Page 1 of 1
Overseas Traffic in 2.9.26
Posted: Sun Jul 16, 2006 7:18 pm
by yri
There is how to for 2.8
http://www.mikrotik.com/docs/ros/2.8/ho ... to.content
How to make the same in 2.9 ?
Posted: Sun Jul 16, 2006 7:24 pm
by sergejs
Use address-list, that will decrease mangle rules. (adding local addresses to address-list), than use 'src/dst-address-list'.
Add chain=prerouting, action=connection-mark/packet-mark, mangle facility pretty well described in mangle documentation.
Posted: Mon Jul 17, 2006 6:08 pm
by yri
Have some problems!
I need to make this
local ip 192.168.0.4 world speed 64k country ips from address list 128k
Made address list with country ip next
markconnection prerouting 192.168.0.4 connection-mark 192.168.0.4con packet-mark 192.168.0.4pack
markconnection prerouting 192.168.0.4 connection-mark 192.168.0.4loc packet-mark 192.168.0.4packloc
Making queues for 192.168.0.4pack 64k and 192.168.0.4packloc 128k
And it didnt work
Whats my mistake
Posted: Tue Jul 18, 2006 7:12 am
by sergejs
Paste your configuration,
ip firewall mangle ,
queue simple (tree), which one you are using,
ip firewall address-list.
Posted: Tue Jul 18, 2006 5:39 pm
by yri
Posted: Wed Jul 19, 2006 7:36 am
by sergejs
I mean 'ip firewall mangle export', paste at least this configuration.
Posted: Wed Jul 19, 2006 8:53 am
by yri
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.2 action=mark-connection \
new-connection-mark=192.168.0.2con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.2con action=mark-packet \
new-packet-mark=192.168.0.2pack passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.3 action=mark-connection \
new-connection-mark=192.168.0.3con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.3con action=mark-packet \
new-packet-mark=192.168.0.3pack passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 action=mark-connection \
new-connection-mark=192.168.0.4con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.4con action=mark-packet \
new-packet-mark=192.168.0.4pack passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.10 action=mark-connection \
new-connection-mark=192.168.0.10con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.10con action=mark-packet \
new-packet-mark=192.168.0.10pack passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 dst-address-list=UKRAINE \
action=mark-connection new-connection-mark=192.168.0.4ukr passthrough=yes \
comment="" disabled=yes
add chain=prerouting connection-mark=192.168.0.4ukr dst-address-list=UKRAINE \
action=mark-packet new-packet-mark=192.168.0.4packukr passthrough=yes \
comment="" disabled=yes
#
/ ip firewall address-list
add list=all_services address=192.168.0.0/25 comment="full access list" \
disabled=no
add list=mail address=192.168.0.224/27 comment="mail access list" disabled=no
add list=UKRAINE address=62.16.0.0/19 comment="UKRAINE NETWORK LIST" \
disabled=no
add list=UKRAINE address=62.64.64.0/18 comment="" disabled=no
add list=UKRAINE address=62.64.80.0/21 comment="" disabled=no
add list=UKRAINE address=62.64.87.0/24 comment="" disabled=no
add list=UKRAINE address=62.64.88.0/21 comment="" disabled=no
add list=UKRAINE address=62.64.96.0/21 comment="" disabled=no
add list=UKRAINE address=62.64.104.0/21 comment="" disabled=no
add list=UKRAINE address=62.64.112.0/21 comment="" disabled=no
add list=UKRAINE address=62.64.120.0/21 comment="" disabled=no
add list=UKRAINE address=62.80.160.0/19 comment="" disabled=no
add list=UKRAINE address=62.149.0.0/19 comment="" disabled=no
add list=UKRAINE address=62.221.32.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.33.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.34.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.37.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.42.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.43.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.44.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.45.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.46.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.47.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.48.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.49.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.50.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.51.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.52.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.53.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.54.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.55.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.56.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.60.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.61.0/24 comment="" disabled=no
