Hello guys, so here in the company we have 2 internet links, both with Fixed Public IP. I want to access a server here from the company through my Two IP. So I made two rules of mark connection marking the entry of each PPPoE and created two rules of Mark Router with these marks of connection and the ip of my internal network in the Scr-Address tab. Everything was working, and I ended up not using it for a while and now that I went to use it is not working anymore, what was done was updated the version of RB only. Now looking at my mangle table, there is a count of packets in the connection mark, but in the route mark it is zeroed. The connection mark of Link1 works perfectly, only the two does not, if someone can help me.
No wonder that your “Mark Link2 Out” rule never counts, as you refer to connection-mark=Link2-Con (single n in the end) in that rule, while the rule assigning the connection-mark to the traffic coming in via in-interface=PPPoE-Ampernet assigns a connection mark Link2-Conn (double n in the end).
I am confused by your reaction. Are you saying that the connection mark value set in the rule in chain output is actually correct (Link2-Conn), but nevertheless the rule doesn’t match on any packet? And that the missing n in the post before is just a copy-paste error?
Yes my rules are correct as you warned there, the problem was when copying to the notepad I ended up changing the name of the connections, which had private information and I ended up typing wrong, but everything is correct.
Imagine that in this code the missing “n” is correct
OK. In this case, I suspect that the router doesn’t actually respond to incoming packets which get the connection-mark Link2-Conn, or that it has no route to the sender of those packets in the routing table main. In the first case, something in the firewall may prevent it from responding; the explanation for the second one is more complex. Packets sent by the router itself are first routed using the routing table main; also determination of the source address for these packets is part of this process. Only if a route for the packet is found during this first step, it is handled by chain output of mangle, and if a routing-mark is assigned there, the routing is done one more time, taking the routing-mark into account. On the packet flow graph this step is called “routing adjustment”.
I don’t know if it helps you with anything, but my route table is, There is a 0.0.0.0/0 for link 1 with weight 1. There is another one for link 2 with weight 2.
There are two more routes 0.0.0.0/0 one for each route mark
So look into the firewall rules, and if you find nothing there, use /tool sniffer quick ip-address=ip.of.the.remote to see whether the router sends the response anywhere at all when you try to connect from outside to its public IP on uplink #2, or even whether the request from outside actually arrives to it. It could be that the ISP started blocking some ports during the time you weren’t actively using the setup.
