Dual QoS is a myth on mikrotik.dual QoS with PCQ can be re-invented to a single step solution - just put the PCQ as a queueing in the first step and make additional adjustments to the Queue Tree design.
Can you give me a proof that even in one small scenario dual qos on mikrotik would be effective?Dual Queue-ing/shaping is Real
It works when you need to limit individual users's bandwidth and at the same time control his/her flows like VoIP, www and p2p. What is there to prove? If that's what you're after, it works.Can you give me a proof that even in one small scenario dual qos on mikrotik would be effective?Dual Queue-ing/shaping is Real
You're mentioning per-user prioritization, which is not possible on mikrotik.It works when you need to limit individual users's bandwidth and at the same time control his/her flows like VoIP, www and p2p. What is there to prove? If that's what you're after, it works.
It's possible as long each user is assigned unique IP address which is common.You're mentioning per-user prioritization, which is not possible on mikrotik.It works when you need to limit individual users's bandwidth and at the same time control his/her flows like VoIP, www and p2p. What is there to prove? If that's what you're after, it works.
/ip firewall mangle
add action=accept chain=prerouting comment=urzadzenia_local disabled=no src-address-list=URZADZENIA
add action=mark-packet chain=prerouting comment=syn disabled=no dst-port=80,443,110,995,25,20,21,5060-5061 in-interface=!WAN new-packet-mark=1u packet-size=0-666 passthrough=no \
protocol=tcp tcp-flags=syn
add action=mark-packet chain=prerouting disabled=no in-interface=WAN new-packet-mark=1d packet-size=0-666 passthrough=no protocol=tcp src-port=80,443,110,995,25,20,21,5060-5061 \
tcp-flags=syn
add action=mark-packet chain=prerouting comment=ack disabled=no dst-port=80,443,110,995,25,20,21,5060-5061 in-interface=!WAN new-packet-mark=1u packet-size=0-123 passthrough=no \
protocol=tcp tcp-flags=ack
add action=mark-packet chain=prerouting disabled=no in-interface=WAN new-packet-mark=1d packet-size=0-123 passthrough=no protocol=tcp src-port=80,443,110,995,25,20,21,5060-5061 \
tcp-flags=ack
add action=mark-connection chain=prerouting comment=wazne_1 disabled=no new-connection-mark=1 passthrough=yes protocol=icmp
add action=mark-connection chain=prerouting disabled=no new-connection-mark=1 passthrough=yes port=53 protocol=udp
add action=mark-connection chain=prerouting disabled=no new-connection-mark=1 passthrough=yes port=22,53,8291,6610,12000,10020,7654 protocol=tcp
add action=mark-packet chain=prerouting connection-mark=1 disabled=no in-interface=WAN new-packet-mark=1d passthrough=no
add action=mark-packet chain=prerouting disabled=no in-interface=WAN new-packet-mark=1d passthrough=no protocol=icmp
add action=mark-packet chain=prerouting connection-mark=1 disabled=no new-packet-mark=1u passthrough=no
add action=mark-packet chain=prerouting disabled=no new-packet-mark=1u passthrough=no protocol=icmp
add action=mark-connection chain=prerouting comment="oczekiwania ludzi 3" disabled=no dst-address-list=PRIO_3 new-connection-mark=3 passthrough=yes
add action=mark-connection chain=prerouting disabled=no new-connection-mark=3 passthrough=yes src-address-list=PRIO_3
add action=mark-connection chain=prerouting disabled=no layer7-protocol=youtube new-connection-mark=3 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no layer7-protocol=wrzuta new-connection-mark=3 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no new-connection-mark=3 passthrough=yes port=27000-27030,27058,27056,1200 protocol=udp
add action=mark-connection chain=prerouting disabled=no new-connection-mark=3 passthrough=yes port=27010-27042,27058,27056,1200,110,995,25 protocol=tcp
add action=mark-connection chain=prerouting disabled=no new-connection-mark=3 passthrough=yes port=5350,8767,8769,27058,27071,27900,27901,27910,27960,28960,7171,44606,53422 \
protocol=udp
add action=mark-connection chain=prerouting disabled=no layer7-protocol=counterstrike-source new-connection-mark=3 passthrough=yes
add action=mark-connection chain=prerouting disabled=no layer7-protocol=halflife2-deathmatch new-connection-mark=3 passthrough=yes
add action=mark-packet chain=prerouting connection-mark=3 disabled=no in-interface=WAN new-packet-mark=3d passthrough=no
add action=mark-packet chain=prerouting connection-mark=3 disabled=no new-packet-mark=3u passthrough=no
.
