AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers

209

RouterOS v3 Configuration and User Guide

 

 

 

rst - drop connection syn - new connection urg - urgent data

tcp-mss(integer: 0..65535) - matches TCP MSS value of an IP packet

time (time-time,sat fri thu wed tue mon sun{+}) - allows to create filter based on the packets' arrival time and date or, for locally generated packets, departure time and date

￿

Instead of making two rules if you want to mark a packet, connection or routing-mark and finish mangle table processing on that event (in other words, mark and simultaneously accept the packet), you may disable the set by default passthrough property of the marking rule.

Usually routing-mark is not used for P2P, since P2P traffic always is routed over a default getaway.

9.2.3 Application Examples

Description

The following section discusses some examples of using the mangle facility.

Peer-to-PeerTraffic Marking

To ensure the quality of service for network connection, interactive traffic types such as VoIP and HTTP should be prioritized over non-interactive, such as peer-to-peer network traffic. RouterOS QOS implementation uses mangle to mark different types of traffic first, and then place them into queues with different limits.

The following example enforces the P2P traffic will get no more than 1Mbps of the total link capacity when the link is heavily used by other traffic otherwice expanding to the full link capacity:

[admin@AT-WR4562] > /ip firewall mangle add chain=forward \

\... p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn [admin@AT-WR4562] > /ip firewall mangle add chain=forward \

\... connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p [admin@AT-WR4562] > /ip firewall mangle add chain=forward \

\... connection-mark=!p2p_conn action=mark-packet new-packet-mark=other [admin@AT-WR4562] > /ip firewall mangle print

Flags: X - disabled, I - invalid, D - dynamic

0chain=forward p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn

1 chain=forward connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p

2chain=forward packet-mark=!p2p_conn action=mark-packet new-packet-mark=other [admin@AT-WR4562] >

[admin@AT-WR4562] > /queue tree add parent=Public packet-mark=p2p limit-at=1000000 \ \... max-limit=100000000 priority=8

[admin@AT-WR4562] > /queue tree add parent=Local packet-mark=p2p limit-at=1000000 \ \... max-limit=100000000 priority=8

[admin@AT-WR4562] > /queue tree add parent=Public packet-mark=other limit-at=1000000 \ \... max-limit=100000000 priority=1

[admin@AT-WR4562] > /queue tree add parent=Local packet-mark=other limit-at=1000000 \ \... max-limit=100000000 priority=1

Mark by MAC address

To mark traffic from a known MAC address which goes to the router or through it, do the following:

[admin@AT-WR4562] > / ip firewall mangle add chain=prerouting \

\... src-mac-address=00:01:29:60:36:E7 action=mark-connection new-connection- mark=known_mac_conn

[admin@AT-WR4562] > / ip firewall mangle add chain=prerouting \

\... connection-mark=known_mac_conn action=mark-packet new-packet-mark=known_mac

Page 208 Page 210
Page 209
Image 209
Allied Telesis AT-WR4500 manual Peer-to-PeerTraffic Marking, Mark by MAC address
Page 208 Page 210
Top Page Image Contents