Right the first ones, but not the subsequent ones - those are going to fasttrack.
I could be wrong, but I believe that's what breaks the firewall rules. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Jul 16, 2015 at 2:37 PM, Justin Marshall <just...@pdmnet.net> wrote: > Yeah, > > I had read something about it messing up queues, but couldn't find > anything about mangle. > > I still see the counters incrementing, so it's still marking packets.... > > -----Original Message----- > From: mikrotik-boun...@mail.butchevans.com [mailto: > mikrotik-boun...@mail.butchevans.com] On Behalf Of Josh Luthman > Sent: Thursday, July 16, 2015 2:31 PM > To: Mikrotik discussions > Subject: Re: [Mikrotik] Fasttrack question > > Yes. Fasttrack can break QOS stuff. They specifically warned it on their > announcement forum thread. > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Thu, Jul 16, 2015 at 2:24 PM, Justin Marshall <just...@pdmnet.net> > wrote: > > > Hi, > > > > I have a quick question re: the fast track feature that was recently > > added to RouterOS. > > > > I have a customer that has a Mikrotik 951 router set up as a Home > > AP/router. I've also put some mangle rules in place to prioritize > > traffic for VOIP. > > > > Are the fast track rules that go into /ip firewall filter going to > > have an impact on the mangle rules in any way? > > > > Here's an export of the /ip filrewall: > > > > /ip firewall filter > > add chain=input dst-port=21,22,23,80,443,8291,8728 protocol=tcp > > src-address-list=management-servers > > add action=drop chain=input dst-port=21,22,23,80,443,8291,8728 > > protocol=tcp add action=fasttrack-connection chain=forward > > connection-state=established,related > > add chain=forward connection-state=established,related > > add action=drop chain=forward connection-state=invalid /ip firewall > > mangle add action=add-src-to-address-list address-list=SIPPHONE > > address-list-timeout=1h chain=forward comment=\ > > "** SIPQOS Version 1.1 ** Capture SIP traffic from phones" > > dst-port=5060-5061 protocol=udp src-address-list=LANIPSPACE add > > action=add-src-to-address-list address-list=SIPPHONE > > address-list-timeout=1h chain=forward comment=\ > > "** SIPQOS Version 1.1 ** Capture RTP traffic from phones" > > dst-port=10000-20000 protocol=udp src-address-list=LANIPSPACE add > > action=mark-packet chain=forward comment="** SIPQOS Version 1.1 ** > > Mark SIP traffic from phones" new-packet-mark=sip-UP passthrough=no \ > > src-address-list=SIPPHONE > > add action=mark-packet chain=forward comment="** SIPQOS Version 1.1 ** > > Mark SIP traffic to phones" dst-address-list=SIPPHONE > > new-packet-mark=sip-DOWN \ > > passthrough=no > > add action=mark-packet chain=forward comment="** SIPQOS Version 1.1 ** > > Mark OTHER traffic from LAN" new-packet-mark=other-UP passthrough=no \ > > src-address-list=LANIPSPACE > > add action=mark-packet chain=forward comment="** SIPQOS Version 1.1 ** > > Mark OTHER traffic to LAN" dst-address-list=LANIPSPACE new-packet-mark=\ > > other-DOWN passthrough=no > > /ip firewall nat > > add action=masquerade chain=srcnat out-interface=ether1 add > > action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=8292 > > protocol=tcp to-addresses=192.168.1.50 to-ports=8292 add > > action=dst-nat chain=dstnat dst-address=xxx.xx.xxx.xxx dst-port=80 > > protocol=tcp to-addresses=192.168.1.180 to-ports=80 add action=dst-nat > > chain=dstnat dst-address=xxx.xx.xxx.xxx > > dst-port=4520-4524 protocol=tcp to-addresses=192.168.1.180 > > to-ports=4520-4524 > > > > Thanks, > > Justin > > just...@pdmnet.net<mailto:just...@pdmnet.net> > > > > -------------- next part -------------- An HTML attachment was > > scrubbed... > > URL: < > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/979 > > 9ace9/attachment.html > > > > > _______________________________________________ > > Mikrotik mailing list > > Mikrotik@mail.butchevans.com > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > > RouterOS > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/4795e4f7/attachment.html > > > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150716/f7f6c4ed/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
