Hi,I need a review for my settings
/interface ethernet
IP—Settings
anav
June 23, 2024, 10:58pm
3
Cannot help your config is missing 192.168.0.0-192.168.3.0 lan subnets… I see them in mangling but no clue what they are.
Or are they all dynamic and public but you are simply showing them as private???
Also which ones are primary, as we will need an order at least for if anything else highest throughput to lowest input
I’m behind routers and I use dhcp client for ports connected to routers ,I would like to favour 192.168.1.1
Thanks ,I modified my settings, but doesn’t fast path means faster internet?
mkx
June 24, 2024, 8:45am
6
It does … when configuration is pretty simple.
anav
June 24, 2024, 2:17pm
7
(1) /interface detect-internetNONE
(2) MISSING required table main routes for all WANs.
next one Set of Special Table Routes.add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_VDSL_1
Prior to mangling need to use interface lists/interface list
/interface-list-membersadd ether9_lan list=LAN
Now we can mangle efficiently.in-interface-list=LAN new-connection-mark=VDSL_1 in-interface-list=LAN new-connection-mark=4g_0 in-interface-list=LAN new-connection-mark=4g_1 in-interface-list=LAN new-connection-mark=4g_2
Now to attach routing to the traffic.add action=mark-routing chain=prerouting connection-mark=VDSL_1 to_VDSL_1 passthrough=no to_4g_0 passthrough=no to_4g_1 passthrough=no no
The questions that needs to be answered concern other possible traffic ??
anav
June 24, 2024, 2:19pm
8
IP Settings:
RP filter set to LOOSE
(1) /interface detect-internetNONE
(2) MISSING required table main routes for all WANs.
next one Set of Special Table Routes.add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_VDSL_1
Prior to mangling need to use interface lists/interface list
/interface-list-membersadd ether9_lan list=LAN
Now we can mangle efficiently.in-interface-list=LAN new-connection-mark=VDSL_1 in-interface-list=LAN new-connection-mark=4g_0 in-interface-list=LAN new-connection-mark=4g_1 in-interface-list=LAN new-connection-mark=4g_2
Now to attach routing to the traffic.add action=mark-routing chain=prerouting connection-mark=VDSL_1 to_VDSL_1 passthrough=no to_4g_0 passthrough=no to_4g_1 passthrough=no no
The questions that needs to be answered concern other possible traffic ??
May Allah Bless you,I really appreciate your effort ,just for learning purpose ,you made interfacelist Lan in order not to duplicate settings as i did before ,am i right?
anav
June 24, 2024, 11:36pm
11
(1) Correct, there is no need to have two settings, one for each subnet. Use of interface lists simplifies.
(2) I always write the config as though I am talking through the config.
(3) Good, this is very important because currently the mangling will not allow traffic between the subnets so we will fix that USE Firewall rules forward chain to only allow 10.0.1.0/24 to reach 10.0.0.0/24 and not the reverse.
PRIOR to the other mangle rules put these ones FIRST!/ip firewall mangleadd action=accept chain=prerouting dst-address=10.0.0.0/24 src-address=10.0.1.0/24
You should be intuitively able to see that if one had many LAN subnets or VLANS, an address list would be a decent approachadd action=accept chain=prerouting dst-address-list=LANCrossTalk src-address-list=LANCrossTalk.
WHere/ip firewall address-list
++++++++++++++++++++++++++++++++++++++++++++++++
Allah has nothing to do with it LOL. Nor does Jesus or Buddah, etc… for that matter. It is arrogant to assume ones god is the correct god and even worse not to accept that other people have different faiths or no faith and be respectful and accepting of that. When you can be respectful and accepting of others differences, you will be at peace with yourself and whatever deity you think you need.
People can be helpful and kind without religion as a crux.
(1) Correct, there is no need to have two settings, one for each subnet. Use of interface lists simplifies.
(2) I always write the config as though I am talking through the config.
(3) Good, this is very important because currently the mangling will not allow traffic between the subnets so we will fix that USE Firewall rules forward chain to only allow 10.0.1.0/24 to reach 10.0.0.0/24 and not the reverse.
PRIOR to the other mangle rules put these ones FIRST!/ip firewall mangleadd action=accept chain=prerouting dst-address=10.0.0.0/24 src-address=10.0.1.0/24
You should be intuitively able to see that if one had many LAN subnets or VLANS, an address list would be a decent approachadd action=accept chain=prerouting dst-address-list=LANCrossTalk src-address-list=LANCrossTalk.
WHere/ip firewall address-list
++++++++++++++++++++++++++++++++++++++++++++++++
Allah has nothing to do with it LOL. Nor does Jesus or Buddah, etc… for that matter. It is arrogant to assume ones god is the correct god and even worse not to accept that other people have different faiths or no faith and be respectful and accepting of that. When you can be respectful and accepting of others differences, you will be at peace with yourself and whatever deity you think you need.
People can be helpful and kind without religion as a crux.
i wasn’t trying to convert the post to religious , i was asking good for you ,anyway , my beliefs are on the contrary of that ,and religion is a core part of my living ,i will not argue but i believe that every thing depends on Allah ,anyway thanks for help
Thank you for the kind appreciation you wish to express, I will take it directly from you (vice through a third party ).
