this simple mark packet and routing wont work

RouterOS General
1

Hello. This is my first post. Nice to meet you all.

i’m facing with this strange thing and can’t imagine why the following rule doesn’t working.

basic info:
i have public interface.

  1. telkom1
  2. telkom2
  3. telkom3

i have 1 default route rule and 3 route rules with routing mark.

Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 A S  dst-address=0.0.0.0/0 gateway=telkom3 gateway-status=telkom3 reachable distance=20 
        scope=30 target-scope=10 routing-mark=route3 

 1 A S  dst-address=0.0.0.0/0 gateway=telkom1 gateway-status=telkom1 reachable distance=20 
        scope=30 target-scope=10 routing-mark=route1 

 3 A S  dst-address=0.0.0.0/0 gateway=telkom2 gateway-status=telkom2 reachable distance=20 
        scope=30 target-scope=10 routing-mark=route2 

 4 A S  ;;; Default Route
        dst-address=0.0.0.0/0 gateway=telkom2 gateway-status=telkom2 reachable distance=1 
        scope=30 target-scope=10

and i had the following mangle rules

Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; INPUT active
      chain=input action=mark-packet new-packet-mark=telkom1 passthrough=yes 
      in-interface=telkom1 log=no log-prefix="" 

 1    chain=input action=mark-packet new-packet-mark=telkom2 passthrough=yes 
      in-interface=telkom2 log=no log-prefix="" 

 2    chain=input action=mark-packet new-packet-mark=telkom3 passthrough=yes 
      in-interface=telkom3 log=no log-prefix="" 

 3    ;;; OUTPUT active
      chain=output action=mark-routing new-routing-mark=telkom1 passthrough=yes 
      packet-mark=telkom1 log=no log-prefix="" 

 4    chain=output action=mark-routing new-routing-mark=telkom2 passthrough=yes 
      packet-mark=telkom2 log=no log-prefix="" 

 5    chain=output action=mark-routing new-routing-mark=telkom3 passthrough=yes 
      packet-mark=telkom3 log=no log-prefix=""

explanation:
rule#0~2
catch input packet to telkom1 interface and marking as “telkom1” and so on.

rule#3~5
create PBR for packet that have been marked through several public interface telkom1,telkom2 and telkom3.

problem was:

  1. PBR doesn’t working. tried to access server web by open ip that owned by interface telkom3.
  2. i saw on input chain, bytes and packet are show the counting number, but on output rule doesn’t

ask:
please help what rules are wrong?

thank you very much.

2

Anyone help me please.

3

You need to use connection-marks instead of packet-marks, it is the outgoing packet (as part of a connection) you wanna mark for routing.

4

thanks Psamsig for your reply.

i tried to change the marking to connection mark, but no packets and bytes are counted on mark routing rules.
any solution?

thanks.

5

This may help you in the right direction:

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=telkom1 new-connection-mark=telkom1 \
    passthrough=no
add action=mark-routing chain=output connection-mark=telkom1 \
    new-routing-mark=route1 passthrough=no

add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=telkom2 new-connection-mark=telkom2 \
    passthrough=no
add action=mark-routing chain=output connection-mark=telkom2 \
    new-routing-mark=route2 passthrough=no

add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=telkom3 new-connection-mark=telkom3 \
    passthrough=no
add action=mark-routing chain=output connection-mark=telkom3 \
    new-routing-mark=route3 passthrough=no
6

it is still doesn’t working. bytes and packets still not counted. :frowning:

i will test v5.xx for this case to make sure nothing made wrong on rules, previously it was worked on v5.xx.