Graphic Motion Video Art, Website, IT Network, Culture

Loading...
Perfection Method Bandwidth Management Queue Tree Rules
It is the result of my experiment, using the full bandwidth management with parent queue tree, which was still a lot of connection packets that are out of rule. What happens if a lot of packets that are not undefined? There will be a barrier in intent and purpose of bandwidth management that we don't expected. To control bandwidth usage we have to classify the connection packets. After getting caught then we can control it. The connection packets turned out to be highly variable. And we do not define it explicitly. Separation of connection packets method is a method of approach. That something outside that we defined must be considered.


This method is the perfection of bandwidth management using parent queue tree rule, to handle the different connection packets such as online games portal, browsing, downloading the file extensions, video streams that still any leaks. If too many leaks would be a barrier for us to prioritize the connection packets that we have defined. Upload and Undefined packets will cover the most leakage of the parent queue tree, and at last is keep using the simple queue.

I will not explain in detail again about mangle and queue tree, you can see by yourself or just a reference with the scripts that I will give, and I hope you can expanding it by yourself. Surely you should know here, the name of your public and local interface of your own mikrotik routerboard. I have a lot of explaining about this.

The concept is connection-in will produce the upload Packets, connection-out will produces the download packets. Upload and download packets are divided into upload and download packets per client. Then download packets per client will be divided again into the online games, browsing, downloading extensions, and video streams packets. Those packets can not define all the variety of the internet connection usage perfectly. It is possible to find the leakage would still not unthinkable, therefore I will use an undefined connection packets.

When we are using the internet connection, even if we're downloading any extensions file, it also use small upload bytes. For that we must define the upload connection packets per client. We still can not guarantee 100% that alll already represents all the connection packets. I suggest you to keep using simple queue per client to cover all the usage of the internet connection of the clients that many variety. Ok let's get started.

1. Mangle Rules for Total Upload & Download Connection 

/ip firewall mangle
add action=mark-connection chain=prerouting disabled=no in-interface=ether1 new-connection-mark=all-inconn passthrough=yes comment="CONNECTION-IN"
add action=mark-packet chain=prerouting connection-mark=all-inconn disabled=no new-packet-mark=all-inpkt passthrough=yes comment="UPLOAD"
add action=mark-connection chain=forward disabled=no in-interface=wlan1 new-connection-mark=all-outconn passthrough=yes comment="CONNECTION-OUT"
add action=mark-packet chain=forward connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment="DOWNLOAD"

2. Mangle Rules Upload dan Download Connection Packets Per Client 

/ip firewall mangle
add action=mark-packet chain=prerouting src-address=192.168.1.17 packet-mark=all-inpkt new-packet-mark=client1-pktp passthrough=no comment="CLIENT1 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.16 packet-mark=all-inpkt new-packet-mark=client2-pktp passthrough=no comment="CLIENT2 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.15 packet-mark=all-inpkt new-packet-mark=client3-pktp passthrough=no comment="CLIENT3 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.14 packet-mark=all-inpkt new-packet-mark=client4-pktp passthrough=no comment="CLIENT4 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.20 packet-mark=all-inpkt new-packet-mark=client5-pktp passthrough=no comment="CLIENT5 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.21 packet-mark=all-inpkt new-packet-mark=client6-pktp passthrough=no comment="CLIENT6 UPSTREAM"
  
/ip firewall mangle
add action=mark-packet chain=forward dst-address=192.168.1.17 packet-mark=all-outpkt new-packet-mark=client1-pktd passthrough=yes comment="CLIENT1 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.16 packet-mark=all-outpkt new-packet-mark=client2-pktd passthrough=yes comment="CLIENT2 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.15 packet-mark=all-outpkt new-packet-mark=client3-pktd passthrough=yes comment="CLIENT3 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.14 packet-mark=all-outpkt new-packet-mark=client4-pktd passthrough=yes comment="CLIENT4 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.20 packet-mark=all-outpkt new-packet-mark=client5-pktd passthrough=yes comment="CLIENT5 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.21 packet-mark=all-outpkt new-packet-mark=client6-pktd passthrough=yes comment="CLIENT6 DOWNSTREAM"

3. Layer7 Protocols and Mangle Rules of The Connection Packets of The Extensions Files  and Video Streaming Per Client

The mangle rules will be marking the connection packet of download files that use by the client
/ip firewall layer7-protocol
add comment="download" name=high regexp="^.*get.+\\.(exe|rar|iso|zip|7zip|0[0-9][1-9]|flv|mkv|avi|mp4|3gp|rmvb|mp3|img|dat|mov).*\$"
add comment="download" name=document regexp="^.*get.+\\.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt).*\$"
add comment="video" name=youtube regexp="^.*get.+\\.(c.youtube.com|cdn.dailymotion.com|metacafe.com|mccont.com).*\$"
add comment="video" name=streaming regexp="videoplayback|video"

/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=billing-dpkt packet-mark=billing-pktd passthrough=no comment="BILLING DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=billing-dpkt packet-mark=billing-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=billing-dpkt packet-mark=billing-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client1-dpkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client1-dpkt packet-mark=client1-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client1-dpkt packet-mark=client1-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client2-dpkt packet-mark=client2-pktd passthrough=no comment="CLIENT2 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client2-dpkt packet-mark=client2-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client2-dpkt packet-mark=client2-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client3-dpkt packet-mark=client3-pktd passthrough=no comment="CLIENT3 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client3-dpkt packet-mark=client3-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client3-dpkt packet-mark=client3-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client4-dpkt packet-mark=client4-pktd passthrough=no comment="CLIENT4 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client4-dpkt packet-mark=client4-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client4-dpkt packet-mark=client4-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client5-dpkt packet-mark=client5-pktd passthrough=no comment="CLIENT5 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client5-dpkt packet-mark=client5-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client5-dpkt packet-mark=client5-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client6-dpkt packet-mark=client6-pktd passthrough=no comment="CLIENT6 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client6-dpkt packet-mark=client6-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client6-dpkt packet-mark=client6-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=master-dpkt packet-mark=master-pktd passthrough=no comment="MASTER DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=master-dpkt packet-mark=master-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=master-dpkt packet-mark=master-pktd protocol=tcp comment=""

/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=billing-spkt packet-mark=billing-pktd passthrough=no comment="BILLING VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=billing-spkt packet-mark=billing-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client1-spkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client1-spkt packet-mark=client1-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client2-spkt packet-mark=client2-pktd passthrough=no comment="CLIENT2 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client2-spkt packet-mark=client2-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client3-spkt packet-mark=client3-pktd passthrough=no comment="CLIENT3 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client3-spkt packet-mark=client3-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client4-spkt packet-mark=client4-pktd passthrough=no comment="CLIENT4 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client4-spkt packet-mark=client4-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client5-spkt packet-mark=client5-pktd passthrough=no comment="CLIENT5 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client5-spkt packet-mark=client5-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client6-spkt packet-mark=client6-pktd passthrough=no comment="CLIENT6 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client6-spkt packet-mark=client6-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=master-spkt packet-mark=master-pktd passthrough=no comment="MASTER VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=master-spkt packet-mark=master-pktd passthrough=no comment=""

