Kreni iz pocetka. Ukini sva ogranicenja, a onda postavi samo ona koja ce da ogranicavaju to sto ti treba.

Ili, postavi pravila ogranicavanja koja ce da obuhvate saobracaj koji ne treba da bude ogranicen pa potavi da na njemu nema ogranicenja, a ta pravial stavi na pocetak liste rpavila za ogranicavanje.

Procitaj malo user manual i sve ce ti biti jasno.


sve se posebno moze ograniciti.
kao sto je lokalna mreza, p2p, internet
moras da napravis prioritete, tako da recimo:
prioritet 1 bude lokalna mreza odezana da recimo 10\10 Mbps
prioritet 2 hotspot korisnici 128k\64k
prioritet 3 ostali 256\128

Idemo po redu:

Kreni iz pocetka. Ukini sva ogranicenja, a onda postavi samo ona koja ce da ogranicavaju to sto ti treba.
Pokusao. ne ide.

Ili, postavi pravila ogranicavanja koja ce da obuhvate saobracaj koji ne treba da bude ogranicen pa potavi da na njemu nema ogranicenja, a ta pravial stavi na pocetak liste rpavila za ogranicavanje.
kako da ga postavim na pocetak liste? pokusao sam mijenjanjem na najgluplji moguci nacin, iz winboxa ga misem prenesem na vrh liste, ali pravilo za lan-lan opet nema uticaja i primjenjuje se hotspot pravilo. mijenjanje prioriteta izgleda da kod mene nema uticaja na to? Pored toga, nakon odjave korisnika sa hotspota, i nakon ponovnog logovanja, hotspot pravilo opet ide na vrh liste, automatski.


Procitaj malo user manual i sve ce ti biti jasno.
Od svakih 10 puta kada skupim hrabrost i zivce da citam dokumentaciju mikrotika (a moje misljenje o njoj nije usamljeno), 8 puta sam bio vise zbunjen i nesiguran u nacin rada nego prije citanja. A veoma, veoma cesto ono sto stoji u dokumentaciji ne odgovara prakticnom.


sve se posebno moze ograniciti.
kao sto je lokalna mreza, p2p, internet
znam. otprilike znam i kako. necu da kazem da znam jer mi ne radi:)

moras da napravis prioritete, tako da recimo:
prioritet 1 bude lokalna mreza odezana da recimo 10\10 Mbps
prioritet 2 hotspot korisnici 128k\64k
prioritet 3 ostali 256\128
evo kako je kod mene postavljeno.

Flags: X - disabled, I - invalid, D - dynamic
0 D name="<hotspot-test>" target-addresses=10.5.50.254/32
dst-address=0.0.0.0/0 interface=all parent=none direction=both
priority=8 queue=default-small/default-small limit-at=64000/256000
max-limit=64000/256000 total-queue=default-small

1 name="queue1" target-addresses=10.5.50.0/24 dst-address=192.168.0.0/24
interface=all parent=none direction=both priority=1
queue=hotspot-default/hotspot-default limit-at=2000000/2000000
max-limit=2000000/2000000 burst-limit=2000000/2000000
burst-threshold=2000000/2000000 burst-time=1s/1s
total-queue=default-small

mozda sam i ja glup al cim se korisnik iz lana 1 loguje na hot spot on dobije ogranicenje prema bilo kojoj adresi.
Pokusaj da im odradis mrezu tako da imaju dhcp a da ne mogu na net bez hotspota i na kraju kad hoce da pristupaju lokalnoj mrezi nek se korisnici iz lokalne mreze izloguju sa hotspota.Sva ostala resenja su ti monogo komplikovanija.

Pozdrav

Ne mozes hotspot dodatno limitirati li pustati nego kako je u njemu podeseno. Nego ti sve lepo stavi queove kao neki post ispod samo sto umesto ogranicenja lokala stavis unlimited...

/mozda sam i ja glup al cim se korisnik iz lana 1 loguje na hot spot on dobije ogranicenje prema bilo kojoj adresi.

znaci. hospot ogranicenje je "beton" i dalje nema mrdanja ?
da li se ostali slazu sa tim?