.
.
.
and the same (but different protocols / ports etc) until 8d/8u
.
.
.
add action=accept chain=forward disabled=no protocol=icmp
add action=accept chain=forward comment="urzadzenia" disabled=no dst-address-list=URZADZENIA
add action=accept chain=forward disabled=no src-address-list=URZADZENIA
add action=mark-packet chain=forward comment=syn disabled=no in-interface=!WAN new-packet-mark=dopal-u packet-size=0-666 passthrough=no protocol=tcp tcp-flags=syn
add action=mark-packet chain=forward disabled=no in-interface=WAN new-packet-mark=dopal-d packet-size=0-666 passthrough=no protocol=tcp tcp-flags=syn
add action=mark-packet chain=forward comment=ack disabled=no in-interface=!WAN new-packet-mark=dopal-u packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=forward disabled=no in-interface=WAN new-packet-mark=dopal-d packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=forward comment=dns disabled=no in-interface=!WAN new-packet-mark=dopal-u passthrough=no port=53 protocol=udp
add action=mark-packet chain=forward disabled=no new-packet-mark=dopal-d out-interface=!WAN passthrough=no port=53 protocol=udp
add action=mark-connection chain=forward disabled=no new-connection-mark=dopal passthrough=yes port=80,443 protocol=tcp
add action=mark-packet chain=forward connection-bytes=0-2000 connection-mark=dopal disabled=no in-interface=WAN new-packet-mark=dopal-d passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-bytes=0-1000 connection-mark=dopal disabled=no in-interface=!WAN new-packet-mark=dopal-u passthrough=no protocol=tcp
add action=mark-connection chain=forward comment=ludzie disabled=no new-connection-mark=lud passthrough=yes src-address-list=ludzie
add action=mark-connection chain=forward disabled=no dst-address-list=ludzie new-connection-mark=lud passthrough=yes
add action=mark-packet chain=forward connection-mark=lud disabled=no in-interface=WAN new-packet-mark=ludzie-d passthrough=no
add action=mark-packet chain=forward connection-mark=lud disabled=no new-packet-mark=ludzie-u out-interface=WAN passthrough=no
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=up_all pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=40 \
pcq-rate=95k pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=dl_full pcq-burst-rate=2950k pcq-burst-threshold=1200k pcq-burst-time=12s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 \
pcq-limit=40 pcq-rate=2M pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=sfq name=SFQ sfq-allot=1514 sfq-perturb=5
set 8 kind=none name=only-hardware-queue
set 9 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 10 kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=450k name=UP-TOTAL packet-mark="" parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=3900k name=DW-TOTAL packet-mark="" parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=457k name=USLUGI_ALL_UP packet-mark="" parent=global-in priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=3800k name=USLUGI_ALL_DW packet-mark="" parent=global-in priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=150k max-limit=720k name=n1d packet-mark=1d parent=USLUGI_ALL_DW priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=600k max-limit=3700k name=n3d packet-mark=3d parent=USLUGI_ALL_DW priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=90k max-limit=200k name=n1u packet-mark=1u parent=USLUGI_ALL_UP priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=80k max-limit=300k name=n3u packet-mark=3u parent=USLUGI_ALL_UP priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=3700k name=DW_reszta packet-mark="" parent=USLUGI_ALL_DW priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=450k name=UP_reszta packet-mark="" parent=USLUGI_ALL_UP priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=200k max-limit=2M name=n5d packet-mark=5d parent=DW_reszta priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=50k max-limit=400k name=n5u packet-mark=5u parent=UP_reszta priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M max-limit=3800k name=Reszta-D packet-mark=ludzie-d parent=DW-TOTAL priority=4 queue=dl_full
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100k max-limit=440k name=Reszta-U packet-mark=ludzie-u parent=UP-TOTAL priority=5 queue=up_all
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=400k max-limit=3600k name=dopal-d packet-mark=dopal-d parent=DW-TOTAL priority=2 queue=SFQ
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100k max-limit=440k name=dopal-u packet-mark=dopal-u parent=UP-TOTAL priority=2 queue=SFQ
