Community discussions

 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 112
Joined: Thu Jan 13, 2011 11:34 am

Route traffic to one IP through specific gateway

Wed Nov 21, 2012 11:53 am

Hi all,

My situation:

interface1: LAN1 (192.168.0.0)
interface2: LAN2 (71.40.116.0)
interface3: WAN1 (77.45.45.120)
interface4: WAN2 (88.30.30.0)

In order to make IPSec connection to a another device I need to ping this IP 92.11.11.200, this IP is reachable only from LAN2 network and has to go out through WAN1 interface.
Now when running tracert 92.11.11.200 I see that is goes through the wrong gateway in this case WAN2.

So, if you could help me with a rule that will get me to this IP 92.11.11.200 through gateway WAN1.

*I'm using PCC load balancing.

Thank you.
 
fxx
newbie
Posts: 33
Joined: Tue Nov 20, 2012 11:54 am
Location: Prague - Czech Republic

Re: Route traffic to one IP through specific gateway

Wed Nov 21, 2012 1:35 pm

Just add entry to the routing table:
ip route add dst-address=92.11.11.200/32 gateway=x.x.x.x
where x.x.x.x is the default gateway of the WAN connection, you want to route to.
If you want to block connection from LAN1, I suppose to use the firewall rule.
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 112
Joined: Thu Jan 13, 2011 11:34 am

Re: Route traffic to one IP through specific gateway

Wed Nov 21, 2012 2:25 pm

Just add entry to the routing table:
ip route add dst-address=92.11.11.200/32 gateway=x.x.x.x
where x.x.x.x is the default gateway of the WAN connection, you want to route to.
If you want to block connection from LAN1, I suppose to use the firewall rule.
Already tried this, it doesn't work, it goes through the other gateway (WAN2)
C:\Users\admin>tracert 172.30.255.11

Tracing route to 172.30.255.11 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2    <1 ms    <1 ms    <1 ms  88.30.30.1
  3     1 ms    <1 ms    <1 ms  *.*.*.*
 
User avatar
nickshore
Member
Member
Posts: 473
Joined: Thu Mar 03, 2005 4:14 pm
Location: Suffolk, UK.
Contact:

Re: Route traffic to one IP through specific gateway

Wed Nov 21, 2012 5:06 pm

You need to make sure your PCC rules don't get triggered for that destination.

or you need to route mark specifically for that destination and uncheck passthrough in the mangle rules.

then use a route with the route mark set on it.

It would help if you showed your mangle rules and routing table.

Nick.
Nick Shore MTCNA MTCWE MTCRE MTCINE MTCTCE
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/brand/mikrotik
Official UK MikroTik Distributor
IRC chan: #routerboard on irc.z.je (IPv4 and IPv6)
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 112
Joined: Thu Jan 13, 2011 11:34 am

Re: Route traffic to one IP through specific gateway

Thu Nov 22, 2012 9:18 am

It would help if you showed your mangle rules and routing table.
My config:
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-port=80 protocol=tcp
add action=accept chain=prerouting disabled=no dst-address=192.168.0.0/24
add action=accept chain=prerouting disabled=no dst-address=77.45.45.120/30 in-interface=LAN1
add action=accept chain=prerouting disabled=no dst-address=88.30.30.0/24 in-interface=LAN1
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=WAN1 new-connection-mark=WAN1 passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=WAN2 new-connection-mark=WAN2 passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LAN1 new-connection-mark=WAN1 passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LAN1 new-connection-mark=WAN2 passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1 disabled=no in-interface=LAN1 new-routing-mark=WAN1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN2 disabled=no in-interface=LAN1 new-routing-mark=WAN2 passthrough=no
add action=mark-routing chain=output connection-mark=WAN1 disabled=no new-routing-mark=WAN1 passthrough=no
add action=mark-routing chain=output connection-mark=WAN2 disabled=no new-routing-mark=WAN2 passthrough=no
add action=accept chain=output disabled=no dst-address=192.168.0.0/24
add action=mark-connection chain=output connection-mark=no-mark disabled=no dst-address-type=!local new-connection-mark=WAN1 passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=output connection-mark=no-mark disabled=no dst-address-type=!local new-connection-mark=WAN2 passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=output connection-mark=WAN1 disabled=no new-routing-mark=WAN1 passthrough=no
add action=mark-routing chain=output connection-mark=WAN2 disabled=no new-routing-mark=WAN2 passthrough=no
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=77.45.45.121 routing-mark=WAN1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=88.30.30.1 routing-mark=WAN2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=77.45.45.121 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=88.30.30.1 scope=30 target-scope=10
Thank you.
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 112
Joined: Thu Jan 13, 2011 11:34 am

Re: Route traffic to one IP through specific gateway

Thu Nov 22, 2012 3:46 pm

Anyone ? :?
 
mixig
Member Candidate
Member Candidate
Posts: 264
Joined: Thu Oct 27, 2011 2:19 pm

Re: Route traffic to one IP through specific gateway

Sat Nov 24, 2012 1:24 pm

in your mangle put at the top this:
add action=accept chain=prerouting disabled=no dst-address=92.11.11.200
With the command above you will exclude traffic designated for that address from the PCC, it will just pass through the mangle without adding and mark...

and then put static route for that ip to go through WAN1:

ip route add dst-address=92.11.11.200/32 gateway=x.x.x.x WAN1

Who is online

Users browsing this forum: Google [Bot], Majestic-12 [Bot] and 45 guests