Hi,
Have a strange issue. The mangle list shown below clearly shows packets and there are two rules, mark connection and mark packets. The RB2011 queue is not controlling inbound HTTP packets. Other items in the queue list seem to be working.
#IP FIREWALL MANGLE
7 ;;; HTTP Down
chain=prerouting action=mark-connection new-connection-mark=HTTP passthrough=no protocol=tcp
in-interface=ether1-gateway src-port=80,443,8080 log=no log-prefix=""
8 chain=prerouting action=mark-packet new-packet-mark=HTTP passthrough=yes protocol=tcp in-interface=ether1-gateway
connection-mark=HTTP log=yes log-prefix="HTTP-PKT"
#QUEUE TREE
8 name="HTTP" parent=INBOUND packet-mark=HTTP limit-at=0 queue=default priority=7 max-limit=45M burst-limit=0
burst-threshold=0 burst-time=0s
However, when looking at the queue tree in GUI, it doesn't display anything for the HTTP for some strange reason.
Here is image showing going to speedtest which is using way more bandwidth than the queue should allow but queue is not doing what it should.
Below is a torch of the ether1-gateway showing packets
NEED HELP WITH Inbound QUEUE for HTTP not working
You do not have the required permissions to view the files attached to this post.
-
-
thebracket
just joined
- Posts: 4
- Joined:
- Contact:
Re: NEED HELP WITH Inbound QUEUE for HTTP not working
We solved a similar problem recently by moving the mangle rules to the "forward" chain. I think the issue in our case was when NAT is applied. You are also going to have issues with the connection/packet setup; as is, it will mark an inbound HTTP connection (and then mark packets throughout the life of that connection). Did you mean to catch outbound HTTP, or is this for HTTP you are hosting? You could remove the "in interface" completely from the connection mark rule and catch all HTTP traffic that way, and then rely on the packet mark rule to select direction (either with an interface selection, or we tend to prefer by IP range - it seems to work more reliably that way).
Re: NEED HELP WITH Inbound QUEUE for HTTP not working
Hi thebracket,
Thanks for replying.
Trying to monitor and control inbound packets to this office. Especially so to make sure there is always enough bandwidth available for SIP/RTP (VoIP).
Tried changing both mangle rules to use forward but it did not show any usage in the queue tree. After removing the 'in interface' on both mangle rules there was packet info in 'Average Rate' Also tried changing the parent in main queue (DOWNLOAD) to use Global.
What I am finding strange is the queue for HTTP turns yellow at about 37Mbps and the speedtest.net web site page shows only 37Mbps but the queue tree 'Max Limit' for HTTP is set for 60M. I cannot find what would be causing this. If the queue tree rules are all disabled, speedtest.net will report about 90Mbps down.
Thanks for replying.
Trying to monitor and control inbound packets to this office. Especially so to make sure there is always enough bandwidth available for SIP/RTP (VoIP).
Tried changing both mangle rules to use forward but it did not show any usage in the queue tree. After removing the 'in interface' on both mangle rules there was packet info in 'Average Rate' Also tried changing the parent in main queue (DOWNLOAD) to use Global.
What I am finding strange is the queue for HTTP turns yellow at about 37Mbps and the speedtest.net web site page shows only 37Mbps but the queue tree 'Max Limit' for HTTP is set for 60M. I cannot find what would be causing this. If the queue tree rules are all disabled, speedtest.net will report about 90Mbps down.