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=3200k name=n6d packet-mark=6d parent=DW_reszta priority=6 queue=SFQ
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=50k max-limit=400k name=n6u packet-mark=6u parent=UP_reszta priority=6 queue=SFQ
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=3700k name=n8d packet-mark=8d parent=DW_reszta priority=8 queue=SFQ
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=400k name=n8u packet-mark=8u parent=UP_reszta priority=8 queue=SFQ
/queue tree add max-limit=450k name=UP-TOTAL parent=WAN add max-limit=3900k name=DW-TOTAL parent=LAN add max-limit=457k name=USLUGI_ALL_UP parent=global add max-limit=3800k name=USLUGI_ALL_DW parent=global add limit-at=150k max-limit=720k name=n1d packet-mark=1d parent=USLUGI_ALL_DW priority=1 queue=default add limit-at=600k max-limit=3700k name=n3d packet-mark=3d parent=USLUGI_ALL_DW priority=3 queue=default add limit-at=90k max-limit=200k name=n1u packet-mark=1u parent=USLUGI_ALL_UP priority=1 queue=default add limit-at=80k max-limit=300k name=n3u packet-mark=3u parent=USLUGI_ALL_UP priority=3 queue=default add max-limit=3700k name=DW_reszta parent=USLUGI_ALL_DW add max-limit=450k name=UP_reszta parent=USLUGI_ALL_UP add limit-at=200k max-limit=2M name=n5d packet-mark=5d parent=DW_reszta priority=5 queue=default add limit-at=50k max-limit=400k name=n5u packet-mark=5u parent=UP_reszta priority=5 queue=default add limit-at=1M max-limit=3800k name=Reszta-D packet-mark=ludzie-d parent=DW-TOTAL priority=4 queue=pcq-download-default add limit-at=100k max-limit=440k name=Reszta-U packet-mark=ludzie-u parent=UP-TOTAL priority=5 queue=pcq-upload-default add limit-at=400k max-limit=3600k name=dopal-d packet-mark=dopal-d parent=DW-TOTAL priority=2 queue=wireless-default add limit-at=100k max-limit=440k name=dopal-u packet-mark=dopal-u parent=UP-TOTAL priority=2 queue=wireless-default add max-limit=3200k name=n6d packet-mark=6d parent=DW_reszta priority=6 queue=wireless-default add limit-at=50k max-limit=400k name=n6u packet-mark=6u parent=UP_reszta priority=6 queue=wireless-default add max-limit=3700k name=n8d packet-mark=8d parent=DW_reszta queue=wireless-default add max-limit=400k name=n8u packet-mark=8u parent=UP_reszta queue=wireless-defaultBut the stuff attached to global is Invalid in the current 6.0rc2 dev build ?
I use this view for several small networks with ADSL, for several with about 30-80Mbit and a several with 500-1200Mbit and everyone working fine (of course, each requiring individual optimization) but the idea of queue-ing is the same. and in the commercial networks with this idea customers are happy and there are more and more customers so I think this is good road to go ;pAs for "client chooses what to do with their bandwidth" this is not a pragmatic view because the client says " why u no prioritise my game traffic, I go to other ISP now!".
+1I only want use pcq for client limitation (grouping customers in they rates for big networks, and dynamicaly limits in smal networks like my previous post) and global prioritization (whole network)
I don't want use one queue for one client... this is a reason why I use pcq
if developers from mikrotik abandoned idea with Dual Queue-ing/shaping this is very disappointing
and I must use on one AP's a several subnets (subntes as much as tariffs I sell to customers on each ap's ) because each commercial networks are... with routing of corse ;p....... no thanks I'm using address-lists for grouping that, this is scalable solutionWe can use SQ for a subnet with queue type PCQ.
what about this... (typical situation) ....for example we have 20 routers/AP's they are connected to backbone network, on each router/AP's we has subnet /24 for clients... of course on each router we have different subnet..... and of course on each router/AP clients have different tariffs (couple have 2/2Mbit couple have 3/1Mbit ....), but they are in the same subnet on APWe can use SQ for a subnet with queue type PCQ.
in this situation .....this is .... useless ... for grouping we have address-listsWe can use SQ for a subnet with queue type PCQ.
Dear macgaiverOnly change that is in v6 compared to v5 is that there are no more HTBs separated by mangle. So remarking is not possible.
Simple queue functionality remains the same just faster - you can still use limit for download, upload and total.
Currently in v6 you can repeat double QoS system by creating small simple queue tree for each user.
