by setting a simple queue on a target address, will limit entire connection to that ip, either routed or not. how to set the queue so it will only limit when the target address connected to a certain dst. port through a routing mark? for example, port 80.
-
Use mangle with queue, Mangle marks the packet, queue applies limitation.
-
To set bandwidth to the specific hosts without port specification, use target-address and dst-address in queue simple configuration.
i did mangle - marked the packet. strangely, it marked only the upload packets to wan.
here is my mangle:
chain=prerouting action=mark-packet new-packet-mark=Game passthrough=yes protocol=tcp src-address=192.168.0.0/24
dst-port=!80,8291
am i correct?
That would mark all TCP traffic going from 192.168.0.0/24 to destination ports other than 80 and 8291. If you also want to mark the return traffic the rule doesn’t match for that since the source address of that traffic is reversed. You could either add a second rule that looks the same but refers to 192.168.0.0/24 as the destination address instead of the source address, or you could change the action of your rule to apply a connection-mark instead. Connections are bidirectional. Then add a second rule that adds your packet-mark to all connections with the connection-mark present, effectively marking packets going both ways.
i see, tested it with marked connection, and it works. thanks
but, there’s a new problem, when a transparent web proxy enabled, the queue seems can’t limit the download, only the upload can be queued. i did some search on the forum, and it seems to be the popular question. do you happen know how to handle this?
Not sure, since I don’t use proxies. Maybe it has something to do with the proxy interrupting the connection and connection tracking not correlating the traffic from proxy to client with the original request? In that case you’d want to queue traffic in the output chain going to the clients.