0
A+ A-
As you can see, FTP servers are placed behind Mikrotik DMZ, when user connects via pppoe server, dynamic queue is created for that user according to his package, lets say 512k, now the problem is this restriction also applied on local FTP server placed behind mikrotik DMZ, and we don’t want to limit speed for Local FTP.
The solution I found was to make mangle rules that mark packets TO/FROM the FTP server, and add Queue tree at my desired speed or at line speed for those marks.
This works for me. JUST MAKE SURE YOUR FTP SERVERS HAVE MIKROTIK IP AS THERE DEFAULT GATEWAY :) This is important so that you can user original ip on the the FTP server rather then just mikrotik ip.



Scenario:



172.16.0.0/16 are my pppoe client ip pool.
192.168.250.0/24 is FTP server pool. Behind Mikrotik DMZ.

On mikrotik, I created following rules and FTP servers exempted from dynamic queue rate limit and ftp data delivered at LAN speed , all works ok :)

[Mikrotik 5.x ROS Code]

/ip firewall mangle add chain=prerouting src-address=172.16.0.0/16 dst-address=192.168.250.0/24 action=mark-packet new-packet-mark=ftp-up
 
/ip firewall mangle add chain=postrouting dst-address=172.16.0.0/16 src-address=192.168.250.0/24 action=mark-packet new-packet-mark=ftp-down
 
/queue type add name=ftp-exempt kind=sfq
/queue tree add name=ftp-up parent=global-in packet-mark=ftp-up queue=ftp-exempt max-limit=100M
/queue tree add name=ftp-down parent=global-out packet-mark=ftp-down queue=ftp-exempt max-limit=100M

[Mikrotik 6.x ROS Code]

 

/ip firewall mangle
add action=mark-packet chain=prerouting dst-address=192.168.250.0/24 new-packet-mark=ftp-up src-address=172.16.0.0/16
add action=mark-packet chain=postrouting dst-address=172.16.0.0/16 new-packet-mark=ftp-down src-address=192.168.250.0/24
 
/queue tree
add limit-at=100M max-limit=100M name=ftp-up packet-mark=ftp-up parent=global queue=ftp-exempt
add limit-at=100M max-limit=100M name=ftp-down packet-mark=ftp-down parent=global queue=ftp-exempt

 


 

 
Posted by
Share to:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Top