Greetings everyone,
I need some help with a specific entry.
I have purchased and installed a mikrotik router in order to setup a 2 WAN 1 LAN load balancing setup.
After some effort i have finally set it up to work properly but i also need to set up my firewall mangle
to exclude all https traffic from my mangle WANS and just forward it to my default WAN..
My magge set up is as follows:
/ip firewall mangle
add action=accept chain=prerouting dst-address=0.0.0.0/0 dst-port=443 log=yes
protocol=tcp
add action=accept chain=prerouting dst-address=10.111.0.0/24 in-interface=
ether2-master-local
add action=accept chain=prerouting dst-address=10.112.0.0/24 in-interface=
ether2-master-local
add action=mark-connection chain=input connection-state=new in-interface=
ether1-gateway1 new-connection-mark=OTEhome1_conn passthrough=no
add action=mark-connection chain=input connection-state=new in-interface=
ether5-gateway2 new-connection-mark=OTEhome2_conn passthrough=no
add action=mark-routing chain=output connection-mark=OTEhome1_conn
new-routing-mark=to_OTEhome1_conn passthrough=no
add action=mark-routing chain=output connection-mark=OTEhome2_conn
new-routing-mark=to_OTEhome2_conn passthrough=no
add action=mark-connection chain=prerouting connection-state=new
dst-address-type=!local in-interface=ether2-master-local
new-connection-mark=OTEhome1_conn passthrough=yes
per-connection-classifier=src-address:2/0
add action=mark-connection chain=prerouting connection-state=new
dst-address-type=!local in-interface=ether2-master-local
new-connection-mark=OTEhome2_conn passthrough=yes
per-connection-classifier=src-address:2/1
add action=mark-routing chain=prerouting connection-mark=OTEhome1_conn
in-interface=ether2-master-local new-routing-mark=to_OTEhome1_conn
passthrough=no
add action=mark-routing chain=prerouting connection-mark=OTEhome2_conn
in-interface=ether2-master-local new-routing-mark=to_OTEhome2_conn
passthrough=no
While my routing setup:
add check-gateway=ping distance=1 gateway=10.111.0.2 routing-mark=
to_OTEhome1_conn
add check-gateway=ping distance=1 gateway=10.112.0.2 routing-mark=
to_OTEhome2_conn
add check-gateway=ping distance=1 gateway=10.111.0.2
add check-gateway=ping distance=2 gateway=10.112.0.2
Now i was under the impression that the lower the distance the higher the priority.
Can someone check this config and let me know what am i doing wrong.
I want all https traffic (TCP 443) to go through the OTEhome1_conn.
Thanks in advance