I’m trying to set up a policy so that my hotspot interface traffic goes to a set of default gateways on one WAN interface (only one will be active at any time). My corporate traffic will then go via another WAN interface running RIP.
What I have tried to do is mark the hotspot traffic as “Public” and apply that policy mark to my set of default gateways. Once I do this I can ping Internet fine but I can’t get DNS. in fact I can’t even ping the local Mikrotik interface of the hotspot network (which is my DNS server).
If I add another mangle rule marking output traffic from the Mikrotik to the hotspot network as “Public” as well, then i can ping it but I still can’t resolve DNS.
Any ideas? Here is the relevant config:
add address=10.150.0.0/16 comment=“hotspot network” dns-server=10.150.0.1
gateway=10.150.0.1
/ip dns
set allow-remote-requests=yes servers=10.150.0.1,216.146.35.35,216.146.36.36
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=Public passthrough=
no src-address=10.150.0.0/16
add action=mark-routing chain=output new-routing-mark=Public src-address=
10.150.0.1
/ip firewall nat
add action=masquerade chain=srcnat comment=“masquerade hotspot network”
src-address=10.150.0.0/16
add action=dst-nat chain=dstnat dst-port=53 protocol=tcp to-addresses=
10.150.0.1
add action=dst-nat chain=dstnat dst-port=53 protocol=udp to-addresses=
10.150.0.1
/ip route
add check-gateway=ping distance=1 gateway=172.16.3.1 routing-mark=Public
add check-gateway=ping distance=1 gateway=172.16.1.1 routing-mark=Public
add check-gateway=ping distance=1 gateway=172.16.5.1 routing-mark=Public
add check-gateway=ping distance=1 gateway=172.16.2.1 routing-mark=Public
add check-gateway=ping distance=1 gateway=172.16.6.1 routing-mark=Public
add distance=1 dst-address=10.150.0.0/16 gateway=bridge2-hotspot pref-src=
10.150.0.1 routing-mark=Public
/ip route rule
add routing-mark=Public table=Public