Community discussions

 
ToBeFrank
newbie
Topic Author
Posts: 32
Joined: Mon Dec 18, 2017 7:31 pm

Why am I getting unmarked packets?

Sat Feb 10, 2018 6:29 pm

I have the following mangle rules set up:
/ip firewall mangle
add action=mark-packet chain=input in-interface=wan new-packet-mark=wan passthrough=no
add action=mark-packet chain=forward in-interface=wan new-packet-mark=wan passthrough=no
add action=mark-packet chain=forward out-interface=wan new-packet-mark=wan passthrough=no
add action=mark-packet chain=output out-interface=wan new-packet-mark=wan passthrough=no
add action=mark-packet chain=postrouting out-interface=wan new-packet-mark=wan passthrough=no
The above rules should mark any packet coming into or going out of the wan interface with a packet-mark of "wan". Note that I believe the forward/output rules with out-interface=wan are redundant with the postrouting rule, but I added them when I was seeing unmarked packets I didn't expect.

I then set up three simple queues:
/queue simple
add comment=LAN dst=192.168.0.0/16 name=lan priority=1/1 queue=ethernet-default/ethernet-default target=192.168.0.0/16
add comment=WAN max-limit=32M/914M name=wan packet-marks=wan priority=5/5 queue=upload/download target=192.168.0.0/16
add comment=Unmarked max-limit=32M/914M name=no-mark packet-marks=no-mark priority=5/5 queue=upload/download target=192.168.0.0/16
The first queue matches anything passing between subnets in my LAN, thus, only WAN packets should match the last two queues. Since all WAN packets should be marked with "wan", I expected to only see packets in the first two queues. However, I am seeing packets on the upload side of the no-mark queue as well. Why am I seeing unmarked packets?
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1740
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Why am I getting unmarked packets?

Sun Feb 11, 2018 7:39 am

try set dst=wan on 2nd and 3rd simple queues

try on 3rd simple queue removing packet marks argument

i think 1st simple queue is not necessary
 
ToBeFrank
newbie
Topic Author
Posts: 32
Joined: Mon Dec 18, 2017 7:31 pm

Re: Why am I getting unmarked packets?

Tue Feb 13, 2018 6:58 pm

try set dst=wan on 2nd and 3rd simple queues
I don't think I can do that since I want incoming WAN connections going through the queues as well, for example port forwarding.
i think 1st simple queue is not necessary
My understanding is that anything that does not go through a queue gets a default priority of 8, thus if I want LAN packets to have higher priority, I need a queue for them.

None of this answers my question, though. Why am I seeing unmarked packets, and only on the upload side?

Who is online

Users browsing this forum: No registered users and 95 guests