who can help me with mangle

plz hlpe me with check the mangle,Why finally three don’t work

/ ip firewall mangle
add chain=prerouting in-interface=LAN src-address-list=cnc1
action=mark-connection new-connection-mark=wan1 passthrough=yes
comment=“cnc1 oldconn” disabled=no
add chain=prerouting in-interface=LAN src-address-list=cnc1
action=mark-routing new-routing-mark=cnc1 passthrough=yes comment=“cnc1
oldmark” disabled=no
add chain=prerouting in-interface=LAN src-address-list=cnc2
action=mark-connection new-connection-mark=wan2 passthrough=yes
comment=“cnc2 oldconn” disabled=no
add chain=prerouting in-interface=LAN src-address-list=cnc2
action=mark-routing new-routing-mark=cnc2 passthrough=yes comment=“cnc2
oldmark” disabled=no
add chain=prerouting in-interface=LAN src-address-list=tel1
action=mark-connection new-connection-mark=wan3 passthrough=yes
comment=“tel1 oldconn” disabled=no
add chain=prerouting in-interface=LAN src-address-list=tel1
action=mark-routing new-routing-mark=tel1 passthrough=yes comment=“tel1
oldmark” disabled=no
add chain=prerouting in-interface=LAN src-address-list=tel2
action=mark-connection new-connection-mark=wan4 passthrough=yes
comment=“tel2 oldconn” disabled=no
add chain=prerouting in-interface=LAN src-address-list=tel2
action=mark-routing new-routing-mark=tel2 passthrough=yes comment=“tel2
oldmark” disabled=no
add chain=prerouting in-interface=LAN src-address=192.168.0.0/23
connection-state=new nth=1,1,0 dst-address-list=cnc action=mark-connection
new-connection-mark=wan1 passthrough=yes comment=“cnc1 conn” disabled=no
add chain=prerouting in-interface=LAN connection-mark=wan1
action=add-src-to-address-list address-list=cnc1 address-list-timeout=1d
comment=“cnc1 src” disabled=no
add chain=prerouting in-interface=LAN connection-mark=wan1 action=mark-routing
new-routing-mark=cnc1 passthrough=no comment=“cnc1 mark” disabled=no
add chain=prerouting in-interface=LAN src-address=192.168.0.0/23
connection-state=new nth=1,1,1 dst-address-list=cnc action=mark-connection
new-connection-mark=wan2 passthrough=yes comment=“cnc2 conn” disabled=no
add chain=prerouting in-interface=LAN connection-mark=wan2
action=add-src-to-address-list address-list=cnc2 address-list-timeout=1d
comment=“cnc2 src” disabled=no
add chain=prerouting in-interface=LAN connection-mark=wan2 action=mark-routing
new-routing-mark=cnc2 passthrough=no comment=“cnc2 mark” disabled=no
add chain=prerouting in-interface=LAN src-address=192.168.0.0/23
connection-state=new nth=1,1,0 dst-address-list=!cnc
action=mark-connection new-connection-mark=wan3 passthrough=yes
comment=“tel1 conn” disabled=no
add chain=prerouting in-interface=LAN connection-mark=wan3
action=add-src-to-address-list address-list=tel1 address-list-timeout=1d
comment=“tel1 src” disabled=no
add chain=prerouting in-interface=LAN connection-mark=wan3 action=mark-routing
new-routing-mark=tel1 passthrough=no comment=“tel1 mark” disabled=no
add chain=prerouting in-interface=LAN src-address=192.168.0.0/23
connection-state=new nth=1,1,1 dst-address-list=!cnc
action=mark-connection new-connection-mark=wan4 passthrough=yes
comment=“tel2 conn” disabled=no
add chain=prerouting in-interface=LAN connection-mark=wan4
action=add-src-to-address-list address-list=tel2 address-list-timeout=1d
comment=“tel2 src” disabled=no
add chain=prerouting in-interface=LAN connection-mark=wan4 action=mark-routing
new-routing-mark=tel2 passthrough=no comment=“tel2 mark” disabled=no

I do not see any packet-mark in your configuration. Queue tree is using ‘packet-mark’ from mangle not mark-connection or mark-routing.
Mangle general example are given here,
http://www.mikrotik.com/testdocs/ros/2.9/ip/mangle.php

[quote=“guaidetian”] plz hlpe me with check the mangle,Why finally three don’t work

/ ip firewall mangle
add chain=prerouting in-interface=LAN src-address-list=cnc1
action=mark-connection new-connection-mark=wan1 passthrough=yes
comment=“cnc1 oldconn” disabled=no
add chain=prerouting in-interface=LAN src-address-list=cnc1
action=mark-routing new-routing-mark=cnc1 passthrough=yes comment=“cnc1
oldmark” disabled=no

I think there is sth. wrong with the routing mark, you shouldn’t passthrough:
add chain=prerouting in-interface=LAN src-address-list=cnc1
action=mark-routing new-routing-mark=cnc1 passthrough=no comment=“cnc1
oldmark” disabled=no

This way the packet stops here from checking on the other rules, leaving passthrough=yes, means the packet keeps going through checking on the others rules. Same for other routing marks

Toni

Mark-routing is used for policy-routing, you have to add rules, that will use action=mark-packet, as only mark-packet option is used in queue tree.

Passtrough=no means, that traffic that matching this rule will be excluded from mangle table and will not pass trough any other rule.

sergejs

thanks a lot first
“Mark-routing is used for policy-routing, you have to add rules, that will use action=mark-packet, as only mark-packet option is used in queue tree.”

I am not the application in queue.I am the application in policy-routing.so i need mark-routing

I’m sorry I misunderstand you at the previous posts.
add chain=prerouting in-interface=LAN src-address-list=cnc1
action=mark-routing new-routing-mark=cnc1 passthrough=yes comment=“cnc1
oldmark” disabled=no
Most likely all traffic is matched by the first rule and not processed further. Check ‘address-list’ configuration, probably cnc1 list contains addresses, that override all other mangle rules (address-lists) used there.

I do not sure why you like to make?

2 TEL + 2CNC wan line ?

LAN 192.168.0.0/23 ??

Why use policy routing by scr-address ?? (SCR-IP)

In china line, make you route table and it work fine

2 wan just use NTH mark new connect in same ISP will work fine.

Do not need so intricacy.

By the way:

Why not ask such question in forum you visited in China *********
Hehe I saw you had your moment in the site…

sergejs
thanks a lot
i had finish it
you are right .i had change the rules you said.

winxp2000
谢谢你，我曾试着加你的QQ，你不理会我。因为在国内的论坛上没人对我说NTH的参数。我开始一直觉得是NTH的问题，尽管最后确实NTH参数有问题，不过最主要的是我标记的那几个addresslist出错了。因为是两个ISP的，所以不能用addresslist。其它的是：环境是四条线，两条电信，两条网通。首先保证电信和网通做基于目的地址的策略路由，然后实现双电信负载，双网通负载。