classic.ISPforum.cz

Fórum československých telekomunikací
https://classic.ispforum.cz/

Pomoc s mangle a QOS

https://classic.ispforum.cz/viewtopic.php?f=5&t=10205

Stránka 1 z 2

Pomoc s mangle a QOS

Napsal: 16 Sep 2012 11:12
od rado3105
Snazim sa prerobit nejako rozumne mangle, doteraz som to riesil preroutingom a postroutingom....Snazim sa to prerobit prehladne a ucinne na forward. Vie mi to niekto prekontrolovat, co tam doplnit, co chyba, co je zle....Dakujem...

Kód: Vybrat vše

add action=add-dst-to-address-list address-list=p2p-downloaders \
    address-list-timeout=5h chain=forward comment=\
    "Markovanie p2p-downloaderov" disabled=no in-interface=ether1 p2p=all-p2p \
    src-address-list=!p2p-downloaders
add action=add-src-to-address-list address-list=skype address-list-timeout=1h \
    chain=forward comment=skype disabled=no layer7-protocol=skypenack \
    packet-size=39 protocol=udp
add action=mark-connection chain=forward comment=p2p disabled=no \
    new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no layer7-protocol=bittorrent new-connection-mark=p2p_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no layer7-protocol=bittorent2 new-connection-mark=p2p_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no dst-address-list=p2p-downloaders new-connection-mark=p2p_conn \
    passthrough=yes port=10000-65535 protocol=udp
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no dst-address-list=p2p-downloaders new-connection-mark=p2p_conn \
    passthrough=yes port=10000-65535 protocol=tcp
add action=jump chain=forward connection-mark=p2p_conn disabled=no \
    jump-target=P2P
add action=mark-connection chain=forward comment=Games disabled=no \
    layer7-protocol=worldofwarcraft new-connection-mark=games_conn \
    passthrough=yes
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no layer7-protocol=counterstrike-source new-connection-mark=\
    games_conn passthrough=yes
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no new-connection-mark=games_conn passthrough=yes port=\
    27015-27020,27050,28959-28961 protocol=udp
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no new-connection-mark=games_conn passthrough=yes port=\
    55901,55919 protocol=tcp
add action=jump chain=forward connection-mark=games_conn disabled=no \
    jump-target=GAMES
add action=mark-connection chain=prerouting comment=download-servers \
    disabled=yes in-interface=ether1 new-connection-mark=\
    download-servers-in-conn passthrough=yes src-address-list=\
    download-servers
add action=mark-packet chain=prerouting connection-mark=\
    download-servers-in-conn disabled=yes new-packet-mark=download-servers \
    passthrough=no
add action=mark-connection chain=forward comment=ShareServers disabled=no \
    new-connection-mark=ShareServers_conn passthrough=yes src-address-list=\
    ShareServers
add action=mark-connection chain=forward connection-mark=!ShareServers_conn \
    disabled=no new-connection-mark=ShareServers_conn passthrough=yes \
    src-address-list=untitled
add action=jump chain=forward connection-mark=ShareServers_conn disabled=no \
    jump-target=SHARESERVERS
add action=mark-connection chain=forward comment=speedtests disabled=no \
    new-connection-mark=speedtests_conn passthrough=yes src-address-list=\
    speedtests
add action=jump chain=forward connection-mark=speedtests_conn disabled=no \
    jump-target=SPEEDTESTS
add action=mark-connection chain=forward comment=\
    "PRIOR(high priority services)" disabled=no new-connection-mark=\
    prior_conn passthrough=yes port=25,53,110 protocol=tcp
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    prior_conn passthrough=yes protocol=icmp
add action=mark-connection chain=forward connection-mark=!prior_conn \
    disabled=no new-connection-mark=prior_conn passthrough=yes port=53 \
    protocol=udp
add action=jump chain=forward connection-mark=prior_conn disabled=no \
    jump-target=PRIOR
add action=mark-connection chain=forward comment=Video-net disabled=no \
    new-connection-mark=video_conn passthrough=yes src-address-list=video_net
