Community discussions

MikroTik App
  4. RouterOS
  5. General

Problem - Source IP policy route (2 ASDL with Dynamic IP)

Post Reply
 
mwpmo
just joined
Topic Author
Posts: 17
Joined: Thu Sep 22, 2005 12:09 pm

Problem - Source IP policy route (2 ASDL with Dynamic IP)

Wed Oct 17, 2012 5:24 am

Source IP policy route for 2 ASDL WAN with Dynamic IP

I have 2 ADSL lines with Dynamic IP wish to setup Policy Route to let Group A PC to use WAN1 and let Group B PC to use WAN2.


Setting

ROS 5.21

WAN
WAN1 - ADSL with Dynamic IP
WAN2 - ADSL with Dynamic IP

"Add default Route" option in PPPoE setting was disabled.

I user script to capture the Dynamic IP address and save it to Address List WAN1_IP & WAN2_IP

LAN
Two Group of PC and Address List for each group GW1_IP & GW2_IP was Created
Address List - GW1_IP - 192.168.1.0XX
Address List - GW2_IP - 192.168.1.1XX
Code: Select all
/ip firewall address-list add list=GW1_IP address=192.168.1.011/32
....
/ip firewall address-list add list=GW1_IP address=192.168.1.150/32
/ip firewall address-list add list=GW2_IP address=192.168.1.011/32
....
/ip firewall address-list add list=GW2_IP address=192.168.1.150/32
Mangle

I use the following code and from the counter in WinBox I know that the correct routing mark was set.
Code: Select all
add action=mark-routing chain=prerouting comment=GW1 disabled=no \
    new-routing-mark=GW1 in-interface=LAN src-address-list=GW1_IP passthrough=yes
add action=mark-routing chain=prerouting comment=GW2 disabled=no \
    new-routing-mark=GW2 in-interface=LAN src-address-list=GW2_IP passthrough=yes
NAT
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat  routing-mark=GW1 disabled=no out-interface=WAN1
add action=masquerade chain=srcnat  routing-mark=GW2 disabled=no out-interface=WAN2
Route

I add two routes as follow, since I fon't have a fixed IP, so instead of gateway address, I just use use the gateway interface name.
Code: Select all
/ip route
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
    PCCW routing-mark=GW1 scope=30 target-scope=10
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
    WAN2 routing-mark=GW2 scope=30 target-scope=10

/ip route rule
add action=lookup disabled=no routing-mark=GW1 table=GW1
add action=lookup disabled=no routing-mark=GW2 table=GW2
======================

Problem

CANNOT connect to internet

Any hints?
Top
 
mcskiller
newbie
Posts: 40
Joined: Mon Feb 13, 2012 7:12 am
Location: Argentina
Contact:
Contact mcskiller

Re: Problem - Source IP policy route (2 ASDL with Dynamic IP

Wed Oct 17, 2012 5:51 am

Add a default route whitout mark and put passtrought = no in mangle rules

Enviado desde mi GT-I9100 usando Tapatalk 2
Top
 
mwpmo
just joined
Topic Author
Posts: 17
Joined: Thu Sep 22, 2005 12:09 pm

Re: Problem - Source IP policy route (2 ASDL with Dynamic IP

Wed Oct 17, 2012 6:17 am

Add a default route whitout mark and put passtrought = no in mangle rules

Enviado desde mi GT-I9100 usando Tapatalk 2
Tried to set "passthrought=no" and added a route without mark.

Still cannot connected to internet.

I need to disable all static route I set and enable "Add default route" in PPPoE page in order to connect to internet.

One more thing, the "Add default route" option besides adding dynamic route to "/ip route" page, it also add lines in "/ip nexthop".

But when I disable "Add default route" and use static route, nothing on nexthop page.
Top
 
mwpmo
just joined
Topic Author
Posts: 17
Joined: Thu Sep 22, 2005 12:09 pm

Re: Problem - Source IP policy route (2 ASDL with Dynamic IP

Thu Oct 18, 2012 4:20 pm

Any idea?
Top
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1075
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:
Contact Caci99

Re: Problem - Source IP policy route (2 ASDL with Dynamic IP

Sat Oct 20, 2012 1:09 pm

Code: Select all
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=GW1 passthrough=yes src-address-list=GW1_IP in-interface=LAN
add chain=prerouting connection-mark=GW1 action=mark-routing new-routing-mark=GW1 passthrough=no
add chain=prerouting action=mark-connection new-connection-mark=GW2 passthrough=yes src-address-list=GW2_IP in-interface=LAN
add chain=prerouting connection-mark=GW1 action=mark-routing new-routing-mark=GW1 passthrough=no
I added connection mark, because once the connection is marked, the routing mark will be applied to the whole connection, instead of inspecting every packet. This helps the CPU a little.
Code: Select all
/ip firewall nat
add chain=srcnat action=masquerade out-interface=pppoe-out1
add chain=srcnat action=masquerade out-interface=pppoe-out2

In the out-interface put the names you have assigned to your pppoe client interfaces
Code: Select all
/ip route
add dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=GW1
add dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=GW2
add dst-address=0.0.0.0/0 gateway=pppoe-out1
In the routing table, the last route serves to the router itself to reach the internet
Top
Post Reply

Who is online

Users browsing this forum: arm920t, mojojojo, pajapatak and 113 guests
  4. RouterOS
  5. General