Hi there,
I have been battling with this all day so I hope someone can point me in the right direction.
I am trying to configure a dual WAN setup 1 static ip (Leased Line) on ether1 and one PPPoE connection with dynamic IP on ether2.
I have had this type of config working fine with 3 PPPoE links I am now trying to replace this with a nice leased line and a cheap resendential fiber connection.
This is the scenario
I want to route all traffic destined to our line of business servers in the cloud (Based in an address list) via one connection leased line
All other traffic should use the other connection. In the situation where one line goes down then all traffic should route through the working connection.
This is the config I have (slightly simplified to remove all the other config)
ether1 is ISP1 (Static IP)
ISP2 is PPPoE client over ether2
/ip firewall mangle
Mark any inbound connections via NAT to send stuff back the same way
add action=mark-connection chain=prerouting comment="Mark New Traffic Coming from ISP1" connection-mark=no-mark in-interface=ether1 new-connection-mark=CM_ISP1
add action=mark-connection chain=prerouting comment="Mark New Traffic Coming from ISP2" connection-mark=no-mark in-interface=ISP2 new-connection-mark=CM_ISP2
Mark Internal Connections destination based on address list
add action=mark-connection chain=prerouting comment="Policy Routing Rule to Send Traffic from LAN to our servers via ISP1 " connection-mark=no-mark dst-address-list=
external-servers dst-address-type=!local in-interface=CLIENTS new-connection-mark=CM_ISP1 src-address-list=LAN
add action=mark-connection chain=prerouting comment="Policy Routing Rule to send all other web traffic to ISP2" connection-mark=no-mark dst-address-list=!external-servers
dst-address-type=!local in-interface=CLIENTS new-connection-mark=CM_ISP2
Add Routing Marks Based on Connection Marks
add action=mark-routing chain=prerouting comment="Rule to add ISP1 Routing Mark to connections Marked as CM_ISP1" connection-mark=CM_ISP1 new-routing-mark=ISP1
add action=mark-routing chain=prerouting comment="Rule to add ISP2 Routing Mark to connections Marked as CM_ISP2" connection-mark=CM_ISP2 new-routing-mark=ISP2
Mark any outbound traffic from the router itself (e.g. for SMTP etc)
add action=mark-routing chain=output connection-mark=CM_ISP1 new-routing-mark=ISP1
add action=mark-routing chain=output connection-mark=CM_ISP2 new-routing-mark=ISP2
Add Primary Routes for Marked Traffic
/ip route
add check-gateway=ping distance=1 gateway=myg.ate.way.IP routing-mark=ISP1
add check-gateway=ping distance=1 gateway=ISP2 routing-mark=ISP2
Add Backup Routes for Marked Traffic (Reverse of Primary)
/ip route
add check-gateway=ping distance=10 gateway=myg.ate.way.IP routing-mark=ISP2
add check-gateway=ping distance=10 gateway=ISP2 routing-mark=ISP1
As an example I can trace route to machines that are on the external_servers list fine but when I try to hit servers not on that list the traffic seems to fall into a black hole. When I test from the relevant interface using the ping tools it works fine e.g the connections are up and working fine.
Anyone got any ideas ?