Community discussions

MikroTik App
 
whoknew
Member Candidate
Member Candidate
Topic Author
Posts: 153
Joined: Wed Oct 13, 2010 8:51 pm

Transparent traffic shaping firewall mangle rules

Fri Mar 27, 2015 3:20 am

Hey all,

I am wanting to do a transparent traffic shaper before my router that is doing PCC load balancing.

The problem I am having is that nothing is being marked on the firewall. I have a bridge setup and ether 2 and ether 3 added to the bridge and the bridge has enabled "Use IP Firewall". Any idea why the traffic isn't being caught by the firewall rules?
mikrotik TS.png
 ;;; DNS Traffic
      chain=prerouting action=mark-connection new-connection-mark=dns_conn 
      passthrough=yes protocol=udp dst-port=53 log=no log-prefix="" 

 chain=prerouting action=mark-connection new-connection-mark=dns_conn 
      passthrough=yes protocol=tcp dst-port=53 log=no log-prefix="" 

 chain=prerouting action=mark-packet new-packet-mark=dns passthrough=no 
      connection-mark=dns_conn log=no log-prefix="" 

 ;;; HTTP Traffic
      chain=prerouting action=mark-connection new-connection-mark=http_conn 
      passthrough=yes protocol=tcp dst-port=80,443 log=no log-prefix="" 

chain=prerouting action=mark-packet new-packet-mark=http passthrough=no 
      connection-mark=http_conn log=no log-prefix="" 

;;; ICMP Traffic
      chain=prerouting action=mark-connection new-connection-mark=icmp_conn 
      passthrough=yes protocol=icmp log=no log-prefix="" 

chain=prerouting action=mark-packet new-packet-mark=icmp passthrough=no 
      connection-mark=icmp_conn log=no log-prefix="" 

;;; P2P Traffic
      chain=prerouting action=mark-connection new-connection-mark=p2p_conn 
      passthrough=yes layer7-protocol=torrent-wwws log=no log-prefix="" 

chain=prerouting action=mark-packet new-packet-mark=p2p passthrough=no 
      connection-mark=p2p_conn log=no log-prefix="" 

;;; Everything else
      chain=prerouting action=mark-connection new-connection-mark=other_conn 
      passthrough=yes log=no log-prefix="" 

chain=prerouting action=mark-packet new-packet-mark=other passthrough=no 
      connection-mark=other_conn log=no log-prefix=""
You do not have the required permissions to view the files attached to this post.
 
whoknew
Member Candidate
Member Candidate
Topic Author
Posts: 153
Joined: Wed Oct 13, 2010 8:51 pm

Re: Transparent traffic shaping firewall mangle rules

Sun Mar 29, 2015 6:31 pm

bumping, wondering if I did something wrong, I followed the instructions via the Wiki, I tested it on my office connection and it worked, but not in quite the same setup as the production network I tried applying it to.

Thanks all!
 
chaf84
just joined
Posts: 8
Joined: Thu Apr 24, 2014 9:13 am

Re: Transparent traffic shaping firewall mangle rules

Mon Mar 30, 2015 9:37 am

Are the firewall enabled on bridges? You can do that under birdges and settings.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: Transparent traffic shaping firewall mangle rules

Mon Mar 30, 2015 9:51 am

Your rules seem ok. Besides the 'use ip firewall' in bridge which has to be enabled and you did that, also 'connection tracking' has to be enabled in firewall.
 
whoknew
Member Candidate
Member Candidate
Topic Author
Posts: 153
Joined: Wed Oct 13, 2010 8:51 pm

Re: Transparent traffic shaping firewall mangle rules

Tue Mar 31, 2015 12:39 am

I do have the use firewall in the bridge settings checked, I also tried disabling it and then enabling it again to see if there was something going on there. I had connection tracking set to auto, I changed it to yes and it still is not catching anything. I have also tried another RouterBoard (750G instead of a 450G) as well as an x86 box. same issue.
 
whoknew
Member Candidate
Member Candidate
Topic Author
Posts: 153
Joined: Wed Oct 13, 2010 8:51 pm

Re: Transparent traffic shaping firewall mangle rules

Sun Apr 05, 2015 12:04 am

still a no-go, not sure why this is not working, has anyone else had this working on v6 of routerOS?

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], JDF, johnson73, ramirez and 66 guests