Hello,
I would like to request that someone with mangle experience takes a quick look at my mangle config and let me know what tha problem is.
I am working on a lab that will allow me to finish the setup of a client but it seems i am doing something wrong.
In the following example i just want my computer (192.168.100.150) to pass all traffic through ISP1. I have placed my connection marks but for some reason
i cannot comprehend it keeps passing through ISP2.
I would really appreciate the feedback as to why this is happening.
/interface ethernet
set [ find default-name=ether1 ] name=01-WAN1
set [ find default-name=ether2 ] name=02-LAN
set [ find default-name=ether3 ] master-port=02-LAN name=03-LAN
set [ find default-name=ether4 ] master-port=02-LAN name=04-LAN
set [ find default-name=ether5 ] loop-protect=off name=05-WAN2
/ip neighbor discovery
set "01-WAN1" discover=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=default-dhcp ranges=192.168.100.10-192.168.100.150
/ip dhcp-server
add address-pool=default-dhcp always-broadcast=yes authoritative=yes disabled=\
no interface=02-LAN name=master_dhcp
/ip address
add address=192.168.100.254/24 comment="default configuration" interface=02-LAN \
network=192.168.100.0
add address=10.111.0.1/24 comment="OTE HOME GATEWAY" interface=01-WAN1 network=\
10.111.0.0
add address=10.112.0.1/24 comment="FORTHNET NEIBOUR" interface=05-WAN2 network=\
10.112.0.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
01-WAN1
/ip dhcp-server lease
add address=192.168.100.5 client-id=Kodi mac-address=10:00:00:34:EB:57 server=\
master_dhcp
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.100.254 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,10.112.0.2,10.111.0.2,8.8.4.4
/ip dns static
add address=10.112.0.1 name=router
/ip firewall mangle
add action=mark-connection chain=input connection-state=new in-interface=\
01-WAN1 new-connection-mark=from_ISP1 passthrough=no
add action=mark-connection chain=input connection-state=new in-interface=\
05-WAN2 new-connection-mark=from_ISP2 passthrough=no
add action=mark-routing chain=output connection-mark=from_ISP1 \
new-routing-mark=to_ISP1 passthrough=no
add action=mark-routing chain=output connection-mark=from_ISP2 \
new-routing-mark=to_ISP2 passthrough=no
add action=accept chain=prerouting dst-address=10.111.0.0/24 in-interface=\
02-LAN
add action=accept chain=prerouting dst-address=10.112.0.0/24 in-interface=\
02-LAN
add action=mark-connection chain=prerouting connection-mark=no-mark \
connection-state=established,new in-interface=01-WAN1 new-connection-mark=\
from_ISP1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
connection-state=established,new in-interface=05-WAN2 new-connection-mark=\
from_ISP2 passthrough=yes
add action=mark-connection chain=prerouting comment="PRE-PCC 1" \
connection-mark=no-mark connection-state="" in-interface=02-LAN \
new-connection-mark=to_ISP1 passthrough=yes src-address=192.168.100.150
add action=mark-connection chain=prerouting comment="PCC 1" connection-mark=\
no-mark connection-state=new dst-address-type=!local in-interface=02-LAN \
new-connection-mark=to_ISP1 passthrough=yes per-connection-classifier=\
src-address:2/0
add action=mark-connection chain=prerouting comment="PCC 2" connection-state=\
new dst-address-type=!local in-interface=02-LAN new-connection-mark=to_ISP2 \
packet-mark=no-mark passthrough=yes per-connection-classifier=\
src-address:2/1
add action=mark-routing chain=prerouting connection-mark=to_ISP1 in-interface=\
02-LAN new-routing-mark=to_ISP1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=to_ISP2 in-interface=\
02-LAN new-routing-mark=to_ISP2 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=01-WAN1
add action=masquerade chain=srcnat out-interface=05-WAN2
add action=dst-nat chain=dstnat dst-port=1194 in-interface=01-WAN1 protocol=udp \
to-addresses=192.168.100.253 to-ports=1194
/ip route
add check-gateway=ping distance=10 gateway=10.111.0.2 routing-mark=to_ISP1
add disabled=yes distance=10 dst-address=8.8.8.8/32 gateway=10.111.0.2 \
routing-mark=to_ISP1
add check-gateway=ping distance=10 gateway=10.112.0.2 routing-mark=to_ISP2
add disabled=yes distance=10 dst-address=8.8.4.4/32 gateway=10.112.0.2 \
routing-mark=to_ISP2