Additional routing rules with load balancing

adriandonlan · October 17, 2018, 11:59am

Hi
I have already setup load balancing between my to WAN links and it is working great. What I now need is to direct certain traffic to a specific WAN link, what is the best way of doing this? What I mean is do I add another mangle rule and do a jump to the connection mark and if so do I add it before the mangle rules or is there a better way of doing it? At the moment I am not so worried about load balancing this traffic but that would be nice later.

So my rules are:
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.x.x/24 in-interface=
bridge1
add action=accept chain=prerouting dst-address=217.30.x.x/29 in-interface=
bridge1
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=BTInfinity new-connection-mark=BTInfinity_conn passthrough=
yes
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=BTLeased new-connection-mark=BTLeased_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=bridge1 new-connection-mark=
BTInfinity_conn passthrough=yes per-connection-classifier=
both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=bridge1 new-connection-mark=
BTLeased_conn passthrough=yes per-connection-classifier=
both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=BTInfinity_conn
in-interface=bridge1 new-routing-mark=to_infinity passthrough=yes
add action=mark-routing chain=prerouting connection-mark=BTLeased_conn
in-interface=bridge1 new-routing-mark=to_leased passthrough=yes
add action=mark-routing chain=output connection-mark=BTInfinity_conn
new-routing-mark=to_infinity
add action=mark-routing chain=output connection-mark=BTLeased_conn
new-routing-mark=to_leased

Do I add a rule after this one
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=BTLeased new-connection-mark=BTLeased_conn passthrough=yes

such as
add action=mark-routing chain=prerouting protocol=22 connection-mark=BTLeased_conn
in-interface=bridge1 new-routing-mark=to_leased
with no passthrough
Or can I just do a jump to and jump to the leased line output?

Thanks
Adrian

Note · October 17, 2018, 12:28pm

routing mark is that u need

Example that im using to set my web traffic from wan2

add action=mark-routing chain=prerouting comment=_______WEB_to_WAN2
new-routing-mark=to_WAN2 passthrough=no port=80,443 protocol=tcp
src-address=192.168.1.0/24

U must set that mangle rule 1st

Sob · October 17, 2018, 12:37pm

Either that, or let it fit with the rest:

add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=bridge1 protocol=22 new-connection-mark=BTLeased_conn passthrough=yes

I don’t think you really meant protocol=22 though.

adriandonlan · October 17, 2018, 1:10pm

OK so
add action=mark-routing chain=prerouting connection-mark=BTLeased_conn in-interface=bridge1 new-routing-mark=to_leased port = 22

added before the per-connection-classifier rule?

Note · October 17, 2018, 2:11pm

U also need to add src. address (ur LAN) and if u have problems setting the rule at the top of the mangle list… yes set it before the dividers.

adriandonlan · October 17, 2018, 3:03pm

Surely the in-interface=bridge does the same as the src. address. My bridge is setup to be connected only to my internal network?

Note · October 18, 2018, 8:13am

yes in interface is the same… didnt notice. Do u solve ur issue with that or not?