I have Dual WAN load balancing & its working as intended , however I need to add routing for two ip address lists , so the ips in each of these lists will always be routed to a specific WAN interface.
How do I accomplish that ?
Current settings below :
/ip firewall mangle
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=WAN1_conn
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=WAN2_conn
add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=first
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=other
add action=accept chain=prerouting dst-address=1.1.1.0/22 in-interface=LAN
add action=accept chain=prerouting dst-address=1.1.2.0/19 in-interface=LAN
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=LAN new-routing-mark=first
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=LAN new-routing-mark=other
Sob
March 4, 2017, 12:25pm
2
Add connection-mark=no-mark condition to your existing PCC rules (to prevent them from overwriting connection marks) and then add two new connection marking rules before them, one for each list.
Thanks, I tried this , doesnt seem to be working !
add action=mark-routing chain=prerouting new-routing-mark=first passthrough=yes src-address-list=OnlyWAN1
add action=mark-routing chain=prerouting new-routing-mark=other passthrough=yes src-address-list=OnlyWAN2
add action=mark-connection chain=input connection-mark=no-mark in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input connection-mark=no-mark in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=first
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=other
add action=accept chain=prerouting dst-address=1.1.1.0/22 in-interface=LAN
add action=accept chain=prerouting dst-address=1.1.2.0/19 in-interface=LAN
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=LAN new-routing-mark=first
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=LAN new-routing-mark=other
My NAT looks like below :
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes dst-address=0.0.0.0/0 out-interface=WAN1 src-address-list=OnlyWAN1
add action=masquerade chain=srcnat disabled=yes dst-address=0.0.0.0/0 out-interface=WAN2 src-address-list=OnlyWAN2
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
Sob
March 4, 2017, 12:53pm
4
You tried something else. What I meant was to take these two rules from original config:
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=LAN \
new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=LAN \
new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
And add the new condition and two new ones like this:
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=LAN \
new-connection-mark=WAN1_conn passthrough=yes connection-mark=no-mark src-address-list=OnlyWAN1
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=LAN \
new-connection-mark=WAN2_conn passthrough=yes connection-mark=no-mark src-address-list=OnlyWAN2
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=LAN \
new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 \
connection-mark=no-mark
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=LAN \
new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 \
connection-mark=no-mark
@sob Thanks for your patience. Here is what I have now. However I still dont see the bytes increment for the new rules, although I am accessing from ips that are added to the list!
/ip firewall mangle
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=WAN1_conn
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=WAN2_conn
add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=first
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=other
add action=accept chain=prerouting dst-address=1.1.1.0/22 in-interface=LAN
add action=accept chain=prerouting dst-address=1.1.2.0/19 in-interface=LAN
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes \
src-address-list=OnlyWAN1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes \
src-address-list=OnlyWAN2
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=LAN new-routing-mark=first
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=LAN new-routing-mark=other
Oops Ignore I had to correct the IP address list , I now see it working !