Firewall Mangle mark cases - from scratch to learn RouterOS Series 10

Enterprise 2019-08-11 16:43:38 views: null

This chapter focuses on how to connect labeling and package labeling, queue Queue can be used to make calls.

So how to package labeling, we first understand your own needs.

1. Mark connection and DNS packet (bidirectional)

2. Mark 192.168.11.0/24 segment we all connections (two-way)

First, the operation flow:

1. Mark DNS connection upload

So this time we first open mangle, click create a new rule, catena alberghiera choose Prerouting

webp

In which the operation flag, connecting labeled DNS_U_conn, and add notes for "upload the DNS chain"


webp

At this point we have completed the internal network connection mark request to send DNS PPPOE dial-up.


2. upload connection mark becomes DNS packet marking

Click Add New, and then create a rule. Chain election Prerouting


webp

In operation inside the marked packet marking. Marked DNS_U_P, and add notes as "DNS upload package"!


webp

After completing the upload package labeling, we need to continue to remove the match passthrough, save CPU resources.

This time we are done with the connection to upload DNS packet marking and labeling of the.


3. Mark DNS download link.

Mangle a new connection, the selection forward


webp

In which the operation flag, connecting labeled DNS_D_conn, and add notes for "Download the DNS chain"


webp

4. The DNS packet marking upload connection mark becomes

Mangle a new connection,


webp

In operation inside the marked packet marking. Marked DNS_D_P, and add notes as "DNS download package"!


Second, all of the connections labeled

According to the above operation, four mangle create additional rules

Upload mark the connection as ALL_U_conn, retention continues to match

Upload packet is marked ALL_U_P, continues to match removed

Download link labeled ALL_D_conn, retention continues to match

Download package marked ALL_D_P, continues to match removed


webp

Asked Questions:

1 upload with prerouting, Download forward, which is why?

Because when you need to upload through the gateway NAT, form a mapping table. Download time directly send back data through NAT mapping table, take the high road, does not require a gateway!


2. This way, then call QUEUE queue processing time would not limit the speed of Ether4?

Yes, so we can Ether4 a Bridge to interface to hang above the speed limit will not Ether4 of the present embodiment is connected only to be exemplary tags and packet marking.


Guess you like

Origin blog.51cto.com/13796759/2428508
Recommended
Ranking
PAT Level B 1094 Google's Recruitment (20 points) Python
Old Wei wins the offer to take you to learn --- brush (integer number 31. 1 appears) title series
Bilibili: Barrage Screening: Baijiaxing: Import XML directly
개체 배열 중복 제거
matplotlib—patches.Circle
[Observation] It is also a cordless vacuum cleaner, why does Dyson V10 dare to sell 4990 yuan?
0410
Apache Kafka message delivery reliability analysis
How hotel occupancy records inquiry etj
Essential knowledge for getting started with speculating in spot silver
Daily
More
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)

Code World

© 2018 codetd.com