Community discussions

MikroTik App
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Mangling routing

Wed Nov 21, 2012 10:45 pm

Hi

I setup a mangle rule to place a routing mark on all traffic
emanating from a specific subnet e.g. 192.168.11.0/24.

Then I used this routing mark in a route to direct this traffic
towards a specific gateway.

I was surprised that I also had to specify a protocol and destination
port n° (e.g. tcp 80) else the traffic wasn't properly routed.

I saw the packet count increment as the traffic was being mangled
but the routing didn't actually occur.

Is there a minimum number of details that one must specify
for the mangling/routing to operate properly ?

thanks

yann
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1071
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: Mangling routing

Thu Nov 22, 2012 2:51 pm

You need to post your configuration about the issue, so we can look at it.
It should be something like this:
/ip firewall mangle
add chain=prerouting sr-address=192.168.11.0/24 action=mark-connection new-connection-mark=whatever
add chain=prerouting connection-mark=whatever action=mark-routing new-routing-mark=whatever
/ip route
add dst-address=0.0.0.0/0 gateway=your_gateway routing-mark=whatever
-Toni-
Don't crash the ambulance, whatever you do
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: Mangling routing

Wed Nov 28, 2012 9:10 am

(sorry for the delay)

/ip firewall mangle add action=mark-routing chain=prerouting disabled=no in-interface=\
"ether4 - Admin Switch" new-routing-mark=adminsw passthrough=yes \
src-address=192.168.1.0/24

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xxx.xxx.xxx.xxx \
routing-mark=adminsw scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.150.1 scope=\
30 target-scope=10
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1071
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: Mangling routing

Fri Nov 30, 2012 8:23 pm

(sorry for the delay)

/ip firewall mangle add action=mark-routing chain=prerouting disabled=no in-interface=\
"ether4 - Admin Switch" new-routing-mark=adminsw passthrough=yes \
src-address=192.168.1.0/24

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xxx.xxx.xxx.xxx \
routing-mark=adminsw scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.150.1 scope=\
30 target-scope=10
The network you are trying to route is 192.168.1.0 or 192.168.11.0? Because, in your first post you have stated that wanted to route the 192.168.11.0/24 network, while in your configuration you have specified the network 192.168.1.0/24.
Ether4, is a slave port or is a stand alone port?
-Toni-
Don't crash the ambulance, whatever you do
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Mangling routing

Fri Nov 30, 2012 10:09 pm

Are you sure you want passthrough=yes? If any later rule matches it could be overwriting the routing mark which might explain your symptoms.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
samsung172
Forum Guru
Forum Guru
Posts: 1186
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: Mangling routing

Sat Dec 01, 2012 3:53 am

have a /ip route rule to do this.
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: Mangling routing

Mon Dec 03, 2012 4:01 pm

Caci99: 192.168.1.0/24
CelticComms: true, hadn't thought of that (though in our present scenario this wouldn't be an issue)
samsung172: thanks for the contribution

I finally replaced the ADSL modem that was acting as default gateway
- the mangling routing rule operated properly after that - go figure

thanks for your help

Who is online

Users browsing this forum: Google [Bot] and 160 guests