I am going to the point:
I want that one IPs go throught wan1(default) others wan2. These Ips are clients IP which get Ip from pppoe server.
I search in mikrotik wiki and forum. Theoricaly, it is easy: only mark connections and route and create route with mark route.....I must be the most stupid of the group. I have not gotten it to work.
Initially I thought my situation was simpler ... wrong
What happen? When I mark IPs to go out through wan2 those IPs do not get out internet connection
My simplified code:
Previous note: wan2 is ether11 with the IP 192.168.1.200, wan1 is a vlan
ONLY I created a routing mark to wan2, wan1 without routing mark (maybe does it the problem?)
I disabled all drop firewall rules
Has the same thing happened to someone?
Code: Select all
set rp-filter=strict tcp-syncookies=yes
add distance=1 gateway=192.168.1.1 routing-mark=to-wan2
add distance=1 gateway=10.32.0.121
add distance=3 gateway=192.168.1.1
##Also I added:
[add distance=1 dst-address=150.x.x.171/32 gateway=<pppoe-user12345> pref-src=10.205.255.6 routing-mark=to-wan2 scope=10]
/ip firewall mangle
add action=mark-connection chain=input connection-mark=no-mark in-interface=ether11 log=yes log-prefix=M-CON-in new-connection-mark=to-wan2-conn passthrough=no
add action=mark-routing chain=output connection-mark=to-wan2-conn log=yes log-prefix=outm new-routing-mark=to-wan2 passthrough=no
add action=mark-routing chain=output log=yes log-prefix=out-wan2 new-routing-mark=to-wan2 passthrough=no src-address=192.168.1.200
add action=mark-connection chain=prerouting comment=PROBE connection-mark=no-mark disabled=yes log=yes log-prefix=WAN2-conn new-connection-mark=\
WAN2-conn passthrough=yes src-address=150.X.X.171
add action=mark-routing chain=prerouting comment=PROBE connection-mark=WAN2-conn disabled=yes log=yes log-prefix=WAN2-conn new-routing-mark=to-wan2 passthrough=no
/ip firewall nat
add action=src-nat chain=srcnat comment="WAN2" out-interface=ether11 to-addresses=192.168.1.200
I appreciate any help.