I'm trying to follow this piece of documentation about WAN failover.
High level overview:
- Masquerade is set up on the WAN interfaces
- Mangle routes are setup up on the output chain which mark new connection with a connmark depending on the output interface, and mark connections with a routing mark dependinding on the connmark
- Routes are set up to be resolved recursively, to allow for pinging an arbitrary host (this I intend to skip - I will use a custom script for link quality measurement); there's no default route in the main routing table
- Except for IPsec packages, packages from the LAN interface won't go through the output chain
- How are connections assigned to the two different WANs? The mangle rules filter on the output interface - so how is that decided in the first place since there is no default route in the main routing table?
My impression is that if I were to replicate this setup, packets would simply be dropped as no matching route would be found in the main routing table (default routes are only present in the to_ISPx tables).
Am I missing something?