Hi, I am just trying new settings for my router. There are two interfaces eth1, eth2 in bridge called LAN. WAN - is connection to internet. I use Mangle + QueueTree to prioritize services.
And simple queues just to be informed about downloaded data.
Problem is that, I was planning to use in Queuetree- download - LAN as parent, but this doesnt worked, so I had to changed it for global-out, this seems to work. But there is problem with SQ, upload is showing good, but download not. I have no idea what can be wrong, mangle seems to be good, maybe there is problem with bridge.
I use ROS 2.9.51, could anybody help?
here is my demo:
213.151.203.22
demo
demo
list1 in address list contains ips of clients belonging to group1, there will be more groups, but this is just test.
Also interesting is that torch in simple queues on client ip, shows the right speed of connections, but download rate in simple queues shows wrong.
paste your configuration - i can’t access “wrong password”
sorry, it should work now
nop,
just go to coresponding menu and use command “export”.
I dont know why that demo doesnt work, here is my dst-nat:
chain=dstnat action=dst-nat to-addresses=192.168.76.99 to-ports=8291
in-interface=internet dst-address=213.151.203.22 dst-port=8291
protocol=tcp
ip/firewall/mangle
/ ip firewall mangle
add chain=forward action=jump jump-target=LanTraffic in-interface=LAN
out-interface=LAN comment=“Lan traffic mimo shaper” disabled=no
add chain=LanTraffic action=return comment=“” disabled=no
add chain=forward action=jump jump-target=p2p p2p=all-p2p comment=“p2p”
disabled=no
add chain=forward action=jump jump-target=porn src-address-list=Porn
comment=“porn” disabled=no
add chain=forward action=jump jump-target=porn dst-address-list=Porn
comment=“” disabled=no
add chain=forward action=jump jump-target=webshare
src-address-list=ShareServers comment=“webshare” disabled=no
add chain=forward action=jump jump-target=webshare
dst-address-list=ShareServers comment=“” disabled=no
add chain=forward action=jump jump-target=webshare src-port=5190 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=webshare dst-port=5190 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=webshare src-port=8080 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=webshare dst-port=8080 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=video src-address-list=video_net
comment=“video” disabled=no
add chain=forward action=jump jump-target=video dst-address-list=video_net
comment=“” disabled=no
add chain=forward action=jump jump-target=download src-address-list=download
comment=“download” disabled=no
add chain=forward action=jump jump-target=download dst-address-list=download
comment=“” disabled=no
add chain=forward action=jump jump-target=speedmeter
src-address-list=speedmeter comment=“” disabled=no
add chain=forward action=jump jump-target=speedmeter
dst-address-list=speedmeter comment=“” disabled=no
add chain=forward action=jump jump-target=tv src-address-list=tv comment=“tv”
disabled=no
add chain=forward action=jump jump-target=tv dst-address-list=tv comment=“”
disabled=no
add chain=forward action=jump jump-target=tv src-port=554 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=tv dst-port=554 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=games src-port=27000-27015
protocol=udp comment=“” disabled=no
add chain=forward action=jump jump-target=games dst-port=27000-27015
protocol=udp comment=“” disabled=no
add chain=forward action=jump jump-target=download src-port=20 protocol=tcp
comment=“download” disabled=no
add chain=forward action=jump jump-target=download dst-port=20 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=download connection-type=ftp
comment=“” disabled=no
add chain=forward action=jump jump-target=download src-port=8291 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=download dst-port=8291 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=Web dst-port=25 protocol=tcp
comment=“web” disabled=no
add chain=forward action=jump jump-target=Web src-port=80 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=Web dst-port=80 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=Web src-port=110 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=Web src-port=443 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=Web dst-port=443 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=games src-port=1200 protocol=udp
comment=“games” disabled=no
add chain=forward action=jump jump-target=games dst-port=1200 protocol=udp
comment=“” disabled=no
add chain=forward action=jump jump-target=tv src-port=1935 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=tv dst-port=1935 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=games src-port=27020-27039
protocol=tcp comment=“” disabled=no
add chain=forward action=jump jump-target=games dst-port=27020-27039
protocol=tcp comment=“” disabled=no
