Community discussions

MUM Europe 2020
 
oleg
just joined
Topic Author
Posts: 23
Joined: Wed Jun 14, 2006 10:22 am

Packet Marking and prerouting

Tue Jan 09, 2007 1:10 pm

Hi.
Im trying to create a policy based rules by marking packets and then add them to prerouting rule but although packet do get marked the prerouting rule dosent seem to mark any of them
Example
I mark http packets with dest port 80,8080
Chain Forward >Protocol TCP > Dest Port 80 >
Action > mark packet HTTP
Then i create a prerouting rule
Chain Prerouting > Packet mark HTTP
Action > Mark Routing

When there is http traffic on the wire the HTTP Forward Dose detect it but Prerouting rule not showing anything ( detects no packets )

Is there anything i missing ?
 
User avatar
savagedavid
Trainer
Trainer
Posts: 310
Joined: Thu Aug 25, 2005 12:58 pm
Location: Cape Town, South Africa
Contact:

Tue Jan 09, 2007 1:34 pm

The prerouting mark happens BEFORE the forward mark, so your rules would not work.

You dont need the forward mark rule to policy route HTTP. You can use something like this:
/ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-routing new-routing-mark=http-route comment="Mark HTTP for routing" passthrough=no
Then in /ip routes you can access the http-route routing table and route as required
 
oleg
just joined
Topic Author
Posts: 23
Joined: Wed Jun 14, 2006 10:22 am

Tue Jan 09, 2007 1:40 pm

Thanks for reply.
Yes i know that when mark routing used it possible to do that ( i already use this for policy routing ) , i just wanted to mark packets and organize them into one routing rule.
Anyway maybe i should stick to the prerouting rather then packet marking.Thanks for clearing out the problem :)

Who is online

Users browsing this forum: Labriks, llag, ScottReed, soheilsh and 107 guests