Community discussions

MikroTik App
 
knightrider
just joined
Topic Author
Posts: 1
Joined: Tue May 09, 2006 11:49 am

Web Proxy queue

Tue May 09, 2006 11:59 am

I have a problem with traffic shapping from web proxy.
I mark mac address,ports,ip and nothing works.
Can`t find a way to limit traffic if web proxy is enabled.
Any Ideas?
Thanks.
 
valens
Trainer
Trainer
Posts: 246
Joined: Tue Jun 01, 2004 5:42 pm
Location: INDONESIA
Contact:

Wed May 10, 2006 12:58 am

Maybe you can try this example

P > FIREWALL > MANGLE

0 ;;; up traffic
chain=prerouting in-interface=LAN src-address=192.168.0.4 action=mark-packet new-packet-mark=test-packet-up passthrough=no

1 chain=forward src-address=192.168.0.4 action=mark-connection new-connection-mark=test-conn passthrough=yes

2 ;;; down traffic from internet
chain=forward in-interface=PUBLIC connection-mark=test-conn action=mark-packet new-packet-mark=test-packet-down passthrough=no

3 ;;; down traffic from router
chain=output out-interface=LAN dst-address=192.168.0.4 action=mark-packet new-packet-mark=test-packet-down passthrough=no

QUEUE > TREE

0 name="test-down" parent=LAN packet-mark=test-packet-down limit-at=0 queue=default priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s

1 name="test-up" parent=global-in packet-mark=test-packet-up limit-at=0 queue=default priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s
 
emmanuel
newbie
Posts: 37
Joined: Thu Jan 05, 2006 8:23 pm
Location: nigeria

web proxy queue

Sat May 20, 2006 3:16 pm

hello
i have same problem,my queue would fine but when enables squid for me web catch the queue tree wiil shape well for me pl what i should now .
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Sun May 21, 2006 3:33 pm

valens so nice example , i want to apply your example but first i need to show you my rules wich i'm using now , i just want to make an equal bandwidth sharing between my clients ( PCQ ) and i'm doing this :

1- firewall mangle :

chain=prerouting src-address=192.168.1.0/24 action=mark-connection new-connection-mark=users-con passthrough=no

chain=forward connection-mark=users-con action=mark-packet new-packet-mark=users passthrough=yes

2-Queues

a- type

name="pcq-download" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000

name="pcq-upload" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000

b- tree

name="queue1" parent=localnet packet-mark=users limit-at=0 queue=pcq-download priority=8 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s

name="queue2" parent=internet packet-mark=users limit-at=0 queue=pcq-upload priority=8 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s

please look at this setting carefully and let me know if i made any mistake , and how to add a queue for my web-proxy to the download queue .. thanx in advanced
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Mon May 22, 2006 4:25 pm

i need someone to check my setting please , is it ok ? or i have to change it to valnet example ?
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Thu May 25, 2006 4:01 am

please any EXPERT advice ?????
 
User avatar
FOV
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Tue Nov 29, 2005 5:34 pm
Location: ARGENTINA

Thu May 25, 2006 4:25 pm

Guys, I´m not an expert, very far of that.

But, I´m using this for my clients

Hope to be useful for you.

Regards,

Fernando


#### Configuro Mangle PARA PRIORIDADES #####

#### Configuro Mangle VoIp #####
/ ip firewall mangle add chain=prerouting protocol=tcp dst-port=5060 action=mark-connection new-connection-mark=VOIP_CON passthrough=yes comment="VoIP" disabled=no
/ ip firewall mangle add chain=prerouting protocol=udp dst-port=5060 action=mark-connection new-connection-mark=VOIP_CON passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting protocol=tcp dst-port=16384 action=mark-connection new-connection-mark=VOIP_CON passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting protocol=udp dst-port=16384 action=mark-connection new-connection-mark=VOIP_CON passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting protocol=tcp dst-port=19000-20000 action=mark-connection new-connection-mark=VOIP_CON passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting protocol=udp dst-port=19000-20000 action=mark-connection new-connection-mark=VOIP_CON passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting connection-mark=VOIP_CON action=mark-packet new-packet-mark=ALTA passthrough=no comment="" disabled=no

#### Configuro Mangle DNS #####
/ ip firewall mangle add chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS_CON passthrough=yes comment="DNS" disabled=no
/ ip firewall mangle add chain=prerouting connection-mark=DNS_CON action=mark-packet new-packet-mark=ALTA passthrough=no comment="" disabled=no

