Community discussions

 
gazzamit
just joined
Topic Author
Posts: 21
Joined: Tue Jul 02, 2013 11:50 am

Policy routing 6.1

Sat Jul 27, 2013 11:11 am

Hi,

Can anyone confirm that policy routing is working in 6.1?

I have tried the following with no success.

(I also tried adding a mark to the incoming WAN port though not sure if that's necessary as connections established from internal network initially).

ros code

/ip route
add distance=1 gateway=192.168.2.1 routing-mark=MainPC
	
/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=MainPCPacket \
    src-address=192.168.88.0/24
add action=mark-connection chain=prerouting new-connection-mark=MainPCConn \
    packet-mark=MainPCPacket
add action=mark-routing chain=prerouting connection-mark=MainPCConn \
    new-routing-mark=MainPC
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1110
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Policy routing 6.1

Sat Jul 27, 2013 2:02 pm

Do it like this:

ros code

/ip firewall mangle
add chain=prerouting src-address=192.168.88.0/24 connection-mark=no-mark action=mark-connection new-connection-mark=MainPCConn
add chain=prerouting src-address=192.168.88.0/24 connection-mark=MainPCConn action=mark-routing new-routing-mark=MainPC
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
 
gazzamit
just joined
Topic Author
Posts: 21
Joined: Tue Jul 02, 2013 11:50 am

Re: Policy routing 6.1

Sat Jul 27, 2013 4:43 pm

Thanks for the reply,

I have tried that and it's not working for me.

That is the only two mangle rules in place and just the one marked route active.

I can't ever get access unless there is an unmarked default route as well - which defeats the point of having a marked route.

Any other suggestions?

Compact export from newish install:

ros code

/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 name=ether5-slave-local

/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254

/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=ether2-master-local name=default

/ip address
add address=192.168.88.1/24 comment="default configuration" interface=ether2-master-local network=192.168.88.0

/ip dhcp-client
add add-default-route=no comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway

/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes

/ip dns static
add address=192.168.88.1 name=router

/ip firewall filter
add chain=input comment="default configuration -ping" protocol=icmp
add chain=input comment="default configuration est input" connection-state=established
add chain=input comment="default configuration related input" connection-state=related
add action=drop chain=input comment="default configuration - drop incoming eth1" in-interface=ether1-gateway
add chain=forward comment="default configuration est forward" connection-state=established
add chain=forward comment="default configuration related forward" connection-state=related
add action=drop chain=forward comment="default configuration invalid forward drop" connection-state=invalid

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local new-connection-mark=MainPCConn src-address=\
    192.168.88.0/24
add action=mark-routing chain=prerouting connection-mark=MainPCConn new-routing-mark=MainPC src-address=192.168.88.0/24

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway

/ip route
add distance=1 gateway=192.168.2.1 routing-mark=MainPC
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1110
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Policy routing 6.1

Sat Jul 27, 2013 5:36 pm

You need to have a default route in the main routing table, the router itself uses that routing table, so a default route needs to be there.

What are you tring to achieve?
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
 
skoenman
just joined
Posts: 24
Joined: Fri Nov 07, 2008 11:42 am

Re: Policy routing 6.1

Sun Jul 28, 2013 2:04 am

Im having same issue...my one marks the connection fine but when you check it still goes through default route even though its connection mark...output ...routingmark ...

It doesnt want to use that route. ANy ideas ??/ I have tried taking passthrough off but doesnt make any diffrence.
 
gazzamit
just joined
Topic Author
Posts: 21
Joined: Tue Jul 02, 2013 11:50 am

Re: Policy routing 6.1

Sun Jul 28, 2013 7:02 pm

That setup was for initial testing of a LAN route mark. I need to route LAN traffic to one gateway and Wi-Fi to another.

Looking at this example will probably help me...

http://aacable.wordpress.com/2011/06/04 ... t-by-zaib/

I presume that if I follow that setup but adapt it by removing load balance that it may work?

Gary.

Who is online

Users browsing this forum: No registered users and 6 guests