Community discussions

 
User avatar
greek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Thu Nov 04, 2010 11:37 pm
Location: Russia, 78rus

Marking packets in bridge is working?

Tue Apr 08, 2014 11:18 pm

Hello.

I have a simple default config: wan-(nat)-bridge(ether,wlan)

I try to mark all packets to bridge port (wlan).

I do it in bridge src-nat chain.
I have "use-ip-firewall" checked.
"Packet flow scheme" say to me, that next hop will be "Postrouting" ( http://wiki.mikrotik.com/wiki/Manual:Packet_Flow_v6 )
But in Postrouting i do not see my marked packets.
Why? Is it bug?

ps: When i mark packets which coming from bridge port (in bridge dst-nat chain), i see every marked packet in postrouting. But dst-nat chain placed in other part "packet flow diagram".
pps: Usage "out-bridge-port" in mangle is not working too. But "in-bridge-port" working fine.

[greek@GreekRT] > interface bridge nat export                                                                                     
#
/interface bridge nat
add action=mark-packet chain=srcnat new-packet-mark=in-src-nat out-interface=wlan1
[greek@GreekRT] > ip firewall mangle export                                                                
#
/ip firewall mangle
add chain=postrouting packet-mark=in-src-nat
[greek@GreekRT] > 
[greek@GreekRT] > interface bridge nat print stats; ip firewall mangle print stats ;
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN                                  ACTION                 BYTES         PACKETS
 1   srcnat                                  mark-packet           447634            2013
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN                                  ACTION                            BYTES         PACKETS
 0   postrouting                            accept                            9 149              63
[greek@GreekRT] > interface bridge nat reset-counters-all; ip firewall mangle reset-counters-all; delay 10;
[greek@GreekRT] > 
[greek@GreekRT] > interface bridge nat print stats; ip firewall mangle print stats ;                       
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN                                   ACTION                 BYTES         PACKETS
 1   srcnat                                   mark-packet          1079160       992
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN                                   ACTION                 BYTES         PACKETS
 0   postrouting                             accept                  3 708          15
That 15 packets is multicast traffic from on port of bridge to another.

I was test this scheme on three different routers. Is it bug?
 
User avatar
greek
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Thu Nov 04, 2010 11:37 pm
Location: Russia, 78rus

Re: Marking packets in bridge is working?

Tue Apr 15, 2014 11:02 am

Any idea?

[Ticket#2014041166000279] with no answer :(

Who is online

Users browsing this forum: No registered users and 81 guests