Page 1 of 1

Packet Mark - Am I doing it right ?

Posted: Tue May 16, 2017 9:34 pm
by arnab620
Hello,
I am trying to mark all packets which are coming in and going out from my 2 PC (192.168.1.1 & 192.168.1.2) in my mikrotik router. The purpose of marking those packets is to set priority and control bandwidth of these 2 computers later.

In order to do that, first I marked the source & destination connections of my 2 PC as "C1" & "C2". And then I marked the packets as "P1" & "P2" based on the connection marks. Below is my configuration for marking the packets.

The question is, am I doing it correctly ? Any comment/suggestion is appreciated....
[admin@Arnab MikroTik Router] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; Connection Mark
      chain=prerouting action=mark-connection new-connection-mark=C1 passthrough=yes src-address=192.168.1.1 log=no log-prefix="" 
 1    chain=prerouting action=mark-connection new-connection-mark=C1 passthrough=yes dst-address=192.168.1.1 log=no log-prefix="" 
 2    chain=prerouting action=mark-connection new-connection-mark=C2 passthrough=yes src-address=192.168.1.2 log=no log-prefix="" 
 3    chain=prerouting action=mark-connection new-connection-mark=C2 passthrough=yes dst-address=192.168.1.2 log=no log-prefix="" 
 4    ;;; Packet Mark
      chain=prerouting action=mark-packet new-packet-mark=P1 passthrough=yes connection-mark=C1 log=no log-prefix="" 
 5    chain=prerouting action=mark-packet new-packet-mark=P2 passthrough=yes connection-mark=C2 log=no log-prefix="" 
[admin@Arnab MikroTik Router] /ip firewall mangle>

Thank You.

Re: Packet Mark - Am I doing it right ?

Posted: Tue May 16, 2017 9:49 pm
by SiB
You can check it at firewall
Image

To connection mark add this: connection-mark=no-mark - you will be mark only new traffic. I hope you have got a firewall rules with accept the establish and related traffic.

Re: Packet Mark - Am I doing it right ?

Posted: Wed May 17, 2017 8:25 am
by arnab620
You can check it at firewall
You mean I can check it from firewall whether my packets are actually being marked or not.... right ?


Thank :)

Re: Packet Mark - Am I doing it right ?

Posted: Wed May 17, 2017 8:27 am
by arnab620
But my question is, the way I am marking my packets, is it a correct way ??
Like : mark the source/destination connections in pre-routing chain and then mark the packets based on connection marks.... is it the correct way ?

Thanks :)

Re: Packet Mark - Am I doing it right ?

Posted: Wed May 17, 2017 9:53 am
by SiB
It's the best way.. even more bcs you can mark even specific trafic by protocol&port. Next stuff is what you do with this traffic.
When it's queue then you can use it at simple and tree tab.

Please grab new traffic only when they have got connection-mark=no-mark - to be sure. Info about it I write below photo.

Re: Packet Mark - Am I doing it right ?

Posted: Wed May 17, 2017 2:40 pm
by arnab620
Please grab new traffic only when they have got connection-mark=no-mark - to be sure. Info about it I write below photo.
Thank You. How can I do that ?

Thanks :)

Re: Packet Mark - Am I doing it right ?

Posted: Wed May 17, 2017 2:55 pm
by SiB
Add it to your first rules what you give.
Image

Re: Packet Mark - Am I doing it right ?

Posted: Thu May 18, 2017 6:26 am
by leonardosoares
To my traffic control, i use forward to download and prerouting to upload

Re: Packet Mark - Am I doing it right ?

Posted: Thu May 18, 2017 12:54 pm
by SiB
Hmm, I always do a rule into prerouting for download & upload traffic by users and all that next rule are still in prerouting.
Currently your HTTP&Other upload have got ones prerounting and next forward.

But what is not work? Or it's working but you search better way.

PS. CTRL+L clear screen.
PS2 not "print" but "export" - then you can select and RMB copy it. Paste to forum post and press CODE icon "[]" . Then I can import, correct and repaste better code.
PS3 You can think and read before about FastPath... but you must know what and how it's work. It's next level.

Re: Packet Mark - Am I doing it right ?

Posted: Sun May 21, 2017 9:15 am
by arnab620
Please grab new traffic only when they have got connection-mark=no-mark - to be sure. Info about it I write below photo.
I think I am still missing something. Could you please explain what is the purpose of "grabbing new traffic only when they have got connection-mark=no-mark"
Please help me to understand it... :)

Re: Packet Mark - Am I doing it right ?

Posted: Sun May 21, 2017 12:06 pm
by BartoszP
If connection is not connection-marked then it falls into virtual "no-mark" category. There is no need to check traffic already marked.