Need some help please!!

MrNewbie · March 10, 2016, 8:15pm

Greetings,

First post here, even I’m not sure where to post this but i can count on your patience with newcomers
I’m using ppp profiles with limited speeds for my costumers, but what i need to ask you for is how to not limit the upload & download speeds for some domains like the local file storage and VOIP applications for the smart phones (Viber, Whatsapp, Skype, etc…).
So, how can i do this? any help will be greatly appreciated.
Thank you in advance.

ShayanFiroozi · March 10, 2016, 8:47pm

Hi,
first you have to mark your traffic , for example you will mark every packets coming from 1.1.1.1 ,or coming from specific interface and many other options are available.

you can mark your traffic(connections and packets) by IP/Firewall/Mangle.

it’s better to use IPs and ports , Viber , Whatsapp has several IPs , you have to find them.

after you mark your connection and packets ,you can use Queue to limit packets with specific mark

example of mangle :

first we mark connections from/to single IP or subnet

chain=prerouting action=mark-connection new-connection-mark=Region1 passthrough=yes src-address=192.168.20.0/24 log=no log-prefix=“”

chain=prerouting action=mark-connection new-connection-mark=Region1 passthrough=yes dst-address=192.168.20.0/24 log=no log-prefix=“”

then we mark every packets which their connection mark has been set before :

chain=prerouting action=mark-packet new-packet-mark=Region1 passthrough=yes connection-mark=Region1 log=no log-prefix=“”

here in a simple queue we limit our packets to 512K

add max-limit=512k/512k name=Region1-Limit packet-marks=Region1 target=“”

** I don’t know how is you networked configured , may be it’s bridged.
in this example i used prerouting chain

MrNewbie · March 19, 2016, 1:14pm

Thank you!! so let assume that i want to let the Facebook pass through without ppp profile limitations can the next script work?

/ip firewall layer7-protocol
add name=facebook regexp=^.+facebook.com.*
/ip firewall mangle
add action=mark-connection chain=prerouting comment=facebook disabled=no layer7-protocol=facebook new-connection-mark=facebook passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting connection-mark=facebook disabled=no new-packet-mark=facebook passthrough=no protocol=tcp
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=facebook packet-mark=facebook parent=global priority=4 queue=default

ShayanFiroozi · March 19, 2016, 4:17pm

I’m not familiar with L7 filtering and I don’t recommend it , also https sites won’t work with L7 , try use IP’s instead of sites link

MrNewbie · March 23, 2016, 8:01pm

This is how the router is configured, i hope you can help me further.

/ip pool
add name=C-Pool ranges=10.3.5.10-10.3.5.20
/ppp profile
add local-address=10.10.10.1 name=C-Moderate only-one=yes rate-limit=1M/1M remote-address=C-Pool
/interface pppoe-server server
add disabled=no interface=ether12 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=service1
/ip address
add address=10.10.10.2/24 interface=ether4 network=10.10.10.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether4
/ip route
add distance=1 gateway=10.10.10.1
/ppp secret
add comment=office name=office password=office profile=C-Moderate service=pppoe
add comment=1stfloor name=1stfloor password=1stfloor profile=C-Moderate service=pppoe
add comment=2ndfloor name=2ndfloor password=2ndfloor profile=C-Moderate service=pppoe
add comment=old_branch name=old_branch password=old_branch profile=C-Moderate service=pppoe
add comment=store name=store password=store profile=C-Moderate service=pppoe

MrNewbie · March 24, 2016, 3:08pm

Any body else?

MrNewbie · March 25, 2016, 8:19pm

I have added the mangles and the queue but no luck so far, my clients are still using their own ppp limits to use local file sharing.

MrNewbie · March 25, 2016, 8:20pm

Any help from you guys? please don’t be indolent, you will save me tons of troubles by a little help from you.
I’m not really familiar with mikrotik OS so i don’t know where to look or start from for not limiting some IPs speeds.

ShayanFiroozi · March 26, 2016, 4:54am

I was on Holliday ,sorry
Send your last configuration please

MrNewbie · March 26, 2016, 7:09am

/ip pool
add name=C-Pool ranges=10.3.5.10-10.3.5.20
/ppp profile
add local-address=10.10.10.1 name=C-Moderate only-one=yes rate-limit=1M/1M remote-address=C-Pool
/queue simple
add max-limit=2M/2M name=local packet-marks=local
/interface pppoe-server server
add disabled=no interface=ether12 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=service1
/ip address
add address=10.10.10.2/24 interface=ether4 network=10.10.10.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=local src-address=170.10.0.5
add action=mark-packet chain=prerouting connection-mark=local new-packet-mark=local
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether4
/ip route
add distance=1 gateway=10.10.10.1

ShayanFiroozi · March 26, 2016, 10:17am

OK , what’s you gonna do ? what is your scenario ?

MrNewbie · March 26, 2016, 11:44am

For now the most important thing is to let my clients use the local storage (170.10.0.5) without ppp profiles limitation.

ShayanFiroozi · March 26, 2016, 2:57pm

Try this and let me know the result :

add action=mark-connection chain=postrouting dst-address=170.10.0.5 new-connection-mark=local-storage-conn

add action=mark-connection chain=prerouting new-connection-mark=local-storage-conn src-address=170.10.0.5

add action=mark-packet chain=forward connection-mark=local-storage-conn new-packet-mark=local-storage-packets

add name=Local-Storge-Queue packet-marks=local-storage-packets priority=1/1 target=“”

at last reorder this Queue and mangles in winbox to first level , they should be appear firs on the list

*** if it doesn’t work use forward chain for first 2 mangles ( that because i’m not familiar with your network configuration)

MrNewbie · March 26, 2016, 5:35pm

It didn’t work

ShayanFiroozi · March 26, 2016, 5:41pm

send your network diagram ? with router full configuration

MrNewbie · March 26, 2016, 5:46pm

This is how it’s exported, it’s all as you said except for the speed limit at 8M.

/ip firewall mangle
add action=mark-connection chain=forward dst-address=170.10.0.5 new-connection-mark=local-storage-conn
add action=mark-connection chain=forward new-connection-mark=local-storage-conn src-address=170.10.0.5
add action=mark-packet chain=forward connection-mark=local-storage-conn new-packet-mark=local-storage-packets
/queue simple
add max-limit=8M/8M name=Local-Storge-Queue packet-marks=local-storage-packets priority=1/1 target=“”

MrNewbie · March 26, 2016, 5:50pm

Thank you for the time you spend for me, I have sent you a privet message.

ShayanFiroozi · March 26, 2016, 6:15pm

Try this :

/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=170.10.0.5 new-connection-mark=local-storage-conn
add action=mark-connection chain=prerouting new-connection-mark=local-storage-conn src-address=170.10.0.5
add action=mark-packet chain=prerouting connection-mark=local-storage-conn new-packet-mark=local-storage-packets
/queue simple
add max-limit=8M/8M name=Local-Storge-Queue packet-marks=local-storage-packets priority=1/1 target=“”

test postrouting too , if you send your network diagram it will be much more easier to help !

also check packet is matching with your 2 first mangle rules ??

MrNewbie · March 26, 2016, 6:48pm

You are the man!! thank you very very very much my friend, it finally worked, thank you again.
One last question please, is this queue running for all clients? i mean does all the clients are sharing the 8M limit? or is it 8M per each client?

ShayanFiroozi · March 26, 2016, 7:06pm

your welcome , you can test it easily , in this scenario 8MB will be applied to your packets which means all users