Community discussions

MikroTik App
 
Romell
newbie
Topic Author
Posts: 42
Joined: Fri Aug 28, 2020 4:21 pm

Source based routing issue

Wed Aug 10, 2022 12:25 am

Hello,

I'm trying to use Source based routing on Mikrotik


So if I receive any packet from for example 4.4.4.0/24 the next hop should be the tunnel interface ?

Till this moment every time I try to configure I receive this error

Image

please if anyone can help me

Thanks in advance
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Source based routing issue

Wed Aug 10, 2022 12:46 am

You need to create new routing table with route pointing to tunnel interface, and then mark routing for selected traffic, e.g.:
/routing table
add name=via-tunnel fib
/ip route
add dst-address=0.0.0.0/0 gateway=<tunnel interface>
/ip firewall mangle
add chain=prerouting src-address=4.4.4.0/24 action=mark-routing new-routing-mark=via-tunnel
Or using routing rules instead of mangle rules:
/routing rule
add src-address=4.4.4.0/24 action=lookup table=via-tunnel
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Source based routing issue

Wed Aug 10, 2022 1:35 am

Sob why do you need to mangle....
isnt is sufficient to create the table,, the route and the Routing Rule ?? Thankfully no proxy required ;-P
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Source based routing issue

Wed Aug 10, 2022 2:09 am

OP started with mangle rule, so I kept that. See it as option a). Or there's routing rule as option b). Both will work. Which one is better depends on other requirements.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Source based routing issue

Wed Aug 10, 2022 2:15 am

I see, so the lemming jumps off the cliff so you follow ;-)
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Source based routing issue

Wed Aug 10, 2022 10:29 am

Till this moment every time I try to configure I receive this error
The error message is quite clear - it is impossible for a rule in a prerouting chain to match on an outgoing interface name, simply because the outgoing interface name cannot be known before routing has been done. The very purpose of your mangle rule is to tell the router to use a particular routing table for matching packets as @Sob explained.

So maybe the confusion comes from the fact that the syntax of the firewall rules doesn't clearly distinguish between match conditions and action parameters, so you've got an impression that the mangle rule can set an outgoing interface rather than match on it? There actually is a possibility to completely bypass the standard routing using a mangle rule with action=route, but it's a really unusual way of doing things (and it indicates an IP address of a gateway, not a name of out-interface).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Source based routing issue

Wed Aug 10, 2022 2:22 pm

Geez I didnt notice that and it was even in BIG PRINT.

Never heard of mangling right to route action, very interesting.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Source based routing issue

Wed Aug 10, 2022 9:26 pm

@anav: You don't usually need action=route. Previously it was the only way how to route packets with local destination address elsewhere (*1), because in normal routing process, handling of local destinations were hardcoded to always go to router itself. In latest v7 they changed it and gave routing marks maximum priority, so you can just mark routing and if route in that table points elsewhere, it will be used.

--
(*1) Make them go to forward and to other router, instead of to input and to this router. It's generally weird thing to do, but sometimes you can find some use for that.

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], rplant and 63 guests