I am trying to load balance between 2 gateways. I have managed to get everything to work except. I have several access points behind the gateway I cant figure out how to connect to them remotely with the two ISPs. One minute they can be reached from ISP A then they can be reached from ISP B but not A. I used the following code to be able to always connect to the gateway on either ISP
/ ip firewall mangle
add chain=input in-interface=wlan1 action=mark-connection new-connection-mark=wlan1_conn
add chain=input in-interface=wlan2 action=mark-connection new-connection-mark=wlan2_conn
add chain=output connection-mark=wlan1_conn action=mark-routing new-routing-mark=to_wlan1
add chain=output connection-mark=wlan1_conn action=mark-routing new-routing-mark=to_wlan2
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_wlan1
add dst-address=0.0.0.0/0 gateway=10.111.0.2 routing-mark=to_wlan2
but dont now what to do for the access points.
Thanks
Try this:
/ ip firewall mangle
add chain=prerouting in-interface=wlan1 action=mark-connection new-connection-mark=wlan1_conn passthrough=yes
add chain=prerouting connection-mark=wlan1_conn action=mark-routing new-routing-mark=from_wlan1 passthrough=no
add chain=prerouting in-interface=wlan2 action=mark-connection new-connection-mark=wlan2_conn passthrough=yes
add chain=prerouting connection-mark=wlan2_conn action=mark-routing new-routing-mark=from_wlan2 passthrough=no
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=from_wlan1
add dst-address=0.0.0.0/0 gateway=10.111.0.2 routing-mark=from_wlan2
Notes:
- add the routing mark in the prerouting chain, which is run before the routing decision has been made
- your routing will not control what interface you receive traffic from but rather what interface your sending traffic out. This is the reason I changed the name of the routing mark. It may make since to to a to_ name like to_isp1 and to_isp2 rather then from_wlan1 but this only effects naming for clearity sake and not function
- You probably don’t need to mark packets from both connections… You can have a default route without specifying a connection mark for traffic from one of the interfaces and markup the packets that you want to go to another interface. The routing mark makes a route table for all packets with that mark, if no route is found for that packet then the default table is used. Thus you can be sure that the packets with that mark will use the default route that has the matcher for that routing mark