Is there a way to unlimited some services or IP after user login to hotpsot?
Unlimited means not count the bandwidth usage, unlimited speed.

Thanks,

Maybe this? Credit should go to fewi.

That bypasses NAT and filter rules only and doesn't affect simple queues. It's surprisingly hard to exempt certain traffic from rate limiting when using a Hotspot. You can override the simple queues that Hotspots use for rate limiting all traffic via queue trees attached to global-in and global-out, and then give those queues very high rate limits. For example, to exempt all traffic from Hotspot users to services running on tcp/10000 and traffic to any host with an IP address on the 1.1.1.0/24 network, as well as all returning traffic, you would do something like below. First mark all the traffic from Hotspot user to the Internet in prerouting, and all return traffic in postrouting. Then create queue types for that traffic, and finally queues that override simple queues with a rate limit of 1 Gbps, effectively giving unlimited bandwidth. I'm assuming the interface the Hotspot is running on is called 'hotspot'.
There may be typos in that since it's made up on the fly, but the theory of it works just fine.

Excellent, It worked!! Many thanks

Another question:

If i mangled the exempt traffic on prerouting(upload) and postrouting(download) and i did not configure Queue Tree to set the limit.
1. Why the exampt traffic is still captured by Simple Queue (hotspot limit)
2. Why do I need to use SFQ Queue type?

Because mangling isn't queuing, and the simple queue will grab all traffic unless another queue grabs it first.

You can use any queue type. I tend to use SFQ because it's trying to be fair between users, just in case the max-limit ever gets approached.

That bypasses NAT and filter rules only and doesn't affect simple queues. It's surprisingly hard to exempt certain traffic from rate limiting when using a Hotspot. You can override the simple queues that Hotspots use for rate limiting all traffic via queue trees attached to global-in and global-out, and then give those queues very high rate limits. For example, to exempt all traffic from Hotspot users to services running on tcp/10000 and traffic to any host with an IP address on the 1.1.1.0/24 network, as well as all returning traffic, you would do something like below. First mark all the traffic from Hotspot user to the Internet in prerouting, and all return traffic in postrouting. Then create queue types for that traffic, and finally queues that override simple queues with a rate limit of 1 Gbps, effectively giving unlimited bandwidth. I'm assuming the interface the Hotspot is running on is called 'hotspot'.

Code: Select all

/ip firewall mangle
add comment="mark exempt upstream to tcp/10000" chain=prerouting in-interface=hotspot protocol=tcp dst-port=10000 action=mark-packet new-packet-mark=exempt-upstream
add comment="mark exempt upstream to 1.1.1.0/24" chain=prerouting in-interface dst-address=1.1.1.0/24 action=mark-packet new-packet-mark=exempt-upstream

add comment="mark exempt downstream from tcp/10000" chain=postrouting out-interface=hotspot protocol=tcp src-port=10000 action=mark-packet new-packet-mark=exempt-downstream
add comment="mark exempt downstream from 1.1.1.0/24" chain=postrouting out-interface src-address=1.1.1.0/24 action=mark-packet new-packet-mark=exempt-downstream

/queue types
add name=exempt-upstream kind=sfq
add name=exempt-downstream kind=sfq

/queue trees
add name=exempt-upstream parent=global-in queue=exempt-upstream packet-mark=exempt-upstream max-limit=1G
add name=exempt-downstream parent=global-out queue=exempt-downstream packet-mark=exempt-downstream max-limit=1G

There may be typos in that since it's made up on the fly, but the theory of it works just fine.

fewi ... this is exactly what i'm trying to achieve with my 6.34 CCR-1009 router but unfortunately i'm facing difficulty to do it .. See the following script i wrote which should mark everything to be limited by dynamic simple queues exempt the traffic going to "Social" address-list and then update dynamic simple queue to use that mark packet:

/ip firewall mangle
add action=mark-connection chain=prerouting comment="Mark Upload Connection" new-connection-mark=c-up-social src-address=10.100.0.0/22
add action=mark-packet chain=prerouting connection-mark=c-up-social dst-address-list=Social new-packet-mark=pkt-up-social passthrough=no
add action=mark-connection chain=postrouting comment="Mark Download Connection" dst-address=10.100.0.0/22 new-connection-mark=c-download
add action=mark-packet chain=postrouting connection-mark=c-download new-packet-mark=pkt-dn-rest passthrough=no src-address-list=!Social
add action=mark-packet chain=postrouting connection-mark=c-download new-packet-mark=pkt-dn-social passthrough=no src-address-list=Social

/queue simple set packet-marks=pkt-dn-rest [find dynamic=yes]

/queue tree
add limit-at=900k max-limit=1800k name=Social-DN packet-mark=pkt-dn-social parent=global queue=default
add limit-at=300k max-limit=450k name=Social-UP packet-mark=pkt-up-social parent=global queue=default

Dynamic simple queue has 128k/256k limitation for all hotspot users, and with the "pkt-dn-rest" Social traffic will get different bandwidth written on queue tree above (but it's not working as i want)