Community discussions

MikroTik App
  4. RouterOS
  5. General

Please check my mangle and qt and help to make it better....

Post Reply
 
rado3105
Member
Member
Topic Author
Posts: 492
Joined: Sat Jan 12, 2008 11:45 pm

Please check my mangle and qt and help to make it better....

Sun Sep 16, 2012 2:44 am

Hi, I just tryed to make my mangle and qt better, befor I had there pre and postrouting. I started to change, but I dont know if I chose good way. Please can anybody direct me and say what is wrong?

ip: 213.151.203.22
name:demo
password: demo


Thanks a lot
Top
 
rado3105
Member
Member
Topic Author
Posts: 492
Joined: Sat Jan 12, 2008 11:45 pm

Re: Please check my mangle and qt and help to make it better

Sun Sep 16, 2012 12:41 pm

Here is the output:
Code: Select all
add action=add-dst-to-address-list address-list=p2p-downloaders \
    address-list-timeout=5h chain=forward comment=\
    "Markovanie p2p-downloaderov" disabled=no in-interface=ether1 p2p=all-p2p \
    src-address-list=!p2p-downloaders
add action=add-src-to-address-list address-list=skype address-list-timeout=1h \
    chain=forward comment=skype disabled=no layer7-protocol=skypenack \
    packet-size=39 protocol=udp
add action=mark-connection chain=forward comment=p2p disabled=no \
    new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no layer7-protocol=bittorrent new-connection-mark=p2p_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no layer7-protocol=bittorent2 new-connection-mark=p2p_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no dst-address-list=p2p-downloaders new-connection-mark=p2p_conn \
    passthrough=yes port=10000-65535 protocol=udp
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no dst-address-list=p2p-downloaders new-connection-mark=p2p_conn \
    passthrough=yes port=10000-65535 protocol=tcp
add action=jump chain=forward connection-mark=p2p_conn disabled=no \
    jump-target=P2P
add action=mark-connection chain=forward comment=Games disabled=no \
    layer7-protocol=worldofwarcraft new-connection-mark=games_conn \
    passthrough=yes
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no layer7-protocol=counterstrike-source new-connection-mark=\
    games_conn passthrough=yes
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no new-connection-mark=games_conn passthrough=yes port=\
    27015-27020,27050,28959-28961 protocol=udp
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no new-connection-mark=games_conn passthrough=yes port=\
    55901,55919 protocol=tcp
add action=jump chain=forward connection-mark=games_conn disabled=no \
    jump-target=GAMES
add action=mark-connection chain=prerouting comment=download-servers \
    disabled=yes in-interface=ether1 new-connection-mark=\
    download-servers-in-conn passthrough=yes src-address-list=\
    download-servers
add action=mark-packet chain=prerouting connection-mark=\
    download-servers-in-conn disabled=yes new-packet-mark=download-servers \
    passthrough=no
add action=mark-connection chain=forward comment=ShareServers disabled=no \
    new-connection-mark=ShareServers_conn passthrough=yes src-address-list=\
    ShareServers
add action=mark-connection chain=forward connection-mark=!ShareServers_conn \
    disabled=no new-connection-mark=ShareServers_conn passthrough=yes \
    src-address-list=untitled
add action=jump chain=forward connection-mark=ShareServers_conn disabled=no \
    jump-target=SHARESERVERS
add action=mark-connection chain=forward comment=speedtests disabled=no \
    new-connection-mark=speedtests_conn passthrough=yes src-address-list=\
    speedtests
add action=jump chain=forward connection-mark=speedtests_conn disabled=no \
    jump-target=SPEEDTESTS
add action=mark-connection chain=forward comment=\
    "PRIOR(high priority services)" disabled=no new-connection-mark=\
    prior_conn passthrough=yes port=25,53,110 protocol=tcp
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    prior_conn passthrough=yes protocol=icmp
add action=mark-connection chain=forward connection-mark=!prior_conn \
    disabled=no new-connection-mark=prior_conn passthrough=yes port=53 \
    protocol=udp
add action=jump chain=forward connection-mark=prior_conn disabled=no \
    jump-target=PRIOR
add action=mark-connection chain=forward comment=Video-net disabled=no \
    new-connection-mark=video_conn passthrough=yes src-address-list=video_net
add action=mark-connection chain=forward connection-mark=!video_conn \
    disabled=no new-connection-mark=video_conn passthrough=yes port=1935 \
    protocol=tcp
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    video_conn passthrough=yes port=554 protocol=tcp
add action=jump chain=forward connection-mark=video_conn disabled=no \
    jump-target=VIDEO
add action=mark-connection chain=forward comment=VOIP disabled=no \
    layer7-protocol=skypetoskype new-connection-mark=voip_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!voip_conn \
    connection-rate=0-50k disabled=no new-connection-mark=voip_conn \
    passthrough=yes protocol=udp src-address-list=skype
add action=mark-connection chain=forward connection-mark=!voip_conn disabled=\
    no layer7-protocol=sip new-connection-mark=voip_conn passthrough=yes
add action=mark-connection chain=forward connection-mark=!voip_conn disabled=\
    no layer7-protocol=skypeout new-connection-mark=voip_conn passthrough=no
add action=jump chain=forward connection-mark=voip_conn disabled=no \
    jump-target=VOIP
add action=mark-connection chain=forward comment=HTTP disabled=no \
    new-connection-mark=http_conn passthrough=yes port=26-443,80 protocol=tcp
add action=jump chain=forward connection-mark=http_conn disabled=no \
    jump-target=HTTP
add action=mark-connection chain=forward comment=FTP disabled=no \
    new-connection-mark=ftp_conn passthrough=yes port=20-21 protocol=tcp
add action=jump chain=forward connection-mark=ftp_conn disabled=no \
    jump-target=FTP
add action=mark-packet chain=postrouting disabled=yes new-packet-mark=\
    internet_other_tx out-interface=ether1 passthrough=no
add action=mark-packet chain=P2P comment=P2P disabled=no in-interface=ether1 \
    new-packet-mark=p2p_in passthrough=yes
add action=mark-packet chain=P2P disabled=no new-packet-mark=p2p_out \
    out-interface=ether1 passthrough=yes
add action=mark-packet chain=GAMES comment=GAMES disabled=no in-interface=\
    ether1 new-packet-mark=games_in passthrough=yes
add action=mark-packet chain=GAMES disabled=no new-packet-mark=games_out \
    out-interface=ether1 passthrough=yes
add action=mark-packet chain=SHARESERVERS comment=SHARESERVERS disabled=no \
    in-interface=ether1 new-packet-mark=shareservers_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=ShareServers_up_conn \
    disabled=yes new-packet-mark=Shareservers_up passthrough=no
add action=mark-packet chain=SPEEDTESTS comment=SPEEDTESTS disabled=no \
    in-interface=ether1 new-packet-mark=speedtests_in passthrough=no
add action=mark-packet chain=SPEEDTESTS disabled=no new-packet-mark=\
    speedtests_out out-interface=ether1 passthrough=no
add action=mark-packet chain=PRIOR comment="PRIOR(high priority services)" \
    disabled=no in-interface=ether1 new-packet-mark=prior_in passthrough=no
add action=mark-packet chain=PRIOR disabled=no new-packet-mark=prior_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=VIDEO comment=VIDEO disabled=no in-interface=\
    ether1 new-packet-mark=video_in passthrough=no
add action=mark-packet chain=VIDEO disabled=no new-packet-mark=video_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=VOIP comment=VOIP disabled=no in-interface=\
    ether1 new-packet-mark=voip_in passthrough=no
add action=mark-packet chain=VOIP disabled=no new-packet-mark=voip_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=HTTP comment=HTTP disabled=no in-interface=\
    ether1 new-packet-mark=http_in passthrough=no
add action=mark-packet chain=HTTP disabled=no new-packet-mark=http_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=FTP comment=FTP disabled=no in-interface=ether1 \
    new-packet-mark=ftp_in passthrough=no
add action=mark-packet chain=FTP disabled=no new-packet-mark=ftp_out \
    out-interface=ether1 passthrough=no
add action=mark-connection chain=forward comment=UDP-OTHER connection-mark=\
    !p2p_conn disabled=no new-connection-mark=udp-other_conn passthrough=yes \
    protocol=udp
Problem is that I dont know how to mark rest of traffic, if I do something like this:

