Community discussions

 
User avatar
kolorasta
Member Candidate
Member Candidate
Topic Author
Posts: 299
Joined: Sun Jun 25, 2006 11:55 pm
Location: Argentina

how to mark packets comming to a host in lan (nat)

Fri Sep 29, 2006 1:06 am

i've got this in mangle and 2 & 3 work, 0 and 1 not.
i want to mark every incomming packet from internet to host 172.16.0.27 to do something with them in QUEUE TREE
every packet from 172.16.0.27 is well marked... but not packets to 172.16.0.27
0   ;;; Excedidos_Download_Connection
     chain=prerouting in-interface=WAN dst-address=172.16.0.27 
     action=mark-connection new-connection-mark=excedidos_download_conn 
     passthrough=yes 

 1   ;;; Excedidos_Download_Packet
     chain=prerouting dst-address=172.16.0.27 
     connection-mark=excedidos_download_conn action=mark-packet 
     new-packet-mark=excedidos_download_packet passthrough=no 

 2   ;;; Excedidos_Upload_Connection
     chain=prerouting in-interface=LANbridge src-address=172.16.0.27 
     action=mark-connection new-connection-mark=excedidos_upload_conn 
     passthrough=yes 

 3   ;;; Excedidos_Upload_Packet
     chain=prerouting src-address=172.16.0.27 
     connection-mark=excedidos_upload_conn action=mark-packet 
     new-packet-mark=excedidos_upload_packet passthrough=no 
any suggestions?
 
cibernet
Long time Member
Long time Member
Posts: 610
Joined: Fri Jan 28, 2005 7:22 pm
Location: Marcos Juárez, Córdoba, Argentina
Contact:

Re: how to mark packets comming to a host in lan (nat)

Fri Sep 29, 2006 1:11 am

i've got this in mangle and 2 & 3 work, 0 and 1 not.
i want to mark every incomming packet from internet to host 172.16.0.27 to do something with them in QUEUE TREE
every packet from 172.16.0.27 is well marked... but not packets to 172.16.0.27
0   ;;; Excedidos_Download_Connection
     chain=prerouting in-interface=WAN dst-address=172.16.0.27 
     action=mark-connection new-connection-mark=excedidos_download_conn 
     passthrough=yes 

 1   ;;; Excedidos_Download_Packet
     chain=prerouting dst-address=172.16.0.27 
     connection-mark=excedidos_download_conn action=mark-packet 
     new-packet-mark=excedidos_download_packet passthrough=no 

 2   ;;; Excedidos_Upload_Connection
     chain=prerouting in-interface=LANbridge src-address=172.16.0.27 
     action=mark-connection new-connection-mark=excedidos_upload_conn 
     passthrough=yes 

 3   ;;; Excedidos_Upload_Packet
     chain=prerouting src-address=172.16.0.27 
     connection-mark=excedidos_upload_conn action=mark-packet 
     new-packet-mark=excedidos_upload_packet passthrough=no 
any suggestions?
If it NAT there, outside world will never reach the natted address....

Best regards
José Ignacio Acosta
MikroTik Consultant IDAR0001
Mikronet

Movile: +54 9 3472-624722
Email/Msn: info[at]mikronet.com.ar
 
User avatar
kolorasta
Member Candidate
Member Candidate
Topic Author
Posts: 299
Joined: Sun Jun 25, 2006 11:55 pm
Location: Argentina

Fri Sep 29, 2006 2:02 am

i know that, but my router knows which packets are for 172.16.0.27 (my local pc)... how can I mark them in mangle... so then apply some speed limits in queue tree...
sorry if my questions are stupids, but this forum is my only source of learning MT stuff...
 
cibernet
Long time Member
Long time Member
Posts: 610
Joined: Fri Jan 28, 2005 7:22 pm
Location: Marcos Juárez, Córdoba, Argentina
Contact:

Fri Sep 29, 2006 4:11 am

i know that, but my router knows which packets are for 172.16.0.27 (my local pc)... how can I mark them in mangle... so then apply some speed limits in queue tree...
sorry if my questions are stupids, but this forum is my only source of learning MT stuff...
Check the interface... youre using WAN as the input...
You should read the manual: http://www.mikrotik.com/docs/ros/2.9/ip/mangle
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Fri Sep 29, 2006 11:02 am

on my home natted network i do marking that way
/ ip firewall mangle 
add chain=prerouting action=mark-connection new-connection-mark=all_traffic passthrough=yes \
    comment="mark all traffic" disabled=no 
add chain=prerouting in-interface=ether1 connection-mark=all_traffic action=mark-packet \
    new-packet-mark=incomming_packet passthrough=no comment="incomming packet" disabled=no 
add chain=prerouting connection-mark=all_traffic action=mark-packet \
    new-packet-mark=outgoing_packet passthrough=no comment="outgoing packet" disabled=no 
so maybe this help and then i divide to what marks to where. :roll:
 
User avatar
kolorasta
Member Candidate
Member Candidate
Topic Author
Posts: 299
Joined: Sun Jun 25, 2006 11:55 pm
Location: Argentina

Wed Oct 04, 2006 7:27 pm

what i want to do is to use different pcq queues to different group of users...
let's say CORPORATIVE, RESIDENTIAL, etc... ... i know how to do this

but i don't want the web-proxy to be limited.... i know how to do this

but I DON'T KNOW both things at the same time.. different pcq for different users groups, with unlimited access to the web-proxy

Who is online

Users browsing this forum: No registered users and 141 guests