How to exempt rate limit for FTP Server Behind MT DMZ in placment of Dynamic Queues !

As you can see, FTP servers are placed behind Mikrotik DMZ, when user connects via pppoe server, dynamic queue is created for that user according to his package, lets say 512k, now the problem is this restriction also applied on local FTP server placed behind mikrotik DMZ, and we don’t want to limit speed for Local FTP.
The solution I found was to make mangle rules that mark packets TO/FROM the FTP server, and add Queue tree at my desired speed or at line speed for those marks.
This works for me. JUST MAKE SURE YOUR FTP SERVERS HAVE MIKROTIK IP AS THERE DEFAULT GATEWAY :)This is important so that you can user original ip on the the FTP server rather then just mikrotik ip.

Scenario:

172.16.0.0/16 are my pppoe client ip pool.
192.168.250.0/24 is FTP server pool. Behind Mikrotik DMZ.

On mikrotik, I created following rules and FTP servers exempted from dynamic queue rate limit and ftp data delivered at LAN speed , all works ok :)

[Mikrotik 5.x ROS Code]

/ip firewall mangle add chain=prerouting src-address=172.16.0.0/16 dst-address=192.168.250.0/24 action=mark-packet new-packet-mark=ftp-up

/ip firewall mangle add chain=postrouting dst-address=172.16.0.0/16 src-address=192.168.250.0/24 action=mark-packet new-packet-mark=ftp-down

/queue type add name=ftp-exempt kind=sfq

/queue tree add name=ftp-up parent=global-in packet-mark=ftp-up queue=ftp-exempt max-limit=100M

/queue tree add name=ftp-down parent=global-out packet-mark=ftp-down queue=ftp-exempt max-limit=100M

[Mikrotik 6.x ROS Code]

/ip firewall mangle

add action=mark-packet chain=prerouting dst-address=192.168.250.0/24 new-packet-mark=ftp-up src-address=172.16.0.0/16

add action=mark-packet chain=postrouting dst-address=172.16.0.0/16 new-packet-mark=ftp-down src-address=192.168.250.0/24

/queue tree

add limit-at=100M max-limit=100M name=ftp-up packet-mark=ftp-up parent=global queue=ftp-exempt

add limit-at=100M max-limit=100M name=ftp-down packet-mark=ftp-down parent=global queue=ftp-exempt

1 comments:

Write comments

Anonymous

AUTHOR

March 21, 2022 at 7:15 PM delete

How To Exempt Rate Limit For Ftp Server Behind Mt Dmz In Placment Of Dynamic Queues ! - Mikrotik Tutorials >>>>> Download Now

>>>>> Download Full

How To Exempt Rate Limit For Ftp Server Behind Mt Dmz In Placment Of Dynamic Queues ! - Mikrotik Tutorials >>>>> Download LINK

>>>>> Download Now

How To Exempt Rate Limit For Ftp Server Behind Mt Dmz In Placment Of Dynamic Queues ! - Mikrotik Tutorials >>>>> Download Full

>>>>> Download LINK