Hi,

Connection tracking synchronization seems to be working, but i do not see the connection appear in the firewall connections list on the other router.

Scenario
router1
gateway vlan2 (vrrp master)
gateway vlan3 (vrrp backup)
router2
gateway vlan2 (vrrp backup)
gateway vlan3 (vrrp master)

vlan2 can initiate connection to vlan3
vlan3 can not initiate connection to vlan2

Description :
Before the conn. tracking sync, i had to make the first packet of each connection pass through the other router to make it acknowledge the new connection, and allow the replies to be forwarded.

With conn. tracking sync, connections from vlan2 to vlan3 are working without the routing trick, i see the connection in the list on router1 and the counter only sees the request not the replies; as expected.
But i do not see the connection in the list on the router2.

i tried to catch the replies with this as first rule in the mangle forward chain (without success) :
/ip firewall mangle add chain=forward passthrough=no action=mark-connection connection-mark=no-mark packet-mark=no-mark connection-state=established,related new-connection-mark=crosstalk

Questions :
Is this expected behavior (connection not listed on router2 ) ?

Is there any plan on making those synchronized connections visible in winbox or cli ?

Is/Will the connection mark synchronized aswell ?

Regards, Benjamin.


EDIT:
Well, the synchronized connections only works for icmp ping replies, et does not let tcp ACK pass through (not tried with udp yet).
So i still got to route the packets via the other router until the connection is recognized as established and marked.