add list=UKRAINE address=62.221.62.0/24 comment="" disabled=no
add list=UKRAINE address=62.244.0.0/18 comment="" disabled=no
add list=UKRAINE address=80.70.65.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.66.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.67.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.68.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.69.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.70.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.77.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.80.0/24 comment="" disabled=no
add list=UKRAINE address=80.70.82.0/24 comment="" disabled=no
add list=UKRAINE address=80.73.0.0/20 comment="" disabled=no
add list=UKRAINE address=80.77.32.0/20 comment="" disabled=no
add list=UKRAINE address=80.78.32.0/19 comment="" disabled=no
add list=UKRAINE address=80.84.176.0/20 comment="" disabled=no
add list=UKRAINE address=80.90.224.0/20 comment="" disabled=no
add list=UKRAINE address=80.91.160.0/19 comment="" disabled=no
add list=UKRAINE address=80.92.224.0/20 comment="" disabled=no
add list=UKRAINE address=80.93.112.0/20 comment="" disabled=no
add list=UKRAINE address=80.94.240.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.248.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.249.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.250.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.251.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.252.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.253.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.254.0/24 comment="" disabled=no
add list=UKRAINE address=80.94.255.0/24 comment="" disabled=no
add list=UKRAINE address=80.243.144.0/20 comment="" disabled=no
add list=UKRAINE address=80.245.112.0/20 comment="" disabled=no
add list=UKRAINE address=80.249.224.0/20 comment="" disabled=no
add list=UKRAINE address=80.252.240.0/20 comment="" disabled=no
add list=UKRAINE address=80.254.0.0/20 comment="" disabled=no
add list=UKRAINE address=80.255.64.0/20 comment="" disabled=no
add list=UKRAINE address=81.17.128.0/20 comment="" disabled=no
add list=UKRAINE address=81.21.0.0/20 comment="" disabled=no
add list=UKRAINE address=81.23.16.0/20 comment="" disabled=no
add list=UKRAINE address=81.25.224.0/20 comment="" disabled=no
add list=UKRAINE address=81.30.160.0/20 comment="" disabled=no
add list=UKRAINE address=81.90.224.0/20 comment="" disabled=no
add list=UKRAINE address=81.95.176.0/21 comment="" disabled=no
add list=UKRAINE address=82.144.192.0/19 comment="" disabled=no
add list=UKRAINE address=82.193.96.0/19 comment="" disabled=no
add list=UKRAINE address=83.137.88.0/21 comment="" disabled=no
add list=UKRAINE address=83.142.232.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.233.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.234.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.235.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.236.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.237.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.238.0/24 comment="" disabled=no
add list=UKRAINE address=83.142.239.0/24 comment="" disabled=no
add list=UKRAINE address=83.143.232.0/21 comment="" disabled=no
add list=UKRAINE address=83.170.192.0/18 comment="" disabled=no
add list=UKRAINE address=83.218.228.0/22 comment="" disabled=no
add list=UKRAINE address=83.218.232.0/22 comment="" disabled=no
add list=UKRAINE address=83.218.236.0/22 comment="" disabled=no
add list=UKRAINE address=83.218.240.0/22 comment="" disabled=no
add list=UKRAINE address=83.218.244.0/22 comment="" disabled=no
add list=UKRAINE address=83.218.248.0/22 comment="" disabled=no
add list=UKRAINE address=83.218.252.0/22 comment="" disabled=no
add list=UKRAINE address=84.47.178.0/23 comment="" disabled=no
add list=UKRAINE address=85.90.192.0/19 comment="" disabled=no
add list=UKRAINE address=85.114.192.0/19 comment="" disabled=no
add list=UKRAINE address=85.159.0.0/21 comment="" disabled=no
add list=UKRAINE address=85.198.129.0/24 comment="" disabled=no
add list=UKRAINE address=85.198.130.0/24 comment="" disabled=no
add list=UKRAINE address=85.198.131.0/24 comment="" disabled=no
