Overseas Traffic in 2.9.26

RouterOS General
1

There is how to for 2.8
http://www.mikrotik.com/docs/ros/2.8/howto/howto.content
How to make the same in 2.9 ? :cry:

2

Use address-list, that will decrease mangle rules. (adding local addresses to address-list), than use β€˜src/dst-address-list’.
Add chain=prerouting, action=connection-mark/packet-mark, mangle facility pretty well described in mangle documentation.

3

Have some problems! :cry:

I need to make this
local ip 192.168.0.4 world speed 64k country ips from address list 128k

Made address list with country ip next

markconnection prerouting 192.168.0.4 connection-mark 192.168.0.4con packet-mark 192.168.0.4pack
markconnection prerouting 192.168.0.4 connection-mark 192.168.0.4loc packet-mark 192.168.0.4packloc

Making queues for 192.168.0.4pack 64k and 192.168.0.4packloc 128k

And it didnt work :frowning:

Whats my mistake

4

Paste your configuration,
ip firewall mangle ,
queue simple (tree), which one you are using,
ip firewall address-list.

5

6

I mean β€˜ip firewall mangle export’, paste at least this configuration.

7

/ ip firewall mangle
add chain=prerouting src-address=192.168.0.2 action=mark-connection
new-connection-mark=192.168.0.2con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.2con action=mark-packet
new-packet-mark=192.168.0.2pack passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.3 action=mark-connection
new-connection-mark=192.168.0.3con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.3con action=mark-packet
new-packet-mark=192.168.0.3pack passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.4 action=mark-connection
new-connection-mark=192.168.0.4con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.4con action=mark-packet
new-packet-mark=192.168.0.4pack passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.10 action=mark-connection
new-connection-mark=192.168.0.10con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.10con action=mark-packet
new-packet-mark=192.168.0.10pack passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.4 dst-address-list=UKRAINE
action=mark-connection new-connection-mark=192.168.0.4ukr passthrough=yes
comment=β€œβ€ disabled=yes
add chain=prerouting connection-mark=192.168.0.4ukr dst-address-list=UKRAINE
action=mark-packet new-packet-mark=192.168.0.4packukr passthrough=yes
comment=β€œβ€ disabled=yes



\

/ ip firewall address-list
add list=all_services address=192.168.0.0/25 comment=β€œfull access list”
disabled=no
add list=mail address=192.168.0.224/27 comment=β€œmail access list” disabled=no
add list=UKRAINE address=62.16.0.0/19 comment=β€œUKRAINE NETWORK LIST”
disabled=no
add list=UKRAINE address=62.64.64.0/18 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.64.80.0/21 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.64.87.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.64.88.0/21 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.64.96.0/21 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.64.104.0/21 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.64.112.0/21 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.64.120.0/21 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.80.160.0/19 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.149.0.0/19 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.32.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.33.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.34.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.37.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.42.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.43.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.44.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.45.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.46.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.47.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.48.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.49.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.50.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.51.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.52.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.53.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.54.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.55.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.56.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.60.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.61.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.221.62.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=62.244.0.0/18 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.70.65.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.70.66.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.70.67.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.70.68.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.70.69.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.70.70.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.70.77.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.70.80.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.70.82.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.73.0.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.77.32.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.78.32.0/19 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.84.176.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.90.224.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.91.160.0/19 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.92.224.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.93.112.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.94.240.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.94.248.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.94.249.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.94.250.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.94.251.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.94.252.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.94.253.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.94.254.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.94.255.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.243.144.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.245.112.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.249.224.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.252.240.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.254.0.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=80.255.64.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=81.17.128.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=81.21.0.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=81.23.16.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=81.25.224.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=81.30.160.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=81.90.224.0/20 comment=β€œβ€ disabled=no
add list=UKRAINE address=81.95.176.0/21 comment=β€œβ€ disabled=no
add list=UKRAINE address=82.144.192.0/19 comment=β€œβ€ disabled=no
add list=UKRAINE address=82.193.96.0/19 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.137.88.0/21 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.142.232.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.142.233.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.142.234.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.142.235.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.142.236.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.142.237.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.142.238.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.142.239.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.143.232.0/21 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.170.192.0/18 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.218.228.0/22 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.218.232.0/22 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.218.236.0/22 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.218.240.0/22 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.218.244.0/22 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.218.248.0/22 comment=β€œβ€ disabled=no
add list=UKRAINE address=83.218.252.0/22 comment=β€œβ€ disabled=no
add list=UKRAINE address=84.47.178.0/23 comment=β€œβ€ disabled=no
add list=UKRAINE address=85.90.192.0/19 comment=β€œβ€ disabled=no
add list=UKRAINE address=85.114.192.0/19 comment=β€œβ€ disabled=no
add list=UKRAINE address=85.159.0.0/21 comment=β€œβ€ disabled=no
add list=UKRAINE address=85.198.129.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=85.198.130.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=85.198.131.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=85.198.132.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=85.202.0.0/16 comment=β€œβ€ disabled=no
add list=UKRAINE address=85.223.128.0/17 comment=β€œβ€ disabled=no
add list=UKRAINE address=85.238.96.0/19 comment=β€œβ€ disabled=no
add list=UKRAINE address=86.111.224.0/21 comment=β€œβ€ disabled=no
add list=UKRAINE address=87.236.224.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=87.236.226.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=87.238.152.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=87.238.153.0/24 comment=β€œβ€ disabled=no
add list=UKRAINE address=195.39.196.0/23 comment=β€œβ€ disabled=no
add list=UKRAINE address=193.202.110.0/24 comment=β€œβ€ disabled=no


