Hello everyone,

I have this scenario: A RB1200 has mangle rules to mark the connection and packets in order to use the packet marks for Queues purposes for down and up bandwith limit, the web proxy is activated and has parent proxy the ip address 192.168.1.1 and the NAT rules to redirect the LAN web traffic to the proxy which is in another network created in the eth3. NAT rules are:
the problem is that when the rule 1 is active, the queues don't make the limitation, if the rule 1 is inactive, the router works fine with the queues and make the limitation.
Another problem is that when the rule 1 is active the CPU goes all the way up to 100%, and when the rule is inactive it goes to 5%

what could be the problem?? how do i make the limitation to the router and also redirect the traffic to a proxy server?

Is there a specific reason you're not just doing destination NAT to punt traffic directly to the proxy server, rather than redirecting it to the router first?

Queueing presumably isn't happening for the same reason: you're redirecting traffic to the router itself, so now that traffic is in the input/output chains, rather than forward.

Hi Fewi,

Actually yes...for some reason it doesn't work when I redirect the traffic instead, i got an error on the navigation, i can't understand why...it's transparent and also no transparent and no luck...can't really understand why because teh proxy is actually working when i configure the proxy in the browser...

Thanks fewi!

Try and fix that. Your router is running at 100% because it can't handle being a proxy for that much traffic.

If you need help fixing it provide more details.

Hi Fewi,

It works now with the dst nat action, but for some reason the queues work just for download, and not upload
this are the nat configuration rules

0 ;;; Nateo de Red y redireccion a Thundercache
chain=srcnat action=masquerade src-address=192.168.1.1

1 chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=3128
protocol=tcp in-interface=LAN-CLIENTES dst-port=80

2 ;;; Nateo de Red de clientes
chain=srcnat action=masquerade src-address-list=Lista_Home_512k_1

Don't understand why it's not limiting the upload

Those are just NAT rules - if you need help troubleshooting your queues please post your queue configuration.

It worked with the dnat rule, it didn't worked with queues because in queues the parent was assigned to other interface...my bad

thanks for your reply!