3.14 No mangle postrouting!???

raftak · October 16, 2008, 7:20am

Hi, I have a problem with the package marked “POSTROUTING” for “queue tree”-download, when trying to mark in 5 routers the traffic does not work, in an x86, yes, why?. I tried with "prerouting, forward, POSTROUTING, but it is still not functioning in the mangle POSTROUTING.
In x86.v.3.14, work fine:
add action=mark-connection chain=prerouting comment="Conexiones HTTP-UP " \

disabled=no dst-port=80 new-connection-mark=http-up passthrough=yes \

protocol=tcp src-address=10.1.3.0/24

add action=mark-packet chain=prerouting comment=HTTP-UP-Packet \

connection-mark=http-up disabled=no new-packet-mark=http-up passthrough=\

no

add action=mark-connection chain=postrouting comment=HTTP-Down disabled=no \

dst-address=10.1.3.0/24 new-connection-mark=http-down passthrough=yes \

protocol=tcp src-port=80

add action=mark-packet chain=postrouting comment=HTTP-Down-packet \

connection-mark=http-down disabled=no new-packet-mark=http-down \

passthrough=no

add action=mark-connection chain=prerouting comment=HTTPS-UP disabled=no \

dst-port=443 new-connection-mark=https-up passthrough=yes protocol=tcp \

src-address=10.1.3.0/24

add action=mark-packet chain=prerouting comment=HTTPS-UP connection-mark=\

https-up disabled=no new-packet-mark=https-up passthrough=no

add action=mark-connection chain=postrouting comment=HTTPS-Down disabled=no \

dst-address=10.1.3.0/24 new-connection-mark=https-down passthrough=yes \

protocol=tcp src-port=443

add action=mark-packet chain=postrouting comment=HTTPS-DOWN connection-mark=\

https-down disabled=no new-packet-mark=https-down passthrough=no

########################################################################
My other routers are= 1-x86, 5-rb-333, all with 3.14 version.
Now I do same config for all routers, (change ip add) and don’t work never, sometimes after remove all rules of mangle work postrouting marking all network(chain=postrouting dst-add=10.1.3.0/24 action=mark-packet…) but mangle services(80,443,1863,etc) is to 0 counters!!!

I need resolve it, QoS is very important in my network i have 500 customer wireless.

I hope any advice.

raftak · October 17, 2008, 6:38am

Nobody? I will try to better explain the problem if my English is not understood.
I can not mark POSTROUTING in 5 routers, does not work! I therefore can not create queues for “Download” with “queue tree.”

Can someone show how you are marking in “POSTROUTING”?

THANK YOU.

Chupaka · October 17, 2008, 4:00pm

hmmm… did not read carefully, but…
you cannot have two connection marks on one (although bi-ditectional in its nature) tcp connection. you should mark connection with ‘http’ mark, and then mark packets of ‘http’ connection with ‘http-up’ and ‘http-dowm’ marks

raftak · October 18, 2008, 4:40pm

I have already solved the problem. Thank for your help.
Regards,

theredia · October 22, 2008, 3:54pm

How did you solve it?

Regards,
Tomás

raftak · November 10, 2008, 1:22pm

hello I solved with : http://wiki.mikrotik.com/wiki/Mangle%2C_Queue_Tree_and_prio_by_fly_man_…_almost_done
I did not understand the use of PREROUTING and POSTROUTING.

Regards,

titius · November 20, 2008, 11:42pm

IMHO marking only packets is not the right way.

Correct me if I’m wrong . . .

theredia · November 21, 2008, 1:15am

Well, I thing you’re wrong
In old times, wen connection tracking was only for NAT and ESTABLISHED, RELATED conditions, packet marking was the only way. It’s not the wrong way, I’ts just a more processor intensive one .

BTW, I couldn’t solve it, neither with packet nor connection marking, for a heavily congested 2 Mbit link (more than 1000 simultaneous ESTABLISHED connections, 2k on peeks. Conectiosn keeped starbving with any possible configuration. Support wasn’t helpfull at all) My solution was openwrt (works better than RouterOS even without QoS enabled).

Cheers!