Hi.
Setup that I have:
- two ipv6 tunnels, one from HE.net, another from local ISP via 6rd.
- /48 block from HE.net (statically allocated), /56 block from local ISP 6rd (dynamic)
- bunch of hosts in “DMZ” and “LAN” that have native IPv6 connectivity on ethernet or wifi.
what I’m interested, is to have proper routing based on source. I’m fine to have my both /48 and /56 blocks talking to each other directly, but when it comes to outgoing world traffic, “default” route should be pointing to different tunnels.
I’ve made it working for connection intiated from outside world to my blocks by connection marking on incoming interfaces… but no luck with outgoing from my DMZ/LANs that will not break inter-area traffic.
this is what I currently have, any hints on improvements?
/ipv6 firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=he new-connection-mark=he passthrough=no
/ipv6 firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=6rd new-connection-mark=6rd passthrough=no
/ipv6 firewall mangle add action=mark-routing chain=output connection-mark=he new-routing-mark=he
/ipv6 firewall mangle add action=mark-routing chain=output connection-mark=6rd new-routing-mark=6rd
/ipv6 firewall mangle add action=mark-routing chain=prerouting connection-mark=6rd disabled=yes dst-address-type=!local new-routing-mark=6rd
/ipv6 firewall mangle add action=mark-routing chain=prerouting connection-mark=he disabled=yes dst-address-type=!local new-routing-mark=he
/routing table add disabled=no fib name=he
/routing table add disabled=no fib name=6rd
/ipv6 route add disabled=no dst-address=2000::/3 gateway=he routing-table=he
/ipv6 route add disabled=no dst-address=2000::/3 gateway=6rd routing-table=6rd