Different limits for Local/Overseas traffic

RouterOS Beginner Basics
1

Hi,

I’ve created setup based on this example on RB 450G:
http://wiki.mikrotik.com/wiki/Different_limits_for_Local/Overseas_traffic_for_3_bandwitch_rates_using_pcq_and_queue_tree

interface print
Flags: D - dynamic, X - disabled, R -

NAME

0 R public
1 R local
2 ether3
3 ether4
4 R ether5
5 R bridge1

/ interface bridge settings print
use-ip-firewall: yes
use-ip-firewall-for-vlan: no
use-ip-firewall-for-pppoe: no

/ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Default mangle for lithuania Download
chain=forward action=mark-packet new-packet-mark=LT_DL_10M passthrough=yes
src-address-list=lithuania in-interface=local

1 ;;; Default mangle for lithuania Upload
chain=forward action=mark-packet new-packet-mark=LT_UL_10M passthrough=yes
dst-address-list=lithuania in-interface=public

2 ;;; Default mangle for Oversea Download
chain=forward action=mark-packet new-packet-mark=OS_DL_3M passthrough=yes
src-address-list=!lithuania in-interface=local

3 ;;; Default mangle for Oversea Upload
chain=forward action=mark-packet new-packet-mark=OS_UL_3M passthrough=yes
dst-address-list=!lithuania in-interface=local


All traffic is passing through bridge but is not marked, all counters in firewall/mangle are on 0.
What is strange the same config is working on computer based router os v 2.9
Cant find reason why traffic is not marked.

2

At the risk of asking the obvious… are you absolutely sure that the relevant address lists have transferred correctly?

3

I think there is no matter in list. If IP address is not in list it goes to overseas traffic. But all counters are zero, no traffic is marked. I have question does this example works with version above 2.9? I’ve tested in 3.x it does not work either.

4

OK - but all the rules actually involve a list and if the list does not exist I wouldn’t depend on the rule to work as expected. I haven’t tested what happens on such a rule if the list does not exist.

5

Rules are ok. I have about 178.

0 lithuania 85.255.96.0/20
1 lithuania 78.56.0.0/13
2 lithuania 88.118.0.0/16
3 lithuania 89.116.0.0/16
4 lithuania 88.222.0.0/16
5 lithuania 86.38.0.0/16
6 lithuania 86.100.0.0/16
7 lithuania 85.206.0.0/16
8 lithuania 84.15.0.0/16
9 lithuania 84.32.0.0/16
10 lithuania 88.216.0.0/16
11 lithuania 84.46.128.0/17

174 lithuania 195.216.233.0/24
175 lithuania 195.244.12.0/23
176 lithuania 212.1.208.0/21

6

It would probably be best if you upload the config using /export compact.

7

That example in wiki seems pretty legit and should work in any version as there are nothing special in it.
Either way you should search the forum. I’m not sure but I might have seen local/overseas traffic split done by a little bit different approach. It still uses address lists though, there’s no other way to tell what is local.

8

/export compact

may/30/2012 15:16:56 by RouterOS 5.16

software id = RDWW-LUHA

/interface bridge
add name=bridge1
/interface ethernet
set 0 name=public
set 1 name=local
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/queue type
add kind=pcq name=LT_DL_20M pcq-classifier=dst-address pcq-rate=20M
add kind=pcq name=LT_DL_10M pcq-classifier=dst-address pcq-rate=10M
add kind=pcq name=LT_DL_4M pcq-classifier=dst-address pcq-rate=4M
add kind=pcq name=LT_UL_20M pcq-classifier=src-address pcq-rate=20M
add kind=pcq name=LT_UL_10M pcq-classifier=src-address pcq-rate=10M
add kind=pcq name=LT_UL_4M pcq-classifier=src-address pcq-rate=4M
add kind=pcq name=OS_DL_20M pcq-classifier=dst-address pcq-rate=20M
add kind=pcq name=OS_DL_3M pcq-classifier=dst-address pcq-rate=3M
add kind=pcq name=OS_DL_2M pcq-classifier=dst-address pcq-rate=2M
add kind=pcq name=OS_UL_20M pcq-classifier=src-address pcq-rate=20M
add kind=pcq name=OS_UL_3M pcq-classifier=src-address pcq-rate=3M
add kind=pcq name=OS_UL_2M pcq-classifier=src-address pcq-rate=2M
/queue tree
add name=LT_DL_20M packet-mark=LT_DL_20M parent=local queue=LT_DL_20M
add name=LT_DL_10M packet-mark=LT_DL_10M parent=local queue=LT_DL_10M
add name=LT_DL_4M packet-mark=LT_DL_4M parent=local queue=LT_DL_4M
add name=LT_UL_4M packet-mark=LT_UL_4M parent=public queue=LT_UL_4M
add name=LT_UL_10M packet-mark=LT_UL_10M parent=public queue=LT_UL_10M
add name=LT_UL_20M packet-mark=LT_UL_20M parent=public queue=LT_UL_20M
add name=OS_DL_20M packet-mark=OS_DL_20M parent=local queue=OS_DL_20M
add name=OS_UL_20M packet-mark=OS_UL_20M parent=public queue=OS_UL_20M
add name=OS_DL_3M packet-mark=OS_DL_3M parent=local queue=OS_DL_3M
add name=OS_DL_2M packet-mark=OS_DL_2M parent=local queue=OS_DL_2M
add name=OS_UL_3M packet-mark=OS_UL_3M parent=public queue=OS_UL_3M
add name=OS_UL_2M packet-mark=OS_UL_2M parent=public queue=OS_UL_2M
/interface bridge port
add bridge=bridge1 interface=public
add bridge=bridge1 interface=local
/interface bridge settings
set use-ip-firewall=yes
/ip address
add address=192.168.3.241/24 comment=“added by setup” interface=ether5
/ip firewall address-list
add address=85.255.96.0/20 list=lithuania
add address=78.56.0.0/13 list=lithuania
add address=88.118.0.0/16 list=lithuania
add address=89.116.0.0/16 list=lithuania
add address=88.222.0.0/16 list=lithuania
add address=86.38.0.0/16 list=lithuania

