Policy Routing Problems

RouterOS Beginner Basics
1

Hello, I have two wan connections which I’m splitting by host. I have one host that needs to use one connection, and all the others will share a second connection.

While the WAN functions all work as desired, my hosts which are all on a 192.168.5.0/24 subnet can not always talk to each other. The one host which is getting marked as Cable seems to be able to access some of the hosts, however none of the other can access each other or the host marked cable.

Notes:
DSL = PPPOE Static IP ISP
Cable = Dynamic IP Cable ISP

My current config

/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=all-ppp
add chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=all-ppp
add action=drop chain=input in-interface=ether7-gateway
add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface=ether7-gateway

/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.5.0/24
add action=masquerade chain=srcnat comment=Cable out-interface=ether7-gateway
add action=masquerade chain=srcnat comment="default configuration" out-interface=pppoe-out1
add action=dst-nat chain=dstnat comment=IPCam dst-port=4001 protocol=tcp to-addresses=192.168.5.144 to-ports=80

/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=Cable passthrough=no src-address=192.168.5.136
add action=mark-routing chain=prerouting new-routing-mark=DSL passthrough=no src-address=192.168.5.0/2

/ip route
add distance=1 gateway=10.10.10.10 routing-mark=Cable
add distance=1 gateway=pppoe-out1 routing-mark=DSL

I would appreciate any help I can get, I’m a total novice to both Linux and Networking in general. I’m a doctor by profession so I don’t have as much time as I would enjoy to research this kind of thing.

2

That config looks correct.

(Maybe just a typo - but your second mangle rule is missing a 4 at the end.)
src-address=192.168.5.0/24

Out-of-box config has ports 3,4,5 set as slave ports to port 2.

If port 1 = DSL, port 2 = Cable, then you’d have to edit interface 3,4,5 and set master to none, then add 3,4,5 to local-bridge.

Or normally I use port 1 for wan 1, then use port 5 for Wan 2. For port 5 I set master port = none, then I don’t have to put 3,4 in the local-bridge since they’re still a slave to port 2.