Routing rules based on mark-routing

kotomatron · August 13, 2015, 7:43am

Hi

I have two ISP: WAN1, WAN2, and two subnets for each provider

And my problem is that the router does not pinged if i create Mangle Rules (IP/Firewall/Mangle) for each network:

chain=prerouting action=mark-routing new-routing-mark=WAN1
passthrough=yes src-address=192.168.10.0/24
chain=prerouting action=mark-routing new-routing-mark=WAN2
passthrough=yes src-address=172.16.10.0/24

Where am I wrong? If rule is disabled, i can ping router. Very strange =
But i always have access through http; only ping is not working

Could you help me please

Instructions taken from http://mikrotikroutersetup.blogspot.ru/p/mikrotik-router.html

Cha0s · August 26, 2015, 12:29pm

Did you also create two static routes with those routing marks?

Without proper routes the packets will always use the main routing table to leave the router.

Cha0s · August 26, 2015, 12:31pm

Actually it’s a bit more complicated than that.

To be able to reach the router on both IPs (from both providers) you need some extra rules so that you first mark the incoming connection and then route-mark the outgoing packets based on that connection mark.

In other words make it so that the router sends its replies from the interface they came in from.