[Mikrotik] IPv6 online?
Butch, How is that IPv6 online course coming? ;) Thanks, Jerry Roy -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/bd6d9edc/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Fasttrack question
Yeah, I had read something about it messing up queues, but couldn't find anything about mangle. I still see the counters incrementing, so it's still marking packets -Original Message- From: mikrotik-boun...@mail.butchevans.com [mailto:mikrotik-boun...@mail.butchevans.com] On Behalf Of Josh Luthman Sent: Thursday, July 16, 2015 2:31 PM To: Mikrotik discussions Subject: Re: [Mikrotik] Fasttrack question Yes. Fasttrack can break QOS stuff. They specifically warned it on their announcement forum thread. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Jul 16, 2015 at 2:24 PM, Justin Marshall just...@pdmnet.net wrote: Hi, I have a quick question re: the fast track feature that was recently added to RouterOS. I have a customer that has a Mikrotik 951 router set up as a Home AP/router. I've also put some mangle rules in place to prioritize traffic for VOIP. Are the fast track rules that go into /ip firewall filter going to have an impact on the mangle rules in any way? Here's an export of the /ip filrewall: /ip firewall filter add chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp src-address-list=management-servers add action=drop chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp add action=fasttrack-connection chain=forward connection-state=established,related add chain=forward connection-state=established,related add action=drop chain=forward connection-state=invalid /ip firewall mangle add action=add-src-to-address-list address-list=SIPPHONE address-list-timeout=1h chain=forward comment=\ ** SIPQOS Version 1.1 ** Capture SIP traffic from phones dst-port=5060-5061 protocol=udp src-address-list=LANIPSPACE add action=add-src-to-address-list address-list=SIPPHONE address-list-timeout=1h chain=forward comment=\ ** SIPQOS Version 1.1 ** Capture RTP traffic from phones dst-port=1-2 protocol=udp src-address-list=LANIPSPACE add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark SIP traffic from phones new-packet-mark=sip-UP passthrough=no \ src-address-list=SIPPHONE add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark SIP traffic to phones dst-address-list=SIPPHONE new-packet-mark=sip-DOWN \ passthrough=no add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark OTHER traffic from LAN new-packet-mark=other-UP passthrough=no \ src-address-list=LANIPSPACE add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark OTHER traffic to LAN dst-address-list=LANIPSPACE new-packet-mark=\ other-DOWN passthrough=no /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=8292 protocol=tcp to-addresses=192.168.1.50 to-ports=8292 add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=80 protocol=tcp to-addresses=192.168.1.180 to-ports=80 add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=4520-4524 protocol=tcp to-addresses=192.168.1.180 to-ports=4520-4524 Thanks, Justin just...@pdmnet.netmailto:just...@pdmnet.net -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/979 9ace9/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/4795e4f7/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] Fasttrack question
Right the first ones, but not the subsequent ones - those are going to fasttrack. I could be wrong, but I believe that's what breaks the firewall rules. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Jul 16, 2015 at 2:37 PM, Justin Marshall just...@pdmnet.net wrote: Yeah, I had read something about it messing up queues, but couldn't find anything about mangle. I still see the counters incrementing, so it's still marking packets -Original Message- From: mikrotik-boun...@mail.butchevans.com [mailto: mikrotik-boun...@mail.butchevans.com] On Behalf Of Josh Luthman Sent: Thursday, July 16, 2015 2:31 PM To: Mikrotik discussions Subject: Re: [Mikrotik] Fasttrack question Yes. Fasttrack can break QOS stuff. They specifically warned it on their announcement forum thread. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Jul 16, 2015 at 2:24 PM, Justin Marshall just...@pdmnet.net wrote: Hi, I have a quick question re: the fast track feature that was recently added to RouterOS. I have a customer that has a Mikrotik 951 router set up as a Home AP/router. I've also put some mangle rules in place to prioritize traffic for VOIP. Are the fast track rules that go into /ip firewall filter going to have an impact on the mangle rules in any way? Here's an export of the /ip filrewall: /ip firewall filter add chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp src-address-list=management-servers add action=drop chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp add action=fasttrack-connection chain=forward connection-state=established,related add chain=forward connection-state=established,related add action=drop chain=forward connection-state=invalid /ip firewall mangle add action=add-src-to-address-list address-list=SIPPHONE address-list-timeout=1h chain=forward comment=\ ** SIPQOS Version 1.1 ** Capture SIP traffic from phones dst-port=5060-5061 protocol=udp src-address-list=LANIPSPACE add action=add-src-to-address-list address-list=SIPPHONE address-list-timeout=1h chain=forward comment=\ ** SIPQOS Version 1.1 ** Capture RTP traffic from phones dst-port=1-2 protocol=udp src-address-list=LANIPSPACE add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark SIP traffic from phones new-packet-mark=sip-UP passthrough=no \ src-address-list=SIPPHONE add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark SIP traffic to phones dst-address-list=SIPPHONE new-packet-mark=sip-DOWN \ passthrough=no add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark OTHER traffic from LAN new-packet-mark=other-UP passthrough=no \ src-address-list=LANIPSPACE add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark OTHER traffic to LAN dst-address-list=LANIPSPACE new-packet-mark=\ other-DOWN passthrough=no /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=8292 protocol=tcp to-addresses=192.168.1.50 to-ports=8292 add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=80 protocol=tcp to-addresses=192.168.1.180 to-ports=80 add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=4520-4524 protocol=tcp to-addresses=192.168.1.180 to-ports=4520-4524 Thanks, Justin just...@pdmnet.netmailto:just...@pdmnet.net -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/979 9ace9/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/4795e4f7/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/f7f6c4ed/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http
