Anyone know how I would be able to selectively pass particular destination traffic (resolved) to a particular router/server?
In other words, if any IP wants to contact for example “facebook.com” I want them to go to a different router than the default gateway. This would be outgoing only.
Or example if someone wants to send to a particular mail server out.mailserver.com I want to route them to a different router than our main feed (to another network).
This helps if we have a connection to another ISP that allows open relay from our particular IP we can forward traffic to that ISP for those email addresses.
Or example if someone wants to send to a particular mail server out.mailserver.com I want to route them to a different router than our main feed (to another network).
This helps if we have a connection to another ISP that allows open relay from our particular IP we can forward traffic to that ISP for those email addresses.
You are adding a destination nat rule to some 196 number (is that the destination mail server?) to port 25 which is of course SMTP, the protocol, then you specify the source address subnet. In my case it would be 0.0.0.0/0 from ether2. Then you add a comment.
Now in my case the 196.30.31.207 would not be the email server it would be another router on the network (a secondary gateway sort of).
So would I need to specify the src-address if it would be implied as 0.0.0.0/0?
I don’t think this would work. I need 3 components here really. I need to intercept all traffic 0.0.0.0/0 on ether1 with a destination of mail.myserver.com and route it to router B (example 10.10.10.1) How would i accomplish that?
Also I haven’t used a web proxy with mikrotik yet. I know there is functionality built in but obviously on a routerboard without a hard drive this would be useless. I’d have to redirect it to a real web proxy for that to work right?
Thanks I had just come to that conclusion about using routing marks when I was playing with this router and I came to post it here and you beat me to it. Thanks! This firewall stuff is starting to click
Assuming 10.10.10.2 actually is the default gateway for all traffic except the 200.200.200.0/25 traffic. In other words I just want a specific public range to get routed to a secondary gateway as well. would that be correct up there?
Your default gateway, is the gateway that all traffic, that hasn’t another rule goes too. Any other traffic has to be handled by a mangling rule with a packet mark that matches a routing rule (as shown in my previous post)
If you want a specific subnet of your internal network routed via a specific (non-default) gateway, then you need to setup a source route (as per previous example) except you need to specify the src-address to be the network you want to be affected.
