proxy , mangle , queue tree help

mps01k · September 27, 2007, 12:14am

hello i am trying to prioritize my trafic using mangle and queue tree. It worked fine until i enabled the web proxy.

below are my setting. I have tried everthing i can think of and it marks part of the connections but others no.

/ ip firewall mangle
add chain=forward action=add-dst-to-address-list p2p=all-p2p address-list=p2p
address-list-timeout=0s comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=p2p_conn
passthrough=yes p2p=all-p2p comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=p2p_conn
passthrough=yes dst-address-list=p2p comment=“” disabled=no
add chain=forward action=mark-packet new-packet-mark=p2p passthrough=yes
connection-mark=p2p_conn comment=“” disabled=no
add chain=forward action=mark-packet new-packet-mark=p2p passthrough=yes
dst-address-list=p2p comment=“” disabled=no
add chain=prerouting action=add-src-to-address-list src-port=5060-5062
protocol=udp address-list=voip address-list-timeout=0s comment=“”
disabled=no
add chain=forward action=add-src-to-address-list dst-port=5060-5062
protocol=udp address-list=voip address-list-timeout=0s comment=“”
disabled=no
add chain=forward action=mark-connection new-connection-mark=voip_conn
passthrough=yes src-address-list=voip comment=“” disabled=no
add chain=forward action=mark-packet new-packet-mark=voip passthrough=yes
connection-mark=voip_conn comment=“” disabled=no
add chain=prerouting action=mark-connection new-connection-mark=http_conn
passthrough=yes src-address=127.0.0.1 comment=“” disabled=no
add chain=input action=mark-connection new-connection-mark=http_conn
passthrough=yes src-address=127.0.0.1 comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=http_conn
passthrough=yes src-address=127.0.0.1 comment=“” disabled=yes
add chain=output action=mark-connection new-connection-mark=http_conn
passthrough=yes src-address=127.0.0.1 comment=“” disabled=no
add chain=prerouting action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-address=127.0.0.1 comment=“” disabled=no
add chain=input action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-address=127.0.0.1 comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-address=127.0.0.1 comment=“” disabled=yes
add chain=output action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-address=127.0.0.1 comment=“” disabled=no
add chain=prerouting action=mark-connection new-connection-mark=http_conn
passthrough=yes src-port=3128 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=http_conn
passthrough=yes src-port=3128 protocol=tcp comment=“” disabled=no
add chain=postrouting action=mark-connection new-connection-mark=http_conn
passthrough=yes src-port=3128 protocol=tcp comment=“” disabled=no
add chain=prerouting action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-port=3128 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-port=3128 protocol=tcp comment=“” disabled=no
add chain=postrouting action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-port=3128 protocol=tcp comment=“” disabled=no
add chain=postrouting action=mark-connection new-connection-mark=http_conn
passthrough=yes src-port=8081 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=http_conn
passthrough=yes src-port=8081 protocol=tcp comment=“” disabled=no
add chain=output action=mark-connection new-connection-mark=http_conn
passthrough=yes src-port=8081 protocol=tcp comment=“” disabled=no
add chain=postrouting action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-port=8081 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-port=8081 protocol=tcp comment=“” disabled=no
add chain=output action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-port=8081 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=http_conn
passthrough=yes src-port=80 protocol=tcp comment=“” disabled=no
add chain=prerouting action=mark-connection new-connection-mark=http_conn
passthrough=yes src-port=80 protocol=tcp comment=“” disabled=no
add chain=postrouting action=mark-connection new-connection-mark=http_conn
passthrough=yes src-port=80 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-port=80 protocol=tcp comment=“” disabled=no
add chain=prerouting action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-port=80 protocol=tcp comment=“” disabled=no
add chain=postrouting action=mark-connection new-connection-mark=http_conn
passthrough=yes dst-port=80 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-packet new-packet-mark=http passthrough=yes
connection-mark=http_conn comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=yahoo_conn
passthrough=yes dst-port=5050 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=yahoo_conn
passthrough=yes src-port=5050 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-packet new-packet-mark=yahoo passthrough=yes
connection-mark=yahoo_conn comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=https_conn
passthrough=yes src-port=443 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=https_conn
passthrough=yes dst-port=443 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-packet new-packet-mark=https passthrough=yes
connection-mark=https_conn comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=msn_conn
passthrough=yes dst-port=1863 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=msn_conn
passthrough=yes src-port=1863 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-packet new-packet-mark=msn passthrough=yes
connection-mark=msn_conn comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=pop3_conn
passthrough=yes dst-port=143 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=pop3_conn
passthrough=yes src-port=143 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=pop3_conn
passthrough=yes dst-port=25 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=pop3_conn
passthrough=yes src-port=25 protocol=tcp comment=“” disabled=no
add chain=forward action=mark-packet new-packet-mark=pop3 passthrough=yes
connection-mark=pop3_conn comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=ping_conn
passthrough=yes protocol=icmp comment=“” disabled=no
add chain=forward action=mark-packet new-packet-mark=ping passthrough=yes
connection-mark=ping_conn comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=dns_conn
passthrough=yes dst-port=53 protocol=udp comment=“” disabled=no
add chain=forward action=mark-connection new-connection-mark=dns_conn
passthrough=yes src-port=53 protocol=udp comment=“” disabled=no
add chain=forward action=mark-packet new-packet-mark=dns passthrough=yes
connection-mark=dns_conn comment=“” disabled=no

