Community discussions

MikroTik App
 
Ridddick
just joined
Topic Author
Posts: 19
Joined: Mon Jan 23, 2012 2:45 pm

Connection marking in mangle

Wed Jan 25, 2012 8:56 am

Hi. Trying to give higher priority to 1433 port connections. First i mark all traffic as class-d, then select 1433 port (actualy it can be any port) and mark as class-a. Next i suppose to mark packets of both connection marks and build a queue. But when i monitor IP-FIERWALL-CONNECTIONS with 1433 port filter, i see some connections as class-a and some as class-d. The same thing is on the other router. Why is that so?
add action=mark-connection chain=forward comment=ALLTRAFFIC disabled=no new-connection-mark=CLASS-D passthrough=yes
add action=mark-connection chain=forward comment=SQL disabled=no dst-port=1433 new-connection-mark=CLASS-A passthrough=yes protocol=tcp
 
User avatar
cbrown
Trainer
Trainer
Posts: 1840
Joined: Thu Oct 14, 2010 8:57 pm
Contact:

Re: Connection marking in mangle

Wed Jan 25, 2012 2:55 pm

When you are using passthrough if your connection would match another connection lower down it will get remarked. It can't have multiple connection marks.
C.Brown

cbrown[at]ravenrocknetworks.com
MTCNA - MTCRE - MTCWE - MTCTCE
MTCSE - TRAINER-0179
 
Ridddick
just joined
Topic Author
Posts: 19
Joined: Mon Jan 23, 2012 2:45 pm

Re: Connection marking in mangle

Thu Jan 26, 2012 7:23 am

Exactly, class-d mark is higher in the list than class-a, so all traffic first gets class-d mark and when a connection matches another condition (1433 port) it should change its mark to class-a. Most of the cnnections do this but some stay as class-d. What am i doing wrong?
 
User avatar
cbrown
Trainer
Trainer
Posts: 1840
Joined: Thu Oct 14, 2010 8:57 pm
Contact:

Connection marking in mangle

Thu Jan 26, 2012 2:30 pm

It might be in the wrong chain. Check the packet flow to see what chain you should be in.

http://wiki.mikrotik.com/wiki/Manual:Packet_Flow
C.Brown

cbrown[at]ravenrocknetworks.com
MTCNA - MTCRE - MTCWE - MTCTCE
MTCSE - TRAINER-0179
 
brandonrossl
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Wed Jun 08, 2011 10:09 pm

Re: Connection marking in mangle

Thu Jan 26, 2012 4:01 pm

Mark using the prerouting chain?
 
Ridddick
just joined
Topic Author
Posts: 19
Joined: Mon Jan 23, 2012 2:45 pm

Re: Connection marking in mangle

Fri Jan 27, 2012 8:45 am

I have SRC_NAT enabled so i guess i need to use postrouting chain but it changes nothing. I tried all chains for both types of traffic.
Image
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Connection marking in mangle

Fri Jan 27, 2012 9:09 am

all the traffic is already marked with no-mark packet/connection mark, so you are just wasting a lot of resources on something you do not have to do at all.

are those in the beginning all the mangle rules there is?
 
Ridddick
just joined
Topic Author
Posts: 19
Joined: Mon Jan 23, 2012 2:45 pm

Re: Connection marking in mangle

Fri Jan 27, 2012 1:09 pm

all the traffic is already marked with no-mark packet/connection mark
Ok, i thouhgt about this but anyway when i'm disabling "alltraffic" marker and having more different classes (class-b, class-c connections) some connetcions to the port 1433 become class-c and class-b as you can see on the screenshot.
 
brandonrossl
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Wed Jun 08, 2011 10:09 pm

Re: Connection marking in mangle

Fri Jan 27, 2012 4:51 pm

all the traffic is already marked with no-mark packet/connection mark, so you are just wasting a lot of resources on something you do not have to do at all.
I never thought about this.... :shock:

So if you have a 'base' priority you don't really need a rule, you just need a queue that grabs no_mark. 8)

Who is online

Users browsing this forum: Google [Bot], Ogwuche and 139 guests