Just a little confused on Mangle, and need some clarification on the queues that go along with it.
Generally I build a Queue Tree with slightly less available bandwidth than the connection has, in order to make the limiting work.
I have been marking packets as in my mind,it doesn't allow anything to slip through. I know this is more CPU intensive. But this is generally on CCRs, so it doesn't seem to matter.
Couple of questions:
1. If I mark a connection, is the only real benefit of this a) NAT, marks back and forth traffic b) less cpu intensive
2. If I mark a packet, I assume I have to re-mark them on return using a second rule?
3. When is it best to use pre-routing/post-routing or just plain old forward?
I have an issue at the moment where I have a mangle rule that marks connections going out the wan with a destination of port 80, 443 (web traffic). I have a rule under this that is the same, but marks packets that are not already marked. Why is some stuff slipping through?
Code: Select all
1 ;;; web traffic (new connections, mark connection)
chain=forward action=mark-connection new-connection-mark=mang-web passthrough=no connection-state=new protocol=tcp src-address=192.168.142.0/24
out-interface=ether1-WAN dst-port=80,443 log=no log-prefix=""
2 ;;; web traffic (mark slipped packets)
chain=forward action=mark-packet new-packet-mark=mang-web passthrough=no protocol=tcp src-address=192.168.142.0/24 out-interface=ether1-WAN
dst-port=80,443 connection-mark=!mang-web log=no log-prefix=""
Is there any best practice for any of this stuff?
