Packet Mark - Am I doing it right ?

arnab620 · May 16, 2017, 6:34pm

Hello,
I am trying to mark all packets which are coming in and going out from my 2 PC (192.168.1.1 & 192.168.1.2) in my mikrotik router. The purpose of marking those packets is to set priority and control bandwidth of these 2 computers later.

In order to do that, first I marked the source & destination connections of my 2 PC as “C1” & “C2”. And then I marked the packets as “P1” & “P2” based on the connection marks. Below is my configuration for marking the packets.

The question is, am I doing it correctly ? Any comment/suggestion is appreciated…

[admin@Arnab MikroTik Router] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; Connection Mark
      chain=prerouting action=mark-connection new-connection-mark=C1 passthrough=yes src-address=192.168.1.1 log=no log-prefix="" 
 1    chain=prerouting action=mark-connection new-connection-mark=C1 passthrough=yes dst-address=192.168.1.1 log=no log-prefix="" 
 2    chain=prerouting action=mark-connection new-connection-mark=C2 passthrough=yes src-address=192.168.1.2 log=no log-prefix="" 
 3    chain=prerouting action=mark-connection new-connection-mark=C2 passthrough=yes dst-address=192.168.1.2 log=no log-prefix="" 
 4    ;;; Packet Mark
      chain=prerouting action=mark-packet new-packet-mark=P1 passthrough=yes connection-mark=C1 log=no log-prefix="" 
 5    chain=prerouting action=mark-packet new-packet-mark=P2 passthrough=yes connection-mark=C2 log=no log-prefix="" 
[admin@Arnab MikroTik Router] /ip firewall mangle>

Thank You.

SiB · May 16, 2017, 6:49pm

You can check it at firewall

To connection mark add this: connection-mark=no-mark - you will be mark only new traffic. I hope you have got a firewall rules with accept the establish and related traffic.

arnab620 · May 17, 2017, 5:25am

You mean I can check it from firewall whether my packets are actually being marked or not… right ?

Thank

arnab620 · May 17, 2017, 5:27am

But my question is, the way I am marking my packets, is it a correct way ??
Like : mark the source/destination connections in pre-routing chain and then mark the packets based on connection marks… is it the correct way ?

Thanks

SiB · May 17, 2017, 6:53am

It’s the best way.. even more bcs you can mark even specific trafic by protocol&port. Next stuff is what you do with this traffic.
When it’s queue then you can use it at simple and tree tab.

Please grab new traffic only when they have got connection-mark=no-mark - to be sure. Info about it I write below photo.

arnab620 · May 17, 2017, 11:40am

Thank You. How can I do that ?

Thanks

SiB · May 17, 2017, 11:55am

Add it to your first rules what you give.

leonardosoares · May 18, 2017, 3:26am

To my traffic control, i use forward to download and prerouting to upload

SiB · May 18, 2017, 9:54am

Hmm, I always do a rule into prerouting for download & upload traffic by users and all that next rule are still in prerouting.
Currently your HTTP&Other upload have got ones prerounting and next forward.

But what is not work? Or it’s working but you search better way.

PS. CTRL+L clear screen.
PS2 not “print” but “export” - then you can select and RMB copy it. Paste to forum post and press CODE icon “” . Then I can import, correct and repaste better code.
PS3 You can think and read before about FastPath… but you must know what and how it’s work. It’s next level.

arnab620 · May 21, 2017, 6:15am

I think I am still missing something. Could you please explain what is the purpose of “grabbing new traffic only when they have got connection-mark=no-mark”
Please help me to understand it…

BartoszP · May 21, 2017, 9:06am

If connection is not connection-marked then it falls into virtual “no-mark” category. There is no need to check traffic already marked.