add list=UKRAINE address=85.198.132.0/24 comment="" disabled=no
add list=UKRAINE address=85.202.0.0/16 comment="" disabled=no
add list=UKRAINE address=85.223.128.0/17 comment="" disabled=no
add list=UKRAINE address=85.238.96.0/19 comment="" disabled=no
add list=UKRAINE address=86.111.224.0/21 comment="" disabled=no
add list=UKRAINE address=87.236.224.0/24 comment="" disabled=no
add list=UKRAINE address=87.236.226.0/24 comment="" disabled=no
add list=UKRAINE address=87.238.152.0/24 comment="" disabled=no
add list=UKRAINE address=87.238.153.0/24 comment="" disabled=no
add list=UKRAINE address=195.39.196.0/23 comment="" disabled=no
add list=UKRAINE address=193.202.110.0/24 comment="" disabled=no
#
/ queue tree
add name="192.168.0.2DOWN" parent=Local packet-mark=192.168.0.2pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.2UP" parent=Local packet-mark=192.168.0.2pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.3DOWN" parent=Local packet-mark=192.168.0.3pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.3UP" parent=Local packet-mark=192.168.0.3pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4DOWN" parent=Local packet-mark=192.168.0.4pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4UP" parent=Local packet-mark=192.168.0.4pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.10DOWN" parent=Local packet-mark=192.168.0.10pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.10UP" parent=Local packet-mark=192.168.0.10pack \
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4DOWN UKR" parent=Local packet-mark=192.168.0.4packukr \
limit-at=128000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=yes
add name="192.168.0.4UP UKR" parent=Local packet-mark=192.168.0.4packukr \
limit-at=128000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=yes
Posted: Wed Jul 19, 2006 10:17 am
by sergejs
1) Mangle configuration.
I suggest yout to place passtrough=no after each action=packet-mark, that will avoid packets from remarking.
Probably, it will be easier to create two address-lists; local-addresses, local-state-addresses.
Assign two packet-marks;
one src-address-list=local dst-address-list=local-state-addresses,
second src-address-list=local dst-address-list=!local-state-address (=no local-state). If you want to limit local and oversease bandwidth for all users.
2) Use 'parent=local-interface-name' for download and 'parent=public-interface-name' for upload in queue tree.
You can also use simple queue to accomplish this scenario.
Posted: Wed Jul 19, 2006 6:45 pm
by yri
Did this to mangle rule
#
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.2 action=mark-connection \
new-connection-mark=192.168.0.2con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.2con action=mark-packet \
new-packet-mark=192.168.0.2pack passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.3 action=mark-connection \
new-connection-mark=192.168.0.3con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.3con action=mark-packet \
new-packet-mark=192.168.0.3pack passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 action=mark-connection \
new-connection-mark=192.168.0.4con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.4con action=mark-packet \
new-packet-mark=192.168.0.4pack passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.10 action=mark-connection \
new-connection-mark=192.168.0.10con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.10con action=mark-packet \
new-packet-mark=192.168.0.10pack passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 dst-address-list=UKRAINE \
action=mark-connection new-connection-mark=192.168.0.4ukr passthrough=yes \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.4ukr dst-address-list=UKRAINE \
action=mark-packet new-packet-mark=192.168.0.4packukr passthrough=no \
comment="" disabled=no
add chain=prerouting src-address-list=Local dst-address-list=UKRAINE \
action=mark-packet new-packet-mark=UKRAINE passthrough=no comment="" \
disabled=no
add chain=prerouting src-address-list=Local dst-address-list=!UKRAINE \
action=mark-packet new-packet-mark=WORLD passthrough=no comment="" \
disabled=no
And what should i add in queue ?
Example please for world and ukraine traf
Posted: Thu Jul 20, 2006 5:19 am
by shielder
Hi, i have tried using xx.xx.xx.xx/21 it couldn't work on address list. The most we could do using address list is only /24. Does anyone ever experience this?
