Hi Trying to limit up / down from 10.172.202.0/24 to the internet http://wiki.mikrotik.com/wiki/Manual:Queue#Queue_Types http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle /queue simple remove [ find where ! dynamic ] add comment="ratelimit for yboGuest network and only for marked packets" max-limit=10M/10M name=guestToInternet packet-marks=guestInternet target=10.172.202.0/24 /ip firewall mangle remove [ find where ! dynamic ] add action=mark-packet chain=forward new-packet-mark=guestInternet dst-address=10.172.202.0/24 src-address=!10.0.0.0 place-before=0 comment="Internet to guest" add action=mark-packet chain=forward dst-address=!10.0.0.0 src-address=10.172.202.0/24 new-packet-mark=guestInternet place-before=0 comment="Guest to internet" I can see packets matching the mangle rules but not in the queue. Also I am using fastconnect which is why I have the pattern matching mangle rules above the fastconnect rules ... if that matters ! Do I have to turn of fast connect or what am I doing wrong !!! A
You need to set outbound interfaces as well to pick it up properly and also best to use connection mark and then mark packets based on that. Make sure download queue is working on LAN interface and upload queue is working on WAN interface Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Tuesday, 17 May 2016 11:47 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] simple queue Hi Trying to limit up / down from 10.172.202.0/24 to the internet http://wiki.mikrotik.com/wiki/Manual:Queue#Queue_Types http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle /queue simple remove [ find where ! dynamic ] add comment="ratelimit for yboGuest network and only for marked packets" max-limit=10M/10M name=guestToInternet packet-marks=guestInternet target=10.172.202.0/24 /ip firewall mangle remove [ find where ! dynamic ] add action=mark-packet chain=forward new-packet-mark=guestInternet dst-address=10.172.202.0/24 src-address=!10.0.0.0 place-before=0 comment="Internet to guest" add action=mark-packet chain=forward dst-address=!10.0.0.0 src-address=10.172.202.0/24 new-packet-mark=guestInternet place-before=0 comment="Guest to internet" I can see packets matching the mangle rules but not in the queue. Also I am using fastconnect which is why I have the pattern matching mangle rules above the fastconnect rules ... if that matters ! Do I have to turn of fast connect or what am I doing wrong !!! A _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Simple queues work in a top-down approach - first match applies, remainder ignored. Do you have any other queues above that might be catching those packets? Cheers! Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Tuesday, 17 May 2016 11:47 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] simple queue
Hi
Trying to limit up / down from 10.172.202.0/24 to the internet
http://wiki.mikrotik.com/wiki/Manual:Queue#Queue_Types http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle
/queue simple remove [ find where ! dynamic ] add comment="ratelimit for yboGuest network and only for marked packets" max-limit=10M/10M name=guestToInternet packet-marks=guestInternet target=10.172.202.0/24
/ip firewall mangle remove [ find where ! dynamic ]
add action=mark-packet chain=forward new-packet-mark=guestInternet dst- address=10.172.202.0/24 src-address=!10.0.0.0 place-before=0 comment="Internet to guest" add action=mark-packet chain=forward dst-address=!10.0.0.0 src- address=10.172.202.0/24 new-packet-mark=guestInternet place-before=0 comment="Guest to internet"
I can see packets matching the mangle rules but not in the queue.
Also I am using fastconnect which is why I have the pattern matching mangle rules above the fastconnect rules ... if that matters !
Do I have to turn of fast connect or what am I doing wrong !!!
A
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
No - no other queues Not sure I understand set outbound interfaces as well to pick up. I have packet marking (I will move to connection marking once I see it working ) on the forward table should be catching A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Tuesday, 17 May 2016 11:57 AM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] simple queue You need to set outbound interfaces as well to pick it up properly and also best to use connection mark and then mark packets based on that. Make sure download queue is working on LAN interface and upload queue is working on WAN interface Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Tuesday, 17 May 2016 12:08 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] simple queue Simple queues work in a top-down approach - first match applies, remainder ignored. Do you have any other queues above that might be catching those packets? Cheers! Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Tuesday, 17 May 2016 11:47 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] simple queue
Hi
Trying to limit up / down from 10.172.202.0/24 to the internet
http://wiki.mikrotik.com/wiki/Manual:Queue#Queue_Types http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle
/queue simple remove [ find where ! dynamic ] add comment="ratelimit for yboGuest network and only for marked packets" max-limit=10M/10M name=guestToInternet packet-marks=guestInternet target=10.172.202.0/24
/ip firewall mangle remove [ find where ! dynamic ]
add action=mark-packet chain=forward new-packet-mark=guestInternet dst- address=10.172.202.0/24 src-address=!10.0.0.0 place-before=0 comment="Internet to guest" add action=mark-packet chain=forward dst-address=!10.0.0.0 src- address=10.172.202.0/24 new-packet-mark=guestInternet place-before=0 comment="Guest to internet"
I can see packets matching the mangle rules but not in the queue.
Also I am using fastconnect which is why I have the pattern matching mangle rules above the fastconnect rules ... if that matters !
Do I have to turn of fast connect or what am I doing wrong !!!
A
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (3)
-
Alex Samad - Yieldbroker
-
Mike Everest
-
Paul Julian