Community discussions

 
Znuff
Member Candidate
Member Candidate
Topic Author
Posts: 139
Joined: Tue Sep 26, 2006 2:42 am
Contact:

Extending the Local/Overseas Setup

Wed Mar 07, 2007 11:07 pm

Hello,

I'm trying to extend the Different Limits for Overseas/Local Traffic into something like "Local/Metro/Extern", in wich Local means the local network(s), direct peering or such, Metro is for my ISP's Network and Extern is for the rest of the connections.

My setup consist of 3 MT's, one main gateway and two "slave" gateways. Like:


--- My ISP --->  [ MT - TCT ] --- Network|---> [ MT - NZN ] ---> Customers-NZN
                                         |---> [ MT - IT3 ] ---> Customers-IT3
                                         |---> Customers-TCT
  • MT - TCT has the network class 89.35.79.0/26 wich is represented by "Network" here, as Customers-TCT
    MT - NZN is 89.35.79.2
    Customers-NZN have te class 89.35.79.64/26 and 89.35.79.128/25
    MT - IT3 is 89.35.79.4
    Customers-IT3 is 89.35.78.0/24 and 86.107.189.0/24
So, Local trafic should be between Customers-IT3, Customers-NZN and Customers-TCT.

I've followed the HowTo in the wiki, and I've modified it to suit my tastes. Here's the address-list:
ip firewall address-list> print
Flags: X - disabled, D - dynamic 
 #   LIST       ADDRESS                        
 0   Metro      85.120.71.0/24                 
 1   Metro      85.120.78.0/23                 
 2   Metro      85.120.187.0/24                
 3   Metro      86.107.102.0/24                
 4   Local      86.107.189.0/24                
 5   Metro      89.32.206.0/23                 
 6   Metro      89.33.6.0/23                   
 7   Metro      89.35.64.0/21                  
 8   Local      89.35.78.0/24                  
 9   Metro      89.35.126.0/24                 
10   Metro      89.40.73.0/24                  
11   Metro      89.114.75.0/24                 
12   Metro      193.227.226.0/23               
13   Local      89.35.79.0/24                  
And here are the mangle rules:
ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Marcheaz  Conexiuni - Clasa /25
     chain=prerouting src-address=89.35.79.128/25 action=mark-connection new-connection-mark=Whole passthrough=yes 

 1   ;;; Marcheaz  Conexiuni - Clasa /26
     chain=prerouting src-address=89.35.79.64/26 action=mark-connection new-connection-mark=Whole passthrough=yes 

 2   ;;; Marcheaz  Conexiuni Locale - Clasa /25
     chain=prerouting src-address=89.35.79.128/25 connection-mark=Whole dst-address-list=Local action=mark-connection 
     new-connection-mark=Local passthrough=no 

 3   ;;; Marcheaz  Conexiuni Locale - Clasa /26
     chain=prerouting src-address=89.35.79.64/26 connection-mark=Whole dst-address-list=Metro action=mark-connection 
     new-connection-mark=Local passthrough=no 

 4   ;;; Marcheaz  Conexiuni Externe - Clasa /25
     chain=prerouting src-address=89.35.79.128/25 connection-mark=Whole dst-address-list=!Metro action=mark-connection 
     new-connection-mark=Extern passthrough=yes 

 5   ;;; Marcheaz  Conexiuni Externe - Clasa /26
     chain=prerouting src-address=89.35.79.64/26 connection-mark=Whole dst-address-list=!Metro action=mark-connection 
     new-connection-mark=Extern passthrough=yes 

 6   ;;; Marcheaz  Pachete Externe
     chain=prerouting connection-mark=Extern action=mark-packet new-packet-mark=extern_trafic passthrough=no 

 7   ;;; Marcheaz  Pachete Metro
     chain=prerouting connection-mark=!Extern action=mark-packet new-packet-mark=metro_trafic passthrough=no 
My problems are that currently connections wich should be labeled as "Metro" are ending up with "Extern" limits and I can't figure out why! :-/

Can anyone put some light on this?

Later Edit:

I've tried a different approach in marking connections / packages:

/ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=prerouting src-address=89.35.79.64/26 action=mark-connection new-connection-mark=Whole passthrough=yes 

 1   chain=prerouting src-address=89.35.79.128/25 action=mark-connection new-connection-mark=Whole passthrough=yes 

 2   chain=prerouting src-address=89.35.79.64/26 connection-mark=Whole dst-address-list=Metro action=mark-connection 
     new-connection-mark=Metro passthrough=no 

 3   chain=prerouting src-address=89.35.79.128/25 connection-mark=Whole dst-address-list=Metro action=mark-connection 
     new-connection-mark=Metro passthrough=no 

 4   chain=prerouting src-address=89.35.79.64/26 connection-mark=Whole dst-address-list=Local action=mark-connection 
     new-connection-mark=Local passthrough=no 

 5   chain=prerouting src-address=89.35.79.128/25 connection-mark=Whole dst-address-list=Local action=mark-connection 
     new-connection-mark=Local passthrough=no 

 6   chain=prerouting src-address=89.35.79.64/26 connection-mark=Whole action=mark-connection new-connection-mark=Extern passthrough=no 

 7   chain=prerouting src-address=89.35.79.128/25 connection-mark=Whole action=mark-connection new-connection-mark=Extern passthrough=no 

 8   chain=prerouting connection-mark=Extern action=mark-packet new-packet-mark=extern_trafic passthrough=no 

 9   chain=prerouting connection-mark=Metro action=mark-packet new-packet-mark=metro_trafic passthrough=no 

10   chain=prerouting connection-mark=Local action=mark-packet new-packet-mark=local_trafic passthrough=no 

But yet this doesn't work properly. Metro or Local is not LIMITED properly. I'm starting to thing this is not a packet marking issue but a queue issue?! I'm really saying that this is pretty simple-logic.

Who is online

Users browsing this forum: No registered users and 76 guests