Posted: Thu Jul 20, 2006 7:19 am
by sergejs
yri,
I suppose mangle rules with src-addresses (192.168.0.2 etc.) are not necessary, if you added them to another address-list.
1) first mangle rule to mark connections.
2) second mangle rule to mark packets from users to addresses not in address-list.
3) third mangle rule to mark packets from users to addresses placed in address-list.
Add simple queue, e.g.
'queue simple add target-address=192.168.0.4 limit-at=xxx/xxx packet-marks=packet-mark'
shielder,
There is no problems 'ip firewall address-list add 10.1.34.1/24' list 1;
ip firewall address-list> print
Flags: X - disabled, D - dynamic
# LIST ADDRESS
0 1 10.1.32.0/21
Posted: Thu Jul 20, 2006 8:46 am
by yri
Thank you very mutch its working
Posted: Fri Jul 21, 2006 7:48 am
by yri
damit problem persist
Ukraine traffic counts as world
And queue only world
#
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.2 action=mark-connection \
new-connection-mark=192.168.0.2con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.3 action=mark-connection \
new-connection-mark=192.168.0.3con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 action=mark-connection \
new-connection-mark=192.168.0.4con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.10 action=mark-connection \
new-connection-mark=192.168.0.10con passthrough=yes comment="" disabled=no
add chain=prerouting src-address-list=Local dst-address-list=UKRAINE \
action=mark-packet new-packet-mark=UKRAINE passthrough=yes comment="" \
disabled=no
add chain=prerouting src-address-list=Local dst-address-list=!UKRAINE \
action=mark-packet new-packet-mark=WORLD passthrough=no comment="" \
disabled=no
add chain=prerouting connection-mark=192.168.0.4con dst-address-list=UKRAINE \
action=mark-packet new-packet-mark="192.168.0.4 U" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.4con dst-address-list=!UKRAINE \
action=mark-packet new-packet-mark="192.168.0.4 W" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.3con dst-address-list=UKRAINE \
action=mark-packet new-packet-mark="192.168.0.3 U" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.2con dst-address-list=UKRAINE \
action=mark-packet new-packet-mark="192.168.0.2 U" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.10con dst-address-list=UKRAINE \
action=mark-packet new-packet-mark="192.168.0.10 U" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.2con dst-address-list=!UKRAINE \
action=mark-packet new-packet-mark="192.168.0.2 W" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.3con dst-address-list=!UKRAINE \
action=mark-packet new-packet-mark="192.168.0.3 W" passthrough=no \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.10con dst-address-list=!UKRAINE \
action=mark-packet new-packet-mark="192.168.0.10 W" passthrough=no \
comment="" disabled=no
Posted: Fri Jul 21, 2006 8:30 am
by sergejs
I suggest you to change mangle rules.
1) mark all connections from users subnet 192.168.0.0
2) mark packets src-address=192.168.0.0 dst-address=!ukraine
3) mark packets src-address=192.168.0.0 dst-address=ukraine
If you need equal bandwidth to all users use PCQ, if different band required
4) 'queue simple add target-address=192.168.0.2 packet-mark=ukraine limit-at'.
5) the same simple queue for abroad traffic, only with packet-mark=!ukraine.
Posted: Fri Jul 21, 2006 9:28 am
by yri
Left only this
did the rite thing ?
Still not working
Cant find there i am ron
#
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.4 action=mark-connection \
new-connection-mark=192.168.0.4con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con \
dst-address-list=UKRAINE action=mark-packet new-packet-mark=192.168.0.4U \
passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con \
dst-address-list=!UKRAINE action=mark-packet new-packet-mark=192.168.0.4W \
/ queue simple
add name="192.168.0.4 W" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=192.168.0.4W direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=64000/64000 total-queue=default-small disabled=no
add name="192.168.0.4 U" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=192.168.0.4U direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=64000/64000 burst-threshold=128000/128000 \
total-queue=default-small disabled=no
Posted: Fri Jul 21, 2006 9:31 am
by sergejs
1) You have to use passtrough=no for mangle packet-mark rule (than it should work).
