More RouterOS goodness
Aug. 13th, 2011 04:51 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
abortrephraseMy little RB keeps me connected to a small VPN of random enthusiast types. We do this mostly just for the hell of it, but one feature is access to suitable file shares on our LANs.
I've held off on opening any of that up for the moment as I didn't want to risk having my upstream slagged. But here's how to do a really simple rate limit on data coming from a specific host on my network to destinations on the VPN:
The host on my end is 10.8.0.10. The VPN more broadly is 10/8. Those two rules are all it takes. 1Mbps is about a third of my upstream, which is enough to let people slowly snarf things without any real noticeable impact on my own use of my net connection.
I've held off on opening any of that up for the moment as I didn't want to risk having my upstream slagged. But here's how to do a really simple rate limit on data coming from a specific host on my network to destinations on the VPN:
/ip firewall mangle
add action=mark-packet chain=prerouting disabled=no dst-address=10.0.0.0/8 \
new-packet-mark=files passthrough=no protocol=tcp src-address=10.8.0.10
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
disabled=no interface=all limit-at=0/0 max-limit=1M/1M name=vpn-files \
packet-marks=files parent=none priority=8 queue=default/default \
total-queue=default-small
The host on my end is 10.8.0.10. The VPN more broadly is 10/8. Those two rules are all it takes. 1Mbps is about a third of my upstream, which is enough to let people slowly snarf things without any real noticeable impact on my own use of my net connection.
(no subject)
Date: 2011-08-13 10:27 pm (UTC)(no subject)
Date: 2011-08-14 04:04 am (UTC)It probably helps that while the RB runs a Linux kernel all the userland is custom and designed to be consistent.