Marking traffic 80 and others
Posted: Tue Feb 12, 2008 1:10 pm
Hello MT
with reference to the link http://wiki.mikrotik.com/wiki/Load_Bala ... e_Gateways i am making some marking tarffic with different gateways i am using squid proxy another machine here is my conf
this configuration is correct all traffic out from ether2 except 80 port ?
ether 1 LAN 172.16.0.1/16
ether 2 WAN 10.10.10.2/29
ether 3 WAN 192.168.1.2/24
/ip firewall mangle print
chain=prerouting in-interface=ether1 protocol=tcp dst-port=80 action=mark-connection new-connection-mark=WEB-CONN passthrough=yes
chain=prerouting in-interface=ether1 connection-mark=WEB-CONN action=mark-routing new-routing-mark=WEB-ROUTE passthrough=no
chain=prerouting in-interface=ether1 action=mark-connection new-connection-mark=OTHER-CONN passthrough=yes
chain=prerouting in-interface=ether1 connection-mark=OTHER-CONN action=mark-routing new-routing-mark=OTHER-ROUTE passthrough=no
/ip firewall nat print
chain=srcnat connection-mark=WEB-CONN action=src-nat to-addresses=192.168.1.2 to-ports=0-65535
chain=srcnat connection-mark=OTHER-CONN action=src-nat to-addresses=10.10.10.2 to-ports=0-65535
/ip route print
/ip route print
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 192.168.1.0/24 192.168.1.2 ether3
1 ADC 172.16.0.0/24 172.16.0.1 ether1
2 ADC 10.10.10.0/29 10.10.10.2 ether2
3 S 0.0.0.0/0 r 192.168.1.1 ether3 mark=WEB-ROUTE
4 S 0.0.0.0/0 r 10.10.10.1 ether2 mark=OTHER-ROUTE
5 s 0.0.0.0/0 r 10.10.10.1 ether2 default
with reference to the link http://wiki.mikrotik.com/wiki/Load_Bala ... e_Gateways i am making some marking tarffic with different gateways i am using squid proxy another machine here is my conf
this configuration is correct all traffic out from ether2 except 80 port ?
ether 1 LAN 172.16.0.1/16
ether 2 WAN 10.10.10.2/29
ether 3 WAN 192.168.1.2/24
/ip firewall mangle print
chain=prerouting in-interface=ether1 protocol=tcp dst-port=80 action=mark-connection new-connection-mark=WEB-CONN passthrough=yes
chain=prerouting in-interface=ether1 connection-mark=WEB-CONN action=mark-routing new-routing-mark=WEB-ROUTE passthrough=no
chain=prerouting in-interface=ether1 action=mark-connection new-connection-mark=OTHER-CONN passthrough=yes
chain=prerouting in-interface=ether1 connection-mark=OTHER-CONN action=mark-routing new-routing-mark=OTHER-ROUTE passthrough=no
/ip firewall nat print
chain=srcnat connection-mark=WEB-CONN action=src-nat to-addresses=192.168.1.2 to-ports=0-65535
chain=srcnat connection-mark=OTHER-CONN action=src-nat to-addresses=10.10.10.2 to-ports=0-65535
/ip route print
/ip route print
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 192.168.1.0/24 192.168.1.2 ether3
1 ADC 172.16.0.0/24 172.16.0.1 ether1
2 ADC 10.10.10.0/29 10.10.10.2 ether2
3 S 0.0.0.0/0 r 192.168.1.1 ether3 mark=WEB-ROUTE
4 S 0.0.0.0/0 r 10.10.10.1 ether2 mark=OTHER-ROUTE
5 s 0.0.0.0/0 r 10.10.10.1 ether2 default