add action=jump chain=forward connection-mark=udp-other_conn disabled=no \
jump-target=UDP-OTHER
add action=mark-packet chain=UDP-OTHER comment=UDP-OTHER disabled=no \
in-interface=ether1 new-packet-mark=udp-other_in passthrough=no
add action=mark-packet chain=UDP-OTHER disabled=no new-packet-mark=\
udp-other_out out-interface=ether1 passthrough=no

it marks already marked traffic using p2p....I need to mark rest of the traffic(rest udp, tcp...), can you help?
Code: Select all
add action=mark-connection chain=forward comment=UDP-OTHER connection-mark=\
    !p2p_conn disabled=no new-connection-mark=udp-other_conn passthrough=yes \
    protocol=udp
add action=jump chain=forward connection-mark=udp-other_conn disabled=no \
    jump-target=UDP-OTHER
add action=mark-packet chain=UDP-OTHER comment=UDP-OTHER disabled=no \
    in-interface=ether1 new-packet-mark=udp-other_in passthrough=no
add action=mark-packet chain=UDP-OTHER disabled=no new-packet-mark=\
    udp-other_out out-interface=ether1 passthrough=no
Top
 
forne
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Tue Feb 15, 2011 3:18 pm

Re: Please check my mangle and qt and help to make it better

Sun Sep 16, 2012 3:22 pm

If it helps, you can use construction "packet-mark=no-mark" to match only packets without a mark. The same is for connection marks.
Top
 
