2DSL with pcc

in firewall mangal the rule
action=accept chain=prerouting comment=“” disabled=no dst-address=192.168.2.0/24 in-interface=Local
dont count (dont work)


/ip firewall mangle
add action=mark-connection chain=input comment=“” disabled=no in-interface=wlan1 new-connection-mark=wlan1_conn passthrough=yes
add action=mark-connection chain=input comment=“” disabled=no in-interface=wlan2 new-connection-mark=wlan2_conn passthrough=yes
add action=mark-routing chain=output comment=“” connection-mark=wlan1_conn disabled=no new-routing-mark=to_wlan1 passthrough=yes
add action=mark-routing chain=output comment=“” connection-mark=wlan2_conn disabled=no new-routing-mark=to_wlan2 passthrough=yes
add action=accept chain=prerouting comment=“” disabled=no dst-address=192.168.2.0/24 in-interface=Local
add action=accept chain=prerouting comment=“” disabled=no dst-address=192.168.1.0/24 in-interface=Local
add action=mark-connection chain=prerouting comment=“” disabled=no dst-address-type=!local in-interface=Local new-connection-mark=wlan1_conn passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting comment=“” disabled=no dst-address-type=!local in-interface=Local new-connection-mark=wlan2_conn passthrough=yes
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting comment=“” connection-mark=wlan1_conn disabled=no in-interface=Local new-routing-mark=to_wlan1 passthrough=yes
add action=mark-routing chain=prerouting comment=“” connection-mark=wlan2_conn disabled=no in-interface=Local new-routing-mark=to_wlan2 passthrough=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment=“” disabled=yes dst-port=80 protocol=tcp src-address=10.10.10.0/24 to-addresses=192.168.1.55 to-ports=3128
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=wlan1
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=wlan2


/ip route
add check-gateway=ping comment=“” disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.2 scope=30 target-scope=10
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.2 routing-mark=to_wlan2 scope=30 target-scope=10
add check-gateway=ping comment=“” disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_wlan1 scope=30 target-scope=10

/ip address
add address=192.168.1.249/24 broadcast=192.168.1.255 comment=“” disabled=no interface=wlan1 network=192.168.1.0
add address=10.10.10.1/24 broadcast=10.10.10.255 comment=“” disabled=no interface=Local network=10.10.10.0
add address=192.168.2.249/24 broadcast=192.168.2.255 comment=“” disabled=no interface=wlan2 network=192.168.2.0

Did clients behind the router ever try to access resources in that subnet?

How are you determining that it doesn’t work beyond watching packet counters?

my client in differnet ip addres range is that what u mean

yes and form Local interface tarffic

my client in differnet ip addres range is that what u mean

That is not what I meant. That rule only counts packets when a client behind the interface named ‘Local’ accesses an IP address within the 192.168.2.0/24 subnet. See the PCC manual for why that rule exists. Unless someone behind the ‘Local’ interface tried to, for example, ping 192.168.2.1 that rule wouldn’t be counting packets.

yes and form Local interface tarffic

What do the traffic interface counters have to do with that rule?

i think it work


thxxxxx