Community discussions

 
eghtedari2000
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Tue Aug 11, 2009 10:11 am

separate netwoks

Thu Jan 06, 2011 3:23 pm

hi

i have 2 range of ip

172.17.5.0/24 and 192.17.6.0/28

i want to mangle these, can you please say me in source address with which character , i can separate them form together?

thanks
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6615
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: separate netwoks

Thu Jan 06, 2011 3:27 pm

1) Use address-list, if you need one mangle rule for both subnets.
Add both networks to /ip firewall address-list, set one mangle rule with src-address-list.

2) Create two mangle rules with the same mark-connection/mark-packet.
 
eghtedari2000
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Tue Aug 11, 2009 10:11 am

Re: separate netwoks

Thu Jan 06, 2011 3:33 pm

1) Use address-list, if you need one mangle rule for both subnets.
Add both networks to /ip firewall address-list, set one mangle rule with src-address-list.

2) Create two mangle rules with the same mark-connection/mark-packet.

i know

but i wanted to know in source address i separate them with comma, or dash or ...?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6615
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: separate netwoks

Thu Jan 06, 2011 3:37 pm

You can use only range there,

ip firewall mangle add src-address=

SrcAddress ::= [!]Range
  Range ::= A.B.C.D[-A.B.C.D |0..32 |/A.B.C.D ]    (IP address range)
To use one mangle rule for both networks, use address-list.
 
eghtedari2000
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Tue Aug 11, 2009 10:11 am

Re: separate netwoks

Thu Jan 06, 2011 3:39 pm

You can use only range there,

ip firewall mangle add src-address=

SrcAddress ::= [!]Range
  Range ::= A.B.C.D[-A.B.C.D |0..32 |/A.B.C.D ]    (IP address range)
To use one mangle rule for both networks, use address-list.
can you type the sample for me with my ip addresses that i said in top, and the way that i should type in GUI?

also i think press ! beside ranges

thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: separate netwoks

Thu Jan 06, 2011 4:01 pm

/ip firewall address-list
add list=whatever address=172.17.5.0/24
add list=whatever address=192.17.6.0/28
/ip firewall mangle
add chain=prerouting action=accept src-address-list=whatever
Paste that into the terminal window of the GUI and then inspect the things the commands created in the GUI to figure out how to create others like them via the GUI.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
eghtedari2000
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Tue Aug 11, 2009 10:11 am

Re: separate netwoks

Fri Jan 07, 2011 8:05 am

/ip firewall address-list
add list=whatever address=172.17.5.0/24
add list=whatever address=192.17.6.0/28
/ip firewall mangle
add chain=prerouting action=accept src-address-list=whatever
Paste that into the terminal window of the GUI and then inspect the things the commands created in the GUI to figure out how to create others like them via the GUI.
hi, thanks alot, good way.

can you please say me in one mangle rule, how can i put more than 1 protocol, for example, both gre and ipsec and tcp?

thanks
 
negge
newbie
Posts: 36
Joined: Fri Jul 10, 2009 11:05 am

Re: separate netwoks

Fri Jan 07, 2011 3:10 pm

can you please say me in one mangle rule, how can i put more than 1 protocol, for example, both gre and ipsec and tcp?
You can't. You will need one rule per protocol. Just copy a previous rule then change the protocol type and you'll be fine.

Who is online

Users browsing this forum: MSN [Bot] and 100 guests