\

/ queue tree
add name=β€œ192.168.0.2DOWN” parent=Local packet-mark=192.168.0.2pack
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=β€œ192.168.0.2UP” parent=Local packet-mark=192.168.0.2pack
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=β€œ192.168.0.3DOWN” parent=Local packet-mark=192.168.0.3pack
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=β€œ192.168.0.3UP” parent=Local packet-mark=192.168.0.3pack
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=β€œ192.168.0.4DOWN” parent=Local packet-mark=192.168.0.4pack
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=β€œ192.168.0.4UP” parent=Local packet-mark=192.168.0.4pack
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=β€œ192.168.0.10DOWN” parent=Local packet-mark=192.168.0.10pack
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=β€œ192.168.0.10UP” parent=Local packet-mark=192.168.0.10pack
limit-at=64000 queue=default priority=8 max-limit=64000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=β€œ192.168.0.4DOWN UKR” parent=Local packet-mark=192.168.0.4packukr
limit-at=128000 queue=default priority=8 max-limit=128000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes
add name=β€œ192.168.0.4UP UKR” parent=Local packet-mark=192.168.0.4packukr
limit-at=128000 queue=default priority=8 max-limit=128000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=yes

8

  1. Mangle configuration.
    I suggest yout to place passtrough=no after each action=packet-mark, that will avoid packets from remarking.
    Probably, it will be easier to create two address-lists; local-addresses, local-state-addresses.
    Assign two packet-marks;
    one src-address-list=local dst-address-list=local-state-addresses,
    second src-address-list=local dst-address-list=!local-state-address (=no local-state). If you want to limit local and oversease bandwidth for all users.

  2. Use β€˜parent=local-interface-name’ for download and β€˜parent=public-interface-name’ for upload in queue tree.
    You can also use simple queue to accomplish this scenario.

9

Did this to mangle rule


\

/ ip firewall mangle
add chain=prerouting src-address=192.168.0.2 action=mark-connection
new-connection-mark=192.168.0.2con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.2con action=mark-packet
new-packet-mark=192.168.0.2pack passthrough=no comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.3 action=mark-connection
new-connection-mark=192.168.0.3con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.3con action=mark-packet
new-packet-mark=192.168.0.3pack passthrough=no comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.4 action=mark-connection
new-connection-mark=192.168.0.4con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.4con action=mark-packet
new-packet-mark=192.168.0.4pack passthrough=no comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.10 action=mark-connection
new-connection-mark=192.168.0.10con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.10con action=mark-packet
new-packet-mark=192.168.0.10pack passthrough=no comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.4 dst-address-list=UKRAINE
action=mark-connection new-connection-mark=192.168.0.4ukr passthrough=yes
comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.4ukr dst-address-list=UKRAINE
action=mark-packet new-packet-mark=192.168.0.4packukr passthrough=no
comment=β€œβ€ disabled=no
add chain=prerouting src-address-list=Local dst-address-list=UKRAINE
action=mark-packet new-packet-mark=UKRAINE passthrough=no comment=β€œβ€
disabled=no
add chain=prerouting src-address-list=Local dst-address-list=!UKRAINE
action=mark-packet new-packet-mark=WORLD passthrough=no comment=β€œβ€
disabled=no

And what should i add in queue ?

