I want to mark my users traffic by IP address.
my situation is: I have one interface with public IP, I have another interface with internal IP addresses. Between them there's a Mikrotik with NATting enabled.

When I set up 2 mangles:
source addr: user IP
dest addr: "net "
and
source addr: "net"
dest addt: user IP

only the first one showed any traffic. But there was traffic with torch in both direction. This is quite logical if the packet has to appear as an incoming package at one of the interfaces to be able to mark in the mangles - in this case it does not appear because of the NAT. (well, it appears but _before_ the NATting so the packet has different dest IP addr - the public IP address)

Is this any workaround to resolve this problem? (a simpler solution than setting up another server just to do the NAT)

are you masquerading that client? i think you should mark the connection first coming from scpecific IP and going to another IP. After this is done remark these packets with some flow-mark. Now you can use this flow in queues if that was an aim.

Edgars

Seems like you need to read this:
http://www.mikrotik.com/docs/ros/2.8/ro ... t#6.54.7.2

Seems like you need to read this:
http://www.mikrotik.com/docs/ros/2.8/ro ... t#6.54.7.2

I've done. I've configured now the mangles as follows:
mangle passthrough: userIP - "net"IP , mark connection
mangle accept: connection - mark flow

But when I create a queue for this flow it shows 3-500kbit/s,
but in torch this user has only 30kbit/s out and 60kbit/s incoming traffic.

What is this additional 1-300kbit/s traffic???