in v5.0 routing mark not respected

arpadffy · April 7, 2011, 9:43pm

Hello,

earlier using 5.0b9 this worked and after upgrading to 5.0 release I experience problems with respecting routing marks while choosing the gateway.

[admin@MikroTik] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; default configuration
     chain=input action=accept protocol=icmp 

 1   ;;; default configuration
     chain=input action=accept connection-state=related 
     in-interface=ether1-gateway 

 2   ;;; default configuration
     chain=input action=accept connection-state=established 
     in-interface=ether1-gateway 

 3 X ;;; default configuration
     chain=input action=drop in-interface=ether1-gateway 

 4   chain=input action=accept connection-state=established 
     in-interface=pppoe-out1 

 5   chain=input action=accept connection-state=related in-interface=pppoe-out1

[admin@MikroTik] > ip firewall nat print      
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; default configuration
     chain=srcnat action=masquerade out-interface=ether1-gateway 

 1   chain=srcnat action=masquerade out-interface=pppoe-out1

[admin@MikroTik] > ip firewall mangle print   
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=prerouting action=mark-routing new-routing-mark=smtp passthrough=no protocol=tcp 
     in-interface=ether2-local-master dst-port=25 

 1   chain=postrouting action=log routing-mark=smtp routing-table=main out-interface=pppoe-out1 
     log-prefix="" 

 2   chain=postrouting action=log routing-mark=smtp routing-table=main out-interface=ether1-gateway 
     log-prefix=""

[admin@MikroTik] > ip route print     
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          81.231.248.129     1       
 1  DS  0.0.0.0/0                          146.172.65.24      1       
 2 ADC  81.231.248.128/25  81.231.248.177  ether1-gateway     0       
 3 ADC  146.172.65.24/32   84.218.23.142   pppoe-out1         0       
 4 ADC  192.168.10.0/24    192.168.10.1    ether2-local-ma... 0

[admin@MikroTik] > ip route rule print
Flags: X - disabled, I - inactive 
 0   routing-mark=smtp interface=pppoe-out1 action=lookup table=main

…and anyway the correctly marked package leaves the router on ether1-gateway and not on pppoe-out1.

Any help would be appreciated.

Thank you in advance.

Regards,
Z

parsiansystem · April 8, 2011, 6:11am

hi…
i have the similar problem
then i get that the v5.0 is it stable!
then upgarde ro v5.0rc11
all of the problem solved!!
good luck

Chupaka · April 8, 2011, 7:50am

at first,

ip route print detail

because

ip route print

doesn’t show routing-mark

arpadffy · April 8, 2011, 9:54am

Hello,

[admin@MikroTik] > ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 0 ADS  dst-address=0.0.0.0/0 gateway=83.251.64.1 gateway-status=83.251.64.1 reachable ether1-gateway distance=1 scope=30
        target-scope=10 vrf-interface=ether1-gateway

 1 ADC  dst-address=83.251.64.0/20 pref-src=83.251.68.67 gateway=ether1-gateway gateway-status=ether1-gateway reachable
        distance=0 scope=10

 2 ADC  dst-address=146.172.65.24/32 pref-src=84.218.23.193 gateway=pppoe-out1 gateway-status=pppoe-out1 reachable distance=0
        scope=10

 3 ADC  dst-address=192.168.10.0/24 pref-src=192.168.10.1 gateway=ether2-local-master
        gateway-status=ether2-local-master reachable distance=0 scope=10

Unfortunately, I can not see any routing mark here either … just in among rules.

Chupaka · April 8, 2011, 10:08am

it means, you don’t have routing marks in your routes. marks cannot work if they don’t exist =)

arpadffy · April 8, 2011, 10:34am

You are perfectly right… but what can I do more than define in rules. As you see I have done this

[admin@MikroTik] > ip route rule print detail
Flags: X - disabled, I - inactive
 0   routing-mark=smtp interface=pppoe-out1 action=lookup table=main

Is there anything that I missed?

Thank you.
Regards,
Z

Chupaka · April 8, 2011, 10:38am

what exactly do you want to do? if you have only one routing table (main) - you cannot use policy routing, because policy routing is usage of many routing tables with different gateways…

arpadffy · April 8, 2011, 11:08am

I have two uplinks: one fast (ether1-gateway) and one slow (pppoe-out1) that allows traffic on port 25.
I want to achieve that all traffic that come from LAN (ether2-local-master) go through pppoe-out1 and not the default route ether1-gateway (that does not allow traffic on port 25)

I do it as you can see above.

Thank you.
Regards,
Z

Chupaka · April 8, 2011, 11:21am

/ip route add gateway=pppoe-out1 routing-mark=smtp

and you may remove your routing rule - it’s not used anywhere

arpadffy · April 8, 2011, 11:36am

THANK YOU VERY MUCH.

It works now… I just wonder how could it work earlier - indeed I have migrated from a RB750 to a RB450G - maybe I have missed this line.

Regards,
Z