Route voip traffic out different gateway

Zapnologica · Sat May 24, 2014 4:25 pm

I currently have one PPPoE client which all my internet traffic is routed through,

We have just added a PBX to our network which makes use of SIP trunks via the internet. It has been working good.

We have decided to get another DSL line in to run the voip on only as we did experience some jitter when people where downloading etc on the main line.

My Question is now how do I route all the sip traffic to the other gateway.

I think it will be sufficient to identify the data by the pbx ip address which is 192.168.1.30.

So far I have tried this:

Mangle:
preroute , src = 192.168.1.30 , action- mark-packet "Voip_Route"

I then added a route
gateway PPoE2 routing mark "VoIP_Route"

and I added a masqurade for the PPoe2

It didnt appear to work as my sip trunks could no longer dial?

rextended · Sat May 24, 2014 4:27 pm

Too much generic,

put "/export compact on the forum"

Zapnologica · Sat May 24, 2014 8:55 pm

Sorry,

Im running a CRS125-24G-1S

[admin@Mikrotik Switch] /ip firewall> export compact
# may/24/2014 19:54:28 by RouterOS 6.13
# software id = 06KF-35VW
#
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add chain=input comment="PPTP config" dst-port=1723 protocol=tcp
add chain=input comment="PPTP config" dst-port=500 protocol=udp
add chain=input protocol=gre
add chain=input comment="L2TP VPN" protocol=ipsec-esp
add action=drop chain=input comment="default configuration" disabled=yes in-interface=ether1-gateway1
add action=drop chain=input comment="default configuration" disabled=yes in-interface=sfp1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=input disabled=yes in-interface=ADSL port=22 protocol=tcp
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=VoIP_Route src-address=192.168.1.30
add action=mark-packet chain=forward comment="SIP UDP" new-packet-mark=SIP passthrough=no port=5060 protocol=udp
add action=mark-packet chain=forward comment=RDP new-packet-mark=RPD passthrough=no port=3389 protocol=tcp
add action=mark-packet chain=forward comment="Other Data" new-packet-mark=other_data
/ip firewall nat
add action=masquerade chain=srcnat comment="NAT - Masq 3G" out-interface=3G
add action=masquerade chain=srcnat comment="NAT - Masq VoiP" out-interface="VoIP DSL"
add action=masquerade chain=srcnat comment="NAT - Masq DSL" out-interface=ADSL
add action=masquerade chain=srcnat comment=NAT
add action=dst-nat chain=dstnat comment=IAX2 dst-port=4569 in-interface=ADSL protocol=udp to-addresses=192.168.1.30 to-ports=4569
add action=dst-nat chain=dstnat comment="IAX2 TCP" dst-port=4569 in-interface=ADSL protocol=tcp to-addresses=192.168.1.30 to-ports=4569
add action=dst-nat chain=dstnat comment="SIP 5060 UDP" dst-port=5060 in-interface=ADSL protocol=udp to-addresses=192.168.1.30 to-ports=5060
add action=dst-nat chain=dstnat comment="SIP 5060 TCP" dst-port=5060-5061 in-interface=ADSL protocol=tcp to-addresses=192.168.1.30 to-ports=5060-5061
add action=dst-nat chain=dstnat comment="SIP 5004 UDP" in-interface=ADSL port=5004 protocol=udp to-addresses=192.168.1.30 to-ports=5004
add action=dst-nat chain=dstnat comment="SIP RTP Ports" dst-port=10000-20000 in-interface=ADSL protocol=udp to-addresses=192.168.1.30 to-ports=10000-20000
add action=dst-nat chain=dstnat comment="554 TCP" dst-port=554 in-interface=ADSL protocol=tcp to-addresses=192.168.1.240 to-ports=554
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes

/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=VoIP_Route src-address=192.168.1.30
add action=mark-packet chain=forward comment="SIP UDP" new-packet-mark=SIP passthrough=no port=5060 protocol=udp
add action=mark-packet chain=forward comment=RDP new-packet-mark=RPD passthrough=no port=3389 protocol=tcp
add action=mark-packet chain=forward comment="Other Data" new-packet-mark=other_data

[admin@Mikrotik Switch] /interface pppoe-client> export compact
# may/24/2014 19:57:31 by RouterOS 6.13
# software id = 06KF-35VW
#
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="Mweb Uncapped Adsl Internet Connection" dial-on-demand=no disabled=no interface=\
ether1-gateway1 keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=1600 name=ADSL password=password profile=default service-name="" use-peer-dns=yes \
user=user
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="VoIP ADSL Line" dial-on-demand=no disabled=no interface=ether2-gateway2 \
keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=1600 name="VoIP DSL" password=password profile=default service-name="" use-peer-dns=no user=\
user
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=ether2-gateway2 keepalive-timeout=60 max-mru=1480 \
max-mtu=1480 mrru=1600 name="telkom guest" password=guest1 profile=default service-name="" use-peer-dns=no user=guest1@telkomadsl

rextended · Sat May 24, 2014 9:18 pm

(replace username and password on the export on previous post...)