/queue simple
add target=192.168.1.1/32 burst-limit=100M/100M burst-threshold=10M/10M burst-time=1m/1m limit-at=2M/2M max-limit=10M/10M
add limit-at=500k/500k max-limit=1M/1M packet-marks=priority1_mark parent=queue1 priority=1/1 target=ether1_local total-priority=1
add limit-at=500k/500k max-limit=1M/1M packet-marks=priority4_mark parent=queue1 priority=4/4 target=ether1_local total-priority=4
add limit-at=500k/500k max-limit=3M/3M packet-marks=priority2_mark parent=queue1 priority=2/2 target=ether1_local total-priority=2
add limit-at=500k/500k max-limit=5M/5M packet-marks=priority6_mark parent=queue1 priority=6/6 target=ether1_local total-priority=6
As number of simple queue are not relevant anymore then you can have thousands of them and you can easily create this with script for large number of addresses. as only thing that changes are target address on parent interface.
Something like this - (i just wanted to show principle, you can create your own small trees)
And, whalla, you have double QoS again only in same chain and you only need few packet marks
Microtic Command :
/ip firewall mangle
add action=mark-packet chain=game connection-mark=CSO disabled=no \
new-packet-mark=Game_cso passthrough=no
add action=mark-packet chain=forward comment="SEMUA GAME DIPAKETKAN" \
connection-mark="GAME KONEKSI" disabled=yes new-packet-mark="GAME PAKET" \
passthrough=no
add action=mark-connection chain=prerouting comment="Counter Strike Koneksi UDP" \
disabled=yes dst-port=27005-27015 new-connection-mark="GAME KONEKSI" \
passthrough=no protocol=udp
add action=mark-connection chain=game disabled=no dst-address=122.102.53.0/24 \
dst-port=27005-27015 new-connection-mark=CSO passthrough=yes protocol=\
udp
add action=mark-connection chain=prerouting comment="Counter Strike KONEKSI TCP" \
disabled=yes dst-address=122.102.53.0/24 dst-port=47611 \
new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp
add action=mark-connection chain=game comment="Counter Strike" disabled=no \
dst-address=122.102.53.0/24 dst-port=47611 new-connection-mark=CSO \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Counter Strike KONEKSI TCP" \
disabled=yes dst-address=122.102.53.0/24 dst-port=8000-8010 \
new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp
add action=mark-connection chain=game comment="Counter Strike" disabled=no \
dst-address=122.102.53.0/24 dst-port=8000-8010 new-connection-mark=CSO \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Counter Strike KONEKSI TCP" \
disabled=yes dst-address=122.102.53.0/24 dst-port=36567 \
new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp
add action=mark-connection chain=game comment="Counter Strike" disabled=no \
dst-address=122.102.53.0/24 dst-port=36567 new-connection-mark=CSO \
passthrough=yes protocol=tcp
add action=jump chain=prerouting disabled=no jump-target=game
add action=mark-connection chain=game disabled=no dst-address=122.102.53.0/24 \
dst-port=8000-8010 new-connection-mark=CSO passthrough=yes protocol=tcp
add action=mark-connection chain=game disabled=no dst-address=122.102.53.0/24 \
dst-port=36567 new-connection-mark=CSO passthrough=yes protocol=tcp
add action=mark-connection chain=game disabled=no dst-address=122.102.53.0/24 \
dst-port=47611 new-connection-mark=CSO passthrough=yes protocol=tcp
add action=mark-connection chain=game disabled=no dst-address=122.102.53.0/24 \
dst-port=27005-27015 new-connection-mark=CSO passthrough=yes protocol=\
udp
[b]/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=CSO packet-mark=Game_cso parent=[color=#FF0000]global-in[/color] priority=8 \
queue=CSO
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Game packet-mark=Game_cso parent=[color=#FF0000]global-total[/color] priority=1 \
queue=Game[/b]
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1
add action=src-nat chain=srcnat comment="Masquerade CSO" disabled=no \
dst-address=122.102.53.0/24 out-interface=ether1 src-address=0.0.0.0/0 \
to-addresses=122.102.53.0/24
add action=src-nat chain=srcnat comment="Masquerade CSO1" disabled=no \
dst-address=122.102.53.0/24 out-interface=ether1 src-address=\
