Anyone know how I would be able to selectively pass particular destination traffic (resolved) to a particular router/server?
In other words, if any IP wants to contact for example "facebook.com" I want them to go to a different router than the default gateway. This would be outgoing only.
Or example if someone wants to send to a particular mail server out.mailserver.com I want to route them to a different router than our main feed (to another network).
This helps if we have a connection to another ISP that allows open relay from our particular IP we can forward traffic to that ISP for those email addresses.
I'm just not sure how I'd do this with mikrotik.
Re: Selective Destination Routing
This you would do in the web proxy.Anyone know how I would be able to selectively pass particular destination traffic (resolved) to a particular router/server?
In other words, if any IP wants to contact for example "facebook.com" I want them to go to a different router than the default gateway. This would be outgoing only.
Code: Select all
/ip proxy access add dst-host=:facebook action=deny redirect
-to=www.mikrotik.com comment="Redirect facebook"This you would do in the firewall (NAT section)Or example if someone wants to send to a particular mail server out.mailserver.com I want to route them to a different router than our main feed (to another network).
This helps if we have a connection to another ISP that allows open relay from our particular IP we can forward traffic to that ISP for those email addresses.
Code: Select all
/ip firewall nat add chain=dstnat action=dst-nat to-addresses=196.30.31.207 to-ports=25
protocol=tcp src-address=192.168.1.0/24 dst-port=25 comment"Redirect SMTP to smtp.iburst.co.za"Re: Selective Destination Routing
Wow just one firewall rules can do that? No routes ?
Can you explain how this works?
In my case I would use ether1 as the gateway wan side, and ether2 as the lan side.
Code:
/ip firewall nat add chain=dstnat action=dst-nat to-addresses=196.30.31.207 to-ports=25
protocol=tcp src-address=192.168.1.0/24 dst-port=25 comment"Redirect SMTP to smtp.iburst.co.za"
You are adding a destination nat rule to some 196 number (is that the destination mail server?) to port 25 which is of course SMTP, the protocol, then you specify the source address subnet. In my case it would be 0.0.0.0/0 from ether2. Then you add a comment.
Now in my case the 196.30.31.207 would not be the email server it would be another router on the network (a secondary gateway sort of).
So would I need to specify the src-address if it would be implied as 0.0.0.0/0?
I don't think this would work. I need 3 components here really. I need to intercept all traffic 0.0.0.0/0 on ether1 with a destination of mail.myserver.com and route it to router B (example 10.10.10.1) How would i accomplish that?
Can you explain how this works?
In my case I would use ether1 as the gateway wan side, and ether2 as the lan side.
Code:
/ip firewall nat add chain=dstnat action=dst-nat to-addresses=196.30.31.207 to-ports=25
protocol=tcp src-address=192.168.1.0/24 dst-port=25 comment"Redirect SMTP to smtp.iburst.co.za"
You are adding a destination nat rule to some 196 number (is that the destination mail server?) to port 25 which is of course SMTP, the protocol, then you specify the source address subnet. In my case it would be 0.0.0.0/0 from ether2. Then you add a comment.
Now in my case the 196.30.31.207 would not be the email server it would be another router on the network (a secondary gateway sort of).
So would I need to specify the src-address if it would be implied as 0.0.0.0/0?
I don't think this would work. I need 3 components here really. I need to intercept all traffic 0.0.0.0/0 on ether1 with a destination of mail.myserver.com and route it to router B (example 10.10.10.1) How would i accomplish that?
Re: Selective Destination Routing
Also I haven't used a web proxy with mikrotik yet. I know there is functionality built in but obviously on a routerboard without a hard drive this would be useless. I'd have to redirect it to a real web proxy for that to work right?
-
-
jimbojones
Frequent Visitor
- Posts: 59
- Joined:
Re: Selective Destination Routing
/ip firewall mangle add chain=prerouting src-address=0.0.0.0/0 dst-address=x.x.x.x dst-port=25 protocol=tcp action=mark-routing new-routing-mark="gatewayB"I don't think this would work. I need 3 components here really. I need to intercept all traffic 0.0.0.0/0 on ether1 with a destination of mail.myserver.com and route it to router B (example 10.10.10.1) How would i accomplish that?
/ip route add dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-mark="gatewayB"
x.x.x.x being the IP address of the mail server
Any traffic you wanted to sent to gatewayB now, you just mark.
Hope that helps
Jimbo
Last edited by jimbojones on Thu May 14, 2009 6:19 pm, edited 2 times in total.
