Overseas Traffic in 2.9.26

yri · Sun Jul 16, 2006 7:18 pm

There is how to for 2.8
http://www.mikrotik.com/docs/ros/2.8/ho ... to.content
How to make the same in 2.9 ?

Sun Jul 16, 2006 7:24 pm

Use address-list, that will decrease mangle rules. (adding local addresses to address-list), than use 'src/dst-address-list'.
Add chain=prerouting, action=connection-mark/packet-mark, mangle facility pretty well described in mangle documentation.

yri · Mon Jul 17, 2006 6:08 pm

Have some problems!

I need to make this
local ip 192.168.0.4 world speed 64k country ips from address list 128k

Made address list with country ip next

markconnection prerouting 192.168.0.4 connection-mark 192.168.0.4con packet-mark 192.168.0.4pack
markconnection prerouting 192.168.0.4 connection-mark 192.168.0.4loc packet-mark 192.168.0.4packloc

Making queues for 192.168.0.4pack 64k and 192.168.0.4packloc 128k

And it didnt work

Whats my mistake

Tue Jul 18, 2006 7:12 am

Paste your configuration,
ip firewall mangle ,
queue simple (tree), which one you are using,
ip firewall address-list.

yri · Tue Jul 18, 2006 5:39 pm

Wed Jul 19, 2006 7:36 am

I mean 'ip firewall mangle export', paste at least this configuration.

yri · Wed Jul 19, 2006 8:53 am

/ ip firewall mangle
add chain=prerouting src-address=192.168.0.2 action=mark-connection \
new-connection-mark=192.168.0.2con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.2con action=mark-packet \
new-packet-mark=192.168.0.2pack passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.3 action=mark-connection \
new-connection-mark=192.168.0.3con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.3con action=mark-packet \
new-packet-mark=192.168.0.3pack passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 action=mark-connection \
new-connection-mark=192.168.0.4con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.4con action=mark-packet \
new-packet-mark=192.168.0.4pack passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.10 action=mark-connection \
new-connection-mark=192.168.0.10con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.10con action=mark-packet \
new-packet-mark=192.168.0.10pack passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 dst-address-list=UKRAINE \
action=mark-connection new-connection-mark=192.168.0.4ukr passthrough=yes \
comment="" disabled=yes
add chain=prerouting connection-mark=192.168.0.4ukr dst-address-list=UKRAINE \
action=mark-packet new-packet-mark=192.168.0.4packukr passthrough=yes \
comment="" disabled=yes

