Routing Tables on Hap AC2

ToTheCLI · Wed Apr 10, 2024 5:18 pm

I can not get mangle to work on hap ac2 with routing marks if I enable the mangle rules no ping goes through, tried 7.13.5-7.15b9 none worked. following is config pppoe client receives internet only with mangle rules disabled.

Config.txt

/routing table
add disabled=no fib name=WAN1
add disabled=no fib name=WAN2
/ip firewall connection tracking
set enabled=yes udp-timeout=10s
/ip settings
set accept-redirects=yes accept-source-route=yes allow-fast-path=no \
    tcp-syncookies=yes
/interface pppoe-server server
add disabled=no interface=ether5 one-session-per-host=yes service-name=\
    service1
/ip dhcp-client
add !dhcp-options interface=ether1 use-peer-dns=no use-peer-ntp=no
add default-route-distance=2 !dhcp-options interface=ether2 use-peer-dns=no \
    use-peer-ntp=no
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new in-interface=ether1 new-connection-mark=ToWAN1 \
    passthrough=yes
add action=mark-routing chain=output connection-mark=ToWAN1 new-routing-mark=\
    WAN1 passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new in-interface=ether2 new-connection-mark=ToWAN2 \
    passthrough=yes
add action=mark-routing chain=output connection-mark=ToWAN2 new-routing-mark=\
    WAN2 passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new in-interface-list=ppp new-connection-mark=ToWAN1 \
    passthrough=yes per-connection-classifier=src-address:2/0
add action=mark-routing chain=prerouting connection-mark=ToWAN1 \
    in-interface-list=ppp new-routing-mark=WAN1 passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new in-interface-list=ppp new-connection-mark=ToWAN2 \
    passthrough=yes per-connection-classifier=src-address:2/1
add action=mark-routing chain=prerouting connection-mark=ToWAN2 \
    in-interface-list=ppp new-routing-mark=WAN2 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether1 \
    routing-table=WAN1 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether2 \
    routing-table=WAN2 scope=30 suppress-hw-offload=no target-scope=10

llamajaja · Wed Apr 10, 2024 6:16 pm

you are missing a manual route for WAN1 as you opted to use default route on WAN2 only??? ( but not visible ip dhcp client for wan1 )

/interface list member
add interface=ether2 list=WAN
add interface=ether1 list=WAN
add interface=ether3 list=LAN
add interface=<pppoe-1111> list=ppp
add interface=service1 list=ppp

mangle rules: SIMPLIFY to the below.............
/ip firewall mangle
add action=mark-connection chain=forward connection-mark=no-mark in-interface-list=ppp \
new-connection-mark=ToWAN1 dst-address-type=!local \
passthrough=yes per-connection-classifier=src-address:2/0
add action=mark-routing chain=prerouting connection-mark=ToWAN1 \
new-routing-mark=WAN1 passthrough=no
add action=mark-connection chain=forward connection-mark=no-mark in-interface-list=ppp \
new-connection-mark=ToWAN2 dst-address-type=!local \
passthrough=yes per-connection-classifier=src-address:2/1
add action=mark-routing chain=prerouting connection-mark=ToWAN2 \
new-routing-mark=WAN2 passthrough=no

ToTheCLI · Wed Apr 10, 2024 6:58 pm

Thanks for the quick response
When pinging through either interface from tools ping I get a response, whenever I enable mangle even your edited ones I don't pass pings from pppoe client connected to pppoe server on mikrotik, so the issue is what is going on with the routing marks and mangle on arm!!!

llamajaja · Wed Apr 10, 2024 7:23 pm

Probably we are not handling the pppoe properly in some way not sure if the issue is ppp profile or pppoe server........

Routing Tables on Hap AC2

Routing Tables on Hap AC2

Re: Routing Tables on Hap AC2

Re: Routing Tables on Hap AC2

Re: Routing Tables on Hap AC2

Who is online