
protocol=tcp dst-address=192.168.10.2 connection-mark=local

42 chain=forward action=mark-packet new-packet-mark=meja3 passthrough=no
protocol=tcp src-address=192.168.10.3 connection-mark=local

43 chain=forward action=mark-packet new-packet-mark=meja3 passthrough=no
protocol=tcp dst-address=192.168.10.3 connection-mark=local

44 chain=forward action=mark-packet new-packet-mark=meja4 passthrough=no
protocol=tcp src-address=192.168.10.4 connection-mark=local

45 chain=forward action=mark-packet new-packet-mark=meja4 passthrough=no
protocol=tcp dst-address=192.168.10.4 connection-mark=local

46 chain=forward action=mark-packet new-packet-mark=meja5 passthrough=no
protocol=tcp src-address=192.168.10.5 connection-mark=local

47 chain=forward action=mark-packet new-packet-mark=meja5 passthrough=no
protocol=tcp dst-address=192.168.10.5 connection-mark=local

48 chain=forward action=mark-packet new-packet-mark=meja6 passthrough=no
protocol=tcp src-address=192.168.10.6 connection-mark=local

49 chain=forward action=mark-packet new-packet-mark=meja6 passthrough=no
protocol=tcp dst-address=192.168.10.6 connection-mark=local

50 chain=forward action=mark-packet new-packet-mark=meja7 passthrough=no
protocol=tcp src-address=192.168.10.22 connection-mark=local

51 chain=forward action=mark-packet new-packet-mark=meja7 passthrough=no
protocol=tcp dst-address=192.168.10.22 connection-mark=local

52 chain=forward action=mark-packet new-packet-mark=bokap passthrough=no
protocol=tcp src-address=192.168.10.10 connection-mark=local

53 chain=forward action=mark-packet new-packet-mark=bokap passthrough=no
protocol=tcp dst-address=192.168.10.10 connection-mark=local

54 chain=forward action=mark-packet new-packet-mark=Operator passthrough=no
protocol=tcp src-address=192.168.10.250 connection-mark=local

55 chain=forward action=mark-packet new-packet-mark=Operator passthrough=no
protocol=tcp dst-address=192.168.10.250 connection-mark=local

56 chain=prerouting action=mark-connection new-connection-mark=squid
passthrough=yes src-address=192.168.2.0/24

57 chain=prerouting action=mark-connection new-connection-mark=squid
passthrough=yes dst-address=192.168.2.0/24

58 chain=forward action=mark-packet new-packet-mark=Kamar passthrough=no
protocol=tcp src-address=192.168.2.250 connection-mark=squid

59 chain=forward action=mark-packet new-packet-mark=Kamar passthrough=no
protocol=tcp dst-address=192.168.2.250 connection-mark=squid

60 chain=forward action=mark-packet new-packet-mark=squidprox passthrough=no
protocol=tcp src-address=192.168.2.2 connection-mark=squid

61 chain=forward action=mark-packet new-packet-mark=squidprox passthrough=no
protocol=tcp dst-address=192.168.2.2 connection-mark=squid

62 X ;;; NEW::NEW::NEW
chain=prerouting action=log log-prefix="preroutes"

63 X ;;; local Conmark
chain=prerouting action=mark-connection
new-connection-mark=Local-ConMark passthrough=yes connection-state=new
src-address=192.168.10.0/24

64 X chain=prerouting action=mark-connection new-connection-mark=Local-ConMark
passthrough=yes connection-state=new dst-address=192.168.10.0/24

65 X chain=forward action=mark-packet new-packet-mark=Local-TCP-packets
passthrough=yes protocol=tcp connection-mark=Local-ConMark
Then here is the queue tree :
Flags: X - disabled, I - invalid
0 name="UPSTREAM" parent=Public packet-mark="" limit-at=0
queue=ethernet-default priority=4 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s

1 name="BILLING-UP" parent=UPSTREAM packet-mark=billing limit-at=10000
queue=default priority=5 max-limit=20000 burst-limit=0 burst-threshold=0
burst-time=0s

2 name="MEJA1-UP" parent=UPSTREAM packet-mark=meja1 limit-at=10000
queue=default priority=2 max-limit=20000 burst-limit=128000
burst-threshold=128000 burst-time=5s

3 name="MEJA2-UP" parent=UPSTREAM packet-mark=meja2 limit-at=10000
queue=default priority=5 max-limit=20000 burst-limit=128000
burst-threshold=128000 burst-time=5s

4 name="MEJA3-UP" parent=UPSTREAM packet-mark=meja3 limit-at=10000
queue=default priority=5 max-limit=20000 burst-limit=128000
burst-threshold=128000 burst-time=5s

5 name="MEJA4-UP" parent=UPSTREAM packet-mark=meja4 limit-at=10000
queue=default priority=6 max-limit=20000 burst-limit=128000
burst-threshold=128000 burst-time=5s

6 name="MEJA5-UP" parent=UPSTREAM packet-mark=meja5 limit-at=10000
queue=default priority=5 max-limit=20000 burst-limit=128000
burst-threshold=128000 burst-time=5s

