I use interface routing now for an interface, the interface has a public IP range from the ISP xx.xx.xx.160/28
right now any data coming in that subnet/interface goes to clients no problem, and to get the data back out on the same interface I set up a routing mark marking all data from my clients in that subnet with routing mark “route2”
Inssomniak -
Policy based routing does work, you just have to mark the connections properly…
First mark ‘new-connections’ , mark connections, mark related-connections (these are connection status), coming IN the interface you desire to do this on, finally use the connection mark to add a routing mark. Then in Route / Rules, make a rule (before the default one that says src-addr=0.0.0.0/0 dst-addr=0.0.0.0/0 action=lookup table=main) and put an entry that says routing-mark=x action=lookup table=the table you created to do interface routing. Create a table with the correct route if a connection has ‘the’ routing mark…
Now this will ONLY send traffic out the interface that the connections came in on. It will not route traffic out the above interface if the connection is STARTED by the client. That will take your ‘normal’ routing policy - whatever that is.
What I ended up doing was marking based on subnet coming from local interface (I have 2 /28s on the local WLAN interface that are public Ips), so I stuck a routing mark on any address in the subnet using an address list, and new connections all went out the interface no problem, all related too.. my problem was that no two computers in the those subnets could talk to each other (they were on the same internal network!), so I had an address list of all my IP address for some other filter rule, and if dst address was a local address in local-addr list to follow the regular routing policy.. (no mark!) .. (dst-address “not” local-addr)
Works great! Ya just have to maintain an address list of your local ip’s, but no big deal.