Fight against rapidshare

titius · **Posted:** Thu Oct 25, 2007 2:12 am

Code:

0   ;;; Upload_ALL
     chain=prerouting src-address-list=twi dst-address-list=!twi 
     action=mark-connection new-connection-mark=UPLOAD passthrough=yes 

 1   chain=prerouting connection-mark=UPLOAD src-address-list="" 
     dst-address-list=!twi action=change-tos new-tos=normal 

 2   chain=prerouting connection-mark=UPLOAD src-address-list=twi 
     dst-address-list=!twi action=mark-packet new-packet-mark=UPLOAD_P 
     passthrough=yes 

 3   ;;; Down_ALL
     chain=postrouting dst-address-list=twi action=mark-connection 
     new-connection-mark=DOWNLOAD passthrough=yes 

 4   chain=postrouting connection-mark=DOWNLOAD action=change-tos 
     new-tos=normal 

 5   chain=postrouting connection-mark=DOWNLOAD action=mark-packet 
     new-packet-mark=DOWNLOAD_P passthrough=yes 

 6   ;;; DNS
     chain=prerouting protocol=udp dst-port=53 src-address-list=twi 
     dst-address-list=!twi action=mark-connection new-connection-mark=DNS_UP 
     passthrough=yes 

 7   chain=prerouting protocol=udp dst-port=53 connection-mark=DNS_UP 
     src-address-list=twi dst-address-list=!twi action=change-tos 
     new-tos=min-delay 

 8   chain=prerouting protocol=udp dst-port=53 connection-mark=DNS_UP 
     src-address-list=twi dst-address-list=!twi action=mark-packet 
     new-packet-mark=DNS_UP passthrough=no 

 9   chain=postrouting protocol=udp src-port=53 dst-address-list=twi 
     action=mark-connection new-connection-mark=DNS_DOWN passthrough=yes 

10   chain=postrouting protocol=udp src-port=53 connection-mark=DNS_DOWN 
     dst-address-list=twi action=change-tos new-tos=min-delay

11   chain=postrouting protocol=udp src-port=53 connection-mark=DNS_DOWN dst-address-list=twi action=mark-packet 
     new-packet-mark=DNS_DOWN_P passthrough=no 

12   ;;; HTTP_UP
     chain=prerouting protocol=tcp dst-port=80 src-address-list=twi dst-address-list=!twi action=mark-connection 
     new-connection-mark=HTTP_UP passthrough=yes 

13   chain=prerouting protocol=tcp dst-port=80 connection-mark=HTTP_UP src-address-list=twi dst-address-list=!twi 
     action=change-tos new-tos=max-throughput 

14   ;;; first_512kB_UP
     chain=prerouting protocol=tcp dst-port=80 connection-mark=HTTP_UP connection-bytes=0-512000 src-address-list=twi 
     dst-address-list=!twi action=mark-packet new-packet-mark=PRVIH_512_UP passthrough=no 

15 ;;; rest_UP  
    chain=prerouting protocol=tcp dst-port=80 connection-mark=HTTP_UP src-address-list=twi dst-address-list=!twi 
     action=mark-packet new-packet-mark=HTTP_UP_P passthrough=no 

16   ;;; HTTP_DOWN
     chain=postrouting protocol=tcp src-port=80 src-address-list=!twi dst-address-list=twi action=mark-connection 
     new-connection-mark=HTTP_DOWN passthrough=yes 

17   chain=postrouting protocol=tcp src-port=80 connection-mark=HTTP_DOWN dst-address-list=twi action=change-tos 
     new-tos=max-throughput 

18   ;;; First_MB_Down
     chain=postrouting protocol=tcp src-port=80 connection-mark=HTTP_DOWN connection-bytes=0-1024000 
     src-address-list=!twi dst-address-list=twi action=mark-packet new-packet-mark=HTTP_DOWN_1MB passthrough=no 

19   ;;; rest
     chain=postrouting protocol=tcp src-port=80 connection-mark=HTTP_DOWN src-address-list=!twi dst-address-list=twi 
     action=mark-packet new-packet-mark=HTTP_DOWN_P passthrough=no 

Then you can use queues or queue trees to limit this traffic the way you like it.
It works for now.

I would like to hear you opinion about this mangle rules.

I almost forgot.