Example please for world and ukraine traf

10

Hi, i have tried using xx.xx.xx.xx/21 it couldn’t work on address list. The most we could do using address list is only /24. Does anyone ever experience this?

11

yri,
I suppose mangle rules with src-addresses (192.168.0.2 etc.) are not necessary, if you added them to another address-list.

  1. first mangle rule to mark connections.
  2. second mangle rule to mark packets from users to addresses not in address-list.
  3. third mangle rule to mark packets from users to addresses placed in address-list.

Add simple queue, e.g.
β€˜queue simple add target-address=192.168.0.4 limit-at=xxx/xxx packet-marks=packet-mark’

shielder,
There is no problems β€˜ip firewall address-list add 10.1.34.1/24’ list 1;
ip firewall address-list> print
Flags: X - disabled, D - dynamic

LIST ADDRESS

0 1 10.1.32.0/21

12

Thank you very mutch its working

13

damit problem persist

Ukraine traffic counts as world
And queue only world

/ ip firewall mangle
add chain=prerouting src-address=192.168.0.2 action=mark-connection
new-connection-mark=192.168.0.2con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.3 action=mark-connection
new-connection-mark=192.168.0.3con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.4 action=mark-connection
new-connection-mark=192.168.0.4con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.10 action=mark-connection
new-connection-mark=192.168.0.10con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting src-address-list=Local dst-address-list=UKRAINE
action=mark-packet new-packet-mark=UKRAINE passthrough=yes comment=β€œβ€
disabled=no
add chain=prerouting src-address-list=Local dst-address-list=!UKRAINE
action=mark-packet new-packet-mark=WORLD passthrough=no comment=β€œβ€
disabled=no
add chain=prerouting connection-mark=192.168.0.4con dst-address-list=UKRAINE
action=mark-packet new-packet-mark=β€œ192.168.0.4 U” passthrough=no
comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.4con dst-address-list=!UKRAINE
action=mark-packet new-packet-mark=β€œ192.168.0.4 W” passthrough=no
comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.3con dst-address-list=UKRAINE
action=mark-packet new-packet-mark=β€œ192.168.0.3 U” passthrough=no
comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.2con dst-address-list=UKRAINE
action=mark-packet new-packet-mark=β€œ192.168.0.2 U” passthrough=no
comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.10con dst-address-list=UKRAINE
action=mark-packet new-packet-mark=β€œ192.168.0.10 U” passthrough=no
comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.2con dst-address-list=!UKRAINE
action=mark-packet new-packet-mark=β€œ192.168.0.2 W” passthrough=no
comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.3con dst-address-list=!UKRAINE
action=mark-packet new-packet-mark=β€œ192.168.0.3 W” passthrough=no
comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.10con dst-address-list=!UKRAINE
action=mark-packet new-packet-mark=β€œ192.168.0.10 W” passthrough=no
comment=β€œβ€ disabled=no

14

I suggest you to change mangle rules.

  1. mark all connections from users subnet 192.168.0.0
  2. mark packets src-address=192.168.0.0 dst-address=!ukraine
  3. mark packets src-address=192.168.0.0 dst-address=ukraine
    If you need equal bandwidth to all users use PCQ, if different band required
  4. β€˜queue simple add target-address=192.168.0.2 packet-mark=ukraine limit-at’.
  5. the same simple queue for abroad traffic, only with packet-mark=!ukraine.
15

Left only this
did the rite thing ?

