Community discussions

 
RedFoxy
just joined
Topic Author
Posts: 6
Joined: Mon Jul 22, 2019 5:45 pm
Location: Italy
Contact:

Static route for a specific LAN IP

Mon Jul 22, 2019 6:13 pm

Hi!
I've a Mikrotik RB760iGS with 3 Gateway (ADSL 1 for internet of all computer, ADSL 2 used only for VoIP connections and ADSL 3 for specifics works), I've some statics route that force all outcoming traffic to specific ip addresses to be routed to ADSL 2, they are all VoIP server and PBX, that's simple to make because I know the remote addresses, now I need to force a specific local PC on the LAN to go out only by ADSL 3 because there are some pc that must dialog by a specified network, but I don't know the remote ip addresses, how can I do?

Now I'm using Mangle marking package coming from specific lan ip address with a word:
- chain: prerouting,
- src. address: 192.168.1.10,
- action: mark routing,
- new routing mark: siss

than under routes I make a route using that mark to force a specific gateway:
- dst. address 0.0.0.0/0,
- gateway: 192.168.10.254,
- type: unicast,
- distance: 1
- scope: 30
- target scope: 10
- routing mark: siss

It goes but looks like that there is something that make network really slow, how can I do it better and faster?
# jul/15/2019 09:51:22 by RouterOS 6.45.1
# software id = KKNC-EV7A
#
# model = RB760iGS
# serial number = AXXXXXXXXXX
/interface bridge
add name=bridge-LAN
/interface ethernet
set [ find default-name=ether1 ] name=ether1-Voce speed=100Mbps
set [ find default-name=ether2 ] name=ether2-WAN1 speed=100Mbps
set [ find default-name=ether3 ] name=ether3-LTE speed=100Mbps
set [ find default-name=ether4 ] name=ether4-SISS speed=100Mbps
set [ find default-name=ether5 ] name=ether5-LAN speed=100Mbps
/interface gre
add local-address=161.1.2.77 name=gre-N4Com remote-address=161.2.2.2
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool-LAN ranges=192.168.9.70
/ip dhcp-server
add address-pool=dhcp_pool-LAN disabled=no interface=bridge-LAN lease-time=1d \
    name=dhcp-LAN
/system logging action
set 3 bsd-syslog=yes remote=86.11.12.216 syslog-facility=local0
/interface bridge port
add bridge=bridge-LAN interface=ether5-LAN
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=bridge-LAN list=LAN
add interface=ether2-WAN1 list=WAN
add interface=ether1-Voce list=WAN
add interface=gre-N4Com list=WAN
/ip address
add address=82.10.23.118/30 interface=ether1-Voce network=82.10.23.116
add address=82.10.23.110/30 interface=ether2-WAN1 network=82.10.23.108
add address=192.168.9.150/24 interface=bridge-LAN network=192.168.9.0
add address=161.1.2.77/30 interface=ether3-LTE network=161.1.2.76
add address=161.1.2.86/30 interface=gre-N4Com network=161.1.2.84
add address=192.168.10.50/24 interface=ether4-SISS network=192.168.10.0
/ip dhcp-server lease
add address=192.168.9.70 client-id=1:0:xx:xx:xx:xx:xx mac-address=\
    00:xx:xx:xx:xx:xx server=dhcp-LAN
/ip dhcp-server network
add address=82.10.23.116/30 gateway=82.10.23.118
add address=192.168.9.0/24 gateway=192.168.9.150
/ip dns
set servers=128.65.200.80,8.8.8.8
/ip firewall filter
add action=accept chain=input src-address=17.18.27.120/29
add action=accept chain=input src-address=17.18.28.128/29
add action=accept chain=input src-address=17.18.29.80/29
add action=accept chain=input src-address=17.18.30..195
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
    protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=siss passthrough=no \
    src-address=192.168.9.203
/ip firewall nat
add action=dst-nat chain=dstnat disabled=yes dst-port=888 protocol=tcp \
