Please help,
I posted one problem on ‘not able to mangle’ but now I am sure that this picture is problem of whole issue.
So why are the dst ports 53? When I was pressing PrintScr this two users was surfing via proxy (10.1.1.249, 10.1.1.251), i was asking them to press refresh button in browser. Proxy is on 10.1.1.252:808. Address 10.1.1.129 is interface wlan as AP.
Being reading this forum, is the problem in ‘tracking timeout’ or some bad DNS config, maybe routing? I am trying to mark packet but there is now other dst port then 53?
DNS is set as 10.1.1.129.
Routes are dst=10.1.1.128/25 pref. src=10.1.1.129
If it is any help, port 53 is DNS. That is the IP of the DNS server you have listed there.
I now that it is DNS port so my doubt was is on bad DNS config, but what it is? MT has two dns servers to insert and checkbox ‘peer request’, I can turn of primary DNS but still the same. My firewall config is clean, no NAT, PAT or Firewall rule.
DNS is set as 10.1.1.129.
I am not certain what you are asking. It appears to be making the DNS requests to the correct IP. Is the computer assigned 10.1.1.129 a DNS server? If you are not certain, then use the IPs your ISP issued you for DNS servers.
ADD: A client computer will make the DNS request before it attempts to load the webpage, no matter where the page is loaded from.
Ok let me explain, goal of our network it’s not to serve internet. We are shearing data with our wireless network and proxy that I mention is private thing betwin two users of 12 users. We wont to mark packet to prioritized traffic because this two users are breaking stability… We wont to limit this proxy traffic to 4Mbit and all other trafic unlimited(P2P)… Proxy server is 10.1.1.252 on 808 port. AP is 10.1.1.129/25. When you setup MT default DNS is 10.1.1.129.
When I wont to mark packets, I setup to mark all packets (MT wiki) with dst port 808 but counter is 0byte all the time. I can’t mark becuse there is no connection. I suspect that this is becuse in connection there is all dst port 53, this a is problem.
There is no dst address 10.1.1.252 as you can see in picture everething ends to ip 10.1.1.129 which is MT router IP and there is that port 53 what confuse Me. How to get in connection list real traffic, I wont to see which user is makin connection to what user…
Thnx very much for reply…
So all websites are localnet? How are your clients attempting to access these pages? By IP or URL?
Web pages are on Internet but served thrue proxy server on client 10.1.1.252… That client has DSL line and some win32 app for proxy Ineternet… In that app he can filter which users can have Internet.
I understand that we need DNS to resolve IP but why if I ping some user, firewall->connection is listing:
src add. 10.1.1.249 (Me)
dst add. 10.1.1.129:53 (here must be IP of user that I ping and port 138???)
When you ping, does it work?
Are there any rules in these:
/ip firewall nat
/ip firewall mangle
Ping is working, whole network is working, no NAT. This is meaning of this post, I am trying to mangle but there is nothing to mangle because everything end with dst add. of wlan1 interface and port 53. Its looks like MT change every dst address…
RB 433 with ROS 3.22.
If all the computers and servers are on one interface, they don’t go through the AP routing to access each other, just the AP’s radio. That is the purpose of the netmask. Any ip in the netmask (localnet) the request goes direct (well, almost - AP radio again). No mangle rule will mark those. Non-localnet requests are made to the gateway. Those you can mark.
I know this is off topic but how do I QOS or queue traffic on wlan interface?
I think your choices are:
- divide into 2 private networks and QOS the route between them
- use QOS on the internal servers