2) You can place abroad packet-mark rule before local traffic rule.
Posted: Fri Jul 21, 2006 9:54 am
by yri
/ queue simple
add name="192.168.0.4 W" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=192.168.0.4W direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=64000/64000 total-queue=default-small disabled=no
add name="192.168.0.4 U" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=all parent=none packet-marks=192.168.0.4U direction=both \
priority=8 queue=default-small/default-small limit-at=0/0 \
max-limit=64000/64000 burst-threshold=128000/128000 \
total-queue=default-small disabled=no
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.4 action=mark-connection \
new-connection-mark=192.168.0.4con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con \
dst-address-list=!UKRAINE action=mark-packet new-packet-mark=192.168.0.4W \
passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con \
dst-address-list=UKRAINE action=mark-packet new-packet-mark=192.168.0.4U \
passthrough=no comment="" disabled=no
Did like this still count Ukrainian as world both counters runing
And in queue ! download counts as Upload and also Ukraine count there as world
Posted: Fri Jul 21, 2006 10:20 am
by yri
#
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.4 action=mark-connection \
new-connection-mark=192.168.0.4con passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con \
src-address-list=Local dst-address-list=!UKRAINE action=mark-packet \
new-packet-mark=192.168.0.4W passthrough=no comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con \
src-address-list=Local dst-address-list=UKRAINE action=mark-packet \
new-packet-mark=192.168.0.4U passthrough=no comment="" disabled=no
With such rule looks like counting
but as i sad tels download is Upload
Whats rong
?
Posted: Fri Jul 21, 2006 9:39 pm
by yri
Managed to make it working
made 2 conection mark one world one ykraine for each Local Ip
And then 1 pack mark for 1 con and 2 pack mark foer 2 conection
and also 2 queuq for each and now counts all and queue all good
listing
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.4 dst-address-list=!UKRAINE \
action=mark-connection new-connection-mark=192.168.0.4conW passthrough=yes \
comment="" disabled=no
add chain=prerouting src-address=192.168.0.4 dst-address-list=UKRAINE \
action=mark-connection new-connection-mark=192.168.0.4conU passthrough=yes \
comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.4conU action=mark-packet \
new-packet-mark="192.168.0.4 UU" passthrough=no comment="" disabled=no
add chain=prerouting connection-mark=192.168.0.4conW action=mark-packet \
new-packet-mark="192.168.0.4 WW" passthrough=no comment="" disabled=no
/ queue tree
add name="192.168.0.4DOWN U" parent=Local packet-mark="192.168.0.4 UU" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4UP U" parent=Local packet-mark="192.168.0.4 UU" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4DOWN W" parent=Local packet-mark="192.168.0.4 WW" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4UP W" parent=Local packet-mark="192.168.0.4 WW" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
Posted: Sun Sep 24, 2006 10:54 am
by eugenevdm
I suppose mangle rules with src-addresses (192.168.0.2 etc.) are not necessary, if you added them to another address-list.
1) first mangle rule to mark connections.
2) second mangle rule to mark packets from users to addresses not in address-list.
3) third mangle rule to mark packets from users to addresses placed in address-list.
sergis,
Would you consider writing a new howto or wiki entry to clarify this issue? It is sometimes very confusing when to mark connections, when to mark packets, and when not to use passthrough.
As you can see in final example of
yri he actually used TWO connections marks, not one as you suggested, and his packet marks does not reference source or destination addresses at all!
Posted: Wed Sep 27, 2006 8:19 am
by sergejs
eugenevdm,
the particular example is added to the wiki 'bandwidth control' section.
Posted: Tue Oct 03, 2006 5:53 pm
by advantz
is this mangle, mark packet both ways (up and down)?