rado3105
Member
Member
Topic Author
Posts: 492
Joined: Sat Jan 12, 2008 11:45 pm

Re: Please check my mangle and qt and help to make it better

Sun Sep 16, 2012 5:13 pm

Thanks I edited it like this:
Code: Select all
add action=add-dst-to-address-list address-list=p2p-downloaders \
    address-list-timeout=5h chain=forward comment=\
    "Markovanie p2p-downloaderov" disabled=no in-interface=ether1 p2p=all-p2p \
    src-address-list=!p2p-downloaders
add action=add-src-to-address-list address-list=skype address-list-timeout=1h \
    chain=forward comment=skype disabled=no layer7-protocol=skypenack \
    packet-size=39 protocol=udp
add action=mark-connection chain=forward comment=p2p disabled=no \
    new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no layer7-protocol=bittorrent new-connection-mark=p2p_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no layer7-protocol=bittorent2 new-connection-mark=p2p_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no dst-address-list=p2p-downloaders new-connection-mark=p2p_conn \
    passthrough=yes port=10000-65535 protocol=udp
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no dst-address-list=p2p-downloaders new-connection-mark=p2p_conn \
    passthrough=yes port=10000-65535 protocol=tcp
add action=jump chain=forward connection-mark=p2p_conn disabled=no \
    jump-target=P2P
add action=mark-connection chain=forward comment=Games disabled=no \
    layer7-protocol=worldofwarcraft new-connection-mark=games_conn \
    passthrough=yes
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no layer7-protocol=counterstrike-source new-connection-mark=\
    games_conn passthrough=yes
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no new-connection-mark=games_conn passthrough=yes port=\
    27015-27020,27050,28959-28961 protocol=udp
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no new-connection-mark=games_conn passthrough=yes port=\
    55901,55919 protocol=tcp
add action=jump chain=forward connection-mark=games_conn disabled=no \
    jump-target=GAMES
add action=mark-connection chain=prerouting comment=download-servers \
    disabled=yes in-interface=ether1 new-connection-mark=\
    download-servers-in-conn passthrough=yes src-address-list=\
    download-servers
add action=mark-packet chain=prerouting connection-mark=\
    download-servers-in-conn disabled=yes new-packet-mark=download-servers \
    passthrough=no
add action=mark-connection chain=prerouting comment=linux disabled=yes \
    in-interface=ether1 new-connection-mark=Linux_conn passthrough=yes \
    src-address-list=Linux
add action=mark-packet chain=prerouting connection-mark=Linux_conn disabled=\
    yes new-packet-mark=Linux passthrough=no
add action=mark-connection chain=prerouting comment=Porn disabled=yes \
    in-interface=ether1 new-connection-mark=Porn_conn passthrough=yes \
    src-address-list=Porn
add action=mark-packet chain=prerouting connection-mark=Porn_conn disabled=\
    yes new-packet-mark=Porn passthrough=no
add action=mark-connection chain=prerouting comment=facebook_in disabled=yes \
    in-interface=ether1 new-connection-mark=facebook-in-conn passthrough=yes \
    src-address-list=facebook
add action=mark-packet chain=prerouting connection-mark=facebook-in-conn \
    disabled=yes new-packet-mark=facebook-in passthrough=no
add action=mark-connection chain=forward comment=ShareServers disabled=no \
    new-connection-mark=ShareServers_conn passthrough=yes src-address-list=\
    ShareServers
add action=mark-connection chain=forward connection-mark=!ShareServers_conn \
    disabled=no new-connection-mark=ShareServers_conn passthrough=yes \
    src-address-list=untitled
add action=jump chain=forward connection-mark=ShareServers_conn disabled=no \
    jump-target=SHARESERVERS
add action=mark-connection chain=forward comment=speedtests disabled=no \
    new-connection-mark=speedtests_conn passthrough=yes src-address-list=\
    speedtests
add action=jump chain=forward connection-mark=speedtests_conn disabled=no \
    jump-target=SPEEDTESTS
add action=mark-connection chain=forward comment=\
    "PRIOR(high priority services)" disabled=no new-connection-mark=\
    prior_conn passthrough=yes port=25,53,110 protocol=tcp
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    prior_conn passthrough=yes protocol=icmp
add action=mark-connection chain=forward connection-mark=!prior_conn \
    disabled=no new-connection-mark=prior_conn passthrough=yes port=53 \
    protocol=udp
add action=jump chain=forward connection-mark=prior_conn disabled=no \
    jump-target=PRIOR
add action=mark-connection chain=forward comment=Video-net disabled=no \
    new-connection-mark=video_conn passthrough=yes src-address-list=video_net
