Help me plzz.... :(

kunimihiro · April 12, 2007, 1:54pm

Hi All.. I’m so glad that i found this site, hope i can learn many things from seniors in this forum
Guys, i’ve just setup an ISP with former clients is my internet cafes. I use MT to route my network. Here is the configuration:

Public Network GW------| |—National Network GW
------------------------- Router--------------------------
Proxy Server-----------| |-----------Clients

Proxy Server, Router and Clients is on a network LAN
the BW for public is 512K and national is 5M

So i have 3 interfaces on the router, Public, National (Local), and LAN
I do the following setup:

Route all the dst-address to specific GW
I use a computer act as a proxy server (running FreeBSD)
Every Clients which connect through port 80 will be redirected to the proxy server
I use queue tree to limit bandwidth for each routing (to Public and to National Local) as the LAN is looseless BW
The proxy server works only for the address list that route through Public GW

My problem :

As the proxy server act as mediator for the client and public, the proxy always uses the highest bandwidth (in this case all of the public BW)
When a client try to test bandwidth, always get small amount, and ping to a server usually time-out, buuuuut … when browsing not that slow because connection to the proxy is in LAN
When i disable the redirection to the proxy server, i see that queue tree isn’t very effective ( i want a single client got 64 kb, but ended up got small amount, because another client uses the bandwidth)
I use queue tree like this → limit at 64k max limit 512k
The proxy isn’t deliver packages like what LAN usually do (a.k.a slow)

My question :

Is there any way to utilize the proxy so it isn’t use high bandwidth, so the client could use the rest, because if i set proxy get high bandwidth, a client couldn’t even ping to yahoo for example
What is the effecient and effective way to use external proxy, and queueing BW for client
Is my setup is quite right?

Thx for all the upcoming answers
Every bit of ur answer would please me

kunimihiro · April 13, 2007, 8:00pm

hiks.. anybody…
help me plzzz

sten · April 13, 2007, 9:42pm

Limit the customer traffic before it can reach the proxy?

kunimihiro · April 14, 2007, 1:15am

Helo Sten…
I think i see that my problem is the connection to the proxy
My current config is like this:

Client connect to the gateway router and the router redirect all connection with port 80 to proxy server
I use pcq to limit the user equally
Here is my mangle setup:

/ ip firewall mangle 
add chain=prerouting src-address-list=!localIP action=mark-packet new-packet-mark=all-intl-mark passthrough=yes comment="" \
    disabled=yes 
add chain=prerouting src-address-list=localIP action=mark-packet new-packet-mark=all-regIP-mark passthrough=yes comment="" \
    disabled=yes 
add chain=postrouting dst-address=10.5.9.3 action=mark-connection new-connection-mark=all-proxy-conn passthrough=yes \
    comment="All Proxy Download" disabled=no 
add chain=prerouting connection-mark=all-proxy-conn action=mark-packet new-packet-mark=all-proxy-mark passthrough=yes \
    comment="" disabled=no 
add chain=postrouting src-address-list=Customer-IP dst-address-list=Customer-IP action=mark-connection \
    new-connection-mark=our-local-conn passthrough=yes comment="" disabled=no 
add chain=prerouting connection-mark=our-local-conn action=mark-packet new-packet-mark=our-local passthrough=yes \
    comment="" disabled=no 

add chain=postrouting dst-address=10.5.10.218 src-address-list=!localIP action=mark-connection \
    new-connection-mark=caffe1-intl-con passthrough=yes comment="" disabled=no 
add chain=postrouting dst-address=10.5.10.220 src-address-list=!localIP action=mark-connection \
    new-connection-mark=caffe2-intl-con passthrough=yes comment="" disabled=no 
add chain=prerouting connection-mark=caffe1-intl-con action=mark-packet new-packet-mark=caffe1-intl passthrough=yes \
    comment="" disabled=no
add chain=prerouting connection-mark=caffe2-intl-con action=mark-packet new-packet-mark=caffe2-intl passthrough=yes \
    comment="" disabled=no

with customer-list

/ip firewall address-list
add list=Customer-IP address=10.5.10.218 comment="caffe1" disabled=no 
add list=Customer-IP address=10.5.10.220 comment="caffe2" disabled=no 
add list=Customer-IP address=10.5.9.1 comment="MainGateway" disabled=yes
add list=Customer-IP address=10.5.9.3 comment="Proxy" disabled=yes

and this is my queue setup :

/queue tree
add name="Total-512K-down" parent=LAN packet-mark="" limit-at=512k queue=pcq_down priority=8 max-limit=512k burst-limit=0 \
    burst-threshold=0 burst-time=0s disabled=no 
add name="caffe1-down" parent=Total-512K-down packet-mark=caffe1-intl limit-at=0 queue=pcq_down priority=8 max-limit=0 \
    burst-limit=0 burst-threshold=0 burst-time=0s disabled=no 
add name="caffe2-down" parent=Total-512K-down packet-mark=caffe2-intl limit-at=0 queue=pcq_down priority=8 max-limit=0 \
    burst-limit=0 burst-threshold=0 burst-time=0s disabled=no 
add name="OurLocal" parent=global-in packet-mark=our-local limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 \
    burst-threshold=0 burst-time=0s disabled=no 
add name="all-proxy" parent=LAN packet-mark=all-proxy-mark limit-at=0 queue=pcq_down priority=8 max-limit=0 burst-limit=0 \
    burst-threshold=0 burst-time=0s disabled=no

But i can’t see the our-local-conn in connection list, instead i see caffe1-intl-conn not our local connection. So i assume the traffic to the proxy is not looseless

maybe because there is slice between my mangles ..
help me please.. onegaii

kunimihiro · April 17, 2007, 5:31am

Is there anybody who could give me a hand…
my network is desperate needing help for bandwidth
but i couldnt optimize it
hikz.. hikz…

what should i dooooooo

sten · April 17, 2007, 12:14pm

Limit the customer traffic before it can reach the proxy?