I have RB CCR10-16-12G and heX Lite. Both with the same setup (pppoe server, wan, lan, etc...)
When i use:
/ip firewall mangle
add action=add-src-to-address-list address-list=FACEBOOK-MANGLE-ADDRLIST address-list-timeout=none-dynamic chain=forward in-interface=ether1-wan layer7-protocol=facebook
add action=add-src-to-address-list address-list=YOUTUBE-MANGLE-ADDRLIST address-list-timeout=none-dynamic chain=forward in-interface=ether1-wan layer7-protocol=youtube
There is no leak in the address list of internet ip addresses. But, when i use:
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=public_ip in-interface=ether1-wan layer7-protocol=facebook new-connection-mark=FACEBOOK-CONN passthrough=yes
add action=add-src-to-address-list address-list=FACEBOOK-MANGLE-ADDRLIST address-list-timeout=none-dynamic chain=prerouting connection-mark=FACEBOOK-CONN disabled=yes
add action=mark-connection chain=prerouting disabled=yes in-interface=ether1-wan layer7-protocol=youtube new-connection-mark=YOUTUBE-CONN passthrough=yes
add action=add-src-to-address-list address-list=YOUTUBE-MANGLE-ADDrLIST address-list-timeout=none-dynamic chain=prerouting connection-mark=YOUTUBE-CONN disabled=yes
I have leak of internal ips to the address list created on RB1016 but not on RB750 r2
Any ideas?
Thanks.
-
-
zaherhamiyah
Frequent Visitor
- Posts: 82
- Joined:
Strange results from two different RBs with the same setup
Last edited by zaherhamiyah on Wed Apr 25, 2018 2:24 am, edited 2 times in total.
Re: Strange results from two different RBs with the same setup
That's to be expected. You use L7 on packets coming from WAN. But after the connection gets marked, the other rule checks packets in both directions, because incoming or outgoing, they all belong to connection.
-
-
zaherhamiyah
Frequent Visitor
- Posts: 82
- Joined:
Re: Strange results from two different RBs with the same setup
You are right.
That cleared the picture to me.
I did tests also on forward and postrouting chaing with connection marking. The same results. Internal IPs, appeared in address list.
But the problem is that with RB 750 r2, this does not happen!!!!
That cleared the picture to me.
I did tests also on forward and postrouting chaing with connection marking. The same results. Internal IPs, appeared in address list.
But the problem is that with RB 750 r2, this does not happen!!!!
Re: Strange results from two different RBs with the same setup [SOLVED]
It could be explained by slightly different traffic. I don't know how you test it, if you swap routers in place, or if it's just same config in two different places. It sounds like you don't have reliable way to test it, i.e. have one exact request that's enough to get the result, more like something that happens over the time. If it's true, then it depens on what exactly clients send. I also didn't see your L7 rules, so I have no idea what exactly they can match, how many false positives there might be, etc. But there should not be any difference between the two devices.