/Pokusaj da im odradis mrezu tako da imaju dhcp a da ne mogu na net bez hotspota i na kraju kad hoce da pristupaju lokalnoj mrezi nek se korisnici iz lokalne mreze izloguju sa hotspota.Sva ostala resenja su ti monogo komplikovanija.

poenta je da sto manje cimam korisnike, da uopste ne obracaju paznju na mrezu.


/Ne mozes hotspot dodatno limitirati li pustati nego kako je u njemu podeseno. Nego ti sve lepo stavi queove kao neki post ispod samo sto umesto ogranicenja lokala stavis unlimited...

znaci slazes se sa no2_wire da se na hotspot pravilo ne moze uticati?
interesuje me zasto se ne primjeni pravilo koje ima visi prioritet prije hotspot pravila?
postavljanje pravila za svaku ip adresu ili opseg adresa mi ne igra nikakvu ulogu, jer cu time da ogranicim racunar a ne korisnika koji moze da se preseli za drugi racunar i da mi narusi cijelu pricu.

Nemoj u hotspot profilima da ogranicavas brzinu, vec to radi u queues.

ljudi, ne zelim da budem naporan ili neljubazan ili sl.
nisam siguran da sam dobro objasnio situaciju.

Ne zelim da ogranicim racunar tj. ip adresu, vec korisnika.
Korisnici u Lan1, hotspot mrezi, koja se nalazi iza prvog interfejsa, krecu se slobodno od racunara do racunara koji pripada toj mrezi. Koriste racunar koji je trenutno slobodan. Povremeno se pokaze potreba da se sa racunara koji se nalaze u Lan1 i Lan2 mrezi, prenese odredjena kolicina podataka.

Korisnici u Lan2, iza drugog interfejsa, rade iskljucivo na odredjenom racunaru, ali oni mi nisu problem.

Na trecem interfejsu je javna adresa.

Dakle, da li postoji mogucnost da u Lan1 ogranicim korisnika, ne ip adresu, u smjeru interfejs1-inerfejs3, tj. lan1-internet.
saobracaj na pravcu lan1-lan2 i unutar samih lanova ne bi trebao da bude ogranicen.

ne znam kako da uradim ovo sto zelim da uradim.
ne znam da li je to uopste izvedivo, ali zato pitam ovde.

hotspot je krajnje netolerantan sto se tice bilo kakvog podesavanja - barem meni je bilo veoma tesko (nemoguce) da uradim bilo sta sa HS osim onog sto on po defaultu nudi. Daj Boze da je moguce, i ako jeste nek to neko malo bolje objasni kako je moguce.

Hotspot sistem redirektuje pakete i drugacije radi nego obicno rutiranje...Zato

Znaci da zavrsimo sa ovim.
Ako se koristi hotspot, zaboravi na ostala rjesenja :(

Ako je tako, sta se tu moze, nego napravi uputstvo za koristenje, stavi na login stranicu i nabavi rezervnu bateriju za telefon.


Rjesenje nije idealno ali jeste zadovoljavajuce.

Hvala svima na trudu.

Pozdrav

Ovo je problem gde je dosta ljudi zapelo, ja licno vec par mjeseci isitavam forume postavljam pitanja pitam ljude ali nema sanse da ovo rjesim.Sto se tice prioriteta kod queues ne radi, isto tako kod odredjivanja queues po interfejsima. Ne reaguje.Zatim, uputstva za packet mark i sl. npr. http://www.mikrotik.com/testdocs/ros/2.9/ip/mangle.php jednostavno ne rade.Ima li nacina da se ovo rjesi?Dakle da se odvoji p2p i ostali saobracaj u mrezama od interneta?

