Routing on 2 WAN Interfaces

RouterOS Forwarding Protocols
1

Hi everybody,

i have a CCR (Tile) with Software Version 6.44.3

I have two Internet Connections (TELEKOM1 and TELEKOM2) and some DST-NAT ie: TCP Port 444 -> 192.168.1.2
My DEFAULT Route is
0.0.0.0/0 TELEKOM1 Dist. 1
0.0.0.0/0 TELEKOM2 Dist. 2
and i have
0.0.0.0/0 TELEKOM1 on Routingmark TELEKOM1
0.0.0.0/0 TELEKOM2 on Routingmark TELEKOM2

and i have Connection Tracking and setting Routing-Marks ...

My Question (i think it is a Bug)
When the Packet comes from the TELEKOM1 and TELEKOM1 is Default Route then it is working and it logs:
,22:45:05,"192.168.1.1: firewall,info CM:Leitung1 prerouting: in:PPPTelekom1 out:(unknown 0), proto TCP (SYN), 88.217.199.52:51752->93.241.192.110:444, len 52"
,22:45:05,"192.168.1.1: firewall,info dstnat: in:PPPTelekom1 out:(unknown 0), proto TCP (SYN), 88.217.199.52:51752->93.241.192.110:444, len 52"
,22:45:05,"192.168.1.1: firewall,info forward: in:PPPTelekom1 out:BRG_FENDT, proto TCP (SYN), 88.217.199.52:51752->192.168.1.2:444, NAT 88.217.199.52:51752->(93.241.192.110:444->192.168.1.2:444), len 52"
,22:45:05,"192.168.1.1: firewall,info forward: in:PPPTelekom1 out:BRG_FENDT, src-mac 28:8a:1c:66:ba:1a, proto TCP (ACK), 88.217.199.52:51752->192.168.1.2:444, NAT 88.217.199.52:51752->(93.241.192.110:444->192.168.1.2:444), len 40"
,22:45:05,"192.168.1.1: firewall,info forward: in:PPPTelekom1 out:BRG_FENDT, src-mac 28:8a:1c:66:ba:1a, proto TCP (ACK,PSH), 88.217.199.52:51752->192.168.1.2:444, NAT 88.217.199.52:51752->(93.241.192.110:444->192.168.1.2:444), len 429"
,22:45:05,"192.168.1.1: firewall,info forward: in:PPPTelekom1 out:BRG_FENDT, src-mac 28:8a:1c:66:ba:1a, proto TCP (ACK), 88.217.199.52:51752->192.168.1.2:444, NAT 88.217.199.52:51752->(93.241.192.110:444->192.168.1.2:444), len 40"
,22:45:05,"192.168.1.1: firewall,info forward: in:PPPTelekom1 out:BRG_FENDT, src-mac 28:8a:1c:66:ba:1a, proto TCP (ACK,PSH), 88.217.199.52:51752->192.168.1.2:444, NAT 88.217.199.52:51752->(93.241.192.110:444->192.168.1.2:444), len 91"
,22:45:05,"192.168.1.1: firewall,info forward: in:PPPTelekom1 out:BRG_FENDT, src-mac 28:8a:1c:66:ba:1a, proto TCP (ACK,PSH), 88.217.199.52:51752->192.168.1.2:444, NAT 88.217.199.52:51752->(93.241.192.110:444->192.168.1.2:444), len 473"
,22:45:05,"192.168.1.1: firewall,info forward: in:PPPTelekom1 out:BRG_FENDT, src-mac 28:8a:1c:66:ba:1a, proto TCP (ACK), 88.217.199.52:51752->192.168.1.2:444, NAT 88.217.199.52:51752->(93.241.192.110:444->192.168.1.2:444), len 40"
,22:45:05,"192.168.1.1: firewall,info forward: in:PPPTelekom1 out:BRG_FENDT, src-mac 28:8a:1c:66:ba:1a, proto TCP (ACK), 88.217.199.52:51752->192.168.1.2:444, NAT 88.217.199.52:51752->(93.241.192.110:444->192.168.1.2:444), len 40"
,22:45:10,"192.168.1.1: firewall,info forward: in:PPPTelekom1 out:BRG_FENDT, src-mac 28:8a:1c:66:ba:1a, proto TCP (ACK), 88.217.199.52:51752->192.168.1.2:444, NAT 88.217.199.52:51752->(93.241.192.110:444->192.168.1.2:444), len 40"

Whene i change the DEFAULT Route to Telekom2 it does NOT WORK and logs:
,22:50:50,"192.168.1.1: firewall,info CM:Leitung1 prerouting: in:PPPTelekom1 out:(unknown 0), proto TCP (SYN), 88.217.199.52:51755->93.241.192.110:444, len 52"
,22:50:50,"192.168.1.1: firewall,info dstnat: in:PPPTelekom1 out:(unknown 0), proto TCP (SYN), 88.217.199.52:51755->93.241.192.110:444, len 52"
,22:50:51,"192.168.1.1: firewall,info CM:Leitung1 prerouting: in:PPPTelekom1 out:(unknown 0), proto TCP (SYN), 88.217.199.52:51755->93.241.192.110:444, len 52"
,22:50:51,"192.168.1.1: firewall,info dstnat: in:PPPTelekom1 out:(unknown 0), proto TCP (SYN), 88.217.199.52:51755->93.241.192.110:444, len 52"
,22:50:53,"192.168.1.1: firewall,info CM:Leitung1 prerouting: in:PPPTelekom1 out:(unknown 0), proto TCP (SYN), 88.217.199.52:51755->93.241.192.110:444, len 48"
,22:50:53,"192.168.1.1: firewall,info dstnat: in:PPPTelekom1 out:(unknown 0), proto TCP (SYN), 88.217.199.52:51755->93.241.192.110:444, len 48"

I only changed the Default Route by disabeling 0.0.0.0/0 TELEKOM1 Dist. 1 so 0.0.0.0/0 TELEKOM2 Distance 2 is active...
i dont know whats wrong.
it seems that the router even does not forward to 192.168.1.2
And: It seems the Routing-Mark is not used as expected in the routing table -
Thanks for your help

Oliver

2

And for some reason you haven’t shown us any of that, so we have no idea what’s happening…

3

:smiley: x2!