7 name="MEJA6-UP" parent=UPSTREAM packet-mark=meja6 limit-at=10000
queue=default priority=5 max-limit=20000 burst-limit=0 burst-threshold=0
burst-time=0s

8 name="MEJA7-UP" parent=UPSTREAM packet-mark=meja7 limit-at=10000
queue=default priority=4 max-limit=20000 burst-limit=0 burst-threshold=0
burst-time=0s

9 name="DOWNSTREAM" parent=Local packet-mark="" limit-at=0
queue=ethernet-default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s

10 name="Kamar-DOWN" parent=DownSquid packet-mark=Kamar limit-at=0
queue=default priority=6 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

11 name="MEJA2-DOWN" parent=DOWNSTREAM packet-mark=meja2 limit-at=98000
queue=default priority=5 max-limit=128000 burst-limit=512000
burst-threshold=256000 burst-time=5s

12 name="MEJA3-DOWN" parent=DOWNSTREAM packet-mark=meja3 limit-at=0
queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

13 name="MEJA4-DOWN" parent=DOWNSTREAM packet-mark=meja4 limit-at=98000
queue=default priority=5 max-limit=128000 burst-limit=512000
burst-threshold=256000 burst-time=5s

14 name="MEJA5-DOWN" parent=DOWNSTREAM packet-mark=meja5 limit-at=98000
queue=default priority=5 max-limit=128000 burst-limit=512000
burst-threshold=256000 burst-time=5s

15 name="MEJA6-DOWN" parent=DOWNSTREAM packet-mark=meja6 limit-at=0
queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

16 name="MEJA1-DOWN" parent=DOWNSTREAM packet-mark=meja1 limit-at=98000
queue=default priority=4 max-limit=128000 burst-limit=512000
burst-threshold=256000 burst-time=5s

17 name="BOKAP-UP" parent=UPSTREAM packet-mark=bokap limit-at=10000
queue=default priority=5 max-limit=20000 burst-limit=0 burst-threshold=0
burst-time=0s

18 name="OP-UP" parent=UPSTREAM packet-mark=Operator limit-at=10000
queue=default priority=4 max-limit=20000 burst-limit=128000
burst-threshold=0 burst-time=5s

19 name="BOKAP-DOWN" parent=DOWNSTREAM packet-mark=bokap limit-at=98000
queue=default priority=5 max-limit=125000 burst-limit=0
burst-threshold=0 burst-time=0s

20 name="OP-DOWN" parent=DOWNSTREAM packet-mark=Operator limit-at=98000
queue=default priority=8 max-limit=128000 burst-limit=512000
burst-threshold=256000 burst-time=5s

21 name="squid-dl" parent=Squid packet-mark=squiddl limit-at=0 queue=default
priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

22 name="rfodn" parent=Local packet-mark=rfodn limit-at=0 queue=default
priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

23 name="rf-up" parent=Public packet-mark=rfoup limit-at=0 queue=default
priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

24 name="MEJA7-DOWN" parent=DOWNSTREAM packet-mark=meja7 limit-at=0
queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

25 name="DownSquid" parent=Squid packet-mark="" limit-at=0
queue=ethernet-default priority=6 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s

26 name="UpSquid" parent=Public packet-mark="" limit-at=0
queue=ethernet-default priority=5 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s

27 name="BILLING-DOWN" parent=DOWNSTREAM packet-mark=billing limit-at=98000
queue=default priority=5 max-limit=128000 burst-limit=512000
burst-threshold=256000 burst-time=20s

28 name="Kamar-UP" parent=UpSquid packet-mark=Kamar limit-at=0 queue=default
priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

29 name="Prox-DOWN" parent=DownSquid packet-mark=squidprox limit-at=0
queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

30 name="Prox-UP" parent=UpSquid packet-mark=squidprox limit-at=0
queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

31 name="HIT" parent=Local packet-mark=Squid-HIT limit-at=0 queue=default
priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
what i wanted to do exactly is this:
1. I wanted to limit the traffic going to and from public interface
2. I have placed zph 0x30 in squid.conf so any hit from squid are not limited
3. admin station is also act as a media file server for the clients, therefore, the media sharing traffic between them should not be limited, perhaps the smb port.
4. I wanted to enforce queue tree not the simple queue

what i encountered so far:
1. if i placed the limit on the clients queue, and the dst-nat for squid is on, no limit happens whatsoever
2. the queue only works if the connection was not redirected
3. all traffic is limited even when the clients accessing files on admin station. =(

notes:
am just a noob wanted to learn, please its not a job, its all simulated on several vm machines. :|

thanks b4.
Top
 
d33cktr4zy
just joined
Topic Author
Posts: 7
Joined: Tue Nov 17, 2009 9:38 am

Re: Help, I want to manage bandwidth from external proxy

Wed Nov 18, 2009 4:02 pm

God...20+ views without any reply? :?
anyone? atleast gimme link?
bump it...
Top
Locked
  4. RouterOS
  5. Beginner Basics