Page 1 of 1

trouble marking UP & DOWN traffic

Posted: Sat Oct 20, 2007 4:09 pm
by titius
Hi.

Im having truble marking my trafic on a rotuer that is connected to internet.

I have LAN and WAN interface, and I cant mangle download traffic here is my setup
 0   chain=prerouting src-address-list=twi dst-address-list=!twi 
     action=mark-connection new-connection-mark=UPLOAD passthrough=yes 

 1   chain=prerouting connection-mark=UPLOAD src-address-list=twi 
     dst-address-list=!twi action=mark-packet new-packet-mark=UPLOAD_P 
     passthrough=yes 

 2   chain=prerouting src-address-list=!twi dst-address-list=twi 
     action=mark-connection new-connection-mark=DOWNLOAD passthrough=yes 

 3   chain=prerouting connection-mark=DOWNLOAD src-address-list=!twi 
     dst-address-list=twi action=mark-packet new-packet-mark=DOWNLOAD_P 
     passthrough=yes 
Only UPLOAD traffic is counted.
What am I doing wrong?

Re: trouble marking UP & DOWN traffic

Posted: Sun Nov 04, 2007 2:47 pm
by galaxynet
titius -
rule 3

chain=prerouting connection-mark=DOWNLOAD src-address-list=!twi
dst-address-list=twi action=mark-packet new-packet-mark=DOWNLOAD_P
passthrough=yes


should read: chain=prerouting connection-mark=DOWNLOAD action=mark-packet new-packet-mark=DOWNLOAD_P passthrough=yes

You already specified in rule 2 your address requirements.... Also - do you have addresses in your TWI list?

Also in the case of what you are doing... I don't usually specify the src address (rule 2) I would specify the incoming interface instead...much 'cleaner' that way.

Re: trouble marking UP & DOWN traffic

Posted: Wed Nov 07, 2007 2:20 pm
by titius
Yes but then counters do not match :( .

I tried with in out interface and without connection list but id doesnt work I mean it counts something but connectiom mark counter and packet mark counter ar not counting equally.

I solved download marking with POSTROUTING chain .

But still dont understand how it works :( .

Re: trouble marking UP & DOWN traffic

Posted: Wed Nov 07, 2007 3:08 pm
by galaxynet
titius -
Ok - best way to solve this issue is - what is it you are actually trying to achieve here?

Traffic control, multiple gateways, tracking users, bandwidth counters, what?

Re: trouble marking UP & DOWN traffic

Posted: Wed Nov 07, 2007 7:06 pm
by titius
To mark traffic, monitor by ports, and QoS .

Re: trouble marking UP & DOWN traffic

Posted: Fri Nov 09, 2007 1:53 pm
by galaxynet
Titus -
This is the type of marking I do in Mangle... This marks the particualr type of traffic. This is not all of the rules this is just a sample to see if this is what you are looking for.... After the traffic is marked then you can do other things to it.... I am not sure how fine you want your control to be.

I tried with in out interface and without connection list but id doesnt work I mean it counts something but connectiom mark counter and packet mark counter ar not counting equally
You are probably never going to get the counters to count exactly equal. There will always be connections that get dropped, probes, scans, all kinds of things.


add chain=prerouting protocol=tcp connection-state=new action=jump jump-target=tcp-services
add chain=prerouting protocol=udp connection-state=new action=jump jump-target=udp-services
add chain=prerouting connection-state=new action=jump jump-target=other-services

add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=20-21 action=mark-connection new-connection-mark=ftp passthrough=no
add chain=tcp-services protocol=tcp src-port=513-65535 dst-port=22 action=mark-connection new-connection-mark=ssh passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=23 action=mark-connection new-connection-mark=telnet passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=25 action=mark-connection new-connection-mark=smtp passthrough=no
add chain=tcp-services protocol=tcp src-port=53 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=80 action=mark-connection new-connection-mark=http passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=110 action=mark-connection new-connection-mark=pop3 passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=113 action=mark-connection new-connection-mark=auth passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=119 action=mark-connection new-connection-mark=nntp passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=143 action=mark-connection new-connection-mark=imap passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=161-162 action=mark-connection new-connection-mark=snmp passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=443 action=mark-connection new-connection-mark=https passthrough=no

Re: trouble marking UP & DOWN traffic

Posted: Fri Nov 09, 2007 1:54 pm
by galaxynet
Titus -
This is the type of marking I do in Mangle... This marks the particualr type of traffic. This is not all of the rules this is just a sample to see if this is what you are looking for.... After the traffic is marked then you can do other things to it.... I am not sure how fine you want your control to be.

I tried with in out interface and without connection list but id doesnt work I mean it counts something but connectiom mark counter and packet mark counter ar not counting equally
You are probably never going to get the counters to count exactly equal. There will always be connections that get dropped, probes, scans, all kinds of things.


add chain=prerouting protocol=tcp connection-state=new action=jump jump-target=tcp-services
add chain=prerouting protocol=udp connection-state=new action=jump jump-target=udp-services
add chain=prerouting connection-state=new action=jump jump-target=other-services

add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=20-21 action=mark-connection new-connection-mark=ftp passthrough=no
add chain=tcp-services protocol=tcp src-port=513-65535 dst-port=22 action=mark-connection new-connection-mark=ssh passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=23 action=mark-connection new-connection-mark=telnet passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=25 action=mark-connection new-connection-mark=smtp passthrough=no
add chain=tcp-services protocol=tcp src-port=53 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=80 action=mark-connection new-connection-mark=http passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=110 action=mark-connection new-connection-mark=pop3 passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=113 action=mark-connection new-connection-mark=auth passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=119 action=mark-connection new-connection-mark=nntp passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=143 action=mark-connection new-connection-mark=imap passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=161-162 action=mark-connection new-connection-mark=snmp passthrough=no
add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=443 action=mark-connection new-connection-mark=https passthrough=no