Routting problems

RouterOS General
1

Routing problems,

Hello. I have a CCR1036-8G-2S + EM router on which I have made the following configuration:

Networks:
WAN1: 192.168.1.0/24
WAN2: 192.168.5.0/24
Local LAN VLAN ID 100: 192.168.0.0/24
Guest LAN VLAN ID 200: 192.168.10.0/24
Wifi LAN: 192.168.20.0/24
Admin: 10.0.0.0/8

Gateways:

  • Fiber router on WAN 1: 192.168.1.1
  • Cable router on WAN2: 192.168.5.1

Interfaces:

  • ether1 renamed to ether1-WAN1: 192.168.1.1
  • ether2 renamed to ether2-WAN2: 192.168.5.1
  • ether3 renamed to ether3-wifi: 192.168.20.251
  • ether4 renamed to ether4-admin: 10.0.0.1
  • ether5 renamed to ether5-LACP-slave1
  • ether6 renamed to ether5-LACP-slave2
  • ether7 renamed to ether5-LACP-slave3
  • ether8 renamed to ether5-LACP-slave4
  • LACP-LAN: LAG LACP 802.3ad (ether5 to ether8)
  • VLAN-LAN-100: VLAN ID 100 on LACP-LAN: 192.168.0.251
    -VLAN-invite-200: VLAN ID 200 on LACP-LAN: 192.168.10.251

My question is:

  • I would like the 192.168.20.0/24 network to be routed over WAN2
  • I established for this a list of firewall rules in the mangle chain and it does not work. Not finding why I allow myself to consult you.
    My problem is at the level of rule number 7 which, as I hoped, allows traffic to be routed from the 192.168.20.0/24 network over WAN2.
    Except the traffic of this network remains routed on WAN1. Why ? What is my mistake?
    Thank you for your help
[admin@MikroTik] /ip firewall mangle> print 
Flags: X - disabled, I - invalid, D - dynamic 
 0    chain=prerouting action=accept dst-address=192.168.1.0/24 in-interface=all-vlan log=no log-prefix="" 

 1    chain=prerouting action=accept dst-address=192.168.5.0/24 in-interface=all-vlan log=no log-prefix="" 

 2    chain=prerouting action=accept dst-address=192.168.1.0/24 in-interface=ether3-wifi log=no log-prefix="" 

 3    chain=prerouting action=accept dst-address=192.168.5.0/24 in-interface=ether3-wifi log=no log-prefix="" 

 4    chain=prerouting action=mark-connection new-connection-mark=WAN1_conn connection-mark=no-mark in-interface=ether1-WAN1 

 5    chain=prerouting action=mark-connection new-connection-mark=WAN2_conn connection-mark=no-mark in-interface=ether2-WAN2 

 6    ;;; CRABBOC sur WAN1 FC
      chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes src-address=192.168.0.198 dst-address-type=!local connection-mark=no-mark in-interface=all-vlan log=no log-prefix="" 

 7    ;;; Reseau wifi sur WAN2 Cable
      chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes src-address=192.168.20.0/24 src-address-type="" dst-address-type=!local connection-mark=no-mark in-interface=ether3-wifi log=no log-prefix="" 

 8    ;;; Reseau invite sur WAN2 Cable
      chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes src-address=192.168.10.0/24 dst-address-type=!local connection-mark=no-mark in-interface=all-vlan log=no log-prefix="" 

 9    ;;; Bloc port WOW sur WAN1 FC
      chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes protocol=tcp dst-address-type=!local connection-mark=no-mark in-interface=all-vlan dst-port=1119-1120 log=no log-prefix="" 

10    chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes protocol=udp dst-address-type=!local connection-mark=no-mark in-interface=all-vlan dst-port=1119-1120 log=no log-prefix="" 

11    chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes protocol=tcp dst-address-type=!local connection-mark=no-mark in-interface=all-vlan dst-port=3724 log=no log-prefix="" 

12    chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes protocol=udp dst-address-type=!local connection-mark=no-mark in-interface=all-vlan dst-port=3724 log=no log-prefix="" 

13    chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes protocol=tcp dst-address-type=!local connection-mark=no-mark in-interface=all-vlan dst-port=4000 log=no log-prefix="" 
 
14    chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes protocol=udp dst-address-type=!local connection-mark=no-mark in-interface=all-vlan dst-port=4000 log=no log-prefix="" 

15    chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes protocol=tcp dst-address-type=!local connection-mark=no-mark in-interface=all-vlan dst-port=6112-6114 log=no log-prefix="" 

16    chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes protocol=udp dst-address-type=!local connection-mark=no-mark in-interface=all-vlan dst-port=6112-6114 log=no log-prefix="" 

17    ;;; HTTP et HTTPS sur WAN2 cable
      chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes protocol=tcp dst-address-type=!local connection-mark=no-mark in-interface=all-vlan dst-port=443 log=no log-prefix="" 

18    chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes protocol=tcp dst-address-type=!local connection-mark=no-mark in-interface=all-vlan dst-port=80 log=no log-prefix="" 

19    ;;; Gestion du Load Balancing
      chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes dst-address-type=!local connection-mark=no-mark in-interface=all-vlan per-connection-classifier=both-addresses:2/0 log=no log-prefix="" 

20    chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes dst-address-type=!local connection-mark=no-mark in-interface=all-vlan per-connection-classifier=both-addresses:2/1 log=no log-prefix="" 

21    ;;; Connexion WAN1_conn vers WAN1 FC
      chain=prerouting action=mark-routing new-routing-mark=to_WAN1 passthrough=yes connection-mark=WAN1_conn in-interface=all-vlan log=no log-prefix="" 

22    ;;; Connexion WAN2_conn vers WAN2 cable
      chain=prerouting action=mark-routing new-routing-mark=to_WAN2 passthrough=yes dst-address-type="" connection-mark=WAN2_conn in-interface=all-vlan log=no log-prefix="" 

23    ;;; Connexion WAN1_conn vers WAN1 FC
      chain=output action=mark-routing new-routing-mark=to_WAN1 passthrough=yes connection-mark=WAN1_conn log=no log-prefix="" 

24    ;;; Connexion WAN2_conn vers WAN2 cable
      chain=output action=mark-routing new-routing-mark=to_WAN2 passthrough=yes connection-mark=WAN2_conn log=no log-prefix=""

Router config:

# may/12/2020 11:53:08 by RouterOS 6.46.5
# software id = Z5FD-BKLW
#
# model = CCR1036-8G-2S+
# serial number = C6C80BF50C0D
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN1
set [ find default-name=ether2 ] name=ether2-WAN2
set [ find default-name=ether3 ] arp=reply-only name=ether3-wifi
set [ find default-name=ether4 ] name=ether4-Admin
set [ find default-name=ether5 ] name=ether5-LACP-LAN-Slave1
set [ find default-name=ether6 ] mac-address=C4:AD:34:B6:05:06 name=\
    ether6-LACP-LAN-Slave2
set [ find default-name=ether7 ] mac-address=C4:AD:34:B6:05:06 name=\
    ether7-LACP-LAN-Slave3
set [ find default-name=ether8 ] mac-address=C4:AD:34:B6:05:06 name=\
    ether8-LACP-LAN-Slave4
set [ find default-name=sfp-sfpplus1 ] disabled=yes
set [ find default-name=sfp-sfpplus2 ] disabled=yes
/interface bonding
add mode=802.3ad name=LACP-LAN slaves="ether5-LACP-LAN-Slave1,ether6-LACP-LAN-\
    Slave2,ether7-LACP-LAN-Slave3,ether8-LACP-LAN-Slave4" \
    transmit-hash-policy=layer-2-and-3
/interface vlan
add comment="VLAN Reseau Celdenn LAN Local" interface=LACP-LAN name=\
    vlan-LAN-100 vlan-id=100
add comment="VLAN Reseau invite LAN Local" interface=LACP-LAN name=\
    vlan-invite-200 vlan-id=200
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip kid-control
add fri=0s-1d mon=0s-1d name=Logan rate-limit=30M sat=0s-1d sun=0s-1d thu=\
    0s-1d tue=0s-1d wed=0s-1d
add fri=0s-1d mon=0s-1d name=Nolwenn rate-limit=30M sat=0s-1d sun=0s-1d thu=\
    0s-1d tue=0s-1d wed=0s-1d
add fri=0s-1d mon=0s-1d name=Autres rate-limit=10M sat=0s-1d sun=0s-1d thu=\
    0s-1d tue=0s-1d wed=0s-1d
add fri=0s-1d mon=0s-1d name=Soko rate-limit=30M sat=0s-1d sun=0s-1d thu=\
    0s-1d tue=0s-1d wed=0s-1d
add fri=0s-1d mon=0s-1d name=Phil rate-limit=30M sat=0s-1d sun=0s-1d thu=\
    0s-1d tue=0s-1d wed=0s-1d
/ip pool
add name=pool_dhcp_lan ranges=192.168.0.150-192.168.0.199
add name=pool_dhcp_invite ranges=192.168.10.51-192.168.10.100
add name=pool-admin ranges=10.0.0.10-10.0.0.49
add name=pool-wifi ranges=192.168.20.10-192.168.20.100
/ip dhcp-server
add address-pool=pool_dhcp_lan disabled=no interface=vlan-LAN-100 name=\
    dhcp_LAN
add address-pool=pool_dhcp_invite disabled=no interface=vlan-invite-200 name=\
    dhcp_invite
add address-pool=pool-admin disabled=no interface=ether4-Admin name=\
    dhcp-admin
add address-pool=pool-wifi disabled=no interface=ether3-wifi name=dhcp-wifi
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add interface=ether4-Admin
add interface=ether5-LACP-LAN-Slave1
add interface=ether6-LACP-LAN-Slave2
add disabled=yes interface=sfp-sfpplus1
add disabled=yes interface=sfp-sfpplus2
add interface=ether3-wifi
/interface list member
add comment="Sortie 1 vers routeur Fibre sur r\E9seau 192.168.1.0/24" \
    interface=ether1-WAN1 list=WAN
add comment="Agregation LACP 802.3ad des interfaces 5, 6, 7 et 8" interface=\
    LACP-LAN list=LAN
add comment="Sortie vers routeur cable sur r\E9seau 192.168.5.0/24" \
    interface=ether2-WAN2 list=WAN
add comment="Interface d'administration du routeur sur IP 10.0.0.1/8" \
    interface=ether4-Admin list=LAN
add comment="VLAN local-100 sur agregation LACP 802.3ad des interfaces 5, 6, 7\
    \_et 8 sur r\E9seau 192.168.0.0/24" interface=vlan-LAN-100 list=LAN
add comment="VLAN invit\E9-200 sur agregation LACP 802.3ad des interfaces 5, 6\
    , 7 et 8 sur r\E9seau 192.168.10.0/24" interface=vlan-invite-200 list=LAN
add comment="IP interface LAN invite WIFI" interface=ether3-wifi list=LAN
/ip address
add address=192.168.5.251/24 comment="Vers router SFR numericable" interface=\
    ether2-WAN2 network=192.168.5.0
add address=10.0.0.1/8 comment="IP Admin routeur" interface=ether4-Admin \
