Why does one connection jump from one brand to another?

O

Oleg2021-01-21 11:47:34

Mikrotik

Oleg, 2021-01-21 11:47:34

First time I've encountered this...

/ip firewall address-list
add address=82.198.164.35 list=DITGT

Connection mark + 2 packet marks on IN and OUT interfaces for further use in the queue tree.

add action=mark-connection chain=prerouting comment=Ditgt dst-address-list=\
    DITGT new-connection-mark=dgt-conn passthrough=no
add action=mark-packet chain=forward connection-mark=dgt-conn in-interface=\
    GARANT new-packet-mark=dgt-in passthrough=no
add action=mark-packet chain=forward connection-mark=dgt-conn \
    new-packet-mark=dgt-out out-interface=GARANT passthrough=no

After (below) it there are such rules. They collect the remaining TCP connections for a separate queue.

add action=mark-connection chain=prerouting comment=OtherTCP \
    new-connection-mark=otherTCP-conn passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-mark=otherTCP-conn \
    in-interface=GARANT new-packet-mark=otherTcp-in passthrough=no
add action=mark-packet chain=forward connection-mark=otherTCP-conn \
    new-packet-mark=otherTcp-out out-interface=GARANT passthrough=no

As a result

Connection strings are stable. Brands randomly jump from one to another (dgt-conn/otherTCP-conn)

What's wrong?

Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry, 2021-01-21
@dtmse

Try adding the connection-state=new option to the rules that mark connections.