Hello,
Can the router be forced to use a specific WAN to reach the internet? I have ECMP load balancing configured with 2 ISPs (WAN2/WAN3) and a 3rd one (WAN1) which provides several static public IP addresses and I'm using that ISP for specific tasks as shown below in the mangle firewall rules.
I know how to force a specific src-address or destination to use a specific WAN via mark routing but I don't know how to apply that on the router itself.
Here's my related config:
I tried unchecking the passthrough box in WAN1 output mangle rule as someone has suggested but the router still uses WAN1/WAN2.
Can the router be forced to use a specific WAN to reach the internet? I have ECMP load balancing configured with 2 ISPs (WAN2/WAN3) and a 3rd one (WAN1) which provides several static public IP addresses and I'm using that ISP for specific tasks as shown below in the mangle firewall rules.
I know how to force a specific src-address or destination to use a specific WAN via mark routing but I don't know how to apply that on the router itself.
Here's my related config:
Code:
/routing tableadd fib name=to_WAN1add fib name=to_WAN2add fib name=to_WAN3/ip firewall mangleadd action=mark-connection chain=input comment="ECMP mrk-conn" connection-mark=\ no-mark connection-state=new in-interface=WAN1-br new-connection-mark=\ WAN1_conn passthrough=yesadd action=mark-connection chain=input connection-mark=no-mark \ connection-state=new in-interface=WAN2-br new-connection-mark=WAN2_conn \ passthrough=yesadd action=mark-connection chain=input connection-mark=no-mark \ connection-state=new in-interface=WAN3-br new-connection-mark=WAN3_conn \ passthrough=yesadd action=mark-routing chain=output comment="ECMP output" connection-mark=\ WAN1_conn new-routing-mark=to_WAN1 passthrough=yesadd action=mark-routing chain=output connection-mark=WAN2_conn \ new-routing-mark=to_WAN2 passthrough=yesadd action=mark-routing chain=output connection-mark=WAN3_conn \ new-routing-mark=to_WAN3 passthrough=yesadd action=mark-connection chain=prerouting comment="local server via WAN1" \ connection-mark=no-mark connection-state=new dst-address-type=!local \ new-connection-mark=ls_conn passthrough=yes src-address=10.30.1.2add action=mark-routing chain=prerouting connection-mark=ls_conn \ new-routing-mark=to_WAN1 passthrough=no src-address=10.30.1.2add action=mark-connection chain=prerouting comment="Gaming via WAN1" \ connection-mark=no-mark dst-address-type=\ !local dst-address-list=Gaming in-interface-list=LAN \ new-connection-mark=Gaming_conn passthrough=yes \ src-address-list=LANadd action=mark-routing chain=prerouting connection-mark=Gaming_conn \ in-interface-list=LAN new-routing-mark=to_WAN1 passthrough=no \ src-address-list=LAN/ip firewall natadd action=src-nat chain=srcnat comment="home public ip" \ out-interface=WAN1-br src-address-list=Home to-addresses=x.x.x.xadd action=src-nat chain=srcnat comment="all public ip" \ out-interface=WAN1-br to-addresses=x.x.x.xadd action=masquerade chain=srcnat comment="WAN2 masquerade" out-interface=\ WAN2-bradd action=masquerade chain=srcnat comment="WAN3 masquerade" out-interface=\ WAN3-br/ip routeadd comment=WAN2 disabled=no distance=1 dst-address=8.8.8.8/32 gateway=\ x.x.x.x pref-src="" routing-table=main scope=30 \ suppress-hw-offload=no target-scope=10add check-gateway=ping comment=WAN2 disabled=no distance=1 dst-address=\ 0.0.0.0/0 gateway=8.8.8.8 pref-src="" routing-table=main scope=30 \ suppress-hw-offload=no target-scope=30add check-gateway=ping comment=WAN2 disabled=no distance=1 dst-address=\ 0.0.0.0/0 gateway=8.8.8.8 pref-src="" routing-table=to_WAN2 scope=30 \ suppress-hw-offload=no target-scope=30add comment=WAN3 disabled=no distance=1 dst-address=8.8.4.4/32 gateway=\ x.x.x.x pref-src="" routing-table=main scope=30 \ suppress-hw-offload=no target-scope=10add check-gateway=ping comment=WAN3 disabled=no distance=1 dst-address=\ 0.0.0.0/0 gateway=8.8.4.4 pref-src="" routing-table=main scope=30 \ suppress-hw-offload=no target-scope=30add check-gateway=ping comment=WAN3 disabled=no distance=1 dst-address=\ 0.0.0.0/0 gateway=8.8.4.4 pref-src="" routing-table=to_WAN3 scope=30 \ suppress-hw-offload=no target-scope=30add comment=WAN1 disabled=no distance=1 dst-address=9.9.9.9/32 gateway=\ x.x.x.x pref-src="" routing-table=main scope=30 suppress-hw-offload=no \ target-scope=10add check-gateway=ping comment=WAN1 disabled=no distance=3 dst-address=\ 0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=main scope=30 \ suppress-hw-offload=no target-scope=30add check-gateway=ping comment=WAN1 disabled=no distance=1 dst-address=\ 0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=to_WAN1 scope=30 \ suppress-hw-offload=no target-scope=30Statistics: Posted by Hyunckel — Mon Jan 01, 2024 6:38 am