Hello,
I have read the wiki on the topic of PCC. I have read the forum posts on getting this to work. However, I try these and I never seem to succeed. I did finally manage to get something working, however when I implement the following rules, I can no longer winbox into the mikrotik over ether1:
/ip address
add address=192.168.0.1/24 broadcast=192.168.0.255 comment="" \
disabled=no interface=ether5 network=192.168.0.0
add address=68.164.219.4/29 broadcast=68.164.219.7 comment="" \
disabled=no interface=ether1 network=68.164.219.0
add address=66.166.13.62/29 broadcast=66.166.13.63 comment="" \
disabled=no interface=ether2 network=66.166.13.56
add address=172.16.0.2/24 broadcast=172.16.0.255 comment="" disabled=\
no interface=ether3 network=172.16.0.0
add address=10.0.0.1/24 broadcast=10.0.0.255 comment="" disabled=no \
interface=ether4 network=10.0.0.0
/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=68.164.219.1 routing-mark=to_ISP1 scope=30 \
target-scope=10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=172.16.0.1 routing-mark=to_ISP3 scope=30 \
target-scope=10
add check-gateway=ping comment="" disabled=yes distance=1 \
dst-address=0.0.0.0/0 gateway=66.166.13.57 routing-mark=to_ISP2 \
scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=68.164.219.1 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=2 dst-address=\
0.0.0.0/0 gateway=172.16.0.1 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=yes distance=2 \
dst-address=0.0.0.0/0 gateway=66.166.13.57 scope=30 target-scope=\
10
/ip firewall mangle
add action=accept chain=prerouting comment="" disabled=no \
dst-address=68.164.219.0/29 hotspot=auth in-interface=ether4
add action=accept chain=prerouting comment="" disabled=no \
dst-address=172.16.0.0/24 hotspot=auth in-interface=ether4
add action=mark-connection chain=prerouting comment="" \
connection-mark=no-mark disabled=no hotspot=auth in-interface=\
ether1 new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting comment="" \
connection-mark=no-mark disabled=no hotspot=auth in-interface=\
ether3 new-connection-mark=ISP3_conn passthrough=yes
add action=mark-connection chain=prerouting comment="" \
connection-mark=no-mark disabled=no dst-address-type=!local \
hotspot=auth in-interface=ether4 new-connection-mark=ISP1_conn \
passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="" \
connection-mark=no-mark disabled=no dst-address-type=!local \
hotspot=auth in-interface=ether4 new-connection-mark=ISP3_conn \
passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment="" connection-mark=\
ISP1_conn disabled=no hotspot=auth in-interface=ether4 \
new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
ISP3_conn disabled=no hotspot=auth in-interface=ether4 \
new-routing-mark=to_ISP3 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=\
ISP1_conn disabled=no fragment=no hotspot=auth new-routing-mark=\
to_ISP1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=\
ISP3_conn disabled=no hotspot=auth new-routing-mark=to_ISP3 \
passthrough=yes
Additionally, when I remove hotspot=auth from every mangle rule but the two dealing with the hash function, I get an… interesting result. The hotspot is visible, and when I log in I can see the page it brings me to (google.com, usually). That website also appears completely functional, but I cannot navigate away from it. When I attempt to, I seem to get kicked from the network or my browser tells me it cannot load the page. I must be missing something rather obvious, I was just hoping some of the more experienced people here could give me some advice. Thanks!