Community discussions

MikroTik App
  4. RouterOS
  5. General

Route to different range over same interface

Post Reply
 
foamz
newbie
Topic Author
Posts: 27
Joined: Sun Jan 03, 2010 2:38 pm
Location: Knysna, South Africa
Contact:
Contact foamz

Route to different range over same interface

Mon Jun 20, 2011 1:08 pm

I have 2 network ranges on one interface, one for users and the other as management IP's.
On MT have ether3 assigned for both 10.0.15.170/21 (for users) and 192.168.20.0/24 (management). I just want the users to be able to reach the management range through Mikrotik.
I'm also doing PCC load balancing, not sure if its that interfering, but I've even tried disabling everything with PCC without any luck.
Here is my config:
Code: Select all
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic 
 0   address=10.0.15.170/21 network=10.0.8.0 interface=ether3 actual-interface=ether3 

 1   address=192.168.50.67/24 network=192.168.50.0 interface=ether1 actual-interface=ether1 

 2   address=192.168.20.8/24 network=192.168.20.0 interface=ether3 actual-interface=ether3 

 3   address=172.16.0.30/24 network=172.16.0.0 interface=ether4 actual-interface=ether4 

 4 D address=192.168.44.100/24 network=192.168.44.0 interface=vlan154 actual-interface=vlan154 

 5 D address=192.168.43.101/24 network=192.168.43.0 interface=vlan153 actual-interface=vlan153 

 6 D address=192.168.41.101/24 network=192.168.41.0 interface=vlan151 actual-interface=vlan151
Code: Select all
[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 A S  ;;; Static Route - WAN1
        dst-address=0.0.0.0/0 gateway=192.168.41.254 gateway-status=192.168.41.254 reachable vlan151 check-gateway=arp distance=1 scope=30 target-scope=10 
        routing-mark=static-wan1 

 1 A S  ;;; Static Route - WAN2
        dst-address=0.0.0.0/0 gateway=192.168.43.254 gateway-status=192.168.43.254 reachable vlan153 check-gateway=arp distance=2 scope=30 target-scope=10 
        routing-mark=static-wan2 

 2 A S  ;;; Static Route - WAN3
        dst-address=0.0.0.0/0 gateway=192.168.44.254 gateway-status=192.168.44.254 reachable vlan154 check-gateway=arp distance=3 scope=30 target-scope=10 
        routing-mark=static-wan3 

 3 A S  ;;; WAN 1  - Distance 1
        dst-address=0.0.0.0/0 gateway=192.168.41.254 gateway-status=192.168.41.254 reachable vlan151 check-gateway=ping distance=1 scope=30 target-scope=10 
        routing-mark=wan1 

 4   S  ;;; WAN 1  - Distance 2
        dst-address=0.0.0.0/0 gateway=192.168.43.254 gateway-status=192.168.43.254 reachable vlan153 check-gateway=arp distance=2 scope=30 target-scope=10 
        routing-mark=wan1 

 5   S  ;;; WAN 1  - Distance 3
        dst-address=0.0.0.0/0 gateway=192.168.44.254 gateway-status=192.168.44.254 reachable vlan154 check-gateway=arp distance=3 scope=30 target-scope=10 
        routing-mark=wan1 

 6 A S  ;;; WAN 2  - Distance 1
        dst-address=0.0.0.0/0 gateway=192.168.43.254 gateway-status=192.168.43.254 reachable vlan153 check-gateway=ping distance=1 scope=30 target-scope=10 
        routing-mark=wan2 

 7   S  ;;; WAN 2  - Distance 2
        dst-address=0.0.0.0/0 gateway=192.168.44.254 gateway-status=192.168.44.254 reachable vlan154 check-gateway=arp distance=2 scope=30 target-scope=10 
        routing-mark=wan2 

 8   S  ;;; WAN 2  - Distance 3
        dst-address=0.0.0.0/0 gateway=192.168.41.254 gateway-status=192.168.41.254 reachable vlan151 check-gateway=arp distance=3 scope=30 target-scope=10 
        routing-mark=wan2 

 9 A S  ;;; WAN 3  - Distance 1
        dst-address=0.0.0.0/0 gateway=192.168.44.254 gateway-status=192.168.44.254 reachable vlan154 check-gateway=ping distance=1 scope=30 target-scope=10 
        routing-mark=wan3 

