Thanks.I am afraid I don't get what the actual problem is.
Does the "other gateway" device represent a gateway to some other network, i.e. you need some packets from the "My device" box to go to the internet via the Mikrotik and other packets to go to that other network via the "other gateway", and your problem is that you can only set a single (default) route on the "My device"?
Or is it so that you need to send packets only to the internet but the Mikrotik doesn't route them to internet if it gets them directly from "My device", but does route them properly if the "My device" sends them to 10.10.10.2 and the "Other Gateway" forwards them to Mikrotik?
What is your native language?
1. Yes, Only ROS can access internat.Confusing.
1. IS ROS the main router with one WAN connection?
2. Is other gateway another router? or a switch?
3. If it is a router (lets call it router2) it looks like you want it to be a router with WANIP from ROS (double nat type scenario).
4. You want to be able to route traffic from LAN behind router2 to LAN behind ROS and also the opposite, route traffic from LAN behind ROS to LAN router2???
/ip route
add dst-address=0.0.0.0/0 gateway=10.10.10.2 routing-mark=forward
add dst-address=0.0.0.0/0 gateway=pppoe-out1
/ip firewall mangle
add action=mark-routing chain=forward in-interface=your-lan-interface-name src-address=!10.10.10.2 new-routing-mark=forward
/ip route
add dst-address=0.0.0.0/0 gateway=10.10.10.2
add dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=from-owrt
/ip route rule
add action=lookup-only-in-table src-address=10.10.10.2/32 table=from-owrt
Very Very Thanks.So the ultimate goal is that the "My device" would send packets towards internet to the OpenWRT, which will do some magic and send them out via the Mikrotik. I suppose that the magic includes encapsulation into some tunnelling protocol so from the point of view of the Mikrotik, these encapsulated packets have a source address of the OpenWRT (10.10.10.2), not the one of the "My device".
If the above is true, then with your existing setup,
you need to assign the routing-mark "forward" to all packets from 10.10.10.0/24 other than from 10.10.10.2. One way is to use /ip firewall mangle to assign this routing-mark:Code: Select all/ip route add dst-address=0.0.0.0/0 gateway=10.10.10.2 routing-mark=forward add dst-address=0.0.0.0/0 gateway=pppoe-out1
To make it work, you need to disable the action=fasttrack-connection rule in Mikrotik's firewall.Code: Select all/ip firewall mangle add action=mark-routing chain=forward in-interface=your-lan-interface-name src-address=!10.10.10.2 new-routing-mark=forward
Another way is to swap the default routes between the "default" and "marked" routing table instead of a firewall mangle rule, use a routing rule which doesn't interfere with fasttracking but doesn't accept negative conditions:
In either case, Mikrotik will send icmp redirect to My-device for each packet because the IP address of the gateway which Mikrotik uses to forward the packet is in the same subnet like the source. IP stacks of some devices follow the redirect and send subsequent packets to the same destination address directly to the 10.10.10.2, other devices ignore the redirect and continue sending to the Mikrotik.Code: Select all/ip route add dst-address=0.0.0.0/0 gateway=10.10.10.2 add dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=from-owrt /ip route rule add action=lookup-only-in-table src-address=10.10.10.2/32 table=from-owrt
I accept as given that you cannot change the default gateway address on the "My device", but I don't get why you need to do it this complex way instead of just setting Mikrotik's address to 10.10.10.2 and OpenWRT's address to 10.10.10.1?
/ip firewall mangle
add action=mark-routing chain=forward in-interface=your-lan-interface-name src-address=!10.10.10.2 new-routing-mark=forward
Yes that right.If the packets retain the original source IP address after passing through the proxy on the OpenWRT (I would suppose this is the case only for packets which matched the rules for routing the "normal" way), the rules I've suggested will not work because the routing table choice only looks at the source IP address. So you would have to use the /ip firewall mangle rule to assign the routing-mark, matching src-mac-address instead of src-address.