#
/ ip firewall address-list
add list=all_services address=192.168.0.0/25 comment="full access list" \
disabled=no
add list=mail address=192.168.0.224/27 comment="mail access list" disabled=no
add list=UKRAINE address=62.16.0.0/19 comment="UKRAINE NETWORK LIST" \
disabled=no
add list=UKRAINE address=62.64.64.0/18 comment="" disabled=no
add list=UKRAINE address=62.64.80.0/21 comment="" disabled=no
add list=UKRAINE address=62.64.87.0/24 comment="" disabled=no
add list=UKRAINE address=62.64.88.0/21 comment="" disabled=no
add list=UKRAINE address=62.64.96.0/21 comment="" disabled=no
add list=UKRAINE address=62.64.104.0/21 comment="" disabled=no
add list=UKRAINE address=62.64.112.0/21 comment="" disabled=no
add list=UKRAINE address=62.64.120.0/21 comment="" disabled=no
add list=UKRAINE address=62.80.160.0/19 comment="" disabled=no
add list=UKRAINE address=62.149.0.0/19 comment="" disabled=no
add list=UKRAINE address=62.221.32.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.33.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.34.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.37.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.42.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.43.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.44.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.45.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.46.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.47.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.48.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.49.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.50.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.51.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.52.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.53.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.54.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.55.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.56.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.60.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.61.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.62.0/24 comment="" disabled=no
add list=UKRAINE address=62.244.0.0/18 comment="" disabled=no
add list=UKRAINE address=80.70.65.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.66.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.67.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.68.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.69.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.70.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.77.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.80.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.82.0/24 comment="" disabled=no
add list=UKRAINE address=80.73.0.0/20 comment="" disabled=no
add list=UKRAINE address=80.77.32.0/20 comment="" disabled=no
add list=UKRAINE address=80.78.32.0/19 comment="" disabled=no
add list=UKRAINE address=80.84.176.0/20 comment="" disabled=no
add list=UKRAINE address=80.90.224.0/20 comment="" disabled=no
add list=UKRAINE address=80.91.160.0/19 comment="" disabled=no
add list=UKRAINE address=80.92.224.0/20 comment="" disabled=no
add list=UKRAINE address=80.93.112.0/20 comment="" disabled=no
add list=UKRAINE address=80.94.240.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.248.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.249.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.250.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.251.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.252.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.253.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.254.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.255.0/24 comment="" disabled=no
add list=UKRAINE address=80.243.144.0/20 comment="" disabled=no
add list=UKRAINE address=80.245.112.0/20 comment="" disabled=no
add list=UKRAINE address=80.249.224.0/20 comment="" disabled=no
add list=UKRAINE address=80.252.240.0/20 comment="" disabled=no
add list=UKRAINE address=80.254.0.0/20 comment="" disabled=no
add list=UKRAINE address=80.255.64.0/20 comment="" disabled=no
add list=UKRAINE address=81.17.128.0/20 comment="" disabled=no
add list=UKRAINE address=81.21.0.0/20 comment="" disabled=no
add list=UKRAINE address=81.23.16.0/20 comment="" disabled=no
add list=UKRAINE address=81.25.224.0/20 comment="" disabled=no
add list=UKRAINE address=81.30.160.0/20 comment="" disabled=no
add list=UKRAINE address=81.90.224.0/20 comment="" disabled=no
add list=UKRAINE address=81.95.176.0/21 comment="" disabled=no
add list=UKRAINE address=82.144.192.0/19 comment="" disabled=no
add list=UKRAINE address=82.193.96.0/19 comment="" disabled=no
add list=UKRAINE address=83.137.88.0/21 comment="" disabled=no
add list=UKRAINE address=83.142.232.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.233.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.234.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.235.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.236.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.237.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.238.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.239.0/24 comment="" disabled=no
add list=UKRAINE address=83.143.232.0/21 comment="" disabled=no
add list=UKRAINE address=83.170.192.0/18 comment="" disabled=no
add list=UKRAINE address=83.218.228.0/22 comment="" disabled=no
add list=UKRAINE address=83.218.232.0/22 comment="" disabled=no
add list=UKRAINE address=83.218.236.0/22 comment="" disabled=no
add list=UKRAINE address=83.218.240.0/22 comment="" disabled=no
add list=UKRAINE address=83.218.244.0/22 comment="" disabled=no
add list=UKRAINE address=83.218.248.0/22 comment="" disabled=no
add list=UKRAINE address=83.218.252.0/22 comment="" disabled=no
add list=UKRAINE address=84.47.178.0/23 comment="" disabled=no
add list=UKRAINE address=85.90.192.0/19 comment="" disabled=no
add list=UKRAINE address=85.114.192.0/19 comment="" disabled=no
add list=UKRAINE address=85.159.0.0/21 comment="" disabled=no
add list=UKRAINE address=85.198.129.0/24 comment="" disabled=no
add list=UKRAINE address=85.198.130.0/24 comment="" disabled=no
add list=UKRAINE address=85.198.131.0/24 comment="" disabled=no
add list=UKRAINE address=85.198.132.0/24 comment="" disabled=no
add list=UKRAINE address=85.202.0.0/16 comment="" disabled=no
add list=UKRAINE address=85.223.128.0/17 comment="" disabled=no
add list=UKRAINE address=85.238.96.0/19 comment="" disabled=no
add list=UKRAINE address=86.111.224.0/21 comment="" disabled=no
add list=UKRAINE address=87.236.224.0/24 comment="" disabled=no
add list=UKRAINE address=87.236.226.0/24 comment="" disabled=no
add list=UKRAINE address=87.238.152.0/24 comment="" disabled=no
add list=UKRAINE address=87.238.153.0/24 comment="" disabled=no
add list=UKRAINE address=195.39.196.0/23 comment="" disabled=no
add list=UKRAINE address=193.202.110.0/24 comment="" disabled=no

#
/ queue tree
add name="192.168.0.2DOWN" parent=Local packet-mark=192.168.0.2pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.2UP" parent=Local packet-mark=192.168.0.2pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.3DOWN" parent=Local packet-mark=192.168.0.3pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.3UP" parent=Local packet-mark=192.168.0.3pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4DOWN" parent=Local packet-mark=192.168.0.4pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4UP" parent=Local packet-mark=192.168.0.4pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.10DOWN" parent=Local packet-mark=192.168.0.10pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.10UP" parent=Local packet-mark=192.168.0.10pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4DOWN UKR" parent=Local packet-mark=192.168.0.4packukr \
limit-at=128000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=yes
add name="192.168.0.4UP UKR" parent=Local packet-mark=192.168.0.4packukr \
limit-at=128000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=yes

Wed Jul 19, 2006 10:17 am

1) Mangle configuration.
I suggest yout to place passtrough=no after each action=packet-mark, that will avoid packets from remarking.
Probably, it will be easier to create two address-lists; local-addresses, local-state-addresses.
Assign two packet-marks;
one src-address-list=local dst-address-list=local-state-addresses,
second src-address-list=local dst-address-list=!local-state-address (=no local-state). If you want to limit local and oversease bandwidth for all users.