4. Mangle Rules Marking Online Games Connection per client

/ip firewall mangle
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=5340-5352,6000-6152,10001-10011,14009-14030,18901-18909 comment="Online Game Portal"
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=39190,27780,29000,22100,10009,4300,15001,15002,7341,7451
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=40000,9300,9400,9700,7342,8005-8010,37466,36567,8822
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=47611,16666,20000,5105,29000,18901-18909,9015
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=27005,27015
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=27005-27020,13055,7800-7900,12060-12070
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=8005-8010,9068,1293,1479,9401,9600,30000
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=14009-14030,42051-42052,40000-40050,13000-13080

/ip firewall mangle
add action=mark-packet chain=forward src-address=192.168.1.11 packet-mark=all-gpkt new-packet-mark=billing-gpkt passthrough=no comment="BILLING GAMES"
add action=mark-packet chain=forward src-address=192.168.1.17 packet-mark=all-gpkt new-packet-mark=client1-gpkt passthrough=no comment="CLIENT1 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.16 packet-mark=all-gpkt new-packet-mark=client2-gpkt passthrough=no comment="CLIENT2 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.15 packet-mark=all-gpkt new-packet-mark=client3-gpkt passthrough=no comment="CLIENT3 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.14 packet-mark=all-gpkt new-packet-mark=client4-gpkt passthrough=no comment="CLIENT4 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.20 packet-mark=all-gpkt new-packet-mark=client5-gpkt passthrough=no comment="CLIENT5 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.21 packet-mark=all-gpkt new-packet-mark=client6-gpkt passthrough=no comment="CLIENT6 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.8 packet-mark=all-gpkt new-packet-mark=master-gpkt passthrough=no comment="MASTER GAMES"

5. Mangle Rules Marking Browsing Connection Per Client

/ip firewall mangle
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=billing-bpkt packet-mark=billing-pktd protocol=tcp comment="BILLING BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client1-bpkt packet-mark=client1-pktd protocol=tcp comment="CLIENT1 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client2-bpkt packet-mark=client2-pktd protocol=tcp comment="CLIENT2 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client3-bpkt packet-mark=client3-pktd protocol=tcp comment="CLIENT3 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client4-bpkt packet-mark=client4-pktd protocol=tcp comment="CLIENT4 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client5-bpkt packet-mark=client5-pktd protocol=tcp comment="CLIENT5 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client6-bpkt packet-mark=client6-pktd protocol=tcp comment="CLIENT6 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=master-bpkt packet-mark=master-pktd protocol=tcp comment="MASTER BROWSING"

6.  Queue Tree Capturing The Marking Connection Packets Mangle Rules

The something new here is the parent queue tree for  the queue tree upload per client and the unification of undefined, extension file, and video streams of downsteam connection packets has the  single of parent queue tree rule. So if the clients play any video streams the limit speed will be depending on the queue tree rules.
/queue tree
add name=All-Bandwidth parent=global-out packet-mark=all-inpkt,all-outpkt queue=default priority=8 max-limit=2M

/queue tree
add name=Billing parent=All-Bandwidth packet-mark=no-mark queue=default priority=8
add name=Client1 parent=All-Bandwidth packet-mark=no-mark queue=default priority=8
add name=Client2 parent=All-Bandwidth packet-mark=no-mark queue=default priority=8
add name=Client3 parent=All-Bandwidth packet-mark=no-mark queue=default priority=8
add name=Client4 parent=All-Bandwidth packet-mark=no-mark queue=default priority=8
add name=Client5 parent=All-Bandwidth packet-mark=no-mark queue=default priority=8
add name=Client6 parent=All-Bandwidth packet-mark=no-mark queue=default priority=8
add name=Master parent=All-Bandwidth packet-mark=no-mark queue=default priority=8

/queue tree
add name=aBilling-Games parent=Billing packet-mark=billing-gpkt queue=default priority=1 max-limit=256k
add name=aClient1-Games parent=Client1 packet-mark=client1-gpkt queue=default priority=1 max-limit=256k
add name=aClient2-Games parent=Client2 packet-mark=client2-gpkt queue=default priority=1 max-limit=256k
add name=aClient3-Games parent=Client3 packet-mark=client3-gpkt queue=default priority=1 max-limit=256k
add name=aClient4-Games parent=Client4 packet-mark=client4-gpkt queue=default priority=1 max-limit=256k
add name=aClient5-Games parent=Client5 packet-mark=client5-gpkt queue=default priority=1 max-limit=256k
add name=aClient6-Games parent=Client6 packet-mark=client6-gpkt queue=default priority=1 max-limit=256k
add name=aMaster-Games parent=Master packet-mark=master-gpkt queue=default priority=1 max-limit=256k

/queue tree
add name=bBilling-Browsing parent=Billing packet-mark=billing-bpkt queue=default priority=2 max-limit=256k
add name=bClient1-Browsing parent=Client1 packet-mark=client1-bpkt queue=default priority=2 max-limit=256k
add name=bClient2-Browsing parent=Client2 packet-mark=client2-bpkt queue=default priority=2 max-limit=256k
add name=bClient3-Browsing parent=Client3 packet-mark=client3-bpkt queue=default priority=2 max-limit=256k
add name=bClient4-Browsing parent=Client4 packet-mark=client4-bpkt queue=default priority=2 max-limit=256k
add name=bClient5-Browsing parent=Client5 packet-mark=client5-bpkt queue=default priority=2 max-limit=256k
add name=bClient6-Browsing parent=Client6 packet-mark=client6-bpkt queue=default priority=2 max-limit=256k
add name=bMaster-Browsing parent=Master packet-mark=master-bpkt queue=default priority=2 max-limit=256k

/queue tree
add name=cBilling-Upload parent=Billing packet-mark=billing-pktp queue=default priority=3 max-limit=200k
add name=cClient1-Upload parent=Client1 packet-mark=client1-pktp queue=default priority=3 max-limit=200k
add name=cClient2-Upload parent=Client2 packet-mark=client2-pktp queue=default priority=3 max-limit=200k
add name=cClient3-Upload parent=Client3 packet-mark=client3-pktp queue=default priority=3 max-limit=200k
add name=cClient4-Upload parent=Client4 packet-mark=client4-pktp queue=default priority=3 max-limit=200k
add name=cClient5-Upload parent=Client5 packet-mark=client5-pktp queue=default priority=3 max-limit=200k
add name=cClient6-Upload parent=Client6 packet-mark=client6-pktp queue=default priority=3 max-limit=200k
add name=cMaster-Upload parent=Master packet-mark=master-pktp queue=default priority=3 max-limit=200k

/queue tree
add name=dBilling-Download parent=Billing packet-mark=no-mark queue=default priority=6 max-limit=220k
add name=dClient1-Download parent=Client1 packet-mark=no-mark queue=default priority=6 max-limit=220k
add name=dClient2-Download parent=Client2 packet-mark=no-mark queue=default priority=6 max-limit=220k
add name=dClient3-Download parent=Client3 packet-mark=no-mark queue=default priority=6 max-limit=220k
add name=dClient4-Download parent=Client4 packet-mark=no-mark queue=default priority=6 max-limit=220k
add name=dClient5-Download parent=Client5 packet-mark=no-mark queue=default priority=6 max-limit=220k
add name=dClient6-Download parent=Client6 packet-mark=no-mark queue=default priority=6 max-limit=220k
add name=dMaster-Download parent=Master packet-mark=no-mark queue=default priority=6 max-limit=220k

