Community discussions

MikroTik App
  4. RouterOS
  5. General

Clarification on Web example re. International Traffic

Post Reply
 
User avatar
eugenevdm
Member Candidate
Member Candidate
Topic Author
Posts: 208
Joined: Tue Jun 01, 2004 12:23 pm
Location: Stellenbosch, South Africa
Contact:
Contact eugenevdm

Clarification on Web example re. International Traffic

Wed Feb 23, 2005 12:24 pm

Regarding this topic on Mikrotik web site:

How to Apply Different Treatment for Overseas Traffic
http://www.mikrotik.com/docs/ros/2.8/ho ... ent#12.2.7

Is this example for a masquaraded environment? Could some give me the way to apply this to a routed environment. E.g., wil my example below work (I have changed all references of 'connection' 'flow' commands):

/ip firewall mangle
add in-interface=ether1 dst-address=159.148.0.0/16 action=passthrough \
\.. mark-flow=mark-flow-latvia comment="mark flow all latvian traffic"
add dst-address=193.41.195.0/24 action=passthrough \
\.. mark-flow=mark-flow-latvia comment="mark flow all latvian traffic"
add dst-address=193.41.33.0/24 action=passthrough \
\.. mark-flow=mark-flow-latvia comment="mark all latvian traffic"

add flow=mark-flow-latvia action=passthrough mark-flow=latvia comment="mark latvia"
add flow=!latvia action=passthrough mark-flow=overseas comment="mark all overseas traffic"

My questions are, in what direction are we going, thus do these rules apply to inbound and outbound traffic automatically?

If we just assume !latvia, wil this be okay if we have multiple interfaces, for example one public interface and many private interfaces? (I use it for the physical segmentation of the network).

How many mangle rules can one have? I suppose this is memory dependant, but does anyone have experience with *many* rules since local routing tables per country can be rather large.
Top
 
User avatar
[ASM]
Member Candidate
Member Candidate
Posts: 284
Joined: Sun Jun 06, 2004 12:59 am
Location: Sofia, Bulgaria
Contact:
Contact [ASM]

Wed Feb 23, 2005 11:51 pm

This is an example script that mangles all the bulgarian and international traffic (both download and upload)
# Change TCP MSS and mangle upload
/ip firewall mangle add in-interface=!WAN protocol=tcp tcp-options=syn-only action=passthrough tcp-mss=1400 disabled=no
/ip firewall mangle add in-interface=!WAN action=passthrough mark-flow=abu disabled=no