Thanks to JANISK for right road to follow

.

sgsmc · **Posted:** Fri Oct 26, 2007 3:05 pm

Quote:

Yes it is possible. Calculate subnets address range and check if IP is in that range. It's quite easy, but you will have to do it for yourself. If you want to use scripts then learn how to script.

mrz's script is working perfect. But what's the correct code to be added to the script to calculate sunet as above?

sgsmc · **Posted:** Fri Nov 30, 2007 6:09 pm

Code:

# check every dns entry
:foreach i in=[/ip dns cache find] do={
    :local bNew "true";
#  check if dns name contains rapidshare
    :if ([:find [/ip dns cache get $i name] "rapidshare"] != 0) do={
        :local tmpAddress [/ip dns cache get $i address] ;
            :for k from=0 to=255 do={
            :put ("IP: ".$i address.".".$i address.".".$i address".".$k."");
#---- if address list is empty do not check ( add address directly )
        :if ( [/ip firewall address-list find ] = "") do={
            /ip firewall address-list add address=$tmpAddress list=rapidshare disabled=no;
        } else={
#------- check every address list entry
            :foreach j in=[/ip firewall address-list find ] do={
#---------- set bNew variable to false if address exists in address list
                :if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
                    :set bNew "false";
                }
            }
#------- if address is new then add to address list
            :if ( $bNew = "true" ) do={
                /ip firewall address-list add address=$tmpAddress list=rapidshare disabled=no
                }
            }
        }
    }
}

# [ THE END ]

I have added for loop as above to calculate the subnet. is this correct and working?

tomtom80 · **Posted:** Mon Feb 11, 2008 2:00 am

mrz's script doesnt work at my MT..
like radocicala wrote .. It writes every ip saved in cache in DNS !
same at my MT!
I copied and pasted the code. So no type error possible!
i have version 2.9.49 .. maybe thats the reason why it doesnt work?!?

here ones more mrz's code ..

Code:

# check every dns entry
:foreach i in=[/ip dns cache find] do={
    :local bNew "true";
#  check if dns name contains rapidshare
    :if ([:find [/ip dns cache get $i name] "rapidshare"] != 0) do={
        :local tmpAddress [/ip dns cache get $i address] ;
#---- if address list is empty do not check ( add address directly )
        :if ( [/ip firewall address-list find ] = "") do={
            /ip firewall address-list add address=$tmpAddress list=rapidshare disabled=no;
        } else={
#------- check every address list entry
            :foreach j in=[/ip firewall address-list find ] do={
#---------- set bNew variable to false if address exists in address list
                :if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
                    :set bNew "false";
                }
            }
#------- if address is new then add to address list
            :if ( $bNew = "true" ) do={
                /ip firewall address-list add address=$tmpAddress list=rapidshare disabled=no
            }
        }
    }
}

# [ THE END ]

mrz · **Posted:** Mon Feb 11, 2008 12:59 pm

tomtom80 wrote:

mrz's script doesnt work at my MT..
like radocicala wrote .. It writes every ip saved in cache in DNS !
same at my MT!
I copied and pasted the code. So no type error possible!
i have version 2.9.49 .. maybe thats the reason why it doesnt work?!?

This script was written initially on version 3.0rc. It was working fine on all 3.x versions since. I haven't tested it on 2.9. Probably it isn't working on 2.9 because you have to use nil or something else to compare:

Code:

:if ([:find $cacheName "ss.lv"] != nil ) do={ .....

tomtom80 · **Posted:** Tue Feb 12, 2008 12:56 pm

Thank You MRZ!!

I upgraded to v3.2 an it works fine!!

Is it possible that these addresses has got a Timeout of for example one week ? (like in Firewall - Mangle, there you can define a Timeout)

mrz · **Posted:** Tue Feb 12, 2008 1:13 pm

No you can't set timeout because these are static entries. Probably you can write a script that will remove all entries in this list

pospanko · **Posted:** Tue Feb 19, 2008 8:34 pm

This script adds /24 type addresses to address-list in mrz's code. I'm newbie in scripting so maybe ther is more cleaner way to do that but...

