Hi all,
I have two external IPv6 interfaces from different ISPs, I want to mangle the traffic to route based on source IP. I have done this on IPv4 easily. However, same rules don’t work on IPv6.
I usually use routing tables and mangles for this on IPv4. Is there another approach available for IPv6?
Thanks
What rules do work on IPv4 but not IPv6?
Something like this usually works for IPv4 but same rules does not work for IPv6 as follows:
/ipv6 firewall mangle
add action=mark-connection chain=prerouting comment=ISP1 \
connection-mark=no-mark connection-state=related,new in-interface=LAN \
new-connection-mark=ISP1 passthrough=yes src-address-list=ISP1
add action=mark-routing chain=prerouting comment=ISP1 connection-mark=\
ISP1 new-routing-mark=ISP1 passthrough=no src-address-type=!local
add action=mark-routing chain=output comment=ISP1 connection-mark=ISP1 \
new-routing-mark=ISP1 passthrough=no
Might be worth a bug report.
Have you tried routing look up rules under /routing/rule as an alternative?
I have recently setup this on 7.15.3:
/ipv6 firewall mangle
add action=mark-routing chain=prerouting dst-address-list=!FastSpeed new-routing-mark=HE.net passthrough=no src-address-list=HE.net
add action=mark-routing chain=output dst-address-list=!FastSpeed new-routing-mark=HE.net passthrough=yes src-address-list=HE.net
I apologize for the confusion it might cause that I am using identical naming for the routing maker and the address list.
But it does work for me.
Thanks. I checked it. But, this didn’t work for me! I use something like this for routing table:
add disabled=no distance=1 dst-address=2000::/3 gateway=fddb:57bb:cebb:6::a:1 \
routing-table=ISP1 scope=30 target-scope=10
Is it correct?
I should add that this works correctly, If I use the route as “main” routing!
Yes, I have tried that, and I was not successful using that too.
After some test, I agree it should be a bug. Because the behavior sometimes changes for a little time, and I think Mikrotik cannot track IPv6 connections as good as IPv4!
There is a bug in the routing mark handling for IPv6 (or for IPv4, depending on how you look at it).
But for routing marks in IPv6 to work you still have to have a routing rule that maps them to a routing table.
Like:
/routing rule
add action=lookup disabled=no routing-mark=ISP1 table=ISP1
Thanks! It works now! Yes, I can confirm that this is a buggy behavior! Mikrotik still does not handle IPv6 routing marks correctly!
Well, it depends on your standpoint.
I think it would be clearer when it always worked this way, also for IPv4.
You put a mark on the packet, and then you map that mark to a table.
But in IPv4 it automatically does that, and people got used to it.
(and the names “routing-mark” and “routing-table” got confused in different parts of the system)
@pe1chl I think they should keep the automatic behavior but add the dynamic record with an appropriate comment to the routing rules for both IPv4 and IPv6. Similar to how they do it for VLANs.
@luckybuilding Please send a bug / feature request to Mikrotik, you have a legit case. Let’s make sure it counts.
I think they are already aware of this but as with all IPv6 features/bugs it has low priority “because nobody uses IPv6”.