Hi,
On my Mikrotik router I have a primary (default) and a secondary internet connection. I configured the router to specifically route traffic from a specific local source IP, out via the secondary connection. This was done using a mangle rule for the output chain and then applying the relevant route mark (plus the actual route). When I perform a packet capture, the the flow of traffic looks 100% correct and the traffic is routed out via the correct interface.
What is confusing is when I enable logging on the actual mangle rule, or when I put a logging rule in place in IP filter to log the output traffic from this specific source IP, it indicates that the traffic is routed outbound to the primary interface. The only conclusion I can come to why the logging in the mangle and filter sections seems incorrect, the that based on the below diagram, the routing adjustment is only made AFTER the traffic has passed though the mangle and filter sections at which point the route mark has not yet been applied. And the packet capture is done at which point the route mark has already been applied. Am I interpreting the diagram correctly?
https://wiki.mikrotik.com/wiki/File:Pfd.png
Thank you
Hi
To affect routing decision, route mark needs to be made in prerouting, as routing is executed right after. Any later will be too late and irrelevant.
see:
Hi, using the prerouting chain for output traffic in the mangle rule does not match the traffic as expected.(ROS6.42.6).
Like I said, after implementing the mangle rule using the output chain (that does match the expected traffic), the packet capture clearly shows the traffic routing out via the secondary internet connection (as expected). Disabling the mangle rule while doing the packet capture, clearly showing the traffic routing out via the default route (primary provider).
So from the packet capture, it looks like the mangle rule definitely is affecting traffic and marking the packets correctly. Or am I misunderstanding your statement?
I misunderstood your statement, routing is indeed “adjusted” as last step, and hence results in incorrect logging for both mangle & filter in output chain.
I you want the right log, put that log rule in postrouting chain, at which point packet should be updated.
Great and thanks for the help. Logging the traffic in mangle using the postrouting chain shows the expected destination interface. Tanks again for your time!