I recently added another provider to my router 4.2 OS.
I used policy routing to send traffic based on source address out the gateway of the new ISP.
But when I do this, the user with that source address for the new ISP cant connect to locally connected networks unless I add a whack of policy rules.
I have 15 or so locally connected networks, so 15 rules. T
That customer can surf the Internet with new ISP fine but cant access web/mail server, and other local networks unless I manually add rules to look up routing table main before looking up routing table for new ISP.
Is there a simpler way to do this?
so add one routing rule to lookup ‘main’ table first
Thats what I was trying to figure out how to do, but its probably so simple I cant think of how to do it.
/ip route rule
add action=lookup comment=“” disabled=no dst-address=206.248.xx.xx/29 src-address=24.102.xx.xx/23 table=main
add action=lookup comment=“” disabled=no dst-address=10.0.0.0/8 src-address=24.102.xx.xx/23 table=main
add action=lookup comment=“” disabled=no dst-address=172.16.0.0/16 src-address=24.102.xx.xx/23 table=main
add action=lookup comment=“” disabled=no dst-address=75.119.xx.xx/24 src-address=24.102.xx.xx/23 table=main
add action=lookup comment=“” disabled=no dst-address=69.196.xx.xx/27 src-address=24.102.xx.xx/23 table=main
add action=lookup comment=“” disabled=no dst-address=69.196.xx.xx/27 src-address=24.102.xx.xx/23 table=main
add action=lookup comment=“” disabled=no src-address=24.102.xx.xx/29 table=Shaw
add action=lookup comment=“” disabled=no routing-mark=Shaw table=Shaw
/ip firewall mangle
/add action=mark-routing chain=prerouting comment=“” disabled=no new-routing-mark=Shaw passthrough=no src-address=24.102.xx.xx/23
So I gather this forces the router to ignore the routing marks “Shaw” for local routes.
oh, I see… try something like
/ip firewall address-list
add list=local address=206.248.xx.xx/29
...
add list=local address=69.196.xx.xx/27
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=Shaw passthrough=no src-address=24.102.xx.xx/23 dst-address-list=!local