2) Use 'parent=local-interface-name' for download and 'parent=public-interface-name' for upload in queue tree.
You can also use simple queue to accomplish this scenario.

yri · Wed Jul 19, 2006 6:45 pm

Did this to mangle rule

#
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.2 action=mark-connection \
new-connection-mark=192.168.0.2con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.2con action=mark-packet \
new-packet-mark=192.168.0.2pack passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.3 action=mark-connection \
new-connection-mark=192.168.0.3con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.3con action=mark-packet \
new-packet-mark=192.168.0.3pack passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 action=mark-connection \
new-connection-mark=192.168.0.4con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.4con action=mark-packet \
new-packet-mark=192.168.0.4pack passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.10 action=mark-connection \
new-connection-mark=192.168.0.10con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.10con action=mark-packet \
new-packet-mark=192.168.0.10pack passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 dst-address-list=UKRAINE \
action=mark-connection new-connection-mark=192.168.0.4ukr passthrough=yes \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.4ukr dst-address-list=UKRAINE \
action=mark-packet new-packet-mark=192.168.0.4packukr passthrough=no \
comment="" disabled=no
add chain=prerouting src-address-list=Local dst-address-list=UKRAINE \
action=mark-packet new-packet-mark=UKRAINE passthrough=no comment="" \
disabled=no
add chain=prerouting src-address-list=Local dst-address-list=!UKRAINE \
action=mark-packet new-packet-mark=WORLD passthrough=no comment="" \
disabled=no

And what should i add in queue ?

Example please for world and ukraine traf

shielder · Thu Jul 20, 2006 5:19 am

Hi, i have tried using xx.xx.xx.xx/21 it couldn't work on address list. The most we could do using address list is only /24. Does anyone ever experience this?

Thu Jul 20, 2006 7:19 am

yri,
I suppose mangle rules with src-addresses (192.168.0.2 etc.) are not necessary, if you added them to another address-list.
1) first mangle rule to mark connections.
2) second mangle rule to mark packets from users to addresses not in address-list.
3) third mangle rule to mark packets from users to addresses placed in address-list.

Add simple queue, e.g.
'queue simple add target-address=192.168.0.4 limit-at=xxx/xxx packet-marks=packet-mark'

shielder,
There is no problems 'ip firewall address-list add 10.1.34.1/24' list 1;
ip firewall address-list> print
Flags: X - disabled, D - dynamic
# LIST ADDRESS
0 1 10.1.32.0/21

yri · Thu Jul 20, 2006 8:46 am

Thank you very mutch its working

yri · Fri Jul 21, 2006 7:48 am

damit problem persist

Ukraine traffic counts as world
And queue only world

#
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.2 action=mark-connection \
new-connection-mark=192.168.0.2con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.3 action=mark-connection \
new-connection-mark=192.168.0.3con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 action=mark-connection \
new-connection-mark=192.168.0.4con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.10 action=mark-connection \
new-connection-mark=192.168.0.10con passthrough=yes comment="" disabled=no
add chain=prerouting src-address-list=Local dst-address-list=UKRAINE \
action=mark-packet new-packet-mark=UKRAINE passthrough=yes comment="" \
disabled=no
add chain=prerouting src-address-list=Local dst-address-list=!UKRAINE \
action=mark-packet new-packet-mark=WORLD passthrough=no comment="" \
disabled=no
add chain=prerouting connection-mark=192.168.0.4con dst-address-list=UKRAINE \
action=mark-packet new-packet-mark="192.168.0.4 U" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.4con dst-address-list=!UKRAINE \
action=mark-packet new-packet-mark="192.168.0.4 W" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.3con dst-address-list=UKRAINE \
action=mark-packet new-packet-mark="192.168.0.3 U" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.2con dst-address-list=UKRAINE \
action=mark-packet new-packet-mark="192.168.0.2 U" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.10con dst-address-list=UKRAINE \
action=mark-packet new-packet-mark="192.168.0.10 U" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.2con dst-address-list=!UKRAINE \
action=mark-packet new-packet-mark="192.168.0.2 W" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.3con dst-address-list=!UKRAINE \
action=mark-packet new-packet-mark="192.168.0.3 W" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.10con dst-address-list=!UKRAINE \
action=mark-packet new-packet-mark="192.168.0.10 W" passthrough=no \
comment="" disabled=no

