Hi all ,
please help, i need to create simple queue with 3 different mangle : my situation now :
ip wan : 115.80.74.xxx
Ip Lan : 192.168.0.0/24
1. i have 2 mangle to separate 2 connection :
- Mangle IIX is routing mark packet : connection to .local / domestic ( which ip address in our local country )
- Mangle INT is routing mark packet : connection to outside our country / international connection (except : packet mark local "nice list ip address list " / IIX )
/ip firewall mangle
add action=mark-packet chain=prerouting comment=ICMP new-packet-mark=ICMP \
add action=mark-connection chain=forward comment=INT new-connection-mark=\
Int-Con passthrough=yes protocol=!icmp src-address-list=!nice
add action=mark-connection chain=forward dst-address-list=!nice \
new-connection-mark=Int-Con passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting connection-mark=Int-Con \
add action=mark-connection chain=forward comment=IIX new-connection-mark=\
iix-con passthrough=yes protocol=!icmp src-address-list=nice
add action=mark-connection chain=forward dst-address-list=nice \
new-connection-mark=iix-con passthrough=yes protocol=!icmp
add action=mark-packet chain=prerouting connection-mark=iix-con \
2. my example simple queue for 2 mangle (IIX and INT)
add max-limit=5M/5M name="IIX" packet-marks=IIX target=\
add max-limit=5M/5M name="INT" packet-marks=INT target=\
this simple queue is running normally.
i need to add 1 more mangle to create routing and packet mark for Facebook Connection ( Mangle C ) which i'm sure that some or much facebook ip address list connection also exist in Mangle INT.
the goal is : i have to set no limit to all ip in LAN which connecting to Facebook .
here is my new mangle for grab facebook ip:
/ip firewall layer7-protocol
add name=L7_FB regexp="^(.*)(facebook)(.*)\\\$"
/ip firewall filter
add action=add-dst-to-address-list address-list=FB_List address-list-timeout=\
5m chain=forward layer7-protocol=L7_FB log-prefix=""
/ip firewall mangle
add action=mark-connection chain=forward dst-address-list=FB_List log-prefix=\
"" new-connection-mark=FB_Conn passthrough=yes
add action=mark-packet chain=forward connection-mark=FB_Conn log-prefix="" \
but i dunno how i create new simple queue or anything, to let my LAN IP is no limit to facebook ip address list.
Please advice .