Good Day Anyone who encountered this problem?
ICMP Connection keeps Capturing Ports that been assigned on other Connection Marks. I am using PCC Loadbalancing
See also my Connections
You don’t expect to get much help with info you posted, do you? The name “ICMP-Connection” does not mean anything. Post your firewall rules and then you’ll have some chance.
Heres My Mangle Rules
Useless screenshots due to we can’t see full rules (marks, pastthrough etc).
Use export to file instead, for example:
/ip firewall export file=fr.rsc
Copy fr.rcs to computer, delete sensitive information if is and paste here rest.
Here’s the Full Firewall Rules
/ip firewall layer7-protocol
add name=P2P regexp=“^(\x13bittorrent protocol|azver\x01$|get /scrape\?in
fo_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data\?fid
=)|d1:ad2:id20:|\x08’7P\)[RP]”
add name=Torrent-1 regexp=“^.+(.torrent).$|^.+(//announce).$”
add name=Torrent-2 regexp=“^.(get|GET).+(torrent|thepiratebay|isohunt|enterta
ne|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bituni
ty|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fu
lldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits|ahashare|yify).$
"
add name=Torrent-3 regexp=”^.+(torrent|thepiratebay|isohunt|demonii|bittorrent
|entertane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscen
e|bitunity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meg
anova|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|utorrent|commonbits).
*$"
/ip firewall address-list
add address=192.168.10.0/24 disabled=no list=LAN
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=WAN-1
new-connection-mark=Connection-1 passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=WAN-2
new-connection-mark=Connection-2 passthrough=yes
add action=mark-routing chain=output connection-mark=Connection-1 disabled=no
new-routing-mark=Connection-1-Routing passthrough=yes
add action=mark-routing chain=output connection-mark=Connection-2 disabled=no
new-routing-mark=Connection-2-Routing passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=192.168.100.0/24
in-interface=LAN
add action=accept chain=prerouting disabled=no dst-address=192.168.105.0/24
in-interface=LAN
add action=mark-connection chain=prerouting disabled=no dst-address-type=
!local in-interface=LAN new-connection-mark=Connection-1 passthrough=yes
per-connection-classifier=both-addresses-and-ports:4/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=
!local in-interface=LAN new-connection-mark=Connection-1 passthrough=yes
per-connection-classifier=both-addresses-and-ports:4/1
add action=mark-connection chain=prerouting disabled=no dst-address-type=
!local in-interface=LAN new-connection-mark=Connection-2 passthrough=yes
per-connection-classifier=both-addresses-and-ports:4/2
add action=mark-connection chain=prerouting disabled=no dst-address-type=
!local in-interface=LAN new-connection-mark=Connection-2 passthrough=yes
per-connection-classifier=both-addresses-and-ports:4/3
add action=mark-routing chain=prerouting connection-mark=Connection-1
disabled=no in-interface=LAN new-routing-mark=Connection-1-Routing
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=Connection-2
disabled=no in-interface=LAN new-routing-mark=Connection-2-Routing
passthrough=yes
add action=mark-connection chain=prerouting comment=Web-Browsing
connection-bytes=1-1000000 disabled=no dst-port=
80,443,3128,5938,8008,8080 new-connection-mark=Web-Browsing-Connection
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-bytes=1-1000000
disabled=no dst-port=80,443,3128,5938,8008,8080 new-connection-mark=
Web-Browsing-Connection passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=
Web-Browsing-Connection disabled=no new-packet-mark=Web-Browsing-Packet
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=
Web-Browsing-Connection disabled=no new-routing-mark=Connection-1-Routing
passthrough=yes src-address-list=LAN
add action=mark-connection chain=prerouting comment=Peer-2-Peer disabled=no
layer7-protocol=P2P new-connection-mark=P2P-Connection passthrough=yes
protocol=tcp
add action=mark-connection chain=prerouting disabled=no layer7-protocol=P2P
new-connection-mark=P2P-Connection passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=P2P-Connection
disabled=no new-packet-mark=P2P-Packet passthrough=yes
add action=mark-routing chain=prerouting connection-mark=P2P-Connection
disabled=no new-routing-mark=Connection-1-Routing passthrough=yes
src-address-list=LAN
add action=mark-connection chain=prerouting comment=Torrent disabled=no
layer7-protocol=Torrent-1 new-connection-mark=Torrent-Connection
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no layer7-protocol=
Torrent-1 new-connection-mark=Torrent-Connection passthrough=yes
protocol=udp
add action=mark-connection chain=prerouting disabled=no layer7-protocol=
