traffic forwarding

jowi007 · January 25, 2006, 9:09am

HI
i need small help

i have uplink nic with ip 212.55.89.56 with gateway 212.55.89.55
and downlink nic with ip 82.54.88.98
in the ip routes my default route is dest 0.0.0.0/0 to default gateway 212.55.89.55

uplink is 128 rx and tx and downlink is 512 cir
i run the squid on 82.54.88.98 so all traffic on poort 80 is on downlink

i need now to switch some other traffic to the downlink like p2p and ftp and irc and leave upplink return channel for only msn camera and voice and yahoo cam and voice

in nat my src nat is going to uplink i shull add srcnat on downlink ip ?

pls if somoen has any suggestion or made this before

Beccara · January 25, 2006, 9:19am

policy routing is what i think you need, it involves mangle and ip route so read up on there about it. I think you need to route mark all the traffic you want going to the other gateway and then add a new static default route to route traffic with the route mark you have applied.

I think this is what you need, its a little diffcult for me to understand what exactly you want and what your current setup is

Hope this helps

jowi007 · January 25, 2006, 11:29am

that’s what i am doing prerouting for traffic in mangle each with its port and then static routes to the downlink ip i cannot use downlink gateway
in 2.9.6 i am able to put 2 static routes on uplink interface downlink gateway and uplink gateway and each one has prefered sourse for example static router on downlink has gateway 82.19888 and uplink route has 212… both gateways are in my uplink provider location
now on 2.9.10 one static route is marked by As and working and second marked as S and it gives blue color
anyway i am marking packets and doing as you said i ned to add any thing in the masquerade src nat ?

GJS · January 25, 2006, 5:00pm

If you used at least basic punctuation in your message it might be possible to understand what your problem is.

jowi007 · January 25, 2006, 9:58pm

we are here to share knowledge why you don’t try to help instead of saying unused things ?

jowi007 · January 25, 2006, 10:30pm

Mikrotik Configuration
Uplink nic 2 ips : 212.55.89.56/29 and 82.54.88.98/29
Downlink NIc Ip : 10.20.30.1 coming from dvb
Users nic PPOE SERVER

ip routes table is

As 0.0.0.0/0 to default gatewy 212.55.89.x at my isp
if i add here a secound route for the downlink ip the route is marked with S only and blue color
if i put the real ip of downlink on downlink interface i cannot see my default downlink gteway at the isp

my main problem i discovered it is with src nat , cz it is thru uplink interface i copied the rule and made one source nat to fiber connection ip
and another one for downlink ip

and i marked all pakets i want to forward to downlink ip
my main question
should i use in the ip route , route all to downlink ip or to downlink gateway at my isp ? i routed all to the downlink gateway and all is working exept the web , when i move the downlink ip from squid even if the port 80 traffic is marked and routed to downlink gateway , the browser send requests to 212.x.x.x.

thanks in advance

jowi007 · January 26, 2006, 1:13am

here is torch result on port 80 after removing src address in webproxy

tcp 64.233.161.104 80 (http) 82.198.x.1x 55405 640bps 0bps
tcp 64.233.161.99 80 (http) 82.198.x.1x 55407 5.5kbps 0bps
tcp 66.230.183.130 80 (http) 82.198.x.1x 55417 832bps 0bps
tcp 207.46.5.3 80 (http) 82.198.x.1x 55413 416bps 0bps
tcp 207.46.5.13 80 (http) 212.98.1x.1x 55418 416bps 3.5kbps
tcp 207.46.5.3 80 (http) 82.198.x.1x 55419 4.5kbps 0bps
tcp 207.46.5.13 80 (http) 212.98.x.1x 55420 416bps 3.5kbps
tcp 207.46.5.3 80 (http) 82.198.x.1x 55421 0bps 0bps

here is torch result on port 80 after putting src address82.198 in
webproxy

tcp 64.159.66.130 80 (http) 82.198.30.170 55703 4.3kbps 0bps
tcp 207.46.5.4 80 (http) 82.198.30.170 55694 416bps 0bps
tcp 207.46.5.4 80 (http) 82.198.30.170 55704 480bps 0bps
tcp 64.159.66.130 80 (http) 82.198.30.170 55705 0bps 0bps
tcp 66.28.205.112 80 (http) 82.198.30.170 55683 5.7kbps 0bps
tcp 66.28.205.112 80 (http) 82.198.30.170 55684 5.7kbps 0bps
tcp 207.46.7.1 80 (http) 82.198.30.170 55685 480bps 0bps

port 80 is still going to uplink even if i mark and make routes

9 ;;; p2p
chain=prerouting p2p=all-p2p action=mark-routing new-routing-mark=p2p
passthrough=yes

10 ;;; msn
chain=prerouting protocol=tcp dst-port=1863 action=mark-routing
new-routing-mark=msn passthrough=yes

11 ;;; icmp
chain=prerouting protocol=icmp action=mark-routing new-routing-mark=icmp
passthrough=yes

12 ;;; HTTP
chain=prerouting protocol=tcp dst-port=80 action=mark-routing
new-routing-mark=HTTP passthrough=yes

route table
10 A S 0.0.0.0/0 r 212.98.1x.1x (uplink gateway at isp)
r 82.198.x.1x (downlink gateway at isp)
11 A S 0.0.0.0/0 r 82.198.x.1x mark http
12 A S 0.0.0.0/0 r 212.98.1x.1x mark icmp
13 A S 0.0.0.0/0 r 212.98.1x.1x mark msn
14 A S 0.0.0.0/0 r 82.198.x.1x mark p2p