    network=10.0.0.0
add address=192.168.1.251/24 comment="Vers router SFR box 8 entr\E9e 1" \
    interface=ether1-WAN1 network=192.168.1.0
add address=192.168.0.251/24 comment=\
    "IP interface LAN local LACP 802.3ad TRUNK VLAN 100" interface=\
    vlan-LAN-100 network=192.168.0.0
add address=192.168.10.251/24 comment=\
    "IP interface LAN invite LACP 802.3ad TRUNK VLAN 200" interface=\
    vlan-invite-200 network=192.168.10.0
add address=192.168.20.251/24 comment="IP interface LAN invite WIFI" \
    interface=ether3-wifi network=192.168.20.0
/ip arp
add address=192.168.0.49 comment="Synology Bestiole" interface=vlan-LAN-100 \
    mac-address=00:11:32:7E:3E:75
add address=192.168.0.50 comment="Imprimante Brother" interface=vlan-LAN-100 \
    mac-address=30:05:5C:CF:48:C0
add address=192.168.0.183 comment="PC Portable Nolwenn: Kibrille" interface=\
    vlan-LAN-100 mac-address=3C:A0:67:A7:AF:D1
add address=192.168.0.184 comment="PC Portable Travail Phil" interface=\
    vlan-LAN-100 mac-address=D4:81:D7:C4:3D:A4
add address=192.168.20.10 comment="Galaxy A5 Phil" interface=ether3-wifi \
    mac-address=94:B1:0A:FD:69:76
add address=192.168.0.186 comment="PC Nolwenn: Dren" interface=vlan-LAN-100 \
    mac-address=18:31:BF:B1:B5:DA
add address=192.168.20.11 comment="Caldenna RT Wifi" interface=ether3-wifi \
    mac-address=58:EF:68:3E:53:26
add address=192.168.0.188 comment="PC Logan: Worgounator" interface=\
    vlan-LAN-100 mac-address=18:31:BF:B1:B5:D2
add address=192.168.0.189 comment="PC Soko: Brightwing" interface=\
    vlan-LAN-100 mac-address=4C:CC:6A:60:4B:FA
add address=192.168.20.12 comment="Mi A2 Phil" interface=ether3-wifi \
    mac-address=48:2C:A0:68:D8:39
add address=192.168.20.14 comment="Honor Logan" interface=ether3-wifi \
    mac-address=34:79:16:1F:2B:AA
add address=192.168.20.13 comment="PC Portable Travail Phil WIFI" interface=\
    ether3-wifi mac-address=14:AB:C5:9D:82:0D
add address=192.168.20.15 comment="Google Home Mini Chambre Parents" \
    interface=ether3-wifi mac-address=20:DF:B9:1D:4C:E2
add address=192.168.20.16 comment="Google Home Salon" interface=ether3-wifi \
    mac-address=48:D6:D5:7C:C6:36
add address=192.168.20.17 comment="Mi A2 Nolwenn" interface=ether3-wifi \
    mac-address=48:2C:A0:68:F4:61
add address=192.168.20.18 comment="Mi A2 Soko" interface=ether3-wifi \
    mac-address=48:2C:A0:6E:AC:DB
add address=192.168.0.198 comment="PC Phil: Crabboc" interface=vlan-LAN-100 \
    mac-address=4C:CC:6A:46:0D:9A
/ip dhcp-client
add interface=ether1-WAN1
/ip dhcp-server lease
add address=192.168.20.17 client-id=1:48:2c:a0:68:f4:61 comment=\
    "Mi A2 Nolwenn" mac-address=48:2C:A0:68:F4:61 server=dhcp-wifi
add address=192.168.20.16 comment="Google Home Salon" mac-address=\
    48:D6:D5:7C:C6:36 server=dhcp-wifi
add address=192.168.20.15 comment="Google Home Mini Chambre Parents" \
    mac-address=20:DF:B9:1D:4C:E2 server=dhcp-wifi
add address=192.168.20.12 client-id=1:48:2c:a0:68:d8:39 comment="Mi A2 Phil" \
    mac-address=48:2C:A0:68:D8:39 server=dhcp-wifi
add address=192.168.0.189 client-id=1:4c:cc:6a:60:4b:fa comment=\
    "PC Soko: Brightwing" mac-address=4C:CC:6A:60:4B:FA server=dhcp_LAN
add address=192.168.0.188 client-id=1:18:31:bf:b1:b5:d2 comment=\
    "PC Logan: Worgounator" mac-address=18:31:BF:B1:B5:D2 server=dhcp_LAN
add address=192.168.20.11 client-id=1:58:ef:68:3e:53:26 comment=\
    "Caldenna RT Wifi" mac-address=58:EF:68:3E:53:26 server=dhcp-wifi
add address=192.168.20.10 client-id=1:94:b1:a:fd:69:76 comment=\
    "Galaxy A5 Phil" mac-address=94:B1:0A:FD:69:76 server=dhcp-wifi
add address=192.168.20.14 client-id=1:34:79:16:1f:2b:aa comment="Honor Logan" \