Part one:
Sto se tice HotSpota probaj da se igras Walled Garden i da probas da tu stavis lokalne opsege adresa koje nece ici kroz hotspot.
Part two:


probaj

/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes protocol=gre comment="HIGH" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=20-21 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=22 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=23 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=25 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=29 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=53 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=high passthrough=yes dst-port=80 protocol=tcp comment="" disabled=no
....... postavi portove koje hoces da budu high
add chain=prerouting action=mark-packet new-packet-mark=High passthrough=no connection-mark=high comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes p2p=all-p2p comment="P2P" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=1214 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=1214 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=1337 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=1337 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=2323 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=2323 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=2705 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=2705 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=2710 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=2710 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=3306 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=3306 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=3128 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=3128 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4242 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4242 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4500 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4501 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4501 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4661 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4661 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4662 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4662 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4663 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4663 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4664 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4664 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4665 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4665 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4667 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4667 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4668 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4668 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4669 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4669 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4670 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4670 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4671 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4671 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4672 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4672 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4673 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4673 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4674 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4674 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4678 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=4678 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5500 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5500 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5501 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5502 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5503 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5504 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5555 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=5555 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6257 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6257 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6346 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6346 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6347 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6347 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6667 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6667 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6699 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6699 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6881 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6881 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6882 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6882 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6883 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6883 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6884 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6884 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6885 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6885 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6886 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6886 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6887 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6887 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6888 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6888 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6889 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6889 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=6969 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=7778 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=7778 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=8038 protocol=tcp comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=p2p passthrough=yes dst-port=8038 protocol=udp comment="" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=Low passthrough=no connection-mark=p2p comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=medium passthrough=yes comment="MEDIUM" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=Medium passthrough=no connection-mark=medium comment="" disabled=no

/ queue tree
add name="1-HighA" parent=wlan1 packet-mark=High limit-at=0 queue=wireless-default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="1-HighB" parent=wlan2 packet-mark=High limit-at=0 queue=wireless-default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="1-HighC" parent=ether1 packet-mark=High limit-at=0 queue=wireless-default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="1-HighD" parent=ether2 packet-mark=High limit-at=0 queue=wireless-default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="6-Medium1" parent=wlan1 packet-mark=Medium limit-at=4000000 queue=default priority=8 max-limit=4000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="6-Medium" parent=wlan2 packet-mark=Medium limit-at=4000000 queue=default priority=6 max-limit=4000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="6-Medium3" parent=ether1 packet-mark=Medium limit-at=4000000 queue=default priority=6 max-limit=4000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="6-Medium4" parent=ether2 packet-mark=Medium limit-at=4000000 queue=default priority=6 max-limit=4000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="8-P2Pa1" parent=wlan1 packet-mark=Low limit-at=512000 queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes
add name="8-P2Pb1" parent=wlan2 packet-mark=Low limit-at=512000 queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes
add name="8-P2Pc1" parent=ether1 packet-mark=Low limit-at=512000 queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes
add name="8-P2Pd1" parent=ether2 packet-mark=Low limit-at=512000 queue=default priority=8 max-limit=512000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes

/queue simple
add name="korisnik" target-addresses=xx.xx.xx.xx/32 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default/default limit-at=256000/512000 max-limit=256000/512000 total-queue=default total-limit-at=7680000 total-max-limit=7680000 disabled=no
add name="korisnik High" target-addresses=xx.xx.xx.xx/32 dst-address=0.0.0.0/0 interface=all parent="korisnik" packet-marks=High direction=both priority=1 queue=default/default limit-at=0/0 max-limit=256000/512000 total-queue=default disabled=no
add name="korisnik Low" target-addresses=xx.xx.xx.xx/32 dst-address=0.0.0.0/0 interface=all parent="korisnik" packet-marks=Low direction=both priority=8 queue=default/default limit-at=0/0 max-limit=64000/64000 total-queue=default disabled=no
add name="korisnik Medium" target-addresses=xx.xx.xx.xx/32 dst-address=0.0.0.0/0 interface=all parent="korisnik" packet-marks=Medium direction=both priority=6 queue=default/default limit-at=0/0 max-limit=64000/64000 total-queue=default disabled=no

