Community discussions

MikroTik App
 
kcarhc
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

routing-mark and table and mangle in RouterOS v7 BETA 7

Thu Jun 04, 2020 2:58 pm

here is the code in RouterOS v6, how to make it work in RouterOS v7.

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark new-connection-mark=CON-TEST passthrough=yes dst-address=4.2.2.1
add action=mark-routing chain=prerouting connection-mark=CON-TEST new-routing-mark=IRT-TEST passthrough=no

/ip route
add check-gateway=ping distance=10 gateway=10.10.54.161 routing-mark=IRT-TEST
add check-gateway=ping distance=10 dst-address=1.1.1.1/32 gateway=10.10.54.145

/ip route rule
add routing-mark=IRT-TEST table=IRT-TEST
add dst-address=8.8.8.8/32 table=IRT-TEST
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Thu Jun 04, 2020 3:47 pm

First add table in /routing table menu

THen you can add routing rules in /routing rule menu

and routes in specific table
/ip route add dst-address=x.x.x.x@table gateway=y.y.y.y@main
 
kcarhc
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Thu Jun 04, 2020 4:40 pm

@mrz, please help me translate my code to RouterOS 7.

====================code====================
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark new-connection-mark=CON-TEST passthrough=yes dst-address=4.2.2.1
add action=mark-routing chain=prerouting connection-mark=CON-TEST new-routing-mark=IRT-TEST passthrough=no

/ip route
add check-gateway=ping distance=10 gateway=10.10.54.161 routing-mark=IRT-TEST
add check-gateway=ping distance=10 dst-address=1.1.1.1/32 gateway=10.10.54.145

/ip route rule
add routing-mark=IRT-TEST table=IRT-TEST
add dst-address=8.8.8.8/32 table=IRT-TEST
====================code====================
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Thu Jun 04, 2020 4:49 pm

/routing table add name=IRT-TEST fib

/ip route 
add dst-address=0.0.0.0/0@IRT-TEST gateway=10.10.54.161@main check-gateway=ping distance=10
add check-gateway=ping distance=10 dst-address=1.1.1.1/32 gateway=10.10.54.145

/routing rule 
add dst-address=8.8.8.8 action=lookup table=IRT-TEST
firewall the same as v6
 
kcarhc
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Thu Jun 04, 2020 5:25 pm

OK, Thanks, Works well on RouterOS 7
 
kcarhc
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Thu Aug 13, 2020 7:40 pm

############################

/routing table add name=IRT-TEST fib

/ip route
add check-gateway=ping distance=10 dst-address=0.0.0.0/0@IRT-TEST gateway=10.10.66.70@main

###########################
it works on 7.0 Beta 8
it don't work on v7.1 BETA 1 show this

invalid or unexpected vrf or routing table value
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Fri Aug 14, 2020 8:56 am

 
kcarhc
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Mon Aug 17, 2020 2:57 am

@mrz, please help me translate my code to work on RouterOS 7.1Beta 1. not 7.0 Beta 9

====================code====================
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark new-connection-mark=CON-TEST passthrough=yes dst-address=4.2.2.1
add action=mark-routing chain=prerouting connection-mark=CON-TEST new-routing-mark=IRT-TEST passthrough=no

/ip route
add check-gateway=ping distance=10 gateway=10.10.54.161 routing-mark=IRT-TEST
add check-gateway=ping distance=10 dst-address=1.1.1.1/32 gateway=10.10.54.145

/ip route rule
add routing-mark=IRT-TEST table=IRT-TEST
add dst-address=8.8.8.8/32 table=IRT-TEST
====================code====================
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Mon Aug 17, 2020 10:58 am

!!!!!!
/routing table add name=IRT-TEST fib
!!!!!
 
kcarhc
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Tue Aug 18, 2020 4:25 am

!!!!!!
/routing table add name=IRT-TEST fib
!!!!!
here is my code

and this line is work, I known
/routing table add name=IRT-TEST fib
###########################
this line is not work on ROS 7.1 Beat, it works on ROS 7.0 Beta. I need this line.
/ip route
add check-gateway=ping distance=10 dst-address=0.0.0.0/0@IRT-TEST gateway=10.10.66.70@main
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Tue Aug 18, 2020 9:39 am

Now again, look at this line from the manual (character by character)
/ip route add dst-address=8.8.8.8 gateway=172.16.1.1@main routing-table=myTable
And compare to what you are trying to set

Hint (again from the manual):
(as per user requests v7.0beta9 adds back 'routing-table' parameter)
 
kcarhc
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Sat Aug 22, 2020 1:02 am

ok thanks. it's work.

