.
.
Using Mikrotik, we can redirect HTTP traffic to SQUID proxy Server, We can also control user bandwidth, but its a good idea to deliver the already cached content to user at full lan speed, that’s why we setup cache server for, to save bandwidth and have fast browsing experience , right :p , So how can we do it in mikrotik that cache content should be delivered to users at unlimited speed, no queue on cache content. Here we go.
By using ZPH directives , we will mark cache content, so that it can later pick by Mikrotik.
Basic requirement is that Squid must be running in transparent mode, can be done via iptables and squid.conf directives.
I am using UBUNTU squid 2.7 , (in ubuntu , apt-get install squid will install squid 2.7 by default which is gr8 for our work)
Add these lines in SQUID.CONF
#=============================================================================== #ZPH for SQUID 2.7 (Default in ubuntu 10.4) / Syed Jahanzaib aacable@hotmail.com #=============================================================================== tcp_outgoing_tos 0x30 lanuser [lanuser is ACL for local network, change it to match your's] zph_mode tos zph_local 0x30 zph_parent 0 zph_option 136
Use following if you have squid 3.1.19
#====================================================== #ZPH for SQUID 3.1.19 (Default in ubuntu 12.4) / Syed Jahanzaib aacable@hotmail.com #====================================================== # ZPH for Squid 3.1.19 qos_flows local-hit=0x30
That’s it for SQUID, Now moving on to Mikrotik box ,
Add following rules,
↓
↓
# Marking packets with DSCP (for MT 5.x) for cache hit content coming from SQUID Proxy
/ip firewall mangle add action=mark-packet chain=prerouting disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no comment="Mark Cache Hit Packets / aacable@hotmail.com" /queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pmark packet-mark=proxy-hit parent=global-out priority=8 queue=default
↓
↓
# Marking packets with DSCP (for MT 6.x) for cache hit content coming from SQUID Proxy
/ip firewall mangle add action=mark-packet chain=prerouting comment="MARK_CACHE_HIT_FROM_PROXY_ZAIB" disabled=no dscp=12 new-packet-mark=proxy passthrough=no /queue simple add max-limit=100M/100M name="ZPH-Proxy Cache Hit Simple Queue / Syed Jahanzaib >aacable@hotmail.com" packet-marks=zph-hit priority=1/1 target="" total-priority=1
# If above queue tree donot work with ROS 6.x then try adding simple queue and move it on TOP in simple QUEUE section,
.
Now every packet which is marked by SQUID CACHE_HIT, will be delivered to user at Full lan speed, rest of traffic will be restricted by user Queue.
↓
↓
TROUBLESHOOTING:
the above config is fully tested with UBUNTU SQUID 2.7 and FEDORA 10 with LUSCA
Make sure your squid is marking TOS for cache hit packets. You can check it via TCPDUMP
__________________________________________________________
tcpdump -vni eth0 | grep ‘tos 0×30′
↓
(eht0 = LAN connected interface)
Can you see something like ???
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20:25:07.961722 IP (tos 0×30, ttl 64, id 45167, offset 0, flags [DF], proto TCP (6), length 409)
20:25:07.962059 IP (tos 0×30, ttl 64, id 45168, offset 0, flags [DF], proto TCP (6), length 1480)
192 packets captured
195 packets received by filter
0 packets dropped by kernel
_________________________________
↓
↓
Regard’s
SYED JAHANZAIB
Syed Jahanzaib - Personal Blog to Share Knowledge ! 
[…] For ZPH configuration in squid, Please read the following post. https://aacable.wordpress.com/2011/07/21/mikrotik-with-squidzph-unlimited-speed-for-cache-content-tra… […]
LikeLike
Pingback by Mikrotik as PPPoE Server + DMASOFTLAB Radius Manager + Ubuntu SQUID 2.7 + ZPH > Complete Guide ! « Syed Jahanzaib Personnel Blog to share knwoledge ! — August 10, 2011 @ 3:13 PM
how about proxy external with only one ethernet…???
LikeLike
Comment by whielyx — November 15, 2011 @ 5:36 AM
Proxy can work with one ethernet too.
But its better to have separate WAN for proxy. anyhow one ethernet will work , just set its default route / dns pointing to Mikrotik proxy interface.
