I have the following firewall mangle rules for a dual wan configuration. The four bold and underlined rules are disabled. Can anyone tell me the meaning of these commands or how to know exactly what they do? The dual wan works good with these commands enabled or disabled. I understand all of the other rules and what they do.

dec/30/2013 19:40:03 by RouterOS 6.7

software id =

/ip firewall mangle
add chain=prerouting comment=“1. 1WAN” dst-address=192.168.X.X/24
in-interface=3LAN
add chain=prerouting comment=“2. 2WAN” dst-address=192.168.Y.Y/24
in-interface=3LAN
add action=mark-connection chain=input comment=“3 - WAN 1” disabled=yes
in-interface=1WANcon new-connection-mark=WAN1_conn passthrough=no
add action=mark-connection chain=input comment=“4 - WAN 2” disabled=yes
in-interface=2WANwel new-connection-mark=WAN2_conn passthrough=no
add action=mark-routing chain=output comment=8 connection-mark=WAN1_conn
disabled=yes new-routing-mark=to_WAN1 passthrough=no
add action=mark-routing chain=output comment=9 connection-mark=WAN2_conn
disabled=yes new-routing-mark=to_WAN2 passthrough=no
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=3LAN new-connection-mark=WAN1_conn
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=3LAN new-connection-mark=WAN2_conn
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn
in-interface=3LAN new-routing-mark=to_WAN1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN2_conn
in-interface=3LAN new-routing-mark=to_WAN2 passthrough=no

These two rules are on the input chain, so they will mark traffic destined for the router, but not passing through it. The first rule marks traffic coming in on the interface 1WANcon with the connection mark WAN1_conn. The second rule Marks traffic coming in on the interface 2WANwel with the connection mark WAN2_conn. Connection marks can be useful for implementing other rules. Once you’ve marked the connection, then you can simply use the connection mark as a criterion for your other rules, rather than duplicating the matching process.

These rules are on the output chain, and so will apply onto traffic originating from the router. They are applying routing marks to the traffic which has been marked by the previous connection marks discussed above. The routing marks can be used as criteria in routes to make certain routing rules apply only to specifically marked traffic.

These rules probably work in conjunction with some special route rules (see IP > Routes) to ensure that connections to the router from one of the WAN connections are returned on the same WAN connection.

Owen, thanks for the information.

Not a problem. Glad to help!