    mac-address=34:79:16:1F:2B:AA server=dhcp-wifi
add address=192.168.0.198 client-id=1:4c:cc:6a:46:d:9a comment=\
    "PC Phil: Crabboc" mac-address=4C:CC:6A:46:0D:9A server=dhcp_LAN
add address=192.168.20.18 client-id=1:48:2c:a0:6e:ac:db comment="Mi A2 Soko" \
    mac-address=48:2C:A0:6E:AC:DB server=dhcp-wifi
add address=192.168.0.186 client-id=1:18:31:bf:b1:b5:da comment=\
    "PC Nolwenn: Dren" mac-address=18:31:BF:B1:B5:DA server=dhcp_LAN
add address=192.168.0.50 comment="Imprimante Brother" mac-address=\
    30:05:5C:CF:48:C0 server=dhcp_LAN
add address=192.168.20.13 client-id=1:14:ab:c5:9d:82:d comment=\
    "PC Portable Travail Phil WIFI" mac-address=14:AB:C5:9D:82:0D server=\
    dhcp-wifi
add address=192.168.0.184 client-id=1:d4:81:d7:c4:3d:a4 comment=\
    "PC Portable Travail Phil" mac-address=D4:81:D7:C4:3D:A4 server=dhcp_LAN
add address=192.168.0.183 client-id=1:3c:a0:67:a7:af:d1 comment=\
    "PC Portable Nolwenn: Kibrille" mac-address=3C:A0:67:A7:AF:D1 server=\
    dhcp_LAN
add address=192.168.0.49 comment="Synology Bestiole" mac-address=\
    00:11:32:7E:3E:75 server=dhcp_LAN
/ip dhcp-server network
add address=192.168.0.0/24 comment="Serveur DHCP reseau LAN 192.168.0.0/24" \
    dns-server=8.8.8.8,192.168.1.1,89.2.0.1,89.2.0.2,8.8.4.4 gateway=\
    192.168.0.251 netmask=24
add address=192.168.10.0/24 comment=\
    "Serveur DHCP reseau invite 192.168.10.0/24" dns-server=\
    89.2.0.1,82.2.0.2,8.8.8.8,8.8.4.4 gateway=192.168.10.251 netmask=24
add address=192.168.20.0/24 comment="Serveur DHCP reseau Wifi" dns-server=\
    89.2.0.1,89.2.0.2,8.8.8.8,8.8.4.4 gateway=192.168.20.251 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.1.1,89.2.0.1,89.2.0.2,8.8.8.8
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=\
    all-vlan
add action=accept chain=prerouting dst-address=192.168.5.0/24 in-interface=\
    all-vlan
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=\
    ether3-wifi
add action=accept chain=prerouting dst-address=192.168.5.0/24 in-interface=\
    ether3-wifi
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether1-WAN1 new-connection-mark=WAN1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether2-WAN2 new-connection-mark=WAN2_conn
add action=mark-connection chain=prerouting comment="CRABBOC sur WAN1 FC" \
    connection-mark=no-mark dst-address-type=!local in-interface=all-vlan \
    new-connection-mark=WAN1_conn passthrough=yes src-address=192.168.0.198
add action=mark-connection chain=prerouting comment=\
    "Reseau wifi sur WAN2 Cable" connection-mark=no-mark dst-address-type=\
    !local in-interface=ether3-wifi new-connection-mark=WAN2_conn \
    passthrough=yes src-address=192.168.20.0/24 src-address-type=""
add action=mark-connection chain=prerouting comment=\
    "Reseau invite sur WAN2 Cable" connection-mark=no-mark dst-address-type=\
    !local in-interface=all-vlan new-connection-mark=WAN2_conn passthrough=\
    yes src-address=192.168.10.0/24
add action=mark-connection chain=prerouting comment=\
    "Bloc port WOW sur WAN1 FC" connection-mark=no-mark dst-address-type=\
    !local dst-port=1119-1120 in-interface=all-vlan new-connection-mark=\
    WAN1_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=1119-1120 in-interface=all-vlan \
    new-connection-mark=WAN1_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=3724 in-interface=all-vlan \
    new-connection-mark=WAN1_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=3724 in-interface=all-vlan \
    new-connection-mark=WAN1_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=4000 in-interface=all-vlan \
    new-connection-mark=WAN1_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=4000 in-interface=all-vlan \