/ queue tree
add name=“queue1” parent=Lan packet-mark=p2p limit-at=4000 queue=default
priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time
disabled=no
add name=“queue2” parent=Wan packet-mark=p2p limit-at=4000 queue=default
priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time
disabled=no
add name=“queue6” parent=global-out packet-mark=http limit-at=512000
queue=default priority=4 max-limit=850000 burst-limit=0 burst-thresho
burst-time=0s disabled=no
add name=“queue5” parent=global-in packet-mark=http limit-at=512000
queue=default priority=4 max-limit=850000 burst-limit=0 burst-thresho
burst-time=0s disabled=no
add name=“queue7” parent=Lan packet-mark=msn limit-at=100000 queue=defaul
priority=2 max-limit=100000 burst-limit=0 burst-threshold=0 burst-tim
disabled=no
add name=“queue9” parent=Wan packet-mark=msn limit-at=100000 queue=defaul
priority=2 max-limit=100000 burst-limit=0 burst-threshold=0 burst-tim
disabled=no
add name=“queue8” parent=Lan packet-mark=yahoo limit-at=100000 queue=defa
priority=2 max-limit=100000 burst-limit=0 burst-threshold=0 burst-tim
disabled=no
add name=“queue10” parent=Wan packet-mark=yahoo limit-at=100000 queue=def
priority=2 max-limit=100000 burst-limit=0 burst-threshold=0 burst-tim
disabled=no
add name=“queue13” parent=Lan packet-mark=pop3 limit-at=256000 queue=defa
priority=5 max-limit=512000 burst-limit=0 burst-threshold=0 burst-tim
disabled=no
add name=“queue14” parent=Wan packet-mark=pop3 limit-at=256000 queue=defa
priority=5 max-limit=512000 burst-limit=0 burst-threshold=0 burst-tim
disabled=no
add name=“queue15” parent=Lan packet-mark=dns limit-at=1000000 queue=defa
priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0 burst-ti
disabled=no
add name=“queue16” parent=Wan packet-mark=dns limit-at=1000000 queue=defa
priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0 burst-ti
disabled=no
add name=“queue17” parent=Lan packet-mark=https limit-at=256000 queue=def
priority=3 max-limit=512000 burst-limit=0 burst-threshold=0 burst-tim
disabled=no
add name=“queue18” parent=Wan packet-mark=https limit-at=256000 queue=def
priority=3 max-limit=512000 burst-limit=0 burst-threshold=0 burst-tim
disabled=no
add name=“queue19” parent=Lan packet-mark=ping limit-at=50000 queue=defau
priority=1 max-limit=50000 burst-limit=0 burst-threshold=0 burst-time
disabled=no
add name=“queue20” parent=Wan packet-mark=ping limit-at=50000 queue=defau
priority=1 max-limit=50000 burst-limit=0 burst-threshold=0 burst-time
disabled=no
add name=“queue3” parent=Lan packet-mark=voip limit-at=512000 queue=defau
priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0 burst-ti
disabled=no
add name=“queue4” parent=Wan packet-mark=voip limit-at=512000 queue=defau
priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0 burst-ti
disabled=no

/ ip firewall nat
add chain=dstnat action=redirect to-ports=8081 src-address=192.168.2.0/24
dst-port=80 protocol=tcp comment=“” disabled=no
add chain=dstnat action=redirect to-ports=8081 src-address=190.4.12.xxx/29
dst-port=80 protocol=tcp comment=“” disabled=no
add chain=dstnat action=redirect to-ports=8081 src-address=190.4.1.xxx/29
dst-port=80 protocol=tcp comment=“” disabled=no
add chain=srcnat action=masquerade src-address=192.168.2.0/24 comment=“”
disabled=no

/ ip proxy
set enabled=yes port=8081 parent-proxy=127.0.0.1:3128
maximal-client-connecions=1000 maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment=“block telnet & spam e-mail relaying”
disabled=no

/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=3128 hostname=“proxy”
transparent-proxy=yes parent-proxy=0.0.0.0:0 cache-administrator=“webmaster”
max-object-size=2048KiB cache-drive=system max-cache-size=unlimited
max-ram-cache-size=unlimited
/ ip web-proxy access
add dst-port=23-25 action=deny comment=“block telnet & spam e-mail relaying”
disabled=no
/ ip web-proxy cache
add url=“:cgi-bin \?” action=deny comment=“don’t cache dynamic http pages”
disabled=no

thanks guys