Code:

# check every dns entry
:foreach i in=[/ip dns cache find] do={
    :local bNew "true";
#  check if dns name contains rapidshare
    :if ([:find [/ip dns cache get $i name] "rapidshare"] != 0) do={
        :local tmpAddress [/ip dns cache get $i address] ;

# convert IP to "/24" type address
        :local mjesto ([:find $tmpAddress "."]);
        :set mjesto ([:find $tmpAddress "." $mjesto]);
        :set mjesto ([:find $tmpAddress "." $mjesto]);
        :local tmpAddress ([:pick $tmpAddress 0 $mjesto]);
        :set tmpAddress ($tmpAddress . ".0/24");

#---- if address list is empty do not check ( add address directly )
        :if ( [/ip firewall address-list find ] = "") do={
            /ip firewall address-list add address=$tmpAddress list=rapidshare disabled=no;
        } else={
#------- check every address list entry
            :foreach j in=[/ip firewall address-list find ] do={
#---------- set bNew variable to false if address exists in address list
                :if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
                    :set bNew "false";
                }
            }
#------- if address is new then add to address list
            :if ( $bNew = "true" ) do={
                /ip firewall address-list add address=$tmpAddress list=rapidshare disabled=no
            }
        }
    }
}

mrz · **Posted:** Mon Mar 17, 2008 1:13 am

You added some lines to script that changes /32 addresses to /24 network address.

Remove these lines:

Code:

# convert IP to "/24" type address
        :local mjesto ([:find $tmpAddress "."]);
        :set mjesto ([:find $tmpAddress "." $mjesto]);
        :set mjesto ([:find $tmpAddress "." $mjesto]);
        :local tmpAddress ([:pick $tmpAddress 0 $mjesto]);
        :set tmpAddress ($tmpAddress . ".0/24");

sgsmc · **Posted:** Wed Mar 19, 2008 12:52 pm

mrz

The script works with v3.2 fine.
The problem is back again with v3.4. It writes all the addresses from cache in v3.4.

normis · **Posted:** Wed Mar 19, 2008 12:56 pm

sgsmc wrote:

mrz

The script works with v3.2 fine.
The problem is back again with v3.4. It writes all the addresses from cache in v3.4.

there is a bug in 3.4 scripting, it will be fixed in 3.5 which should be out sometime this week

mrz · **Posted:** Wed Mar 19, 2008 1:10 pm

There are some console bugs in 3.4, downgrade to 3.2 or 3.3 and wait for 3.5 release.

sgsmc · **Posted:** Thu Mar 20, 2008 4:58 pm

Thanks mrz and Thanks Normis

Mikrotik was kind to release v3.5 very soon. I have loaded v3.5 and now it works fine.

mrz one problem still remains unresolved with us:

if there is subnet´s ip in address list(237.138.168.0/24) it is also writes the ip´s that belong that subnet(207.138.168.61)

I promise you we tried writing various codes over midnight cofee cups but none seems to be working.

I am a Newbie to scripting and still on a learnig curve

mrz · **Posted:** Thu Mar 20, 2008 5:44 pm

This is a feature address list allows you to write 207.138.168.61 even if 207.138.168.0/24 already exist.

Chupaka · **Posted:** Fri Mar 21, 2008 3:27 am

even more: address list allows you to write 207.138.168.61 even if 207.138.168.61 already exist =)
and if you delete second 207.138.168.61, ROS will act as you deleted both of them, until you disable and then enable residual item. it's not a feature, i'ts a BUG, but i write to support when v3.3 was the latest, still not resloved.

Normis?..

radocicala · **Posted:** Tue Apr 08, 2008 10:38 am

I tried this script to find rapidshare and other servers in cache, but problem is that script works well just under the routeros v3.
Could you edit it to work well under v2.9?

# check every dns entry
:foreach i in=[/ip dns cache find] do={
:local bNew "true";
# check if dns name contains rapidshare
:if ([:find [/ip dns cache get $i name] "rapidshare"] != 0) do={
:local tmpAddress [/ip dns cache get $i address] ;

#---- if address list is empty do not check ( add address directly )
:if ( [/ip firewall address-list find ] = "") do={
/ip firewall address-list add address=$tmpAddress list=rapidshare disabled=no;
} else={
#------- check every address list entry
:foreach j in=[/ip firewall address-list find ] do={
#---------- set bNew variable to false if address exists in address list
:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
:set bNew "false";
}
}
#------- if address is new then add to address list
:if ( $bNew = "true" ) do={
/ip firewall address-list add address=$tmpAddress list=rapidshare disabled=no
}
}
}
}
}

# [ THE END ]

kolorasta · **Posted:** Thu Apr 10, 2008 9:25 pm

usefull script.
how can I add an "OR" condition, something like this:

rapidshare OR megaupload OR gigasize OR ..... OR ....

???

any suggestions?

kolorasta · **Posted:** Fri Apr 11, 2008 4:12 pm

titius wrote:

@normis

Cpresto is aware of that, but many clients use rapidshare, and downloadind all day long. So it is like p2p bandwith is 100% used.

