Hello, I’m setting up a RB1100 router with 2 wan connections and I want to do some QoS here… My first try is sending dns, icmp, http… through 2-WAN and everything else through 1-WAN.
I’ve configuring a little of firewalling following this wiki http://wiki.mikrotik.com/wiki/Dmitry_on_firewalling. So I’ve a nice connection marking working right now, in three different mangle chains tcp-services, udp-services and other-services:
/ ip firewall mangle
add chain=prerouting protocol=tcp connection-state=new action=jump jump-target=tcp-services
add chain=prerouting protocol=udp connection-state=new action=jump jump-target=udp-services
add chain=prerouting connection-state=new action=jump jump-target=other-services
That Wiki only marks connections, as I want to use routes and queue tree I think I must use packet marks and routing marks also, Am I right?
As I’ve similar connection marks at tcp-services and udp-services chains, I thought will be easier to mark packets and routings outside thouse chains: in PREROUTING…
Then I found something I can’t understand, neither reading different documents… i.e. the next code won’t mark routing as expected, becouse I’ve setted passthrough=no at the packet mark.
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=80 action=mark-connection new-connection-mark=http passthrough=yes
add chain=tcp-services connection-mark=http action=mark-packet new-packet-mark=http passthrough=no
add chain=tcp-services connection-mark=http action=mark-routing new-routing-mark=http passthrough=no
BUT, If I put the routing mark at the prerouting chain, like the next example, it works!.
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=80 action=mark-connection new-connection-mark=http passthrough=yes
add chain=tcp-services connection-mark=http action=mark-packet new-packet-mark=http passthrough=no
add chain=prerouting connection-mark=http action=mark-routing new-routing-mark=http passthrough=no
Can someone explainme this?.. I also noticed the route marking tule of the prvious code counts more packets than the packet and connection marking rules… that’s strange for me…
In this third example, all the rules count the same quantity of packets:
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=80 action=mark-connection new-connection-mark=http passthrough=yes
add chain=tcp-services connection-mark=http action=mark-packet new-packet-mark=http passthrough=yes
add chain=tcp-services connection-mark=http action=mark-routing new-routing-mark=http passthrough=no