add action=mark-connection chain=forward connection-mark=!video_conn \
    disabled=no new-connection-mark=video_conn passthrough=yes port=1935 \
    protocol=tcp
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    video_conn passthrough=yes port=554 protocol=tcp
add action=jump chain=forward connection-mark=video_conn disabled=no \
    jump-target=VIDEO
add action=mark-connection chain=forward comment=VOIP disabled=no \
    layer7-protocol=skypetoskype new-connection-mark=voip_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!voip_conn \
    connection-rate=0-50k disabled=no new-connection-mark=voip_conn \
    passthrough=yes protocol=udp src-address-list=skype
add action=mark-connection chain=forward connection-mark=!voip_conn disabled=\
    no layer7-protocol=sip new-connection-mark=voip_conn passthrough=yes
add action=mark-connection chain=forward connection-mark=!voip_conn disabled=\
    no layer7-protocol=skypeout new-connection-mark=voip_conn passthrough=no
add action=jump chain=forward connection-mark=voip_conn disabled=no \
    jump-target=VOIP
add action=mark-connection chain=forward comment=HTTP disabled=no \
    new-connection-mark=http_conn passthrough=yes port=26-443,80 protocol=tcp
add action=jump chain=forward connection-mark=http_conn disabled=no \
    jump-target=HTTP
add action=mark-connection chain=forward comment=FTP disabled=no \
    new-connection-mark=ftp_conn passthrough=yes port=20-21 protocol=tcp
add action=jump chain=forward connection-mark=ftp_conn disabled=no \
    jump-target=FTP
add action=mark-packet chain=postrouting disabled=yes new-packet-mark=\
    internet_other_tx out-interface=ether1 passthrough=no
add action=mark-packet chain=P2P comment=P2P disabled=no in-interface=ether1 \
    new-packet-mark=p2p_in passthrough=yes
add action=mark-packet chain=P2P disabled=no new-packet-mark=p2p_out \
    out-interface=ether1 passthrough=yes
add action=mark-packet chain=GAMES comment=GAMES disabled=no in-interface=\
    ether1 new-packet-mark=games_in passthrough=yes
add action=mark-packet chain=GAMES disabled=no new-packet-mark=games_out \
    out-interface=ether1 passthrough=yes
add action=mark-packet chain=SHARESERVERS comment=SHARESERVERS disabled=no \
    in-interface=ether1 new-packet-mark=shareservers_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=ShareServers_up_conn \
    disabled=yes new-packet-mark=Shareservers_up passthrough=no
add action=mark-packet chain=SPEEDTESTS comment=SPEEDTESTS disabled=no \
    in-interface=ether1 new-packet-mark=speedtests_in passthrough=no
add action=mark-packet chain=SPEEDTESTS disabled=no new-packet-mark=\
    speedtests_out out-interface=ether1 passthrough=no
add action=mark-packet chain=PRIOR comment="PRIOR(high priority services)" \
    disabled=no in-interface=ether1 new-packet-mark=prior_in passthrough=no
add action=mark-packet chain=PRIOR disabled=no new-packet-mark=prior_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=VIDEO comment=VIDEO disabled=no in-interface=\
    ether1 new-packet-mark=video_in passthrough=no
add action=mark-packet chain=VIDEO disabled=no new-packet-mark=video_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=VOIP comment=VOIP disabled=no in-interface=\
    ether1 new-packet-mark=voip_in passthrough=no
add action=mark-packet chain=VOIP disabled=no new-packet-mark=voip_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=HTTP comment=HTTP disabled=no in-interface=\
    ether1 new-packet-mark=http_in passthrough=no
add action=mark-packet chain=HTTP disabled=no new-packet-mark=http_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=FTP comment=FTP disabled=no in-interface=ether1 \
    new-packet-mark=ftp_in passthrough=no
add action=mark-packet chain=FTP disabled=no new-packet-mark=ftp_out \
    out-interface=ether1 passthrough=no
add action=mark-connection chain=forward comment=UDP-OTHER connection-mark=\
    !p2p_conn disabled=no new-connection-mark=udp-other_conn passthrough=yes \
    protocol=udp



Kto by mal zaujem, mozem mu dat vstup do mk....

