Fail to apply Queues for donwload when redirecting to proxy

andrescamino · August 9, 2011, 9:34pm

Hello everyone,

I have this scenario: A RB1200 has mangle rules to mark the connection and packets in order to use the packet marks for Queues purposes for down and up bandwith limit, the web proxy is activated and has parent proxy the ip address 192.168.1.1 and the NAT rules to redirect the LAN web traffic to the proxy which is in another network created in the eth3. NAT rules are:

 0  chain=srcnat action=masquerade src-address=192.168.1.1 

 1  chain=dstnat action=redirect to-ports=8080 protocol=tcp 
     in-interface=LAN-CLIENTES dst-port=80 

 2  chain=srcnat action=masquerade src-address-list=Lista_Home_512k_1

the problem is that when the rule 1 is active, the queues don’t make the limitation, if the rule 1 is inactive, the router works fine with the queues and make the limitation.
Another problem is that when the rule 1 is active the CPU goes all the way up to 100%, and when the rule is inactive it goes to 5%

what could be the problem?? how do i make the limitation to the router and also redirect the traffic to a proxy server?

fewi · August 9, 2011, 9:41pm

Is there a specific reason you’re not just doing destination NAT to punt traffic directly to the proxy server, rather than redirecting it to the router first?

Queueing presumably isn’t happening for the same reason: you’re redirecting traffic to the router itself, so now that traffic is in the input/output chains, rather than forward.

andrescamino · August 9, 2011, 11:01pm

Hi Fewi,

Actually yes…for some reason it doesn’t work when I redirect the traffic instead, i got an error on the navigation, i can’t understand why…it’s transparent and also no transparent and no luck…can’t really understand why because teh proxy is actually working when i configure the proxy in the browser…

Thanks fewi!

fewi · August 9, 2011, 11:05pm

Try and fix that. Your router is running at 100% because it can’t handle being a proxy for that much traffic.

If you need help fixing it provide more details.

andrescamino · August 10, 2011, 5:04pm

Hi Fewi,

It works now with the dst nat action, but for some reason the queues work just for download, and not upload
this are the nat configuration rules

0 ;;; Nateo de Red y redireccion a Thundercache
chain=srcnat action=masquerade src-address=192.168.1.1

1 chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=3128
protocol=tcp in-interface=LAN-CLIENTES dst-port=80

2 ;;; Nateo de Red de clientes
chain=srcnat action=masquerade src-address-list=Lista_Home_512k_1

Don’t understand why it’s not limiting the upload

fewi · August 10, 2011, 5:24pm

Those are just NAT rules - if you need help troubleshooting your queues please post your queue configuration.

andrescamino · August 16, 2011, 8:07pm

It worked with the dnat rule, it didn’t worked with queues because in queues the parent was assigned to other interface…my bad

thanks for your reply!