I need to send all the lan traffic… 192168.0.11-254 trhought the PPPoe connection.
I tried just using 0.0.0.0/0 with two gateways, but users can’t get to the exchange server from the outside.
I tried using Mangle and setting the router on a per ip basis, but then nothing works.
what is the right way to do this.
I really would like to have all traffic for web browsing and anything else to go throught the PPPoe connection, and only traffic in and out of the exchange server to go though my other ISP. See JPG
where 111.111.111.111 is your another public ip gateway.
also, you need to take care about incoming packets in order to send that back where come from in case there are incoming connections from both connections, check following articles to understand why :
in your case 192.168.1.10 and public ip 111.111.111.111 is special case, all other may go using main route. That for you need to mark all incoming traffic on that interface and to send back using same interface. Also, you need to mark all trafic from 192.168.1.10 to same inerface.
if 111.111.111.111 is on interface wan2 and gateway is 111.111.111.1
last one probably exists already, don’t need to made again but I have added that because don’t understand how your users lost connection to internet then.
srcnat or masquerade shall exists on both interfaces
try to replace this :
/ ip firewall mangle
add chain=input in-interface=wan2 action=mark-connection new-connection-mark=wan2_conn
add chain=output connection-mark=wan2_conn action=mark-routing new-routing-mark=to_wan2
add chain=output src-address=192.168.0.10 action=mark-routing new-routing-mark=to_wan2
with this :
/ ip firewall mangle
add chain=input in-interface=wan2 action=mark-connection new-connection-mark=wan2_conn
add chain=input src-address=192.168.0.10 action=mark-connection new-connection-mark=wan2_conn
add chain=output connection-mark=wan2_conn action=mark-routing new-routing-mark=to_wan2
after that monitor connections and see what happen with wan2_conn.
do you have sec-nat or masquerade on 111.111.111.111 ? check ping and if necessary remove “check-gateway=ping” on this interface.
I am not sure what is wrong on your configuration but if you understand packet flow and why you need to mark connection would not be hard to made that working. Just keep in mind that all by default need to go to 192.168.25.1 and packets “to_wan2” need to go to 111.111.111.111. Also, keep in mind that connections coming from wan2 need to be marked and sent back using same interface.
just debug situation. Open winbox and go to IP → Firewall → Connections
and there watch what happen with your connections from 192.168.1.10
In same window watch incomming connections to public IP supposed to be forwarded to 192.168.1.10 and outgoing connections. All of them shall have connecton mark “wan2_conn”. If this is not, then you need to check where you lost mark. If this connection mark exists and packets still leaving using 192.168.25.1 problem is in routing.
