We have a network consisting of a 3Mbit line and about 50+ users. Most of these users are behind our firewall, but a few have public IP addresses outside of our firewall. I’ve setup a 2-port Mikrotik box that sits behind our firewall and just does traffic shaping for our LAN users – all works well.
I’m trying to figure out how to shape the public IP users as well that are outside the firewall. I can install another 2 NICs on the Mikrotik box and traffic shape those separately, but this isn’t really what I want to do. I want to share the 3Mbit line evenly amongst the public and LAN users together. Instead of giving the public users, say, 1 Mbit and the LAN users 2 Mbit, I want to give them both combined 3 Mbit and have the Mikrotik traffic shaper distribute accordingly.
Is there any way to create a queue (and subqueues for each IP) that all public and private users will go into, but to keep the data separate on the public and private interfaces? Obviously I want to create 2 bridges, one for the public port pair and one for the private port pair. But I want to assign all these interfaces to the same queue so they share the same bandwidth. Is this possible?
-----------Firewall---------LAN IP users
T1------Switch----|
-----------Public IP users
Basically, I want both the public IP users and the LAN IP users to go thru the Mikrotik to be traffic shaped. I have a 4-port Mikrotik router, so I can create two bridges, one for the public, one for the private. The question is having these two bridges share the bandwidth as if they were on one connection (which ultimately, they are).
I actually figured out how to do this (I believe, let me know if this looks wrong!) using simple queues and two bridges.
Create two bridges, one for the public interfaces and one for the private interfaces (ethers 2 & 3, and ethers 4 & 5)
Create two queue types, a PCQ for upload (src address) and a PCQ for download (dst address)
Create a simple queue “Main” with my total UL and DL bandwidth, assigned to all interfaces with no parent (this is the main queue)
Create a simple queue called “Private”, with target address set to 192.168.0.0/16 (our LAN) and a parent of “Main”, and queue types of pcq-upload and pcq-download.
Create a simple queue called “Public”, with target address set to 69.178.0.0/16 (our WAN) and a parent of “Main”, and queue types of pcq-upload and pcq-download.
With both simple queues “Public” and “Private” sharing the same parent queue “Main” and using pcq’s, this should evenly distribute the bandwidth amongst both the public and private users. This way, the bandwidth doesn’t need to be rationed off with a specific amount given to public and a specific amount given to private users.