Re: Selective Destination Routing
Don't confuse proxy with cache. You can still use a proxy without caching anything.Also I haven't used a web proxy with mikrotik yet. I know there is functionality built in but obviously on a routerboard without a hard drive this would be useless. I'd have to redirect it to a real web proxy for that to work right?
Re: Selective Destination Routing
Thanks I had just come to that conclusion about using routing marks when I was playing with this router and I came to post it here and you beat me to it. Thanks! This firewall stuff is starting to click/ip firewall mangle add chain=prerouting src-address=0.0.0.0/0 dst-address=x.x.x.x dst-port=25 protocol=tcp action=mark-routing new-routing-mark="gatewayB"I don't think this would work. I need 3 components here really. I need to intercept all traffic 0.0.0.0/0 on ether1 with a destination of mail.myserver.com and route it to router B (example 10.10.10.1) How would i accomplish that?
/ip route add dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-mark="gatewayB"
x.x.x.x being the IP address of the mail server
Any traffic you wanted to sent to gatewayB now, you just mark.
Hope that helps
Jimbo
Re: Selective Destination Routing
Ahhh. I usually do assume a proxy is a cache. I'm going to look into some docs for that too. Thanks.Don't confuse proxy with cache. You can still use a proxy without caching anything.Also I haven't used a web proxy with mikrotik yet. I know there is functionality built in but obviously on a routerboard without a hard drive this would be useless. I'd have to redirect it to a real web proxy for that to work right?
Re: Selective Destination Routing
One more thing, although I think I saw some docs and examples on how to do this.
lets say I have a specific subnet inside the LAN that I want to route to a gatewayB as well.
Would the route be something like
/ip route add dst-address=200.200.200.0/25 gateway=10.10.10.1 <gatewayB
/ip route add dst-address=0.0.0.0/0 gateway=10.10.10.2 <gatewayA (default)
Assuming 10.10.10.2 actually is the default gateway for all traffic except the 200.200.200.0/25 traffic. In other words I just want a specific public range to get routed to a secondary gateway as well. would that be correct up there?
lets say I have a specific subnet inside the LAN that I want to route to a gatewayB as well.
Would the route be something like
/ip route add dst-address=200.200.200.0/25 gateway=10.10.10.1 <gatewayB
/ip route add dst-address=0.0.0.0/0 gateway=10.10.10.2 <gatewayA (default)
Assuming 10.10.10.2 actually is the default gateway for all traffic except the 200.200.200.0/25 traffic. In other words I just want a specific public range to get routed to a secondary gateway as well. would that be correct up there?
-
-
jimbojones
Frequent Visitor
- Posts: 59
- Joined:
Re: Selective Destination Routing
One more thing, although I think I saw some docs and examples on how to do this.
lets say I have a specific subnet inside the LAN that I want to route to a gatewayB as well.
Would the route be something like
/ip route add dst-address=200.200.200.0/25 gateway=10.10.10.1 <gatewayB
/ip route add dst-address=0.0.0.0/0 gateway=10.10.10.2 <gatewayA (default)
Assuming 10.10.10.2 actually is the default gateway for all traffic except the 200.200.200.0/25 traffic. In other words I just want a specific public range to get routed to a secondary gateway as well. would that be correct up there?
Erm.. No.
Your default gateway, is the gateway that all traffic, that hasn't another rule goes too. Any other traffic has to be handled by a mangling rule with a packet mark that matches a routing rule (as shown in my previous post)
If you want a specific subnet of your internal network routed via a specific (non-default) gateway, then you need to setup a source route (as per previous example) except you need to specify the src-address to be the network you want to be affected.
Jimbo
-
-
noviceTiker
just joined
- Posts: 1
- Joined:
Re: Selective Destination Routing
I am not sure if this is right topic to ask a question because I am completely noob for RouterOS but not for computers in general...
I have Mikrotik with Router OS 5.4 and several ADSL lines with balancing bandwidth...
I wish to set it up to go to the destination IP address (webmail server) always via same ADSL.
Please tell me how to do it or tell me what should I google for to find an answer.
I understand that the best solution is to hire an IT expert to set things up but it's not the solution at the moment...
I have Mikrotik with Router OS 5.4 and several ADSL lines with balancing bandwidth...
I wish to set it up to go to the destination IP address (webmail server) always via same ADSL.
Please tell me how to do it or tell me what should I google for to find an answer.
I understand that the best solution is to hire an IT expert to set things up but it's not the solution at the moment...