Bandwith limiting with NAT

karatha · August 19, 2004, 2:33pm

I have a network with private IP address 10.10.1.0/24. So I use masquerade. I want to share the bandwith equally beetwen the user.
I make a queue tree for the Bandwith controll.
The control of the UPLOAD is working correctly.
But the DOWNLOAD doesn’t work.
How to mark the packets for the download if I use NAT ?
I’ve seen a p2p example on mikrotik web. So I try this:
/ip firewall mangle add src-address=10.10.0.1/32 mark-connection=client1 action=passthrough
/ip firewall mangle add connection=client1 dst-address=10.10.1.1/32 mark-flow= client1_down action=passthrough.

But it doesn’t work correctly.

Please help me

schickb · August 19, 2004, 4:54pm

I have also been fighting with this for over a month!

can anyone help?

npyoung · August 22, 2004, 2:03am

I have a NATed user base as well, and I used to limit bw the way you are approaching it. Now I just use simple queues to limit each customer by IP. It’s, well, simple…

GJS · August 22, 2004, 2:29am

I have used queue trees on masqueraded clients for both upload and download throttling without problems. Unfortunately, I have overwritten that configuration and am using simple queues now.

I can’t see anything wrong with the packet marking so perhaps it is the queues themselves. Perhaps try changing the parent of the queue? As only traffic leaving the interface can be controlled, you will need to use different parents for upload and download traffic from/to your clients. I can’t remeber which exactly but a little experimentation should find the answer. I would use winbox for this, if you are not doing so already, as you can quickly change the parent and immediately see the effect on speed for each client.

'Hope this helps.
Guy

schickb · August 22, 2004, 4:16am

I got mine working at the office.

I use winbox so I can’t give you commands. The best thing to do is work through it one step at a time.

1-mangle the traffic, check to see that its getting marked.
2- setup the queue. see that traffic is getting found.

The above examples worked for me, I just had to set it up. I don’t know why, I tired this 100 times and didn’t get it right. But I worked it through again and this time it worked.

On the second mangle, make sure you use accept if you have a default user. (if you set a default for everyone else)

signal · August 22, 2004, 3:23pm

the mangle lines look correct, maybe its a problem with your queue commands, post those.

raqu · August 23, 2004, 1:41pm

I had the same problem, so I think it is solution for You

For ex. in my network I did like this:

src-address=192.168.130.0/24 p2p=all-p2p action=passthrough
mark-connection=p2p con

connection=p2p con action=accept mark-flow=p2p limit

then I used PCQ and limit traffic per user:

name=“p2p - out” parent=global-out flow=p2p limit limit-at=0
queue=p2p - out priority=8 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0

name=“p2p - in” parent=global-in flow=p2p limit limit-at=0 queue=p2p - in
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0

Example above is for p2p traffic but it working with anything else.

Greetings
raqu

999999 · August 31, 2004, 12:57pm

I want to know about my config that I used. If there’s something wrong please give me your suggestion…

ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 src-address=10.10.88.2/32 action=passthrough mark-connection=con1

1 connection=con1 action=accept mark-flow=hm1

2 src-address=10.10.88.9/32 action=passthrough mark-connection=con2

3 connection=con2 action=accept mark-flow=hm2

4 src-address=10.10.88.4/32 action=passthrough mark-connection=con3

5 connection=con3 action=accept mark-flow=hm3

6 src-address=10.10.234.2/32 action=passthrough mark-connection=CON4

7 connection=CON4 action=accept mark-flow=hm4

8 src-address=10.10.99.2/32 action=passthrough
mark-connection=con5

9 connection=con5 action=accept mark-flow=hm5

queue tree>

44 name=“Up” parent=global-in flow=“” limit-at=94000
queue=conservative-red priority=8 max-limit=96000 burst-limit=0
burst-threshold=0 burst-time=0

45 name=“Dw” parent=global-out flow=“” limit-at=94000
queue=conservative-red priority=8 max-limit=96000 burst-limit=0
burst-threshold=0 burst-time=0

46 X name=“hm2-down” parent=Dw flow=hm2 limit-at=6000 queue=conservative-red
priority=7 max-limit=40000 burst-limit=0 burst-threshold=0
burst-time=0

47 X name=“hm2-up” parent=Up flow=hm2 limit-at=6000 queue=conservative-red
priority=7 max-limit=40000 burst-limit=0 burst-threshold=0
burst-time=0

48 name=“hm3-down” parent=Dw flow=hm3 limit-at=8000
queue=conservative-red priority=7 max-limit=16000 burst-limit=0
burst-threshold=0 burst-time=0

49 name=“hm3-up” parent=Up flow=hm3 limit-at=8000
queue=conservative-red priority=7 max-limit=16000 burst-limit=0
burst-threshold=0 burst-time=0

50 name=“hm-dw” parent=Dw flow=hm limit-at=6000 queue=conservative-red
priority=7 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0

51 name=“hm-up” parent=Up flow=hm limit-at=6000 queue=conservative-red
priority=7 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0

52 name=“hm4-Dw” parent=Dw flow=hm4 limit-at=6000 queue=conservative-red
priority=7 max-limit=20000 burst-limit=0 burst-threshold=0
burst-time=0
53 name=“hm4-Up” parent=Up flow=hm4 limit-at=6000 queue=conservative-red
priority=7 max-limit=20000 burst-limit=0 burst-threshold=0
burst-time=0

54 name=“hm5-DW” parent=Dw flow=hm5 limit-at=20000
queue=conservative-red priority=6 max-limit=40000 burst-limit=0
burst-threshold=0 burst-time=0

55 name=“hm5-Up” parent=Up flow=hm5 limit-at=20000
queue=conservative-red priority=6 max-limit=40000 burst-limit=0
burst-threshold=0 burst-time=0

How if I change hm,hm2…hm5 with max-limit=96000 so they can share the parent bandwidth(96000) and get their limit if all the clients use the bandwidth.

Helpp plzzz