I have a question, I have a Mikrotik router working as Multi WAN Failover and another mikrotik which has 1 WAN port (from the multiwan) and other LAN ports.
I am running 2 networks, I want the traffic of 1 network to pass through number 1 ISP of WAN router and also prioritize traffic for some reason. And the other network’s traffic to pass via the other 2 IPs connected to Multiwan. For this I will have to mark routing. I want to do some packet marking for queuing also, but the LAN router has only 1 WAN port which cannot differentiate which ISP its going through, so ultimately I have to do the queuing and routing on the WAN router.
Question: If I mark packets/traffic/routing on the LAN router, will they be readable by the WAN router so that it can make different routes for traffic ?
It is not possible directly, but you can mangle the coneection by connection mark first, then all related packets by routing mark and finally to route all packets according to the routing mark by routing rule.
Thanks for your reply, we have finally managed to get 1 router RB2011 and use it for WAN and LAN both purposes.
Now im getting a strange issue.
I have multi wan configured which is working successfully.
I have 2 networks running on the same port.
192.x.x.x and 10.x.x.x.
10.x.x.x is for Servers and 192. is for normal users.
What i want to do is, force the users traffic through a specific ISP(WAN port). I have marked connection first and then gave a routing mark to that IP series; and then in /ip route I have forced the traffic to go through that specific ISP via a routing mark. But when I do that, users are not able to access the internal server from the 10.x.x.x network (cant even ping that server).
And my NAT rules dont work as expected - meaning i also have public IPs and that are natted to my internet servers, I cant access them from that internal network.Accessing them from outside the network is working alright.
safiullahtariq: If I understand you correctly, then you need for internal souce addresses to NOT be routed out the WAN when accessing Internal (or DMZ) servers/services. What I do in such cases is simply bypass the rest of the mangle rules when I detect that source and destination addresses are internal. I put a mangle rule above the rules that mangle connection marks and routing marks associated with external addresses. This mangle rule will simply “accept” (action=accept) traffic from a source address that is internal, to a destination address that is internal (or DMZ). Please note that by accepting that traffic, no other rules will be applied or processed, so it’s the same as having passthrough = NO. Whether this can work for you depends on the complexity of your mangle rules. You can still apply rules further up, to apply routing marks and such, or you can just use the main routing table for internal routes.
Hope you find this helpful. Kind regards.
PS. Also, now that I read @Sob’s solution, I see it is more elegant than mine. I recommend you try Sob’s solution first, and I’ll be changing my mangle bypass rules rules to routing exception rules soon … Thanks Sob.