routing problem

RouterOS Beginner Basics
1

Hi,
somehow I think I make a stupid mistake in my setup but I cannot find it.
The scenario is the following:

  • I’ve got two WAN links (one DSL, one cable)
  • the cable WAN link is connected to a cable modem running in bridge mode
  • the cable modem is listening with a webinterface on 192.168.100.1

I can reach the webinterface of the cable modem without doing any setup on the RB2011. My assumption is that just works as long as the cable WAN link is my default route since otherwise I would not know how the packets could reach the modem. In most cases this is also true. But I might do some loadbalancing or specific routing from certain devices through the other WAN link. So I tried to add specific routing configuration to always reach the modem when targetting 192.168.100.1.
Now strange enough I totally fail configuring that so it works.

My routing table looks like this:

 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          192.168.249.254           1
 1 ADS  0.0.0.0/0                          188.195.240.254           1
 2   S  0.0.0.0/0                          192.168.249.254           2
 3 A S  10.123.2.0/24                      192.168.252.8             1
 4 ADC  10.123.128.0/18    10.123.166.209  vlan-ffgw                 0
 5 ADC  188.195.240.0/24   188.195.240.7   ether2-Cable              0
 6 X S  ;;; Route to cable modem management console (somehow not working)
        192.168.100.0/24                   ether2-Cable              1
 7 ADC  192.168.248.0/24   192.168.248.254 bridge-dmz                0
 8 ADC  192.168.249.0/24   192.168.249.8   ether1-DSL                0
 9 ADC  192.168.250.0/24   192.168.250.254 bridge-local              0
10 A S  192.168.251.0/24                   192.168.250.8             1
11 ADC  192.168.252.0/24   192.168.252.254 vlan-freifunk             0

Please note: The first entry is a route with routing-mark. Didn’t know how to output just the main routing table.
The route I have tried (6, is currently disabled as it does not work as explained.)

While I tried to debug the routing with the packet sniffer I was watching the ether2-Cable interface when the route was enabled but to my surprise no packets to or from 192.168.100.1 were recorded. I see them as long as the route is disabled though.
Additional hints: ether2-Cable is a srcnat interface.

Any idea what I’m doing wrong?

2

If you have route in main routing table and want to have it used all the time, regardless how you otherwise mark routing, then routing rules are your friends, e.g.:

/ip route rule
add action=lookup-only-in-table dst-address=192.168.0.0/16 table=main
3

Thanks for the pointer.
But in this case I do not think that’s the solution since the explicit routing I have added is configured in main table and in my tests I made sure that I do not end up in the wrong routing table since currently the only routing mark I’m using is when a connection is made from external through the other link or coming from a certain IP (not involved in this test).

4

I think its issue with route itself ( interface as gateway but no IP from same subnet on interface or masquerade rule). In this case you can take a different approach. If your interface ( ether2-Cable) gets public IP address from your ISP, you need to set private IP from same pool (192.168.100.0/24) on the “ether2-Cable” interface. Care, this can mess your masquerade rules, or may not work if traffic gets masked.
If your masquerade rule is like " mask all traffic going out to ether2-Cable interface", alter it so it states " and not to destination 192.168.100.0/24". From here, you should be able to connect to modem as directly connected network, and also access internet without issues.

P.S.
It does not require any static routes.

5

hmm,
without the route it works and according to the packet sniff it looks like:
188.195.240.x → 192.168.100.1:80 when I capture the ether2-Cable interface
So my interpretation is that the modem has the correct routing towards the public IP.

Now really the only difference in my setup is to make the route to ether2-Cable for 192.168.100.0/24 explicit instead of relying on the default route.
I still want to have masquerading in place because it seems to work.

In any case I just gave ether2-Cable a second, static IP (192.168.100.2) and removed the static route which works perfectly fine.
Still I’m a bit confused why I need that IP to get packages routed properly to that interface.