/queue tree
add name=eBilling-DownUdf parent=dBilling-Download packet-mark=billing-pktd queue=default priority=6
add name=eClient1-DownUdf parent=dClient1-Download packet-mark=client1-pktd queue=default priority=6
add name=eClient2-DownUdf parent=dClient2-Download packet-mark=client2-pktd queue=default priority=6
add name=eClient3-DownUdf parent=dClient3-Download packet-mark=client3-pktd queue=default priority=6
add name=eClient4-DownUdf parent=dClient4-Download packet-mark=client4-pktd queue=default priority=6
add name=eClient5-DownUdf parent=dClient5-Download packet-mark=client5-pktd queue=default priority=6
add name=eClient6-DownUdf parent=dClient6-Download packet-mark=client6-pktd queue=default priority=6
add name=eMaster-DownUdf parent=dMaster-Download packet-mark=master-pktd queue=default priority=6

/queue tree
add name=fBilling-DownExt parent=dBilling-Download packet-mark=billing-dpkt queue=default priority=7
add name=fClient1-DownExt parent=dClient1-Download packet-mark=client1-dpkt queue=default priority=7
add name=fClient2-DownExt parent=dClient2-Download packet-mark=client2-dpkt queue=default priority=7
add name=fClient3-DownExt parent=dClient3-Download packet-mark=client3-dpkt queue=default priority=7
add name=fClient4-DownExt parent=dClient4-Download packet-mark=client4-dpkt queue=default priority=7
add name=fClient5-DownExt parent=dClient5-Download packet-mark=client5-dpkt queue=default priority=7
add name=fClient6-DownExt parent=dClient6-Download packet-mark=client6-dpkt queue=default priority=7
add name=fMaster-DownExt parent=dMaster-Download packet-mark=master-dpkt queue=default priority=7

/queue tree
add name=gBilling-DownVid parent=dBilling-Download packet-mark=billing-spkt queue=default priority=8
add name=gClient1-DownVid parent=dClient1-Download packet-mark=client1-spkt queue=default priority=8
add name=gClient2-DownVid parent=dClient2-Download packet-mark=client2-spkt queue=default priority=8
add name=gClient3-DownVid parent=dClient3-Download packet-mark=client3-spkt queue=default priority=8
add name=gClient4-DownVid parent=dClient4-Download packet-mark=client4-spkt queue=default priority=8
add name=gClient5-DownVid parent=dClient5-Download packet-mark=client5-spkt queue=default priority=8
add name=gClient6-DownVid parent=dClient6-Download packet-mark=client6-spkt queue=default priority=8
add name=gMaster-DownVid parent=dMaster-Download packet-mark=master-spkt queue=default priority=8

The rule of the bandwidth management is under the parent of queue tree rules using the priority for each kind of the connection packets, as shown like the picture below!

7.  Connection Limit Firewall Filter to The Kind Connection Packets

If you want to limit the client speed by the connection, you can add this rule on the firewall filter using the following scripts. You can change the value of connection limit as you will.
/ip firewall filter
add action=drop chain=forward comment="DOWNLOAD HIGH" connection-limit=6,32 disabled=no layer7-protocol=high protocol=tcp
add action=drop chain=forward comment="YOUTUBE" connection-limit=6,32 disabled=no layer7-protocol=youtube protocol=tcp
add action=drop chain=forward comment="STREAMING" connection-limit=6,32 disabled=no layer7-protocol=streaming protocol=tcp

8. Scripts to create Automatic Simple Queue for each IP address Clients 

to avoid the connection packets that could not defined yet, something that we can not expected. This script will help to create simple queue rules by IP client automatically!
/queue simple
:for i from=1 to=24 do={
 add name=("Client $i") target-addresses=("192.168.1.$i") \
 dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=200000/200000 disabled=no
}
Change the range of the clients IP address that you have and define the max-limit on the simple queue rule. This is the way that I have applied in my internet network, in order to maintain the satisfaction of the clients that have a variety of interests in usage of the internet connection. If you need to see how the above scripts works, let's see on this article video above! good luck!

Perfection II

This is the perfection queue tree that I have made as a reference for you to implement QoS in Version 5 as you wish, you can modify this method as you like!

Limiting Download Files Queue Tree per Client



Limiting Browsing Queue Tree per Client


Limiting Video Streaming Queue Tree per Client


Limiting Upload Per Client

and this is the complete method of this experiment!

Mangle All | Change Your Interface Name
=======================================
 
local interface : hotspot
local interface : wan
 
/ip firewall mangle
add action=mark-connection chain=prerouting disabled=no in-interface=hotspot new-connection-mark=all-inconn passthrough=yes comment="UPSTEAM CONNECTION"
add action=mark-packet chain=prerouting connection-mark=all-inconn disabled=no new-packet-mark=all-inpkt passthrough=yes comment="UPSTEAM"
add action=mark-connection chain=forward disabled=no in-interface=wan new-connection-mark=all-outconn passthrough=yes comment="DOWNSTEAM CONNECTION"
add action=mark-packet chain=forward connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment="DOWNSTEAM"
 
Layer 7 All | Add your regexp
+++++++++++++++++++++++++++++
   
/ip firewall layer7-protocol
add comment="download" name=high regexp="^.*get.+\\.(exe|rar|iso|zip|7zip|0[0-9][1-9]|flv|mkv|avi|mp4|3gp|rmvb|mp3|img|dat|mov).*\$"
add comment="download" name=document regexp="^.*get.+\\.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt).*\$"
add comment="video" name=youtube regexp="^.*get.+\\.(c.youtube.com|cdn.dailymotion.com|metacafe.com|mccont.com).*\$"
add comment="video" name=streaming regexp="videoplayback|video"
add comment="video" name=youtube_matcher regexp="(GET \\/videoplayback\\\?|GET \\/crossdomain\\.xml)"
  
  
Mangle per client
+++++++++++++++++

/ip firewall mangle
add action=mark-packet chain=prerouting src-address=192.168.1.17 packet-mark=all-inpkt new-packet-mark=client1-pktp passthrough=no comment="CLIENT1 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.16 packet-mark=all-inpkt new-packet-mark=client2-pktp passthrough=no comment="CLIENT2 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.15 packet-mark=all-inpkt new-packet-mark=client3-pktp passthrough=no comment="CLIENT3 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.14 packet-mark=all-inpkt new-packet-mark=client4-pktp passthrough=no comment="CLIENT4 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.20 packet-mark=all-inpkt new-packet-mark=client5-pktp passthrough=no comment="CLIENT5 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.21 packet-mark=all-inpkt new-packet-mark=client6-pktp passthrough=no comment="CLIENT6 UPSTREAM"
  
