Policy based routing - what's wrong?

whitbread · December 4, 2015, 11:42am

What I try to accomlish is policy based routing based on source IP.

I followed http://wiki.mikrotik.com/wiki/Testwiki/IP_routing#Dynamic_routing

Using “Set up routing policy using ip route rule” works fine, but I always get into timeout errors when using “Set up routing policy using ip firewall mangle”. I can see packet count going up in the mangle rule but I always run into timeout.

So what is the difference between:

/ip route rule
add disabled=yes dst-address=37.120.169.172/32 table=Routing_VPN_GW

and

/ip firewall mangle
add action=jump chain=prerouting comment="Traffic -> !Localnet" \
    dst-address-list=!LocalNet dst-address-type=unicast jump-target=\
    Fwd_www_up src-address=192.168.0.0/16
add action=mark-routing chain=Fwd_www_up dst-address=37.120.169.172 \
    new-routing-mark=Routing_VPN_GW passthrough=no

I know, example uses destination IP for testing purpuses.

whitbread · December 15, 2015, 10:40am

Did I do anything wrong or nobody around to help?

dareru · December 17, 2015, 5:10pm

maybe this can help you..

http://blog.butchevans.com/2008/09/mikrotik-policy-routing-implementation-example/

telnetpr · December 22, 2015, 1:28pm

Try this

ip firewall mangle add chain=prerouting src-address=192.168.0.0/16 action=mark-routing new-routing-mark=TEST

And the route

ip route add dst-address=0.0.0.0/0 gateway=192.168.0.1 distance=2 routing-mark=TEST

IP ADDRESSES ARE JUST FOR EXAMPLES YOU JUST USE YOUR GATEWAY AND IP ADDRESS BLOCKS

AND TEST WITH TRACEROUTE USING ROUTING MARK

whitbread · December 28, 2015, 8:55am

Thx for your help so far - I am still testing…