Dual WAN forwarding routes connection drop

Hey everyone! Just using a hap lite rb941-2nd as a load balancer.

After changing to 7.1.3 version I’m having troubles marking the connection to route through one, or another ISP (eth1&eth2 interfaces to this case). This would be necessary for later bandwidth management over queues tree.

Having ip/firewall/mangle rule:

chain=prerouting action=mark-routing new-routing-mark=to_wan2 passthrough=no dst-address=126.18.22.26 log=no log-prefix=""

Traffic is forwarded just great. But for what I’ve read about traffic marking and later queueing, I would have to mark the connection, and packets as well:

chain=prerouting action=mark-connection new-connection-mark=test_mark passthrough=yes dst-address=126.18.22.26 log=no log-prefix="" 
chain=prerouting action=mark-routing new-routing-mark=to_wan2 passthrough=no connection-mark=test_mark log=no log-prefix="

This immediately ends up with loss of communication to 126.18.22.26 address (or whatever IP has been added to mangle).

Still can’t get what is the difference but that connection marking rule seems to be missing traffic, and then mark routing just messes things up.

Just found out MY mistake!

Marking the connection also identifies the incoming traffic, which was then, forwarded out of my network.

Ignoring the IP address as source of the traffic did the trick.

Does anyone have any better approach on this?

Foolproof shortcut is to say that no matter what, only main routing table should be used for local destinations, e.g.:

/ip route rule
add action=lookup-only-in-table dst-address=192.168.0.0/16 table=main

(or whatever you use in LAN)

What you have now is ok too, only instead of src-address=! you can use more universal src-address=, it will work with any number of servers.

Actually proceeded with queueing by packet marking only, 'cause I also have another rules filtered by ports.

Still marked the connection for statistics purpouses, but only routing marked packets.

That’d be a very much cleaner approach. Thank you!