Hello All!
I want to point my local network to my CRS125-24G-1S-RM as the gateway. In the CRS125-24G-1S-RM I want to tell it that for all networks with 10.XXX.XXX.XXX to go out through my pfsense, Else Go out through the CRS125-24G-1S-RM gateway.
IE: 10.60.77.0/24 LAN… non-routable addresses go to 10.60.77.1
Everything else go out though ether1-gateway.
How can I do that?
Thanks!
Also, If I can not choose a subnet, Can I do a host? If so how?
Thanks!
Your description is unclear, it appears to be recursive.
You you know basic IP routing?
lol I do… I just don’t know how to say it the right way. 
If my mikrotik is my gateway, how can I tell it to send non-routable addresses (meaning the internet) through my pfsense box? I know how to do this with a brocade but mikrotik is a whole different monster.. 
It still is not any clearer provide a network diagram so we can see the physical and IP relationships between the devices,.,.,.,.,.,.,.,.
Look at the attached diagram
Are you saying that the mikrotik and Pfsense routers are both attached to the same modem?
That the modem provides two public IP addresses??
/ip route add distance=1 gateway=10.30.2.1 routing-mark=pfsense
/ip firewall mangle add action=mark-routing chain=prerouting dst-address=!10.30.2.0/24 new-routing-mark=pfsense passthrough=no src-address=10.30.2.0/24
That is right.
@anav, You dont happen to hang around the DSLReports Forum?
I think this is what I am looking for.
Thanks for the help.
All inputs/ideas/comments are still welcome.
It did the trick but is causing a huge performance degradation on going out to the internet… Not sure whats going on… It takes about 10 Seconds to resolve an address…
The DNS Server is pfsense…
yes the very same xcom, I was wondering about your nick LOL. I recently bought a hEX to play with.
LOL!
Small world after all!
Does are very nice. I own one and love it!
Okay so the diagram helped!
I now understand that mikrotik is responsible for handling an amount of the traffic from your networks to the ISP modem and to the internet.
However for some network traffic you want to be able to shift that traffic from the MIcrotik to the pFSENSE router and use a DNS the PSFSENSE router is dictating and then out the door, and on a separate public IP.
Here is my take on your situation. Overly complicated!
Why not use the mikrotik to do both?? Get rid of pfsense, the p is for PUNT!!!
ISP1 - Mikrotik interface ether1
ISP2 - Mikcrotik interface ether10
Create
BridgeMikcrotik ether2-5
BridgePFsense ether3-9
Assign
Ip address Bridgemikrotik 192.168.88.1/24 network 192.168.88.0
IP address BridgePFsense 10.60.77.1/24 network 10.60.77.0
IP interface list
WAN
isp1
isp2
LAN
BridgeMikrotik
BridgePFsense
Assign DHCP servers and pools as appropriate.
Routes and Mangles ( a new combo chips & fruit snack I will invent)
There is two ways I would think about doing this and remember I am a complete newb at this router.
OR
2. assign both interfaces mangle rules and route rules separately.
route oldpfsense
0.0.0.0/0
interface: actual gateway IP of ISP2
distance=2
Mangle Rule for oldpfsense traffic,
Chain - prerouting
Source address 10.60.77.0 ****
In-Interface: LAN
Action TAB
action - mark routing
new routing mark - OldPF
route
0.0.0.0/0
gateway IP - actual IP of ISP2 Gateway
Routing mark - OldPF
OR Approach
route mikrotik
0.0.0.0/0
interface: actual gateway IP of ISP1
routing mark - mikrotik_traffic
route oldpfsense
0.0.0.0/0
interface: actual gateway IP of ISP2
routing mark - pfsense_traffic
Mangle Rule for mikrotic traffic,
Chain - prerouting
Source address 192.168.88.0 ****
In-Interface: LAN
Action TAB
action - mark routing
new routing mark - mikrotik_traffic
Mangle Rule for oldpfsense traffic,
Chain - prerouting
Source address 10.60.77.0 ****
In-Interface: LAN
Action TAB
action - mark routing
new routing mark - pfsense_traffic
There you have it, and hopefully the sobs and solars of the world will point out where I have gone horribly wrong.
**** I am not sure how to actually describe source address as from any IP within the particular LAN is it 192.168.88.0 or 192.168.88.0/0
PS… DNS hmmmmm I am piss poor at understand how DNS works on any router but suggest at the DCHP server settings under the NETWORK TAB, there is a spot, normally blank for you to put in the DNS server of your choice vice the default ISP ones normally used. If I am not mistaken the Mikrotik will use the ones you setup first (can be more than one) prior to using the ISP DNS servers.
On the other hand there is a more direct IP DNS settings tab. Here one can see a blank spot at the top perhaps to add servers and below this it shows the default ISP DNS servers being used.
However at this spot I am not sure what use it is if you have TWO WANS? The DHCP server Network Tab seems more useful in that you are telling each network to use a specific DNS server.
I would like to kinow the purpose and hierarchy of this IP DNS Tab.
For example if one puts a specific DNS server under the IP DNS Tab does that automatically overide the default DNS servers from ISP for all networks?
For example if one puts a specific DNS Server under the IP DNS Tab does that automatcially overide the DHCP SERVER additions one could make at the Networks Tab?
What is the relationship??
So your options work and like the others is what I need.
But what I dont understand is… As soon as I make the changes… Internet out pfsense slows down… I actually thought it was DNS but is not. a simple curl to get an IP response over the internet takes over 5 seconds. 
Hence my suggestion to only use the mikrotik and Punt the pfsense unit out the door, down the street and into a body of water of your choice… (probably to join your old zyxel unit).
I wish I could anav. LOL
Work has me tide down to it.
I would need some serious help to transition from pfsense to Mikrotik, Trust me when I say I really want too… The other part is that I would need something like a Mikrotik RouterBoard RB1100AHx4
Because of work, I have to proxy and we use openvpn.
Thoughts?
No unfortunately, way above my pay grade LOL.
Bah!
LOL!
Use Tools>Traceroute with routing-table=pfsense and see if it shows you where the bottleneck is. Compare to routing-table=main.
And/Or
Connect a device directly to the pfsense and see if you get the same results.