@cpresto

Cmon man, what do you want? buy more bandwith.

Do you expect from your customers to read&send mail. Yeah right. :roll:

Buy more bandwidth!!! it's easy to say where 1mbps cost 30-40 dollars or something like that... in my country (w)isp pay more than u$s500 for 1mbps.
1mbps cost from u$s500 to u$s2000 in my country. Our clients pay for a 512kbps access u$s20... rapidshare, megaupload, gigasize, all-p2p, are really a headache to us.

kolorasta · **Posted:** Fri Apr 11, 2008 4:21 pm

radocicala wrote:

I tried this script to find rapidshare and other servers in cache, but problem is that script works well just under the routeros v3.
Could you edit it to work well under v2.9?

# check every dns entry
:foreach i in=[/ip dns cache find] do={
:local bNew "true";
# check if dns name contains rapidshare
:if ([:find [/ip dns cache get $i name] "rapidshare"] != 0) do={
:local tmpAddress [/ip dns cache get $i address] ;

#---- if address list is empty do not check ( add address directly )
:if ( [/ip firewall address-list find ] = "") do={
/ip firewall address-list add address=$tmpAddress list=rapidshare disabled=no;
} else={
#------- check every address list entry
:foreach j in=[/ip firewall address-list find ] do={
#---------- set bNew variable to false if address exists in address list
:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
:set bNew "false";
}
}
#------- if address is new then add to address list
:if ( $bNew = "true" ) do={
/ip firewall address-list add address=$tmpAddress list=rapidshare disabled=no
}
}
}
}
}

# [ THE END ]

how often do you execute this script? (schedule)

jcremin · **Posted:** Fri Apr 11, 2008 11:44 pm

kolorasta wrote:

1mbps cost from u$s500 to u$s2000 in my country. Our clients pay for a 512kbps access u$s20...

Sounds like you maybe aren't charging enough if your bandwidth costs that much..

kolorasta · **Posted:** Tue Apr 15, 2008 7:55 am

jcremin wrote:

kolorasta wrote:

1mbps cost from u$s500 to u$s2000 in my country. Our clients pay for a 512kbps access u$s20...

Sounds like you maybe aren't charging enough if your bandwidth costs that much..

i know that...

hulk-bd · **Posted:** Tue Apr 15, 2008 9:05 am

Dude you are talking about bandwidth price! in our country we had to pay near 2000 $ US for 1 mb and from few days the cost is bearable now we have to pay 1000$ US per mb, so this is costly than them who pay nearly 50 to 80 $ US per mb. I'm sorry cause this is now going away from the main topic but can't help writing this.

Peace

nitrium · **Posted:** Thu May 15, 2008 3:09 am

Hi guys, well.. I own an ISP and i have to deal with this stuff also! My workaround was inside the queues. I just made good use of Limit-at and Max-limit. Set Max-Limit of your client as the maximum bandwidth he can use, and Limit-at you can set at 15% or 30% of the maximum bandwidth. The most important thing is that in hierarchy of queues, the top most important must not exceed your total bandwidth with the sum of Limit-At rules! I hope it works for you as it worked for me... Since users with Download Managers and Rapidshare accounts Premium get lots of bandwidth available, they normally consume all of your bandwidth, but with this rules, they will drop if other users need the bandwidth too! And make a GOOD CONFIGURED PROXY working, this will help A LOT!!! Cya around!!!

BeNBeN · **Posted:** Thu Nov 05, 2009 3:12 pm

Write "rapidshare" in content field in the filter rule that you created for rapidshare. it works for me. it block also web pages which has rapidshare links in it.

ManyX · **Posted:** Wed Jan 06, 2010 11:31 pm

hello

http://iblocklist.com/list.php?list=zfu ... kalytktyiw

list of rapidshare IP

I am looking for megaupload, megavideo list

nz_monkey · **Posted:** Fri Jan 08, 2010 12:17 am

This guy creates a nightly list of RapidShare IP addresses, and even published a .rsc that can be imported to Mikrotik.

http://www.uebi.net/howtos/rapidshare-networks.htm

nz_monkey · **Posted:** Fri Jan 08, 2010 1:01 am

I had an idea of a more accurate way to do this, by finding RapidShare's AS and then pushing all associated prefixes into an address list. This was a great theory, then I discovered they seem to be using their upstream providers ASN of 3356

kolorasta · **Posted:** Fri Jan 08, 2010 1:27 am

i use a script that search in the dns cache for all ips with "rapidshare" in the dns and store those ips in a address-list

then with that address-list you do whatever you want

sorry for my poor english

roadracer96 · **Posted:** Fri Jan 08, 2010 5:18 am

Rapidshare isnt p2p. Rapidshare is simply downloading a file from the net. Lets say I have 100mb of pictures I want to email you. But emailing them would be dumb. I zip them, put them on rapidshare and send you the link to download it.

By blocking it, you could be blocking legit computer use and even business related use.

I dont know why people get so butt-hurt over p2p anyways. Just shape it down.

nz_monkey · **Posted:** Fri Jan 08, 2010 1:18 pm

Lol, thats what this entire thread is about, being able to accurately identify traffic to RapidShare IP addresses, mark it and then shape it...

rodolfo · **Posted:** Fri Jan 08, 2010 4:23 pm

In my opinion this approach is incorrect.
You need to run this script for a lot of content providers.

The best approach was indicated two times in this post: mangle with different packet marks http connection with less than 5MBytes and http connection with >= 5MBytes.

To the first give high priority (is browsing or download of small files); to the second give lower priority (you can use also pcq queue!).

This method will funcionction for all http downloads and needs no maintenance.

rmichael · **Posted:** Fri Jan 08, 2010 5:06 pm

I tend to agree. However it's worth to note that connection size approach will "waste" 5GB of perfectly good bandwidth where ID by IP will "waste" none. Hence knowing that traffic is of certain kind immediatelly has it's value especially for slower links where 5GB download takes more than few seconds.

m4rk0 · **Posted:** Sat Aug 28, 2010 10:58 pm

Hotfile.com IP ranges:

74.120.8.0/22
199.7.176.0/21

sewlist · **Posted:** Sun Aug 29, 2010 10:18 am

Not sure if this might help, we also quite a large WISP, we push heavy traffic, found that using a squid proxy server can save alot of data and u can manage certain sites

my problem was windowsupdates during the day as we have a 100mb internet breakout, so I slow it down to very small speed during the day and at night open it up

You can just add rapidshare there or make a new acl for it

acl winupdate dstdomain .windowsupdate.com
acl peakperiod time 06:00-23:00
delay_pools 1
delay_class 1 1
# 128 Kbit/s
delay_parameters 1 128000/128000
delay_access 1 allow winupdate peakperiod

S

ruhanda · **Posted:** Wed Sep 01, 2010 1:47 pm

Hi All,

Actually rapidshare is only web site that provide space so user can store and retrieve file by uploading or downloading files.
the problem is downloading and uploading process using same port 80 with HTTP.
In my internet cafe I'm using layer 7 protocol,firewall and queue to separate regular browsing and downloading files by set download priority lower then HTTP (Browsing).
Sometimes filter using packet-size is not effective.

Due to user doing Download more intense than upload so the code is not separate it when upload.
Please find the firewall code below,

Code:

# sep/01/2010 17:19:23 by RouterOS 4.9
/ip firewall layer7-protocol
add comment="" name=EXE regexp="^.*get.+\\.exe.*\$"
add comment="" name=RAR regexp="^.*get.+\\.rar.*\$"
add comment="" name=ZIP regexp="^.*get.+\\.zip.*\$"
add comment="" name=7z regexp="^.*get.+\\.7z.*\$"
add comment="" name=FLV regexp="^.*get.+\\.flv.*\$"
add comment="" name=WMV regexp="^.*get.+\\.wmv.*\$"
add comment="" name=MP3 regexp="^.*get.+\\.mp3.*\$"
add comment="" name=MP4 regexp="^.*get.+\\.mp4.*\$"
add comment="" name=3GP regexp="^.*get.+\\.3gp.*\$"

/ip firewall address-list
add address=192.168.1.0/24 comment="" disabled=no list=Local_Networks
add address=192.168.2.0/24 comment="" disabled=no list=Local_Networks
add address=10.5.50.0/24 comment="" disabled=no list=Local_Networks
add address=10.5.51.0/24 comment="" disabled=no list=Local_Networks

