policy routing - logging in problem

RouterOS General
1

hi
i’ve commited a policy routing like described in wiki http://wiki.mikrotik.com/wiki/Policy_Routing_in_RouterOS_2.9.x

every thing looks working good BUT :slight_smile:
i CANT log in to router via second line

let say i have configuration like this
wan1 (default gateway) 192.168.10.10
wan2 (http pop3 etc) 192.168.20.10
lan1 10.0.0.10

when I connect to router via wan1 .. it’s OK
but when I try to connect via wan2 packets which inintiate connection doesnt leave router the same interface from which they came. another words. router routes respons for my request from wan2 via default gateway (wan1) not via wan2 … and that’s why I can log in via wan2 connection

question: what to do with it ?

2

You have to mangle the packets coming in WAN2, then give them another view of the routing table thats for WAN2.

add chain=prerouting in-interface=l2tp-pip
action=mark-connection
new-connection-mark=in-pip-conn passthrough=yes
comment=“” disabled=yes
add chain=prerouting connection-mark=in-pip-conn
action=mark-packet new-packet-mark=in-pip-packet
passthrough=yes comment=“” disabled=yes
add chain=prerouting packet-mark=in-pip-packet
action=mark-routing new-routing-mark=out-pip
passthrough=yes comment=“” disabled=yes

Mark the connection, then mark the packets, then mark routing. Then, in your routing table, reproduce what you need for WAN2 (include connected routes as well) Add a route rule also (some versions need this, some don’t):

/ ip route rule
add routing-mark=out-pip action=lookup table=out-pip
comment=“” disabled=no

Use routing-test package as well.

Sam

3

Why ??

4

because i’ve never used standard routing package and dont know if policy routing and route-marking work the same as I know routing-test does.

5

Default gateway in MT just leave only one.

So in you situation you should cancel the default gateway.

Using the policy routing in you MT.