I found an issue involving port forwarding. I have a fw4 rule on the router like:
config redirect
option target 'DNAT'
option name 'Redacted'
option src 'wan'
option dest_ip '192.168.1.5'
option dest 'lan'
list proto 'tcp'
list proto 'udp'
option dest_port '55550'
option src_dport '55550'
On my Linux server I have an nft rule like:
table inet filter {
chain output {
type filter hook output priority filter; policy accept;
meta skuid 1111 ip dscp set cs1
}
}
With the port forwarding rule disabled all download and upload traffic from the user is marked CS1 but I have to add ‘established’ or remove ‘ct state’ entirely to get it to work with the port forwarding rule enabled.
# Does not work with my setup and port forwarding
oifname wan ct state new,untracked goto classify-and-store-dscp
# Both of these commands work
oifname wan ct state new,untracked,established goto classify-and-store-dscp
oifname wan goto classify-and-store-dscp