Community discussions

Topic Author
Posts: 46
Joined: Sun Oct 16, 2016 10:56 pm

Mangle traffic from ethernet port in a bridge dedicated to WIFI AP

Wed Jul 31, 2019 10:52 am

I have connected the WiFi access point to one ethernet port (ether5) that is in the lan bridge "Bridge".
I want mark all connections from the AP (on ether5) to route all to a specified WAN.
/ip firewall mangle
add action=accept chain=prerouting comment="Accept da WAN1" dst-address=\
add action=accept chain=prerouting comment="Accept da WAN2" dst-address=\
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=WAN1 new-connection-mark=WAN1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=WAN2 new-connection-mark=WAN2 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=WAN1 in-interface=\
    bridge new-routing-mark=WAN1-mark passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2 in-interface=\
    bridge new-routing-mark=WAN2-mark passthrough=yes

add action=mark-connection chain=forward in-interface=WAN1 new-connection-mark=WAN1
add action=mark-connection chain=forward in-interface=WAN2 new-connection-mark=WAN2

when i add
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether9 new-connection-mark=WAN1 passthrough=yes
Mangle color the rule in red and give the message "use master-port bridge instead"

How can i have the ethernet AP in the LAN and mark all connections coming through this interface with WAN1?

Who is online

Users browsing this forum: No registered users and 67 guests