Mark packet

digidax · July 30, 2014, 1:39pm

Hello,

have configured NAT, Wireless is a client of an AP, LAN 192.168.1.0/24 on ethernet port 3.
I see in Torch such connection:

Src: 192.168.1.171:52203
Dst: 100.100.100.100:5000

The src host has initiated a ssh connection to dst and loads from the dst host data down. (Tx Rate: 21 MBit, Rx Rate 179 kBit)

How can I mark packets for limiting the Tx Rate in a simple queue ?

At the moment I have set 100.100.100.100 as Dst. Address in a queue. This works fine. But there are other ssh services which have opened other ports of 100.100.100.100 which are limited too.

best regards
Frank

digidax · August 16, 2014, 10:46am

did noboady has a solution?

yancho · August 16, 2014, 11:33am

mark connection
mark packets
use this packet mark in simple queue
Like this:

/ ip firewall mangle 
add chain=prerouting protocol=tcp dst-port=5000 dst-address=100.100.100.100 action=mark-connection \
    new-connection-mark=5000_connection passthrough=yes
add chain=prerouting connection-mark=5000_connection action=mark-packet \
    new-packet-mark=packet_5000 passthrough=no
/ queue simple 
add name="50000" packet-marks=packet_5000 max-limit=200000/100000

digidax · August 16, 2014, 1:08pm

Thanks, it’s working.
My bad was the wrong mark direction of the source port. Now everything is working fine.

thanks, Frank