LikeLike
Comment by Pinochio~:) — November 15, 2011 @ 10:52 AM
nice…. This the best blog I have ever met who discuss mikrotik and external proxy.
why use routing? why not use NAT to create a transparent proxy ..?
LikeLike
Comment by whielyx — November 15, 2011 @ 4:46 PM
hi i like your work , i just got one problem i used your “yourtube” transparent proxy settings which you explained, but my problem is it works if i test it on squid x86 pc itself with ( proxy lan 127.0.0.1:8080) but when i put it in mikrotik it dont work ive tried all tricks already eg:
ip – firewal l- nat – dstnat -protcol tcp6 – port80 -dst-nat8080 – dst-nat ip (squid ip)
webproxy – parent ip & port = squid ip & port
if you could help me out please
LikeLike
Comment by johan — January 22, 2012 @ 9:31 PM
# Without knowing your network topologies , I can comment.
# SQUID must be running in transparent mode via squid.conf and iptables directives.
# Mikrotik may have 3 interfaces, one for lan, second for squid proxy, third for ISP/WAN. All must be running on different subnets.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 23, 2012 @ 11:48 AM
My Mikrotik:
433UAH as follows:
LAN 1 = master – 192.168.88.1
LAN 2 = ADSL – 192.168.1.251 gateway – 192.168.1.1
DNS – servers: 192.168.1.1
allow-remote-requests: yes
max-udp-packet-size: 512
cache-size: 4096KiB
cache-max-ttl: 1w
cache-used: 538KiB
LAN 3 = HOME PRIVATE INTERNET (LEAVE AS IS) with IP = 192.168.87.0/24
Firewall NAT:
0 ;;; Redirect Rediect Web-Proxy
chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80
1 ;;; Masquerade ADSL Network
chain=srcnat action=masquerade out-interface=ADSL
…………………………………………………………………………………………………………………………….
My LAN 1 connects to 750G Router where all public clients connect to.
My squid is setup on a X86 PC with default settings again as it was corrupt, i reconfigured ,
reinstalled default “squid.conf”, ive plugged it directly in adsl with DHCP (192.168.1.1/24)
and tested it in Mozilla Firefox with proxy IP & Port ( 127.0.0.1:8080 & 127.0.0.1:3128) results
is it works.
…………………………………………………………………………………………………………………………….
What i need is for it to work through my Mikrotik router as a HTTP Proxy or Transparent & my clients PC’s to auto detect it without configurations
Thank You
LikeLike
Comment by Johan — January 23, 2012 @ 9:03 PM
# There are couple of ways to accomplish this.
# You can use dst-nat rule to redirect all http request to SQUID box.
# You can mark HTTP packets and then route them to SQUID box, This is preferred way and squid can see users original source ip, not the mikrotik ip, and you can log users original ip address in squid logs. Which is sometimes requires for management purposes.
Use the below links.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 24, 2012 @ 11:22 AM
If you use NAT, SQUID will see only Mikrotik IP. so you cant log user ip in access.log
Routing is used so that Proxy can log user ip for record purpose. and also it prevents double NATing, first at mikrotik , second on proxy.
LikeLike
Comment by Pinochio~:) — November 15, 2011 @ 6:38 PM
ok. so far, I use a dst-nat to make transparent proxy and I can still see the access.log contains client source ip.
/ip firewall nat
add action=dst-nat chain=dstnat comment=squid disabled=no dst-address=![squid-network] dst-port=80,81,8080,3128 in-interface=ether3-hotspot protocol=tcp src-address=[lan-network] to-addresses=[ip-squid] to-ports=[port-squid]
cmiiw,
best regards.
LikeLike
Comment by whielyx — November 16, 2011 @ 2:07 AM
now, i’m stucked with traffic shaping… 😦
LikeLike
Comment by whielyx — November 16, 2011 @ 9:17 AM
good.
LikeLike
Comment by Pinochio~:) — November 16, 2011 @ 10:33 AM
Traffic shaping can be easily done via Mikrotik.