Because I applied this sample, but marking didn't work for UPSTREAM in simple queues, traffic graph in simple queues for upstream is zero
Posted: Tue Oct 03, 2006 6:45 pm
by advantz
/ queue tree
add name="192.168.0.4DOWN U" parent=Local packet-mark="192.168.0.4 UU" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4UP U" parent=Local packet-mark="192.168.0.4 UU" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4DOWN W" parent=Local packet-mark="192.168.0.4 WW" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="192.168.0.4UP W" parent=Local packet-mark="192.168.0.4 WW" \
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
Edited, sorry wrong post :P
Posted: Tue Oct 03, 2006 6:52 pm
by sergejs
Have you tried example from the Wiki ?
Note, to use Simple queue mark packets in the 'chain=prerouting'.
Posted: Tue Oct 03, 2006 7:01 pm
by advantz
Have you tried example from the Wiki ?
Note, to use Simple queue mark packets in the 'chain=prerouting'.
Yes, of course.
that mark is only for downstream only. upstream didn't work
some questions :
what is IN INTERFACE and OUT INTERFACE in mangle?
Posted: Tue Oct 03, 2006 7:07 pm
by sergejs
Could you clarify which example does not work (from Wiki or posted in the forum) ?
'in-interface' and 'out-interface' machers identifies the traffic in or out traffic in the specified interface.
Posted: Tue Oct 03, 2006 7:11 pm
by advantz
http://wiki.mikrotik.com/wiki/How_to_ap ... as_traffic
already set 512k/512k but upstream got past 1M
thank you sergejs
This is example :
Queue set 1M/1M traffic graph shows 1M for downstream and 0 for upstream...
That's why I wanted simple queues feature that can use address-list for dst-addresses...
Posted: Tue Oct 03, 2006 7:23 pm
by sergejs
Could you paste the export from configuration (mangle, queues) ?
I have tried it on my router, download and upload were limited.
Posted: Tue Oct 03, 2006 7:38 pm
by advantz
Could you paste the export from configuration (mangle, queues) ?
I have tried it on my router, download and upload were limited.
/ ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=all-con passthrough=yes comment="ALL CON" disabled=no
add chain=prerouting dst-address-list=LOCAL action=mark-connection new-connection-mark=local-con passthrough=yes comment="LOCAL CON" disabled=no
add chain=prerouting connection-mark=all-con action=mark-packet new-packet-mark=all-mark passthrough=no comment="ALL MARK" disabled=no
add chain=prerouting connection-mark=local-con action=mark-packet new-packet-mark=local-mark passthrough=no comment="LOCAL MARK" disabled=no
/ queue simple
add name="LUCAS LOCAL" target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=local-mark priority=8 queue=default/default \
limit-at=0/0 max-limit=1024000/1024000 total-queue=default disabled=no
add name="LUCAS ALL" target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=all-mark priority=8 queue=default/default \
limit-at=0/0 max-limit=128000/128000 total-queue=default disabled=no
/ ip firewall address-list
add list=LOCAL address=159.148.0.0/16 comment="" disabled=no
add list=LOCAL address=193.41.195.0/24 comment="" disabled=no
add list=LOCAL address=193.41.33.0/24 comment="" disabled=no
add list=LOCAL address=193.41.45.0/24 comment="" disabled=no
add list=LOCAL address=193.68.64.0/19 comment="" disabled=no
add list=LOCAL address=193.108.29.0/24 comment="" disabled=no
add list=LOCAL address=193.108.144.0/22 comment="" disabled=no
add list=LOCAL address=193.108.185.0/24 comment="" disabled=no
add list=LOCAL address=193.109.211.0/24 comment="" disabled=no
add list=LOCAL address=193.109.85.0/24 comment="" disabled=no
add list=LOCAL address=193.110.8.0/23 comment="" disabled=no
add list=LOCAL address=193.110.164.0/23 comment="" disabled=no
address-list is example/partial only
Posted: Wed Oct 04, 2006 8:54 am
by sergejs
If you will upload some file to the remote server, bandwidth is not limited ?
