Hi,
I’m not sure if I’m doing something wrong / misunderstanding how the passthrough option works in the firewall / if it’s a bug?
I’m using a RB750 with ROS 5.0rc1.
Here’s a WinBox screen shot showing that even though the packets were marked and passthrough=no, it continued to check the next rules:
Here’s the applicable /ip firewall mangle code:
add action=jump chain=prerouting disabled=no in-interface=ether5-ADSL-MWeb \
jump-target=prerouting_internet
add action=mark-packet chain=prerouting_internet comment=\
"Mark incoming large download packets" connection-bytes=50000-0 disabled=\
no new-packet-mark=low-priority-in passthrough=no protocol=tcp src-port=\
21,80
add action=mark-packet chain=prerouting_internet comment=\
"Mark incoming small download packets" disabled=no new-packet-mark=\
Internet-In passthrough=no protocol=tcp src-port=21,80
add action=mark-packet chain=prerouting_internet comment=\
"Mark incoming newshost packets" disabled=no new-packet-mark=\
low-priority-in passthrough=no protocol=tcp src-port=119
add action=mark-packet chain=prerouting_internet comment=\
"Mark incoming game packets" disabled=no new-packet-mark=Game-In \
passthrough=no protocol=udp src-port=27005-27020,27215,28015-28020
add action=mark-packet chain=prerouting_internet comment=\
"Mark incoming game packets" disabled=no new-packet-mark=Game-In \
passthrough=no protocol=tcp src-port=6110-6119
add action=mark-packet chain=prerouting_internet comment=\
"Mark incoming Steam packets" disabled=no new-packet-mark=Steam-In \
passthrough=no protocol=udp src-port=27025-27050
add action=mark-packet chain=prerouting_internet comment=\
"Mark incoming Steam packets" disabled=no new-packet-mark=Steam-In \
passthrough=no protocol=tcp src-port=27025-27050
add action=mark-packet chain=prerouting_internet comment=\
"Mark incoming Internet packets" disabled=no new-packet-mark=\
low-priority-in passthrough=no
I can “fix” this problem by adding the packet-mark=no-mark option to all of the rules.
Thank you in advance.