Hi,
I have a problem with policy routing, I cannot ping alias in the WAN interface, the setup is like this as follows;
I have a WAN interface with 2 aliasses and different VLANs,
IP1 192.168.2.10 name DATA VLAN 2, this IP is used only for IPSec tunnel no internet, just data transport, and IP2 10.10.10.20 name INTERNET VLAN 3, this ip is used for internet only.
The gateways are setup like this:
ip route add dst-address=192.168.0.0/16 gateway=192.168.2.1 (IPSec)
ip route add dst-address=0.0.0.0/0 gateway=10.10.10.1 (Internet)
I have setup the routing like this:
ip firewall add chain=output out-interface=DATA src-address=192.168.2.10 dst-address=0.0.0.0/0 action=mark-routing new-routing-mark=route-data passthrough=no
IP have added another gateway:
ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=route-data (this is not doing the job !!!)
With this setup I can ping only internet IP 10.10.10.20 for what I have a route dst=0.0.0.0/0 gateway=10.10.10.1, and I’m not able to ping the DATA ip 192.168.2.10 because of the route dst=192.168.0.0/16 gateway=192.168.2.1, I do not want to src-nat the icmp packet for that destination, I want tot solve the problem with policy based routing.
Any idea why is this not working ?
Thanks in advance.
Faton