Priority in queue not working,using external proxy server

edris · Sat Apr 28, 2012 6:25 am

hi
this is my situation

when i enabling proxy server on a second router and redirecting traffic to that router then traffic priority not working on first router. i mean the user with priority=8 can eat all traffic when other with priority=2 downloading something. but when i disable proxy server everything working just fine.
this is a my first router config :

[admin@MikroTik] > ip add pr
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                         
 0   192.168.60.1/24    192.168.60.0    lan                                                               
 1   192.168.1.1/24     192.168.1.0     wan     

[admin@MikroTik] > ip route print 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          192.168.1.2               1

[admin@MikroTik] > ip firewall mangle pr
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; ICMP
     chain=forward action=mark-packet new-packet-mark=ICMP_PACKETS passthrough=no protocol=icmp 

 1   ;;; Manager Packets
     chain=forward action=mark-packet new-packet-mark=Manager_packets passthrough=no dst-address=10.10.10.2-10.10.10.10 

 2   ;;; g1 Packets
     chain=forward action=mark-packet new-packet-mark=g1_Packets passthrough=no dst-address=10.10.10.11-10.10.10.20 

 3   ;;; g2 Packets
     chain=forward action=mark-packet new-packet-mark=g2_Packets passthrough=no dst-address=10.10.10.21-10.10.10.30 

[admin@MikroTik] > queue tree print 
Flags: X - disabled, I - invalid 
 0   name="Main_Download" parent=global-out packet-mark="" limit-at=0 priority=1 max-limit=256k burst-limit=0 burst-threshold=0 burst

 1   name="Managers" parent=Main_Download packet-mark=Manager_packets limit-at=0 queue=default priority=2 max-limit=256k burst-limit=
     burst-threshold=0 burst-time=0s 

 2   name="g1" parent=Main_Download packet-mark=g1_Packets limit-at=0 queue=default priority=8 max-limit=256k burst-limit=0
     burst-threshold=0 burst-time=0s 

 3   name="g2" parent=Main_Download packet-mark=g2_Packets limit-at=0 queue=default priority=8 max-limit=256k burst-limit=0 
     burst-threshold=0 burst-time=0s

and there is not nat role in this router and all traffic will be router to second router which is my proxy server.
here is the second router config :

[admin@MikroTik] > ip address print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                   
 0   192.168.1.2/24     192.168.1.0     lan                                                                         
 1   109.125.189.242/29 109.125.189.240 wan     

[admin@MikroTik] > ip route print 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          109.125.189.241           1
 1 A S  10.10.10.0/24                      192.168.1.1               1

[admin@MikroTik] > ip firewall nat pr
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=5532 protocol=tcp dst-port=80 

 1   chain=srcnat action=src-nat to-addresses=109.125.189.242 src-address=10.10.10.0/24 


[admin@MikroTik] > ip proxy print 
                 enabled: yes
             src-address: 0.0.0.0
                    port: 5532
            parent-proxy: 0.0.0.0
       parent-proxy-port: 0
     cache-administrator:
          max-cache-size: none
           cache-on-disk: no
  max-client-connections: 600
  max-server-connections: 600
          max-fresh-time: 3d
   serialize-connections: yes
       always-from-cache: no
          cache-hit-dscp: 4
             cache-drive: primary-master

any idea what happening here...

Devil · Sat Apr 28, 2012 1:07 pm

When you enable webproxy on your Bnadwidth management/pppoe server, and add the dst-nat to redirect all requests to it, what happens is that the clients don't request the web pages directly anymore but rather they send it to the router and the router requests those for them instead. that's why your rules wouldn't work. Assuming you are using the same port as the second router for your first router webproxy redirect, try to add a mangle rule to mark those packets that are going to your router port 5532 (for uploads) and another one for those that are coming from your router port 5532 (for downloads) . ive never done this but i think it should work

edris · Sat Apr 28, 2012 1:31 pm

hi
thanks for your replay.
yes i know the fact you mentioned in your replay and also i faced that problem when i had webproxy and bandwidth management on the same server, but after that ( as you can see in my network diagram ) i separated webproxy from bandwidth management/pppoe server. but i have still same problem.
sorry for my poor english

Devil · Sat Apr 28, 2012 1:50 pm

please paste '/ip proxy print' and '/ip firewall nat print' of your first router

edris · Sat Apr 28, 2012 8:56 pm

hi
there is no NAT role in first router.
and all traffic will be routed directly to second router.(with static route).

Devil · Sun Apr 29, 2012 3:59 pm

I don't think the problem is proxy server here. cause its completely transparent to router 1. before we go further, that scr-nat rule in router 2, looks a bit weird. disable it first. by disabling it, all other traffics from pppoe clients except http would fail ofc. but see if it solves the problem...

edris · Mon Apr 30, 2012 9:24 pm

hi
i tried that and all pppoe client traffic (+ http) had been failed. and about the Nat role..!! what is the weird about it??

Devil · Tue May 01, 2012 11:55 am

I honestly don't see why disabling that srcnat would interrupt http traffic. as they're being redirected to the router's webproxy, and the webproxy would handle the rest.
and about that srcnat rule( as well as dstnat one), it's a bad practice to create such loose rules. you should specify incoming and outgoing interfaces as well. and when using masquerade action is sufficient, you should avoid specifying the ip address manually.
not doing so, might end up getting some unexpected results. adjust your rules and try again
if it didn't solve the problem, i suggest try using torch tool for tracking it down: in bandwidth management router, use torch to see the traffic that are going to the router 2 and coming from it. you could also do the same for router 2. see the source and destination address of packets and how they change while they travel through the routers.

As a side note, i don't think you need another router at all to handle webproxy just to be able to apply shaping. all of this should be possible with a single router. so if that's the only reason why you're trying to use 2 routers, you might wanna think twice

Priority in queue not working,using external proxy server

Priority in queue not working,using external proxy server

Re: Priority in queue not working,using external proxy serve

Re: Priority in queue not working,using external proxy serve

Re: Priority in queue not working,using external proxy serve

Re: Priority in queue not working,using external proxy serve

Re: Priority in queue not working,using external proxy serve

Re: Priority in queue not working,using external proxy serve

Re: Priority in queue not working,using external proxy serve

Who is online