Community discussions

MikroTik App
  4. RouterOS
  5. RouterOS beta

Help needed to translate PCC routerOsV6 firewall mangle to routerOsV7

Post Reply
 
NHJ
just joined
Topic Author
Posts: 2
Joined: Sat Nov 20, 2021 6:20 pm

Help needed to translate PCC routerOsV6 firewall mangle to routerOsV7

Sat Nov 20, 2021 7:25 pm

Hi,

Like many people i decided to go with a RB5009 instead of a RB4011 to replace my RB750G r3(all providers offer gigabit internet so it was no longer up to the task) however being a v7 only piece of equipment, changes took place that make the ubiquitous PCC configuration found on the internet invalid but working to some extent.

v6 config is for that part :
Code: Select all
/ip firewall mangle
add action=mark-connection chain=input in-interface=pppoe-out1 \
    new-connection-mark=ether1_conn passthrough=yes
add action=mark-connection chain=input in-interface=pppoe-out2 \
    new-connection-mark=ether2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=ether1_conn \
    new-routing-mark=to_ether1 passthrough=yes
add action=mark-routing chain=output connection-mark=ether2_conn \
    new-routing-mark=to_ether2 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=bridge1 new-connection-mark=ether1_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=bridge1 new-connection-mark=ether2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=ether1_conn \
    in-interface=bridge1 new-routing-mark=to_ether1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ether2_conn \
    in-interface=bridge1 new-routing-mark=to_ether2 passthrough=yes
It fails with the error message "input does not match any value of new-routing-mark" at :
Code: Select all
/ip firewall mangle
add action=mark-routing chain=output connection-mark=ether1_conn \
    new-routing-mark=to_ether1 passthrough=yes
add action=mark-routing chain=output connection-mark=ether2_conn \
    new-routing-mark=to_ether2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ether1_conn \
    in-interface=bridge1 new-routing-mark=to_ether1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ether2_conn \
    in-interface=bridge1 new-routing-mark=to_ether2 passthrough=yes
I did due dilligence and read other topics about this on the forum, i'm aware i'm supposed to create a table in routing however this where my comprehension of the change stops.

Is there a charitable soul to translate this to the newer routerOsV7 equivalency?

Thanks in advance.
Top
 
NHJ
just joined
Topic Author
Posts: 2
Joined: Sat Nov 20, 2021 6:20 pm

Re: Help needed to translate PCC routerOsV6 firewall mangle to routerOsV7

Sun Nov 21, 2021 11:52 am

I managed to look a bit more in detail in the routing tables, i have a configuration that seems to work but i'd prefer it to be validated by experienced members.
Code: Select all
/routing table

add fib name=to_ether1
add fib name=to_ether2


/ip firewall mangle

add action=mark-connection chain=input in-interface=pppoe-out1 \
    new-connection-mark=ether1_conn passthrough=yes
add action=mark-connection chain=input in-interface=pppoe-out2 \
    new-connection-mark=ether2_conn passthrough=yes
    
add action=mark-routing chain=output connection-mark=ether1_conn \
    new-routing-mark=to_ether1 passthrough=yes
add action=mark-routing chain=output connection-mark=ether2_conn \
    new-routing-mark=to_ether2 passthrough=yes
    
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=bridge1 new-connection-mark=ether1_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=bridge1 new-connection-mark=ether2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1
    
add action=mark-routing chain=prerouting connection-mark=ether1_conn \
    in-interface=bridge1 new-routing-mark=to_ether1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ether2_conn \
    in-interface=bridge1 new-routing-mark=to_ether2 passthrough=yes
    
/ip firewall nat

add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
Top
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: Help needed to translate PCC routerOsV6 firewall mangle to routerOsV7

Sun Nov 21, 2021 9:56 pm

I haven't tried PCC in v7 yet, but there shouldn't really be anything that needs translation - all you should have to do is add the routing table with the name of the routing mark. ex:
Code: Select all
/routing table add disabled=no fib name=to_ether1
Top
 
lilw
newbie
Posts: 38
Joined: Sun Jan 21, 2018 5:31 pm

Re: Help needed to translate PCC routerOsV6 firewall mangle to routerOsV7

Wed Dec 08, 2021 11:33 am

The mangle would be ok if it works on v6. In v7, I think you should take a look in IP/Route. In my situation, with 2 working pppoe, I only need to remove ping in check gateway and add 2 rules into Rules table, and it works now.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 22 guests
  4. RouterOS
  5. RouterOS beta