Help me plzz.... :(

kunimihiro · Thu Apr 12, 2007 4:54 pm

Hi All.. I'm so glad that i found this site, hope i can learn many things from seniors in this forum

Guys, i've just setup an ISP with former clients is my internet cafes. I use MT to route my network. Here is the configuration:

Public Network GW------| |---National Network GW
------------------------- Router--------------------------
Proxy Server-----------| |-----------Clients

Proxy Server, Router and Clients is on a network LAN
the BW for public is 512K and national is 5M

So i have 3 interfaces on the router, Public, National (Local), and LAN
I do the following setup:
- Route all the dst-address to specific GW
- I use a computer act as a proxy server (running FreeBSD)
- Every Clients which connect through port 80 will be redirected to the proxy server
- I use queue tree to limit bandwidth for each routing (to Public and to National Local) as the LAN is looseless BW
- The proxy server works only for the address list that route through Public GW

My problem :
- As the proxy server act as mediator for the client and public, the proxy always uses the highest bandwidth (in this case all of the public BW)
- When a client try to test bandwidth, always get small amount, and ping to a server usually time-out, buuuuut ... when browsing not that slow because connection to the proxy is in LAN
- When i disable the redirection to the proxy server, i see that queue tree isn't very effective ( i want a single client got 64 kb, but ended up got small amount, because another client uses the bandwidth)
I use queue tree like this --> limit at 64k max limit 512k
- The proxy isn't deliver packages like what LAN usually do (a.k.a slow)

My question :
- Is there any way to utilize the proxy so it isn't use high bandwidth, so the client could use the rest, because if i set proxy get high bandwidth, a client couldn't even ping to yahoo for example
- What is the effecient and effective way to use external proxy, and queueing BW for client
- Is my setup is quite right?

Thx for all the upcoming answers
Every bit of ur answer would please me

kunimihiro · Fri Apr 13, 2007 11:00 pm

hiks.. anybody...
help me plzzz

sten · Sat Apr 14, 2007 12:42 am

Limit the customer traffic before it can reach the proxy?

kunimihiro · Sat Apr 14, 2007 4:15 am

Helo Sten...
I think i see that my problem is the connection to the proxy
My current config is like this:

- Client connect to the gateway router and the router redirect all connection with port 80 to proxy server
- I use pcq to limit the user equally
Here is my mangle setup:

/ ip firewall mangle 
add chain=prerouting src-address-list=!localIP action=mark-packet new-packet-mark=all-intl-mark passthrough=yes comment="" \
    disabled=yes 
add chain=prerouting src-address-list=localIP action=mark-packet new-packet-mark=all-regIP-mark passthrough=yes comment="" \
    disabled=yes 
add chain=postrouting dst-address=10.5.9.3 action=mark-connection new-connection-mark=all-proxy-conn passthrough=yes \
    comment="All Proxy Download" disabled=no 
add chain=prerouting connection-mark=all-proxy-conn action=mark-packet new-packet-mark=all-proxy-mark passthrough=yes \
    comment="" disabled=no 
add chain=postrouting src-address-list=Customer-IP dst-address-list=Customer-IP action=mark-connection \
    new-connection-mark=our-local-conn passthrough=yes comment="" disabled=no 
add chain=prerouting connection-mark=our-local-conn action=mark-packet new-packet-mark=our-local passthrough=yes \
    comment="" disabled=no 

add chain=postrouting dst-address=10.5.10.218 src-address-list=!localIP action=mark-connection \
    new-connection-mark=caffe1-intl-con passthrough=yes comment="" disabled=no 
add chain=postrouting dst-address=10.5.10.220 src-address-list=!localIP action=mark-connection \
    new-connection-mark=caffe2-intl-con passthrough=yes comment="" disabled=no 
add chain=prerouting connection-mark=caffe1-intl-con action=mark-packet new-packet-mark=caffe1-intl passthrough=yes \
    comment="" disabled=no
add chain=prerouting connection-mark=caffe2-intl-con action=mark-packet new-packet-mark=caffe2-intl passthrough=yes \
    comment="" disabled=no

with customer-list

/ip firewall address-list
add list=Customer-IP address=10.5.10.218 comment="caffe1" disabled=no 
add list=Customer-IP address=10.5.10.220 comment="caffe2" disabled=no 
add list=Customer-IP address=10.5.9.1 comment="MainGateway" disabled=yes
add list=Customer-IP address=10.5.9.3 comment="Proxy" disabled=yes

and this is my queue setup :

/queue tree
add name="Total-512K-down" parent=LAN packet-mark="" limit-at=512k queue=pcq_down priority=8 max-limit=512k burst-limit=0 \
    burst-threshold=0 burst-time=0s disabled=no 
add name="caffe1-down" parent=Total-512K-down packet-mark=caffe1-intl limit-at=0 queue=pcq_down priority=8 max-limit=0 \
    burst-limit=0 burst-threshold=0 burst-time=0s disabled=no 
add name="caffe2-down" parent=Total-512K-down packet-mark=caffe2-intl limit-at=0 queue=pcq_down priority=8 max-limit=0 \
    burst-limit=0 burst-threshold=0 burst-time=0s disabled=no 
add name="OurLocal" parent=global-in packet-mark=our-local limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 \
    burst-threshold=0 burst-time=0s disabled=no 
add name="all-proxy" parent=LAN packet-mark=all-proxy-mark limit-at=0 queue=pcq_down priority=8 max-limit=0 burst-limit=0 \
    burst-threshold=0 burst-time=0s disabled=no

But i can't see the our-local-conn in connection list, instead i see caffe1-intl-conn not our local connection. So i assume the traffic to the proxy is not looseless

maybe because there is slice between my mangles ..
help me please.. onegaii

kunimihiro · Tue Apr 17, 2007 8:31 am

Is there anybody who could give me a hand...
my network is desperate needing help for bandwidth

but i couldnt optimize it
hikz.. hikz...

what should i dooooooo

sten · Tue Apr 17, 2007 3:14 pm

Limit the customer traffic before it can reach the proxy?