Community discussions

 
robon
just joined
Topic Author
Posts: 9
Joined: Tue Jul 04, 2017 6:06 am

Redirect Traffic of certain IP/Website to different WAN

Fri Sep 14, 2018 8:21 am

Can i get help on my following query:

I have two WAN connections, lets call them
•WAN1
•WAN2
My LAN is 192.168.1.0/24
In LAN network, I want redirect certain Website IP (suppose) 10.10.10.10 traffic from WAN2 and rest of internet traffic go through WAN1.

I've tried listing Website IP in Address List and creating mangle rule mentioning that Address list in Dst Address List and Mark Route to WAN2, but still no success.

Please help on this.
 
Sob
Forum Guru
Forum Guru
Posts: 3576
Joined: Mon Apr 20, 2009 9:11 pm

Re: Redirect Traffic of certain IP/Website to different WAN

Fri Sep 14, 2018 7:54 pm

Described solution sounds correct, you probably just made some small mistake. Post your config and someone may spot it.
 
robon
just joined
Topic Author
Posts: 9
Joined: Tue Jul 04, 2017 6:06 am

Re: Redirect Traffic of certain IP/Website to different WAN

Sun Sep 16, 2018 8:04 am

Followings is the config.

/ip firewall address-list
add address=10.10.10.10 list=Web

/ip firewall mangle
add action=mark-routing chain=prerouting comment="LAN PC" new-routing-mark=WAN1 passthrough=yes src-address=192.168.1.174
add action=mark-routing chain=prerouting comment="LAN PC" dst-address-list=Web new-routing-mark=WAN2 passthrough=yes src-address=192.168.1.174
 
robon
just joined
Topic Author
Posts: 9
Joined: Tue Jul 04, 2017 6:06 am

Re: Redirect Traffic of certain IP/Website to different WAN

Sun Sep 16, 2018 8:07 am

Followings is the config.

/ip firewall address-list
add address=10.10.10.10 list=Web

/ip firewall mangle
add action=mark-routing chain=prerouting comment="LAN PC" new-routing-mark=WAN1 passthrough=yes src-address=192.168.1.174
add action=mark-routing chain=prerouting comment="LAN PC" dst-address-list=Web new-routing-mark=WAN2 passthrough=yes src-address=192.168.1.174


I tried putting second mangle rule above than first one aswell, that didn't work aswell.
 
sindy
Forum Guru
Forum Guru
Posts: 2514
Joined: Mon Dec 04, 2017 9:19 pm

Re: Redirect Traffic of certain IP/Website to different WAN

Sun Sep 16, 2018 10:38 am

Mangle rules assigning a routing-mark to some packets are just one part of the solution.

The other part are routes marked with the same routing-mark.

The mere fact that the routing-mark name matches an interface name has no effect.

Have a look here, here and here.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
robon
just joined
Topic Author
Posts: 9
Joined: Tue Jul 04, 2017 6:06 am

Re: Redirect Traffic of certain IP/Website to different WAN

Sun Sep 16, 2018 2:40 pm

Mangle rules assigning a routing-mark to some packets are just one part of the solution.

The other part are routes marked with the same routing-mark.

The mere fact that the routing-mark name matches an interface name has no effect.

Have a look here, here and here.
Routes are configured in this way:

/ip route
add check-gateway=ping distance=1 gateway=X.X.X.X routing-mark=WAN1
add check-gateway=ping distance=2 gateway=Y.Y.Y.Y routing-mark=WAN2
add check-gateway=ping comment="WAN1 Gateway" distance=1 gateway=X.X.X.X
add check-gateway=ping comment="WAN2 Gateway" distance=2 gateway=Y.Y.Y.Y

/ip firewall address-list
add address=10.10.10.10 list=Web

/ip firewall mangle
add action=mark-routing chain=prerouting comment="LAN PC" new-routing-mark=WAN1 passthrough=yes src-address=192.168.1.174
add action=mark-routing chain=prerouting comment="LAN PC" dst-address-list=Web new-routing-mark=WAN2 passthrough=yes src-address=192.168.1.174
 
sindy
Forum Guru
Forum Guru
Posts: 2514
Joined: Mon Dec 04, 2017 9:19 pm

Re: Redirect Traffic of certain IP/Website to different WAN

Sun Sep 16, 2018 3:42 pm

What exactly means "no success"? Do you get to the web server at 10.10.10.10 via WAN1, or you don't get to that web at all if the mangle rules are active...?

What does /ip firewall mangle print stats say - do the rules' counters count matching packets?

If you disable all routes except the last one, does all traffic flow via WAN2 or you get nowhere at all?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
robon
just joined
Topic Author
Posts: 9
Joined: Tue Jul 04, 2017 6:06 am

Re: Redirect Traffic of certain IP/Website to different WAN

Mon Sep 17, 2018 3:16 pm

What exactly means "no success"? Do you get to the web server at 10.10.10.10 via WAN1, or you don't get to that web at all if the mangle rules are active...?
When i check the traceroute to 10.10.10.10, it doesn't go from WAN2, it goes from WAN1
If you disable all routes except the last one, does all traffic flow via WAN2 or you get nowhere at all?
In this case 10.10.10.10 goes through WAN2.
 
sindy
Forum Guru
Forum Guru
Posts: 2514
Joined: Mon Dec 04, 2017 9:19 pm

Re: Redirect Traffic of certain IP/Website to different WAN

Mon Sep 17, 2018 3:40 pm

From where do you traceroute? From the Mikrotik itself or from the device with IP address 192.168.1.174?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: jterry801 and 29 guests