Forcing out interface based on internal IP address

wilburt · December 7, 2015, 12:18am

Hi experts,

I have two out interfaces to the WWW. What is the best way to push out bound traffic from a particular network out a specific gateway?

For example

Out Eth1 10.20.20.2
Out Eth2 172.15.12.2

Internal DHCP server

192.168.88.0/24
192.168.99.0/24

Looking to have 88 network out Eth1 and 99 network out Eth2

Thanks

ConnectivityEngineer · December 22, 2015, 7:18am

This is done via Policy Based Routing

Butch Evans has an excellent blog posting on this - http://blog.butchevans.com/2008/09/mikrotik-policy-routing-implementation-example/rather than me retyping all this stuff over.

If your US Based - I suggest checking out Butch’s Training Sessions as well.

wilburt · January 23, 2016, 7:23am

Thanks heaps! i will read through

wilburt · January 27, 2016, 2:23am

So far so good. I am able to ping, and get DNS but for some reason i can’t browse the internet.

THere are no firewall rules that are dropping packets.

I have static routes that point back and also NAT on that network and port.

any ideas where else could go wrong?

wilburt · January 29, 2016, 7:58am

Thanks for the pointer. It works.

There is one flaw. How do we ensure that a specific network can only go out 1 ISP and not the other? The good, 192.168.88.0/24 and 10.11.0.0/20 can’t go out 172.16.1.0/24. However, Problem is 192.168.99.0/24 network can go out 10.10.10.0/24 ISP if 172.16.1.0/24 network is unreachable. This is what i have

/ip route
add gateway=172.16.1.1 routing-mark=RTF
add gateway=10.10.10.1 routing-mark=WEFI

/ip route rule
add dst-address=192.168.88.0/24 action=lookup table=main
add dst-address=192.168.99.0/24 action=lookup table=main
add dst-address=10.11.0.0/20 action=lookup table=main

add dst-address=10.10.10.0/24 action=lookup table=main
add dst-address=172.16.1.0/24 action=lookup table=main

add src-address=10.10.10.0/24 action=lookup table=WEFI
add src-address=172.16.1.0/24 action=lookup table=RTF

add routing-mark=RTF action=lookup table=RTF
add routing-mark=WEFI action=lookup table=WEFI

/ip firewall mangle
add chain=prerouting src-address=192.168.99.0/24 action=mark-routing
new-routing-mark=RTF passthrough=no

add chain=prerouting src-address=192.168.88.0/24 action=mark-routing
new-routing-mark=WEFI passthrough=no

add chain=prerouting src-address=10.11.0.0/20 action=mark-routing
new-routing-mark=WEFI passthrough=no