Hotspot and Queues

cpelect · Wed Dec 13, 2006 2:04 am

Been playing around with PCQ and ways to limit download/upload for hotspot. What I've found is that clients who would log into the hotspot do not get the PCQ rules applied to them.

I then found a way to limit through the hotspot but it is only a global limit. What I want to do is be able to limit traffic by packet type, the same that you would be able to do using Mangle and PCQ rules.

Is there a way to do this for hotspot or am I only limited to the global tx/rx rates in the hotspot configuration?

Thu Dec 14, 2006 10:55 am

1. I assume, you have not used dynamic HotSpot queues before.
2. Please, specify the used mangle rules that are used to mark HotSpot client traffic. Probably you are using chain=forward, change it to chain=prerouting.

cpelect · Wed Dec 20, 2006 8:14 pm

I was able to make some progress with this. I used the PCQ guide in the manual to set up some basic rules for mangle and queuing. What I want to be able to do is use mangle to monitor the type of packets going through the hotspot and use PCQ to limit these packets in the queue. For things like torrents and other file sharing software. This is important that I get up and running because the pipe we will be moving to will be 10 M/bps and we don't want to leave that wide open to our clients. We need to be able to slow this connection down.

These two rules were the basic ones that were described in the PCQ guide and they appear to be working as is with using forward for the chain.

46   chain=forward connection-mark=users-con action=mark-packet 
     new-packet-mark=users passthrough=yes 

47   chain=forward src-address=10.10.10.0/24 action=mark-connection 
     new-connection-mark=users-con passthrough=yes

However, these are the rules that I'd like to be able to use and when I enable them the computers on the hotspot are no longer albe to surf the web, download, etc.

 0 X chain=prerouting dst-address-list=nat-addr action=mark-packet 
     new-packet-mark=nat-traversal passthrough=no 

 1 X chain=prerouting src-address=10.10.10.0/24 protocol=tcp 
     connection-state=new action=jump jump-target=tcp-services 

 2 X chain=prerouting src-address=10.10.10.0/24 protocol=udp 
     connection-state=new action=jump jump-target=udp-services 

 3 X chain=prerouting src-address=10.10.10.0/24 connection-state=new 
     action=jump jump-target=other-services 

 4 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=20-21 action=mark-connection 
     new-connection-mark=ftp passthrough=no 

 5 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=513-65535 dst-port=22 action=mark-connection 
     new-connection-mark=ssh passthrough=no 

 6 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=23 action=mark-connection 
     new-connection-mark=telnet passthrough=no 

 7 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=25 action=mark-connection 
     new-connection-mark=smtp passthrough=no 

 8 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp src-port=53 
     dst-port=53 action=mark-connection new-connection-mark=dns 
     passthrough=no 

 9 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=53 action=mark-connection 
     new-connection-mark=dns passthrough=no 

10 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=80 connection-state=new 
     action=mark-connection new-connection-mark=http passthrough=no 

11 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=110 action=mark-connection 
     new-connection-mark=pop3 passthrough=no 

12 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=113 action=mark-connection 
     new-connection-mark=auth passthrough=no 

13 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=119 action=mark-connection 
     new-connection-mark=nntp passthrough=no 

14 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=143 action=mark-connection 
     new-connection-mark=imap passthrough=no 

15 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=161-162 action=mark-connection 
     new-connection-mark=snmp passthrough=no 

16 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=443 action=mark-connection 
     new-connection-mark=https passthrough=no 

17 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=465 action=mark-connection 
     new-connection-mark=smtps passthrough=no 

18 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=993 action=mark-connection 
     new-connection-mark=imaps passthrough=no 

19 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=995 action=mark-connection 
     new-connection-mark=pop3s passthrough=no 

20 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=1723 action=mark-connection 
     new-connection-mark=pptp passthrough=no 

21 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=2379 action=mark-connection 
     new-connection-mark=kgs passthrough=no 

22 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=3128 action=mark-connection 
     new-connection-mark=proxy passthrough=no 

23 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=3987 action=mark-connection 
     new-connection-mark=win-ts passthrough=no 

24 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=4242-4243 action=mark-connection 
     new-connection-mark=emule passthrough=no 

25 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=4661-4662 dst-port=1024-65535 action=mark-connection 
     new-connection-mark=overnet passthrough=no 

26 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp src-port=4711 
     dst-port=1024-65535 action=mark-connection new-connection-mark=emule 
     passthrough=no 

27 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=5900-5901 action=mark-connection 
     new-connection-mark=vnc passthrough=no 

28 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=6667-6669 action=mark-connection 
     new-connection-mark=irc passthrough=no 

29 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=6881-6889 action=mark-connection 
     new-connection-mark=bittorrent passthrough=no 

30 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=8080 action=mark-connection 
     new-connection-mark=http passthrough=no 

31 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     src-port=1024-65535 dst-port=8291 action=mark-connection 
     new-connection-mark=winbox passthrough=no 

32 X chain=tcp-services src-address=10.10.10.0/24 protocol=tcp 
     action=mark-connection new-connection-mark=other-tcp passthrough=no 

33 X chain=udp-services src-address=10.10.10.0/24 protocol=udp 
     src-port=1024-65535 dst-port=53 action=mark-connection 
     new-connection-mark=dns passthrough=no 

34 X chain=udp-services src-address=10.10.10.0/24 protocol=udp 
     src-port=1024-65535 dst-port=123 action=mark-connection 
     new-connection-mark=ntp passthrough=no 

35 X chain=udp-services src-address=10.10.10.0/24 protocol=udp 
     src-port=1024-65535 dst-port=1701 action=mark-connection 
     new-connection-mark=l2tp passthrough=no 

36 X chain=udp-services src-address=10.10.10.0/24 protocol=udp 
     src-port=1024-65535 dst-port=4665 action=mark-connection 
     new-connection-mark=emule passthrough=no 

37 X chain=udp-services src-address=10.10.10.0/24 protocol=udp 
     src-port=1024-65535 dst-port=4672 action=mark-connection 
     new-connection-mark=emule passthrough=no 

38 X chain=udp-services src-address=10.10.10.0/24 protocol=udp src-port=4672 
     dst-port=1024-65535 action=mark-connection new-connection-mark=emule 
     passthrough=no 

39 X chain=udp-services src-address=10.10.10.0/24 protocol=udp 
     src-port=1024-65535 dst-port=12053 action=mark-connection 
     new-connection-mark=overnet passthrough=no 

40 X chain=udp-services src-address=10.10.10.0/24 protocol=udp src-port=12053 
     dst-port=1024-65535 action=mark-connection new-connection-mark=overnet 
     passthrough=no 

41 X chain=udp-services src-address=10.10.10.0/24 protocol=udp src-port=36725 
     dst-port=1024-65535 action=mark-connection new-connection-mark=skype 
     passthrough=no 

42 X chain=udp-services src-address=10.10.10.0/24 protocol=udp 
     connection-state=new action=mark-connection 
     new-connection-mark=other-udp passthrough=no 

43 X chain=other-services src-address=10.10.10.0/24 protocol=icmp 
     icmp-options=8:0-255 action=mark-connection new-connection-mark=ping 
     passthrough=no 

44 X chain=other-services src-address=10.10.10.0/24 protocol=gre 
     action=mark-connection new-connection-mark=gre passthrough=no 

45 X chain=other-services src-address=10.10.10.0/24 action=mark-connection 
     new-connection-mark=other passthrough=no

Suggestions?