My network consists of a Mikrotik SXT as the Internet router, this router has firewall and NAT configured, and connects by Ethernet to my main router RB4011 which connects everything else. What I would like to do is prevent one particular device on the LAN from hogging all the Internet bandwidth while it's running downloads. However I don't necessarily want it limited at all times, nor do I want it limited if it's receiving data from within the network rather than the Internet.
First thought is to apply the policy on the interface from the SXT to the RB, on transmit. Functionally what I want is any traffic not destined to this host to have preferential treatment, up to say 5 meg, however I don't want to limit that traffic to that bandwidth. I can configure Mangle rules either to mark everything destined for this particular host, or mark everything not destined. It's a fixed IP so easy to identify.
What I'm not sure on is the queuing. For example this doesn't seem to work, all traffic hit's the "NOT-HOST" queue whether it's from the host in question or not.
Code: Select all
/ip firewall mangle
add action=mark-connection chain=postrouting connection-state=new dst-address=!192.168.1.100 new-connection-mark=NOT-HOST passthrough=yes src-address-list=""
add action=mark-packet chain=postrouting connection-mark=NOT-HOST new-packet-mark=NOT-HOST passthrough=no
/queue tree
add max-limit=100M name=ETHERNET-OUT parent=bridge
add limit-at=5M max-limit=100M name=NOT-HOST packet-mark=NOT-HOST parent=ETHERNET-OUT
add limit-at=20M max-limit=100M name=ETHERNET-DEF packet-mark=no-mark parent=ETHERNET-OUT
Thanks, Tony S