/ip firewall mangle
add action=mark-packet chain=forward dst-address=192.168.1.17 packet-mark=all-outpkt new-packet-mark=client1-pktd passthrough=yes comment="CLIENT1 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.16 packet-mark=all-outpkt new-packet-mark=client2-pktd passthrough=yes comment="CLIENT2 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.15 packet-mark=all-outpkt new-packet-mark=client3-pktd passthrough=yes comment="CLIENT3 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.14 packet-mark=all-outpkt new-packet-mark=client4-pktd passthrough=yes comment="CLIENT4 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.20 packet-mark=all-outpkt new-packet-mark=client5-pktd passthrough=yes comment="CLIENT5 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.21 packet-mark=all-outpkt new-packet-mark=client6-pktd passthrough=yes comment="CLIENT6 DOWNSTREAM"
  
  
Download Per Client
+++++++++++++++++++++
   
/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client1-dpkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client1-dpkt packet-mark=client1-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client1-dpkt packet-mark=client1-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client2-dpkt packet-mark=client2-pktd passthrough=no comment="CLIENT2 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client2-dpkt packet-mark=client2-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client2-dpkt packet-mark=client2-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client3-dpkt packet-mark=client3-pktd passthrough=no comment="CLIENT3 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client3-dpkt packet-mark=client3-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client3-dpkt packet-mark=client3-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client4-dpkt packet-mark=client4-pktd passthrough=no comment="CLIENT4 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client4-dpkt packet-mark=client4-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client4-dpkt packet-mark=client4-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client5-dpkt packet-mark=client5-pktd passthrough=no comment="CLIENT5 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client5-dpkt packet-mark=client5-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client5-dpkt packet-mark=client5-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client6-dpkt packet-mark=client6-pktd passthrough=no comment="CLIENT6 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client6-dpkt packet-mark=client6-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client6-dpkt packet-mark=client6-pktd protocol=tcp comment=""
  
Streaming Per Client
++++++++++++++++++++++++
  
/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client1-spkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client1-spkt packet-mark=client1-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube_matcher new-packet-mark=client1-spkt packet-mark=client1-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client2-spkt packet-mark=client2-pktd passthrough=no comment="CLIENT2 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client2-spkt packet-mark=client2-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube_matcher new-packet-mark=client2-spkt packet-mark=client1-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client3-spkt packet-mark=client3-pktd passthrough=no comment="CLIENT3 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client3-spkt packet-mark=client3-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube_matcher new-packet-mark=client3-spkt packet-mark=client1-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client4-spkt packet-mark=client4-pktd passthrough=no comment="CLIENT4 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client4-spkt packet-mark=client4-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube_matcher new-packet-mark=client4-spkt packet-mark=client1-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client5-spkt packet-mark=client5-pktd passthrough=no comment="CLIENT5 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client5-spkt packet-mark=client5-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube_matcher new-packet-mark=client5-spkt packet-mark=client1-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client6-spkt packet-mark=client6-pktd passthrough=no comment="CLIENT6 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client6-spkt packet-mark=client6-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube_matcher new-packet-mark=client6-spkt packet-mark=client1-pktd passthrough=no comment=""
  
  
Browsing Per Client
++++++++++++++++++++++++
  
/ip firewall mangle
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client1-bpkt packet-mark=client1-pktd protocol=tcp comment="CLIENT1 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client2-bpkt packet-mark=client2-pktd protocol=tcp comment="CLIENT2 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client3-bpkt packet-mark=client3-pktd protocol=tcp comment="CLIENT3 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client4-bpkt packet-mark=client4-pktd protocol=tcp comment="CLIENT4 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client5-bpkt packet-mark=client5-pktd protocol=tcp comment="CLIENT5 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client6-bpkt packet-mark=client6-pktd protocol=tcp comment="CLIENT6 BROWSING"
  
Unification The Kind Online Game Downsteam | add the port game here!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  
/ip firewall mangle
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=5340-5352,6000-6152,10001-10011,14009-14030,18901-18909 comment="Online Game Portal"
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=39190,27780,29000,22100,10009,4300,15001,15002,7341,7451
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=40000,9300,9400,9700,7342,8005-8010,37466,36567,8822
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=47611,16666,20000,5105,29000,18901-18909,9015
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=27005,27015
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=27005-27020,13055,7800-7900,12060-12070
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=8005-8010,9068,1293,1479,9401,9600,30000
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=14009-14030,42051-42052,40000-40050,13000-13080
  
Separating All Kind Online Game Per Client
++++++++++++++++++++++++++++++++++++++++++++++++
  
/ip firewall mangle
add action=mark-packet chain=forward src-address=192.168.1.17 packet-mark=all-gpkt new-packet-mark=client1-gpkt passthrough=no comment="CLIENT1 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.16 packet-mark=all-gpkt new-packet-mark=client2-gpkt passthrough=no comment="CLIENT2 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.15 packet-mark=all-gpkt new-packet-mark=client3-gpkt passthrough=no comment="CLIENT3 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.14 packet-mark=all-gpkt new-packet-mark=client4-gpkt passthrough=no comment="CLIENT4 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.20 packet-mark=all-gpkt new-packet-mark=client5-gpkt passthrough=no comment="CLIENT5 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.21 packet-mark=all-gpkt new-packet-mark=client6-gpkt passthrough=no comment="CLIENT6 GAMES"
  
  
Parenting Queue Tree
++++++++++++++++++++++++++++++++++++++++++++++++
  
/queue tree
add name=All-Upload parent=global-in packet-mark=all-inpkt queue=default priority=8 max-limit=2M
add name=All-Download parent=global-out packet-mark=all-outpkt queue=default priority=8 max-limit=2M
  
/queue tree
add name=Client1Up parent=All-Upload packet-mark=client1-pktp queue=default priority=3 max-limit=200k
add name=Client2Up parent=All-Upload packet-mark=client2-pktp queue=default priority=3 max-limit=200k
add name=Client3Up parent=All-Upload packet-mark=client3-pktp queue=default priority=3 max-limit=200k
add name=Client4Up parent=All-Upload packet-mark=client4-pktp queue=default priority=3 max-limit=200k
add name=Client5Up parent=All-Upload packet-mark=client5-pktp queue=default priority=3 max-limit=200k
add name=Client6Up parent=All-Upload packet-mark=client6-pktp queue=default priority=3 max-limit=200k
   
/queue tree
add name=Client1 parent=All-Download packet-mark=client1-pktd queue=default priority=8
add name=Client2 parent=All-Download packet-mark=client2-pktd queue=default priority=8
add name=Client3 parent=All-Download packet-mark=client3-pktd queue=default priority=8
add name=Client4 parent=All-Download packet-mark=client4-pktd queue=default priority=8
add name=Client5 parent=All-Download packet-mark=client5-pktd queue=default priority=8
add name=Client6 parent=All-Download packet-mark=client6-pktd queue=default priority=8
  
  
Connection Packet Queue Tree Per Client
++++++++++++++++++++++++++++++++++++++++++++++++
  
/queue tree
add name=aClient1-Games parent=Client1 packet-mark=client1-gpkt queue=default priority=1 max-limit=256k
add name=aClient2-Games parent=Client2 packet-mark=client2-gpkt queue=default priority=1 max-limit=256k
add name=aClient3-Games parent=Client3 packet-mark=client3-gpkt queue=default priority=1 max-limit=256k
add name=aClient4-Games parent=Client4 packet-mark=client4-gpkt queue=default priority=1 max-limit=256k
add name=aClient5-Games parent=Client5 packet-mark=client5-gpkt queue=default priority=1 max-limit=256k
add name=aClient6-Games parent=Client6 packet-mark=client6-gpkt queue=default priority=1 max-limit=256k
   
