I have 2 internet connections and i can access the internet through either of them through my mikrotik device.
I also have a container which runs a program that does routing.
What i want to achieve is for the program to be able to route connections out of any specific internet port it wants, on-demand.
What i’m thinking of is that if i somehow manage to attach 2 interfaces to the container, each targeting one of the internet gateways, i can instruct the program to send the traffic through the interface it wants.
Or maybe i can instruct the program to assign specific routing marks, then mikrotik firewall/routing can route based on those.
But I’m not sure if this is possible since i think the routing marks will be useful for the container’s internal network, and not visible through mikrotik’s firewall/routing?
Can your program select the source IP address for its outgoing connections? You can add multiple IP addresses (from the same subnet) to the VETH interface, and they’ll be added to the ethernet interface inside the container. If your program is able to pick which of those to use as source IP address, then on the outside, in RouterOS you can use, for instance, routing rules to select the correct routing table based on src-address.
Yes, you can use routing rules with the VETH. And depending on your configuration, src-nat rule might also work.
Basically nothing changing in routing because it’s a VETH. Now you do some multi-wan setup already. Assuming you’re using PBR (/routing/rule), you need a rule for container IP that set the desired route table, and that should work. Now PBR multiwan mean you need route tables for each WAN, and likely a starting rule to send local/non-internet traffic to “main” in /routing/rule - but those true for any PBR multi-wan usage.
In terms of the container controlling the routing, just map a container IP to a specific WAN in rule. But the container is NOT going to know about RouterOS interfaces, and containers don’t really have access to other interface than the connected VETH. Perhaps Linux packet marking might escape the container, but IDK if that work since RouterOS isn’t quite same as Linux in firewall/marking stuff. So IP/Layer3 routing and multi homed container be the better approach IMO.
I’ve set up stuff to send different traffic through different IPs of the veth subnet by the proxy tool, and from there on in mikrotik I’ve set up route tables + mark IPs with their routing table + appropriate route distances so the traffic from each specific veth IP is sent to the LAN that i want.
