Hi, i would like to limit some users using ip addresses(I know that it can be done in simple queues but if i use simple queues i limit all traffic of that ip and i do not want to limit local network speed, just internet connection). I want to limit internet connection(interface=internet - where to write it in source or destination?) to ip address(192.168.x.x - where to put it source or destination). I just want to limit connections only from and to internet to some ip(not from and to local network). Can you help me?
FOR USING QUEUE TREE:
I set up this mangle rule, and doesn´t work. Could you help what is wrong. I want to mark ip: 192.168.76.86 and connection from internet to that ip. Could you make the mangle rule and post it here?
chain=prerouting action=mark-packet new-packet-mark=Johnny passthrough=no
in-interface=internet src-address=192.168.76.86 FOR USING SIMPLE QUEUES
way(probably work only for incomming connection from ip to internet(i am not shure): mangle rule: chain=forward action=mark-packet new-packet-mark=internet_rx_normal
passthrough=yes in-interface=internet(i use this for all my incomming connection from network and then i limit it in queue tree),
i tried to put it in simple queue like this: name=“CL” target-addresses=192.168.76.86/32 dst-address=0.0.0.0/0
interface=all parent=none packet-marks=internet_rx_normal
direction=both priority=8 queue=default-small/default-small
limit-at=0/1000000 max-limit=0/1000000 total-queue=default-small
or
2.way(probably work for outgoing and incomming connection because i used 2 manglerules one for incomming connection to ip from internet(internet_rx_normal) and one for outgoing connection to internet(internet_tx_normal)
name=“CL” target-addresses=192.168.76.86/32 dst-address=0.0.0.0/0
interface=all parent=none
packet-marks=internet_rx_normal,internet_tx_normal direction=both
priority=8 queue=default-small/default-small limit-at=0/1000000
max-limit=0/1000000 total-queue=default-small(but this second way works also just for downloading from internet not for uploading
mangle rules:
for incomming connection from internet to specific ip: internet_rx_nornal: chain=forward action=mark-packet new-packet-mark=internet_rx_normal
passthrough=yes in-interface=internet
for outgoing connection to internet from specific ip: internet_tx_normal chain=forward action=mark-packet new-packet-mark=internet_tx_normal
passthrough=yes out-interface=internet
So could you help the best way to use, i read mannual nothing find out ideal for me, Could you write some simple and most effective rule for limiting only internet connection(if it is possible also uploading and downloading, not just downloading)???
Queue Tree configuration is not required, even mangle is not required.
Use two ‘queue simple’ rules.
First rule with target-address and dst-address (dst-address address of the local network, that target-address belongs to).
Second rule with only target-address.
It should work fine.
I made it like this: and it doesn´t work fine, problem is that downloading something from somebody in local network, it shows it like upload in internet rule and i want to be that in local network rule
Now I have some rules for Local network:
name=“JM-LN” target-addresses=192.168.76.80/32
dst-address=192.168.76.0/24 interface=all parent=none direction=both
priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0
total-queue=default-small
and the other rules for the same clients for internet:
name=“JM-Internet” target-addresses=192.168.76.80/32
dst-address=0.0.0.0/0 interface=all parent=none direction=both
priority=8 queue=default-small/default-small limit-at=0/1000000
max-limit=0/1000000 total-queue=default-small
name=“CA-Internet” target-addresses=192.168.76.88/32
dst-address=0.0.0.0/0 interface=all parent=none direction=both
priority=8 queue=default-small/default-small limit-at=0/1000000
max-limit=0/1000000 total-queue=default-small
Make sure that queue with dst-address is placed before the queue without dst-address.
As well, do not forget to set both ways limit, as currently you have only one way limit, as there is 0.
radocicala -
I can verify that what serjejs said is correct. The order of the queue rules is what is important. I use two queues for some colo’d servers but don’t want them limited when they are talking to each other. They are setup just like what Sergejs said - I have no issues with them working properly.
Setup just like Sergejss said:
“Queue Tree configuration is not required, even mangle is not required.
Use two ‘queue simple’ rules.
First rule with target-address and dst-address (dst-address address of the local network, that target-address belongs to). This is the ‘local’ queue
Second rule with only target-address.” This would be the Internet queue