When marking packets in mangle at the prerouting chain the destination NAT filters fail to see the marks.
According to the documentation, in the prerouting chain the mangle happens before the destination NAT
And indeed, it works if I use different criteria (protocol, address, etc.) for marking the packets at the Mangle Prerouting filters, but it fails with either contains or layer 7 conditions.
The packets are properly marked, as the counter increases and can also be seen in other chains (for example, at input filters), but in the destination NAT zero packets get marked, even if I put the filter at the top of the list.
This is similar to this post http://forum.mikrotik.com/viewtopic.php?f=2&t=83129