kcarhc
June 4, 2020, 11:58am
1
here is the code in RouterOS v6, how to make it work in RouterOS v7.
/ip firewall mangle
/ip route
/ip route rule
mrz
June 4, 2020, 12:47pm
2
First add table in /routing table menu
THen you can add routing rules in /routing rule menu
and routes in specific table
@mrz , please help me translate my code to RouterOS 7.
====================code====================
/ip route
/ip route rule
mrz
June 4, 2020, 1:49pm
4
/routing table add name=IRT-TEST fib
/ip route
add dst-address=0.0.0.0/0@IRT-TEST gateway=10.10.54.161@main check-gateway=ping distance=10
add check-gateway=ping distance=10 dst-address=1.1.1.1/32 gateway=10.10.54.145
/routing rule
add dst-address=8.8.8.8 action=lookup table=IRT-TEST
firewall the same as v6
OK, Thanks, Works well on RouterOS 7
kcarhc
August 13, 2020, 4:40pm
6
############################
/routing table add name=IRT-TEST fib
/ip route
###########################
invalid or unexpected vrf or routing table value
kcarhc
August 16, 2020, 11:57pm
8
@mrz , please help me translate my code to work on RouterOS 7.1Beta 1. not 7.0 Beta 9
====================code====================
/ip route
/ip route rule
mrz
August 17, 2020, 7:58am
9
!!!
/routing table add name=IRT-TEST fib
!!!
kcarhc
August 18, 2020, 1:25am
10
here is my code
and this line is work, I known
/routing table add name=IRT-TEST fib
###########################
/ip route
add check-gateway=ping distance=10 dst-address=0.0.0.0/0@IRT-TEST gateway=10.10.66.70@main
mrz
August 18, 2020, 6:39am
11
Now again, look at this line from the manual (character by character)
/ip route add dst-address=8.8.8.8 gateway=172.16.1.1@main routing-table=myTable
And compare to what you are trying to set
Hint (again from the manual):
(as per user requests v7.0beta9 adds back ‘routing-table’ parameter)
kcarhc
August 21, 2020, 10:02pm
12
ok thanks. it’s work.
/routing table add name=IRT-TEST fib
/ip route
lexxa
December 15, 2020, 7:38am
13
I am no sure is this is the right thread however I did not find other covering mangle and routing in ROS7
I am running v7.1b3 and am having a rather curious issue.
/routing table
add fib name=RT-WG-PRG
Then a mangle rule is created
/ip firewall mangle
add action=mark-packet chain=prerouting dst-address=!172.16.0.0/16 new-packet-mark=VPN passthrough=yes src-address=172.16.1.9
add action=mark-connection chain=prerouting new-connection-mark=conn_VPN packet-mark=VPN passthrough=yes
add action=mark-routing chain=prerouting connection-mark=conn_VPN new-routing-mark=RT-WG-PRG passthrough=yes
(the rule has been tested and proven functional)
At this point I am to create a route which would go into the routing table:
/ip route
add distance=10 dst-address=0.0.0.0 gateway=WG-PRG@main routing-table=RT-WG-PRG
at this point I believe it is the right thing to do a routing rule
mrz
December 15, 2020, 11:09am
14
0.0.0.0 is not the same as 0.0.0.0/0
lexxa
December 15, 2020, 12:45pm
15
Tryed both options, including several ways to define the routing rule. As long as i use 0.0.0.0 or 0.0.0.0/0 the routing does not kick in.
I’ve read this thread several times, but am unable to get my VPN working correctly. I have an l2tp connection that I am trying to route in routeros7.1beta3. Under routeros6, it was as easy as assigning a routing mark to a particular set of IPs and setting up a static route using that same routing mark.
l2tp-out = name of my active VPN connection
I setup a table using
Please provide me with the exact configuration for the /ip route and /routing rule as I have tried several ways without success.
Running RouterOS 7.2rc3, set up PCC and it’s working, but a major issue I have is that the router itself cannot go out on the internet
Notice below that I added 4 routes, 2 in the main table, and 1 for each routing mark.disabled on purpose , if I enable them, the router is able to go out the internet, but PCC stops working.
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.133.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.123.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.123.1@main pref-src=0.0.0.0 routing-table=WAN1toISP1 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.133.1@main pref-src=0.0.0.0 routing-table=WAN2toISP2 scope=30 suppress-hw-offload=no target-scope=10
***************Below is the rest of the relevant config****************
/routing table
add fib name=WAN1toISP1
add fib name=WAN2toISP2
/interface list member
add comment=defconf interface=bridge list=LAN
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-type=!local in-interface-list=LAN new-connection-mark=WAN1Conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface-list=LAN new-connection-mark=WAN2Conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1Conn dst-address-type=!local new-routing-mark=WAN1toISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2Conn dst-address-type=!local new-routing-mark=WAN2toISP2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=ether1WAN1
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=ether2WAN2
dline
November 23, 2024, 9:28am
18
Hello!
Have the same problem in RoS 7.16.1
I have 2 rule: first rule works fine, but the second - not working correctly.
Working rule:
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=VPN-DE \
routing-table=VPN suppress-hw-offload=no
/routing rule
add action=lookup disabled=no src-address=10.20.4.138/32 table=VPN
/ip firewall nat
add chain=srcnat action=masquerade src-address=10.20.4.138 dst-address=!10.0.0.0/8
out-interface=VPN-DE log=yes log-prefix=""
Not working rule:
/ip firewall address list
add address=api.openai.com list=route_to_vpn
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new \
dst-address-list=route_to_vpn new-connection-mark=VPN passthrough=yes
add action=mark-routing chain=prerouting connection-mark=VPN new-routing-mark=\
VPN passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="OUT-via-vpn (Mangle)" \
connection-mark=VPN dst-address=!10.0.0.0/8 log=yes log-prefix=OPENAI
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=VPN-DE \
routing-table=VPN suppress-hw-offload=no
/routing rule
add action=lookup disabled=no src-address=10.20.4.138/32 table=VPN
add action=lookup disabled=no routing-mark=VPN table=VPN
It’s look like correct routing, but incorrect NAT… also see it in connection table
How to fix this?
anavk0
December 14, 2024, 2:30pm
20
@dline start a new ( your own thread ).
Discuss WAN details how many, type of connection, public/private static dynamic,
network diagram for situational context and port usage
Also config.