Fri Jul 21, 2006 8:30 am

I suggest you to change mangle rules.
1) mark all connections from users subnet 192.168.0.0
2) mark packets src-address=192.168.0.0 dst-address=!ukraine
3) mark packets src-address=192.168.0.0 dst-address=ukraine
If you need equal bandwidth to all users use PCQ, if different band required
4) 'queue simple add target-address=192.168.0.2 packet-mark=ukraine limit-at'.
5) the same simple queue for abroad traffic, only with packet-mark=!ukraine.

yri · Fri Jul 21, 2006 9:28 am

Left only this
did the rite thing ?

Still not working

Cant find there i am ron

#
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.4 action=mark-connection \
new-connection-mark=192.168.0.4con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con \
dst-address-list=UKRAINE action=mark-packet new-packet-mark=192.168.0.4U \
passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con \
dst-address-list=!UKRAINE action=mark-packet new-packet-mark=192.168.0.4W \

/ queue simple
add name="192.168.0.4 W" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=192.168.0.4W direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=64000/64000 total-queue=default-small disabled=no
add name="192.168.0.4 U" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=192.168.0.4U direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=64000/64000 burst-threshold=128000/128000 \
total-queue=default-small disabled=no

Fri Jul 21, 2006 9:31 am

1) You have to use passtrough=no for mangle packet-mark rule (than it should work).
2) You can place abroad packet-mark rule before local traffic rule.

yri · Fri Jul 21, 2006 9:54 am

/ queue simple
add name="192.168.0.4 W" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=192.168.0.4W direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=64000/64000 total-queue=default-small disabled=no
add name="192.168.0.4 U" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=192.168.0.4U direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=64000/64000 burst-threshold=128000/128000 \
total-queue=default-small disabled=no

/ ip firewall mangle
add chain=prerouting src-address=192.168.0.4 action=mark-connection \
new-connection-mark=192.168.0.4con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con \
dst-address-list=!UKRAINE action=mark-packet new-packet-mark=192.168.0.4W \
passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con \
dst-address-list=UKRAINE action=mark-packet new-packet-mark=192.168.0.4U \
passthrough=no comment="" disabled=no

Did like this still count Ukrainian as world both counters runing
And in queue ! download counts as Upload and also Ukraine count there as world

yri · Fri Jul 21, 2006 10:20 am

#
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.4 action=mark-connection \
new-connection-mark=192.168.0.4con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con \
src-address-list=Local dst-address-list=!UKRAINE action=mark-packet \
new-packet-mark=192.168.0.4W passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con \
src-address-list=Local dst-address-list=UKRAINE action=mark-packet \
new-packet-mark=192.168.0.4U passthrough=no comment="" disabled=no

With such rule looks like counting
but as i sad tels download is Upload

Whats rong

?

yri · Fri Jul 21, 2006 9:39 pm

Managed to make it working
made 2 conection mark one world one ykraine for each Local Ip
And then 1 pack mark for 1 con and 2 pack mark foer 2 conection
and also 2 queuq for each and now counts all and queue all good

listing

/ ip firewall mangle
add chain=prerouting src-address=192.168.0.4 dst-address-list=!UKRAINE \
action=mark-connection new-connection-mark=192.168.0.4conW passthrough=yes \
comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 dst-address-list=UKRAINE \
action=mark-connection new-connection-mark=192.168.0.4conU passthrough=yes \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.4conU action=mark-packet \
new-packet-mark="192.168.0.4 UU" passthrough=no comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.4conW action=mark-packet \
new-packet-mark="192.168.0.4 WW" passthrough=no comment="" disabled=no

/ queue tree
add name="192.168.0.4DOWN U" parent=Local packet-mark="192.168.0.4 UU" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4UP U" parent=Local packet-mark="192.168.0.4 UU" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4DOWN W" parent=Local packet-mark="192.168.0.4 WW" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4UP W" parent=Local packet-mark="192.168.0.4 WW" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no

eugenevdm · Sun Sep 24, 2006 10:54 am

I suppose mangle rules with src-addresses (192.168.0.2 etc.) are not necessary, if you added them to another address-list.
1) first mangle rule to mark connections.
2) second mangle rule to mark packets from users to addresses not in address-list.
3) third mangle rule to mark packets from users to addresses placed in address-list.

sergis,
Would you consider writing a new howto or wiki entry to clarify this issue? It is sometimes very confusing when to mark connections, when to mark packets, and when not to use passthrough.

