Routing priority

omidkosari · November 12, 2008, 8:17pm

We now when an interface with an ip creates , mikrotik automatically creates a dynamic route for that interface .
How we can create a route with higher priority for that ip .

        DST-ADDRESS   PREF-SRC        GATEWAY-STATE GATEWAY                  DISTANCE   INTERFACE
ADC  11.22.33.44/32    1.2.3.4                                                                      0         <pppoe-1234>

Now we want to for example route all traffic or just port 80 traffic to 5.6.7.8 instead of

The question looks strange a little but this is only way for implementing TPROXY in a complex network which the squid should not be the main gateway or bridged ?

Please share your knowledge

Chupaka · November 12, 2008, 9:16pm

why not just add another routes table with some routing-mark? and use mangle to decide, which route should be used

changeip · November 12, 2008, 9:18pm

You can also use the dynamic-in chain in the routing filters to change the distance on a dynamic route as it is learned.

Chupaka · November 12, 2008, 9:23pm

does connected routes have distance? O_o

can you filter locally generated routes?..

changeip · November 12, 2008, 10:05pm

with routing filters and the dynamic-in chain you should be able to. specify type=connect.

omidkosari · November 13, 2008, 6:56am

Thanks a lot for professional answer . I think such valuable answers is very useful in the forum . I am going to try and false on it

omidkosari · November 13, 2008, 8:52am

May i request a bit more explain please .
I have tested many combinations of arguments but no success .

chain=dynamic-in prefix=11.22.33.44 prefix-length=0-32 protocol=connect invert-match=no action=passthrough set-distance=1

I also changed the value of “action” , “scope” , “target-scope” etc.
if it applies successfully the distance value of dynamic interface should be changed to new value or it remains 0 in the “/ip route print” ?

mrz · November 13, 2008, 9:14am

As far as I know You cannot change the administrative distance of a connected interface. It will always be 0.

omidkosari · November 13, 2008, 9:23am

So what the chain=dynamic-in and type=connect means ? are they useless ?

mrz · November 13, 2008, 11:15am

FYI: To filter connected routes you have to use chain=connected-in without types.
But as I mentioned previously it is not possible to change connected route distance.

mrz · November 13, 2008, 11:18am

Connected routes can be replaced by static routes with more specific netmask. However you already have /32 route. Maybe it’s time to reorganize your network.

omidkosari · November 13, 2008, 11:30am

My final goal is route port 80 traffic to another ip , not change distance . if you now better way i will use that.
I exactly want to for example route all traffic or just port 80 traffic to 5.6.7.8 instead of as i mentioned before

Muqatil · November 13, 2008, 11:39am

mangle routing-mark traffic dst-port=80 as HTTP
then route HTTP to another gateway

omidkosari · November 13, 2008, 11:55am

I did it also

dst-address=0.0.0.0/0 gateway=5.6.7.8 distance=1 scope=255 target-scope=10 routing-mark=test-route

the problem is this

dst-address=11.22.33.44 gateway=5.6.7.8 distance=1 scope=255 target-scope=10 routing-mark=test-route

the above line not working because

ADC  dst-address=11.22.33.44 pref-src=10.10.10.10 interface=<pppoe-1234> distance=0 scope=10

the distance=0 so it has higher priority

Chupaka · November 13, 2008, 5:02pm

hmmm… they are in different routing tables, so they cannot affect each other…

omidkosari · November 13, 2008, 5:18pm

Please suggest a solution . i am sure there is a way .

changeip · November 13, 2008, 7:33pm

can you just dst-NAT port 80 to 5.6.7.8 ?

omidkosari · November 13, 2008, 7:39pm

tried already . again we have same problem .

dst-address=11.22.33.44 gateway=5.6.7.8 distance=1 scope=255 target-scope=10 routing-mark=test-route

if the above line works , we can use dst-nat instead of route which i will use after finding solution.

omidkosari · November 13, 2008, 7:55pm

the only way i could implement is a little strange but i describe it . it is not useful but works .
assume i have not ip address 11.22.33.44 on any interface but i have created

chain=srcnat action=src-nat to-addresses=11.22.33.44 src-address=192.168.0.0/24

so i have not any route to 11.22.33.44 in my routing table because i have not this ip address on any interface.
then i mangled and mark-routing them

chain=prerouting action=mark-routing new-routing-mark=test passthrough=yes src-address=192.168.0.0/24

and route it

dst-address=0.0.0.0/0 gateway=5.6.7.8 distance=1 scope=255 target-scope=10 routing-mark=test

The above two lines could also be in one line dst-nat like this

chain=dstnat action=dst-nat to-addresses=5.6.7.8 to-ports=8080 protocol=tcp src-address=192.168.0.0/24 dst-port=80

but the key is this line . which also is the problem

dst-address=11.22.33.44 gateway=5.6.7.8 distance=1 scope=255 target-scope=10

this works but i have not that ip on any interface so the distance=1 is highest priority . but as i mentioned it is not useful and it is just a test in lab

omidkosari · November 14, 2008, 8:22am

Any suggest from mikrotik team ? or other professionals ?