Up&Down unlimit from WebProxy.

Mikro-Man-Tik · Sun Feb 04, 2007 7:47 pm

Hi all...
can any one Help Me to do this "[the client downloads from the router (proxy) will be unlimited, but downloads from the Internet will be limite,the same goes for uploads no limitation if you are uploading to router, but limit all uploads to Internet.]"

thnx for your Help.

ferry · Mon Feb 05, 2007 1:21 pm

Yes.u can do it. 2 different, limit from web-proxy and not proxy.

The step is like this :
1. Define the ip(s) which you want to cache proxy (ip-webproxy-tab access) or ip-web-proxy setting.there is a source address.
2. Make the queue(queues simple/tree), one for the proxy(the list of ip) and the 1 for the other one(the list of ip).

I hope this can help u,

virtualmystic · Mon Feb 05, 2007 3:40 pm

i dont think this is possible..
when traffic is coming back from cache, there is no rule to check if the item was found in cache repository or if it is fetched from internet..only cache knows the real, it can be managed in squid, but with MKT web-proxy, u cant do it.

point is, how do MKT know the object was fetched from internet or from cache repository???

regds,

Asad

maximan · Mon Feb 05, 2007 7:59 pm

You can mark the flow of webproxy on OUTPUT because that is the next proccess of LOCAL PROCCESS OUT

http://www.mikrotik.com/testdocs/ros/2.9/ip/flow.php
M.

virtualmystic · Tue Feb 06, 2007 5:47 pm

You can mark the flow of webproxy on OUTPUT because that is the next proccess of LOCAL PROCCESS OUT

http://www.mikrotik.com/testdocs/ros/2.9/ip/flow.php
M.

maximan
plz elaborate it a bit more...i have already read the docs..so its not a problem..but how would we use it in this scenario..

i still stand by my openion...its not possible.

Asad.

samsoft08 · Tue Feb 06, 2007 6:52 pm

Yes you can mark all packets goes to the clients from the web-proxy , i'm using this rule in mangle and its working :

;;; Proxy Marking
chain=output out-interface=bridge1 dst-address=192.168.1.0/24
protocol=tcp action=mark-packet new-packet-mark=down-packets passthrough=no

....192.168.1.0/24 is my local network...

virtualmystic · Tue Feb 06, 2007 8:56 pm

Yes you can mark all packets goes to the clients from the web-proxy

sam, proxy works like this:

1: client initiates http request.
2: router redirects http(80) request to proxy.
3: proxy checks the requested object in its repository.
i) if found in repository, proxy sends the object back to router.
ii)if not found, proxy srcnats the request with its public ip address, object comes back to proxy, proxy saves copy in its repository, generates hash and then sends object back to router.
4: router sends response back to customer.

now in above example the bold sentences show that in both cases, response is sent to customer through proxy, thus ur rule of marking packets coming from proxy to customer will mark both scenarios..infact all http traffic of customer..there's still no differentiation between object which were a HIT or a MISS.

regds,

Asad

dawam · Tue Feb 06, 2007 11:42 pm

0 ;;; Proxy marking
chain=output out-interface=lan1 dst-address=192.168.4.0/24
protocol=tcp action=mark-packet new-packet-mark=proxymark
passthrough=no

1 ;;; Internet marking
chain=input in-interface=public protocol=tcp action=mark-packet
new-packet-mark=publicinputmark passthrough=no

so if your mark both output and input , the different , would be the traffic fetch from proxy

Mat

virtualmystic · Wed Feb 07, 2007 9:17 pm

so how exactly would you identify the hits from these chains?

valens · Thu Feb 08, 2007 2:20 pm

If you redirect all TCP:80 traffic to web-proxy, there will NOT be any direct HTTP traffic.
All traffic will go through proxy, either the proxy already have the cache or proxy will request from internet.

virtualmystic · Thu Feb 08, 2007 9:18 pm

valens,

Thats what i have been trying to make them understand, but i dont know why they cant get it...its not that difficult point to absorb.

Asad

Up&Down unlimit from WebProxy.

Up&Down unlimit from WebProxy.

Limit

Who is online