Hello everybody
I have a question related to mangle rules and Dual Wan, let me describe you my scenario: Currently I have a CR125-24G-15-RM, ports ether1 and ether2 are WAN however I do not need balance or failover, I just need to be able to access the router on WAN2 (ether2) and let people connect to the Internet on WAN1 (ether1)
I have the following mangle and route rules
/ip firewall mangle
add action=mark-connection chain=input comment=WAN1 in-interface=ether1-WAN1 \
new-connection-mark=MWAN1
add action=mark-routing chain=output connection-mark=MWAN1 new-routing-mark=\
RWAN1 passthrough=no
add action=mark-connection chain=forward comment=WAN1PF connection-state=new \
in-interface=ether1-WAN1 new-connection-mark=PFMWAN1
add action=mark-routing chain=prerouting connection-mark=PFMWAN1 \
in-interface=bridge-local new-routing-mark=RWAN1
add action=mark-connection chain=input comment=WAN2 in-interface=ether2-WAN2 \
new-connection-mark=MWAN2
add action=mark-routing chain=output connection-mark=MWAN2 new-routing-mark=\
RWAN2 passthrough=no
add action=mark-connection chain=forward comment=WAN2PF connection-state=new \
in-interface=ether2-WAN2 new-connection-mark=PFMWAN2
add action=mark-routing chain=prerouting connection-mark=PFMWAN2 \
in-interface=bridge-local new-routing-mark=RWAN2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN1
add action=masquerade chain=srcnat out-interface=ether2-WAN2
/ip route
add distance=1 gateway=ether1-WAN1 routing-mark=RWAN1
add distance=1 gateway=ether2-WAN2 routing-mark=RWAN2
add distance=1 gateway=192.168.1.1
add distance=2 gateway=200.100.100.12
So far so good, I'm able to access my router on WAN2 and people is using WAN1 for internet, however if I ssh onto the router and ping anything only the first packet will reach its destination, all subsequent packets fail
[admin@MikroTik] > ping 8.8.8.8
SEQ HOST SIZE TTL TIME STATUS
0 8.8.8.8 56 55 60ms
1 8.8.8.8 timeout
2 8.8.8.8 timeout
3 192.168.1.10 84 64 987ms host unreachable
sent=4 received=1 packet-loss=75% min-rtt=60ms avg-rtt=60ms max-rtt=60ms
I know I may be missing a rule or two on mangling or routing but I'm at loss know, any ideas?