Here is my configuration below:
Code: Select all
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.100.1 in-interface=LocalBridge
add action=accept chain=prerouting dst-address=192.168.1.1 in-interface=LocalBridge
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=01-Indihome new-connection-mark=Indihome_out
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=02-Higo new-connection-mark=Higo_out
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=!10.0.0.0/8 in-interface=LocalBridge new-connection-mark=Indihome_out passthrough=yes
add action=mark-connection chain=prerouting dst-address-list=priority in-interface=LocalBridge new-connection-mark=Higo_out
add action=mark-routing chain=prerouting connection-mark=Higo_out in-interface=LocalBridge new-routing-mark=r_higo passthrough=yes
add action=mark-routing chain=prerouting connection-mark=Indihome_out in-interface=LocalBridge new-routing-mark=r_indihome passthrough=yes routing-mark=r_indihome
add action=mark-routing chain=output connection-mark=Higo_out new-routing-mark=r_higo passthrough=yes
add action=mark-routing chain=output connection-mark=Indihome_out new-routing-mark=r_indihome passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=01-Indihome
add action=masquerade chain=srcnat out-interface=02-Higo
/ip route
add check-gateway=ping distance=3 gateway=192.168.1.1 routing-mark=r_indihome
add check-gateway=ping distance=3 gateway=192.168.100.1 routing-mark=r_higo
/ip dhcp-client
add default-route-distance=250 disabled=no interface=01-Indihome use-peer-dns=no use-peer-ntp=no
add add-default-route=no disabled=no interface=02-Higo use-peer-dns=no use-peer-ntp=no
/ip firewall address-list
add address=104.21.69.162/24 list=priority
My PC is at 10.12.2.14, and I tried to ping 104.21.69.162. When it couldn't get through, I tried to look at packet sniffer.
It seems, that the packet correctly forrwarded to 192.168.100.3, then sent through 192.168.100.1. But when 104.21.69.162 replied, the packet only reached 192.168.100.3, and then discarded.
Similar thing happened with 01-Indihome. If I didn't put any default route, I couldn't reach internet at all. Anything with routing mark simply didn't work for the reply.
Actually, my goal is very simple. I need 01-Indihome to be the default gateway, except for priority addresses which have to go through 02-Higo.
Is there anything I missed from my configuration?
Thank you for your help.