/queue tree
add name=bClient1-Browsing parent=Client1 packet-mark=client1-bpkt queue=default priority=2 max-limit=256k
add name=bClient2-Browsing parent=Client2 packet-mark=client2-bpkt queue=default priority=2 max-limit=256k
add name=bClient3-Browsing parent=Client3 packet-mark=client3-bpkt queue=default priority=2 max-limit=256k
add name=bClient4-Browsing parent=Client4 packet-mark=client4-bpkt queue=default priority=2 max-limit=256k
add name=bClient5-Browsing parent=Client5 packet-mark=client5-bpkt queue=default priority=2 max-limit=256k
add name=bClient6-Browsing parent=Client6 packet-mark=client6-bpkt queue=default priority=2 max-limit=256k
 
/queue tree
add name=cClient1-DownExt parent=Client1 packet-mark=client1-dpkt queue=default priority=4 max-limit=220k
add name=cClient2-DownExt parent=Client2 packet-mark=client2-dpkt queue=default priority=4 max-limit=220k
add name=cClient3-DownExt parent=Client3 packet-mark=client3-dpkt queue=default priority=4 max-limit=220k
add name=cClient4-DownExt parent=Client4 packet-mark=client4-dpkt queue=default priority=4 max-limit=220k
add name=cClient5-DownExt parent=Client5 packet-mark=client5-dpkt queue=default priority=4 max-limit=220k
add name=cClient6-DownExt parent=Client6 packet-mark=client6-dpkt queue=default priority=4 max-limit=220k
   
/queue tree
add name=dClient1-DownVid parent=Client1 packet-mark=client1-spkt queue=default priority=5 max-limit=220k
add name=dClient2-DownVid parent=Client2 packet-mark=client2-spkt queue=default priority=5 max-limit=220k
add name=dClient3-DownVid parent=Client3 packet-mark=client3-spkt queue=default priority=5 max-limit=220k
add name=dClient4-DownVid parent=Client4 packet-mark=client4-spkt queue=default priority=5 max-limit=220k
add name=dClient5-DownVid parent=Client5 packet-mark=client5-spkt queue=default priority=5 max-limit=220k
add name=dClient6-DownVid parent=Client6 packet-mark=client6-spkt queue=default priority=5 max-limit=220k

Share This Article :
Related Articles

109 comments :

  1. "MASTER DOWNSTREAM" itu apa yahh Om,, maaf saya baru belajar tentang Mikrotik

    ReplyDelete
    Replies
    1. Untuk menandai total packets rx atau packets yang diterima, dalam hal ini download untuk client dengan nama master.

      Delete
    2. mau tanya lagi Om Agus ,, Ip ini 192.168.1.8 Masud nya dari mana yah Om , ??

      Delete
    3. Itu IP yang digunakan oleh client dalam Local Area Network, terserah mau diberi nama apa! ini hanya sebuah contoh dalam pengaplikasiannya dalam clients yang menggunakan static IP

      Delete
    4. Good day sir can you fix this script

      /ip firewall mangle
      :for i from=250 to=254 \
      do={ \
      {add action=mark-packet chain=forward layer7-protocol=high new-packet-mark="client$i-dpkt" \
      packet-mark="client$i-pktd" passthrough=no comment="CLIENT$i DOWNLOAD" }, \
      {add action=mark-packet chain=forward layer7-protocol=document new-packet-mark="client$i-dpkt" \
      packet-mark="client$i-pktd" passthrough=no }\
      }

      Delete
  2. Ok Thank's Om atas Penjelasan nya,, sebelum nya maaf nih Om itu text nya ada yg bahasa Indonesia ga yah,,??

    ReplyDelete
    Replies
    1. Jangan menyerah sama bahasa inggris ya! saya juga sambil belajar :)

      Delete
    2. hehehe,,, iya makasih Om

      Delete
  3. Hello I tried to copy and paste the script but Queue Tree is not moving
    there is an error in the Parent = global-out has only global

    ReplyDelete
    Replies
    1. I think your routerboard with QOS ROSv6, have you tried to change global-out just with global?

      Delete
  4. and P2P? What would be the rule? since all the bandwidth is consumed.

    ReplyDelete
    Replies
    1. Very well, first I just want to know from you, why are you concerned with P2P? is this about torrent sites with the applications or tools ?

      Delete
    2. ares, torrent, atube catcher and other

      Delete
    3. How is the rule to limit p2p? Are considered? Download?

      Delete
    4. This rule most likely would be handled by download undefined. If you think it is most important, you must create a new mangle and queue tree for that.

      Delete
    5. I'll be write how to implement it, make more perfection again this method and no need queue simple at all based on my experiment. be patient!

      Delete
    6. Look at on this article friend! http://agratitudesign.blogspot.com/2013/12/complete-queue-tree-without-queue_25.html

      Delete
  5. one of the greatest qos i ever seen. thanks for sharing bro

    ReplyDelete
  6. what if am using DHCP not static ip for the client.. as hotspot or broadband .. ?

    ReplyDelete
    Replies
    1. That means you must create the type of queue tree rules for all clients, I just can imagine to use pcq to do that on the queue tree rules

      Delete
    2. Ok I have found the new way, be patient! i'll be write for you! thank you for the questions that inspire me!

      Delete
    3. Look at on this link! http://agratitudesign.blogspot.com/2013/12/complete-queue-tree-for-dynamic-and.html

      Delete
  7. eactivating the queues were disabled transparent proxy, these are the rules that I added:
    firewall - nat --- enable transparent proxy.
    active web proxy cache but only to block websites.
    that the queues do not work?

    ReplyDelete
    Replies
    1. have you already make a new rule on NAT to redirect Traffic for web proxy?

      Delete
    2. yes,in NAT
      I added a rule that redirects traffic from port 80 to port 8080, but now the queues do not work

      Delete
    3. The rules that i have made still only use direct connection to internet server. It must be added the rule for connection via proxy i think

      Delete
    4. After I observed using Transparent proxy, we can only use in download queue tree. so it is very difficult to divide them into various kinds of connection packets download.

      Delete
  8. nice post bro
    bli buat tutorial mengenai load balancing dan pemisah antara browsing dan game mengnakan 2 isp

    ReplyDelete
  9. global out itu apakah bisa diganti dengan ether yang menghubungkan ke local jaringan?
    topoogi jaringan saya, ether 9 digunakan isp, ether 7 digunakan untuk menghubungkan ke local?

    ReplyDelete
  10. can it used for mikrotik userman USERS OR NOT

    ReplyDelete
  11. I try the script for adding the IP´s but doesnt work there is and error...
    I am using v6.11

    ReplyDelete
  12. pak minta solusi untuk melimit download dri FTP. krn selama ini kl ada client download dri web FTP meskipun L7 sdh ada limit extensi exe tetap tidak ke limit krn dari FTP. mohon solusinya...

