Hi,

Can anyone confirm that policy routing is working in 6.1?

I have tried the following with no success.

(I also tried adding a mark to the incoming WAN port though not sure if that's necessary as connections established from internal network initially).

ros code

/ip route
add distance=1 gateway=192.168.2.1 routing-mark=MainPC
	
/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=MainPCPacket \
    src-address=192.168.88.0/24
add action=mark-connection chain=prerouting new-connection-mark=MainPCConn \
    packet-mark=MainPCPacket
add action=mark-routing chain=prerouting connection-mark=MainPCConn \
    new-routing-mark=MainPC

Do it like this:

ros code

/ip firewall mangle
add chain=prerouting src-address=192.168.88.0/24 connection-mark=no-mark action=mark-connection new-connection-mark=MainPCConn
add chain=prerouting src-address=192.168.88.0/24 connection-mark=MainPCConn action=mark-routing new-routing-mark=MainPC

Thanks for the reply,

I have tried that and it's not working for me.

That is the only two mangle rules in place and just the one marked route active.

I can't ever get access unless there is an unmarked default route as well - which defeats the point of having a marked route.

Any other suggestions?

Compact export from newish install:

ros code

/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 name=ether5-slave-local

/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254

/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=ether2-master-local name=default

/ip address
add address=192.168.88.1/24 comment="default configuration" interface=ether2-master-local network=192.168.88.0

/ip dhcp-client
add add-default-route=no comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway

/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes

/ip dns static
add address=192.168.88.1 name=router

/ip firewall filter
add chain=input comment="default configuration -ping" protocol=icmp
add chain=input comment="default configuration est input" connection-state=established
add chain=input comment="default configuration related input" connection-state=related
add action=drop chain=input comment="default configuration - drop incoming eth1" in-interface=ether1-gateway
add chain=forward comment="default configuration est forward" connection-state=established
add chain=forward comment="default configuration related forward" connection-state=related
add action=drop chain=forward comment="default configuration invalid forward drop" connection-state=invalid

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local new-connection-mark=MainPCConn src-address=\
    192.168.88.0/24
add action=mark-routing chain=prerouting connection-mark=MainPCConn new-routing-mark=MainPC src-address=192.168.88.0/24

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway

/ip route
add distance=1 gateway=192.168.2.1 routing-mark=MainPC

You need to have a default route in the main routing table, the router itself uses that routing table, so a default route needs to be there.

What are you tring to achieve?

Im having same issue...my one marks the connection fine but when you check it still goes through default route even though its connection mark...output ...routingmark ...

It doesnt want to use that route. ANy ideas ??/ I have tried taking passthrough off but doesnt make any diffrence.

That setup was for initial testing of a LAN route mark. I need to route LAN traffic to one gateway and Wi-Fi to another.

Looking at this example will probably help me...

http://aacable.wordpress.com/2011/06/04 ... t-by-zaib/

I presume that if I follow that setup but adapt it by removing load balance that it may work?

Gary.