Torrent-2 new-connection-mark=Torrent-Connection passthrough=yes
protocol=tcp
add action=mark-connection chain=prerouting disabled=no layer7-protocol=
Torrent-2 new-connection-mark=Torrent-Connection passthrough=yes
protocol=udp
add action=mark-connection chain=prerouting disabled=no layer7-protocol=
Torrent-3 new-connection-mark=Torrent-Connection passthrough=yes
protocol=tcp
add action=mark-connection chain=prerouting disabled=no layer7-protocol=
Torrent-3 new-connection-mark=Torrent-Connection passthrough=yes
protocol=udp
add action=mark-packet chain=prerouting connection-mark=Torrent-Connection
disabled=no new-packet-mark=Torrent-Packet passthrough=yes
add action=mark-routing chain=prerouting connection-mark=Torrent-Connection
disabled=no new-routing-mark=Connection-1-Routing passthrough=yes
src-address-list=LAN
add action=mark-connection chain=prerouting comment=FTP disabled=no dst-port=
20,21,22,989,990 new-connection-mark=FTP-Connection passthrough=yes
protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=
20,21,22,989,990 new-connection-mark=FTP-Connection passthrough=yes
protocol=udp
add action=mark-packet chain=prerouting connection-mark=FTP-Connection
disabled=no new-packet-mark=FTP-Packet passthrough=yes
add action=mark-routing chain=prerouting connection-mark=FTP-Connection
disabled=no new-routing-mark=Connection-1-Routing passthrough=yes
src-address-list=LAN
add action=mark-connection chain=prerouting comment=ICMP disabled=no
new-connection-mark=ICMP-Connection passthrough=yes protocol=icmp
add action=change-dscp chain=prerouting disabled=no new-dscp=1 passthrough=
yes
add action=mark-packet chain=prerouting connection-mark=ICMP-Connection
disabled=no new-packet-mark=ICMP-Packet passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ICMP-Connection
disabled=no new-routing-mark=Connection-1-Routing passthrough=yes
src-address-list=LAN
add action=mark-connection chain=prerouting comment=DNS disabled=no dst-port=
53 new-connection-mark=DNS-Connection passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=53
new-connection-mark=DNS-Connection passthrough=yes protocol=udp
add action=change-dscp chain=prerouting disabled=no new-dscp=1 passthrough=
yes
add action=mark-packet chain=prerouting connection-mark=DNS-Connection
disabled=no new-packet-mark=DNS-Packet passthrough=yes
add action=mark-routing chain=prerouting connection-mark=DNS-Connection
disabled=no new-routing-mark=Connection-1-Routing passthrough=yes
src-address-list=LAN
add action=mark-connection chain=prerouting comment=Other-Traffic disabled=no
dst-port=5228 new-connection-mark=Other-Traffic-Connection passthrough=
yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=5228
new-connection-mark=Other-Traffic-Connection passthrough=yes protocol=udp
add action=mark-connection chain=prerouting connection-bytes=1000000-0
disabled=no dst-port=80,443,3128,5938,8008,8080 new-connection-mark=
Other-Traffic-Connection passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-bytes=1000000-0
disabled=no dst-port=80,443,3128,5938,8008,8080 new-connection-mark=
Other-Traffic-Connection passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=
Other-Traffic-Connection disabled=no new-packet-mark=Other-Traffic-Packet
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=
Other-Traffic-Connection disabled=no new-routing-mark=
Connection-1-Routing passthrough=yes src-address-list=LAN
add action=mark-connection chain=prerouting comment=
“Online Games - Crossfire PH” disabled=no dst-port=
10008,10009,13008,13037,16666 new-connection-mark=CrossfirePH-Connection
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=
10008,10009,12000-12200,13000-13200,16666 new-connection-mark=
CrossfirePH-Connection passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=
CrossfirePH-Connection disabled=no new-packet-mark=CrossfirePH-Packet
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=
CrossfirePH-Connection disabled=no new-routing-mark=Connection-1-Routing
passthrough=yes src-address-list=LAN
add action=mark-connection chain=prerouting comment=“Online Games - Dota 2”
disabled=no dst-port=27000-27100 new-connection-mark=Dota2-Connection
passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=27000-27100
new-connection-mark=Dota2-Connection passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=Dota2-Connection
disabled=no new-packet-mark=Dota2-Packet passthrough=yes
add action=mark-routing chain=prerouting connection-mark=Dota2-Connection
disabled=no new-routing-mark=Connection-1-Routing passthrough=yes
src-address-list=LAN
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=WAN-1
add action=masquerade chain=srcnat disabled=no out-interface=WAN-2
to-addresses=0.0.0.0
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no