Folks,
Sorry if this question already posted before.
I want to know how to handle Queues if i have to serve users in my net with WebProxy enabled.
Once we set the queues, Mikrotik wont understand the packets cached by WebProxy should be deliver at LAN speed and non cached packets should be queue with the class defined at Queues Tree.
So, if we set WebProxy and Queues enabled, we wont have the benefits of WebProxy Caching since the packets cached still get queued by Mikrotik.
Problem is very simple and described on http://wiki.mikrotik.com/wiki/Queue_with_Masquerading_and_Internal_Web-Proxy.
you are using mangle to mark packets and connections, for outgoing traffic use in-interface and src-address and for incoming two stage.
first direct connections on forward chain and for web-proxy output chain.
its a good example but
first : it doesnt mark P2P direct connections at all …
second : the output marking doesnt know wether the packet came from the cache disk or from the public lan !!!
we need to limit the usage of the internet bandwidth coming from the public interface only , couse we have a limited satellite connections , but we dont have to limit any packets goes to the user from the cache disk ..
The topic in here isnt how to mark the packets or putting packets in mangle.
But more precisely how to queue packets coming from Internet without interfere the packets coming from the cache disk.
In other words, packets coming from cache disk should be deliver at maximum LAN Speed.
I think MT forum is not the place to find solutions !! its only a place to describe problems ..
we must c ( as in other similar forums ) some sticky topics that explain and solve the major cases , and i think bandwidth manegement is a very important think to be solved here with all cases , many local interfaces , many subnets , web-proxy , masqurading , couse even in wiki we cant find the complete solution , and i think it must be added as sticky topics instead of ADV topics for MT products , and how long can the signal reach using 2 MT routerboards installed on a very high mountains each on a side of the SEA !!!
you must learn networking to work with networking, so its enough documents and forum post to find the path to you perfect config.!
no one can give you solution for your setup. i have give you primer where to start! if you dont know how to use mangle rules, or ip flow at all then … RTFM
OK but whts RTFM ?? is it RT FM radio ??
anyway , the example u post is in wiki for a long time and we used it , but what we asking for is not some inventions , its things many many people wanted it before but no answers .. i wonder if you understand what we asking for ? if you do why not answering ??
if you want to see the most wiered forum , come here !!!
hire a consultant !!
read the manual !!
go to training !!
read the wiki !!
so why you are here ? what are you doing ? if you need to know somthing why dont you read the manual ? or if you came here to help you are not helping at all ..
we have the manual , wiki , our knowledge , but we need other tests , what did they tried and wht they succeded with ..
all i want to know how to make the holy RouterOS to recognize the packets came directly from the internet which must be limited and the packets that came from the cache disk which we dont want to limit couse we are paying nothing for cache disk bandwidth ..
can you redirect me where in the manual or wiki ??
If you come to seek help & suggestions from other users (not trainers/teachers/consultats), you should pay more attention to the suggestions…
If you weren’t so hung up on having someone spell out a step-by-step guide & thereby learn nothing yourself except how to cut & paste, you would have already watched the recommended presentation and possibly figured it out for yourself by now…
But still those are not the answer. Because whether packets cached or direct, once we have set transparent proxy, all the packets from LAN side would be pushed to proxy. And from the Internet to LAN side, they would stop in Proxy first before they reach the LAN side.
There has to be another way instead of marking connection or packets.
dear t3rm , from the users ( suggestions ) and after deep search of the whole forum , and from the deep silence of the experts , there is no other way , sorry , may be its RouterOs limitation , u know , nothing is perfect ..
t3rm - ignore samsoft08, he is just an impatient and frustrated MT user & knows not what he says.
I don’t understand why you say you can’t differentiate traffic originating from the proxy from traffic from the internet?
Surely mangling on the appropriate chain should accomplish what you are trying to achieve?
If you set different marks on forward vs output chain, you should be able to manage the different traffic flows?
GWISA,
I think samsoft08 already got the point i’m talking about.
