Hi,
recently I got my 2nd WAN link and polishing my RB2011 config since.
One of the topics I’m not sure about is marking connections coming from the WAN links so the replies go back to the same link.
All articles I found look pretty straightforward while I haven’t found them working for me.
What I’ve got now:
/ip firewall mangle
add action=mark-routing chain=prerouting comment="route back through DSL" connection-mark=DSL-in [b]in-interface=!ether1-DSL[/b] \
new-routing-mark=DSL passthrough=no
add action=mark-connection chain=forward comment="mark incoming DSL connection" in-interface=ether1-DSL new-connection-mark=DSL-in \
passthrough=yes
As you can see I simply mark the connection and use that mark later to put a routing mark. I’ve marked one addition I had to do in bold because otherwise it seemed that packets from external to internal (once marked most likely after the first packet) did not arrive internally but were directly routed out again to the incoming interface.
So is my solution above correct (it actually works) or what did I misunderstand from the different tutorials and posts in the forum?
Edit: marking bold is not visible in code apparently. What I added is in-interface=!ether1-DSL to make sure packets even when connection-marked are not routing-marked when arriving from external.
). No real problem in your case, but it might be simpler to use routing rule intead of your interface exception: