Community discussions

MikroTik App
  4. RouterOS
  5. General

limit overseas traffic

Post Reply
 
shrek777
Member Candidate
Member Candidate
Topic Author
Posts: 264
Joined: Wed Jan 21, 2009 9:44 am

limit overseas traffic

Tue Oct 26, 2010 10:50 am

i want to limit only global speed with pcq, so all clients have their own limits for all speed but i want to limit them with global speed 256k for all users.

i add all local isp provers ip to ip firewall mangle mark packet passthrough no
then ip firewall mangle mark packet 0.0.0.0
and then i add queue rule for it, i am running all this to bridge interface.

but it doesnot work

here is configuration

/ip firewall mangle
add action=mark-packet chain=prerouting comment="" disabled=yes \
new-packet-mark=all passthrough=yes
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=46.49.0.0/17
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=62.32.35.128/25
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=62.32.36.0/22
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=62.32.40.0/22
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=62.32.44.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=62.32.45.128/25
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=62.32.46.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=62.32.49.232/29
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=62.134.190.128/26
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=62.134.200.64/26
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=62.168.160.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=62.209.40.88/29
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=62.212.32.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=64.182.4.237
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=64.182.4.238/31
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=64.182.4.240/30
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=64.182.4.244
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=69.13.69.126/31
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=69.13.69.128/30
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=69.13.69.132/31
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=69.13.69.134
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=69.13.70.34/31
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=69.13.70.36/30
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=69.13.70.40/31
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=69.13.70.42
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=72.9.148.115
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=72.9.148.116/30
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=72.9.148.120/31
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=72.9.148.122
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=77.74.40.0/21
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=77.92.224.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=78.138.9.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=78.139.128.0/18
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=79.99.248.0/21
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=80.77.48.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=80.83.128.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=80.92.176.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=80.241.176.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=80.241.240.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=81.16.240.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=81.95.160.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=82.112.160.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=82.138.130.96/29
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=83.229.86.176/28
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=83.229.88.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=83.229.124.0/25
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=83.229.127.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=85.114.224.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=85.117.32.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=85.118.96.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=85.238.32.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=87.253.32.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=88.210.192.0/18
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=89.150.0.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=89.207.112.56/29
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=89.207.112.64/26
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=89.207.112.128/25
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=89.207.113.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=89.207.114.0/23
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=89.207.116.0/22
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=89.232.0.0/18
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=91.151.128.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=91.184.96.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=91.197.240.0/22
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=91.208.144.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=91.209.131.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=91.212.213.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=91.216.176.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=92.43.8.0/23
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=92.51.64.0/18
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=92.54.192.0/18
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=92.241.64.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=93.174.24.0/21
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=93.177.128.0/18
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=93.186.208.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=93.188.8.0/21
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=94.43.0.0/16
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=94.100.224.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=94.137.160.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=94.235.0.0/16
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=94.240.192.0/18
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=95.104.0.0/17
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=95.137.128.0/17
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=109.172.128.0/17
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=109.205.40.0/21
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=109.234.112.0/21
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=109.238.224.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=178.134.0.0/16
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=178.236.48.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=178.249.16.0/21
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=188.92.208.0/21
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=188.93.88.0/21
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=188.121.192.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=188.123.128.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=188.129.128.0/17
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=188.169.0.0/16
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=193.104.20.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=193.105.237.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=194.0.227.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=195.54.178.0/23
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=198.70.0.208/29
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=205.168.23.224/27
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=212.58.96.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=212.72.128.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=213.131.32.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=213.157.192.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=213.200.0.0/19
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=213.209.169.0/29
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=213.209.169.8/30
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=213.209.169.16/29
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=213.209.169.48/29
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=213.209.170.160/29
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=216.53.187.0/27
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=216.207.97.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=217.11.160.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=217.28.250.72/29
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=217.28.250.192/28
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=217.106.219.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=217.106.244.0/24
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=217.147.66.64/28
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=217.147.66.216/30
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
local passthrough=no src-address=217.147.224.0/20
add action=mark-packet chain=forward comment="" disabled=yes new-packet-mark=\
Global passthrough=no


/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
add kind=pcq name=PCQ_download pcq-classifier=src-address pcq-limit=300 \
pcq-rate=256000 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10


/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=10M \
max-limit=10M name=queue1 packet-mark=Global parent=global-out priority=1 \
queue=default-small
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7053
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: limit overseas traffic

Tue Oct 26, 2010 11:18 am

Check these examples
http://wiki.mikrotik.com/wiki/Different ... queue_tree
http://wiki.mikrotik.com/wiki/How_to_ap ... as_traffic
Top
 
shrek777
Member Candidate
Member Candidate
Topic Author
Posts: 264
Joined: Wed Jan 21, 2009 9:44 am

Re: limit overseas traffic

Tue Oct 26, 2010 8:29 pm

passthrough-no doesnot works, it pass all traffic anyway.

routeros 5rc1
Top
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: limit overseas traffic

Tue Oct 26, 2010 8:37 pm

Not sure if it would improve performance (it potentially could), but using address lists would certainly make things more readable.
Code: Select all
/ip firewall address-list
add list=local address=46.49.0.0/17
add list=local address=62.32.35.128/25
[...]

/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=all passthrough=yes
add action=mark-packet chain=forward src-address-list=local new-packet-mark=local passthrough=no
add action=mark-packet chain=forward new-packet-mark=Global passthrough=no
Top
 
shrek777
Member Candidate
Member Candidate
Topic Author
Posts: 264
Joined: Wed Jan 21, 2009 9:44 am

Re: limit overseas traffic

Tue Oct 26, 2010 9:34 pm

passthrough-no doesnot works anyway
Top
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:
Contact Chupaka

Re: limit overseas traffic

Tue Oct 26, 2010 9:40 pm

it doesn't work with marks. it's known problem of rc1. either use beta6, or wait for rc2
Top
 
shrek777
Member Candidate
Member Candidate
Topic Author
Posts: 264
Joined: Wed Jan 21, 2009 9:44 am

Re: limit overseas traffic

Wed Oct 27, 2010 8:59 am

Thank you
Top
Post Reply

Who is online

Users browsing this forum: aldmik, dmitris, ips and 88 guests
  4. RouterOS
  5. General