dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6
share rss forum feed


Rhaas
Premium
join:2005-12-19
Bernie, MO

1 recommendation

reply to gunther_01

Re: Mikrotik Shaper

I only mark the packet in the firewall based upon src/dst ports, layer 7, etc. I do not mark based upon interface.

add action=mark-connection chain=prerouting comment="SMTP - Port 25 - Connection" disabled=no new-connection-mark=MAIL_CON passthrough=yes port=25 protocol=tcp
add action=mark-connection chain=prerouting comment="SMTPS - Port 587 - Connection" disabled=no new-connection-mark=MAIL_CON passthrough=yes port=587 protocol=tcp
add action=mark-connection chain=prerouting comment="POP3 - Port 110 - Connection" disabled=no new-connection-mark=MAIL_CON passthrough=yes port=110 protocol=tcp
add action=mark-connection chain=prerouting comment="IMAP - PORT 143 - Connection" disabled=no new-connection-mark=MAIL_CON passthrough=yes port=143 protocol=tcp
add action=mark-packet chain=prerouting comment="MAIL Traffic - Packet" connection-mark=MAIL_CON disabled=no new-packet-mark=MAIL passthrough=no
 

In the queue tree is where it is shaped based upon the exiting interface (notice it is on the interface and not the bridge)

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=100M name=TRAFFIC_OUT parent=to_internet priority=8
 
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=250M name=TRAFFIC_IN parent=to_customers priority=8
 

Then the individual leafs

IN:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k max-limit=10M name=MAIL_IN packet-mark=MAIL parent=TRAFFIC_IN priority=6 queue=default
 

OUT:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k max-limit=10M name=MAIL_OUT packet-mark=MAIL parent=TRAFFIC_OUT priority=6 queue=default
 

--
I survived Hale-Bopp!