/ip route rule Policy Routing

Having trouble policy routing 3 different gateways. When the 172.18.0.0/16 network gets to the router it just dies instead of being nat’d and pushed out the correct gateway. Additionally if I don’t have the dst-address (rule 0 in /ip route rule) then I can’t ping the address at the router. Does anyone have any helpful suggestions on what I’m doing wrong?




Code below:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting src-address=172.18.0.0/16 action=mark-routing
new-routing-mark=ProNet passthrough=yes

1 chain=prerouting action=mark-routing new-routing-mark=pskcom
passthrough=yes
[admin@PM] ip firewall mangle>


Flags: X - disabled, I - inactive
1 dst-address=172.18.0.0/16 action=lookup table=main

2 src-address=12.196.147.0/24 action=lookup table=pskcom

3 src-address=172.18.0.0/16 action=lookup table=ProNet

4 action=lookup table=main
[admin@PM] ip route rule>


Flags: X - disabled, I - invalid, D - dynamic

5 chain=srcnat src-address=172.18.0.0/16 action=masquerade

[admin@PM] ip firewall nat>

the first thing jumping out at me is you have the mangle set to passthrough once it matches 172.18.0.0/16 and then it goes to rule 1, which then marks it for pskcom. If it has passthrough on it continues on down the mangle list, in this case turn passthrough off and if the problem persists let me know.

So the first one Should read:
0 chain=prerouting src-address=172.18.0.0/16 action=mark-routing
new-routing-mark=ProNet passthrough=no

The Second thing I notice is your using a IP route rule vs routing marks to route, I would remove the rules and add:

go into IP ROUTE then type:
add dst-address=0.0.0.0/0 pref-src= gateway= scope=255 target-scope=10 routing-mark=ProNet comment=“” disabled=no