Hi,
first sorry my poor english…
i want test policy based routing, but don’t work.
This is network:
and my test config:
/interface bridge
add fast-forward=no name=BridgePRIVAT
add fast-forward=no name=BridgePUBLIC
/interface ethernet
set [ find default-name=ether5 ] name=ether5-privat
set [ find default-name=ether6 ] name=ether6-public
/ip neighbor discovery
set ether6-public discover=no
set ether7 discover=no
set sfp1 discover=no
set BridgePUBLIC discover=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=public-wifi \
supplicant-identity=""
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=privat-wifi \
supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=8 country=hungary disabled=no \
mode=ap-bridge name=wlan-public security-profile=public-wifi \
ssid=public wmm-support=enabled wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:3B:D2:77 \
master-interface=wlan-public multicast-buffering=disabled name=\
wlan-privat security-profile=privat-wifi ssid=privat \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip pool
add name=DCHP-PUBLIC ranges=192.168.36.10-192.168.36.254
/ip dhcp-server
add address-pool=DCHP-PUBLIC authoritative=after-2sec-delay disabled=no \
interface=BridgePUBLIC name=dhcp-server-lan
/interface bridge port
add bridge=BridgePRIVAT interface=ether5-privat
add bridge=BridgePUBLIC interface=wlan-public
add bridge=BridgePRIVAT interface=wlan-privat
/interface bridge settings
set use-ip-firewall=yes
/ip firewall connection tracking
set enabled=yes
/ip settings
set rp-filter=strict tcp-syncookies=yes
/ip address
add address=37.220.133.20/29 interface=ether6-public network=37.220.133.16
add address=192.168.36.1/24 interface=BridgePUBLIC network=192.168.36.0
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface=BridgePRIVAT use-peer-dns=no use-peer-ntp=no
/ip dhcp-relay
add dhcp-server=10.36.1.254 interface=BridgePRIVAT name=dhcp-relay
/ip dhcp-server network
add address=192.168.36.0/24 dns-server=8.8.8.8 gateway=192.168.36.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input comment=winbox dst-port=8291 protocol=tcp
add action=accept chain=input protocol=icmp
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid
add action=accept chain=input comment="Accept related connections" \
connection-state=related
add action=accept chain=input comment="Accept established connections" \
connection-state=established
add action=accept chain=forward comment="Accept related connections" \
connection-state=related
add action=accept chain=forward comment="Accept established connections" \
connection-state=established
add action=accept chain=input comment="Accept DNS" disabled=yes dst-port=53 \
protocol=udp src-address=192.168.36.0/24
add action=drop chain=input comment="Drop everything else"
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=PRIVAT passthrough=\
no src-address=10.36.1.0/24
add action=mark-routing chain=prerouting new-routing-mark=PUBLIC passthrough=\
no src-address=192.168.36.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether6-public src-address=\
192.168.36.0/24
/ip firewall service-port
set ftp disabled=yes
/ip route
add distance=10 gateway=10.36.1.254 routing-mark=PRIVAT
add distance=1 gateway=37.220.133.22 routing-mark=PUBLIC
add distance=10 gateway=10.36.1.254
/ip route rule
add dst-address=192.168.36.0/24 table=main
add dst-address=10.36.1.0/24 table=main
add dst-address=37.220.133.16/29 table=main
add src-address=10.36.1.0/24 table=PRIVAT
add src-address=37.220.133.16/29 table=PUBLIC
add routing-mark=PRIVAT table=PRIVAT
add routing-mark=PUBLIC table=PUBLIC
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/system clock
set time-zone-name=Europe/Budapest
/system identity
set name=WifiRouter
/system ntp client
set enabled=yes primary-ntp=148.6.0.1
/tool bandwidth-server
set enabled=no
anybody can help me, why not work?