Community discussions

MikroTik App
 
User avatar
rafpelegri
just joined
Topic Author
Posts: 2
Joined: Thu Oct 20, 2016 10:09 pm
Location: Brazil

Mark Conn and Packet Issue - 6.38.5 and 6.39

Tue May 02, 2017 9:04 pm

Good afternoon. I'm trying to create Queue Tree rules in my hEX RB750r2 and I'm not getting it. I think it's because of the connection mark and package mark, even though it's something simple. The RouterOS version is 6.39. Also did not work in 6.38.5. I've created additional rules to make sure packages are marked, but they're not. I just want to mark http packages to limit downloads. Here are my rules:

[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=prerouting action=passthrough

1 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough

2 D ;;; special dummy rule to show fasttrack counters
chain=postrouting action=passthrough

3 chain=forward action=mark-connection new-connection-mark=http_con passthrough=yes tcp-flags="" protocol=tcp connection-mark=no-mark port=80 log=no log-prefix=""

4 chain=postrouting action=mark-connection new-connection-mark=http_con passthrough=yes tcp-flags="" protocol=tcp connection-mark=no-mark port=80 log=no log-prefix=""

5 chain=prerouting action=mark-connection new-connection-mark=http_con passthrough=yes tcp-flags="" connection-state="" protocol=tcp connection-mark=no-mark port=80 log=no log-prefix=""

6 chain=forward action=mark-packet new-packet-mark=http_pkg passthrough=no connection-mark=http_con packet-mark=no-mark log=no log-prefix=""

7 chain=postrouting action=mark-packet new-packet-mark=http_pkg passthrough=no connection-mark=http_con packet-mark=no-mark log=no log-prefix=""

8 chain=prerouting action=mark-packet new-packet-mark=http_pkg passthrough=no connection-mark=http_con packet-mark=no-mark log=no log-prefix=""

9 chain=prerouting action=mark-packet new-packet-mark=http_pkg passthrough=yes protocol=tcp packet-mark=no-mark port=80 log=no log-prefix=""

10 chain=forward action=mark-packet new-packet-mark=http_pkg passthrough=yes protocol=tcp packet-mark=no-mark port=80 log=no log-prefix=""

11 chain=postrouting action=mark-packet new-packet-mark=http_pkg passthrough=yes protocol=tcp packet-mark=no-mark port=80 log=no log-prefix=""

It turns out that in the firewall window, in the Mangle tab, the difference of Bytes and Packets that cross the three default rules and the rules that I created is very large. While the download of a file reaches 7MB / s, the number of connections marked is only a few KiBytes and marked packets is only a few hundred KiBytes.
Any solution?
 
User avatar
pietroscherer
Trainer
Trainer
Posts: 170
Joined: Thu Mar 05, 2015 3:05 pm
Location: RS, Brazil
Contact:

Re: Mark Conn and Packet Issue - 6.38.5 and 6.39

Tue May 02, 2017 10:26 pm

It seems that Fasttrack is enabled in your router.
Could you paste the following output?
/ip firewall filter export

Who is online

Users browsing this forum: kbabioch, seriosha and 31 guests