I have a dual wan setup. In need the second wan only for incoming connections. For outgoing connections I use the the first wan. So I only mangle connections and packets concerning wan2.
This is my config.
/ip firewal mangle
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=ether7-wan2 new-connection-mark=wan2_conn passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn
in-interface=ether2-master-lan1 new-routing-mark=wan2_traffic
passthrough=yes
/ip firewal nat
add action=masquerade chain=srcnat comment=“defconf: masquerade”
out-interface=ether1-ether1-pppoe-wan1
add action=masquerade chain=srcnat comment=“defconf: masquerade”
out-interface=ether7-wan2
/ip route
add distance=1 gateway=192.168.178.1 routing-mark=wan2_traffic
add distance=1 dst-address=192.168.178.0/24 gateway=192.168.178.1
routing-mark=wan2_traffic scope=10
add distance=2 gateway=192.168.178.1
/ip firewall filter
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-mark=!wan2_conn connection-state=established,related.
Like this, everything works well. As you can see I excluded wan2 traffic from fasttrack filter. This is the only way to get it working well. If I don’t exclude it, connections to wan2 are very bad and slow. So now you think wat is my problem?
The problem is that if fasttrack is not enabled on wan2 the cpu usage gets very high.
So my question is: How to get a proper working fasttrack on wan2?
Thanks in advance.