Preventing fasttrack only on wan interface on uoloads

Hi,

I have followed the manual to enable fasttrack with the famous forward rule. Surely enough my queue stopped working. I have a queue which limits the global upload speed to my ISP because when someone uploads a large file my ping times are going up and the connections are slowing down a lot.

I still want to benefit from fasttrack connections on my LAN and during downloads. How can I prevent only the uploads on my WAN interface from being fastracked? I tried adding a specific accept rule on the WAN interface before the fastrack rule to no avail.

Here are my firewall rules:

/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=icmp
add action=accept chain=input comment=vpn protocol=ipsec-esp
add action=accept chain=input comment=vpn dst-port=500,1701,4500 protocol=udp
add action=drop chain=input in-interface-list=!LAN
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=forward connection-state=established,related,untracked
add action=accept chain=forward in-interface-list=LAN
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

/ip firewall nat
add action=masquerade chain=srcnat comment=vpn src-address=172.16.1.0/24
add action=masquerade chain=srcnat out-interface-list=WAN

Hi

Fasttracked packets bypass the mangling, hence they arrive at interface queue WITHOUT packet-mark → you need to have a queue matching “no-mark” mark.

If you still need to process some connections with priority, you MAY NOT fasttrack them. and exclude them from “forward fasttrack” rule. That way they can be mangled.

For more details see this post.

Thank you very much for your replies, I’ll look into it tonight!