    new-connection-mark=WAN1_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=6112-6114 in-interface=all-vlan \
    new-connection-mark=WAN1_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=6112-6114 in-interface=all-vlan \
    new-connection-mark=WAN1_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
    "HTTP et HTTPS sur WAN2 cable" connection-mark=no-mark dst-address-type=\
    !local dst-port=443 in-interface=all-vlan new-connection-mark=WAN2_conn \
    passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=80 in-interface=all-vlan \
    new-connection-mark=WAN2_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
    "Gestion du Load Balancing" connection-mark=no-mark dst-address-type=\
    !local in-interface=all-vlan new-connection-mark=WAN1_conn passthrough=\
    yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=all-vlan new-connection-mark=\
    WAN2_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment=\
    "Connexion WAN1_conn vers WAN1 FC" connection-mark=WAN1_conn \
    in-interface=all-vlan new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting comment=\
    "Connexion WAN2_conn vers WAN2 cable" connection-mark=WAN2_conn \
    dst-address-type="" in-interface=all-vlan new-routing-mark=to_WAN2 \
    passthrough=yes
add action=mark-routing chain=output comment=\
    "Connexion WAN1_conn vers WAN1 FC" connection-mark=WAN1_conn \
    new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output comment=\
    "Connexion WAN2_conn vers WAN2 cable" connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN1
add action=masquerade chain=srcnat out-interface=ether2-WAN2
/ip kid-control device
add mac-address=3C:A0:67:A7:AF:D1 name=Kibrille user=Nolwenn
add mac-address=18:31:BF:B1:B5:DA name=Dren user=Nolwenn
add mac-address=58:EF:68:3E:53:26 name=Caldenna user=Autres
add mac-address=18:31:BF:B1:B5:D2 name=Worgounator user=Logan
add mac-address=34:79:16:1F:2B:AA name=Honor user=Logan
add mac-address=48:2C:A0:68:F4:61 name=Mi-A2-Nolwenn user=Nolwenn
add mac-address=4C:CC:6A:60:4B:FA name=Brightwing user=Soko
add mac-address=48:2C:A0:6E:AC:DB name=Mi-A2-Soko user=Soko
add mac-address=48:D6:D5:7C:C6:36 name=Google-Home user=Autres
add mac-address=20:DF:B9:1D:4C:E2 name=Google-Home-Mini user=Autres
add mac-address=30:05:5C:CF:48:C0 name=Imp-Brother user=Autres
add mac-address=94:B1:0A:FD:69:76 name=Galaxy-A5 user=Phil
add mac-address=48:2C:A0:68:D8:39 name=Mi-A2-Phil user=Autres
add mac-address=00:11:32:7E:3E:75 name=Synology-Bestiole user=Autres
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.5.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=192.168.1.1
add check-gateway=ping distance=2 gateway=192.168.5.1
/ip route rule
add
/ip traffic-flow
set interfaces=ether1-WAN1
/lcd
set color-scheme=dark time-interval=hour
/lcd pin
set pin-number=1976
/system clock
set time-zone-name=Europe/Paris
/system console
set [ find ] disabled=yes
/system leds
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
set 4 disabled=yes
/system ntp client
set enabled=yes primary-ntp=134.214.100.6
2

  1. I’m not sure what src-address-type=“” may do, so use /ip firewall mangle unset [find in-interface~“ether3”] src-address-type to get rid of it.

  2. the mangle rule in chain=prerouting which assigns routing-mark to_WAN2 based on connection-mark WAN2_conn matches on in-interface=all-vlan, so it doesn’t match on packets which came in via ether3-wifi. So the easiest fix is to copy that rule and replace in-interface=all-vlan by in-interface=ether3-wifi in the copy.

3

Hello Sindy,

Thank for your help!
It’s works perfectlly now :smiley:
Thanks again!