As you can see in final example of yri he actually used TWO connections marks, not one as you suggested, and his packet marks does not reference source or destination addresses at all!

Wed Sep 27, 2006 8:19 am

eugenevdm,
the particular example is added to the wiki 'bandwidth control' section.

advantz · Tue Oct 03, 2006 5:53 pm

is this mangle, mark packet both ways (up and down)?

Because I applied this sample, but marking didn't work for UPSTREAM in simple queues, traffic graph in simple queues for upstream is zero

advantz · Tue Oct 03, 2006 6:45 pm

/ queue tree
add name="192.168.0.4DOWN U" parent=Local packet-mark="192.168.0.4 UU" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4UP U" parent=Local packet-mark="192.168.0.4 UU" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4DOWN W" parent=Local packet-mark="192.168.0.4 WW" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4UP W" parent=Local packet-mark="192.168.0.4 WW" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no

Edited, sorry wrong post :P

Tue Oct 03, 2006 6:52 pm

Have you tried example from the Wiki ?
Note, to use Simple queue mark packets in the 'chain=prerouting'.

advantz · Tue Oct 03, 2006 7:01 pm

Have you tried example from the Wiki ?
Note, to use Simple queue mark packets in the 'chain=prerouting'.

Yes, of course.
that mark is only for downstream only. upstream didn't work

some questions :
what is IN INTERFACE and OUT INTERFACE in mangle?

Tue Oct 03, 2006 7:07 pm

Could you clarify which example does not work (from Wiki or posted in the forum) ?

'in-interface' and 'out-interface' machers identifies the traffic in or out traffic in the specified interface.

advantz · Tue Oct 03, 2006 7:11 pm

http://wiki.mikrotik.com/wiki/How_to_ap ... as_traffic

already set 512k/512k but upstream got past 1M

thank you sergejs

This is example :

Queue set 1M/1M traffic graph shows 1M for downstream and 0 for upstream...
That's why I wanted simple queues feature that can use address-list for dst-addresses...

Tue Oct 03, 2006 7:23 pm

Could you paste the export from configuration (mangle, queues) ?
I have tried it on my router, download and upload were limited.

advantz · Tue Oct 03, 2006 7:38 pm

Could you paste the export from configuration (mangle, queues) ?
I have tried it on my router, download and upload were limited.

/ ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=all-con passthrough=yes comment="ALL CON" disabled=no 
add chain=prerouting dst-address-list=LOCAL action=mark-connection new-connection-mark=local-con passthrough=yes comment="LOCAL CON" disabled=no 
add chain=prerouting connection-mark=all-con action=mark-packet new-packet-mark=all-mark passthrough=no comment="ALL MARK" disabled=no 
add chain=prerouting connection-mark=local-con action=mark-packet new-packet-mark=local-mark passthrough=no comment="LOCAL MARK" disabled=no 



/ queue simple
add name="LUCAS LOCAL" target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=local-mark priority=8 queue=default/default \
    limit-at=0/0 max-limit=1024000/1024000 total-queue=default disabled=no 
add name="LUCAS ALL" target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=all-mark priority=8 queue=default/default \
    limit-at=0/0 max-limit=128000/128000 total-queue=default disabled=no 


/ ip firewall address-list 
add list=LOCAL address=159.148.0.0/16 comment="" disabled=no 
add list=LOCAL address=193.41.195.0/24 comment="" disabled=no 
add list=LOCAL address=193.41.33.0/24 comment="" disabled=no 
add list=LOCAL address=193.41.45.0/24 comment="" disabled=no 
add list=LOCAL address=193.68.64.0/19 comment="" disabled=no 
add list=LOCAL address=193.108.29.0/24 comment="" disabled=no 
add list=LOCAL address=193.108.144.0/22 comment="" disabled=no 
add list=LOCAL address=193.108.185.0/24 comment="" disabled=no 
add list=LOCAL address=193.109.211.0/24 comment="" disabled=no 
add list=LOCAL address=193.109.85.0/24 comment="" disabled=no 
add list=LOCAL address=193.110.8.0/23 comment="" disabled=no 
add list=LOCAL address=193.110.164.0/23 comment="" disabled=no

address-list is example/partial only

Wed Oct 04, 2006 8:54 am

If you will upload some file to the remote server, bandwidth is not limited ?