    ReplyDelete
  13. aku bingung manggil apa, aku panggil Bapak saja deh karna lebih tua. mau comment tentang script ini. aku sudah coba di routerku sendiri. hasilnya cukup memuaskan. namun muncul pertanyaan saat loading game yang cukup lama meskipun sudah kucoba untuk membuat BW full untuk koneksi game tersebut. setelah mencari tahu aku dapat info bahwa sebaiknya untuk port game di prerouting saja agar tidak ribet didalam router. dan hasilnya game loading sangat oke. tapi overall makasih sekali atas share scriptnya ya pak. good luck and i always waiting for your new configuration about mikrotik.

    ReplyDelete
  14. Kakak .. maaf mau tanya. Bandwith Speedy sy 4mb dgn jumlah unit sebanyak 20 + 2 unit. Idealnya pembagian masing" bandwith brp ya ?
    Mksh kakak

    ReplyDelete
  15. hello sir can you help me with this
    /ip firewall mangle
    add action=mark-connection chain=prerouting disabled=no in-interface=ether2-master-local new-connection-mark=all-inconn passthrough=yes comment="CONNECTION-IN"
    add action=mark-packet chain=prerouting connection-mark=all-inconn disabled=no new-packet-mark=all-inpkt passthrough=yes comment="UPLOAD"
    add action=mark-connection chain=forward disabled=no out-interface=ether1-gateway new-connection-mark=all-outconn passthrough=yes comment="CONNECTION-OUT"
    add action=mark-packet chain=forward connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment="DOWNLOAD"

    the upload is not working.... im using rosv6.13

    ReplyDelete
    Replies
    1. I am sorry I little bit busy for a few days, now is galungan celebration here! ok you can try this

      ether2-master-local connected to lan
      ether1-gateway connected to internet source

      /ip firewall mangle
      add action=mark-connection chain=prerouting disabled=no in-interface=ether2-master-local new-connection-mark=all-inconn passthrough=yes comment="CONNECTION-IN"
      add action=mark-packet chain=prerouting connection-mark=all-inconn disabled=no new-packet-mark=all-inpkt passthrough=yes comment="UPLOAD"
      add action=mark-connection chain=forward disabled=no in-interface=ether1-gateway new-connection-mark=all-outconn passthrough=yes comment="CONNECTION-OUT"
      add action=mark-packet chain=forward connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment="DOWNLOAD"

      Delete
    2. thanks sir but still not working

      Delete
  16. Something went wrong for me ! i rewrite the script like this " http://d-h.st/57c "
    and Mikrotik show like this " http://s29.postimg.org/hd1zkwkfr/11111.png "

    Why only the Upload is working ! Other Games , Browsing aren't working well .

    Please Ans me

    ReplyDelete
  17. Hi everyone I want suggestion. I want to use some isp billing system. I want to know what is the best isp billing system.

    ReplyDelete
  18. Mohon pencerahannya pak,
    kenapa Game dan Upload nya tidak jalan yah?

    ReplyDelete
  19. Terimakasih Pak Agus atas sharingnya, luar biasa sekali..
    Saya ada pertanyaan pak. Kondisi saya memakai ISP Speedy 5Mbps dengan Upload 1Mbps. (kecepatan di speedtest.net bisa mencapai 6Mbps utk DL, dan 1Mbps utk UL).Saya ada 13 Client + 1 Billing. Saya uda ikuti settingan bapak di artikel ini yg tentunya sudah saya sesuaikan sedikit dengan settingan IP address, dst di saya. Tetapi saat saya bermain Point Blank sambil browsing Facebook dan Youtube, masih berkurang ping nya dan masih lag. Mohon bantuannya Pak. Terimakasih banyak

    ReplyDelete
  20. halo om agus... sebelumnya saya menggunakan mikrotik 751 dengan os4.12 dan saya mengganti mikrotik dengan tipe 951 os6.18
    dan saya menggunakan script dari om dan diedit sesuai dengan kebutuhan saya.
    selama menggunakan mikrotik yang lama 751 os4.12 tidak ada masalah tetapi setelah beralih ke mikrotik 951 os6.18 selalu ada warning message :
    "dhcp,critical,error dhcp-client on internet lost IP address XXX.XXX.XXX.XXX received NAK from dhcp server 0.0.0.0"
    dan
    "dhcp,critical,error dhcp-client on internet lost IP address XXX.XXX.XXX.XXX - lease expired"

    mohon pencerahaannya om

    ReplyDelete
  21. Terima kasih Om" Tutorialnya "WORK" dan sangat bermanfaat.
    SUKSES SELALU buat blog "agratitudesign impression"

    ReplyDelete
    Replies
    1. Thanks so much..! mas Fahrul atas supportnya tetap memberikan semangat yang sempat vacum untuk membagun blog ini kembali, semoga catatan dalam blog ini bisa memberikan manfaat dan inspirasi, meski tidak sempurna mudah2an agratitudesign bisa menjadi jembatan untuk memunculkan ide baru untuk kita bersama! Salam!

      Delete
  22. /ip firewall mangle
    add action=mark-connection chain=prerouting disabled=no in-interface=ether1 new-connection-mark=all-inconn passthrough=yes comment="CONNECTION-IN"

    add action=mark-connection chain=forward disabled=no in-interface=wlan1 new-connection-mark=all-outconn passthrough=yes comment="CONNECTION-OUT"

    Mas agus untuk interface CONNECTION-IN dan CONNECTION-OUT sama-sama memakai "in-interface" ya

    ReplyDelete
    Replies
    1. iya tetapi ingat upload dan download disini menggunakan chain yang berbeda

      Delete
  23. Bli Saya Pake Limit yang ini Uploadnya saja yang G jalan mohon pencerahan biasanya permasalahan ada dimana???

    ReplyDelete
  24. Firewall Mangel Untuk uploadnya jalan dan ada traffic nya Bli Ini SS nya

    http://prntscr.com/6cy3k5

    Tapi untuk Queue treenya gak mau jalan sama sekali traffic nya Bli Ini SS nya

    http://prntscr.com/6cy46r

    ReplyDelete
    Replies
    1. Coba dipisah aja download dan uploadnnya :

      /queue tree
      add name=All-Upload parent=global-in packet-mark=all-inpkt queue=default priority=8 max-limit=2M
      add name=All-Download parent=global-out packet-mark=all-outpkt queue=default priority=8 max-limit=2M

      yang lainnya menyesuaikan dari "all-download" ya, uploadnya jika ingin per client, dipisah2 aja per ip client

      Delete
  25. Brarti Perintah itu cma mengganti di queue tree tanpa harus meng hapus apapun di firewall mangle, Berarti Queue tree untuk Upload dan download nya di hapus saja ya Bli?

    Maklum Masih Newbie, Baru anak SMK

    ReplyDelete
    Replies
    1. Iya perubahan hanya di queue tree aja dik, Queue tree lainnya di modifikasi atau disesuaikan parentnya. Coba di orat-oret dulu di script editor, pasti lebih mudah dimengerti

      Delete
    2. Ok dah Bli Terima Kasih yah, Mau saya Coba Implementasi kan Ke Router Saya...

      Delete
  26. Bli Masih Tetep Upload G kelimit, Benar di Queue Tree Ada Traffic Tapi di Mangelnya G ada Traffic, Mohon Bantuannya dong ????