# Mangle download
/ip firewall mangle add in-interface=WAN action=passthrough mark-flow=abc disabled=no

:foreach i in 32.106.113.0/24,32.238.113.0/24,32.239.76.0/24,62.44.96.0/19,62.67.248.0/23,62.73.64.0/18,62.176.64.0/18,62.200.195.0/24,62.204.128.0/19,62.213.160.0/21,62.213.168.0/22,62.213.173.0/24,62.213.175.0/24,62.213.180.0/22,62.213.185.0/24,62.213.186.0/23,62.213.188.0/22,80.72.64.0/19,80.80.128.0/19,80.246.192.0/21,81.161.208.0/20,81.161.240.0/20,82.101.64.0/18,82.103.64.0/18,82.118.224.0/19,82.119.64.0/19,82.137.64.0/18,82.146.0.0/19,82.147.128.0/19,82.199.192.0/19,83.97.24.0/21,83.97.64.0/21,83.142.16.0/21,83.148.64.0/19,83.148.96.0/20,83.148.112.0/24,83.148.114.0/23,83.148.116.0/22,83.148.124.0/22,83.222.160.0/19,83.228.0.0/19,83.228.32.0/20,83.228.48.0/22,83.228.52.0/23,83.228.70.0/23,83.228.72.0/21,83.228.80.0/20,83.228.96.0/20,83.228.112.0/21,83.228.120.0/24,83.228.124.0/22,84.21.192.0/19,84.22.0.0/19,84.43.128.0/19,84.54.128.0/18,84.201.192.0/20,84.238.128.0/17,84.242.128.0/18,84.252.0.0/18,85.91.128.0/19,85.130.112.0/21,85.130.122.0/23,85.130.124.0/22,85.187.0.0/16,139.92.51.0/24,139.92.144.0/24,152.158.113.0/24,192.92.129.0/24,192.168.77.0/24,193.16.102.0/24,193.16.157.0/24,193.16.246.0/24,193.17.229.0/24,193.19.172.0/22,193.22.103.0/24,193.22.248.0/24,193.23.52.0/24,193.24.240.0/22,193.25.162.0/23,193.26.14.0/24,193.28.250.0/24,193.29.55.0/24,193.30.228.0/22,193.41.64.0/22,193.41.182.0/23,193.41.188.0/22,193.41.206.0/24,193.43.26.0/24,193.68.0.0/19,193.68.96.0/19,193.68.128.0/21,193.68.142.0/23,193.68.144.0/20,193.68.160.0/19,193.68.192.0/18,193.108.24.0/24,193.108.32.0/23,193.109.54.0/23,193.110.82.0/24,193.110.159.0/24,193.110.216.0/21,193.111.89.0/24,193.111.194.0/23,193.138.67.0/24,193.151.20.0/22,193.151.80.0/22,193.178.152.0/23,193.178.166.0/24,193.178.222.0/24,193.193.162.0/23,193.193.164.0/24,193.193.182.0/24,193.194.140.0/23,193.194.156.0/24,193.200.14.0/23,193.201.114.0/23,193.201.172.0/24,193.254.29.0/24,194.8.53.0/24,194.8.60.0/24,194.12.224.0/19,194.54.140.0/22,194.54.144.0/22,194.63.136.0/22,194.141.0.0/16,194.145.63.0/24,194.145.160.0/22,194.146.232.0/22,194.150.116.0/22,194.150.180.0/23,194.153.145.0/24,194.246.110.0/23,195.22.146.0/23,195.24.32.0/19,195.24.88.0/21,195.34.96.0/19,195.39.198.0/23,195.39.212.0/23,195.47.193.0/24,195.62.22.0/23,195.68.200.0/23,195.68.214.0/23,195.69.108.0/22,195.69.120.0/22,195.69.164.0/22,195.72.112.0/24,195.85.215.0/24,195.96.224.0/19,195.128.224.0/23,195.138.128.0/19,195.149.248.0/21,195.177.218.0/23,195.177.248.0/23,195.212.63.0/24,195.214.248.0/21,195.225.252.0/22,195.230.0.0/19,195.234.84.0/22,195.234.236.0/22,195.242.106.0/23,195.242.126.0/24,195.242.240.0/22,212.5.128.0/19,212.7.192.0/19,212.21.128.0/19,212.36.0.0/19,212.39.64.0/19,212.50.0.0/19,212.56.0.0/19,212.72.192.0/19,212.73.128.0/19,212.91.160.0/19,212.95.160.0/19,212.104.96.0/19,212.116.128.0/19,212.122.160.0/19,212.124.64.0/20,212.124.80.0/22,212.124.84.0/23,212.124.87.0/24,212.124.88.0/21,213.16.32.0/19,213.91.128.0/17,213.130.64.0/19,213.137.32.0/22,213.137.38.0/23,213.137.40.0/21,213.137.48.0/20,213.145.96.0/19,213.167.0.0/21,213.167.8.0/24,213.169.32.0/19,213.174.0.0/19,213.191.192.0/19,213.208.10.0/23,213.222.32.0/19,213.226.0.0/19,213.226.33.0/24,213.226.34.0/23,213.226.36.0/22,213.226.40.0/24,213.226.48.0/21,213.226.56.0/24,213.226.60.0/22,213.240.192.0/18,217.9.224.0/20,217.10.240.0/20,217.18.240.0/20,217.30.208.0/20,217.75.128.0/21,217.75.136.0/23,217.75.138.0/24,217.75.140.0/22,217.75.144.0/20,217.79.32.0/20,217.79.64.0/19,217.145.80.0/20,217.145.160.0/20,217.174.144.0/20,217.197.128.0/20 do {
/ip firewall mangle add action=passthrough flow=abc mark-flow=peer disabled=no src-address=$i
}
/ip firewall mangle add action=passthrough flow=abc mark-flow=inter disabled=no

