Community discussions

 
arnab620
just joined
Topic Author
Posts: 14
Joined: Thu Jan 19, 2017 9:13 am

Packet Mark - Am I doing it right ?

Tue May 16, 2017 9:34 pm

Hello,
I am trying to mark all packets which are coming in and going out from my 2 PC (192.168.1.1 & 192.168.1.2) in my mikrotik router. The purpose of marking those packets is to set priority and control bandwidth of these 2 computers later.

In order to do that, first I marked the source & destination connections of my 2 PC as "C1" & "C2". And then I marked the packets as "P1" & "P2" based on the connection marks. Below is my configuration for marking the packets.

The question is, am I doing it correctly ? Any comment/suggestion is appreciated....
[admin@Arnab MikroTik Router] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; Connection Mark
      chain=prerouting action=mark-connection new-connection-mark=C1 passthrough=yes src-address=192.168.1.1 log=no log-prefix="" 
 1    chain=prerouting action=mark-connection new-connection-mark=C1 passthrough=yes dst-address=192.168.1.1 log=no log-prefix="" 
 2    chain=prerouting action=mark-connection new-connection-mark=C2 passthrough=yes src-address=192.168.1.2 log=no log-prefix="" 
 3    chain=prerouting action=mark-connection new-connection-mark=C2 passthrough=yes dst-address=192.168.1.2 log=no log-prefix="" 
 4    ;;; Packet Mark
      chain=prerouting action=mark-packet new-packet-mark=P1 passthrough=yes connection-mark=C1 log=no log-prefix="" 
 5    chain=prerouting action=mark-packet new-packet-mark=P2 passthrough=yes connection-mark=C2 log=no log-prefix="" 
[admin@Arnab MikroTik Router] /ip firewall mangle>

Thank You.
 
User avatar
SiB
Member Candidate
Member Candidate
Posts: 163
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: Packet Mark - Am I doing it right ?

Tue May 16, 2017 9:49 pm

You can check it at firewall
Image

To connection mark add this: connection-mark=no-mark - you will be mark only new traffic. I hope you have got a firewall rules with accept the establish and related traffic.
MTCNA + MTCRE + MTCINE | ~600 users at ~150 RouterBoards in EMEA | Telegram: @SiB_PL | WebChat: Tokonda
WinBox Tip: F6 works as ALT+TAB
 
arnab620
just joined
Topic Author
Posts: 14
Joined: Thu Jan 19, 2017 9:13 am

Re: Packet Mark - Am I doing it right ?

Wed May 17, 2017 8:25 am

You can check it at firewall
You mean I can check it from firewall whether my packets are actually being marked or not.... right ?


Thank :)
 
arnab620
just joined
Topic Author
Posts: 14
Joined: Thu Jan 19, 2017 9:13 am

Re: Packet Mark - Am I doing it right ?

Wed May 17, 2017 8:27 am

But my question is, the way I am marking my packets, is it a correct way ??
Like : mark the source/destination connections in pre-routing chain and then mark the packets based on connection marks.... is it the correct way ?

Thanks :)
 
User avatar
SiB
Member Candidate
Member Candidate
Posts: 163
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: Packet Mark - Am I doing it right ?

Wed May 17, 2017 9:53 am

It's the best way.. even more bcs you can mark even specific trafic by protocol&port. Next stuff is what you do with this traffic.
When it's queue then you can use it at simple and tree tab.

Please grab new traffic only when they have got connection-mark=no-mark - to be sure. Info about it I write below photo.
MTCNA + MTCRE + MTCINE | ~600 users at ~150 RouterBoards in EMEA | Telegram: @SiB_PL | WebChat: Tokonda
WinBox Tip: F6 works as ALT+TAB
 
arnab620
just joined
Topic Author
Posts: 14
Joined: Thu Jan 19, 2017 9:13 am

Re: Packet Mark - Am I doing it right ?

Wed May 17, 2017 2:40 pm

Please grab new traffic only when they have got connection-mark=no-mark - to be sure. Info about it I write below photo.
Thank You. How can I do that ?

Thanks :)
 
User avatar
SiB
Member Candidate
Member Candidate
Posts: 163
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: Packet Mark - Am I doing it right ?

Wed May 17, 2017 2:55 pm

Add it to your first rules what you give.
Image
MTCNA + MTCRE + MTCINE | ~600 users at ~150 RouterBoards in EMEA | Telegram: @SiB_PL | WebChat: Tokonda
WinBox Tip: F6 works as ALT+TAB
 
User avatar
leonardosoares
just joined
Posts: 2
Joined: Tue May 16, 2017 11:46 pm
Location: Colíder, Brazil
Contact:

Re: Packet Mark - Am I doing it right ?

Thu May 18, 2017 6:26 am

To my traffic control, i use forward to download and prerouting to upload
You do not have the required permissions to view the files attached to this post.
 
User avatar
SiB
Member Candidate
Member Candidate
Posts: 163
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: Packet Mark - Am I doing it right ?

Thu May 18, 2017 12:54 pm

Hmm, I always do a rule into prerouting for download & upload traffic by users and all that next rule are still in prerouting.
Currently your HTTP&Other upload have got ones prerounting and next forward.

But what is not work? Or it's working but you search better way.

PS. CTRL+L clear screen.
PS2 not "print" but "export" - then you can select and RMB copy it. Paste to forum post and press CODE icon "[]" . Then I can import, correct and repaste better code.
PS3 You can think and read before about FastPath... but you must know what and how it's work. It's next level.
MTCNA + MTCRE + MTCINE | ~600 users at ~150 RouterBoards in EMEA | Telegram: @SiB_PL | WebChat: Tokonda
WinBox Tip: F6 works as ALT+TAB
 
arnab620
just joined
Topic Author
Posts: 14
Joined: Thu Jan 19, 2017 9:13 am

Re: Packet Mark - Am I doing it right ?

Sun May 21, 2017 9:15 am

Please grab new traffic only when they have got connection-mark=no-mark - to be sure. Info about it I write below photo.
I think I am still missing something. Could you please explain what is the purpose of "grabbing new traffic only when they have got connection-mark=no-mark"
Please help me to understand it... :)
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1715
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Packet Mark - Am I doing it right ?

Sun May 21, 2017 12:06 pm

If connection is not connection-marked then it falls into virtual "no-mark" category. There is no need to check traffic already marked.
Real admins use real keyboards.

Who is online

Users browsing this forum: MSN [Bot] and 39 guests