[v6.48 on hap ac^2] Understanding routing-mark

vaa · Sun Jul 11, 2021 7:55 am

Three TVs are connected to Wlan1 and routed to L2TP Client over uplink.

Now I am trying to separate each TV to own L2TP Clients (D1, D2, D3). I set a routing mark to each device and want to add routes for each one.

/ip firewall mangle action=mark-routing src-address=192.168.88.128/30 new-routing-mark=TV1
/ip firewall mangle action=mark-routing src-address=192.168.88.132/30 new-routing-mark=TV2
/ip firewall mangle action=mark-routing src-address=192.168.88.136/30 new-routing-mark=TV3
/ip route add dst-address=0.0.0.0/0 routing-mark=TV1 gateway=D1
/ip route add dst-address=0.0.0.0/0 routing-mark=TV2 gateway=D2
/ip route add dst-address=0.0.0.0/0 routing-mark=TV3 gateway=D3

It isn't working. Probably misunderstanding of routing-marks. Or is it should be done in other way?

JohnTRIVOLTA · Sun Jul 11, 2021 8:08 am

Not use mark rules, just add 3 rules on routing tables - each network to view its own routing table !

vaa · Sun Jul 11, 2021 9:39 am

each network to view its own routing table

Then how to add routing table for specified source network?

I have created tables but how to tell to use D1-D3?

/ip route rule add table=TV1 src-address=192.168.88.128/30 dst-address=0.0.0.0/0
/ip route rule add table=TV2 src-address=192.168.88.132/30 dst-address=0.0.0.0/0
/ip route rule add table=TV3 src-address=192.168.88.136/30 dst-address=0.0.0.0/0

anav · Sun Jul 11, 2021 3:59 pm

Not sure if it will work in your case but in general sometimes routing can be done without mangling!!

a. create all required routes on the main table.

standard route for internet
route for tv1
route for tv2
route for tv3

Now if you need special control of which subnets use the routes (and quite frankly not sure if the subnet is a source address or destination address in this case or an interface so you will have to determine that part)
Then create three more routes exact copies of the main table routes but with route-marking
route for tv1 route-marking=useD1
route for tv2 route-marking=useD2
route for tv3 route-markng=useD3

Then create associated Route Rules
Entry argument: source-address=subnet L2TP-1 (or destination-address=subnet L2TP-1) (or interface=L2TP-1)
Action= Lookup only in table
Table= useD1

Entry argument: source-address=subnet L2TP-2 (or destination-address=subnet L2TP-2) (or interface=L2TP-2)
Action= Lookup only in table
Table= useD2

Entry argument: source-address=subnet L2TP-3 (or destination-address=subnet L2TP-3) (or interface=L2TP-3)
Action= Lookup only in table
Table= useD3

vaa · Mon Jul 19, 2021 5:49 am

I have made these configurations but pinging the World is not working.
I have renamed TV1 to ROOM1 for better understanding. And D1-D3 are just names of the L2TP interfaces (it does not come from word destination, routing is based only on source address).

For simplicity here is the code I have launched for the first room:

/ip route add dst-address=0.0.0.0/0 gateway=D1
/ip route add dst-address=0.0.0.0/0 routing-mark=ROOM1 gateway=D1
/ip route rule add action=lookup-only-in-table src-address=192.168.88.128/30 dst-address=0.0.0.0/0 interface=D1 table=ROOM1

Routing Table is now looking like this:

anav · Mon Jul 19, 2021 7:36 pm

You added something extra in route rule (get rid of destination bit)
Also get rid of D1 just the source address.

[v6.48 on hap ac^2] Understanding routing-mark

[v6.48 on hap ac^2] Understanding routing-mark

Re: [v6.48 on hap ac^2] Understanding routing-mark

Re: [v6.48 on hap ac^2] Understanding routing-mark

Re: [v6.48 on hap ac^2] Understanding routing-mark

Re: [v6.48 on hap ac^2] Understanding routing-mark

Re: [v6.48 on hap ac^2] Understanding routing-mark

Who is online