MikroTik

Hi all,

I've read the article from http://wiki.mikrotik.com/wiki/PCQ_Examples, and turns out that is just the thing I need for my network. Thank you for all who posted the link.

One question though. In that example, EVERY client is limited to 32k up / 64k down, right? Well, I want to allow one or two of the computers in the network (consultant stations) to have no bandwidth limit. Every clients in my network has static IP, so DHCP is off.

Is that feasible? If so, how do I go about doing it? I've been trying to read quite a number of posts on bandwidth limiting, but the more I read, the more confused I get. heh. So it would be great if someone could just kindly let me know what to type.

Thank you all.

-Ted-

hmmm... I think, you can add rules to Mangle to mark your counsultant's packets with some packet mark, and your queues should not queue them =)

Add a mangle for the couple of IP addresses, Action = Accept, Passthrough = NO

The rule will allow the packets, and it will stop passing from the rest of the mangle rules, therefore, will be excluded from the other rules that marks the packets for PCQ.

Thanks a lot for replying.

The thing is, I really have no idea on how to go about doing it... Sorry, I'm really new at this (I'm not a network guy...)

So anyway, according to the wiki page, I add this line first, right? Then I added 2 queue types and 2 queue trees lines, like so: Am I right so far?

Let's say the consultants' stations' IP are 192.168.1.100 and 192.168.1.200. How would the new mangle rule be? And do I put it -before- or -after- the first mangle?

Thanks again, you guys.

-Ted-

How would the new mangle rule be? And do I put it -before- or -after- the first mangle?

before

Thanks a lot for replying.

So anyway, according to the wiki page, I add this line first, right?

Code: Select all

/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=all passthrough=no

No. Read what you typed - you said you do NOT want to mark their packets. You're doing exactly the opposite.
The above will do what you want, provided 192.168.1.0/24 is in use, ONLY by your consultants. The rule needs to be before any other mangle rules you have.

So to sum things up, here's what I think I should do:
/ip firewall mangle add chain=prerouting src-address = 192.168.1.100 action=accept passthrough=no
/ip firewall mangle add chain=prerouting dst-address = 192.168.1.100 action=accept passthrough=no
/ip firewall mangle add chain=prerouting src-address = 192.168.1.200 action=accept passthrough=no
/ip firewall mangle add chain=prerouting dst-address = 192.168.1.200 action=accept passthrough=no
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=all passthrough=no

Then I add these:
/queue type add name="PCQ_download" kind=pcq pcq-rate=128000 pcq-classifier=dst-address
/queue type add name="PCQ_upload" kind=pcq pcq-rate=128000 pcq-classifier=src-address
/queue tree add parent=global-in queue=PCQ_download packet-mark=all
/queue tree add parent=global-out queue=PCQ_upload packet-mark=all

How's that? Do correct me if I'm wrong. And are those the only ones I need to add?

Do I need the fifth line in the mangle section (the 'all' one)? I'm assuming I do. I mean, that one is after the lines for the consultant, no?

Getting close, guys. Getting close.
Thanks much.

-Ted-

very, very close. i'd rather say 'we are here' =)
yes, it seems to be correct, and "fifth rule" you need too

p.s. is it possible to add "action=accept passthrough=yes"

p.s. is it possible to add "action=accept passthrough=yes"

Good point

OK then, I'll try it out tonight.

Thanks much for replying, you two.
You're the best!

OK then, I'll try it out tonight.

Thanks much for replying, you two.
You're the best!

try using chain forward instead of prerouting

You mean chain=forward?

Why do you suggest that? Will it perform better or something?

Hmm...

It won't work, you guys... Sure, it limits the bandwidth to 128k, but it limits EVERY station on the network to 128k, INCLUDING the consultant stations...

This is what I used:
/ip firewall mangle add chain=prerouting src-address = 192.168.1.100 action=accept passthrough=no
/ip firewall mangle add chain=prerouting dst-address = 192.168.1.100 action=accept passthrough=no
/ip firewall mangle add chain=prerouting src-address = 192.168.1.200 action=accept passthrough=no
/ip firewall mangle add chain=prerouting dst-address = 192.168.1.200 action=accept passthrough=no
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=all passthrough=no
/queue type add name="PCQ_download" kind=pcq pcq-rate=128000 pcq-classifier=dst-address
/queue type add name="PCQ_upload" kind=pcq pcq-rate=128000 pcq-classifier=src-address
/queue tree add parent=global-in queue=PCQ_download packet-mark=all
/queue tree add parent=global-out queue=PCQ_upload packet-mark=all

Even tried action=accept passthrough=yes, still no go...

Any ideas on what went wrong?
And yes, I did upgrade to .50...

Help...

Hmm... Tried promind's advice, used chain=forward with everything...
/ip firewall mangle add chain=forward src-address = 192.168.1.100 action=accept passthrough=no
/ip firewall mangle add chain=forward dst-address = 192.168.1.100 action=accept passthrough=no
/ip firewall mangle add chain=forward src-address = 192.168.1.200 action=accept passthrough=no
/ip firewall mangle add chain=forward dst-address = 192.168.1.200 action=accept passthrough=no
/ip firewall mangle add chain=forward action=mark-packet new-packet-mark=all passthrough=no

Everything else stays the same.
And surprise, surprise... IT WORKS!!! Yay!

Only thing I'm concerned about is, well, I did use chain=forward on all 5.
I'm just worried something might be wrong.
Everything seems to be working normally though...

Will keep you updated.

Thanks much. ^^

-Ted-
EGS

Something's wrong, you guys...

I saw occasional bandwidth usage that jumps above 128k. The highest I've seen so far is 250k-ish. Did I do something wrong? I don't have burst on, so this shouldn't happen, right?

Any ideas?

Thanks.

-Ted-
EGS