add action=mark-connection chain=forward connection-mark=!video_conn \
    disabled=no new-connection-mark=video_conn passthrough=yes port=1935 \
    protocol=tcp
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    video_conn passthrough=yes port=554 protocol=tcp
add action=jump chain=forward connection-mark=video_conn disabled=no \
    jump-target=VIDEO
add action=mark-connection chain=forward comment=VOIP disabled=no \
    layer7-protocol=skypetoskype new-connection-mark=voip_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!voip_conn \
    connection-rate=0-50k disabled=no new-connection-mark=voip_conn \
    passthrough=yes protocol=udp src-address-list=skype
add action=mark-connection chain=forward connection-mark=!voip_conn disabled=\
    no layer7-protocol=sip new-connection-mark=voip_conn passthrough=yes
add action=mark-connection chain=forward connection-mark=!voip_conn disabled=\
    no layer7-protocol=skypeout new-connection-mark=voip_conn passthrough=no
add action=jump chain=forward connection-mark=voip_conn disabled=no \
    jump-target=VOIP
add action=mark-connection chain=forward comment=HTTP connection-mark=no-mark \
    disabled=no new-connection-mark=http_conn passthrough=yes port=26-443,80 \
    protocol=tcp
add action=jump chain=forward connection-mark=http_conn disabled=no \
    jump-target=HTTP
add action=mark-connection chain=forward comment=FTP disabled=no \
    new-connection-mark=ftp_conn passthrough=yes port=20-21 protocol=tcp
add action=jump chain=forward connection-mark=ftp_conn disabled=no \
    jump-target=FTP
add action=mark-connection chain=forward comment=INTERNET-OTHER \
    connection-mark=no-mark disabled=no new-connection-mark=\
    internet-other_conn passthrough=yes
add action=jump chain=forward connection-mark=internet-other_conn disabled=no \
    jump-target=INTERNET-OTHER
add action=mark-packet chain=P2P comment=P2P disabled=no in-interface=ether1 \
    new-packet-mark=p2p_in passthrough=yes
add action=mark-packet chain=P2P disabled=no new-packet-mark=p2p_out \
    out-interface=ether1 passthrough=yes
add action=mark-packet chain=GAMES comment=GAMES disabled=no in-interface=\
    ether1 new-packet-mark=games_in passthrough=yes
add action=mark-packet chain=GAMES disabled=no new-packet-mark=games_out \
    out-interface=ether1 passthrough=yes
add action=mark-packet chain=SHARESERVERS comment=SHARESERVERS disabled=no \
    in-interface=ether1 new-packet-mark=shareservers_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=ShareServers_up_conn \
    disabled=yes new-packet-mark=Shareservers_up passthrough=no
add action=mark-packet chain=SPEEDTESTS comment=SPEEDTESTS disabled=no \
    in-interface=ether1 new-packet-mark=speedtests_in passthrough=no
add action=mark-packet chain=SPEEDTESTS disabled=no new-packet-mark=\
    speedtests_out out-interface=ether1 passthrough=no
add action=mark-packet chain=PRIOR comment="PRIOR(high priority services)" \
    disabled=no in-interface=ether1 new-packet-mark=prior_in passthrough=no
add action=mark-packet chain=PRIOR disabled=no new-packet-mark=prior_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=VIDEO comment=VIDEO disabled=no in-interface=\
    ether1 new-packet-mark=video_in passthrough=no
add action=mark-packet chain=VIDEO disabled=no new-packet-mark=video_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=VOIP comment=VOIP disabled=no in-interface=\
    ether1 new-packet-mark=voip_in passthrough=no
add action=mark-packet chain=VOIP disabled=no new-packet-mark=voip_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=HTTP comment=HTTP disabled=no in-interface=\
    ether1 new-packet-mark=http_in passthrough=no
add action=mark-packet chain=HTTP disabled=no new-packet-mark=http_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=FTP comment=FTP disabled=no in-interface=ether1 \
    new-packet-mark=ftp_in passthrough=no
add action=mark-packet chain=FTP disabled=no new-packet-mark=ftp_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=INTERNET-OTHER comment=INTERNET-OTHER disabled=\
    no in-interface=ether1 new-packet-mark=internet-other_in passthrough=no
add action=mark-packet chain=INTERNET-OTHER disabled=no new-packet-mark=\
    internet-other_out out-interface=ether1 passthrough=no
add action=return chain=HTTP connection-mark=no-mark disabled=no
add action=return chain=FTP connection-mark=no-mark disabled=no
add action=return chain=GAMES connection-mark=no-mark disabled=no
add action=return chain=INTERNET-OTHER connection-mark=no-mark disabled=no
add action=return chain=PRIOR connection-mark=no-mark disabled=no
add action=return chain=SHARESERVERS connection-mark=no-mark disabled=no
add action=return chain=SPEEDTESTS connection-mark=no-mark disabled=no
Top
 
