Community discussions

 
bgonev
just joined
Topic Author
Posts: 14
Joined: Sat Nov 24, 2012 10:32 pm

Match Router originated traffic

Wed Aug 02, 2017 10:37 pm

I've spend almost 2 days in reading, searching across the forum and net, but i did not find working solution how to match traffic originated from the router itself. Is there such possibility ?
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 456
Joined: Fri Apr 30, 2010 3:25 pm
Location: Laval, QC, Canada
Contact:

Re: Match Router originated traffic

Wed Aug 02, 2017 10:41 pm

Hello

I'm assuming you're taking about firewall filters.

It's easily done using the "output" chain.

Ciao

Sent from Tapatalk
___________________________
Alain Casault, Eng.
If I helped you, let me know!
 
bgonev
just joined
Topic Author
Posts: 14
Joined: Sat Nov 24, 2012 10:32 pm

Re: Match Router originated traffic

Wed Aug 02, 2017 10:44 pm

It;s about mangle rules - I want to route mark all packets originated from the router itself to be sent to the specific gateway. I don't want to use default gateway, so in my configuration there is no default gateway.
I've tried with output chain in mangle, but no success. Maybe you can send me example ?
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 456
Joined: Fri Apr 30, 2010 3:25 pm
Location: Laval, QC, Canada
Contact:

Re: Match Router originated traffic

Thu Aug 03, 2017 4:01 pm

You 're almost there.

Chain=output action=mark-routing=abc

Then add a static route using routing-mark=abc gateway=<your gateway> and that should do the trick.

I'm not in front of a router and haven't tested it but give it a try.

Sent from Tapatalk
___________________________
Alain Casault, Eng.
If I helped you, let me know!
 
User avatar
iperezandres
newbie
Posts: 30
Joined: Mon Feb 13, 2017 1:17 pm
Location: Madrid
Contact:

Re: Match Router originated traffic

Thu Apr 19, 2018 12:36 pm

I have the same problem. I have tried output chain and mark-routing but it is not working.

If there is no default route, the packets originated from the router itself do not get catched in any of the mangle rules and they do not show up in the connection tab.

Any suggestion? I have tried many different chain combinations unsuccessfully.
 
User avatar
iperezandres
newbie
Posts: 30
Joined: Mon Feb 13, 2017 1:17 pm
Location: Madrid
Contact:

Re: Match Router originated traffic

Wed Dec 05, 2018 10:12 am

I found another approach using mangle rules, to capture the traffic going from your connected IPs (router and LAN) to the not connected IPs:
/ip firewall address-list
add address=192.168.1.0/24 list=Connected # WAN network
add address=192.168.100.0/24 list=Connected # LAN network
add address=192.168.100.0/24 list=LAN
add address=255.255.255.255 list=LAN
/ip firewall mangle
add action=mark-routing chain=output src-address-list=Connected dst-address-list=!Connected new-routing-mark=route1 passthrough=no
With this code, I assume you have some route marked as "route1".

Hope it helps.

Who is online

Users browsing this forum: cdiedrich, Google [Bot], petertosh, ssxp, tnakir and 19 guests