Route marking in OS7.04

joschwe · November 25, 2021, 4:05pm

Hi,
I need help with route marking in OS7.04. I have problems with establishing TCP connections (http://forum.mikrotik.com/t/avoiding-double-nat-fritzbox-ccr2004/153528/16) and most likely a dual WAN setup is the reason.

Setup is as following:

ISP1 → Fritzbox1 (192.168.176.1/24) —> WAN1 Mikrotik (192.168.176.254 // 192.168.178.1/24)
ISP2–> Fritzbox2 (192.168.179.1/24) —> WAN2 Mikrotik (192.168.179.254 // 192.168.178.1/24)

Routes are like that:

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.176.1
pref-src=“” routing-table=main scope=30 suppress-hw-offload=no
target-scope=10

add disabled=no distance=2** dst-address=0.0.0.0/0 gateway=192.168.179.1
pref-src=“” routing-table=main scope=30 suppress-hw-offload=no
target-scope=10

** I want to have both routes on equal cost (distance of second route =1)

Mangle rules for each wan (this is wan1) would be:
/routing table * I have a few duplicated entries from failed tries and don’t know how to delete them
add name=ISP1
add name=ISP1
add fib name=ISP1
add fib name=ISP_fib

/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new disabled=yes**
in-interface=ether1 new-connection-mark=ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP1 disabled=yes**
new-routing-mark=ISP_fib passthrough=yes

**i will enable it then of course

So now is the question how to set a route, so that all marked traffic leaves out of the gateway it came from.

k6ccc · November 26, 2021, 2:15am

Likely better to post this in the V7 BETA section of the forum.

anav · November 26, 2021, 1:13pm

So you dont want load balancing???

joschwe · November 26, 2021, 3:10pm

I do. But how else would you set it up? If I have the same distances for both gateways and request for example a connection on http port 80 over ISP1, the request goes in to WAN1 and leaves through WAN2 (that’s what the dst-nat log told me). So no connection can be established.
Load balancing isn’t that important but failover is. If I understand how to set up a specific route for marked routes I can work on failover. Unfortunately the examples I found where all for ROS6 and gave error messages for ROS7. I figured out how to get the route marking commands working for OS7 but how to set up a route?
like this: everything with routing mark XY in table XY use gateway ether1
everything with routing mark ZA in table ZA use gateway ether2
I need the traffic to leave through the gateway it came in from.

joschwe · November 29, 2021, 12:19am

noone?