add address=195.170.181.0/24 list=lithuania
add address=195.216.233.0/24 list=lithuania
add address=195.244.12.0/23 list=lithuania
add address=212.1.208.0/21 list=lithuania
add address=192.168.3.243 list=4/2
/ip firewall mangle
add action=mark-packet chain=forward comment=
“Default mangle for lithuania Download” in-interface=local new-packet-mark=
LT_DL_10M src-address-list=lithuania
add action=mark-packet chain=forward comment=
“Default mangle for lithuania Upload” dst-address-list=lithuania
in-interface=public new-packet-mark=LT_UL_10M
add action=mark-packet chain=forward comment=
“Default mangle for Oversea Download” in-interface=local new-packet-mark=
OS_DL_3M src-address-list=!lithuania
add action=mark-packet chain=forward comment=
“Default mangle for Oversea Upload” dst-address-list=!lithuania
in-interface=local new-packet-mark=OS_UL_3M
add action=mark-packet chain=forward comment=“Tarif 20/20 lithuania Download”
dst-address-list=20/20 in-interface=local new-packet-mark=LT_DL_20M
passthrough=no src-address-list=lithuania
add action=mark-packet chain=forward comment=“Tarif 20/20 lithuania Upload”
dst-address-list=lithuania in-interface=public new-packet-mark=LT_UL_20M
passthrough=no src-address-list=20/20
add action=mark-packet chain=forward comment=“Tarif 20/20 Oversea Download”
dst-address-list=20/20 in-interface=local new-packet-mark=OS_DL_20M
passthrough=no src-address-list=!lithuania
add action=mark-packet chain=forward comment=“Tarif 20/20 Oversea Upload”
dst-address-list=!lithuania in-interface=public new-packet-mark=OS_UL_20M
passthrough=no src-address-list=20/20
add action=mark-packet chain=forward comment=“Tarif 4/2 lithuania Download”
dst-address-list=4/2 in-interface=local new-packet-mark=LT_DL_4M
passthrough=no src-address-list=lithuania
add action=mark-packet chain=forward comment=“Tarif 4/2 lithuania Upload”
dst-address-list=lithuania in-interface=public new-packet-mark=LT_UL_4M
passthrough=no src-address-list=4/2
add action=mark-packet chain=forward comment=“Tarif 4/2 Oversea Download”
dst-address-list=4/2 in-interface=local new-packet-mark=OS_DL_2M
passthrough=no src-address-list=!lithuania
add action=mark-packet chain=forward comment=“Tarif 4/2 Oversea Upload”
dst-address-list=!lithuania in-interface=public new-packet-mark=OS_UL_2M
passthrough=no src-address-list=4/2
/ip route
add distance=1 gateway=192.168.3.254
/system clock
set time-zone-name=Europe/Vilnius

9

As far as i can see problem is with the fact that you are working with bridged traffic (use-ip-firewall=yes in bridge settings).

I don’t like that type of setups cause always it is necessary to check:

  1. if in-interface for packets is “bridge1” or “local”
  2. if “local” is considered as “in-interface” or as “in-bridge-port”

I always use action “log” to determine where that traffic goes exactly.

Hope it helps.

10

I think macgaiver is correct. Try changing the in-interface to bridge1 and the counters should start moving.

11

You are absolutely right. This is working config:


/ip firewall mangle
add action=mark-packet chain=forward comment=
“Default mangle for lithuania Download” in-interface=bridge1
new-packet-mark=LT_DL_10M out-bridge-port=local src-address-list=
lithuania
add action=mark-packet chain=forward comment=
“Default mangle for lithuania Upload” dst-address-list=lithuania
in-interface=bridge1 new-packet-mark=LT_UL_10M out-bridge-port=public
add action=mark-packet chain=forward comment=
“Default mangle for Oversea Download” in-interface=bridge1
new-packet-mark=OS_DL_3M out-bridge-port=local src-address-list=
!lithuania
add action=mark-packet chain=forward comment=
“Default mangle for Oversea Upload” dst-address-list=!lithuania
in-interface=bridge1 new-packet-mark=OS_UL_3M out-bridge-port=public
add action=mark-packet chain=forward comment=“Tarif 20/20 lithuania Download”
dst-address-list=20/20 in-interface=bridge1 new-packet-mark=LT_DL_20M
out-bridge-port=local passthrough=no src-address-list=lithuania
add action=mark-packet chain=forward comment=“Tarif 20/20 lithuania Upload”
dst-address-list=lithuania in-interface=bridge1 new-packet-mark=LT_UL_20M
out-bridge-port=public passthrough=no src-address-list=20/20
add action=mark-packet chain=forward comment=“Tarif 20/20 Oversea Download”
dst-address-list=20/20 in-interface=bridge1 new-packet-mark=OS_DL_20M
out-bridge-port=local passthrough=no src-address-list=!lithuania
add action=mark-packet chain=forward comment=“Tarif 20/20 Oversea Upload”
dst-address-list=!lithuania in-interface=bridge1 new-packet-mark=
OS_UL_20M out-bridge-port=public passthrough=no src-address-list=20/20

Thanks a lot