Dzielenie pasma 100Mb na protokoły:
main - 40Mb
web - 30Mb
ftp - 10Mb
udp - 10Mb
ssh - 8Mb
icmp - 2Mb
Najpierw musimy oznaczyć pakiety aby wiedzieć którego pakietu dotyczą.
Najwydajniej będzie oznaczyć najpierw połączenia a potem pakiety.
Robimy to zawsze parami.
IP -> Firewall -> [zakładka] Mangle -> [+]
Chain: prerouting Src. Address: 10.50.0.0/16 Protocol: (6) tcp Dst. Port: 20,21 Connection State: new [zakładka] Action Action: mark connection New Connection Mark: connection-ftp [check] Passthrough [OK]
IP -> Firewall -> [zakładka] Mangle -> [+]
Chain: prerouting Connection Mark: connection-ftp [zakładka] Action Action: mark packet New Packet Mark: packet-ftp [ ] Passthrough [OK]
/ip firewall mangle add action=mark-connection chain=prerouting connection-state=new dst-port=80,443 new-connection-mark=conn-web passthrough=yes protocol=tcp src-address=10.50.0.0/16 /ip firewall mangle add action=mark-packet chain=prerouting connection-mark=conn-web new-packet-mark=web-packet passthrough=no /ip firewall mangle add action=mark-connection chain=prerouting connection-state=new dst-port=20,21 new-connection-mark=conn-ftp passthrough=yes protocol=tcp src-address=10.50.0.0/16 /ip firewall mangle add action=mark-packet chain=prerouting connection-mark=conn-ftp new-packet-mark=ftp-packet passthrough=no /ip firewall mangle add action=mark-connection chain=prerouting connection-state=new new-connection-mark=conn-udp passthrough=yes protocol=udp src-address=10.50.0.0/16 /ip firewall mangle add action=mark-packet chain=prerouting connection-mark=conn-udp new-packet-mark=udp-packet passthrough=no /ip firewall mangle add action=mark-connection chain=prerouting connection-state=new dst-port=22 new-connection-mark=conn-ssh passthrough=yes protocol=tcp src-address=10.50.0.0/16 /ip firewall mangle add action=mark-packet chain=prerouting connection-mark=conn-ssh new-packet-mark=ssh-packet passthrough=no /ip firewall mangle add action=mark-connection chain=prerouting connection-state=new new-connection-mark=conn-icmp passthrough=yes protocol=icmp src-address=10.50.0.0/16 /ip firewall mangle add action=mark-packet chain=prerouting connection-mark=conn-icmp new-packet-mark=icmp-packet passthrough=no
Teraz można utworzyć kolejki.
Najpierw kolejkę nadrzędną z pełną przepustowością.
Queues -> [zakładka] Simple Queues -> [+]
Name: root-wan Target: 10.50.0.0/16 Target Upload Max Limit 100M Target Download Max Limit 100M [OK]
Teraz kolejki podrzędne:
Queues -> [zakładka] Simple Queues -> [+]
Name: main Target: 0.0.0.0/0 Target Upload Max Limit 100M Target Download Max Limit 100M [zakładka] Advanced Packet Marks: no-mark Target Upload Limit At 40M #prędkość gwarantowana Priority: 8 Target Download Limit At 40M #prędkość gwarantowana Priority: 8 Parent: root-wan [OK]
Queues -> [zakładka] Simple Queues -> [+]
Name: web Target: 0.0.0.0/0 Target Upload Max Limit 100M Target Download Max Limit 100M [zakładka] Advanced Packet Marks: web-packet Target Upload Limit At 30M #prędkość gwarantowana Priority: 3 Target Download Limit At 30M #prędkość gwarantowana Priority: 3 Parent: root-wan [OK]
/queue simple add max-limit=100M/100M name=root-wan target=10.50.0.0/16 /queue simple add limit-at=40M/40M max-limit=100M/100M name=main packet-marks=no-mark parent=root-wan target="" /queue simple add limit-at=30M/30M max-limit=100M/100M name=web packet-marks=web-packet parent=root-wan priority=3/3 target="" /queue simple add limit-at=10M/10M max-limit=100M/100M name=ftp packet-marks=ftp-packet parent=root-wan priority=4/4 target="" /queue simple add limit-at=10M/10M max-limit=100M/100M name=udp packet-marks=udp-packet parent=root-wan target="" /queue simple add limit-at=8M/8M max-limit=100M/100M name=ssh packet-marks=ssh-packet parent=root-wan priority=5/5 target="" /queue simple add limit-at=2M/2M max-limit=100M/100M name=icmp packet-marks=icmp-packet parent=root-wan priority=6/6 target=""