I know: the privacy is important,
but if you not post full "/export compact", you miss to export address, bridge, route, etc. configuration.
with only the export you have made, is impossible to have all the situation clear.

I hope someone can help you.

By.

Zapnologica · Sat May 24, 2014 10:51 pm

I did do that at first but it was pretty large.

Thanks for the pw alert. I didnt notice that.

But even if some can explain the theory to me and I will apply it. I want to route one client through a different internet gateway.

So my whole network users gateway1 and 192.168.1.30 uses gateway2. How do I do that?

From what I have read I need to do policy routing of some sort.

rextended · Sun May 25, 2014 1:28 am

the theory is simple:

supposed:
1) no one other settings are wrong
2) all work flawlessly
3) there are no other rule than contraddict

you can
1)You must mark route on prerouting chain coming from the source you want redirected.
2)on route table you can add 0.0.0.0/0 --> IP isp2 where routing mark=the mark
3)if needed you must masquerade src=source want redirect out=isp2 ethernet

Zapnologica · Mon May 26, 2014 7:45 pm

Ok I currently have what you have mentioned.

I have finally compiled the complete export and attached it,

Thanks for the help,
I appreciate it allot.

Zapnologica · Mon Jun 02, 2014 10:08 am

the theory is simple:

supposed:
1) no one other settings are wrong
2) all work flawlessly
3) there are no other rule than contraddict

you can
1)You must mark route on prerouting chain coming from the source you want redirected.
2)on route table you can add 0.0.0.0/0 --> IP isp2 where routing mark=the mark
3)if needed you must masquerade src=source want redirect out=isp2 ethernet

Just a question,

Do I not have to Mark OTHER traffic and the route it through isp1 ?

Cause currently I am only marking traffic for ISP2,

But then in the routes table, there is a route for ISP1. Does Routes first match one with packet marks, then only match routes without packet marks?

rextended · Mon Jun 02, 2014 11:38 am

>>>Do I not have to Mark OTHER traffic and the route it through isp1 ?
not, unmarked route go through default routeon isp1

>>>But then in the routes table, there is a route for ISP1.
it's nomal, must be defined the default route

>>>Does Routes first match one with packet marks, then only match routes without packet marks?
i do not understand this queston, but route marked still marked, if this what you intend.

Zapnologica · Mon Jun 02, 2014 10:16 pm

Sorry, My question was abit ambigious.

What i mean is:

I have two routes:

1: no packet mark, distance 1, gateway = isp1
2: packet mark "Voip", distance 2, gateway = isp2

Now I mark traffic in MANGLE prerouting from src address 192.168.1.30 with a route mark of "Voip"

What stops these packets from going our route 1, as it still meets route 1 criteria?

So my question was. In the route table , does it try match routes with a packet mark first, then only match routes with no packet mark? Other wise why does my marked packets not go out route 1?

Zapnologica · Mon Jun 02, 2014 10:42 pm

OK I have been testing and my routing seems to be working correctly.

I added a desktop computer to my mangle rule and it can use ISP2 happily.

But now I still have not solved my issue, The main reason for this was to make my voip pbx run on the second line.

The minute I switch over the pbx to use isp2, my sip trunks both die. they go from registered to trying.
I am using a grandstream UCM6102

I have the same nat rules for both interfaces ISP1 and ISP2

What could I be missing?

Surely the Sip trunks data will still be caught by my mangle rule?

Route voip traffic out different gateway

Route voip traffic out different gateway

Re: Route voip traffic out different gateway

Re: Route voip traffic out different gateway

Re: Route voip traffic out different gateway

Re: Route voip traffic out different gateway

Re: Route voip traffic out different gateway

Re: Route voip traffic out different gateway

Re: Route voip traffic out different gateway

Re: Route voip traffic out different gateway

Re: Route voip traffic out different gateway

Re: Route voip traffic out different gateway

Who is online