Hi ...
I hope someone can help on this.
I have a domestic setup with ROS 3.23, web-proxy up, a 3G ppp-client (my public interface) and a local interface (WLAN/ETH). At ETH there is a small video server with 2 cameras (CFTV, and a Dude server I started playing with).
Now I started sharing the internet connection with some neighbours and I configured a simple queue to 512down 128up for each one of us.
It's working ok but web-proxy content does not need speed limits 'cause it's LAN traffic. Neither the CFTV server needs limits.
I basically use Winbox to set up things. Support guys explained (and wiki too) that when using simple queue some pre and post routing marks need to be done on packets and all this packet flow details but ... I still confused (IT is not my business, just curious and learning)
Can someone help me with an example? A ppp-client as public and WLAN/LAN as local. May be for a single client.
BTW, since all of us have the same rights, on simple queue is it possible to set a single rule for all clients? Or I'll need to create one for each client IP?
Thanks in advance & have a nice weekend;
Re: Help with Simple Queue + Web Proxy (Wiki example)
I implemented queue as sugested at http://wiki.mikrotik.com/wiki/Queue_wit ... _Web-Proxy.
I have ETH and WLAN, for now only set up at ETH interface for testing and it's ok. I want to modify the Wiki sugestion to a system which has 2 LAN interfaces instead of one.
A question: the wiki instruction:
The only difference is that at Wiki intructions this rules specified a local network address range (172.21.1.0/24).
Since masquerading will do some operation between the public interface and one (or more) locals, can I keep the "old" firewall + web-proxy maskerading rules instead?
And then on Wiki:
And more: the packet-marks could be the same for both interfaces, but creating different rules for LAN & WLAN?
Thanks for any help.
I have ETH and WLAN, for now only set up at ETH interface for testing and it's ok. I want to modify the Wiki sugestion to a system which has 2 LAN interfaces instead of one.
A question: the wiki instruction:
is somewhat the same I had after use firewall settings via Webbox (#0) and later setup the web-proxy according to the manual (#1).Make 2 NAT rules, 1 for Masquerading, and the other for redirecting transparant proxy.
[admin@instaler] ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=public
src-address=172.21.1.0/24 action=masquerade
1 chain=dstnat in-interface=lan src-address=172.21.1.0/24
protocol=tcp dst-port=80 action=redirect to-ports=3128
The only difference is that at Wiki intructions this rules specified a local network address range (172.21.1.0/24).
Since masquerading will do some operation between the public interface and one (or more) locals, can I keep the "old" firewall + web-proxy maskerading rules instead?
Both locals (LAN & WLAN) needs to be "web-proxied" anyway. Or must I create two identical rules, specifying the network ranges of each interface (192.168.100.0/24 & 192.168.10.0/24 in my setup)?[admin@mramos] ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=public
1 chain=dstnat action=redirect to-ports=3128 protocol=tcp dst-port=80
And then on Wiki:
In order to make both interfaces follow the same rule is enough add the WLAN rule:If we want to make HIT traffic from web proxy not queued, we have to make a mangle to handle this traffic. Put this rule on the beginning of the mangle, as it will check first.
[admin@instaler] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; HIT TRAFFIC FROM PROXY
chain=output out-interface=lan
dscp=4 action=mark-packet
new-packet-mark=proxy-hit passthrough=no
?chain=output out-interface=wlan
dscp=4 action=mark-packet
new-packet-mark=proxy-hit passthrough=no
And more: the packet-marks could be the same for both interfaces, but creating different rules for LAN & WLAN?
Or I need to go like this?[admin@instaler] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
1 ;;; UP TRAFFIC (LAN)
chain=prerouting in-interface=lan
src-address=192.168.100.0/24 action=mark-packet
new-packet-mark=test-up passthrough=no
2 ;;; UP TRAFFIC (WLAN)
chain=prerouting in-interface=lan
src-address=192.168.10.0/24 action=mark-packet
new-packet-mark=test-up passthrough=no
And finally ... using this Wiki sugestion, when I set the limits for an address range this means that ALL the segment will be limited to this speed (I mean, the interface will have a single speed limit lets say 512down/128up)? Or EACH client will have it's own limits, all the same (each client 512down/128up)?1 ;;; UP TRAFFIC (LAN)
chain=prerouting in-interface=lan
src-address=192.168.100.0/24 action=mark-packet
new-packet-mark=test-up1 passthrough=no
1 ;;; UP TRAFFIC WLAN
chain=prerouting in-interface=lan
src-address=192.168.10.0/24 action=mark-packet
new-packet-mark=test-up2 passthrough=no
Thanks for any help.
Re: Help with Simple Queue + Web Proxy
you can read from this web http://mikrotik.unimedcenter.org/mikrot ... -bandwidht
Re: Help with Simple Queue + Web Proxy
I settle down with this setup (384 down, 128 up, unlimited to web-proxy contents)
1) At queue type, I created 2 custom PCQs:2) At firewall > nat, a common masquerade rule for public interface + redirect to web-proxy:3) At firewall > mangle I followed the wiki example:4) Finally at queue > tree I applied the custom PCQs:
The result: limited 384down/128up when surfin' the internet but unlimited speed from web-proxy to clients. The "feeling" after some web-proxy use period is as if an higher internet speed is avialable (at least for page views / load).
Regards;
1) At queue type, I created 2 custom PCQs:
Code: Select all
[mramos@WISP-3G-00] /queue type> pr
5 name="mr-down" kind=pcq pcq-rate=384000 pcq-limit=50
pcq-classifier=dst-address pcq-total-limit=2000
6 name="mr-up" kind=pcq pcq-rate=128000 pcq-limit=50
pcq-classifier=src-address pcq-total-limit=2000Code: Select all
[mramos@WISP-3G-00] /ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=redirect to-ports=8000 protocol=tcp dst-port=80
1 chain=srcnat action=masquerade out-interface=ETHCode: Select all
[mramos@WISP-3G-00] /ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=output action=mark-packet new-packet-mark=proxy-hit passthrough=no
out-interface=WLAN dscp=4
1 chain=prerouting action=mark-packet new-packet-mark=up10.5 passthrough=no
src-address=192.168.11.0/24 in-interface=WLAN
2 chain=forward action=mark-connection new-connection-mark=conn10.5
passthrough=yes src-address=192.168.11.0/24
3 chain=forward action=mark-packet new-packet-mark=dw10.5 passthrough=no
in-interface=ETH connection-mark=conn10.5
4 chain=output action=mark-packet new-packet-mark=dw10.5 passthrough=no
dst-address=192.168.11.0/24 out-interface=WLANCode: Select all
[mramos@WISP-3G-00] /queue tree> pr
Flags: X - disabled, I - invalid
0 name="dw10.5" parent=WLAN packet-mark=dw10.5 limit-at=0 queue=mr-down
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
1 name="up10.5" parent=global-in packet-mark=up10.5 limit-at=0 queue=mr-up
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0sRegards;
-
-
psycronicx
just joined
- Posts: 3
- Joined:
- Location: Indonesia
- Contact:
Re: Help with Simple Queue + Web Proxy (Wiki example)
i also follow that link on my ros v5.5, but the result is traffic from internal proxy was queued to upstream... if i enable upstream queue, the traffic from proxy only 2mbps... if i disable 10mbps++... my head is gonna blowI implemented queue as sugested at http://wiki.mikrotik.com/wiki/Queue_wit ... _Web-Proxy.
