I'm trying to configure some mangle rules to mark ftp and rtp (voip audio stream).
I'm going crazy, I can't deal with a rule that mark this traffic because they use random src/dst ports, any clue??

Hey jackwisp

You can do FTP mangle just doing 2 steps:

- verify if FTP service is enable on Service Ports Firewall
- mark all "connections" initiated to tcp 21

If you do that, routeros will mark high ports ftp connections because they are in tcp related state with
the first one.

You can see that under IP -> Firewall -> Connections (just order by Connection Mark).


About rtp, I think the better shot you have is to mark packets using a Layer 7 regexp.
Try using this one: /ip firewall layer7-protocol add name="rtp" regexp="rdpdr.*cliprdr.*rdpsnd"

Once L7 definition is created you just need to use it on mangle.

Hope that works for you.

Saudaciones Hermano!

Thank you very much, but I think this method to mark ftp sessions will not work, the data channel is a new tcp connection between the client and the server, it has nothing to do with the original communication established to port 21.

Also I found a usefull feature to solve this problem, from winbox, in the General section of mangle, I found you can specify a "Connection type", you can chose from sip/ftp/... between others types of applications, doing some test in our labs, this fetaure mark ftp passive/active connections and also rtp traffic in a voip call as well.

Bye.