add chain=forward action=jump jump-target=games src-port=28960 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=games dst-port=28960 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=games src-port=44405 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=games dst-port=44405 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=games src-port=55901 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=games dst-port=55901 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=games dst-port=55919 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=games src-port=55919 protocol=tcp
comment=“” disabled=no
add chain=forward action=jump jump-target=other comment=“other” disabled=no
add chain=p2p action=change-tos new-tos=normal comment=“change-TOS-group1”
disabled=no
add chain=speedmeter action=change-tos new-tos=max-throughput comment=“”
disabled=no
add chain=games action=change-tos new-tos=min-delay comment=“” disabled=no
add chain=webshare action=change-tos new-tos=max-throughput comment=“”
disabled=no
add chain=video action=change-tos new-tos=max-throughput comment=“”
disabled=no
add chain=download action=change-tos new-tos=max-throughput comment=“”
disabled=no
add chain=tv action=change-tos new-tos=max-throughput comment=“” disabled=no
add chain=porn action=change-tos new-tos=max-throughput comment=“” disabled=no
add chain=Web action=change-tos new-tos=max-throughput comment=“” disabled=no
add chain=other action=change-tos new-tos=min-delay comment=“” disabled=no
add chain=p2p action=mark-packet new-packet-mark=p2p1-out passthrough=no
src-address-list=list1 comment=“mark-packet-group1” disabled=no
add chain=p2p action=mark-packet new-packet-mark=p2p1-in passthrough=no
dst-address-list=list1 comment=“” disabled=no
add chain=games action=mark-packet new-packet-mark=games1-in passthrough=no
dst-address-list=list1 comment=“” disabled=no
add chain=games action=mark-packet new-packet-mark=games1-out passthrough=no
src-address-list=list1 comment=“” disabled=no
add chain=speedmeter action=mark-packet new-packet-mark=speedmeter1-in
passthrough=no dst-address-list=list1 comment=“” disabled=no
add chain=speedmeter action=mark-packet new-packet-mark=speedmeter1-out
passthrough=no src-address-list=list1 comment=“” disabled=no
add chain=webshare action=mark-packet new-packet-mark=webshare1-in
passthrough=no dst-address-list=list1 comment=“” disabled=no
add chain=webshare action=mark-packet new-packet-mark=webshare1-out
passthrough=no src-address-list=list1 comment=“” disabled=no
add chain=video action=mark-packet new-packet-mark=video1-in passthrough=no
dst-address-list=list1 comment=“” disabled=no
add chain=video action=mark-packet new-packet-mark=video1-out passthrough=no
src-address-list=video_net comment=“” disabled=no
add chain=download action=mark-packet new-packet-mark=download1-in
passthrough=no dst-address-list=list1 comment=“” disabled=no
add chain=download action=mark-packet new-packet-mark=download1-out
passthrough=no src-address-list=download comment=“” disabled=no
add chain=tv action=mark-packet new-packet-mark=tv1-in passthrough=no
dst-address-list=list1 comment=“” disabled=no
add chain=tv action=mark-packet new-packet-mark=tv1-out passthrough=no
src-address-list=list1 comment=“” disabled=no
add chain=porn action=mark-packet new-packet-mark=porn1-out passthrough=no
src-address-list=list1 comment=“” disabled=no
add chain=porn action=mark-packet new-packet-mark=porn1-in passthrough=no
dst-address-list=list1 comment=“” disabled=no
add chain=Web action=mark-packet new-packet-mark=web1in passthrough=no
dst-address-list=list1 comment=“” disabled=no
add chain=Web action=mark-packet new-packet-mark=web1out passthrough=no
src-address-list=list1 comment=“” disabled=no
add chain=other action=mark-packet new-packet-mark=other1-in passthrough=no
dst-address-list=list1 comment=“” disabled=no
add chain=other action=mark-packet new-packet-mark=other1-out passthrough=no
src-address-list=list1 comment=“” disabled=no
add chain=p2p action=return comment=“” disabled=no
add chain=games action=return comment=“” disabled=no
add chain=webshare action=return comment=“” disabled=no
add chain=video action=return comment=“” disabled=no
add chain=download action=return comment=“” disabled=no
add chain=porn action=return comment=“” disabled=no
add chain=tv action=return comment=“” disabled=no
add chain=Web action=return comment=“” disabled=no
add chain=other action=return comment=“” disabled=no
/ queue tree
add name=“TOTAL-IN” parent=global-out packet-mark=“” limit-at=0 queue=default
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
disabled=no
add name=“TOTAL-OUT” parent=WAN packet-mark=“” limit-at=0 queue=default
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
disabled=no
add name=“group1-in” parent=TOTAL-IN packet-mark=“” limit-at=0 queue=default
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
disabled=no
add name=“group1-out” parent=TOTAL-OUT packet-mark=“” limit-at=0 queue=default
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
disabled=no