Re: Pomoc s mangle

Napsal: 16 Sep 2012 11:19
od rado3105
Potreboval by som oznacit zvysny traffic, ktory bol doteraz neoznaceny....ked to urobim tak, ze nakoniec dam tieto pravidla:

Kód: Vybrat vše

add action=mark-connection chain=forward comment=UDP-OTHER connection-mark=\
    !p2p_conn disabled=no new-connection-mark=udp-other_conn passthrough=yes \
    protocol=udp
add action=jump chain=forward connection-mark=udp-other_conn disabled=no \
    jump-target=UDP-OTHER
add action=mark-packet chain=UDP-OTHER comment=UDP-OTHER disabled=no \
    in-interface=ether1 new-packet-mark=udp-other_in passthrough=no
add action=mark-packet chain=UDP-OTHER disabled=no new-packet-mark=\
    udp-other_out out-interface=ether1 passthrough=no


tak mi to znaci tie iste pakety ako p2p.....viete poradit?

Re: Pomoc s mangle

Napsal: 16 Sep 2012 16:13
od rado3105
Takto to vyzera zatial:

Kód: Vybrat vše

add action=add-dst-to-address-list address-list=p2p-downloaders \
    address-list-timeout=5h chain=forward comment=\
    "Markovanie p2p-downloaderov" disabled=no in-interface=ether1 p2p=all-p2p \
    src-address-list=!p2p-downloaders
add action=add-src-to-address-list address-list=skype address-list-timeout=1h \
    chain=forward comment=skype disabled=no layer7-protocol=skypenack \
    packet-size=39 protocol=udp
add action=mark-connection chain=forward comment=p2p disabled=no \
    new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no layer7-protocol=bittorrent new-connection-mark=p2p_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no layer7-protocol=bittorent2 new-connection-mark=p2p_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no dst-address-list=p2p-downloaders new-connection-mark=p2p_conn \
    passthrough=yes port=10000-65535 protocol=udp
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no dst-address-list=p2p-downloaders new-connection-mark=p2p_conn \
    passthrough=yes port=10000-65535 protocol=tcp
add action=jump chain=forward connection-mark=p2p_conn disabled=no \
    jump-target=P2P
add action=mark-connection chain=forward comment=Games disabled=no \
    layer7-protocol=worldofwarcraft new-connection-mark=games_conn \
    passthrough=yes
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no layer7-protocol=counterstrike-source new-connection-mark=\
    games_conn passthrough=yes
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no new-connection-mark=games_conn passthrough=yes port=\
    27015-27020,27050,28959-28961 protocol=udp
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no new-connection-mark=games_conn passthrough=yes port=\
    55901,55919 protocol=tcp
add action=jump chain=forward connection-mark=games_conn disabled=no \
    jump-target=GAMES
add action=mark-connection chain=prerouting comment=download-servers \
    disabled=yes in-interface=ether1 new-connection-mark=\
    download-servers-in-conn passthrough=yes src-address-list=\
    download-servers
add action=mark-packet chain=prerouting connection-mark=\
    download-servers-in-conn disabled=yes new-packet-mark=download-servers \
    passthrough=no
add action=mark-connection chain=prerouting comment=linux disabled=yes \
    in-interface=ether1 new-connection-mark=Linux_conn passthrough=yes \
    src-address-list=Linux
add action=mark-packet chain=prerouting connection-mark=Linux_conn disabled=\
    yes new-packet-mark=Linux passthrough=no
