I added this mangle rule:
add action=mark-connection chain=forward disabled=no \
new-connection-mark=SYSTEM-CONN passthrough=yes protocol=tcp \
Then I mark the packets to fall in an high priority queue.
Michael, Rodolfo: I have a question on this; I mangle on the prerouting chain since I mangle client traffic for shaping in the forward chain.
Should I now mangle these tcp flags in the public or the local interface? I only see traffic on the local interface though...
Then, would it not be enough to mark the packages only? The flags state belong to a connection I believe, by marking the connection are we now not marking the whole tcp connection? And thus ALL tcp traffic gets the mark and following queue. This would be unwanted?
I am still trying to fine tune my Qos and my eye fell on this topic with this new info.
Any further comment is very appreciated.