Hello.
I have a simple default config: wan-(nat)-bridge(ether,wlan)
I try to mark all packets to bridge port (wlan).
I do it in bridge src-nat chain.
I have “use-ip-firewall” checked.
“Packet flow scheme” say to me, that next hop will be “Postrouting” ( http://wiki.mikrotik.com/wiki/Manual:Packet_Flow_v6 )
But in Postrouting i do not see my marked packets.
Why? Is it bug?
ps: When i mark packets which coming from bridge port (in bridge dst-nat chain), i see every marked packet in postrouting. But dst-nat chain placed in other part “packet flow diagram”.
pps: Usage “out-bridge-port” in mangle is not working too. But “in-bridge-port” working fine.
[greek@GreekRT] > interface bridge nat export
#
/interface bridge nat
add action=mark-packet chain=srcnat new-packet-mark=in-src-nat out-interface=wlan1
[greek@GreekRT] > ip firewall mangle export
#
/ip firewall mangle
add chain=postrouting packet-mark=in-src-nat
[greek@GreekRT] >
[greek@GreekRT] > interface bridge nat print stats; ip firewall mangle print stats ;
Flags: X - disabled, I - invalid, D - dynamic
# CHAIN ACTION BYTES PACKETS
1 srcnat mark-packet 447634 2013
Flags: X - disabled, I - invalid, D - dynamic
# CHAIN ACTION BYTES PACKETS
0 postrouting accept 9 149 63
[greek@GreekRT] > interface bridge nat reset-counters-all; ip firewall mangle reset-counters-all; delay 10;
[greek@GreekRT] >
[greek@GreekRT] > interface bridge nat print stats; ip firewall mangle print stats ;
Flags: X - disabled, I - invalid, D - dynamic
# CHAIN ACTION BYTES PACKETS
1 srcnat mark-packet 1079160 992
Flags: X - disabled, I - invalid, D - dynamic
# CHAIN ACTION BYTES PACKETS
0 postrouting accept 3 708 15
That 15 packets is multicast traffic from on port of bridge to another.
I was test this scheme on three different routers. Is it bug?