add action=mark-connection chain=prerouting comment=Porn disabled=yes \
    in-interface=ether1 new-connection-mark=Porn_conn passthrough=yes \
    src-address-list=Porn
add action=mark-packet chain=prerouting connection-mark=Porn_conn disabled=\
    yes new-packet-mark=Porn passthrough=no
add action=mark-connection chain=prerouting comment=facebook_in disabled=yes \
    in-interface=ether1 new-connection-mark=facebook-in-conn passthrough=yes \
    src-address-list=facebook
add action=mark-packet chain=prerouting connection-mark=facebook-in-conn \
    disabled=yes new-packet-mark=facebook-in passthrough=no
add action=mark-connection chain=forward comment=ShareServers disabled=no \
    new-connection-mark=ShareServers_conn passthrough=yes src-address-list=\
    ShareServers
add action=mark-connection chain=forward connection-mark=!ShareServers_conn \
    disabled=no new-connection-mark=ShareServers_conn passthrough=yes \
    src-address-list=untitled
add action=jump chain=forward connection-mark=ShareServers_conn disabled=no \
    jump-target=SHARESERVERS
add action=mark-connection chain=forward comment=speedtests disabled=no \
    new-connection-mark=speedtests_conn passthrough=yes src-address-list=\
    speedtests
add action=jump chain=forward connection-mark=speedtests_conn disabled=no \
    jump-target=SPEEDTESTS
add action=mark-connection chain=forward comment=\
    "PRIOR(high priority services)" disabled=no new-connection-mark=\
    prior_conn passthrough=yes port=25,53,110 protocol=tcp
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    prior_conn passthrough=yes protocol=icmp
add action=mark-connection chain=forward connection-mark=!prior_conn \
    disabled=no new-connection-mark=prior_conn passthrough=yes port=53 \
    protocol=udp
add action=jump chain=forward connection-mark=prior_conn disabled=no \
    jump-target=PRIOR
add action=mark-connection chain=forward comment=Video-net disabled=no \
    new-connection-mark=video_conn passthrough=yes src-address-list=video_net
add action=mark-connection chain=forward connection-mark=!video_conn \
    disabled=no new-connection-mark=video_conn passthrough=yes port=1935 \
    protocol=tcp
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    video_conn passthrough=yes port=554 protocol=tcp
add action=jump chain=forward connection-mark=video_conn disabled=no \
    jump-target=VIDEO
add action=mark-connection chain=forward comment=VOIP disabled=no \
    layer7-protocol=skypetoskype new-connection-mark=voip_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!voip_conn \
    connection-rate=0-50k disabled=no new-connection-mark=voip_conn \
    passthrough=yes protocol=udp src-address-list=skype
add action=mark-connection chain=forward connection-mark=!voip_conn disabled=\
    no layer7-protocol=sip new-connection-mark=voip_conn passthrough=yes
add action=mark-connection chain=forward connection-mark=!voip_conn disabled=\
    no layer7-protocol=skypeout new-connection-mark=voip_conn passthrough=no
add action=jump chain=forward connection-mark=voip_conn disabled=no \
    jump-target=VOIP
add action=mark-connection chain=forward comment=HTTP connection-mark=no-mark \
    disabled=no new-connection-mark=http_conn passthrough=yes port=26-443,80 \
    protocol=tcp
add action=jump chain=forward connection-mark=http_conn disabled=no \
    jump-target=HTTP
