Prioritizing traffic with queues and several lines & Hot

ajimenez · October 20, 2006, 12:13am

Hello

I have two WAN connections for my students residence. One (NEO) is a 2M symmetric line, and the other (ADSL) is a 2M/384K ADSL line. I wish to prioritize traffic, redirecting www, ftp, telnet,… to de ADSL line, and the rest to the NEO line. I also use Hotspot for the “students” interface.

With the actual configuration, this redirection works fine in the other local interfaces(“privateLAN”, “publicLAN” & “classroom”), but not in “students”, I think because hotspot and his Transparent-proxy. How can I redirect the traffic using transparent-proxy?.

I tried disable the transparent-proxy but after some time the system block the connection… I prefer use the transparent-proxy.

How can I do it? How can I improve the configuration?

Thanks a lot! , and sorry for my poor English

 / ip address 
add address=10.1.0.1/16 network=10.1.0.0 broadcast=10.1.255.255 \
    interface=students comment="" disabled=no 
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 \
    interface=adsl1 comment="" disabled=no 
add address=10.2.0.1/16 network=10.2.0.0 broadcast=10.2.255.255 \
    interface=privateLAN comment="" disabled=no 
add address=10.3.0.1/16 network=10.3.0.0 broadcast=10.3.255.255 interface=Classroom \
    comment="" disabled=no 
add address=10.4.0.1/16 network=10.4.0.0 broadcast=10.4.255.255 \
    interface=publicLAN comment="" disabled=no 
add address=213.xx.yy.zz/29 network=213.xx.yy.ff broadcast=213.xx.yy.dd\
    interface=neo comment="" disabled=no

/ ip route 
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 \
    routing-mark=prior1 comment="" disabled=no 
add dst-address=0.0.0.0/0 gateway=213.xx.yy.ee scope=255 target-scope=10 \
    comment="" disabled=no

/ ip firewall mangle 
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="Detección y \
    marcaje de tráfico prioritario" disabled=no 
add chain=prerouting protocol=tcp src-port=80 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp dst-port=20-21 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp src-port=20-21 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp dst-port=22 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp src-port=22 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp dst-port=23 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp src-port=23 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp dst-port=25 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp src-port=25 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp src-port=53 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=udp dst-port=53 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=udp src-port=53 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp dst-port=110 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp src-port=110 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp dst-port=143 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp src-port=143 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp src-port=443 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp dst-port=1863 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp src-port=1863 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp dst-port=465 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp src-port=465 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp dst-port=995 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp src-port=995 action=mark-connection \
    new-connection-mark=prior_conn passthrough=yes comment="" disabled=no 
add chain=prerouting protocol=tcp dst-port=8291 action=change-tos \
    new-tos=min-delay comment="" disabled=no 
add chain=prerouting connection-mark=prior_conn action=change-tos \
    new-tos=min-delay comment="" disabled=no 
add chain=prerouting in-interface=students connection-mark=prior_conn \
    action=mark-routing new-routing-mark=prior1 passthrough=no comment="" \
    disabled=no 
add chain=prerouting in-interface=privateLAN connection-mark=prior_conn \
    action=mark-routing new-routing-mark=prior1 passthrough=no comment="" \
    disabled=no 
add chain=prerouting in-interface=Classroom connection-mark=prior_conn \
    action=mark-routing new-routing-mark=prior1 passthrough=no comment="" \
    disabled=no 
add chain=prerouting in-interface=publicLAN connection-mark=prior_conn \
    action=mark-routing new-routing-mark=prior1 passthrough=no comment="" \
    disabled=no

add chain=forward p2p=all-p2p action=mark-connection \
    new-connection-mark=p2p_conn passthrough=yes comment="Detección y marcaje \
    de P2P" disabled=no 
add chain=forward connection-mark=p2p_conn action=mark-packet \
    new-packet-mark=p2p passthrough=no comment="" disabled=no

/ ip hotspot 
add name="hotspot1" interface=students profile=hsprof1 idle-timeout=5m \
    keepalive-timeout=none disabled=no 
/ ip hotspot service-port 
set ftp ports=20,21 disabled=no 
/ ip hotspot profile 
set default name="default" hotspot-address=0.0.0.0 dns-name="" \
    html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 \
    smtp-server=0.0.0.0 login-by=mac,http-pap split-user-domain=no \
    use-radius=no 
/ ip hotspot user profile 
set default name="default" keepalive-timeout=2m status-autorefresh=1m \
    shared-users=1 transparent-proxy=yes