Still not working

Cant find there i am ron :cry:

/ ip firewall mangle
add chain=prerouting src-address=192.168.0.4 action=mark-connection
new-connection-mark=192.168.0.4con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con
dst-address-list=UKRAINE action=mark-packet new-packet-mark=192.168.0.4U
passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con
dst-address-list=!UKRAINE action=mark-packet new-packet-mark=192.168.0.4W


/ queue simple
add name=β€œ192.168.0.4 W” target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0
interface=all parent=none packet-marks=192.168.0.4W direction=both
priority=8 queue=default-small/default-small limit-at=0/0
max-limit=64000/64000 total-queue=default-small disabled=no
add name=β€œ192.168.0.4 U” target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0
interface=all parent=none packet-marks=192.168.0.4U direction=both
priority=8 queue=default-small/default-small limit-at=0/0
max-limit=64000/64000 burst-threshold=128000/128000
total-queue=default-small disabled=no

16
  1. You have to use passtrough=no for mangle packet-mark rule (than it should work).
  2. You can place abroad packet-mark rule before local traffic rule.
17

/ queue simple
add name=β€œ192.168.0.4 W” target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0
interface=all parent=none packet-marks=192.168.0.4W direction=both
priority=8 queue=default-small/default-small limit-at=0/0
max-limit=64000/64000 total-queue=default-small disabled=no
add name=β€œ192.168.0.4 U” target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0
interface=all parent=none packet-marks=192.168.0.4U direction=both
priority=8 queue=default-small/default-small limit-at=0/0
max-limit=64000/64000 burst-threshold=128000/128000
total-queue=default-small disabled=no


/ ip firewall mangle
add chain=prerouting src-address=192.168.0.4 action=mark-connection
new-connection-mark=192.168.0.4con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con
dst-address-list=!UKRAINE action=mark-packet new-packet-mark=192.168.0.4W
passthrough=no comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con
dst-address-list=UKRAINE action=mark-packet new-packet-mark=192.168.0.4U
passthrough=no comment=β€œβ€ disabled=no


Did like this still count Ukrainian as world both counters runing
And in queue ! download counts as Upload and also Ukraine count there as world
:open_mouth:

18

/ ip firewall mangle
add chain=prerouting src-address=192.168.0.4 action=mark-connection
new-connection-mark=192.168.0.4con passthrough=yes comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con
src-address-list=Local dst-address-list=!UKRAINE action=mark-packet
new-packet-mark=192.168.0.4W passthrough=no comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.4 connection-mark=192.168.0.4con
src-address-list=Local dst-address-list=UKRAINE action=mark-packet
new-packet-mark=192.168.0.4U passthrough=no comment=β€œβ€ disabled=no

With such rule looks like counting
but as i sad tels download is Upload
:unamused: Whats rong :frowning: ?

19

Managed to make it working
made 2 conection mark one world one ykraine for each Local Ip
And then 1 pack mark for 1 con and 2 pack mark foer 2 conection
and also 2 queuq for each and now counts all and queue all good

listing

/ ip firewall mangle
add chain=prerouting src-address=192.168.0.4 dst-address-list=!UKRAINE
action=mark-connection new-connection-mark=192.168.0.4conW passthrough=yes
comment=β€œβ€ disabled=no
add chain=prerouting src-address=192.168.0.4 dst-address-list=UKRAINE
action=mark-connection new-connection-mark=192.168.0.4conU passthrough=yes
comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.4conU action=mark-packet
new-packet-mark=β€œ192.168.0.4 UU” passthrough=no comment=β€œβ€ disabled=no
add chain=prerouting connection-mark=192.168.0.4conW action=mark-packet
new-packet-mark=β€œ192.168.0.4 WW” passthrough=no comment=β€œβ€ disabled=no



/ queue tree
add name=β€œ192.168.0.4DOWN U” parent=Local packet-mark=β€œ192.168.0.4 UU”
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=β€œ192.168.0.4UP U” parent=Local packet-mark=β€œ192.168.0.4 UU”
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=β€œ192.168.0.4DOWN W” parent=Local packet-mark=β€œ192.168.0.4 WW”
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=β€œ192.168.0.4UP W” parent=Local packet-mark=β€œ192.168.0.4 WW”
limit-at=64000 queue=default priority=8 max-limit=128000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no

20

I suppose mangle rules with src-addresses (192.168.0.2 etc.) are not necessary, if you added them to another address-list.

  1. first mangle rule to mark connections.
  2. second mangle rule to mark packets from users to addresses not in address-list.
  3. third mangle rule to mark packets from users to addresses placed in address-list.

sergis,
Would you consider writing a new howto or wiki entry to clarify this issue? It is sometimes very confusing when to mark connections, when to mark packets, and when not to use passthrough.

As you can see in final example of yri he actually used TWO connections marks, not one as you suggested, and his packet marks does not reference source or destination addresses at all!