add action=mark-connection chain=forward comment=FTP disabled=no \
    new-connection-mark=ftp_conn passthrough=yes port=20-21 protocol=tcp
add action=jump chain=forward connection-mark=ftp_conn disabled=no \
    jump-target=FTP
add action=mark-connection chain=forward comment=INTERNET-OTHER \
    connection-mark=no-mark disabled=no new-connection-mark=\
    internet-other_conn passthrough=yes
add action=jump chain=forward connection-mark=internet-other_conn disabled=no \
    jump-target=INTERNET-OTHER
add action=mark-packet chain=P2P comment=P2P disabled=no in-interface=ether1 \
    new-packet-mark=p2p_in passthrough=yes
add action=mark-packet chain=P2P disabled=no new-packet-mark=p2p_out \
    out-interface=ether1 passthrough=yes
add action=mark-packet chain=GAMES comment=GAMES disabled=no in-interface=\
    ether1 new-packet-mark=games_in passthrough=yes
add action=mark-packet chain=GAMES disabled=no new-packet-mark=games_out \
    out-interface=ether1 passthrough=yes
add action=mark-packet chain=SHARESERVERS comment=SHARESERVERS disabled=no \
    in-interface=ether1 new-packet-mark=shareservers_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=ShareServers_up_conn \
    disabled=yes new-packet-mark=Shareservers_up passthrough=no
add action=mark-packet chain=SPEEDTESTS comment=SPEEDTESTS disabled=no \
    in-interface=ether1 new-packet-mark=speedtests_in passthrough=no
add action=mark-packet chain=SPEEDTESTS disabled=no new-packet-mark=\
    speedtests_out out-interface=ether1 passthrough=no
add action=mark-packet chain=PRIOR comment="PRIOR(high priority services)" \
    disabled=no in-interface=ether1 new-packet-mark=prior_in passthrough=no
add action=mark-packet chain=PRIOR disabled=no new-packet-mark=prior_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=VIDEO comment=VIDEO disabled=no in-interface=\
    ether1 new-packet-mark=video_in passthrough=no
add action=mark-packet chain=VIDEO disabled=no new-packet-mark=video_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=VOIP comment=VOIP disabled=no in-interface=\
    ether1 new-packet-mark=voip_in passthrough=no
add action=mark-packet chain=VOIP disabled=no new-packet-mark=voip_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=HTTP comment=HTTP disabled=no in-interface=\
    ether1 new-packet-mark=http_in passthrough=no
add action=mark-packet chain=HTTP disabled=no new-packet-mark=http_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=FTP comment=FTP disabled=no in-interface=ether1 \
    new-packet-mark=ftp_in passthrough=no
add action=mark-packet chain=FTP disabled=no new-packet-mark=ftp_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=INTERNET-OTHER comment=INTERNET-OTHER disabled=\
    no in-interface=ether1 new-packet-mark=internet-other_in passthrough=no
add action=mark-packet chain=INTERNET-OTHER disabled=no new-packet-mark=\
    internet-other_out out-interface=ether1 passthrough=no
add action=return chain=HTTP connection-mark=no-mark disabled=no
add action=return chain=FTP connection-mark=no-mark disabled=no
add action=return chain=GAMES connection-mark=no-mark disabled=no
add action=return chain=INTERNET-OTHER connection-mark=no-mark disabled=no
add action=return chain=PRIOR connection-mark=no-mark disabled=no
add action=return chain=SHARESERVERS connection-mark=no-mark disabled=no
add action=return chain=SPEEDTESTS connection-mark=no-mark disabled=no


