Community discussions

MikroTik App
 
Pada
Member Candidate
Member Candidate
Topic Author
Posts: 150
Joined: Tue Dec 08, 2009 11:37 pm
Location: South Africa, Stellenbosch

[5.0RC1] Firewall Mangle Passthrough bug?

Thu Oct 21, 2010 9:40 pm

I have already posted this in the General Support section, but I haven't received any replies yet since I probably posted it in the wrong section: http://forum.mikrotik.com/viewtopic.php?f=2&t=45996

My problem is that after the rule matched in the Firewall : Mangle table and I've set passthrough=no, it still continues to find matches.
You can see with the packet count that even though most of the packets matched with the first rule in the custom chain, the last rule in that custom chain still picked up ALL the packets:
Image

Here's the applicable code in /ip/firewall/mangle:
add action=jump chain=prerouting disabled=no in-interface=ether5-ADSL-MWeb \
    jump-target=prerouting_internet
add action=mark-packet chain=prerouting_internet comment=\
    "Mark incoming large download packets" connection-bytes=50000-0 disabled=\
    no new-packet-mark=low-priority-in passthrough=no protocol=tcp src-port=\
    21,80
add action=mark-packet chain=prerouting_internet comment=\
    "Mark incoming small download packets" disabled=no new-packet-mark=\
    Internet-In passthrough=no protocol=tcp src-port=21,80
add action=mark-packet chain=prerouting_internet comment=\
    "Mark incoming newshost packets" disabled=no new-packet-mark=\
    low-priority-in passthrough=no protocol=tcp src-port=119
add action=mark-packet chain=prerouting_internet comment=\
    "Mark incoming game packets" disabled=no new-packet-mark=Game-In \
    passthrough=no protocol=udp src-port=27005-27020,27215,28015-28020
add action=mark-packet chain=prerouting_internet comment=\
    "Mark incoming game packets" disabled=no new-packet-mark=Game-In \
    passthrough=no protocol=tcp src-port=6110-6119
add action=mark-packet chain=prerouting_internet comment=\
    "Mark incoming Steam packets" disabled=no new-packet-mark=Steam-In \
    passthrough=no protocol=udp src-port=27025-27050
add action=mark-packet chain=prerouting_internet comment=\
    "Mark incoming Steam packets" disabled=no new-packet-mark=Steam-In \
    passthrough=no protocol=tcp src-port=27025-27050
add action=mark-packet chain=prerouting_internet comment=\
    "Mark incoming Internet packets" disabled=no new-packet-mark=\
    low-priority-in passthrough=no
As a workaround, which is definitely not ideal, I have set the packet-mark=no-mark in the rules.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: [5.0RC1] Firewall Mangle Passthrough bug?

Sat Oct 23, 2010 3:32 am

MT Staff already answered, that it's a 'feature' with marks and 'passthrough'. wait for RC2 - it was fixed there
 
Pada
Member Candidate
Member Candidate
Topic Author
Posts: 150
Joined: Tue Dec 08, 2009 11:37 pm
Location: South Africa, Stellenbosch

Re: [5.0RC1] Firewall Mangle Passthrough bug?

Sat Oct 23, 2010 5:42 am

Thank you Chupaka. I didn't know about this "feature".

I can't wait for RC2 :)
 
fmenard123
Member Candidate
Member Candidate
Posts: 100
Joined: Sat Aug 02, 2008 6:43 am

Re: [5.0RC1] Firewall Mangle Passthrough bug?

Thu Oct 28, 2010 1:31 pm

What's new in 5.0rc2 (2010-Oct-27 16:20):
*) wireless nv2 - encryption support;
*) tool fetch - support ftp STOR;
*) ospf - fixed crash when working with external LSA that contain
forwarding addess;
*) ipsec - supports NAT-T drafts;
*) ipsec - added debug logging, to maintain same log verbosity as before with
'ipsec' topic now use topics 'ipsec,debug,!packet';
*) ipsec - make it work with EoIP, GRE, PPTP and L2TP;
*) support for Atheros AR9271 wireless chip;
*) added support for more Intel 82575/82576 PCI-Express Gigabit Ethernet cards;
*) added support for idle detection on RB1xx/RB5xx in /tool profile;
*) fixed Wireless manual tx power configuration for 11n rates in WinBox;
*) fixed torch;


So I have a question:

It appears not to be Mikrotik's policy to acknowledge every fix done in their release notes.

This makes it hard to keep track of bugs acknowledged, then fixed, but then not noted to be fixed.

If it was me, I would add another line to the release notes....

*) other small fixes.

Then again, I would also have the same question - what are they ...

Any opinion ?

F.

Who is online

Users browsing this forum: leechiing and 17 guests