Hello,
I can not handle a simple task. I’ve broken my mind, can not understand, what’s wrong.
Conditions:
- Two WANs (LTE modems):
ppp-megafon-1 - gateway dynamic, default distance = 3
lte-beeline - gateway 192.168.8.1 (dynamic), default distance = 4 (4 to use it as reserved channel if the first one is down) - Internal network: 192.168.88.0/24
Task:
- to route dedicated internal client (192.168.88.117) via one of WANs (lte-beeline), all other clients - via another WAN (ppp-megafon-1).
The way:
- to mark a route
/ip firewall mangle add action=mark-routing chain=prerouting \
dst-address-list=!BOGONS new-routing-mark=to_isp2 \
passthrough=no src-address=192.168.88.117
- to add route based on routing mark
/ip route add distance=2 gateway=192.168.8.1 routing-mark=to_isp2
As simple as possible, but doesn’t work correctly:
- ping works ok, packets go through right WAN
- on client (192.168.88.117) I see broken connections, TCP retransmissions, lags and so on. Wireshark’s sceen follows.
It looks like a part of packets goes in another direction. I can not undestand why.
Some packets for those connections are not marked.
I’ve tried another way to solve a task
- to mark a connection based on src-address 192.168.88.117
- to make a routing-mark based on connection-mark
- to make a route based on routing-mark
Result is the same.
Also I’ve tried to make a routing-mark based on dst-address. The same - connections are broken.
But if I make a route based on dst-address (without rouing-mark) - it works perfect. But it can not handle my task 
WANs works correctly.
If I turn off WAN-1 (ppp-megafon-1), then internet works ok for all clients (including 192.168.88.117) via WAN-2 (lte-beeline).
If I remove route based on routing-mark, then dedicated client works ok via WAN-1 (ppp-megafon-1).
If I turn on the route - connections are broken.
I will be very appriciate, if you can pick me, what I’ve missed.
Thanks in advance.