uvitam pripomienky, co je zle....

Re: Pomoc s mangle

Napsal: 16 Sep 2012 22:42
od rado3105
skusil som v ostrej prevadzke tieto pravidla, ale nefunguju spravne, vysoka odozva a podstatne niszie parametre ako ked su vypnute....
a chybu najst neviem...tak ak by niekto na to mrkol bol by som rad....
hapi, co na to hovoris?

Re: Pomoc s mangle

Napsal: 17 Sep 2012 08:41
od hapi
passthrough=yes ?

Re: Pomoc s mangle

Napsal: 17 Sep 2012 10:07
od rado3105
Vdaka hapi, takze zatial to vyzera takto.....vyjadri sa este niekto?

Kód: Vybrat vše

add action=add-dst-to-address-list address-list=p2p-downloaders \
    address-list-timeout=5h chain=forward comment="Mark p2p-downloaders" \
    disabled=no in-interface=ether1 p2p=all-p2p src-address-list=\
    !p2p-downloaders
add action=add-src-to-address-list address-list=skype address-list-timeout=1h \
    chain=forward comment=skype disabled=no layer7-protocol=skypenack \
    packet-size=39 protocol=udp
add action=mark-connection chain=forward comment=p2p disabled=no \
    new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no layer7-protocol=bittorrent new-connection-mark=p2p_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no layer7-protocol=bittorent2 new-connection-mark=p2p_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no dst-address-list=p2p-downloaders new-connection-mark=p2p_conn \
    passthrough=yes port=10000-65535 protocol=udp
add action=mark-connection chain=forward connection-mark=!p2p_conn disabled=\
    no dst-address-list=p2p-downloaders new-connection-mark=p2p_conn \
    passthrough=yes port=10000-65535 protocol=tcp
add action=jump chain=forward connection-mark=p2p_conn disabled=no \
    jump-target=P2P
add action=mark-connection chain=forward comment=Games disabled=no \
    layer7-protocol=worldofwarcraft new-connection-mark=games_conn \
    passthrough=yes
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no layer7-protocol=counterstrike-source new-connection-mark=\
    games_conn passthrough=yes
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no new-connection-mark=games_conn passthrough=yes port=\
    27015-27020,27050,28959-28961 protocol=udp
add action=mark-connection chain=forward connection-mark=!games_conn \
    disabled=no new-connection-mark=games_conn passthrough=yes port=\
    55901,55919 protocol=tcp
add action=jump chain=forward connection-mark=games_conn disabled=no \
    jump-target=GAMES
add action=mark-connection chain=prerouting comment=download-servers \
    disabled=yes in-interface=ether1 new-connection-mark=\
    download-servers-in-conn passthrough=yes src-address-list=\
    download-servers
add action=mark-packet chain=prerouting connection-mark=\
    download-servers-in-conn disabled=yes new-packet-mark=download-servers \
    passthrough=no
add action=mark-connection chain=forward comment=ShareServers disabled=no \
    new-connection-mark=ShareServers_conn passthrough=yes src-address-list=\
    ShareServers
add action=mark-connection chain=forward connection-mark=!ShareServers_conn \
    disabled=no new-connection-mark=ShareServers_conn passthrough=yes \
    src-address-list=untitled
add action=jump chain=forward connection-mark=ShareServers_conn disabled=no \
    jump-target=SHARESERVERS
add action=mark-connection chain=forward comment=speedtests disabled=no \
    new-connection-mark=speedtests_conn passthrough=yes src-address-list=\
    speedtests
add action=jump chain=forward connection-mark=speedtests_conn disabled=no \
    jump-target=SPEEDTESTS
add action=mark-connection chain=forward comment=\
    "PRIOR(high priority services)" disabled=no new-connection-mark=\
    prior_conn passthrough=yes port=25,53,110 protocol=tcp
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    prior_conn passthrough=yes protocol=icmp
add action=mark-connection chain=forward connection-mark=!prior_conn \
    disabled=no new-connection-mark=prior_conn passthrough=yes port=53 \
    protocol=udp
add action=jump chain=forward connection-mark=prior_conn disabled=no \
    jump-target=PRIOR
add action=mark-connection chain=forward comment=Video-net disabled=no \
    new-connection-mark=video_conn passthrough=yes src-address-list=video_net
add action=mark-connection chain=forward connection-mark=!video_conn \
    disabled=no new-connection-mark=video_conn passthrough=yes port=1935 \
    protocol=tcp
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    video_conn passthrough=yes port=554 protocol=tcp
