Community discussions

MikroTik App
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Mangle, prerouting or forward, NAT ...

Mon Aug 28, 2006 1:24 pm

Hi,

sorry if I will ask what is obvious to most of you, but I read thru tonnes of mangle/p2p related topics, but I did not find satisfactory enough answer to following:

- what chain should I use for mangle - prerouting or forward, and what are consequences in the case of using NAT (masquarading network)? Here is what is my level of understanding of topic:

- when network is not NATted, we are simply ok with packet-marks. If network is NATted though, we need to conntracking capability, and mark connections first. Am I right?

- then I can see several aproaches - some use forward chain for marking, some use prerouting chain. E.g. on our router, if I had p2p marked in forward chain, it showed 0 for outgoing traffic (Simple queue). When I changed mangle rules to prerouting chain, it started to show actually some traffic going via particular SQ. Do I suspect correctly, that pre(post)routing happens before respective NAT is applied, whereas forward chain is entered after the NAT?

- but - I would like to know, if there is any difference in SQ vs QT, and to actually WHEN/WHERE they happen?

I am looking at flow-diagram chart, but not successfull in imagining, what is happening and where ....

Thanks for at least small pointers :-)

Petr
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Mon Aug 28, 2006 3:01 pm

Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Mon Aug 28, 2006 3:50 pm

Thanks for the tip, Eugene. But in my post I already stated that I "know" about this manual page, looked into it several times, but maybe it is just behind of level of my ability to understand things.

I mean - I understand it, as I read it, but I am not able to answer myself questions as e.g.

- why, using SQ, mangling p2p in forward chain (as in manual or various examples), on router where masquarading is being done, SQ upload rate says at 0, while changing mangle rules to prerouting chain, SQ counter starts to show even upload?

That is why I am asking those small questions - maybe answer to those will help me to understand bigger picture :-)

Thanks for bearing with me,
Petr
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Mon Aug 28, 2006 5:43 pm

- why, using SQ, mangling p2p in forward chain (as in manual or various examples), on router where masquarading is being done, SQ upload rate says at 0, while changing mangle rules to prerouting chain, SQ counter starts to show even upload?
Because one simple queue places three real queues (one in global-in, one in global-out and one in global-total). All these queues have to know about packet marks. So you have to mangle _before_ packet enters global-in. That's prerouting.

Eugene
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Mon Aug 28, 2006 6:40 pm

Thank you very much, now that's a nice reply, and it is clear to me ...

Petr

Who is online

Users browsing this forum: JordiBcn, sindy, yoliveras and 61 guests