    ReplyDelete
  27. Thanks Bli, Scrip dari Bli Work Tapi Agar Work g asal Copas Tapi Harus Dimengerti Tentang Upload Dan Download Rules nya Bli Punya Saya Dah Work smua tinggal Game Saja Yang Belum Saya Coba....
    Salam Dari Anak SMK Lumajang Ini Screen Shoot nya

    http://prntscr.com/6gnhf2

    ReplyDelete
    Replies
    1. Coba disesuaikan port tcp maupun udp gamenya, karena setiap game memiliki port yang berbeda - beda, sangat beragam, apa lagi game facebook atau website2 tertentu, dia menggunakan port yang dinamis. Jika ada game online yang masih susah ditangkap portnya, mending fokus pada paket2 koneksi yang banyak memakan bandwidth seperti yang video streams, download, dan browsing jangan sampai ini membuat bandwidth yang terpakai habis karena ini akan berdampak pada nilai ping jika ingin menggabungkan penggunaan game online yang sangat sensitif dan masukkan sisanya yang belum terdifinisi dalam undefined. Ini tetap experimentkan untuk mencapai QoS yang ideal

      Delete
    2. Iya Akan Saya Coba, tetapi saya mendapat masukan dari guru saya untuk game itu ada yang di drop jadi initinya semua web yang menyediakan game online dengan port tertentu akan di drop dan di alihkan ke port yang sudah disediakan,

      Untuk Ping kan dapat di setabilkan dari mangel nya kan Bli, saya kalau menyetabilkan Ping Pernah coba dan Work

      Delete
    3. Untuk game online memang ping dan latency menjadi ukuran lag dan lancarnya game online. Latency adalah waktu yang diperlukan untuk mengirimkan paket data ke server, sedangkan Ping adalah waktu yang diperlukan untuk mengirimkan paket data ke server dan untuk kembali lagi kepada kita. Tapi ini tergantung ISPnya juga, kl karakter ping dari ISP sudah besar dan cepat melar ya mau apa lagi. Tapi dari pengalaman saya, kl koneksi internet dedicated lebih mudah menjaga pingnya. Selebihnya silahkan mencobanya!

      Delete
  28. Beli ini sudah saya coba di rb750. hampir semua work. kecuali download ext. kok tidak terlimit ya. saya pakai web proxy internal usb, apa itu berpengaruh?

    ReplyDelete
  29. Bli Layer7 Mungkin minta update punya ku kemaren bisa tapi hari ini g nge traffic...

    Tolong di Update Bli

    ReplyDelete
    Replies
    1. Hmmm gimana ya, sebentar dulu!

      Delete
    2. Coba di ulang lagi dari awal mangle sesuaikan nama interface yang digunakan untuk upsteam dan downsteam, sdh saya tambahkan pada bagian perfection II artikel ini.

      Delete
    3. Bli, Yang Di atas Itu kan udah update yah, jadi seumpama mau ganti tinggal edit di firewall mangle download sama streaming kan, disesuaikan ke layer 7 nya apa aja namanya????


      Untuk Game Saya Pake Firewall filter, saya masukkan port gamenya dan saya action add dst to address list, hasilnya work Bli, yang saya tanyakan gimana agar di firewall mangle dapat me limit per IP untuk Client Game, yang menggunakan Metode saya???

      Delete
    4. setahu saya firewall filter hanya untuk meloloskan atau tidak meloloskan paket2 koneksi, tidak untuk melakukan marking. Paket-mark hanya bisa dibuat di firewall mangle kemudian paket-mark ini yang di queue. Saya hanya bisa menyarankan firewall mangle untuk bisa melakukan proses antrean (queue) untuk paket2 koneksi!

      Delete
  30. Saya Menggunakan Firewall Filter hanya untuk mempaketkan dst-port dari port game untuk saya jadikan address list, setelah saya jadikan address list saya paketkan di firewall mangle yang berfungsi untuk memisah paket game, dan akan saya lanjutkan di queue tree, untuk config saya bisa dilihat di url ini agar Bli Mengerti apa yang saya maksudkan...

    http://www.tusfiles.net/un9weinkpmsd

    ReplyDelete
    Replies
    1. Wah menarik sekali! most interesting!
      maaf Rendika kl sharing link gambar langsung disini aja, biar temen-temen yg lain bisa langsung ngelihat. tusfiles banyak sekali buka popup link!
      dengan format:
      <img>url gambar.jpg</img>
      ganti <> menjadi []
      kalo ngririm script snippets gini aja biasanya kan gini
      <pre>script snippets</pre>
      ganti <> menjadi []
      agar mudah dilihat ama yang lain, trims..!
      contohnya:
      [img]http://1.bp.blogspot.com/-LiZQrom5AnA/UqrS597sjtI/AAAAAAAAEhk/gzr0D2LpZ50/s1600/perfection+queue+tree.jpg[/img]

      Delete
    2. Bli Layer 7 nya gak salah kah ??? Koq Di Mikrotik saya tampil kayak gini, saat add layer 7 dan regexp nya enggak muncul ini SS nya

      http://prntscr.com/6iklmv

      Delete
    3. Bli Layer 7 Untuk Download Masih Belum aktif, tlong di update lagi, saya ini memakai layer 7 yang di atas itu tapi tetep ini SS nya

      http://prntscr.com/6ikpts

      Delete
    4. Iya bener harus di update regexpnya, ada perubahan syntax yang harus dilakukan, sejak kapan ini berubah?

      Delete
  31. Lho Saya Ngambil Script itu dari Postingan Bli Di atas....

    ReplyDelete
    Replies
    1. Sudah saya perbaiki, coba dilihat kembali mudah2an ga ada salah ketik. Silahkan dikembangkan dan dimodifikasi sesuai keinginan!
      [img]http://1.bp.blogspot.com/-4oKiR0yS5zY/VQrVO_CfAyI/AAAAAAAAFCI/5MdBng-BmKQ/s1600/download-packet2.jpg[/img]
      [img]http://2.bp.blogspot.com/-OGsfqlGITsQ/VQrVNtdrjxI/AAAAAAAAFB8/OLiAD0R4Oi4/s1600/download-packet.jpg[/img]

      Delete
  32. Yang Bli ganti cuma di Layer 7 sama mangle yang diarahkan ke layer 7 kan yang lainnya tetep kayak config yang dulu kan ???

    Saya akan Mencoba config ini hari senin Bli soalnya sekolah masih libur saya mencobanya di sekolah, Terima Kasih Telah Di Update Bli, setelah saya Implementasikan akan saya upload hasilnya Bli, untuk imagenya Bli Upload dimana???

    Config an saya yang Memaketkan Semua Port game di firewall filter apa Bli terapkan Di Server Bli ??

    ReplyDelete
  33. Selamat Hari Raya Nyepi Bli... :D

    ReplyDelete
  34. Terima Kasih Bli Limitan saya Telah berjalan Semua, Game, Browsing, Download, Upload, Streaming, Ini SS nya Maaf gak bisa seperti contoh diatas soalnya saya gak tau harus upload dimana,
    Ini Untuk SS Streaming dan Download File Exe..
    http://prntscr.com/6l328h

    Ini Untuk Gamenya

    http://prntscr.com/6l31qz

    ReplyDelete
    Replies
    1. Bisa bisikin mangle gamenya bro, soalnya punya ane blom ketangkep nih , pusing pala ane hehehe....

