Hello Everybody!
I’m a newbie
I have an address-list with some ip range: 103.78.76.0/24, 125.212.198.0/24, 103.239.120.0/24, 122.11.131.0/24.
And i’m using 3 WAN with : pppoe-out1, pppoe-out2,pppoe-out3.
I want routing this address-list only connect to pppoe-out1.
Plz help me.
sr about my english 
- Are these subnets destination ones which your LAN clients will connect to (as seems likely because they are public) or source ones (i.e. subnets where your LAN clients are located)?
- Do you specifically want to use the “address list” feature of Mikrotik’s firewall (e.g. to be able to modify the list flexibly) or can you live with adding routes for these subnets (assuming that they are remote destinations)?
Thanks sir!
This is destination subnet, i want use address list to redirect these subnet connect to only one pppoe in 3
You can use mangle to mark the packets depending on source IP range and then you can adapt your IP>Routes to route only traffic with certain packet mark. You may have to mark traffic on the inbound as well to save it being received on 1WAN and then routed out another for shortest path.
As the networks in your list are destinations, it is enough to add selective routes for them where only pppoe-out1 will be indicated as gateway:
/ip route
add dst-address=103.78.76.0/24 gateway=pppoe-out1
add dst-address=125.212.198.0/24 gateway=pppoe-out1
add dst-address=103.239.120.0/24 gateway=pppoe-out1
add dst-address=122.11.131.0/24 gateway=pppoe-out1
A more selective route (with longer mask) always takes precedence over less selective route. So even though your default route (probably) reads “gateway=pppoe-out1,pppoe-out2,pppoe-out3”, the above routes constitute exceptions from it and the packets to the listed subnets will only leave via pppoe-out1.
If you want it hi-tech, you can instead use a routing mark as suggested by @Steveocee. But be aware that the following method
- has a performance impact as use of routing marks is mutually exclusive with fasttracking and it is quite complex to selectively prevent only connections which need a routing mark from being fasttracked,
- requires a more complex setup
So it makes sense to use it only if the address list represents something else than remote destinations (e.g., local sources) or if you want to deploy some kind of automated maintenance of the address list (using scripting or provisioning api).
The following assumes that all your currently configured routing rules (= routes) are configured without any routing mark, which means that they implicitly use routing mark “main”.
So you would add another default route, with only pppoe-out1 as gateway, but with a specific routing mark assigned, e.g., “my-exception”:
/ip route
add gateway=pppoe-out1 routing-mark=my-exception
Next, you would create your address list:
/ip firewall address-list
add list=my-destinations address=103.78.76.0/24
add list=my-destinations address=125.212.198.0/24
add list=my-destinations address=103.239.120.0/24
add list=my-destinations address=122.11.131.0/24
And, finally, you would use a mangle rule to “translate” the address list to a routing mark:
/ip firewall mangle
add chain=prerouting dst-address-list=my-destinations action=mark-routing new-routing-mark=my-exception
A packet with routing mark assigned (by the mangle rule) can only use routes bearing the same routing mark. Routes without explicitly assigned routing mark actually bear routing mark “main”, so the packets with other routing mark assigned cannot use them.
But as said before, you have to disable to fasttrack-connection rule in ip firewall filter to quickly check that the above method work, and you have to insert some accept rules before it to prevent connections using routing marks from getting fasttracked if you want to re-enable fasttracking for the bulk of the traffic.
thanks sir
Thanks sir 
i will try this