Butch Evans wrote:
The easiest way to handle this is based on either the
sip_provider_customers OR the sip_provider_servers list. Try something
like:
/ip firewall mangle
add chain=forward dst-address-list=sip_provider_servers \
action=change-dscp new-dscp=46 passthrough=yes
add chain=forward src-address-list=sip_provider_servers \
action=change-dscp new-dscp=46 passthrough=yes
This way, all traffic to/from the servers are changed. You should be
able to do the same with the customers address list if you like. OR add
the customers list to the above rules as src where servers is dst and as
dst where servers is src. Generally, I'd be more likely to use
connection-tracking as well.
Butch,
The only difference I see between your example and what we currently
have in place that did but now does not work is the chain statement. We
have prerouting and you suggested forward. I've tried adding your
suggested rules to the top of the mangle section (both server and
customer address lists) and I am seeing matches (as I did before) in
"print stats" but still nothing inbound being classified in the Canopy
gear. I've looked at multiple APs/SMs that were working and are now not,
just to make sure I'm not dealing with a bum AP or something.
Are the following statements needed?
add action=mark-connection chain=prerouting disabled=no
dst-address-list=sip_provider_servers new-connection-mark=centrix
passthrough=yes src-address-list=sip_provider_customers
add action=mark-connection chain=prerouting disabled=no
dst-address-list=sip_provider_customers new-connection-mark=centrix
passthrough=yes src-address-list=sip_provider_servers
add action=mark-packet chain=prerouting connection-mark=sip_provider
disabled=no new-packet-mark=sip_provider passthrough=no
I've disabled the above but it had no positive effect on the desired
outcome.
Connection tracking is enabled.
dylan@rb1100] /ip firewall connection tracking> print
enabled: yes
tcp-syn-sent-timeout: 5s
tcp-syn-received-timeout: 5s
tcp-established-timeout: 1d
tcp-fin-wait-timeout: 10s
tcp-close-wait-timeout: 10s
tcp-last-ack-timeout: 10s
tcp-time-wait-timeout: 10s
tcp-close-timeout: 10s
udp-timeout: 10s
udp-stream-timeout: 3m
icmp-timeout: 10s
generic-timeout: 10m
tcp-syncookie: no
max-entries: 524288
total-entries: 97743
Dylan
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
