Community discussions

MikroTik App
 
bes
just joined
Topic Author
Posts: 20
Joined: Fri Feb 24, 2006 10:01 pm

2 ISP in 1 LAN and policy routing

Sun May 07, 2006 11:11 pm

Hi,
p2p trafic coming by default route gateway 1.
All other trafic coming by policy route gateway 2.
When i match only 80 TCP port, policy route work good and www coming from gateway2.
And when i matching by mt example all trafic and added policy route internet not work.
this is example from mikrotik homepage
Notes
You can use policy routing even if you use masquerading on your private networks. The source address will be the same as it is in the local network. In previous versions of RouterOS the source address changed to 0.0.0.0

It is impossible to recognize peer-to-peer traffic from the first packet. Only already established connections can be matched. That also means that in case source NAT is treating Peer-to-Peer traffic differently from the regular traffic, Peer-to-Peer programs will not work (general application is policy-routing redirecting regular traffic through one interface and Peer-to-Peer traffic - through another). A known workaround for this problem is to solve it from the other side: making not Peer-to-Peer traffic to go through another gateway, but all other useful traffic go through another gateway. In other words, to specify what protocols (HTTP, DNS, POP3, etc.) will go through the gateway A, leaving all the rest (so Peer-to-Peer traffic also) to use the gateway B (it is not important, which gateway is which; it is only important to keep Peer-to-Peer together with all traffic except the specified protocols)

Example
To add the rule specifying that all the packets from the 10.0.0.144 host should lookup the mt routing table:

[admin@MikroTik] ip firewall mangle add action=mark-routing new-routing-mark=mt \
\... chain=prerouting
[admin@MikroTik] ip route> add gateway=10.0.0.254 routing-mark=mt
[admin@MikroTik] ip route rule> add src-address=10.0.0.144/32 \
\... table=mt action=lookup
[admin@MikroTik] ip route rule> print
Flags: X - disabled, I - invalid
0 src-address=192.168.0.144/32 action=lookup table=mt
[admin@MikroTik] ip route rule>
 
advantz
Member Candidate
Member Candidate
Posts: 187
Joined: Thu Jul 08, 2004 4:11 am

Mon May 08, 2006 8:10 am

my thought of commands :
/ip firewall nat add chain=srcnat src-address=10.0.0.144/32 to-src-address=10.0.0.x action=src-nat

/ip firewall mangle add chain=prerouting src-address=10.0.0.144/32 action=mark-routing new-routing-mark=mt

/ip route add gateway=10.0.0.254 routing-mark=mt
 
rz8168
newbie
Posts: 43
Joined: Tue Jun 01, 2004 2:10 pm

Tue May 09, 2006 10:46 pm

Can you try this?

/ip firewall mangle add chain=prerouting src-address=10.0.0.144/32 action=mark-routing new-routing-mark=mt-p2p p2p=all-p2p

/ip firewall mangle add chain=prerouting src-address=10.0.0.144/32 action=mark-routing new-routing-mark=mt

/ip route add gateway=10.0.0.253 routing-mark=mt-p2p comment="gateway 1"
/ip route add gateway=10.0.0.254 routing-mark=mt comment="gateway2"
 
valens
Trainer
Trainer
Posts: 246
Joined: Tue Jun 01, 2004 5:42 pm
Location: INDONESIA
Contact:

Wed May 10, 2006 12:43 am

If you want certain traffic goes and back on the same pipe, you need to do SRC-NAT to IP Address given from that ISP. You can not just route the traffic, unless you do BGP and you can choose which IP blocks advertise though one ISP and another ISP.
 
dannyboy
Member Candidate
Member Candidate
Posts: 195
Joined: Fri Sep 16, 2005 4:21 am
Location: Nicaragua/USA
Contact:

Mon May 15, 2006 8:07 pm

Hello,

I think i am getting close to what I want to do!! I think policy routing is my solution but need clarification and explanation on how I would do this. I have 30 clients and two ISPs. I also use pppoe to connect my clients. I was thinking of creating two ip pools and two profiles. Profile #1 with ip pool #1 "192.168.10.20-192.168.10.35" and profile #2 with ip pool "192.168.100.20-192.168.100.15". Now what I dont know how to do is to tell the MT router to check if ip is from network 192.168.10.0/24 and send that traffic to gatway #1 and the same for the other ip. Is this clear to you? Its hard for me to explain.

Daniel

Who is online

Users browsing this forum: Google [Bot], jebz, Wangz, yanpi and 38 guests