mangle rule weirdness

rmichael · December 22, 2009, 9:12am

chain=forward action=mark-connection 
     new-connection-mark=never_heavy_conn passthrough=yes protocol=tcp 
     dst-address-list=never_heavy connection-mark=heavy_traffic_conn

I expected mark-connection to mark to and from traffic for that connection. Yet above rule applies heavy_traffic_conn to one side of the connection only (due to dst-address). So, for example, if connection (to and from) was marked normal_traffic_conn, after above rule upload will still be marked normal_traffic_conn but download will have the new heavy_traffic_conn connection mark.

Is this expected behavior?

thanks,
Michael

rmichael · December 22, 2009, 7:18pm

I know mangle is not as exciting as loosing your wireless connection but I hope someone can give me some direction…

galaxynet · December 23, 2009, 6:46pm

rmichael -

If you follow the ‘mark connection’ rule with a mark packet(s) rule then the packets in both directions will be marked.

At that point you can then you use the packet mark to manipulate the data stream as you see fit.

Thom

galaxynet · December 23, 2009, 6:55pm

rmichael

You may also want to read this discussion on connection/packet marking - very helpful when starting out with MT.

http://forum.mikrotik.com/t/firewall-and-mangle-flow-questions/33998/1

rmichael · January 5, 2010, 5:12am

Thanks!