192.168.1.0/24 to-addresses=122.102.53.0/24
add action=masquerade chain=srcnat comment="Masquerade CSO2" disabled=no \
dst-address=122.102.53.0/24 out-interface=ether1 src-address=0.0.0.0/0 \
to-addresses=122.102.53.0/24
add action=masquerade chain=srcnat comment="Masquerade CSO3" disabled=no \
out-interface=ether1 to-addresses=122.102.53.0/24
add action=src-nat chain=srcnat comment="Masquerade CSO4" disabled=no \
out-interface=ether1 src-address=192.168.1.0/24 to-addresses=\
122.102.53.0/24
I got error: "input does not match any value of parent"Mikrotik Command for Counter Strike Online:
/ip firewall mangle
add action=mark-packet chain=game connection-mark=CSO disabled=no \
new-packet-mark=Game_cso passthrough=no
add action=mark-packet chain=forward comment="SEMUA GAME DIPAKETKAN" \
connection-mark="GAME KONEKSI" disabled=yes new-packet-mark="GAME PAKET" \
passthrough=no
add action=mark-connection chain=prerouting comment="Counter Strike Koneksi UDP" \
disabled=yes dst-port=27005-27015 new-connection-mark="GAME KONEKSI" \
passthrough=no protocol=udp
add action=mark-connection chain=game disabled=no dst-address=122.102.53.0/24 \
dst-port=27005-27015 new-connection-mark=CSO passthrough=yes protocol=\
udp
add action=mark-connection chain=prerouting comment="Counter Strike KONEKSI TCP" \
disabled=yes dst-address=122.102.53.0/24 dst-port=47611 \
new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp
add action=mark-connection chain=game comment="Counter Strike" disabled=no \
dst-address=122.102.53.0/24 dst-port=47611 new-connection-mark=CSO \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Counter Strike KONEKSI TCP" \
disabled=yes dst-address=122.102.53.0/24 dst-port=8000-8010 \
new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp
add action=mark-connection chain=game comment="Counter Strike" disabled=no \
dst-address=122.102.53.0/24 dst-port=8000-8010 new-connection-mark=CSO \
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Counter Strike KONEKSI TCP" \
disabled=yes dst-address=122.102.53.0/24 dst-port=36567 \
new-connection-mark="GAME KONEKSI" passthrough=yes protocol=tcp
add action=mark-connection chain=game comment="Counter Strike" disabled=no \
dst-address=122.102.53.0/24 dst-port=36567 new-connection-mark=CSO \
passthrough=yes protocol=tcp
add action=jump chain=prerouting disabled=no jump-target=game
add action=mark-connection chain=game disabled=no dst-address=122.102.53.0/24 \
dst-port=8000-8010 new-connection-mark=CSO passthrough=yes protocol=tcp
add action=mark-connection chain=game disabled=no dst-address=122.102.53.0/24 \
dst-port=36567 new-connection-mark=CSO passthrough=yes protocol=tcp
add action=mark-connection chain=game disabled=no dst-address=122.102.53.0/24 \
dst-port=47611 new-connection-mark=CSO passthrough=yes protocol=tcp
add action=mark-connection chain=game disabled=no dst-address=122.102.53.0/24 \
dst-port=27005-27015 new-connection-mark=CSO passthrough=yes protocol=\
udp
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=CSO packet-mark=Game_cso parent=global-in priority=8 \
queue=CSO
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Game packet-mark=Game_cso parent=global-total priority=1 \
queue=Game
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1
add action=src-nat chain=srcnat comment="Masquerade CSO" disabled=no \
dst-address=122.102.53.0/24 out-interface=ether1 src-address=0.0.0.0/0 \
to-addresses=122.102.53.0/24
add action=src-nat chain=srcnat comment="Masquerade CSO1" disabled=no \
dst-address=122.102.53.0/24 out-interface=ether1 src-address=\
192.168.1.0/24 to-addresses=122.102.53.0/24
add action=masquerade chain=srcnat comment="Masquerade CSO2" disabled=no \
dst-address=122.102.53.0/24 out-interface=ether1 src-address=0.0.0.0/0 \
to-addresses=122.102.53.0/24
add action=masquerade chain=srcnat comment="Masquerade CSO3" disabled=no \
out-interface=ether1 to-addresses=122.102.53.0/24
add action=src-nat chain=srcnat comment="Masquerade CSO4" disabled=no \
out-interface=ether1 src-address=192.168.1.0/24 to-addresses=\
122.102.53.0/24