LikeLike
Comment by Pinochio~:) — November 16, 2011 @ 10:30 AM
Can you give me an example of its traffic shaping? or can you make a post that gives an explanation of traffic shaping, either with or without external proxy. 😀
LikeLike
Comment by whielyx — November 16, 2011 @ 7:43 PM
Try this link, its easier to do shaping via profile.
http://wiki.mikrotik.com/wiki/Cable_setup
LikeLike
Comment by Pinochio~:) — November 17, 2011 @ 11:32 AM
thanks sir…
LikeLike
Comment by whielyx — November 17, 2011 @ 2:29 PM
Asalam Aliukom
I have the following network topology (in summary)
{internet}
|
[firewall & squid cache@pfsense]—[MT_AP]~[MT_STA with wds]—[hotspot@MT_router]—[clients]
|
|
[radius@ubuntu]
pfsense: LAN = 172.31.224.1/24 with transparent proxy cache
MikroTik: WAN’s = dhcp client with 172.31.224.x/24
this is the squid.conf on pfsense(freebsd)
Code:
http_port 172.31.224.1:3128 transparent
http_port 127.0.0.1:80 transparent
icp_port 0
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname net4u1.com
cache_mgr admin@net4u1.com
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
logfile_rotate 30
shutdown_lifetime 0 seconds
# Allow local network(s) on interface(s)
acl localnet src 172.31.224.0/255.255.255.0
forwarded_for transparent
via off
httpd_suppress_version_string on
uri_whitespace strip
dns_nameservers 127.0.0.1
cache_mem 2048 MB
maximum_object_size_in_memory 128 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir coss /var/squid/coss 8000 max-size=419840 block-size=512
cache_dir aufs /var/squid/cache 320000 128 256 min-size=419840
minimum_object_size 0 KB
maximum_object_size 399 MB
offline_mode off
cache_swap_low 90
cache_swap_high 95
# No redirector configured
# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 1337 3128 1025-65535
acl sslports port 443 563 1337
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl partialcontent_req req_header Range .*
acl mallware url_regex “/usr/local/etc/squid/mallware.url”
acl conficker url_regex “/usr/local/etc/squid/conficker.url”
#acl dynamic urlpath_regex cgi-bin \?
#include /usr/local/etc/squid/include.conf
include /usr/local/etc/squid/tunning.conf
#cache deny dynamic
http_access allow manager localhost
http_access deny mallware
http_access deny conficker
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
# Always allow localhost connections
http_access allow localhost
quick_abort_min 32 KB
quick_abort_max 128 KB
quick_abort_pct 75
range_offset_limit 0 MB
request_body_max_size 0 allow all
reply_body_max_size 0 deny all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
# Throttle extensions matched in the url
acl throttle_exts urlpath_regex -i “/var/squid/acl/throttle_exts.acl”
delay_access 1 allow throttle_exts
delay_access 1 deny all
# Custom options
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
# Allow local network(s) on interface(s)
http_access allow localnet
# Default block all to be sure
http_access deny all
and add this to mikrotik routers
Code:
/ip firewall mangle
add chain=prerouting action=mark-packet dscp=12 new-packet-mark=proxy-hit passthrough=no
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 /
name=pmark packet-mark=proxy-hit parent=global-out priority=1 queue=default
I try many tests but no bypass cache hit it’s limit with hotspot client profile speed !
and there is something wired, that is while monitoring the mangle rule I notice that the counter never increased and stay on 0 but while I change dscp value to 48 it’s began to count (that’s mean marking packets) I know that 30 in hex its equal to 48 in decimal (tos) and dscp its quarter of tos value 12
so please I need your help me to make this situation work for me
TIA
SaFi
LikeLike
Comment by SaFi — December 10, 2011 @ 5:53 PM
Q1# Make sure your squid is marking TOS for cache hit packets. You can check it via TCPDUMP
What is the result of following command at Proxy server?
__________________________________________________________
# tcpdump -vni eth0 | grep ‘tos 0x30’
(eht0 = LAN connected interface)
Can you see somethign like
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20:25:07.961722 IP (tos 0x30, ttl 64, id 45167, offset 0, flags [DF], proto TCP (6), length 409)
20:25:07.962059 IP (tos 0x30, ttl 64, id 45168, offset 0, flags [DF], proto TCP (6), length 1480)
192 packets captured
195 packets received by filter
0 packets dropped by kernel
__________________________________________________________
Q2# What is your mikrotik version?