When you pushed your users / clients with transparent proxy, it means all of the packets from clients changed and originated from the proxy. And going to internet using proxy ip address. When the packet returns, it will be delivered to the proxy first before it reach the users / clients side.
The point is, whether the packets already cached or direct access from the internet, both are coming from the proxy ip address, not from hosts outside in Internet.
So, how can you differentiate the traffic coming directly from Internet or coming from the cached in proxy ? The answer is no.
I’m using Linux already for 8 years until now. Even in Linux, we should add patch to Squid and Linux kernel to handle this situation. You can check the documentation at http://www.docum.org
And for the URL link you posted above, i know very well the author, Valens Riyadi.
The document absolutely inrelevant with this situation. Completely different.
It’s not your past experience I’m doubting - it’s your motivation for saying this is not possible.
Maybe you can correct me here, but I don’t agree with your reasoning - the traffic is not identified as originating from or destined to the proxy; but the interface, chain and source/destination IP. Traffic is not addressed to the proxy’s IP, but rather trapped by it and a flow decision made.
If you consider marking traffic flowing on the forward chain, then this is traffic flowing through the router but not the proxy.
If you do the same on the output chain, then you are identifying traffic originating from and flowing out of the router’s local (internal) process - i.e. the proxy.
The forward chain does not pass through the output chain.
So using connection and mangle marks, I still don’t see any reason why you can’t manage that traffic as you’d like to.
This page in the manual is what I am basing my argument on:
A paket can enter processing conveyer of the router in two ways. First, a packet can come from one of the interfaces present in the roter (then the interface is referred as input interface). Second, it can be originated from a local process, like web proxy, VPN or others. Alike, there are two ways for a packet to leave the processing pipeline. A packet can leave through the one of the router’s interfaces (in this case the interface is referred as output interface) or it can end up in the local process.
and also
the traffic which is destined to the router itself. The IP packets has destination address equal to one of the router’s IP addresses. A packet enters the router through the input interface, sequentially traverses prerouting and input chains and ends up in the local process. Consequently, a packet can be filtered in the input chain filter and mangled in two places: the input and the prerouting chain filters.
the traffic is originated from the router. In this case the IP packets have their source addresses identical to one of the router’s IP addresses. Such packets travel through the output chain, then they are passed to the routing facility where an appropriate routing path for each packet is determined and leave through the postrouting chain.
routable traffic, which is received at the router’s MAC address, has an IP address different from any of the router’s own addresses, and its destination can be found in the routing tables. These packets go through the prerouting, forward and postrouting chains.
while u ppl r arguing with each other ,mean while i have question ,
I think marking packets according to the wiki is 100% ok and it works as per quee tree rule . I mean the proxy traffic limit in the quee tree rule can deliver the alloted speed or unlimited
from the internel cache . that is ok . But when i make a simple quee for a single user , the cache traffic does not exist any longer like the quee tree rule . It starts maintaining the speed as per simple quee rule .
so there must be something to do with simple quee rule like one rule for local traffic and other one for overseas .can anybody help me to manage the simple quee setting to get the benifit of faster cache delivery .
I think marking packets according to the wiki is 100% ok and it works as per quee tree rule . I mean the proxy traffic limit in the quee tree rule can deliver the alloted speed or unlimited
from the internel cache .
Hallelujah! A believer!
If your queues stop working, it’s normally due to one queue having the same or similar target rules as the other, and whichever is first in the list will override all subsequent queues.
For instance, if you use ‘target addresses’ in simple queues as a whole subnet (/24 for example), and a dynamic pppoe simple queue is created after that queue and the address is within the target subnet of the first rule, then the pppoe queue will not work.
Is your problem possibly caused by something like this?
Thanks a lot for your reply , Actually i use individual simple queue for all clients like 180.1.7.X/32 . Because I allot bandwidth to my clients based on their payment . So My question was is there any way to make the proxy traffic delivery on lan speed while using the simple queue rule ?
NB : for your kind information, all the clients are connected on mt through DHCP (MAC BINDING).
