Unable to access Hosts after Mark Routing

RouterOS General
1

Hi there,

I’m doing some test with mark routing settings.

My scenario:

ADDRESS NETWORK INTERFACE
10.10.10.1/24 10.10.10.0 vlan10

Route Table
DST-ADDRESS GATEWAY DISTANCE ROUTING TABLE
0.0.0.0/0 185.xxx.xxx.1%vrrp1 2 via-vrrp1


ip/firewall/nat/
chain=srcnat action=masquerade out-interface=vrrp1 log=no log-prefix="" 

ip/firewall/mangle/
chain=prerouting action=mark-routing new-routing-mark=via-vrrp1 passthrough=yes in-interface=vlan10

Everything works pretty good, hosts under vlan10 have internet access, but they don’t have access to local network ( both sides ) , it’s like an independient network.

I tried to add new routes to specific routing table, but it doesn’t work.

Is this behavior normal?

In this case, how can I achieve to access to these marking routing interface?

Thanks you.

2

No one knows why clients/hosts behind an interface that has a marked routing can’t be accessed by router ( both sides ) ?

Or anyone can explain mark routing flow diagram?

Thanks you

3

Hi,
You need to be a little bit careful how you mark your routes.

If they are marked with via-vrrp1, they WILL use routes using table=use-vrrp1

I would tend to force it to go via routing rules.

ip/firewall/mangle/
chain=prerouting action=mark-routing new-routing-mark=rule-vrrp1 passthrough=yes in-interface=vlan10 

/routing rule
add action=lookup comment="min-prefix=0, all known non 0.0.0.0/0 routes use main" disabled=no dst-address=0.0.0.0/0 min-prefix=0 table=main
add action=lookup comment="use vvrp1" disabled=no routing-mark=rule-vrrp1 table=via-vrrp1
4

Also:

If you have the default firewall fasttrack rule in place, you need to have an accept rule prior to this rule
for the packets using the via-vrrp1 routing.

(or turn off the fasttrack rule)

5

Thanks you for your answer.

But after apply those routing rules, behavior is the same.