Hi all,
This is the situation, I have a client with two DSL lines. I have preconfigured Queue Tree in one line and the other is new.
I have Policy Routing installed and working but now I want to make a NAT/PAT throught both DSL lines to one server in the LAN.
The problem is that I have the connection marks done for the queue configuration so the connection marks for the incoming interface based policy routing don’t work.
Anyone has done that? Any suggestions?
Greeted in advance, best regards
Basically you cannot have multiple connection marks for the same connection. This means that if you want to set up policy based routing and do QoS you basically have three choices:
1.) Use mark connections and mark packets based off of the connections for QoS and mark for routing directly for policy based routing.
2.) Use mark connections and mark routing for your policy based routing and mark the packets directly for QoS.
3.) Use a bunch of connections marks (enough to cover each of your QoS marks for each out interface). Then have several rules that will mark for routing based off of the connection marks for the out interfaces
I’m not sure how well the first or third one will work as I’ve never tried a setup like that. The third one will also probably take a good amount of rules depending on how many QoS connection marks you are using, so might be a pain to maintain all of them.
Thanks for the reply.
2.) Use mark connections and mark routing for your policy based routing and mark the packets directly for QoS.
It is possible to mark packet without connection marks?
Best regards
Yes, just packet marks are going to be directional, so you’ll need one for outbound packets and inbound packets that will match whatever connection you are looking for. So for example to get HTTP connections:
/ip firewall mangle
add action=mark-packet chain=forward comment=\
"HTTP" connection-bytes=500000-0 disabled=\
no dst-port=80 new-packet-mark=http_traffic packet-mark=no-mark \
passthrough=no protocol=tcp in-interface=LAN
add action=mark-packet chain=forward comment="" connection-bytes=500000-0 \
disabled=no new-packet-mark=http_traffic packet-mark=no-mark \
passthrough=no protocol=tcp src-port=80 out-interface=LAN
This just takes up extra CPU time because now it has to check the attributes of each packet instead of just checking that it has a connection mark.
Hi,
I think I am going to test the option 3 becouse both lines are diferents and need diferent queue rules.
3.) Use a bunch of connections marks (enough to cover each of your QoS marks for each out interface). Then have several rules that will mark for routing based off of the connection marks for the out interfaces
Thanks again.