Preferred source ignored?

xxiii · April 4, 2007, 12:55am

I just noticed on our 3.0b6 unit that it appears to be ignoring the preferred source option on static routes, and is just using the ip of whatever interface it goes out of.

janisk · April 4, 2007, 4:41am

what configuration does it have? (ip and routes)

xxiii · April 4, 2007, 4:44pm

Basically we have two routers the same, except one is 2.9.38 or thereabouts, and the other is 3.0b6.

They both have two public interfaces, and a loopback, and a private side.
for example (not the real addresses obviously):
ether1 1.1.1.2
ether2 2.2.2.2
loopback 3.3.3.2
ether3: 192.168.1.1

there are default routes such that:
0.0.0.0 1.1.1.1 pref source 3.3.3.2
0.0.0.0 2.2.2.1 pref source 3.3.3.2

Then there is a firewall masquerade setup from the private side, which in the 2.9.38 case translates to 3.3.3.2 and goes out whichever public interface is available. But on the 3.0b6 router, it translates to the public ip of whichever interface its choosing to go out of.

Basically, we want the routers to have public addresses that are used for NAT and are independent of whichever physical interfaces happen to be up at the time. This is working on the 2.9.38 router by setting the pref source option, but not on the 3.0b6 router.

changeip · April 4, 2007, 7:45pm

using masq or src-nat ? I just loaded b7 so I will test this later this afternoon.

Sam

xxiii · April 6, 2007, 7:34pm

Using chain srcnat with an action of masquerade.

xxiii · May 3, 2007, 7:32pm

Just a note that this still seems to be a problem in 3.0b7

glucz · February 17, 2008, 3:11pm

has anyone found a solution? This is still a problem in routeros 3?

Thanks

NetworkPro · January 12, 2011, 5:21pm

I just found out that this seems to be a problem on 5.0RC4 with

HotSpot
on a Bridge port
with multiple VLANs bridged
with multiple IPs on the bridge port that have nothing to do with the HotSpot network

The pref source seems to be randomly mistaken. As verified with a sniff on the outgoing interface - the arp requests are asking for 192.168.x.a , tell

sergejs · January 13, 2011, 7:51am

HotSpot

on a Bridge port

Not good idea.
HotSpot is applied per interface.

When you have such situation,

with multiple IPs on the bridge port that have nothing to do with the HotSpot network

Separate HotSpot interface and other bridge port from the same bridge, when there is nothing to do with HotSpot.

NetworkPro · January 13, 2011, 8:16am

Hello sergejs.

Thank you for the fast reply.

In the previous post I meant “on a bridge interface” and not “bridge port”.

I did not put a separate HotSpot on each VLAN because I wanted to manage only one HotSpot (and save my efforts for banging my head with the User Manager v5rc4)

I added the VLANs to a bridge interface in the MT and I put forward filters so that no frames would be forwarded to/from each VLAN. The frames would only get to the MT itself (input bridge chain).

This enables me to have full control over the frames that reach the MikroTik and to have some Layer 2 security (no broadcasts pass over from VLAN to VLAN).

Right now I have a bridge interface that has the HotSpot enabled on it and it has only the HotSpot IP address and no other IP addresses. This hopefully gets rid of the mentioned problem with preferred source, seems working so far.

I hope this setup is “a good idea” ? If not - do tell how to change.

Thank you.

sergejs · January 13, 2011, 8:18am

Right now I have a bridge interface that has the HotSpot enabled on it and it has only the HotSpot IP address and no other IP addresses. This hopefully gets rid of the mentioned problem with preferred source, seems working so far.

I hope this setup is “a good idea” ? If not - do tell how to change.

Yes, please report if you get any problems with the particular setup.