Re: [Mikrotik] Fasttrack question
Yes. Fasttrack can break QOS stuff. They specifically warned it on their announcement forum thread. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Jul 16, 2015 at 2:24 PM, Justin Marshall just...@pdmnet.net wrote: Hi, I have a quick question re: the fast track feature that was recently added to RouterOS. I have a customer that has a Mikrotik 951 router set up as a Home AP/router. I've also put some mangle rules in place to prioritize traffic for VOIP. Are the fast track rules that go into /ip firewall filter going to have an impact on the mangle rules in any way? Here's an export of the /ip filrewall: /ip firewall filter add chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp src-address-list=management-servers add action=drop chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp add action=fasttrack-connection chain=forward connection-state=established,related add chain=forward connection-state=established,related add action=drop chain=forward connection-state=invalid /ip firewall mangle add action=add-src-to-address-list address-list=SIPPHONE address-list-timeout=1h chain=forward comment=\ ** SIPQOS Version 1.1 ** Capture SIP traffic from phones dst-port=5060-5061 protocol=udp src-address-list=LANIPSPACE add action=add-src-to-address-list address-list=SIPPHONE address-list-timeout=1h chain=forward comment=\ ** SIPQOS Version 1.1 ** Capture RTP traffic from phones dst-port=1-2 protocol=udp src-address-list=LANIPSPACE add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark SIP traffic from phones new-packet-mark=sip-UP passthrough=no \ src-address-list=SIPPHONE add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark SIP traffic to phones dst-address-list=SIPPHONE new-packet-mark=sip-DOWN \ passthrough=no add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark OTHER traffic from LAN new-packet-mark=other-UP passthrough=no \ src-address-list=LANIPSPACE add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark OTHER traffic to LAN dst-address-list=LANIPSPACE new-packet-mark=\ other-DOWN passthrough=no /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=8292 protocol=tcp to-addresses=192.168.1.50 to-ports=8292 add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=80 protocol=tcp to-addresses=192.168.1.180 to-ports=80 add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=4520-4524 protocol=tcp to-addresses=192.168.1.180 to-ports=4520-4524 Thanks, Justin just...@pdmnet.netmailto:just...@pdmnet.net -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/9799ace9/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/4795e4f7/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
[Mikrotik] Fasttrack question
Hi, I have a quick question re: the fast track feature that was recently added to RouterOS. I have a customer that has a Mikrotik 951 router set up as a Home AP/router. I've also put some mangle rules in place to prioritize traffic for VOIP. Are the fast track rules that go into /ip firewall filter going to have an impact on the mangle rules in any way? Here's an export of the /ip filrewall: /ip firewall filter add chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp src-address-list=management-servers add action=drop chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp add action=fasttrack-connection chain=forward connection-state=established,related add chain=forward connection-state=established,related add action=drop chain=forward connection-state=invalid /ip firewall mangle add action=add-src-to-address-list address-list=SIPPHONE address-list-timeout=1h chain=forward comment=\ ** SIPQOS Version 1.1 ** Capture SIP traffic from phones dst-port=5060-5061 protocol=udp src-address-list=LANIPSPACE add action=add-src-to-address-list address-list=SIPPHONE address-list-timeout=1h chain=forward comment=\ ** SIPQOS Version 1.1 ** Capture RTP traffic from phones dst-port=1-2 protocol=udp src-address-list=LANIPSPACE add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark SIP traffic from phones new-packet-mark=sip-UP passthrough=no \ src-address-list=SIPPHONE add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark SIP traffic to phones dst-address-list=SIPPHONE new-packet-mark=sip-DOWN \ passthrough=no add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark OTHER traffic from LAN new-packet-mark=other-UP passthrough=no \ src-address-list=LANIPSPACE add action=mark-packet chain=forward comment=** SIPQOS Version 1.1 ** Mark OTHER traffic to LAN dst-address-list=LANIPSPACE new-packet-mark=\ other-DOWN passthrough=no /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=8292 protocol=tcp to-addresses=192.168.1.50 to-ports=8292 add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=80 protocol=tcp to-addresses=192.168.1.180 to-ports=80 add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=4520-4524 protocol=tcp to-addresses=192.168.1.180 to-ports=4520-4524 Thanks, Justin just...@pdmnet.netmailto:just...@pdmnet.net -- next part -- An HTML attachment was scrubbed... URL: http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/9799ace9/attachment.html ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
