Hi
I have v6.37.1
I have setup a ccr1036 & ccr1072 with multiple VRFs
Management - vlan 8
Internet - vlan 6
Vendor - vlan 7
and my default route table is basically
192.168.1.0/24 via eth1 src 192.168.1.1
dgw via 192.168.1.2
I have added interface internet to vrf Internet using /ip route vrf
I have firewall rules that
- attach a routing-mark to inbound packets on that interface
- restore / re apply routing-mark to related packets
so on the internet when i ping my internet ip address I get a reply packet with the routers internet ip address
Now if I remove all routing info from the INternet routing table, apart from the directly connected so it can’t route packets.
The icmp that is generated isn’t related to the internet VRF, it comes of the main routing table so the ICMP has a src of 192.168.1.1 and gets routed out via 192.168.1.2 ..
This is a problem .
Same if I use a iptables action = reject, the ICMP has the wrong source address and routes using the wrong table.
Any one know of a way to fix this ???
Alex