Q3# What is your SQUID Version?
Suggestion: Use Ubuntu instead, as it is being Labeled ‘Linux for human being’ 🙂 Label is self explanatory.
LikeLike
Comment by Pinochio~:) — December 10, 2011 @ 8:30 PM
Thank you Syed for your quick reply
Answer #1: I run this command tcpdump -nnvvi rl0 | grep ‘tos 0x’ and I get lines like this
21:02:33.760598 IP (tos 0x0, ttl 50, id 39136, offset 0, flags [DF], proto TCP (6), length 52)
it’ seem that the marking doesn’t work …right?
Answer #2 : MikroTik ver 5.5
Answer #3 : My cache server is a package called “lusca-cache” from pfsense packages and it’s such version of squid 2.7.9 customized by chudy.fernandez :http://code.google.com/p/pfsense-cacheboy/wiki/Pfsense_Lusca
salam
LikeLike
Comment by SaFi — December 10, 2011 @ 11:22 PM
# Version 2.7.STABLE6 is the default in ubuntu base installation and have builtin support for ZPH
# If squid isn’t marking TOS packets, then mikrotik can’t recognize the packets. First diagnose it. I guess the syntax for ZPH in your squid.conf isn’t right. Correct it. Read my article @
# to get working squid.conf , you can view my blog at https://aacable.wordpress.com/2011/06/01/working-squid-conf-example-fil/
# Try Ubuntu, In past I have used many flavors of linux, But the most suited version I found is Ubuntu (10.4 Desktop Version, as you will get nice GUI for management, It can also act as a server base) , Try it on a test box. I have made very simple guides for ubuntu squid + zph + mikrotik rules. Its always succeed
LikeLike
Comment by Pinochio~:) — December 11, 2011 @ 10:18 AM
asalam o alikum
sir
i have facing in some problems
i had configure your articals but cache is to running perfectly and also flv for you tube isn,t run
tell me some ideas how can i do please sir help me
LikeLike
Comment by mr yaseen ansari — January 20, 2012 @ 11:51 PM
Youtube is dynamic content and not supported by normal proxy.
For youtube caching, follow the below article.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 21, 2012 @ 11:47 AM
zaib bhai can we do cache youtube video’s on mikrotik without squid proxy??? how can we do this if possible?
LikeLike
Comment by waqas hussain — February 26, 2012 @ 11:01 AM
You can’t cache youtube videos using mikrotik web proxy.
You have to use external proxy server like SQUID/LUSCA with some modified config as showed in the examples.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 27, 2012 @ 8:53 AM
Syed
I follow yours instruction and boom squid working prefect bypassing the queue limit’s.
I have little problem with hotspot mirkotik.
When I redirect traffic via ubuntu server the login page won’t come up.
My connection is client’s——–mikrotik hotpot—–ubuntu server—– intenret.
In ubutu I use NAT and REDIRECT rules without Hotpot work prefect as soon as I turn on hotspot on interfaces the users won’t be able to surf on the internet.
Any idea.
Thanks Miles
What else I can say to you, God bless you ..
LikeLike
Comment by Miles — March 11, 2012 @ 12:32 AM
a/salam sir ma hotspot use kar rha hn ek probelm a rhe ha cache full speed ma nai deliver ho rhen wo as a bradwith use ho rhe hn. queue ma global in ma mention ho rhen hn global out ma nai deliver ho rhn plz help me out
LikeLike
Comment by waqar hameed — March 15, 2012 @ 10:23 PM
are you using squid cache server ?
Make sure squid is marking ZPH packets , you confirm it via using tcpdump.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 16, 2012 @ 2:09 PM
i’m Using yours which is mention in this tutorial ” https://aacable.wordpress.com/2012/01/11/howto-cache-youtube-with-squid-lusca-and-bypass-cached-videos-from-mikrotik-queue/ ”
well it is working fine for me but in prerouting where tos 12 is used is marked as packet but in queue tree it shows its working in global in beside global out i don’t know where is problem is. please help me out
LikeLike
Comment by waqar hameed — March 16, 2012 @ 5:32 PM
aoa brother
I need to ask something if you are kind enough to answer, In my university there is squid 2.7 stable 21 wirelessproxy is installed on every router. Now I can not download anything using utorrent. Could you please help me out in this situation? Thanks
LikeLike
Comment by Hasan — April 4, 2012 @ 4:22 PM
very useful information.
