Is there a difference between 2.9 and 2.8 in connection tracking 
We need equal bandwidth sharing to WAN (based on IPs), which can be done by PCQs. Since we are using masquerading, the Download-PCQ, which is classified by “dst-address” has a problem, because these adresses are NATed (right?). To make this working again, we can mangle with a new-connection-mark (manual 2.9, page 372). Is it sure, that with only one mark the PCQ is able to group by dst-address equally? We don´t need shaping per connection, but per IP!
Thanks for a statement!
provide us with your mangle and queue configuration.
There are some nice examples, how you can realize, desribed situation:
http://www.mikrotik.com/docs/ros/2.9/root/queue
oh, yes.
connection tracking must be enabled. 
Dear Sergejs,
thanks for the reply. I know this document. And I know, how to mangle and to fill a pcq. The problem is, that you can´t monitor the queue for each IP.
Again: is mangling with ONE mark enough to have a pcq per ip in a masqueraded situation?
BTW: We can find a lot about connection tracking in the manual - but no explanaition how to ENABLE that. Is it simply done by using connection marks?
Best regards
ip firewall connection tracking set enabled=yes
With connection tracking enabled:
is mangling with ONE mark (for example: “user-conn”) enough to have a pcq per each user ip in a masqueraded situation? Or is ROS able to see the original destination address (needed as a grouping criteria)?