Hi all,

I've got a RB411 with a basic configuration (two virtual APs bridged to ether1). I want to send all traffic from one virtual AP to a transparent web proxy. I've got it nearly working the way I want, but I'm running into a problem I can't figure out.

On the bridge filter tab I'm marking all the packets from the one virtual AP, and I've got a dst-nat rule in the firewall NAT to look for those packet marks and forward to the proxy server, but it never sees any traffic.

The dst-nat rule works just fine if I turn off the packet mark criteria. I've also tried making packet mark rules in the firewall Mangle tab on the input, prerouting, and forward chains, but none of the rules ever see any traffic.

Any ideas on how I could make this connect?

Edit: Forgot to mention, it's running v5.11

Edit2: Not exactly sure why this fixed it, but after turning the Use IP Firewall option in the bridge off and on again it started marking the packets through the firewall. Also, for the firewall rules I ended up using the In. Bridge Port rule instead of the In. Interface because all the packets were showing the bridge as their incoming interface.