#### Configuro Mangle Trafico Web #####
/ ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=HTTP_CON passthrough=yes comment="HTTP" disabled=no
/ ip firewall mangle add chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-connection-mark=HTTP_CON passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting protocol=tcp dst-port=8080 action=mark-connection new-connection-mark=HTTP_CON passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting connection-mark=HTTP_CON action=mark-packet new-packet-mark=MEDIA_ALTA passthrough=no comment="" disabled=no

#### Configuro Mangle Trafico Mail #####
/ ip firewall mangle add chain=prerouting protocol=tcp dst-port=110 action=mark-connection new-connection-mark=MAIL_CON passthrough=yes comment="HTTP" disabled=no
/ ip firewall mangle add chain=prerouting protocol=tcp dst-port=25 action=mark-connection new-connection-mark=MAIL_CON passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting connection-mark=MAIL_CON action=mark-packet new-packet-mark=MEDIA_ALTA passthrough=no comment="" disabled=no

#### Configuro Mangle Trafico FTP #####
/ ip firewall mangle add chain=prerouting protocol=tcp dst-port=20 action=mark-connection new-connection-mark=FTP_CON passthrough=yes comment="HTTP" disabled=no
/ ip firewall mangle add chain=prerouting protocol=tcp dst-port=21 action=mark-connection new-connection-mark=FTP_CON passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting connection-mark=FTP_CON action=mark-packet new-packet-mark=MEDIA_BAJA passthrough=no comment="" disabled=no

#### Configuro Mangle Messenger #####
/ ip firewall mangle add chain=prerouting protocol=tcp dst-port=1863 action=mark-connection new-connection-mark=MSN_CON passthrough=yes comment="MSN" disabled=no
/ ip firewall mangle add chain=prerouting connection-mark=MSN_CON action=mark-packet new-packet-mark=MEDIA_BAJA passthrough=no comment="" disabled=no

#### Configuro Mangle Para Programas Peer to Peer #####
/ ip firewall mangle add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=P2P_CON passthrough=yes comment="P2P" disabled=no
/ ip firewall mangle add chain=prerouting connection-mark=P2P_CON action=mark-packet new-packet-mark=P2P passthrough=no comment="" disabled=no

#### Configuro Mangle Resto de los Servicios #####
/ ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=OTROS_CON passthrough=yes comment="Resto del trafico" disabled=no
/ ip firewall mangle add chain=prerouting connection-mark=OTROS_CON action=mark-packet new-packet-mark=BAJA passthrough=yes comment="" disabled=no

######## Configuro el Arbol de Colas Queue tree #################
/ queue tree add name="8-P2P" parent=global-out packet-mark=P2P limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ queue tree add name="1-Alta" parent=global-out packet-mark=ALTA limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ queue tree add name="3-Media alta" parent=global-out packet-mark=MEDIA_ALTA limit-at=0 queue=default priority=3 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ queue tree add name="5-Media baja" parent=global-out packet-mark=MEDIA_BAJA limit-at=0 queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ queue tree add name="7-Baja" parent=global-out packet-mark=BAJA limit-at=0 queue=default priority=7 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
 
maxfava
Member Candidate
Member Candidate
Posts: 222
Joined: Mon Oct 17, 2005 12:30 am

Thu May 25, 2006 4:25 pm

Search on my post.
The conclusion is that on mk you cannot mangle proxy request.

ciao
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Fri May 26, 2006 3:38 am

maxfava , thats mean if a client request somthing about 1Mb , and his request exist inside the cache , he will recieve the 1Mb out of the limit in the mangle and queue ??
 
npbrasil
Frequent Visitor
Frequent Visitor
Posts: 83
Joined: Wed Jun 02, 2004 8:50 am

Sun May 28, 2006 11:35 am

Just one idea:

/ ip firewall mangle
add chain=output protocol=tcp src-port=8000 (proxy port) dst-address-list="your list here" action=mark-packet new-packet-mark=proxy-out passthrough=yes comment="" disabled=no

/ queue tree
add name="proxy-out" parent=global-out packet-mark=proxy-out limit-at=1 queue=default priority=5 max-limit=1024000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes

PS: tested, works
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Mon May 29, 2006 9:19 pm

i dont understand why the (( disabled=yes )) ?

anyway , there is more than one setup each user wrote his setup solving the same problem , and no one from mikrotik say a word !!!! i dont know whos this form belongs to ??

i bought MT for a specific need , untill now i saw more than one setup all of them differ from the setup in the manual , i'm totaly lost ........
 
cokin
just joined
Posts: 1
Joined: Thu Sep 22, 2005 4:17 am

Wed May 31, 2006 7:37 am

Search on my post.
The conclusion is that on mk you cannot mangle proxy request.

ciao
Yes that's right we can not mangle proxy request if web proxy was enabled

Who is online

Users browsing this forum: caspat, HakanE and 140 guests