add action=jump chain=forward connection-mark=video_conn disabled=no \
    jump-target=VIDEO
add action=mark-connection chain=forward comment=VOIP disabled=no \
    layer7-protocol=skypetoskype new-connection-mark=voip_conn passthrough=\
    yes
add action=mark-connection chain=forward connection-mark=!voip_conn \
    connection-rate=0-50k disabled=no new-connection-mark=voip_conn \
    passthrough=yes protocol=udp src-address-list=skype
add action=mark-connection chain=forward connection-mark=!voip_conn disabled=\
    no layer7-protocol=sip new-connection-mark=voip_conn passthrough=yes
add action=mark-connection chain=forward connection-mark=!voip_conn disabled=\
    no layer7-protocol=skypeout new-connection-mark=voip_conn passthrough=yes
add action=jump chain=forward connection-mark=voip_conn disabled=no \
    jump-target=VOIP
add action=mark-connection chain=forward comment=HTTP connection-mark=no-mark \
    disabled=no new-connection-mark=http_conn passthrough=yes port=26-443,80 \
    protocol=tcp
add action=jump chain=forward connection-mark=http_conn disabled=no \
    jump-target=HTTP
add action=mark-connection chain=forward comment=FTP disabled=no \
    new-connection-mark=ftp_conn passthrough=yes port=20-21 protocol=tcp
add action=jump chain=forward connection-mark=ftp_conn disabled=no \
    jump-target=FTP
add action=mark-connection chain=forward comment=INTERNET-OTHER \
    connection-mark=no-mark disabled=no new-connection-mark=\
    internet-other_conn passthrough=yes
add action=jump chain=forward connection-mark=internet-other_conn disabled=no \
    jump-target=INTERNET-OTHER
add action=mark-packet chain=prerouting connection-mark=windows_conn \
    disabled=yes new-packet-mark=windows passthrough=no
add action=mark-packet chain=P2P comment=P2P disabled=no in-interface=ether1 \
    new-packet-mark=p2p_in passthrough=no
add action=mark-packet chain=P2P disabled=no new-packet-mark=p2p_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=GAMES comment=GAMES disabled=no in-interface=\
    ether1 new-packet-mark=games_in passthrough=no
add action=mark-packet chain=GAMES disabled=no new-packet-mark=games_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=SHARESERVERS comment=SHARESERVERS disabled=no \
    in-interface=ether1 new-packet-mark=shareservers_in passthrough=no
add action=mark-packet chain=postrouting connection-mark=ShareServers_up_conn \
    disabled=no new-packet-mark=Shareservers_up passthrough=no
add action=mark-packet chain=SPEEDTESTS comment=SPEEDTESTS disabled=no \
    in-interface=ether1 new-packet-mark=speedtests_in passthrough=no
add action=mark-packet chain=SPEEDTESTS disabled=no new-packet-mark=\
    speedtests_out out-interface=ether1 passthrough=no
add action=mark-packet chain=PRIOR comment="PRIOR(high priority services)" \
    disabled=no in-interface=ether1 new-packet-mark=prior_in passthrough=no
add action=mark-packet chain=PRIOR disabled=no new-packet-mark=prior_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=VIDEO comment=VIDEO disabled=no in-interface=\
    ether1 new-packet-mark=video_in passthrough=no
add action=mark-packet chain=VIDEO disabled=no new-packet-mark=video_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=VOIP comment=VOIP disabled=no in-interface=\
    ether1 new-packet-mark=voip_in passthrough=no
add action=mark-packet chain=VOIP disabled=no new-packet-mark=voip_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=HTTP comment=HTTP disabled=no in-interface=\
    ether1 new-packet-mark=http_in passthrough=no
add action=mark-packet chain=HTTP disabled=no new-packet-mark=http_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=FTP comment=FTP disabled=no in-interface=ether1 \
    new-packet-mark=ftp_in passthrough=no
add action=mark-packet chain=FTP disabled=no new-packet-mark=ftp_out \
    out-interface=ether1 passthrough=no
add action=mark-packet chain=INTERNET-OTHER comment=INTERNET-OTHER disabled=\
    no in-interface=ether1 new-packet-mark=internet-other_in passthrough=no
add action=mark-packet chain=INTERNET-OTHER disabled=no new-packet-mark=\
    internet-other_out out-interface=ether1 passthrough=no

Re: Pomoc s mangle

Napsal: 17 Sep 2012 10:23
od hapi
teď ale nevim co chceš. Funguje to? naskakujou čísla v mangle? naskakujou čísla v QT? co to passthrough? pokud tam nemáš něco extra tak by bylo vhodný ho všude vypnout.

