MikroTik

Community discussions
https://forum.mikrotik.com/

this simple mark packet and routing wont work

https://forum.mikrotik.com/viewtopic.php?t=89678

Page 1 of 1

this simple mark packet and routing wont work

Posted: Mon Sep 29, 2014 1:41 pm
by Azma
Hello. This is my first post. Nice to meet you all.

i'm facing with this strange thing and can't imagine why the following rule doesn't working.

basic info:
i have public interface.
1. telkom1
2. telkom2
3. telkom3

i have 1 default route rule and 3 route rules with routing mark.
Code: Select all
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 A S  dst-address=0.0.0.0/0 gateway=telkom3 gateway-status=telkom3 reachable distance=20 
        scope=30 target-scope=10 routing-mark=route3 

 1 A S  dst-address=0.0.0.0/0 gateway=telkom1 gateway-status=telkom1 reachable distance=20 
        scope=30 target-scope=10 routing-mark=route1 

 3 A S  dst-address=0.0.0.0/0 gateway=telkom2 gateway-status=telkom2 reachable distance=20 
        scope=30 target-scope=10 routing-mark=route2 

 4 A S  ;;; Default Route
        dst-address=0.0.0.0/0 gateway=telkom2 gateway-status=telkom2 reachable distance=1 
        scope=30 target-scope=10
and i had the following mangle rules
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; INPUT active
      chain=input action=mark-packet new-packet-mark=telkom1 passthrough=yes 
      in-interface=telkom1 log=no log-prefix="" 

 1    chain=input action=mark-packet new-packet-mark=telkom2 passthrough=yes 
      in-interface=telkom2 log=no log-prefix="" 

 2    chain=input action=mark-packet new-packet-mark=telkom3 passthrough=yes 
      in-interface=telkom3 log=no log-prefix="" 

 3    ;;; OUTPUT active
      chain=output action=mark-routing new-routing-mark=telkom1 passthrough=yes 
      packet-mark=telkom1 log=no log-prefix="" 

 4    chain=output action=mark-routing new-routing-mark=telkom2 passthrough=yes 
      packet-mark=telkom2 log=no log-prefix="" 

 5    chain=output action=mark-routing new-routing-mark=telkom3 passthrough=yes 
      packet-mark=telkom3 log=no log-prefix=""
explanation:
rule#0~2
catch input packet to telkom1 interface and marking as "telkom1" and so on.

rule#3~5
create PBR for packet that have been marked through several public interface telkom1,telkom2 and telkom3.

problem was:
1. PBR doesn't working. tried to access server web by open ip that owned by interface telkom3.
2. i saw on input chain, bytes and packet are show the counting number, but on output rule doesn't

ask:
please help what rules are wrong?

thank you very much.

Re: this simple mark packet and routing wont work

Posted: Tue Sep 30, 2014 7:15 pm
by Azma
Anyone help me please.

Re: this simple mark packet and routing wont work

Posted: Tue Sep 30, 2014 11:51 pm
by psamsig
You need to use connection-marks instead of packet-marks, it is the outgoing packet (as part of a connection) you wanna mark for routing.

Re: this simple mark packet and routing wont work

Posted: Wed Oct 01, 2014 2:37 pm
by Azma
thanks Psamsig for your reply.

i tried to change the marking to connection mark, but no packets and bytes are counted on mark routing rules.
any solution?

thanks.

Re: this simple mark packet and routing wont work

Posted: Wed Oct 01, 2014 11:14 pm
by psamsig
This may help you in the right direction:
Code: Select all
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=telkom1 new-connection-mark=telkom1 \
    passthrough=no
add action=mark-routing chain=output connection-mark=telkom1 \
    new-routing-mark=route1 passthrough=no

add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=telkom2 new-connection-mark=telkom2 \
    passthrough=no
add action=mark-routing chain=output connection-mark=telkom2 \
    new-routing-mark=route2 passthrough=no

add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=telkom3 new-connection-mark=telkom3 \
    passthrough=no
add action=mark-routing chain=output connection-mark=telkom3 \
    new-routing-mark=route3 passthrough=no

Re: this simple mark packet and routing wont work

Posted: Thu Oct 02, 2014 3:02 pm
by Azma
it is still doesn't working. bytes and packets still not counted. :(

i will test v5.xx for this case to make sure nothing made wrong on rules, previously it was worked on v5.xx.
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/