add name=“web1-in” parent=group1-in packet-mark=web1in limit-at=150000
queue=download priority=3 max-limit=2500000 burst-limit=2500000
burst-threshold=800000 burst-time=8s disabled=no
add name=“web1-out” parent=group1-out packet-mark=web1out limit-at=50000
queue=upload priority=5 max-limit=1300000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name=“webshare1-in” parent=group1-in packet-mark=webshare1-in limit-at=0
queue=download priority=7 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name=“video1-in” parent=group1-in packet-mark=video1-in limit-at=200000
queue=download priority=6 max-limit=1500000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=“download1-in” parent=group1-in packet-mark=download1-in
limit-at=50000 queue=download priority=6 max-limit=1100000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=“p2p1-in” parent=group1-in packet-mark=p2p1-in limit-at=25000
queue=download priority=8 max-limit=1000000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=“games1-in” parent=group1-in packet-mark=games1-in limit-at=50000
queue=download priority=2 max-limit=1000000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=“webshare1-out” parent=group1-out packet-mark=webshare1-out
limit-at=15000 queue=upload priority=7 max-limit=1300000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=“p2p1-out” parent=group1-out packet-mark=p2p1-out limit-at=15000
queue=upload priority=8 max-limit=200000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name=“games1-out” parent=group1-out packet-mark=games1-out limit-at=50000
queue=upload priority=2 max-limit=500000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name=“other1-in” parent=group1-in packet-mark=other1-in limit-at=50000
queue=download priority=3 max-limit=1100000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=“other1-out” parent=group1-out packet-mark=other1-out limit-at=50000
queue=upload priority=3 max-limit=1000000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name=“download1-out” parent=group1-out packet-mark=download1-out
limit-at=0 queue=upload priority=6 max-limit=1000000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=“speedmeter1-in” parent=group1-in packet-mark=speedmeter1-in
limit-at=1200000 queue=download priority=3 max-limit=2000000
burst-limit=2500000 burst-threshold=800000 burst-time=8s disabled=no
add name=“speedmeter1-out” parent=group1-out packet-mark=speedmeter1-out
limit-at=1000000 queue=upload priority=3 max-limit=1200000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=“tv1-in” parent=group1-in packet-mark=tv1-in limit-at=50000
queue=download priority=5 max-limit=1200000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=“tv1-out” parent=group1-out packet-mark=tv1-out limit-at=0
queue=upload priority=5 max-limit=300000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name=“video1-out” parent=group1-out packet-mark=video1-out limit-at=0
queue=upload priority=8 max-limit=5 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name=“porn1-in” parent=group1-in packet-mark=porn1-in limit-at=0
queue=download priority=6 max-limit=1100000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=“porn1-out” parent=group1-out packet-mark=porn1-out limit-at=0
queue=upload priority=8 max-limit=300000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
/queue/simple
0 name="CA" target-addresses=10.15.17.5/32 dst-address=0.0.0.0/0
interface=all parent=none direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=0/0
total-queue=default-small
1 name="CR" target-addresses=10.15.17.12/32 dst-address=0.0.0.0/0
interface=all parent=none direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=0/0
total-queue=default-small
2 name="queue1" target-addresses=10.15.17.111/32 dst-address=0.0.0.0/0
interface=all parent=none direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=0/0
total-queue=default-small
- to filter traffic when in and out interface is same bridge you must use
/interface bridge settings set use-ip-firewall=yes
you can also use bridge-port-in and bridge-port-out options
-
rest of the traffic should be fine with bridge interface as in or out port
-
You cant use global-out and simple queues at the same time, you should move all configuration ether to queue tree, or simple queues.
I dont clearly understand 1 and second point, I have ros 2.9.52 and I cant find there this settings:
/interface bridge settings set use-ip-firewall=yes
you can also use bridge-port-in and bridge-port-out options
and I need to use bridge, cause I have there wirelles, and two networks go to two ethernets(eth1, eth2)
this bridge is called LAN and it is bridge between eth1, eth2 and wirelles.
If there will be no other propably I will have to buy hardware bridge and use in mikrotik just two ethernets, but I would like to do it with bridge settings. QueueTree is priority for me. SQ - want to use just for see data.
then you need to upgrade first - last time I used 2.9.x was almost a year ago