Community discussions

 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

trouble marking UP & DOWN traffic

Sat Oct 20, 2007 4:09 pm

Hi.

Im having truble marking my trafic on a rotuer that is connected to internet.

I have LAN and WAN interface, and I cant mangle download traffic here is my setup
 0   chain=prerouting src-address-list=twi dst-address-list=!twi 
     action=mark-connection new-connection-mark=UPLOAD passthrough=yes 

 1   chain=prerouting connection-mark=UPLOAD src-address-list=twi 
     dst-address-list=!twi action=mark-packet new-packet-mark=UPLOAD_P 
     passthrough=yes 

 2   chain=prerouting src-address-list=!twi dst-address-list=twi 
     action=mark-connection new-connection-mark=DOWNLOAD passthrough=yes 

 3   chain=prerouting connection-mark=DOWNLOAD src-address-list=!twi 
     dst-address-list=twi action=mark-packet new-packet-mark=DOWNLOAD_P 
     passthrough=yes 
Only UPLOAD traffic is counted.
What am I doing wrong?
 
galaxynet
Long time Member
Long time Member
Posts: 648
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Re: trouble marking UP & DOWN traffic

Sun Nov 04, 2007 2:47 pm

titius -
rule 3

chain=prerouting connection-mark=DOWNLOAD src-address-list=!twi
dst-address-list=twi action=mark-packet new-packet-mark=DOWNLOAD_P
passthrough=yes


should read: chain=prerouting connection-mark=DOWNLOAD action=mark-packet new-packet-mark=DOWNLOAD_P passthrough=yes

You already specified in rule 2 your address requirements.... Also - do you have addresses in your TWI list?

Also in the case of what you are doing... I don't usually specify the src address (rule 2) I would specify the incoming interface instead...much 'cleaner' that way.
Thom Lawless
General Manager
RapidWiFi, LLC
thom.lawless [at] rapidwifi.com
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Re: trouble marking UP & DOWN traffic

Wed Nov 07, 2007 2:20 pm

Yes but then counters do not match :( .

I tried with in out interface and without connection list but id doesnt work I mean it counts something but connectiom mark counter and packet mark counter ar not counting equally.

I solved download marking with POSTROUTING chain .

But still dont understand how it works :( .
 
galaxynet
Long time Member
Long time Member
Posts: 648
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Re: trouble marking UP & DOWN traffic

Wed Nov 07, 2007 3:08 pm

titius -
Ok - best way to solve this issue is - what is it you are actually trying to achieve here?

Traffic control, multiple gateways, tracking users, bandwidth counters, what?
Thom Lawless
General Manager
RapidWiFi, LLC
thom.lawless [at] rapidwifi.com
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Re: trouble marking UP & DOWN traffic

Wed Nov 07, 2007 7:06 pm

To mark traffic, monitor by ports, and QoS .
 
galaxynet
Long time Member
Long time Member
Posts: 648
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Re: trouble marking UP & DOWN traffic

Fri Nov 09, 2007 1:53 pm

Titus -
This is the type of marking I do in Mangle... This marks the particualr type of traffic. This is not all of the rules this is just a sample to see if this is what you are looking for.... After the traffic is marked then you can do other things to it.... I am not sure how fine you want your control to be.

I tried with in out interface and without connection list but id doesnt work I mean it counts something but connectiom mark counter and packet mark counter ar not counting equally
You are probably never going to get the counters to count exactly equal. There will always be connections that get dropped, probes, scans, all kinds of things.


add chain=prerouting protocol=tcp connection-state=new action=jump jump-target=tcp-services
add chain=prerouting protocol=udp connection-state=new action=jump jump-target=udp-services
add chain=prerouting connection-state=new action=jump jump-target=other-services

add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=20-21 action=mark-connection new-connection-mark=ftp passthrough=no
add chain=tcp-services protocol=tcp src-port=513-65535 dst-port=22 action=mark-connection new-connection-mark=ssh passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=23 action=mark-connection new-connection-mark=telnet passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=25 action=mark-connection new-connection-mark=smtp passthrough=no
add chain=tcp-services protocol=tcp src-port=53 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=80 action=mark-connection new-connection-mark=http passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=110 action=mark-connection new-connection-mark=pop3 passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=113 action=mark-connection new-connection-mark=auth passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=119 action=mark-connection new-connection-mark=nntp passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=143 action=mark-connection new-connection-mark=imap passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=161-162 action=mark-connection new-connection-mark=snmp passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=443 action=mark-connection new-connection-mark=https passthrough=no
Thom Lawless
General Manager
RapidWiFi, LLC
thom.lawless [at] rapidwifi.com
 
galaxynet
Long time Member
Long time Member
Posts: 648
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Re: trouble marking UP & DOWN traffic

Fri Nov 09, 2007 1:54 pm

Titus -
This is the type of marking I do in Mangle... This marks the particualr type of traffic. This is not all of the rules this is just a sample to see if this is what you are looking for.... After the traffic is marked then you can do other things to it.... I am not sure how fine you want your control to be.

I tried with in out interface and without connection list but id doesnt work I mean it counts something but connectiom mark counter and packet mark counter ar not counting equally
You are probably never going to get the counters to count exactly equal. There will always be connections that get dropped, probes, scans, all kinds of things.


add chain=prerouting protocol=tcp connection-state=new action=jump jump-target=tcp-services
add chain=prerouting protocol=udp connection-state=new action=jump jump-target=udp-services
add chain=prerouting connection-state=new action=jump jump-target=other-services

add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=20-21 action=mark-connection new-connection-mark=ftp passthrough=no
add chain=tcp-services protocol=tcp src-port=513-65535 dst-port=22 action=mark-connection new-connection-mark=ssh passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=23 action=mark-connection new-connection-mark=telnet passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=25 action=mark-connection new-connection-mark=smtp passthrough=no
add chain=tcp-services protocol=tcp src-port=53 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=80 action=mark-connection new-connection-mark=http passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=110 action=mark-connection new-connection-mark=pop3 passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=113 action=mark-connection new-connection-mark=auth passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=119 action=mark-connection new-connection-mark=nntp passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=143 action=mark-connection new-connection-mark=imap passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=161-162 action=mark-connection new-connection-mark=snmp passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=443 action=mark-connection new-connection-mark=https passthrough=no
Thom Lawless
General Manager
RapidWiFi, LLC
thom.lawless [at] rapidwifi.com

Who is online

Users browsing this forum: MSN [Bot] and 29 guests