/ip firewall filter
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download EXE" disabled=no \
    layer7-protocol=EXE protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download 7z" disabled=no \
    layer7-protocol=7z protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download ISO" content=.iso \
    disabled=no protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download ZIP" disabled=no \
    layer7-protocol=ZIP protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download MPEG" content=\
    .mpeg disabled=no protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download MPG" content=.mpg \
    disabled=no protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download FLV" disabled=no \
    layer7-protocol=FLV protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download 3GP" disabled=no \
    layer7-protocol=3GP protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download RM" content=.rm \
    disabled=no protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download AVI" content=.avi \
    disabled=no protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download RAR" disabled=no \
    layer7-protocol=RAR protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download MP4" disabled=no \
    layer7-protocol=MP4 protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download MKV" content=.mkv \
    disabled=no protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download MOV" content=.mov \
    disabled=no protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download MSI" content=.msi \
    disabled=no protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download WAV" content=.wav \
    disabled=no protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download WMV" disabled=no \
    layer7-protocol=WMV protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download WMA" content=.wma \
    disabled=no protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download MP3" disabled=no \
    layer7-protocol=MP3 protocol=tcp src-address-list=Local_Networks
add action=add-dst-to-address-list address-list=DOWNLOAD \
    address-list-timeout=1h chain=forward comment="Download Videoplayback" \
    content=videoplayback disabled=no protocol=tcp src-address-list=\
    Local_Networks

/ip firewall mangle
add action=mark-connection chain=prerouting comment=DOWNLOAD disabled=no \
    dst-address-list=DOWNLOAD dst-port=80,8080,3128 in-interface=LAN \
    new-connection-mark=QoS_5_con_downld passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=\
    QoS_5_con_downld disabled=no new-packet-mark=QoS_5 passthrough=no
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-list=DOWNLOAD dst-port=110,995,143,993,25,20,21 in-interface=\
    LAN new-connection-mark=QoS_5_con_downld passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=\
    QoS_5_con_downld disabled=no new-packet-mark=QoS_5 passthrough=no
add action=mark-connection chain=prerouting comment=BROWSING disabled=no \
    dst-port=80,8080,3128,443,7778 in-interface=LAN new-connection-mark=\
    QoS_4_con packet-size=0-666 passthrough=yes protocol=tcp tcp-flags=syn
add action=mark-packet chain=prerouting comment="" connection-mark=QoS_4_con \
    disabled=no new-packet-mark=QoS_4 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-bytes=\
    0-1000000 disabled=no dst-port=80,8080,3128,443,7778 in-interface=LAN \
    new-connection-mark=QoS_4_con passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=QoS_4_con \
    disabled=no new-packet-mark=QoS_4 passthrough=no
add action=mark-connection chain=prerouting comment="" disabled=no dst-port=\
    110,995,143,993,25,20,21 in-interface=LAN new-connection-mark=QoS_4_con \
    packet-size=0-666 passthrough=yes protocol=tcp tcp-flags=syn
add action=mark-packet chain=prerouting comment="" connection-mark=QoS_4_con \
    disabled=no new-packet-mark=QoS_4 passthrough=no
add action=mark-connection chain=prerouting comment="" connection-bytes=\
    0-1000000 disabled=no dst-port=110,995,143,993,25,20,21 in-interface=LAN \
    new-connection-mark=QoS_4_con passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=QoS_4_con \
    disabled=no new-packet-mark=QoS_4 passthrough=no

Simple Queue code

Code:

# sep/01/2010 17:19:54 by RouterOS 4.9
# 
#
/queue type
set default-small kind=pfifo name=default-small pfifo-limit=10

/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
    direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
    256k/2M max-limit=500k/3M name=TOTAL parent=none priority=5 queue=\
    default-small/default-small target-addresses=\
    192.168.2.0/24,10.5.50.0/24,10.5.51.0/24 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
    direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
    32k/128k max-limit=256k/2M name=QoS_4-Browsing packet-marks=QoS_4 parent=\
    TOTAL priority=4 queue=default-small/default-small target-addresses=\
    192.168.2.0/24,10.5.50.0/24,10.5.51.0/24 total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
    direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
    16k/32k max-limit=128k/2M name=QoS_5-Download packet-marks=QoS_5 parent=\
    TOTAL priority=5 queue=default-small/default-small target-addresses=\
    192.168.2.0/24,10.5.50.0/24,10.5.51.0/24 total-queue=default-small

For best result you can use PCQ and Queue Tree. but for me simple queue is enough for my internet cafe and all my customer satisfied with current internet cafe network speed.

Adding and modify the code are welcome.

Thanks,
Ruhanda

Fight against rapidshare

Who is online