i have to try this one….
thanks pak syed
LikeLike
Comment by Ma'el — June 1, 2012 @ 7:15 PM
oops…im forgot to ask
where should i put these command in squid.conf
or i can put anywhere? 🙂
#==============
#ZPH Syed Jahanzaib aacable@hotmail.com
#=======================
tcp_outgoing_tos 0x30 lanuser
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
#[lanuser is ACL for local network]
LikeLike
Comment by Ma'el — June 1, 2012 @ 7:23 PM
You can put in anywhere after ACL Sections. Means acl ‘lanuser’ must be above these zph rules.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — June 4, 2012 @ 9:59 AM
hey guys thanks for you all and any one can tell me how can i limit the output bandwidth to users they got now full band from the cache i need to limit that band coz im using wireless link and i don’t want to get it full capacity when users downloading some file from cache and i already limit the real internet band
LikeLike
Comment by karemm — June 25, 2012 @ 6:43 PM
You can create separate Queue for the cached marked contents and limit it.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — June 27, 2012 @ 9:03 AM
when i try to test with tcpdump-VNI eth0 | grep ‘tos 0 × 30’
grep: 0 * 30: ni Such file or directory
tcp_outgoing_tos 0 × 30 lanuser
zph_mode tos
zph_local 0 × 30
zph_parent 0
zph_option 136
LikeLike
Comment by achmad — June 25, 2012 @ 11:08 PM
there is no space between 0x30
use as below
tcp_outgoing_tos 0×30 lanuser
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — June 27, 2012 @ 9:01 AM
this my zph mode in squid.conf
#============================================================
# ZPH , To enable cache content to be delivered at full lan speed,
# To bypass the queue at MT.
#============================================================
tcp_outgoing_tos 0x30 all
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
i used https://aacable.wordpress.com/2012/01/11/howto-cache-youtube-with-squid-lusca-and-bypass-cached-videos-from-mikrotik-queue/ for my ubuntu 11.10 64 bit
thanks before
LikeLike
Comment by achmad fadly — June 27, 2012 @ 4:02 PM
thanks for this great tutorial..
is it possible if we marking packet by tcp_outgoing_tos that contains .exe packets and catch it by dscp mikrotik?
i’ve tried but i failed. 😦
thanks in advanced…
LikeLike
Comment by Azma Yogi — July 14, 2012 @ 11:36 AM
Asslam-o-alaikum bhai ! it is possible given bellow and how to
3 DSL —-> Mt 5.18 —-> Squid 2.7 —–> Hotspot Mt 5.18——> clients
LikeLike
Comment by smn4all — August 2, 2012 @ 3:14 AM
Yes, its possible.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — August 3, 2012 @ 7:26 AM
i got error in freebsd+squid “kernel: negative sbsize uid = o”
at that moment browsing getting slower.
please help me out
LikeLike
Comment by muhammad azam — August 23, 2012 @ 3:23 PM
Please post more details where you are getting this error?
I have no experience in FREEBSD. Please post your query at FreeBSD forums or mailing list.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — August 23, 2012 @ 4:07 PM
Hi,
Pretty good doc!
I’m almost there… but my pppoe users and queue are on another router, my network is routed(ospf) How to pass dscp to that router??
Thanks!
Patrick
LikeLike
Comment by Patrick — September 1, 2012 @ 5:51 AM
hello,
Is it possible to use the internal mikrotik web cache and configure as parent a squid proxy, if an object is found from the squid cache and marked with th correct dscp value, how to passe this object at the lan speed with out limitation
Regards
LikeLike
Comment by adda — October 5, 2012 @ 7:33 PM
HI, can somebody help me with mikrotik config, i have an external cache device which is Appliansys Cachebox220, i want to connect it via the Mikrotik router, please give me the Mikrotik side configurations. thanks
LikeLike
Comment by Clive — February 26, 2013 @ 2:04 PM
Dear Sir
Is it differ if i put Squid between Mikrotik and Internet Modem , or it must be connected like the topology you figure above
because i try to cache youtube videos but i fail
LikeLike
Comment by Ahmed Adel — March 5, 2013 @ 1:45 AM
You can put it in between Mikrotik and modem.
