Community discussions

 
w0lt
Member
Member
Topic Author
Posts: 484
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

RB2011UAS-RM and Mangle

Tue May 27, 2014 7:34 pm

I have a RB2011UAS-RM (v6.13 - 3.14) and have set the Ethernet ports to the following configuration:
ether1 - Master Port
ether2-5 - Slaved to ether1
ether6 - Master Port
ether7-10 - Slaved to ether6
sfp1 - slaved to ether1

bridge - Loopback
bridge port - ether1
bridge port - ether6# may/27/2014 11:28:18 by RouterOS 6.13


This configuration seems to work just fine as a switch, which is what I was designing it for. However, I can't seem to get a mangle rule to detect any selected IP or Port. The only thing I can get it to do is detect "all" activity coming through the port, in this case..ether1. I want to mark traffic coming from a selected IP address and port but can't seem to manage it. Is this a bug, or have I got this configured wrong? Review the Packet Flow diagram, it should be possible.
# software id = YY4W-FNJ5
#
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] master-port=ether1
set [ find default-name=ether5 ] master-port=ether1
set [ find default-name=ether7 ] master-port=ether6
set [ find default-name=ether8 ] master-port=ether6
set [ find default-name=ether9 ] master-port=ether6
set [ find default-name=ether10 ] master-port=ether6
set [ find default-name=sfp1 ] auto-negotiation=no master-port=ether1

/interface bridge
add l2mtu=1598 name=Loopback
/interface ethernet

/interface bridge port
add bridge=Loopback interface=ether6
add bridge=Loopback interface=ether1
/interface bridge settings
set use-ip-firewall=yes
MTCNA - 2011

" The Bitterness of Poor Quality Remains Long After the Sweetness of Low Price is Forgotten "

Image
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: RB2011UAS-RM and Mangle

Tue May 27, 2014 8:20 pm

"/firewall export compact"
I'm Italian, not English. Sorry for my imperfect grammar.
 
w0lt
Member
Member
Topic Author
Posts: 484
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Re: RB2011UAS-RM and Mangle

Tue May 27, 2014 9:47 pm

"/firewall export compact"
I have a VERY simple firewall..Just troubleshooting Mangle

may/27/2014 13:46:24 by RouterOS 6.13
# software id = YY4W-FNJ5
#
/ip firewall mangle
add action=mark-connection chain=input new-connection-mark=SBS_3 protocol=tcp \
src-address=172.16.10.56 src-port=10001
MTCNA - 2011

" The Bitterness of Poor Quality Remains Long After the Sweetness of Low Price is Forgotten "

Image
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: RB2011UAS-RM and Mangle

Tue May 27, 2014 9:51 pm

I ask the firewall because i see the cause of your problem now:

if you want see bridge traffic, you must use forward chain, not input or output chain.

This two chain are reserved only for traffic directed or generated to router.
I'm Italian, not English. Sorry for my imperfect grammar.

Who is online

Users browsing this forum: MSN [Bot] and 15 guests