Our network gateway router has two wan Ethernet interfaces and a lan interface. All internet data from the lan is masqueraded to the default routes (wan1 wan2)
but wan2 gateway route requires a routing mark.
chain=srcnat action=masquerade src-address=10.0.0.0/8
Routing marks are simply added by mangle rules that match to IP addresses from LAN
chain=prerouting action=mark-routing new-routing-mark=Even passthrough=no src-address=10.0.0.22
However since wan2 will only route data to the internet that has a packet mark the router itself cannot respond to ping requests etc from the internet from wan2 (the reply from the MT will not go out through wan2 because the reply packets lack routing marks)
In 2.9.51 you could have a mangle rule:
which would catch all data destined to go out wan2 and ensure it had the correct routing mark to be routed out the wan2 gateway. With this enabled in v2.9.51 the router could respond to requests perfectly on wan2.
chain=forward action=mark-routing new-routing-mark=Even passthrough=no out-interface=WAN2 dst-address=0.0.0.0/0
when upgrading to 3.6 all existing mangle rules (in fact all other settings) were imported etc but the above mangle rule from 2.9.51 was missing. So I tried to enter it manually to the newly upgraded 3.6 and...
Is this a bug? or is it now by v3 design that we can no longer catch outgoing interfaces and apply routing marks so that they leave (routed) through the correct Ethernet interface.
[admin@MTKROUTER] /ip firewall mangle> add chain=forward action=mark-routing new-routing-mark=Even passthrough=no out-interface=WAN2 dst-address=0.0.0.0/0 failure: routing-mark allowed only in output and prerouting chains [admin@MTKROUTER] /ip firewall mangle>
I have tried many different workarounds in the last 24hrs, including other mangle rules to mark packets followed by another mangle rule to get those marked packets and mark the routing on them. So far no success.