MikroTik

Hi all...
can any one Help Me to do this "[the client downloads from the router (proxy) will be unlimited, but downloads from the Internet will be limite,the same goes for uploads no limitation if you are uploading to router, but limit all uploads to Internet.]"

thnx for your Help.

Yes.u can do it. 2 different, limit from web-proxy and not proxy.

The step is like this :
1. Define the ip(s) which you want to cache proxy (ip-webproxy-tab access) or ip-web-proxy setting.there is a source address.
2. Make the queue(queues simple/tree), one for the proxy(the list of ip) and the 1 for the other one(the list of ip).

I hope this can help u,

i dont think this is possible..
when traffic is coming back from cache, there is no rule to check if the item was found in cache repository or if it is fetched from internet..only cache knows the real, it can be managed in squid, but with MKT web-proxy, u cant do it.

point is, how do MKT know the object was fetched from internet or from cache repository???

regds,

Asad

You can mark the flow of webproxy on OUTPUT because that is the next proccess of LOCAL PROCCESS OUT

http://www.mikrotik.com/testdocs/ros/2.9/ip/flow.php
M.

You can mark the flow of webproxy on OUTPUT because that is the next proccess of LOCAL PROCCESS OUT

http://www.mikrotik.com/testdocs/ros/2.9/ip/flow.php
M.

maximan
plz elaborate it a bit more...i have already read the docs..so its not a problem..but how would we use it in this scenario..

i still stand by my openion...its not possible.

Asad.

Yes you can mark all packets goes to the clients from the web-proxy , i'm using this rule in mangle and its working :

;;; Proxy Marking
chain=output out-interface=bridge1 dst-address=192.168.1.0/24
protocol=tcp action=mark-packet new-packet-mark=down-packets passthrough=no

....192.168.1.0/24 is my local network...

Yes you can mark all packets goes to the clients from the web-proxy

sam, proxy works like this:

1: client initiates http request.
2: router redirects http(80) request to proxy.
3: proxy checks the requested object in its repository.
i) if found in repository, proxy sends the object back to router.
ii)if not found, proxy srcnats the request with its public ip address, object comes back to proxy, proxy saves copy in its repository, generates hash and then sends object back to router.
4: router sends response back to customer.


now in above example the bold sentences show that in both cases, response is sent to customer through proxy, thus ur rule of marking packets coming from proxy to customer will mark both scenarios..infact all http traffic of customer..there's still no differentiation between object which were a HIT or a MISS.

regds,

Asad

0 ;;; Proxy marking
chain=output out-interface=lan1 dst-address=192.168.4.0/24
protocol=tcp action=mark-packet new-packet-mark=proxymark
passthrough=no

1 ;;; Internet marking
chain=input in-interface=public protocol=tcp action=mark-packet
new-packet-mark=publicinputmark passthrough=no

so if your mark both output and input , the different , would be the traffic fetch from proxy

Mat

so how exactly would you identify the hits from these chains?

If you redirect all TCP:80 traffic to web-proxy, there will NOT be any direct HTTP traffic.
All traffic will go through proxy, either the proxy already have the cache or proxy will request from internet.

valens,

Thats what i have been trying to make them understand, but i dont know why they cant get it...its not that difficult point to absorb.

Asad