Page 1 of 1

Firewall/Mangle everlasting question :)

Posted: Sat Dec 06, 2008 3:26 pm
by titius
Simple question, here is code, I edited this for better understanding of my question.

here is mangle
0   ;;; UPLOAD
     chain=prerouting in-interface=Lokal action=mark-connection 
     new-connection-mark=UPLOAD_CONN passthrough=yes 

 1   ;;; DOWNLOAD
     chain=prerouting in-interface=wan0 action=mark-connection 
     new-connection-mark=DOWNLOAD_CONN passthrough=yes 

 2   chain=prerouting in-interface=Lokal connection-mark=UPLOAD_CONN 
     action=mark-packet new-packet-mark=UPLOAD passthrough=yes 

 3   chain=prerouting in-interface=wan0 connection-mark=DOWNLOAD_CONN 
     action=mark-packet new-packet-mark=DOWNLOAD passthrough=yes 

 4   chain=forward protocol=tcp dst-port=80 action=mark-connection 
     new-connection-mark=HTTP passthrough=yes 

 5   chain=forward protocol=tcp dst-port=80 connection-mark=HTTP 
     action=mark-packet new-packet-mark=HTTP passthrough=no
and here is queue tree
0   name="UPLOAD" parent=global-total packet-mark=UPLOAD limit-at=0 
     queue=default priority=8 max-limit=160000 burst-limit=0 
     burst-threshold=0 burst-time=0s 

 1   name="DOWNLOAD" parent=global-total packet-mark=DOWNLOAD limit-at=0 
     queue=default priority=8 max-limit=1900000 burst-limit=0 
     burst-threshold=0 burst-time=0s 

 2   name="HTTP" parent=UPLOAD packet-mark=HTTP limit-at=1500000 queue=default 
     priority=1 max-limit=1800000 burst-limit=0 burst-threshold=0 
When I enable child queue HTTP, parent and child queues sdtop counting traffic, so UPLOAD (parent) and HTTP stop counting traffic, soon as I disable child HTTP UPLOAD PARENT starts normally . . .

What am I doing wrong ?

Re: Firewall/Mangle everlasting question :)

Posted: Sat Dec 06, 2008 4:28 pm
by titius
uh sorry, chain must not be forward for this thing to work :) . . .

still, can someone pleas give example how to mark upload download traffic. . .

for example I want to mark HTTP connections, when I use DST-PORT 80 with PROTOCOL TCP, I get only small amount of http traffic in that connection mark, but when I set only DST-PORT 80 without PROTOCOL TCP I get exact amount of HTTP traffic, why is that