Community discussions

MikroTik App
  4. RouterOS
  5. General

RB2011UAS-RM and Mangle

Post Reply
 
w0lt
Long time Member
Long time Member
Topic Author
Posts: 537
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

RB2011UAS-RM and Mangle

Tue May 27, 2014 7:34 pm

I have a RB2011UAS-RM (v6.13 - 3.14) and have set the Ethernet ports to the following configuration:
ether1 - Master Port
ether2-5 - Slaved to ether1
ether6 - Master Port
ether7-10 - Slaved to ether6
sfp1 - slaved to ether1

bridge - Loopback
bridge port - ether1
bridge port - ether6# may/27/2014 11:28:18 by RouterOS 6.13


This configuration seems to work just fine as a switch, which is what I was designing it for. However, I can't seem to get a mangle rule to detect any selected IP or Port. The only thing I can get it to do is detect "all" activity coming through the port, in this case..ether1. I want to mark traffic coming from a selected IP address and port but can't seem to manage it. Is this a bug, or have I got this configured wrong? Review the Packet Flow diagram, it should be possible.
# software id = YY4W-FNJ5
#
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] master-port=ether1
set [ find default-name=ether5 ] master-port=ether1
set [ find default-name=ether7 ] master-port=ether6
set [ find default-name=ether8 ] master-port=ether6
set [ find default-name=ether9 ] master-port=ether6
set [ find default-name=ether10 ] master-port=ether6
set [ find default-name=sfp1 ] auto-negotiation=no master-port=ether1

/interface bridge
add l2mtu=1598 name=Loopback
/interface ethernet

/interface bridge port
add bridge=Loopback interface=ether6
add bridge=Loopback interface=ether1
/interface bridge settings
set use-ip-firewall=yes
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12001
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: RB2011UAS-RM and Mangle

Tue May 27, 2014 8:20 pm

"/firewall export compact"
Top
 
w0lt
Long time Member
Long time Member
Topic Author
Posts: 537
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Re: RB2011UAS-RM and Mangle

Tue May 27, 2014 9:47 pm

"/firewall export compact"
I have a VERY simple firewall..Just troubleshooting Mangle

may/27/2014 13:46:24 by RouterOS 6.13
# software id = YY4W-FNJ5
#
/ip firewall mangle
add action=mark-connection chain=input new-connection-mark=SBS_3 protocol=tcp \
src-address=172.16.10.56 src-port=10001
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12001
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: RB2011UAS-RM and Mangle

Tue May 27, 2014 9:51 pm

I ask the firewall because i see the cause of your problem now:

if you want see bridge traffic, you must use forward chain, not input or output chain.

This two chain are reserved only for traffic directed or generated to router.
Top
Post Reply

Who is online

Users browsing this forum: GoogleOther [Bot], MarkusT, vingjfg and 146 guests
  4. RouterOS
  5. General