E, a sad ono najgore :) za mene, objasnjenje gore napisanog:
(ip firewall mangle) imas tri "vrste" konekcija po najcesce koriscenim portovima (medium je ono sto nije markirano)
(queue tree) ogranicenje celokupnog saobracaja po gore definisanim konekcijama za celokupnu mrezu
(queue simple) ogranicenje korisnika koji ima protok 512k dl/256k ul
ovde mora da vodis racuna jer je medium ono sto ne spada ni pod high ni pod low a mnooooooogo se koristi za p2p saobracaj i nazalost voip, predefinisane ssh, telnet i ostale saobracaje koje bi trebalo staviti u high
Jos jedna stvar ovo nije kompletan spisak high portova (ovde se nalaze i "skupljeni" portovi za gamere) tako da broj high portova raste svakodnevno.
Varijacije na temu mangle, q3 i qs odradi kako tebi odgovara
Nadam se da sam makar malo pomogo
Pozz,
P.S. Uputstvo za MT je malo sturo opisano za "obicne smrtnike" ali zato forum i wiki sa njihovog sajta je ok.
P.S.S Ni tamo ne dobijaju svi odgovore na postavljeno pitanje

<sub>[Ovu poruku je menjao Sa$a dana 06.10.2007. u 15:37 GMT+1]

[Ovu poruku je menjao Sa$a dana 06.10.2007. u 15:39 GMT+1]

[Ovu poruku je menjao Sa$a dana 06.10.2007. u 16:53 GMT+1]</sub>

Mozda malo prosto resenje ali radi,napravi simple queue sa src adresom celog opsega privatnih adresa isto tako i dst adresa,npr src 192.168.0.0/16 i dst 192.168.0.0/16 i stavi queue unlimitted a onda za svagoga ko ide na net poseban queue po njegovoj ip adresi /32.


Pozdrav

Hvala ljudi ali nema seme da ja ovo rijesim.Problem je u tome sto ja nemogu uhvatiti dc++ saobracaj.Dc server je na portu 1100 medjutim to mi ne igra veliku ulogu jel prilikom searchinga ili skidanja podataka izmedju usera dc moze uzeti bilo koji port u rangu 1025-32000, i svaki put kad se resetuje konekcija on zauzima drugi port, cime se sprjecava nastajanje konflikta sa portovima.Tako da ja nikako ne mogu da markiram taj p2p...Nigdje na netu ne mogu naci rjesenje.

Izgleda da sam rjesio problem:
U mangle sam markirao konekciju da hvata sav p2p saobracaj, zatim sam markirao pakete koji se odnose na tu konekciju.

Zatim sam u queue tree ogranicio markirane pakete po interfejsima, sto je veoma bitno jer nisu svi interfejsi istih brzina, i ovako se sprjecava zagusivanje.

Nakon toga sam u simple queue odredio ukupnu brzinu markiranih paketa.

Da li sam ja to dobro razumio ili uradio pojma nemam ali koliko mi se cini radi, molim "starije" da prokomentarisu.

Ja mislim da ne moze da limitiras saobracaj p2p konekcija kao sto su izjavili tehnicari iz MT supporta.
Njega samo mozes da dropujes. Problem p2p kako ja mislim je sto samo na pocetku koristi odredjene portove a kasnije ko zna na sta se konektuje i na koje portove tako da je skoro nemoguce ga upratiti :) Tako zaboravite da limitirate p2p saobracaj, samo mozete da stavite queue za sve (celokupan saobracaj od krajnog korisnika)
Ispravite me ako gresim al jedno resenje je da stavite takav limiti il action=drop p2p=all :)

Ovo predhodno sto sam napisao vazi za ares p2p software. Ali verujem da su isti problemi i sa vecinom p2p software-a.

OK je to sto ti kazes ali napravi se posebno pravilo koje ce dropovati sve p2p konekcije koje idu vani ali ce dozvoliti p2p saobracaj unutar mreze.Pod address list "mreza" su sve mreze koje su u lokalu.