We are operating an MT router RB 433, software version v3.22, with wireless and hotspot function enabled and with the number of clients varying from a few up to 40. The public side of the MT router is connected to an ADSL router for internet access and to an FTP server.
For bandwidth control we are using a queue tree with PCQueues. The idea is to evenly spread the available bandwidth among the momentarily connected users. This should result in a higher bandwidth per user if there are only a few connected, and vice versa. Specifically, we would like the queue tree to generate only one PC subqueue for each client and that is the problem. In the current router setup, one PC subqueue is generated for each TCP connection and a client can have many TCP connections open at any one time. When a client is downloading using a P2P software, the data may come down through several TCP connections simultaneously and that client gets a disproportionately large share of the bandwidth.
We are using masquerading, which causes all packets to have the same source address. Therefore, when defining the pcq in the menu Queue List / Queue Types the pcq-classifier has to be src-address and src-port, respectively dst-address and dst-port. If src-port and dst-port are not selected only one PC subqueue is generated each for upload and download.
If we could configure the router such that masquerading is not necessary, then we would not have to select src-port and dst-port in the definition of the pcq types. We tried to disable masquerading, but the router does not work then.
So, the question is how to configure the router so that masquerading (or src nat) is not necessary.
Below are printouts of the relevant parts of the configuration.
A word of explanation to “/ip firewall mangle”: The idea is to allow downloads from our FTP server and from the cache memory at a higher rate than from the internet.
/ip address
add address=192.168.3.12/24 broadcast=192.168.3.255 comment=“” disabled=no
interface=WAN2 network=192.168.3.0
add address=10.0.100.1/24 broadcast=10.0.100.255 comment=“” disabled=no
interface=wlan1 network=10.0.100.0
/ip route
add comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
192.168.3.1 scope=30 target-scope=10
/ip firewall nat
add action=masquerade chain=srcnat comment=“masquerade hotspot network”
disabled=no src-address=10.0.100.0/24
/ip firewall mangle
add action=mark-connection chain=forward comment=“MARK CONNECTION AND PACKETS
FOR FTP TRAFFIC. PACKET MARKS ARE USED IN QUEUE TREE.” disabled=no
dst-address=192.168.1.240 new-connection-mark=FTP-conn passthrough=yes
add action=mark-packet chain=forward comment=“” connection-mark=FTP-conn
disabled=no new-packet-mark=Highspeed-P passthrough=no
add action=passthrough chain=output comment=
“********* SPEED-UP PROXY CACHE TRAFFIC *********” disabled=no
dst-address=192.168.1.240
add action=mark-connection chain=output comment=
“CACHE HIT TRAFFIC: MARK CONNECTIONS AND PACKETS” disabled=no dscp=4
new-connection-mark=Cache-conn passthrough=yes
add action=mark-packet chain=output comment=“” connection-mark=Cache-conn
disabled=no new-packet-mark=Highspeed-P passthrough=no
add action=mark-connection chain=output comment=
“REMAINING TRAFFIC THROUGH OUTPUT CHAIN” disabled=no new-connection-mark=
Remaining-conn passthrough=yes
add action=mark-packet chain=output comment=“” connection-mark=Remaining-conn
disabled=no new-packet-mark=Lowspeed-P passthrough=no
add action=mark-connection chain=forward comment=
“REMAINING TRAFFIC THROUGH FORWARD CHAIN” disabled=no
new-connection-mark=Remaining-conn passthrough=yes
add action=mark-packet chain=forward comment=“” connection-mark=
Remaining-conn disabled=no new-packet-mark=Lowspeed-P passthrough=yes
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=DOWN-TRAFFIC packet-mark=“” parent=bridge1 priority=8
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=UP-TRAFFIC packet-mark=“” parent=WAN2 priority=8 queue=
default
add burst-limit=3000000 burst-threshold=1900000 burst-time=8s disabled=no
limit-at=0 max-limit=2000000 name=“FTP DOWN AND CACHE” packet-mark=
Highspeed-P parent=DOWN-TRAFFIC priority=8 queue=default
add burst-limit=3000000 burst-threshold=1900000 burst-time=8s disabled=no
limit-at=0 max-limit=2000000 name=“FTP UP” packet-mark=Highspeed-P
parent=UP-TRAFFIC priority=8 queue=default
add burst-limit=4000000 burst-threshold=3200000 burst-time=8s disabled=no
limit-at=0 max-limit=3500000 name=“HOTSPOT DOWN” packet-mark=Lowspeed-P
parent=DOWN-TRAFFIC priority=8 queue=hotspot-down
add burst-limit=405000 burst-threshold=380000 burst-time=8s disabled=no
limit-at=0 max-limit=400000 name=“HOTSPOT UP” packet-mark=Lowspeed-P
parent=UP-TRAFFIC priority=8 queue=hotspot-up
/queue type
add kind=pcq name=hotspot-up pcq-classifier=src-address,src-port pcq-limit=50
pcq-rate=60000 pcq-total-limit=5000
add kind=pcq name=hotspot-down pcq-classifier=dst-address,dst-port pcq-limit=
50 pcq-rate=300000 pcq-total-limit=5000
set default-small kind=pfifo name=default-small pfifo-limit=10