10   S  ;;; WAN 3  - Distance 2
        dst-address=0.0.0.0/0 gateway=192.168.41.254 gateway-status=192.168.41.254 reachable vlan151 check-gateway=arp distance=2 scope=30 target-scope=10 
        routing-mark=wan3 

11   S  ;;; WAN 3  - Distance 3
        dst-address=0.0.0.0/0 gateway=192.168.43.254 gateway-status=192.168.43.254 reachable vlan153 check-gateway=arp distance=3 scope=30 target-scope=10 
        routing-mark=wan3 

12 A S  ;;; Default Route - Distance 1
        dst-address=0.0.0.0/0 gateway=192.168.41.254 gateway-status=192.168.41.254 reachable vlan151 check-gateway=arp distance=1 scope=30 target-scope=10 

13  DS  dst-address=0.0.0.0/0 gateway=192.168.43.254 gateway-status=192.168.43.254 reachable vlan153 distance=1 scope=30 target-scope=10 vrf-interface=vlan153 

14  DS  dst-address=0.0.0.0/0 gateway=192.168.41.254 gateway-status=192.168.41.254 reachable vlan151 distance=1 scope=30 target-scope=10 vrf-interface=vlan151 

15  DS  dst-address=0.0.0.0/0 gateway=192.168.44.254 gateway-status=192.168.44.254 reachable vlan154 distance=1 scope=30 target-scope=10 vrf-interface=vlan154 

16   S  ;;; Default Route - Distance 3
        dst-address=0.0.0.0/0 gateway=192.168.43.254 gateway-status=192.168.43.254 reachable vlan153 check-gateway=arp distance=2 scope=30 target-scope=10 

17   S  ;;; Default Route - Distance 2
        dst-address=0.0.0.0/0 gateway=192.168.44.251 gateway-status=192.168.44.251 unreachable check-gateway=arp distance=3 scope=30 target-scope=10 

18 ADC  dst-address=10.0.8.0/21 pref-src=10.0.15.170 gateway=ether3 gateway-status=ether3 reachable distance=0 scope=10 

19 ADC  dst-address=172.16.0.0/24 pref-src=172.16.0.30 gateway=ether4 gateway-status=ether4 reachable distance=0 scope=10 

20 ADC  dst-address=192.168.20.0/24 pref-src=192.168.20.8 gateway=ether3 gateway-status=ether3 reachable distance=0 scope=10 

21 ADC  dst-address=192.168.41.0/24 pref-src=192.168.41.101 gateway=vlan151 gateway-status=vlan151 reachable distance=0 scope=10 

22 ADC  dst-address=192.168.43.0/24 pref-src=192.168.43.101 gateway=vlan153 gateway-status=vlan153 reachable distance=0 scope=10 

23 ADC  dst-address=192.168.44.0/24 pref-src=192.168.44.100 gateway=vlan154 gateway-status=vlan154 reachable distance=0 scope=10 

