Community discussions

 
Znuff
Member Candidate
Member Candidate
Topic Author
Posts: 139
Joined: Tue Sep 26, 2006 2:42 am
Contact:

Why do I have unmarked packets / connections?

Thu Feb 04, 2010 4:11 am

I have the following setup:
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Mark Everything" disabled=no new-connection-mark=everything passthrough=yes
add action=mark-connection chain=prerouting comment="n-zone -> extern" connection-mark=everything disabled=no dst-address-list=!n-zone new-connection-mark=\
    extern passthrough=yes src-address-list=n-zone
add action=mark-connection chain=prerouting comment="extern -> n-zone" connection-mark=everything disabled=no dst-address-list=n-zone new-connection-mark=\
    extern passthrough=yes src-address-list=!n-zone
add action=mark-connection chain=prerouting comment="n-zone <-> n-zone" connection-mark=everything disabled=no dst-address-list=n-zone new-connection-mark=\
    local passthrough=yes src-address-list=n-zone
add action=mark-packet chain=prerouting comment=extern_trafic connection-mark=extern disabled=no new-packet-mark=extern_trafic passthrough=no
add action=mark-packet chain=prerouting comment=local_trafic connection-mark=local disabled=no new-packet-mark=local_trafic passthrough=no
add action=log chain=prerouting comment=wtf disabled=no log-prefix="[WTF CONNECTION]"
add action=mark-connection chain=prerouting comment=wtf disabled=no new-connection-mark=wtf passthrough=yes

And I can't seem to understand why exactly do I have "wtf" packets since I'm marking everything. Anyone could enlighten me?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5934
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Why do I have unmarked packets / connections?

Thu Feb 04, 2010 8:03 am

In first rule you are marking all connections, then in between you are remarking some connections and at the end all connections that do not match any of rules between first and last are remarked as WTF.
 
Znuff
Member Candidate
Member Candidate
Topic Author
Posts: 139
Joined: Tue Sep 26, 2006 2:42 am
Contact:

Re: Why do I have unmarked packets / connections?

Mon Feb 08, 2010 5:20 pm

I know what I'm doing - but *WHY* don't they match anything?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8308
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Why do I have unmarked packets / connections?

Mon Feb 08, 2010 10:20 pm

what about 'src-address-list=!n-zone dst-address-list=!n-zone'? =)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.

Who is online

Users browsing this forum: No registered users and 97 guests