1. In mangle mark outgoing traffic from these users with some routing mark
2. In routes set bigger distance in existing "0.0.0.0/0" routes
3. add route with routing mark from 1. to wan1
Marking in prerouting is conveniently because covers both port forwarding (dst-nat) and input staff (ping, winbox). I think that is why it's used in wiki, so this is right approach.Actually, prerouting and input are different, and should be used for different purposes.
ip firewall nat add chain=dstnat in-interface=ether1 protocol=tcp port=80,443 to-addresses=10.254.254.3
Make all traffic from this pc go through only one wan by src-address so no load balancing for this pcI can mark port 21 but, how do mark the data coming from an unknown data port?
May be you actually dont need that setting in TP-Link. Just try to add routes as i said.и как на нем исключить мою внутреннюю сеть я хз.
It's doing its job pretty well actually.It's great that you think it did it's job, but actually it was not doing anything.
So how we should detect p2p traffic now?!) firewall - discontinued support for p2p matcher (old rules will become invalid);