Re: Pomoc s mangle

Napsal: 17 Sep 2012 10:39
od rado3105
vsetko naskakuje, len clovek ktory je na danej casti sieti nie je doma...tak musim pockat kym dojde a testne to, ja som mimo siete....
Preco si myslis ze by to passthrough malo byt vsade vypnute? potom ked to vypnem v mark connection tak to neskoci na mark packet. Alebo mi nieco uchadza?

Re: Pomoc s mangle

Napsal: 17 Sep 2012 10:50
od hapi
passthrough=no:
pokud paket vyhovuje pravidlu tak dál se už netestuje.

passthrough=yes:
pokud paket vyhovuje pravidlu tak se pustí dál pro testování na další pravidla v pořadí takže pokud si omarkuješ paket a on vyhovuje nějakýmu dalšímu pravidlu tak mu to pravidlo může přepsat mark nebo s nim udělat prostě cokoliv jinýho. Navíc pokud to máš všude zapnutý tak pravidlo chtě nechtě projede všechny pravidla = větší zátěž cpu. Člověk se pak diví že to chodí naprosto blbě díky týhle funkci. Dokáže zamotat hlavu hodně lidem.

Re: Pomoc s mangle

Napsal: 17 Sep 2012 10:55
od rado3105
Takze vsade to treba dat na NO?

co som cital manual tak odporucaju v connection mark necha passthrough=yes a v packet mark no.
http://forum.mikrotik.com/viewtopic.php?f=1&t=49106
http://www.mikrotik.com/testdocs/ros/2.9/ip/mangle.php
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle

Re: Pomoc s mangle

Napsal: 17 Sep 2012 11:00
od hapi
všude máme "no". Pokud tam neplánuješ nějaký logicný zvrhlosti tak "no". Linux má defaultně "no". Vlastně linux defaultně v iptables tuhle funkci nemá takže "no".

Re: Pomoc s mangle

Napsal: 17 Sep 2012 11:34
od rado3105
Ked som dal vsade passthrough=NO, tak mi qos neprioritizuje mnozstvo veci....
Povodne som to mal v prerouting a postrouting a mam pocit ze to fungovalo podstatne lepsie, nemyslis hapi ze to je lepsie prerobit do pre/post routingu?

Re: Pomoc s mangle

Napsal: 17 Sep 2012 11:50
od hapi
hmm čoveče, nevim. Mám všechno ve forwardu. Mělo by to být možná i uplně jedno. Spíš záleží jestli nemáš třeba stejný názvy marků. Já třeba protože nechci shapovat lokální provoz tak mám u pravidel specifikovaný in/out iface. Všechno záleží na pravidlech.

Re: Pomoc s mangle

Napsal: 17 Sep 2012 12:01
od rado3105
tiez mam z toho isteho dovodu shapovany in a out interface....ether1 je internet....

Takze ked tam mam passthrough no(pri connections) qt nefunguje a aj mangle to neposuva do packet mark......
neukazal by si hapi svoje mangle a qt? popripade pm? vdaka...

Re: Pomoc s mangle

Napsal: 17 Sep 2012 12:52
od rado3105
http://forum.mikrotik.com/viewtopic.php?f=9&t=33313
http://phix.me/dm/

vyzera ze tejto problematike sa vela ludi nerozumie, taktiez vela sa ani nechce podelit(ich dovody su pochopitelne..)
Všechny časy jsou v UTC+02:00
Stránka 1 z 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/