Hi Everyone
I’m trying to implement the following scenario:
[isp1]-192.168.1.254--|---------| |------|
| MT1 |-172.16.5.1-- OSPF --- | MT2 |--[ LAN ]--172.16.2.4 (host)
[isp2]-192.168.0.254--|---------| |------|
MT1 and MT2 a routers with OSPF setup. Couple subnets are connected to MT2 and propagated via OSPF to MT1. MT1 acts as gateway for whole network. Recently we’ve obtained second wan link form other ISP and I’d like to force HTTP and HTTPS traffic from host (172.16.2.4) to route via ISP2 link and the rest of traffic should go through ISP1. My current config is:
on MT2
ip route add distance=1 gateway=172.16.5.1 #default gateway to MT1
on MT1
/ip route
add distance=1 gateway=192.168.0.254 routing-mark=isp2
add distance=1 gateway=192.168.1.254 routing-mark=isp1
add distance=1 gateway=192.168.1.254 scope=10
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ISP1
add action=masquerade chain=srcnat out-interface=ISP2
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-port=80,443 new-routing-mark=isp2 passthrough=no protocol=tcp src-address=172.16.2.4
/ip route rule
add routing-mark=isp2 table=isp2
add routing-mark=isp1 table=isp1
add dst-address=192.168.0.0/24 table=main
add src-address=192.168.0.0/24 table=isp2
add dst-address=192.168.1.0/24 table=main
add src-address=192.168.1.0/24 table=isp1
add dst-address=172.16.2.0/26 table=main
It won’t work. It looks like for the HTTP and HTTPS traffic MT1 doesn’t see the return route to host (from main table). When the host tries to browse any webpage, packet count on mangle that marks route is increasing, so I’m assuming that route is marked correctly. When mangle is disabled, host can reach http page over ISP1 (default for network)
What I miss ?