forne
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Tue Feb 15, 2011 3:18 pm

Re: Please check my mangle and qt and help to make it better

Sun Sep 16, 2012 5:26 pm

Code: Select all
add action=return chain=HTTP connection-mark=no-mark disabled=no
add action=return chain=FTP connection-mark=no-mark disabled=no
add action=return chain=GAMES connection-mark=no-mark disabled=no
add action=return chain=INTERNET-OTHER connection-mark=no-mark disabled=no
add action=return chain=PRIOR connection-mark=no-mark disabled=no
add action=return chain=SHARESERVERS connection-mark=no-mark disabled=no
add action=return chain=SPEEDTESTS connection-mark=no-mark disabled=no
The above rules are redundant, because when execution reaches the end of the user's chain, the return to the calling chain occurs anyway for all packets that are still in processing.
Top
 
rado3105
Member
Member
Topic Author
Posts: 492
Joined: Sat Jan 12, 2008 11:45 pm

Re: Please check my mangle and qt and help to make it better

Sun Sep 16, 2012 11:49 pm

I have some problems with this mangles, when i put them in real traffic....but I cant find what is wrong....
Top
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1376
Joined: Mon Jan 05, 2009 6:23 pm
Location: bit.ly/the-qos
Contact:
Contact NetworkPro

Re: Please check my mangle and qt and help to make it better

Tue Oct 09, 2012 9:42 pm

Hello,

If this does not explain it all http://wiki.mikrotik.com/wiki/NetworkPr ... of_Service

I will redact it to include answers to your specific questions, if you have any.

Thanks.
Top
Post Reply
  4. RouterOS
  5. General