add route for 1 host

manolo · September 13, 2012, 11:43am

is it possibile to add route in mikrotik router1 for one host?

scenario:
PC’s
IP over dhcp 192.168.1.100-254/24
GW 192.168.1.1

Mikrotik router1 have 3 intreface
IP 192.168.1.1/24
192.168.10.1/24
192.168.100.1/24
route list
AS 0.0.0.0/0 GW 192.168.1.37
DAC 192.168.10.0/24
DAC 192.168.100.0/24

router2 SDSL internet
IP 192.168.1.37

router3 ADSL internet
IP 192.168.1.59

how to make PC with 192.168.1.150/GW192.168.1.1 use router2 as gateway over router1?

TX
m

tws101 · September 13, 2012, 2:23pm

Yes

IP Firewall Mangle
Action=Routing Mark specify source IP

IP Routes
add route distance 1 to other router for 0.0.0.0/0 then require the routing mark.

manolo · September 14, 2012, 11:56am

I understand what You mean, but need help how to… there is too many fields

Uploaded with ImageShack.us

tx

tws101 · September 14, 2012, 5:06pm

IP Firewall Mangle
Chain=prerouting put in the source IP address go to action tab Mark routing Insert name of routing mark (Make a name up)

Ip route
distance=1 dst-address=0.0.0.0/0 gateway="Ip of destination router) routing-mark=“The name you made up in the first rule” pref-src=0.0.0.0 scope=30 target-scope=10

manolo · September 19, 2012, 8:01am

Thank You tws101
it works

manolo · September 19, 2012, 9:25am

no, it is not OK
after adding IP firewall mangle and ip route, router don’t use routing table for added source to other interfaces on different subnets and added static routes to other routers

tws101 · September 19, 2012, 2:14pm

I don’t understand what you mean. The default behavior is if no route with the mark is present it will use the main routing table.

manolo · September 20, 2012, 6:19am

I like to make that host manuel (192.168.101.48) use routing table, and if no destination then use gateway 192.168.1.59 instead 192.168.1.37

[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 0.0.0.0 192.168.1.59 1
1 X S 0.0.0.0/0 0.0.0.0 192.168.1.59 1
2 A S 0.0.0.0/0 192.168.1.37 1
3 A S 10.113.64.0/24 192.168.1.3 1
4 A S 10.114.64.0/24 192.168.1.3 1
5 A S ;;; Balestra, dorada
167.10.0.0/16 192.168.1.66 1
6 ADC 192.168.1.0/24 192.168.1.1 system 0
7 A S 192.168.2.0/24 192.168.1.3 1
8 A S 192.168.3.0/24 192.168.1.3 1
9 A S 192.168.4.0/24 192.168.1.3 1
10 A S 192.168.5.0/24 192.168.1.3 1
11 A S 192.168.6.0/24 192.168.1.3 1
12 A S 192.168.7.0/24 192.168.1.3 1
13 ADC 192.168.10.0/24 192.168.10.1 10.1 0
14 ADC 192.168.101.0/24 192.168.101.1 HW 0
15 ADC 192.168.102.0/24 192.168.102.1 2kat 0
16 ADC 192.168.103.0/24 192.168.103.1 marketing 0
17 ADC 192.168.104.0/24 192.168.104.1 storage 0
18 ADC 192.168.105.0/24 192.168.105.1 105.1 0
19 ADC 192.168.106.0/24 192.168.106.1 106.1 0
20 ADC 192.168.107.0/24 192.168.107.1 107.1 0
21 ADC 192.168.108.0/24 192.168.108.1 108,0 0

[admin@MikroTik] /ip route> ..
[admin@MikroTik] /ip> firewall
[admin@MikroTik] /ip firewall> mangle
[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-routing new-routing-mark=manuel
passthrough=yes src-address=192.168.101.48

1 chain=prerouting action=mark-routing new-routing-mark=mario
passthrough=yes src-address=192.168.101.33

tws101 · September 20, 2012, 2:30pm

Disable passthrough

per this page
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle

Passthrough ignores the rule and just tracks it.

ditonet · September 20, 2012, 3:03pm

@tws101
You are wrong, there is a difference between ‘action=passthrough’ and ‘passthrough’ property.

passthrough (yes | no; default: yes) - whether to let the packet to pass further (like action passthrough) after marking it with a given mark (property only valid if action is mark packet, connection or routing mark)

For some unknown reason this property is not described in Wiki article mentioned by you, but you can find it here:
http://www.mikrotik.com/testdocs/ros/2.9/ip/mangle.php

Regards, Grzegorz.

tws101 · September 21, 2012, 4:18pm

Good to know. They need to update that wiki.

manolo · September 25, 2012, 9:01am

what to do now?
with enabled route with Routing mark I can use another gateway (192.168.1.59) and main 192.168.1.0/24 subnet but can’t get to other static and dinamic routes
and with disabled route with Routing mark I can get static and dynamic route and default gateway 192.168.1.37 (but I need gateway 192.168.1.59 for host 192.168.101.48)

tws101 · September 27, 2012, 8:54pm

Will you please post your routing table and highlight routes that are failing with the marked traffic?

andressis2k · September 28, 2012, 11:07pm

You have to indicate to the Mangle rule that it should not act for internal IPs

For example, if all your LANs are on 192.168.0.0/16 subnet, you must configure it as follows:

If destination address is outside 192.168.0.0/16 network, it will add the routing mark. But if the dst is a 192.168 address, it will do nothing

If you’ve some other LAN networks with differents ranges, you must use Address Lists for that

Regards

manolo · October 2, 2012, 11:43am

great
yes, I need to add some other LAN networks with differents ranges:
10.113.64.0/24, 10.114.64.0/24 and 167.10.0.0/16 to address list.
how to???

TX
m.

[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-routing new-routing-mark=manuel
passthrough=yes src-address=192.168.101.48 dst-address=!192.168.0.0/16