Routing mark problem, driving me bonkers.

RouterOS Beginner Basics
1

Ok, my problem is I have got two wan’s. Want to rout tcp out wan 2 and every thing ells wan 1. Put nat rule for masquerading, with wan 1 interface as out and default route to wan 1 every thing nice. In mangle do chain: prerouting protocol: tcp in action mark routing and routing mark: tcp traffic. Then I create another default gateway with wan 2 and routing mark: tcp traffic. Also do a Nat rule wit routing mark: tcp traffic and out interface wan 2. Now some TCP traffic is routed to wan 2, but some still on wan 1. What am I missing hear???

2

Please post your configuration.

3

Hi,

It can be that the order of the FIREWALL MANGLE rules if wrong, make sure that the TCP MARK rule is at the TOP.

4

Hi. Thanks. Did put rule right on top. Something ells. My rulse

jun/25/2008 19:55:18 by RouterOS 3.10

software id = MJY9-YH0

/ip firewall nat
action=passthrough chain=unused-hs-chain comment=
"place hotspot rules here" disabled=yes

action=masquerade chain=srcnat comment="" disabled=yes out-interface=
ether1 routing-mark="TCP traffic"
action=masquerade chain=srcnat comment="" disabled=no out-interface=
pppoe-Nexus

jun/25/2008 19:55:03 by RouterOS 3.10

software id = MJY9-YH0

/ip firewall mangle
action=mark-routing chain=prerouting comment="" disabled=yes
new-routing-mark="TCP traffic" passthrough=no protocol=tcp

action=accept chain=prerouting comment="Laat Ping deur" disabled=no
protocol=icmp

action=mark-packet chain=prerouting comment="Merk upload traffic"
disabled=no in-interface=ether3 new-packet-mark=upload passthrough=no

add action=mark-connection chain=forward comment=
"Merk connections wat verby router gaan" disabled=no new-connection-mark=
connections passthrough=yes

action=mark-packet chain=forward comment="Merk download packets"
connection-mark=connections disabled=no in-interface=ether2
new-packet-mark=downloads passthrough=no

action=mark-packet chain=output comment="Merk downloads van proxy"
disabled=no new-packet-mark=downloads out-interface=ether3 passthrough=no

5

Thought maybe this will help some body. Got it up and running after weeks. It is really obvious but just never thought of it. Add NAT rule for WLan1 chain src-nat, action masquerade router and specify outgoing interface, very important and then the one that took me weeks to figure. Make another Nat rule for WLan 2 chain src-nat, action masquerade router and specify outgoing interface. The marking and routing is pretty straight.