PPPoE Dynamic Queues and FTP Server Behind Mikrotik DMZ

cicserver · August 2, 2011, 5:06pm

I need some Help regarding QUEUES. Mikrotik have 3 LAN.

LAN - PPPoE Server 10.0.0.1
DMZ - 172.16.0.1
WAN - DSL Router 192.168.0.1

Freeradius Server is in place for billing/accounting. When user connects, Dynamic queue is created and comes on top of other static queues. My problem is FTP (ftp ip 172.16.0.2) is behind MT DMZ , and its download also gets restricted by Dynamic Queues , but I don’t want to restrict FTP data for LAN users,

How can I allow unlimited bandwidth for FTP download ? Any examples would be highly appreciable.

fewi · August 2, 2011, 5:11pm

Queue trees attached to global-in and global-out fire before simple queues, and the simple queues get ignored. Make mangle rules that mark packets to/from the FTP server, and install queue trees at line speed for those marks.

http://wiki.mikrotik.com/wiki/PCQ_and_Hotspots,_and_exempting_upstream_resources_from_rate_limit
Ignore that it’s about Hotspots, it’s the same for dynamic PPPoE queues.

Assuming your PPPoE pool is 192.168.0.0/16 and your FTP server is 172.16.1.10:

/ip firewall mangle
add chain=prerouting src-address=192.168.0.0/16 dst-address=172.16.1.10 action=mark-packet new-packet-mark=exempt-up
add chain=postrouting dst-address=192.168.0.0/16 src-address=172.16.1.10 action=mark-packet new-packet-mark=exempt-down
/queue type
add name=exempt type=sfq
/queue tree
add name=exempt-up parent=global-in packet-mark=exempt-up queue=exempt max-limit=1G
add name=exempt-down parent=global-out packet-mark=exempt-down queue=exempt max-limit=1G

cicserver · August 3, 2011, 6:08am

Thank you very much dear fewi, I really appreciate your help. (1 Karma from me to this post)