Community discussions

MikroTik App
 
pablomar
just joined
Topic Author
Posts: 7
Joined: Thu May 24, 2018 3:10 pm

Routing and mangle

Thu Feb 11, 2021 4:50 pm

I have 2 ISP, one for employes and other for "guest" users. Nat for employes working fine going on ISP1, but when I try to setup the guest NAT to go on ISP 2, I can't make it work with mangle.

I've doing this config in other routers with no problems
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=Invitados passthrough=no src-address=172.17.10.0/24
/ip route
add distance=1 gateway=186.190.200.129 routing-mark=Invitados
/ip firewall nat
add action=masquerade chain=srcnat out-interface="ether1 - Coyspu" routing-mark=Invitados src-address=172.17.10.0/24
Now I make it work adding a route rule (making mangle unnecessary), but I can't figure out why mangle isn't working
/ip route rule
add interface=bridge_invitados src-address=172.17.10.0/24 table=Invitados
Anybody can help? I missing something?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 6171
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Routing and mangle

Thu Feb 11, 2021 8:26 pm

Why do you need to mangle anything.................
If ISP 1 is the main ISP for business uses................ for MAIN LAN.
and ISP 2 is the secondary ISP for guest .......... GUEST LAN lets say subnet 192.168.0.0/24 or vlan40 (not sure what you have setup for guest users).

Just add a third route in the routing table.

You should have two routes already.
MAIN ROUTE ISP1 lets say distance=5
MAIN ROUTE ISP2 lets say distance=10

In this way any new traffic on either LAN will automatically go out ISP1
Now add a third route

Step1
MAIN ROUTE ISP2 distance=10 ROUTING MARK=GuestUsers

Now add a routing rule
Step 2
[either]Source address=192.168.0.0/24
[or) Interface=vlan40
Action: Lookup Only in Table
Table: GuestUsers (pull down option)

Thats it!! What this tells the router is that for any outgoing traffic from the prescribed source address or interface use the Third Routing Rule for guest users.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
sindy
Forum Guru
Forum Guru
Posts: 6875
Joined: Mon Dec 04, 2017 9:19 pm

Re: Routing and mangle

Sat Feb 13, 2021 8:12 pm

Anybody can help? I missing something?
Have you disabled the action=fasttrack-connection rule in chain forward of /ip firewall filter on this router? Fasttracked connections bypass mangle rules (and a whole lot of other packet handling steps, skipping them is the essence of fasttracking). /ip route rule items are not skipped by fasttracking, which makes them a better choice for simple policy routing tasks.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
msatter
Forum Guru
Forum Guru
Posts: 2045
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Routing and mangle

Sat Feb 13, 2021 8:47 pm

You do not need the marking in Mangle because NAT is doing the work here and you don't need the extra marking.

https://wiki.mikrotik.com/wiki/Manual%3 ... squerade_2

Marking is needed if both ISP gateway's are on the same ether port.
Loving my freedom and so, no Twitter, no Facebook/Instagram/WhatsApp, no Apple and no Google/Alphabet, no Amazon/Cloudfront/AWS.

Running:
RouterOS 6.49Beta / Winbox 3.27 64bits
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 6171
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Routing and mangle

Sun Feb 14, 2021 9:33 pm

You do not need the marking in Mangle because NAT is doing the work here and you don't need the extra marking.

https://wiki.mikrotik.com/wiki/Manual%3 ... squerade_2

Marking is needed if both ISP gateway's are on the same ether port.
Whatsa matter, msatter?? Lost the bubble LOL?

Natting has nothing to do with routing. I even know that you have to tell the router damn well near everything on this godforsaken wet dream OS for mkx and others............. ;-)

Perhaps I am the one with loose marbles LOL. I thought NATTING was to tell the router, for outgoing traffic on this ISP, please attach the public IP of this WAN to outgoing traffic and when the traffic returns I will know where to send it etc..........
The routing tells the router, hey traffic coming from this source needs to go out this ISP.

Two different functions..........right?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
msatter
Forum Guru
Forum Guru
Posts: 2045
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Routing and mangle

Sun Feb 14, 2021 11:08 pm

My Dreambox satellite receivers are running DreamOS ;-)
Loving my freedom and so, no Twitter, no Facebook/Instagram/WhatsApp, no Apple and no Google/Alphabet, no Amazon/Cloudfront/AWS.

Running:
RouterOS 6.49Beta / Winbox 3.27 64bits
 
pablomar
just joined
Topic Author
Posts: 7
Joined: Thu May 24, 2018 3:10 pm

Re: Routing and mangle

Wed Feb 17, 2021 2:56 pm

Thanks, I made other instalations using mangle for this, but in this router a cant make it to work, now is working using a route rule.
Is not a installation made by mi from scratch, I'll continue looking.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 6171
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Routing and mangle

Wed Feb 17, 2021 8:04 pm

So lets summarize ;-)))
msatter:0, anav:1
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!

Who is online

Users browsing this forum: Baidu [Spider], Msosa, silencedugu and 163 guests