Difference between revisions of "Queue Tree with more than two interfaces"
Line 1: | Line 1: | ||
== Basic Setup== | == Basic Setup== | ||
− | This page will tak about how to make QUEUE TREE in RouterOS that with Masquerading for more than two interfaces. | + | This page will tak about how to make QUEUE TREE in RouterOS that with Masquerading for more than two interfaces. It's for sharing internet connection among users on each interfacess. |
− | In manual this possibility isn't writted | + | In manual this possibility isn't writted. |
+ | |||
+ | ---- | ||
First, let's set the basic setting first. I'm using a machine with 3 or more network interfaces: | First, let's set the basic setting first. I'm using a machine with 3 or more network interfaces: | ||
Line 12: | Line 14: | ||
3 R wifi3 wlan 0 0 1500 | 3 R wifi3 wlan 0 0 1500 | ||
− | And this is the IP | + | And this is the IP Addresses for each interface: |
[admin@instaler] > ip ad pr | [admin@instaler] > ip ad pr | ||
Flags: X - disabled, I - invalid, D - dynamic | Flags: X - disabled, I - invalid, D - dynamic | ||
# ADDRESS NETWORK BROADCAST INTERFACE | # ADDRESS NETWORK BROADCAST INTERFACE | ||
− | 0 10. | + | 0 10.20.1.0/24 10.20.1.0 10.20.1.255 public |
1 10.10.2.0/24 10.10.2.0 10.10.2.255 wifi1 | 1 10.10.2.0/24 10.10.2.0 10.10.2.255 wifi1 | ||
2 10.10.3.0/24 10.10.3.0 10.10.3.255 wifi2 | 2 10.10.3.0/24 10.10.3.0 10.10.3.255 wifi2 | ||
3 10.10.4.0/24 10.10.4.0 10.10.4.255 wifi3 | 3 10.10.4.0/24 10.10.4.0 10.10.4.255 wifi3 | ||
− | + | On the public you can add NAT or proxy if you want. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==Mangle Setup== | ==Mangle Setup== | ||
Line 54: | Line 30: | ||
And now is the most important part in this case. | And now is the most important part in this case. | ||
− | As we will make Queue for uplink and downlink traffic, we need | + | As we will make Queue for uplink and downlink traffic, we need packet-marks. In this example, we use "test-up" for uplink traffic, and "test-down" for downlink traffic. |
For uplink traffic, it's quite simple. We need only one rule, using SRC-ADDRESS and IN-INTERFACE parameters, and using PREROUTING chain. Rule number #0. | For uplink traffic, it's quite simple. We need only one rule, using SRC-ADDRESS and IN-INTERFACE parameters, and using PREROUTING chain. Rule number #0. | ||
Line 68: | Line 44: | ||
Please be aware, we use passthrough only for connection mark (rule no #1). | Please be aware, we use passthrough only for connection mark (rule no #1). | ||
− | [admin@instaler] | + | |
+ | [admin@instaler] ip firewall mangle> print | ||
Flags: X - disabled, I - invalid, D - dynamic | Flags: X - disabled, I - invalid, D - dynamic | ||
− | 0 | + | 0 chain=forward src-address=10.10.2.10 |
− | + | action=mark-connection new-connection-mark=users-10U passthrough=yes | |
− | + | ||
− | new-packet-mark= | + | 1 chain=forward dst-address=10.10.2.10 |
− | + | action=mark-connection new-connection-mark=users-10D passthrough=yes | |
− | + | ||
− | chain=forward src-address= | + | 2 chain=forward connection-mark=users-10U action=mark-packet |
− | action=mark-connection | + | new-packet-mark=10 passthrough=yes |
− | + | ||
− | + | 3 chain=forward connection-mark=users-10D action=mark-packet | |
− | + | new-packet-mark=10 passthrough=yes | |
− | + | ||
− | + | 4 chain=forward src-address=10.10.2.10 | |
− | new-packet-mark= | + | action=mark-connection new-connection-mark=users-10U passthrough=yes |
− | + | ||
− | + | 5 chain=forward dst-address=10.10.2.10 | |
− | chain= | + | action=mark-connection new-connection-mark=users-10D passthrough=yes |
− | + | ||
− | new-packet-mark= | + | 6 chain=forward connection-mark=users-10U action=mark-packet |
+ | new-packet-mark=10 passthrough=yes | ||
+ | |||
+ | 7 chain=forward connection-mark=users-10D action=mark-packet | ||
+ | new-packet-mark=10 passthrough=yes | ||
+ | |||
+ | 98 chain=forward src-address=10.10.0.0/16 dst-address=10.10.0.0/16 | ||
+ | action=mark-connection new-connection-mark=users-lokal passthrough=yes | ||
+ | |||
+ | 99 chain=forward connection-mark=users-lokal action=mark-packet | ||
+ | new-packet-mark=lokalTrafic passthrough=yes | ||
+ | |||
Revision as of 12:51, 24 February 2007
Basic Setup
This page will tak about how to make QUEUE TREE in RouterOS that with Masquerading for more than two interfaces. It's for sharing internet connection among users on each interfacess. In manual this possibility isn't writted.