/routing table add name=IRT-TEST fib

/ip route
add check-gateway=ping distance=10 dst-address=0.0.0.0/0 gateway=10.10.66.70@main routing-table=IRT-TEST
 
lexxa
just joined
Posts: 2
Joined: Tue Dec 15, 2020 8:58 am

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Tue Dec 15, 2020 9:38 am

I am no sure is this is the right thread however I did not find other covering mangle and routing in ROS7

I am running v7.1b3 and am having a rather curious issue.
First I created a routing table
/routing table
add fib name=RT-WG-PRG
Then a mangle rule is created
/ip firewall mangle
add action=mark-packet chain=prerouting dst-address=!172.16.0.0/16 new-packet-mark=VPN passthrough=yes src-address=172.16.1.9
add action=mark-connection chain=prerouting new-connection-mark=conn_VPN packet-mark=VPN passthrough=yes
add action=mark-routing chain=prerouting connection-mark=conn_VPN new-routing-mark=RT-WG-PRG passthrough=yes
(the rule has been tested and proven functional)

At this point I am to create a route which would go into the routing table:
/ip route
add distance=10 dst-address=0.0.0.0 gateway=WG-PRG@main routing-table=RT-WG-PRG
at this point I believe it is the right thing to do a routing rule
regardless how i set it up (either specify src-address/dst-address or routing-mark) the traffic from the defined src address is routed via the main routing table.
however if i specify the route anyhow different than 0.0.0.0/0 the rule kicks in and the traffic gets routed based on the defined table to the specific destination.
is this a bug or I am doing something wrong?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Tue Dec 15, 2020 1:09 pm

0.0.0.0 is not the same as 0.0.0.0/0
 
lexxa
just joined
Posts: 2
Joined: Tue Dec 15, 2020 8:58 am

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Tue Dec 15, 2020 2:45 pm

0.0.0.0 is not the same as 0.0.0.0/0
Tryed both options, including several ways to define the routing rule. As long as i use 0.0.0.0 or 0.0.0.0/0 the routing does not kick in.


EDIT:
I am terribly sorry. The feature works as expected. The trouble was on my end. In my desperate attempts i managed to mark routing twice (passthrough in a rule further down the config).
 
faragalla
just joined
Posts: 10
Joined: Wed Jan 28, 2015 9:11 pm

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Fri Dec 18, 2020 7:16 am

I've read this thread several times, but am unable to get my VPN working correctly. I have an l2tp connection that I am trying to route in routeros7.1beta3. Under routeros6, it was as easy as assigning a routing mark to a particular set of IPs and setting up a static route using that same routing mark.

l2tp-out = name of my active VPN connection
192.168.0.10 = IP of machine I would like to route through my VPN connection

I setup a table using
/routing table add name=vpn_table fib

Please provide me with the exact configuration for the /ip route and /routing rule as I have tried several ways without success.
 
chrisarzu
just joined
Posts: 4
Joined: Tue Feb 01, 2022 10:51 pm

Re: routing-mark and table and mangle in RouterOS v7 BETA 7

Tue Feb 22, 2022 4:38 pm

Running RouterOS 7.2rc3, set up PCC and it's working, but a major issue I have is that the router itself cannot go out on the internet

Notice below that I added 4 routes, 2 in the main table, and 1 for each routing mark.
PCC works fine only when the 2 default routes in the main table are disabled on purpose, if I enable them, the router is able to go out the internet, but PCC stops working.
I am missing something, but not sure what is, so a little help would be appreciated.
model = RBD52G-5HacD2HnD
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.133.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.123.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.123.1@main pref-src=0.0.0.0 routing-table=WAN1toISP1 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.133.1@main pref-src=0.0.0.0 routing-table=WAN2toISP2 scope=30 suppress-hw-offload=no target-scope=10

***************Below is the rest of the relevant config****************
/routing table
add fib name=WAN1toISP1
add fib name=WAN2toISP2
/interface list member
add comment=defconf interface=bridge list=LAN
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-type=!local in-interface-list=LAN new-connection-mark=WAN1Conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface-list=LAN new-connection-mark=WAN2Conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1Conn dst-address-type=!local new-routing-mark=WAN1toISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2Conn dst-address-type=!local new-routing-mark=WAN2toISP2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=ether1WAN1
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=ether2WAN2

Who is online

Users browsing this forum: No registered users and 18 guests