1. Suggest remove these unless you can justify with purpose....
/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes
2. Why do you have fast forward=no for the normal bridge settings? ( Does it interfere with hotspot function?)
3. Missing route for modem2 table main................
/ip route
add distance=2 dst-address=0.0.0.0/0 \
gateway=pppoe-out1 routing-table=main scope=30
add distance=4 dst-address=0.0.0.0/0 \
gateway=192.168.2.1 routing-table=main
add comment="Fiber Route" dst-address=0.0.0.0/0 gateway=\
pppoe-out1 routing-table=fiber_route
add comment="Modem Route" dst-address=0.0.0.0/0 \
gateway=192.168.2.1 routing-table=modem_route
MANGLING............
I understand the first rule which basically states for any user connecting to login gateway, allow this connection to occur.
I presume because you failed to provide any requirements information..........
one cannot makes heads or tails of what you are trying to do after that.........
Normally, forgetting hotspot, one would use three subnets, trusted, iot, guest and make them VLANS.
Or if you need to identify three different groups of users within a single subnet, not as easy, via source-address-lists.
One can easily work with address lists, or subnets, or interfaces,,,,,,,,,,,,not sure what you are doing or how hotspot is involved.
Also one does not mangle and use routing rules unless one is very skilled as results may not be as expected.
Mangled traffic ignores routing rules for example.
'
In summary, without a detailed set of requirements on how the two WANS are to be used as would be described in requirements
(including primary secondary, or failover or load balancing, plus any vpns, or any port forwarding explained, not much more I can offer )
1 and 2. i want bridge device to go through firewall that why added following code (although removing them won't affect hotspot)
/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes
3. I do not know are you trying to tell, i am not talking about vlan or separate network, this is all about, routing policy rule, i do not want modem as main route, modem_user>modem_route specified in routing policy rule
- in iot_user case routing policy rule working
- in modem_user and fiber_user routing policy rule not working
why i want to achieve this?
reason 1: because, this is confusing me, why iot_user works and others don't
reason 2: because, mangle doesn't have [lookup-only-in-table] which is why it fall back to main, mangle default behavior is [lookup]
my requirement is: i want some user to go through modem, some through fiber based on hotspot user profile packet marking, out could be modem,fiber,vpn etc.
I just want to know why different behavior for same identical mangle rule coming from preroute with IP and with packet marking? why one is respecting routing policy rule, other not?
how to achieve [lookup-only-in-table] with mangle if routing policy is ignored?
I can still achieve by dropping with filter rule and mangle, but still question is why routing policy rule ignored? Is this a bug? Or intentional?