First, let's set the basic setting first. I'm using a machine with 3 or more network interfaces:
[admin@instaler] > in pr # NAME TYPE RX-RATE TX-RATE MTU 0 R public ether 0 0 1500 1 R wifi1 wlan 0 0 1500 2 R wifi2 wlan 0 0 1500 3 R wifi3 wlan 0 0 1500
And this is the IP Addresses for each interface:
[admin@instaler] > ip ad pr Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 10.20.1.0/24 10.20.1.0 10.20.1.255 public 1 10.10.2.0/24 10.10.2.0 10.10.2.255 wifi1 2 10.10.3.0/24 10.10.3.0 10.10.3.255 wifi2 3 10.10.4.0/24 10.10.4.0 10.10.4.255 wifi3
On the public you can add NAT or proxy if you want.
Mangle Setup
And now is the most important part in this case.
As we will make Queue for uplink and downlink traffic, we need packet-marks. In this example, we use "test-up" for uplink traffic, and "test-down" for downlink traffic.
For uplink traffic, it's quite simple. We need only one rule, using SRC-ADDRESS and IN-INTERFACE parameters, and using PREROUTING chain. Rule number #0.
But for downlink, we have to make sevaral rules. As we use masquerading, we need Connection Mark, named as "test-conn". Rule no #1.
Then we have to make 2 more rules. First rule is for non-HTTP connection / direct connection. We use chain forward, as the data traveling through the router. Rule no #2.
The second rule is for data coming from web-proxy to the client. We use OUTPUT chain, as the data coming from internal process in the router itself. Rule no #3.
For both rules (no #2 and #3) we named it "test-down".
Please be aware, we use passthrough only for connection mark (rule no #1).
[admin@instaler] ip firewall mangle> print Flags: X - disabled, I - invalid, D - dynamic 0 chain=forward src-address=10.10.2.10 action=mark-connection new-connection-mark=users-10U passthrough=yes
1 chain=forward dst-address=10.10.2.10 action=mark-connection new-connection-mark=users-10D passthrough=yes
2 chain=forward connection-mark=users-10U action=mark-packet new-packet-mark=10 passthrough=yes
3 chain=forward connection-mark=users-10D action=mark-packet new-packet-mark=10 passthrough=yes
4 chain=forward src-address=10.10.2.10 action=mark-connection new-connection-mark=users-10U passthrough=yes
5 chain=forward dst-address=10.10.2.10 action=mark-connection new-connection-mark=users-10D passthrough=yes
6 chain=forward connection-mark=users-10U action=mark-packet new-packet-mark=10 passthrough=yes
7 chain=forward connection-mark=users-10D action=mark-packet new-packet-mark=10 passthrough=yes
98 chain=forward src-address=10.10.0.0/16 dst-address=10.10.0.0/16 action=mark-connection new-connection-mark=users-lokal passthrough=yes
99 chain=forward connection-mark=users-lokal action=mark-packet new-packet-mark=lokalTrafic passthrough=yes
Queue Tree Setup
And now, the queue tree setting. We need one rule for downlink and one rule for uplink. Be careful when choosing the parent. for downlink traffic, we use parent "lan", the interface name for local network. And for uplink, we are using parent "global-in".
[admin@instaler] > queue tree pr Flags: X - disabled, I - invalid 0 name="downstream" parent=lan packet-mark=test-down limit-at=32000 queue=default priority=8 max-limit=32000 burst-limit=0 burst-threshold=0 burst-time=0s 1 name="upstream" parent=global-in packet-mark=test-up limit-at=32000 queue=default priority=8 max-limit=32000 burst-limit=0 burst-threshold=0 burst-time=0s
You can use those mangle also with PCQ.
Any question, you can contact me at : info(at)mikrotik(dot)co(dot)id
Valens Riyadi