    to-addresses=192.168.9.70 to-ports=80
add action=dst-nat chain=dstnat dst-port=8291 protocol=tcp to-addresses=\
    192.168.9.150 to-ports=8291
add action=dst-nat chain=dstnat dst-port=161 protocol=udp to-addresses=\
    192.168.9.150 to-ports=161
add action=dst-nat chain=dstnat protocol=icmp to-addresses=192.168.9.150
add action=src-nat chain=srcnat out-interface=gre-N4Com to-addresses=\
    82.10.23.110
add action=masquerade chain=srcnat comment="IP Masquerade"
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=192.168.10.200 routing-mark=siss
add check-gateway=ping distance=10 gateway=82.10.23.109
add distance=10 gateway=gre-N4Com
add distance=30 gateway=82.10.23.117
add distance=5 dst-address=27.9.9.114/32 gateway=82.10.23.117
add distance=10 dst-address=27.9.9.114/32 gateway=82.10.23.109
add distance=20 dst-address=27.9.9.114/32 gateway=gre-N4Com
add distance=5 dst-address=27.9.10.6/32 gateway=82.10.23.117
add distance=10 dst-address=27.9.10.6/32 gateway=82.10.23.109
add distance=20 dst-address=27.9.10.6/32 gateway=gre-N4Com
add distance=5 dst-address=27.9.11.19/32 gateway=82.10.23.117
add distance=10 dst-address=27.9.11.19/32 gateway=82.10.23.109
add distance=20 dst-address=27.9.11.19/32 gateway=gre-N4Com
add distance=5 dst-address=27.9.11.20/32 gateway=82.10.23.117
add distance=10 dst-address=27.9.11.20/32 gateway=82.10.23.109
add distance=20 dst-address=27.9.11.20/32 gateway=gre-N4Com
add distance=5 dst-address=27.9.11.21/32 gateway=82.10.23.117
add distance=10 dst-address=27.9.11.21/32 gateway=82.10.23.109
add distance=20 dst-address=27.9.11.21/32 gateway=gre-N4Com
add distance=5 dst-address=27.9.12.15/32 gateway=82.10.23.117
add distance=10 dst-address=27.9.12.15/32 gateway=82.10.23.109
add distance=20 dst-address=27.9.12.15/32 gateway=gre-N4Com
add distance=5 dst-address=27.9.12.16/32 gateway=82.10.23.117
add distance=10 dst-address=27.9.12.16/32 gateway=82.10.23.109
add distance=20 dst-address=27.9.12.16/32 gateway=gre-N4Com
add distance=5 dst-address=27.9.13.34/32 gateway=82.10.23.117
add distance=10 dst-address=27.9.13.34/32 gateway=82.10.23.109
add distance=20 dst-address=27.9.13.34/32 gateway=gre-N4Com
add distance=5 dst-address=27.9.14.231/32 gateway=82.10.23.117
add distance=10 dst-address=27.9.14.231/32 gateway=82.10.23.109
add distance=20 dst-address=27.9.14.231/32 gateway=gre-N4Com
add distance=5 dst-address=27.9.15.92/32 gateway=82.10.23.117
add distance=10 dst-address=27.9.15.92/32 gateway=82.10.23.109
add distance=20 dst-address=27.9.15.92/32 gateway=gre-N4Com
add distance=5 dst-address=27.9.15.93/32 gateway=82.10.23.117
add distance=10 dst-address=27.9.15.93/32 gateway=82.10.23.109
add distance=20 dst-address=27.9.15.93/32 gateway=gre-N4Com
add distance=1 dst-address=172.17.0.0/20 gateway=ether3-LTE
add distance=1 dst-address=161.2.2.0/30 gateway=ether3-LTE
add distance=5 dst-address=27.9.16..175/32 gateway=82.10.23.117
add distance=10 dst-address=27.9.16..175/32 gateway=82.10.23.109
add distance=20 dst-address=27.9.16..175/32 gateway=gre-N4Com
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/snmp
set enabled=yes
/system clock
set time-zone-name=Europe/Rome
/system identity
set name="Mikrotik"
/system logging
set 0 action=remote prefix=INFO
set 1 action=remote prefix=ERROR
set 2 action=remote prefix=WARN
set 3 action=remote prefix=CRIT
add action=remote prefix=FW topics=firewall
add action=remote prefix=HEALTH topics=health
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Who is online

Users browsing this forum: No registered users and 43 guests