Hi,
I have a quick question re: the fast track feature that was recently added to
RouterOS.
I have a customer that has a Mikrotik 951 router set up as a Home AP/router.
I've also put some mangle rules in place to prioritize traffic for VOIP.
Are the fast track rules that go into /ip firewall filter going to have an
impact on the mangle rules in any way?
Here's an export of the /ip filrewall:
/ip firewall filter
add chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp
src-address-list=management-servers
add action=drop chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp
add action=fasttrack-connection chain=forward
connection-state=established,related
add chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
/ip firewall mangle
add action=add-src-to-address-list address-list=SIPPHONE
address-list-timeout=1h chain=forward comment=\
"** SIPQOS Version 1.1 ** Capture SIP traffic from phones"
dst-port=5060-5061 protocol=udp src-address-list=LANIPSPACE
add action=add-src-to-address-list address-list=SIPPHONE
address-list-timeout=1h chain=forward comment=\
"** SIPQOS Version 1.1 ** Capture RTP traffic from phones"
dst-port=10000-20000 protocol=udp src-address-list=LANIPSPACE
add action=mark-packet chain=forward comment="** SIPQOS Version 1.1 ** Mark SIP
traffic from phones" new-packet-mark=sip-UP passthrough=no \
src-address-list=SIPPHONE
add action=mark-packet chain=forward comment="** SIPQOS Version 1.1 ** Mark SIP
traffic to phones" dst-address-list=SIPPHONE new-packet-mark=sip-DOWN \
passthrough=no
add action=mark-packet chain=forward comment="** SIPQOS Version 1.1 ** Mark
OTHER traffic from LAN" new-packet-mark=other-UP passthrough=no \
src-address-list=LANIPSPACE
add action=mark-packet chain=forward comment="** SIPQOS Version 1.1 ** Mark
OTHER traffic to LAN" dst-address-list=LANIPSPACE new-packet-mark=\
other-DOWN passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=8292
protocol=tcp to-addresses=192.168.1.50 to-ports=8292
add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=80
protocol=tcp to-addresses=192.168.1.180 to-ports=80
add action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=4520-4524
protocol=tcp to-addresses=192.168.1.180 to-ports=4520-4524
Thanks,
Justin
[email protected]<mailto:[email protected]>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/9799ace9/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