24 ADC  dst-address=192.168.50.0/24 pref-src=192.168.50.67 gateway=ether1 gateway-status=ether1 reachable distance=0 scope=10
Code: Select all
[admin@MikroTik] > /ip firewall export
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
    tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall mangle
add action=accept chain=prerouting disabled=no
add action=mark-connection chain=input comment="Mark new inbound connection wan1" connection-state=new disabled=no in-interface=vlan151 new-connection-mark=wan1 \
    passthrough=yes
add action=mark-connection chain=input comment="Mark new inbound connection wan2" connection-state=new disabled=no in-interface=vlan153 new-connection-mark=wan2 \
    passthrough=yes
add action=mark-connection chain=input comment="Mark new inbound connection wan3" connection-state=new disabled=no in-interface=vlan154 new-connection-mark=wan3 \
    passthrough=yes
add action=mark-connection chain=prerouting comment="Mark established inbound connection wan1" connection-state=established disabled=no in-interface=vlan151 \
    new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark established inbound connection wan2" connection-state=established disabled=no in-interface=vlan153 \
    new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark established inbound connection wan3" connection-state=established disabled=no in-interface=vlan154 \
    new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark related inbound connection wan1" connection-state=related disabled=no in-interface=vlan151 \
    new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark related inbound connection wan2" connection-state=related disabled=no in-interface=vlan153 \
    new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark related inbound connection wan3" connection-state=related disabled=no in-interface=vlan154 \
    new-connection-mark=wan3 passthrough=yes
add action=mark-routing chain=output comment="Mark new inbound route wan1" connection-mark=wan1 disabled=no new-routing-mark=static-wan1 passthrough=no
add action=mark-routing chain=output comment="Mark new inbound route wan2" connection-mark=wan2 disabled=no new-routing-mark=static-wan2 passthrough=no
add action=mark-routing chain=output comment="Mark new inbound route wan3" connection-mark=wan3 disabled=no new-routing-mark=static-wan3 passthrough=no
add action=mark-connection chain=prerouting comment="Mark traffic that isn't local with PCC mark rand (3 possibilities) - option 1" connection-state=new disa
    no dst-address-type=!local in-interface=ether3 new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting comment="Mark traffic that isn't local with PCC mark rand (3 possibilities) - option 2" connection-state=new disa
    no dst-address-type=!local in-interface=ether3 new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting comment="Mark traffic that isn't local with PCC mark rand (3 possibilities) - option 3" connection-state=new disa
    no dst-address-type=!local in-interface=ether3 new-connection-mark=wan3_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/2
add action=mark-connection chain=prerouting comment="Mark established traffic that isn't local with PCC mark rand (3 possibilities) - option 1" connection-st
    established disabled=no dst-address-type=!local in-interface=ether3 new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=\
    both-addresses:3/0
add action=mark-connection chain=prerouting comment="Mark established traffic that isn't local with PCC mark rand (3 possibilities) - option 2" connection-st
    established disabled=no dst-address-type=!local in-interface=ether3 new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=\
    both-addresses:3/1
add action=mark-connection chain=prerouting comment="Mark established traffic that isn't local with PCC mark rand (3 possibilities) - option 3" connection-st
    established disabled=no dst-address-type=!local in-interface=ether3 new-connection-mark=wan3_pcc_conn passthrough=yes per-connection-classifier=\
    both-addresses:3/2
add action=mark-connection chain=prerouting comment="Mark related traffic that isn't local with PCC mark rand (3 possibilities) - option 1" connection-state=
    related disabled=no dst-address-type=!local in-interface=ether3 new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresse
add action=mark-connection chain=prerouting comment="Mark related traffic that isn't local with PCC mark rand (3 possibilities) - option 2" connection-state=
    related disabled=no dst-address-type=!local in-interface=ether3 new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresse
add action=mark-connection chain=prerouting comment="Mark related traffic that isn't local with PCC mark rand (3 possibilities) - option 3" connection-state=
    related disabled=no dst-address-type=!local in-interface=ether3 new-connection-mark=wan3_pcc_conn passthrough=yes per-connection-classifier=both-addresse
add action=mark-routing chain=prerouting comment="Mark routing for  PCC mark - option 1" connection-mark=wan1_pcc_conn disabled=no new-routing-mark=wan1 \
    passthrough=yes
add action=mark-routing chain=prerouting comment="Mark routing for  PCC mark - option 2" connection-mark=wan2_pcc_conn disabled=no new-routing-mark=wan2 \
    passthrough=yes
add action=mark-routing chain=prerouting comment="Mark routing for  PCC mark - option 3" connection-mark=wan3_pcc_conn disabled=no new-routing-mark=wan3 \
    passthrough=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=yes src-address=10.0.8.0/21
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=no out-interface=vlan151
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=no out-interface=vlan153
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=no out-interface=vlan154
add action=masquerade chain=srcnat disabled=no out-interface=ether1
Any ideas will be helpful
Top
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: Route to different range over same interface

Mon Jun 20, 2011 4:26 pm

Add in an accept rule for local subnets before your PCC rules that you don't want load balanced, this includes WAN and LAN subnets. The PCC manual includes these rules.
Top
Post Reply

Who is online

Users browsing this forum: benbgg, genesispro, glushkoo, homerouter, jamesperks, patrikg, sebi099, Valerio5000 and 129 guests
  4. RouterOS
  5. General