      Delete
  35. salam kenal bg agus,
    maaf saya mau nanya bg agus, itu script diatas saya terapkan di Mikrotik saya untuk game Online trafficnya gk nangkep, kira2 apa ya mas, saya pake RB750 mas, mohon masukan nya mas agus

    ReplyDelete
  36. Maaf sebelumnya buat temen-temen penggemar mikrotik belum bisa menjawab semua comment dan pertanyaan, karena keterbatasan kesibukan dan waktu yang saya miliki. Queue game disini manangkap paket koneksi melalui port yang digunakan game tersebut. Jika ga tertangkap sama sekali ada beberapa kemungkinan
    1. port game yang digunakan tidak ada di list port pada marking mangle game yang kita pakai. Harus tau port gamenya, lebih baik lagi jika rentang IP public yang digunakan servernya.
    2. ada kesalahan difinisi paket upload dan download pada mangle paling atas sekali
    3. ada kesalahan dalam pemisahan dengan paket2 koneksi lainnya. Cek src dan dstnya

    ReplyDelete
    Replies
    1. terimakasih bg agus, uda kasi pencerahan nya...

      Delete
  37. Iya Untuk Upload Bisanya Brada Di scr nya... Untuk itu coba lihat brada dimana upstream clientnnya

    ReplyDelete
  38. Bli Cara agar Mikrotik bisa diremote dari jauh, dengan kondisi ether 1 yang connect ke modem selalu mendapat ip yang berubah-rubah itu bagai mana cara agar dapat diremote dari publick atau dari jarak jauh walaupun tidak connect ke area internetnya dari mikrotik tersebut....

    ReplyDelete
  39. question:
    i have 1 client with 2 ip address using the same mac address(softxpand) , i try the setup above but the 2nd rules for the 2nd ip add is not working it passes/hits the 1st rule for the 1st ip add. i like to separate the rules for the 2 ip addresses. please help

    ReplyDelete
  40. Hello, in this configuration, how to adding rules squid3? .. In mangle first place?

    ReplyDelete
  41. pak ketut kalo saya punya 3 jaringan Lan, buat queue nya seperti apa ya?
    soalnya googling banyak nya menjelaskan dengan 1 lan saja.tks

    ReplyDelete
  42. This comment has been removed by the author.

    ReplyDelete
  43. This comment has been removed by the author.

    ReplyDelete
  44. limit game di queue tree ga ad trafficny (Byte Packet masih 0)knp ya? port dari setiap game sudah di maukan ke mangel game? ada solusinya?

    ReplyDelete
  45. apakah ini kalo yang make cuma 1 client nanti otomatis dapat Full Bandwith dan bila 2 client otomatis terbagi 3, dst.

    ReplyDelete
  46. This comment has been removed by the author.

    ReplyDelete
  47. /ip firewall mangle
    add action=mark-connection chain=prerouting disabled=no in-interface=ether1 new-connection-mark=all-inconn passthrough=yes comment="CONNECTION-IN"

    add action=mark-connection chain=forward disabled=no in-interface=wlan1 new-connection-mark=all-outconn passthrough=yes comment="CONNECTION-OUT"

    Mas agus untuk interface CONNECTION-IN dan CONNECTION-OUT sama-sama memakai "in-interface" ya

    ether1 = yang menuju ke modem? (biasa saya buat public)
    wlan1 = yg ke jaringan lokal (hub) ya bli..maaf masih nubi habis

    ReplyDelete
  48. why sometimes i download some files it goes directly to streaming queue tree instead of Download queue?

    ReplyDelete
  49. please help me about this one. i cant get it work in my hap lite 6.34.1
    this is my facebook account dice4real_143@yahoo.com or Nikko Fernandez

    ReplyDelete
  50. Permisi Bli Masih Sering Blogger an Kah saya mau Tanya-tanya Bli Seputar Postingan Bli ini

    ReplyDelete
  51. hello it seems i cant capture gaming packet using this script

    ReplyDelete
  52. Dear Suardika, thanks for a nice solution ....it is working in v6 also after a slight change in "GLOBAL" instead of "GLOBAL-IN"
    I need your suggestion on following points ------
    - may i use a block like /24 or /22 instead of single IP?

    ReplyDelete
  53. amigão sou brasileiro gostaria de saber se vc tem alguma regra que usa o thundercache v2.2.0 ou se vc disponibiliza a fazer uma analize no meu sistema com os dados que tenho aqui e fizesse as configurações para mim direto no meu sistema e quanto vc cobra por isto?

    ReplyDelete
  54. Hello sir, thanks for this very informative post and instruction.

    Im only new in Mikrotik and doing small scale networks. I have a new Haplite 941 (i think), can i just use the scripts posted here and paste it in the terminal to configure my mikrotik modem like the one posted here . I only have 6 pc (client) no billing or master, and have a 10mbps connection.

    do i have to configure each pc's IP or get their assigned IP by the modem/switch.

    thanks and have a nice day.

    ReplyDelete
  55. This comment has been removed by the author.

    ReplyDelete
  56. kenapa upload browsing dan upload game tdk di pisahkan,, lag dong..

    ReplyDelete
  57. Traffic mangle Game onlineya kok gak jalan yah mang ?

    ReplyDelete
  58. bli klo client download lewat IDM kok lolos ya, gak masuk ke parent download

    ReplyDelete
  59. min, mengubah limit per client 1-254 sekaligus gimana ya caranya? semisal kita sudah mempunyai limit 128k, lalu ingin diganti menjadi 256k, agar tidak repot-repot untuk merubah 1 persatu (sekalian). Mohon bantuannya min, thx sebelumnnya

    ReplyDelete
  60. This comment has been removed by the author.

    ReplyDelete
    Replies
    1. this rules is intended for router OS version 5, what version router OS you have used?

      Delete
  61. Online Betting Fast-paced games
    คาสิโนออนไลน์ New options for people interested in online gambling games that make all of them into fun activities that can play online games on our mobile easily. Gambling is one thing that will give you a good chance. Playing a good casino game It is an alternative way to make us have an extra income with it. Entertainment is not to be missed. It is a part that will increase the path to success of all of you as well. Have fun with us. We are glad to recommend good gambling games.

    Meet all needs and new opportunities. The success of the best bet. No matter where you are It gives you a good chance. Get into online gambling games as often as needed. Can apply once. Players can collect money in the round, quickly withdrawn. It is suitable for all players to get into new forms. We have a true view of fun. Do not waste time traveling on the mobile, it is the easiest way to make money on the site. คาสิโนออนไลน์

    ReplyDelete
  62. Hi, Good Day,

    I Have a question, in your first scipt, their is master and billing packets, what are those for? is ok to revome them?

    Because in your final script i don't see those packets! the master and billing!

    Im guessing its ok for me not to include it?

    Am i right?

    Thanks if you can answer my question!

    ReplyDelete
  63. i'm playing an online game that uses p2p on their server connection. meaning, port forwarding is not possible for that game. can you give me a script that can help me connect to this game with less traffic and less lag? thank you very much.

    ReplyDelete

Back to Top