# Mangle upload
:foreach i in 32.106.113.0/24,32.238.113.0/24,32.239.76.0/24,62.44.96.0/19,62.67.248.0/23,62.73.64.0/18,62.176.64.0/18,62.200.195.0/24,62.204.128.0/19,62.213.160.0/21,62.213.168.0/22,62.213.173.0/24,62.213.175.0/24,62.213.180.0/22,62.213.185.0/24,62.213.186.0/23,62.213.188.0/22,80.72.64.0/19,80.80.128.0/19,80.246.192.0/21,81.161.208.0/20,81.161.240.0/20,82.101.64.0/18,82.103.64.0/18,82.118.224.0/19,82.119.64.0/19,82.137.64.0/18,82.146.0.0/19,82.147.128.0/19,82.199.192.0/19,83.97.24.0/21,83.97.64.0/21,83.142.16.0/21,83.148.64.0/19,83.148.96.0/20,83.148.112.0/24,83.148.114.0/23,83.148.116.0/22,83.148.124.0/22,83.222.160.0/19,83.228.0.0/19,83.228.32.0/20,83.228.48.0/22,83.228.52.0/23,83.228.70.0/23,83.228.72.0/21,83.228.80.0/20,83.228.96.0/20,83.228.112.0/21,83.228.120.0/24,83.228.124.0/22,84.21.192.0/19,84.22.0.0/19,84.43.128.0/19,84.54.128.0/18,84.201.192.0/20,84.238.128.0/17,84.242.128.0/18,84.252.0.0/18,85.91.128.0/19,85.130.112.0/21,85.130.122.0/23,85.130.124.0/22,85.187.0.0/16,139.92.51.0/24,139.92.144.0/24,152.158.113.0/24,192.92.129.0/24,192.168.77.0/24,193.16.102.0/24,193.16.157.0/24,193.16.246.0/24,193.17.229.0/24,193.19.172.0/22,193.22.103.0/24,193.22.248.0/24,193.23.52.0/24,193.24.240.0/22,193.25.162.0/23,193.26.14.0/24,193.28.250.0/24,193.29.55.0/24,193.30.228.0/22,193.41.64.0/22,193.41.182.0/23,193.41.188.0/22,193.41.206.0/24,193.43.26.0/24,193.68.0.0/19,193.68.96.0/19,193.68.128.0/21,193.68.142.0/23,193.68.144.0/20,193.68.160.0/19,193.68.192.0/18,193.108.24.0/24,193.108.32.0/23,193.109.54.0/23,193.110.82.0/24,193.110.159.0/24,193.110.216.0/21,193.111.89.0/24,193.111.194.0/23,193.138.67.0/24,193.151.20.0/22,193.151.80.0/22,193.178.152.0/23,193.178.166.0/24,193.178.222.0/24,193.193.162.0/23,193.193.164.0/24,193.193.182.0/24,193.194.140.0/23,193.194.156.0/24,193.200.14.0/23,193.201.114.0/23,193.201.172.0/24,193.254.29.0/24,194.8.53.0/24,194.8.60.0/24,194.12.224.0/19,194.54.140.0/22,194.54.144.0/22,194.63.136.0/22,194.141.0.0/16,194.145.63.0/24,194.145.160.0/22,194.146.232.0/22,194.150.116.0/22,194.150.180.0/23,194.153.145.0/24,194.246.110.0/23,195.22.146.0/23,195.24.32.0/19,195.24.88.0/21,195.34.96.0/19,195.39.198.0/23,195.39.212.0/23,195.47.193.0/24,195.62.22.0/23,195.68.200.0/23,195.68.214.0/23,195.69.108.0/22,195.69.120.0/22,195.69.164.0/22,195.72.112.0/24,195.85.215.0/24,195.96.224.0/19,195.128.224.0/23,195.138.128.0/19,195.149.248.0/21,195.177.218.0/23,195.177.248.0/23,195.212.63.0/24,195.214.248.0/21,195.225.252.0/22,195.230.0.0/19,195.234.84.0/22,195.234.236.0/22,195.242.106.0/23,195.242.126.0/24,195.242.240.0/22,212.5.128.0/19,212.7.192.0/19,212.21.128.0/19,212.36.0.0/19,212.39.64.0/19,212.50.0.0/19,212.56.0.0/19,212.72.192.0/19,212.73.128.0/19,212.91.160.0/19,212.95.160.0/19,212.104.96.0/19,212.116.128.0/19,212.122.160.0/19,212.124.64.0/20,212.124.80.0/22,212.124.84.0/23,212.124.87.0/24,212.124.88.0/21,213.16.32.0/19,213.91.128.0/17,213.130.64.0/19,213.137.32.0/22,213.137.38.0/23,213.137.40.0/21,213.137.48.0/20,213.145.96.0/19,213.167.0.0/21,213.167.8.0/24,213.169.32.0/19,213.174.0.0/19,213.191.192.0/19,213.208.10.0/23,213.222.32.0/19,213.226.0.0/19,213.226.33.0/24,213.226.34.0/23,213.226.36.0/22,213.226.40.0/24,213.226.48.0/21,213.226.56.0/24,213.226.60.0/22,213.240.192.0/18,217.9.224.0/20,217.10.240.0/20,217.18.240.0/20,217.30.208.0/20,217.75.128.0/21,217.75.136.0/23,217.75.138.0/24,217.75.140.0/22,217.75.144.0/20,217.79.32.0/20,217.79.64.0/19,217.145.80.0/20,217.145.160.0/20,217.174.144.0/20,217.197.128.0/20 do {
/ip firewall mangle add action=passthrough flow=abu mark-flow=peer_up disabled=no dst-address=$i
}
/ip firewall mangle add action=passthrough flow=abu mark-flow=inter_up disabled=no
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 188 guests
  4. RouterOS
  5. General