Also you can configure you squid as BRIDGE, and then it can intercept HTTP traffic and act accordingly. There are lot of interesting things you can do with it 🙂 be creative
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 5, 2013 @ 4:29 PM
Dear Sir
i configure squid as your articles but it cannot save youtube videos , any suggestion please ?
LikeLike
Comment by Ahmed Adel — March 6, 2013 @ 7:07 PM
Use NGINX method, people have reported its still working. search in Google “aacable nginx”
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 6, 2013 @ 7:49 PM
/ip firewall mangle add action=mark-packet chain=prerouting disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no comment=”Mark Cache Hit Packets / aacable@hotmail.com”
/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pmark packet-mark=proxy-hit parent=global-out priority=8 queue=default
——————————————-
Hi Syed,
I found difficulty creating the above second rule. Since i am using the Mikrotik CCR-1036, which is the high end router. But i didn’t find the option “global-out” in the queue tree.
Please do suggest me.
LikeLike
Comment by Vijay — April 1, 2013 @ 10:38 AM
Hi,
i currently run a network on RB1100 and would like to know if the following is possible.
I am currently trying out the above but would like to know the following
I inherited a network and i have to allocate bandwidth pools for the clients and i tried using usermanager to allocate to each client a certain amount of bandwidth but i was not successful.
What i discovered is that you have to allocate either to the up or downstream a certain amount, what i am looking for is a way to apportion to each client a certain amount of data bandwidth.
I would like to be able to for instance allocate to a client for instance 3Gb worth of data and whether the client uploads or downloads i would like for it to be deducted from the 3gb data and also if the 3gb is not all consumed within 30days then the account should expire.
Basically what i want to do here is to do data-capping.
I would appreciate all the help i can get.
LikeLike
Comment by Oluseyi — May 21, 2013 @ 2:06 PM
You can implement only QUOTA base service using usermanager.
For advance billing, use 3rd party radius server like DMASOFTLAB Radius Manager
dmasoftlab.com
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 21, 2013 @ 4:08 PM
Hi,
Please in making this ubuntu proxy work do i enable webproxy in mikrotik or not?
And also how what ipsettings should i use for the ubuntu?
Thank you mightly
LikeLike
Comment by Oluseyi — May 22, 2013 @ 12:44 PM
hi,
please let me explain me own network scenario to you.
I have 2 sets of mikrotik the main one I use is a X86 and the backup is a RB1100, now the X86 has
only 2 sets of network cards and can’t take any more than that. What do I do here?
Should I use a cross cable and connect the X86 to the Ubuntu and then issue that nic on the Ubuntu 172.16.10.3 as I already have on the x86 and also on the rb1100 one other the ether being 172.16.10.2 as my gateway which is another machine is 172.16.10.1.
I would really appreciate your step by step explanation here.
Thanks
My network is as follows:
Gateway>>Mikrotik(X86 or RB1100)>> Switch>> Users
LikeLike
Comment by Oluseyi — May 22, 2013 @ 1:41 PM
I tried this, and can see the mangle traffic matching, however this does not affect user download as users were still downloading HIT files within their respective bandwidth restriction. Is there anything i may be doing wrong?
Thanks
LikeLike
Comment by OJ — May 24, 2013 @ 8:55 PM
hello sir
you have not answered my last two questions
LikeLike
Comment by Oluseyi — May 26, 2013 @ 4:41 AM
Hi,
please what have i done wrong as you don’t want to answer me?
please i really do need your help as i have just inherited a network as part of a new job and part of the conditions is to increase the speed of the network.
I will appreciate all help possible.
Thank you
LikeLike
Comment by Oluseyi — May 29, 2013 @ 3:39 AM
amin wa’alaikum salam
Good day, I have just been employed in a company and I don’t know much about Mikrotik. Now I have an issue which invariably is a test as they have said that I have to ensure that I build a cache outside the Mikrotik and that if that improves the speed of browsing tremendously that means I have the job.
