Queue and Doubleside-NAT

Hello together,

I use a hEX PoE as NAT-Gateway between 2 Networks. At eth1 is the IP 172.16.0.219/24 , at eth2 172.20.31.44/24. Over eth2 is the network 192.168.0.0/24 with a http(s)-Server reachable, at eth1 is a service at TCP-Port 712 reachable. A acess form networks behind eth2 to service 172.16.0.200:712 is done by requests to 172.30.31.44:712 , requests to the webservice behind eth2 from the network at eth1 will be doe by http://172.16.0.219:80
Do do this I changed the service-ports of the router and configured some NAT-rules:
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade” ipsec-policy=out,none out-interface=bridge
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat dst-port=712 protocol=tcp to-addresses=172.16.0.201 to-ports=712
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=192.168.0.99 to-ports=80Now I want to restrict the bandwith for this services and I crated a queue:
/queue simple
add max-limit=512k/512k interface=ether2 name=TestI see at the GUI traffic on this queue, but a test showes that there is no limitation. Is this not possible with my NAT-configuration? A limit at eth1 works, but I think a queue will be the smother solution.

Niels

I found out a strange bahavior. If I start torch to see what traffic is actual on the device, the bandwith-limitation of the queue is working until I switch off torch. I don’t understand this
I guess, that this is not problem of the NAT, a routed connection showes the same beahvior.

Niels

Can you provide a diagram of your setup, I find the translation very difficult.

Disable fasttrack, then reboot the router

Thanks a lot - disabling Fasttrack was the solution.

Niels