Community discussions

 
User avatar
greek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Thu Nov 04, 2010 11:37 pm
Location: Russia, 78rus

How to mark packets from\to port in bridge?

Thu Apr 03, 2014 8:40 pm

Good day. Help me please.

I want to mark incoming and outcoming packets from vlan, which is a port in bridge.
I enable "Use IP Firewall" and "Use IP Firewall for VLAN" settings.

I try:

/ip firewall mangle
add chain=forward out-bridge-port=vlan10 action=accept it's not work, packet counter increase very slow
add chain=forward in-bridge-port=vlan10 action=accept it's seems working

Another way:
/interface bridge filter
add chain=forward in-interface=vlan10 -it's not work, packet counter increase very slow
add chain=forward out-interface=vlan10 -it's working very strange, packet counter increase, but not all packets counts

What is the rigth way to see\mark packets in bridge port?
 
oliverflux
just joined
Posts: 1
Joined: Sat Jul 13, 2013 5:05 pm

Re: How to mark packets from\to port in bridge?

Thu Apr 03, 2014 10:35 pm

I'm in the same situation my brother.
I need to change the route of a packet is entering a port of my "RouterOS" and out through another.
In your case, you want to do exactly that with these packages marked?

Regards , Oliver .
 
User avatar
greek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Thu Nov 04, 2010 11:37 pm
Location: Russia, 78rus

Re: How to mark packets from\to port in bridge?

Fri Apr 04, 2014 11:40 pm

I'm in the same situation my brother.
I need to change the route of a packet is entering a port of my "RouterOS" and out through another.
In your case, you want to do exactly that with these packages marked?
I want to shape vlan in bridge.

I have a little success, i found place where i can mark packets in both direction:

/interface bridge nat
add action=mark-packet chain=dstnat in-interface=vlan10 new-packet-mark=out
add action=mark-packet chain=srcnat out-interface=vlan10 new-packet-mark=in

but "in" mark doesn't work in simple queue :(
I cann't understand why.

For finding rigth place to mark in packet flow, i use this diagram: http://wiki.mikrotik.com/wiki/Manual:Packet_Flow_v6
 
baggar11
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Tue Oct 22, 2013 4:49 am

Re: How to mark packets from\to port in bridge?

Sat Apr 05, 2014 12:48 am

I actually just got done figuring this out. If you use torch on the interface you are trying to mark, and view download/upload, you'll notice there isn't any difference in the src/dst. So what I had to do was mark the src, in my case wlan30 and then mark the dst, in my case vlan30. This gave me the proper marks for upload and download. Of course, this may not fit your scenario exactly, but might give you a bump in the right direction.
 
User avatar
greek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Thu Nov 04, 2010 11:37 pm
Location: Russia, 78rus

Re: How to mark packets from\to port in bridge?

Sat Apr 05, 2014 1:05 am

you'll notice there isn't any difference in the src/dst. So what I had to do was mark the src, in my case wlan30 and then mark the dst, in my case vlan30.
Thank you for answer.

wlan30 and vlan 30 are both bridge ports of same bridge ?

You mark src and dst interface in "Bridge - Filter\Nat" or "IP Firewall - Mangle" ?
You used "In\Out Interface" or "In\Out Bridge port" parameters ?
 
baggar11
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Tue Oct 22, 2013 4:49 am

Re: How to mark packets from\to port in bridge?

Sat Apr 05, 2014 2:19 am

In my case, I have an RB951g-2hnd unit that I'm only using as an AP. It's only a bridge, no routing involved. So I'm marking the packets using the bridge filter. Both vlan30 and wlan30 are ports on bridge30.

Who is online

Users browsing this forum: No registered users and 7 guests