Heya guys (Not sure if this Beginner Basics, though I am sure it is not supposed to be hard.)

I have 4 active outbound links on my routerboard 750G. Only one of the connections (an l2tp connection) sets the default route dynamically. The other three interface does have default routes pointing to them but only for certain routing marks.

All interfaces masquerade outbound.

The problem I have, is that whenever I NAT something in from one of those interfaces on which the default route matches only on certain routing marks, the outbound traffic still tries to route via the link that has the default gateway set dynamically.
The weird part is this, I have tried only to NAT SMTP traffic on my ADSL line, if I telnet to it from the outside world it connects! I see the SMTP banner and everything, but as soon as I say ‘hello whatever’ to start the SMTP transaction the connection times out.

Here is my config:

This is the NAT rule that forwards the SMTP traffic to the machine on the internal LAN

chain=dstnat action=dst-nat to-addresses=10.10.43.2 to-ports=25 protocol=tcp in-interface=pppoe-to-mweb dst-port=25

I have 4 mangle rules to mark the connection / routing

chain=prerouting action=mark-connection new-connection-mark=in-from-mweb passthrough=yes connection-state=new in-interface=pppoe-to-mweb

chain=output action=mark-routing new-routing-mark=route-via-adsl passthrough=no connection-mark=in-from-mweb

chain=forward action=mark-connection new-connection-mark=in-from-mweb passthrough=yes connection-state=new out-interface=!pppoe-to-mweb connection-mark=in-from-mweb

chain=prerouting action=mark-routing new-routing-mark=route-via-adsl passthrough=no in-interface=!pppoe-to-mweb connection-mark=in-from-mweb

Now when I add a new rule to say for example route from any source to anywhere where the destination-address is neworder.box.sk for example, it works perfect, so from internal > Internet the outbound routing will route via the ADSL.

Here is my lookup rule for the outbound traffic on the ADSL

routing-mark=route-via-adsl action=lookup table=route-via-adsl

Can someone please point me in the right direction how to get it to work?
Here is an example of the output for the SMTP traffic via the ADSL link

telnet X.132.X.222 25
Trying X.132.X.222…
Connected to X-132-X-222.dsl.mweb.co.za (X.132.X.222).
Escape character is ‘^]’.
220 Starbright Network Solutions - SMTP
helo asd


And then it just times out eventually…

But as mentioned earlier - If I set the pppoe-to-mweb interface to have its default route added dynamically it works 100% so my mangle rules seem to be the problem.

Thanks in advance for the help.

I have yet to seee policy routing work as its supposed to. I have read all the howtos and followed them to a T and it still has issues, im guessing differnet ros versions are buggy with it

sigh

Its a huge issue Surely someone can help me get it working properly please.

If I understand this right, you can add a "routing-mark" in the pre-routing phase of an incoming packet's handling, and that's all the routing rules can use.

What I want is to route based on a connection mark, so that incoming nat connections work, regardless of the interface they came in on, but you have to look in the nat table to see where the incoming packet though it was going before you know the right way to send the reply back:

/ip firewall nat

setup nat on the two public interfaces

add action=masquerade chain=srcnat out-interface=isp1
add action=masquerade chain=srcnat out-interface=isp2

/ip firewall mangle
add chain=prerouting connection-state=new dst-address-list=isp1-if-public action=mark-connection new-connection-mark=isp1
add chain=prerouting connection-state=new dst-address-list=isp2-if-public action=mark-connection new-connection-mark=isp2

/ip route
add gateway= connection-mark=isp2

This gives me some level of redundancy...