Hi,
My intranet network is 1.1.0.0/16.
I have my main hotspot server with ip: 1.1.0.1/24 with default gateway 192.168.1.1/24 (modem).
I also have an other gateway with ip: 192.168.1.254/24 (other modem).
Now, my question is:
How can i redirect some range of ips (example: 1.1.30.0/24 and 1.1.35.0/24) of my intranet to the second gateway 192.168.1.254
so all internet traffic of these ips will have as gateway the second one 192.168.1.254…
make mangle and route rules.
I have already made some mangle rules like this:
/ip firewall mangle
add action=accept chain=prerouting comment=\
1/4-connection_from_1_1_30_x connection-mark=\
connection_from_1_1_30_x disabled=no
add action=mark-routing chain=prerouting comment=2/4-to_1_1_30_x \
disabled=no new-routing-mark=to_1_1_30_x passthrough=no \
src-address-list=1_1_30_x
add action=mark-connection chain=input comment=\
3/4-connection_from_1_1_30_x disabled=no in-interface=INTERNET \
new-connection-mark=connection_from_1_1_30_x passthrough=no
add action=mark-routing chain=output comment=4/4-to_1_1_30_x \
connection-mark=connection_from_1_1_30_x disabled=no \
new-routing-mark=to_1_1_30_x passthrough=no
/ip route
add comment=Redirect_1_1_30_x disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.254 routing-mark=to_1_1_30_x scope=30 target-scope=10
/ip firewall mangle
add action=accept chain=prerouting comment=\
1/4-connection_from_1_1_35_x connection-mark=\
connection_from_1_1_35_x disabled=no
add action=mark-routing chain=prerouting comment=2/4-to_1_1_35_x \
disabled=no new-routing-mark=to_1_1_35_x passthrough=no \
src-address-list=1_1_35_x
add action=mark-connection chain=input comment=\
3/4-connection_from_1_1_35_x disabled=no in-interface=INTERNET \
new-connection-mark=connection_from_1_1_35_x passthrough=no
add action=mark-routing chain=output comment=4/4-to_1_1_35_x \
connection-mark=connection_from_1_1_35_x disabled=no \
new-routing-mark=to_1_1_35_x passthrough=no
/ip route
add comment=Redirect_1_1_35_x disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.254 routing-mark=to_1_1_35_x scope=30 target-scope=10
Now,
when i look at the Firewall → Connections and sort by Connection Mark , i see that connections have been marked only for the first address list-range… (ip range 10.10.30.x)
All the other ip ranges can not be mangled…
I think that i should see all connection marks from all ip ranges in firewall → connections…
Am i missing something in my mangle rules?
come on !!!
I don’t believe that no one knows the answer to this problem…
Create address list which will have both networks in them, so you don’t have to enter the rules in mangle twice
/ip firewall address-list
add list=whatever address=1.1.30.0/24
add list=whatever address=1.1.35.0/24
Create the mangle rules
/ip firewall mangle
add chain=prerouting src-address-list=whatever action=mark-connection new-connection-mark=whatever
add chain=prerouting connection-mark=whatever action=mark-routing new-routing-mark=whatever
Add the routing for the mentioned network
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.254 routing-mark=whatever
Thank you for the answer,
I follwed your way and now i can see all the connections mangled in the firewall->connections table but traffic can NOT be redirected.
Traffic of mangled ip’s have the default gateway 192.168.1.1 and not the 192.168.1.254 (different ISP).
/ip firewall address-list
add address=1.1.30.1-1.1.45.254 comment=EC disabled=no list=EC
/ip firewall mangle
add action=mark-connection chain=prerouting comment=EC disabled=no new-connection-mark=from_EC passthrough=no src-address-list=EC
add action=mark-routing chain=prerouting comment=EC connection-mark=from_EC disabled=no new-routing-mark=to_EC passthrough=no
/ip route
add comment=Redirect_EC disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.254 routing-mark=to_EC scope=30 target-scope=10
Any idea???
in the first mangle rule, the one which is marking the connections, change passthrough value to “yes”.
Thanks a lot man
it is working very good now
+1
Nice 
. Have a good day.