I have the following mangle rules set up:
/ip firewall mangle
add action=mark-packet chain=input in-interface=wan new-packet-mark=wan passthrough=no
add action=mark-packet chain=forward in-interface=wan new-packet-mark=wan passthrough=no
add action=mark-packet chain=forward out-interface=wan new-packet-mark=wan passthrough=no
add action=mark-packet chain=output out-interface=wan new-packet-mark=wan passthrough=no
add action=mark-packet chain=postrouting out-interface=wan new-packet-mark=wan passthrough=no
The above rules should mark any packet coming into or going out of the wan interface with a packet-mark of “wan”. Note that I believe the forward/output rules with out-interface=wan are redundant with the postrouting rule, but I added them when I was seeing unmarked packets I didn’t expect.
I then set up three simple queues:
/queue simple
add comment=LAN dst=192.168.0.0/16 name=lan priority=1/1 queue=ethernet-default/ethernet-default target=192.168.0.0/16
add comment=WAN max-limit=32M/914M name=wan packet-marks=wan priority=5/5 queue=upload/download target=192.168.0.0/16
add comment=Unmarked max-limit=32M/914M name=no-mark packet-marks=no-mark priority=5/5 queue=upload/download target=192.168.0.0/16
The first queue matches anything passing between subnets in my LAN, thus, only WAN packets should match the last two queues. Since all WAN packets should be marked with “wan”, I expected to only see packets in the first two queues. However, I am seeing packets on the upload side of the no-mark queue as well. Why am I seeing unmarked packets?