Let me describe the network to you:
Modem>Gateway(x86 PC)> Mikrotik (Rb1100 or x86)> switch>antennae
I would like to incorporate both the cache option to do both web-pages and also videos, I would like to do both on the same machine. Also I would appreciate it if you could please give me detailed steps on what to do on each; both on the Linux package and the Mikrotik package. The mikrotik version is 5.22 and the Ubuntu version is 13.04 64 bits.
LikeLike
Comment by Ahmed Bello — May 30, 2013 @ 1:32 AM
hi syed can u sent to me ur yahoo or ur phone pls i want ur help
LikeLike
Comment by faesal.net78@yahoo.com — August 24, 2013 @ 2:20 AM
bro tcpdump -vni eth0 | grep ‘tos 0×30′ showing nothing.matching. i have checked, my squid 2.7 is not marking cache hits to tos 0x30. all packets are by default tos 0x0. plz guide
LikeLike
Comment by Quality DSL — September 21, 2013 @ 11:49 PM
If you have compiled squid from source, make sure you do it with enable zph configure option.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — September 23, 2013 @ 8:34 AM
s/bhai mujhay ek website allow krne hy user ko jo unlimited speed sey chaly baki sub web sites jo mein bandwith dy raha hoo us mein sey use kary
maslan facebook/filehippo.com ya koi bhe ek site user unlimited speed sey use kr saky mein mikrotik dhcp server chala raha hoon with out proxy serwer no squit serwer simple dhcp hy queues sey ip bandwith set krta hoo plz help i am zain
LikeLike
Comment by zain ul abdin — January 9, 2014 @ 3:05 AM
Just mark the ip addresess or subnet of that required web sites or you can also use L7 pattern match, or even the content match rule, and then create queue for these marked packets and allow higher bandwidth,
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 9, 2014 @ 8:51 AM
sir mujhay is a rule bata dy plz Layer 7 protocols mein kis tarah regexp: kia name add karo
LikeLike
Comment by zain ul abdin — January 10, 2014 @ 10:41 PM
sir…………..i have seen someting like this..
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20 packets captured
20 packets received by filter
0 packets dropped by kernel
Just two line isn’t see
20:25:07.961722 IP (tos 0×30, ttl 64, id 45167, offset 0, flags [DF], proto TCP (6), length 409)
20:25:07.962059 IP (tos 0×30, ttl 64, id 45168, offset 0, flags [DF], proto TCP (6), length 1480)
LikeLike
Comment by Salman — April 24, 2014 @ 1:05 AM
How to configure IPCOP + MK?
LikeLike
Comment by Elizalde Bardales — May 5, 2014 @ 3:33 AM
¿cómo se configura en IPCOP + MK?
En IPCOP v2 con squid 3.1.19 ¿dónde se debe escribir la regla?:
# ZPH for Squid 3.1.19
qos_flows local-hit=0x30
LikeLike
Comment by Elizalde Bardales — May 5, 2014 @ 3:36 AM
How to configure IPCOP + MK?
In IPCOP v2 with squid 3.1.19 where you should write the rule?:
# ZPH for Squid 3.1.19
qos_flows local-hit=0×30
LikeLike
Comment by Elizalde Bardales — May 5, 2014 @ 3:37 AM
Hi. Have problem. Here I’m using vcb cache. Which is connected to my core mikrotik. And there are 8 child mikrotiks. Now i have done all this right . I’m getting hit from cache. I’m getting speed same as plan assigned. Files from cache doesn’t get bypassed.. can u please help me out.
LikeLike
Comment by mehul prajapati — April 8, 2017 @ 9:29 PM
it depends on the cache server you have in place. if it supports zph feature, then you can simply mark it, and using mikrotik you can bypass cached contents from the queue or assign different bandwidth scheme to cached contents. ask your cache vendor about zph.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 17, 2017 @ 11:15 AM
[…] For ZPH configuration in squid, Please read the following post. (To deliver cache content to user in full lan speed, exempt cache content from queue)https://aacable.wordpress.com/2011/07/21/mikrotik-with-squidzph-unlimited-speed-for-cache-content-tr… […]
LikeLike
Pingback by Howto setup Mini ISP using Mikrotik as PPPoE Server + DMASOFTLAB Radius Manager Scratch Card Billing System+ Linux Transparent Firewall Bridge + Ubuntu SQUID 2.7 Proxy Server – Welcome To My Blog — July 16, 2019 @ 6:15 AM