Community discussions

MikroTik App
 
ZiadZone
newbie
Topic Author
Posts: 25
Joined: Tue Aug 27, 2019 10:37 am

Marking Inbound Traffic in multi WAN .. DO I REALLY NEED IT ?

Sat Aug 01, 2020 5:54 pm

in PCC script in Mikrotik wiki or PBR script .. You have to mark the connection in both direction (Inbound - Outbound)
to make the reply goes back into the same WAN interface it left from

Do i really need to mark the inbound traffic ??
is that what routing table do to make sure the traffic goes into the same interface generated the request

So i could just put in mangle section -> mark outbound traffic (generated from LAN) then mark routing based on that connection mark
and Create a routing table for the WAN interfaces with the routing mark accordingly

Actually I'm curious to know whether it is critically important to mark the inbound traffic in multi wan environment or not necessary
 
pe1chl
Forum Guru
Forum Guru
Posts: 6913
Joined: Mon Jun 08, 2015 12:09 pm

Re: Marking Inbound Traffic in multi WAN .. DO I REALLY NEED IT ?

Sat Aug 01, 2020 6:53 pm

When you have a good internet provider, it is really required because they will just drop the traffic when the source address does not match your connection.

When you have a lousy internet provider, they will accept the traffic. And they are the facilitator of a lot of abuse on the internet, so they should be prepared to be disconnected when the sh*t finally hits the fan and countermeasures are implemented.
It already happened for open mail relays years ago, so do not count on that it is never going to happen.
 
ZiadZone
newbie
Topic Author
Posts: 25
Joined: Tue Aug 27, 2019 10:37 am

Re: Marking Inbound Traffic in multi WAN .. DO I REALLY NEED IT ?

Sat Aug 01, 2020 7:40 pm

Thanks pe1chl for the input .. I didn't post my question clearly i will be more precise here.

this is the pcc code for 2 WAN from mikrotik Wiki

mark the inbound traffic rules:
/ip firewall mangle
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn


Outbound traffic:
/ip firewall mangle
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \
per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \
per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn

And finally mark-routing lines for the two ISP1_conn and ISP2_conn

if I remove the (Inbound) rules and just leave the outbound traffic marking along with the routing mark section. Will that cause issues in my internet connection.
I don't use remote login to the router or any port forwarding services. It's a simple public open wifi for hotspot internet connection in a small area.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6913
Joined: Mon Jun 08, 2015 12:09 pm

Re: Marking Inbound Traffic in multi WAN .. DO I REALLY NEED IT ?

Sat Aug 01, 2020 9:56 pm

Just keep the inbound rules, they won't hurt and they will solve problems in case e.g. someone sends a ping to your router address.
 
ZiadZone
newbie
Topic Author
Posts: 25
Joined: Tue Aug 27, 2019 10:37 am

Re: Marking Inbound Traffic in multi WAN .. DO I REALLY NEED IT ?

Sat Aug 01, 2020 10:17 pm

Well technically that means it will not affect the internet surfing at the end the traffic will go back to the same WAN interface the request came from
unless for specific purpose you wanna keep the path from where you wanna access the router remotely (Specify which wan to use) or by pinging the router from outside .. right ?

you can imaging how it will reduce the code in mangle section and in turn reduce cpu working when having 10 WAN links !!
that's the reason behind the question :)

Who is online

Users browsing this forum: aqni, Bing [Bot], TimurA and 111 guests