Community discussions

MikroTik App
 
wwj
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Mon May 05, 2014 6:37 am

Policy-Route Depends on default route ?

Wed Mar 15, 2023 4:59 am

Policy-Route-Bug?
Policy-Route-BUG.jpg
In this topology
ROS1>/ip add address=13.0.0.1/24 interface=vlan3013
ROS1>/ip add address=12.0.0.1/24 interface=vlan3012

ROS2>/ip add address=12.0.0.2/24 interface=vlan3012
ROS2>/ip add address=20.0.0.1/24 interface=vlan3020 (gateway for pc 20.0.0.2)

ROS3>/ip add address=13.0.0.3/24 interface=vlan3013
ROS3>/ip add address=30.0.0.1/24 interface=vlan3030 (gateway for pc 30.0.0.2)
We need 2 PCs can connect to ROS1 for ping or winbox , but ros1 just config address to the vlanif , don’t have route to PCs
If could not add PCs route to the routing-table, we just can ues the policy-route to do “source in source out”
ROS1>/ip f m add chain=prerouting action=mark-connection in-interface=vlan3013 new-connection-mark=conn_vlan3013
ROS1>/ip f m add chain=prerouting action=mark-connection in-interface=vlan3012 new-connection-mark=conn_vlan3012
ROS1>/ip f m add chain=output action=mark-routing connection-mark=conn_vlan3013 new-routing-mark=routing_vlan3013
ROS1>/ip f m add chain=output action=mark-routing connection-mark=conn_vlan3012 new-routing-mark=routing_vlan3012
ROS1>/ip rou add gateway=13.0.0.3 routing-mark=routing_vlan3013
ROS1>/ip rou add gateway=12.0.0.2 routing-mark=routing_vlan3012
It doesn't work !!!
but I use other ros (other netwok) to do this test , it has no problem !!!
the config is the same , I spend a lot of time to test , the end I found a bug:
if I set a default route in the ROS1 , Even this route does not really exist
ROS1>/int vlan add name=test vlan-id=2 interface=ether5
ROS1>/ip add address=1.2.3.4/24
ROS1>/ip rou add gw=1.2.3.1
At this time, all policy routes are effective,PCs can connect to ROS1 successfully.

It makes me feel incredible
This is not in line with normal logical thinking
Is this a bug ?
You do not have the required permissions to view the files attached to this post.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7044
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Policy-Route Depends on default route ?

Wed Mar 15, 2023 9:40 am

There is no bug, a destination must be resolvable in the main table too.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19176
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Policy-Route Depends on default route ?

Wed Mar 15, 2023 1:44 pm

Are the routers all acting as routers in one connected setup or at different locations and connected by internet?

It seems your needs only need firewall rules at ROS1 if all connected, and for the latter just use wireguard or zerotier.
 
wwj
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Mon May 05, 2014 6:37 am

Re: Policy-Route Depends on default route ?

Thu Apr 27, 2023 11:38 am

There is no bug, a destination must be resolvable in the main table too.
It's like, originally I wanted to eat a hamburger, all I needed to do was pay the salesperson and he gave me a hamburger; But the current situation is that when you enter the store, someone will ask you, 'Are you here to buy something?' You need to answer 'Yes', otherwise you won't be able to buy a hamburger.
 
wwj
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Mon May 05, 2014 6:37 am

Re: Policy-Route Depends on default route ?

Thu Apr 27, 2023 11:46 am

Are the routers all acting as routers in one connected setup or at different locations and connected by internet?

It seems your needs only need firewall rules at ROS1 if all connected, and for the latter just use wireguard or zerotier.
The router only acts as a bypass to modify some packet parameters. Its data transmission is unidirectional. It has three interfaces, one of which wants to be the management interface. So it just hopes that whoever accesses the management page from this interface will reply from this interface. The main route table does not have a Default route configured, so this story happened

Who is online

Users browsing this forum: adrianmartin16, Ahrefs [Bot], bbd, henleu, Majestic-12 [Bot], mgrlobo, pajapatak, Seekport [Bot], tangent and 88 guests