[Mikrotik] Fasttrack question

Justin Marshall Thu, 16 Jul 2015 11:33:46 -0700

Hi,

I have a quick question re: the fast track feature that was recently added to 
RouterOS.


I have a customer that has a Mikrotik 951 router set up as a Home AP/router.  
I've also put some mangle rules in place to prioritize traffic for VOIP.

Are the fast track rules that go into /ip firewall filter going to have an 
impact on the mangle rules in any way?

Here's an export of the /ip filrewall:

/ip firewall filter
add chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp 
src-address-list=management-servers
add action=drop chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp
add action=fasttrack-connection chain=forward 
connection-state=established,related
add chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
/ip firewall mangle
add action=add-src-to-address-list address-list=SIPPHONE 
address-list-timeout=1h chain=forward comment=\
    "** SIPQOS Version 1.1 ** Capture SIP traffic from phones" 
dst-port=5060-5061 protocol=udp src-address-list=LANIPSPACE
add action=add-src-to-address-list address-list=SIPPHONE 
address-list-timeout=1h chain=forward comment=\
    "** SIPQOS Version 1.1 ** Capture RTP traffic from phones" 
dst-port=10000-20000 protocol=udp src-address-list=LANIPSPACE
add action=mark-packet chain=forward comment="** SIPQOS Version 1.1 ** Mark SIP 
traffic from phones" new-packet-mark=sip-UP passthrough=no \
    src-address-list=SIPPHONE
add action=mark-packet chain=forward comment="** SIPQOS Version 1.1 ** Mark SIP 
traffic to phones" dst-address-list=SIPPHONE new-packet-mark=sip-DOWN \
    passthrough=no
add action=mark-packet chain=forward comment="** SIPQOS Version 1.1 ** Mark 
OTHER traffic from LAN" new-packet-mark=other-UP passthrough=no \
    src-address-list=LANIPSPACE
add action=mark-packet chain=forward comment="** SIPQOS Version 1.1 ** Mark 
OTHER traffic to LAN" dst-address-list=LANIPSPACE new-packet-mark=\
    other-DOWN passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=8292 
protocol=tcp to-addresses=192.168.1.50 to-ports=8292
add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=80 
protocol=tcp to-addresses=192.168.1.180 to-ports=80
add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=4520-4524 
protocol=tcp to-addresses=192.168.1.180 to-ports=4520-4524

Thanks,
Justin
just...@pdmnet.net<mailto:just...@pdmnet.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/9799ace9/attachment.html>
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

[Mikrotik] Fasttrack question

Reply via email to