Community discussions

MikroTik App
 
woodych
just joined
Topic Author
Posts: 19
Joined: Fri Nov 12, 2021 7:09 pm

Mangle: route-mark on output, not working

Thu Jun 23, 2022 5:47 pm

Hi Gang

I am struggling with policy routing and I feel like something is not working as expected.

To put it very simple, I want traffic from the Wireguard Server to ALWAYS be sent out a specific interface or even better would be, through the interface through which the incoming wireguard packet was received.

So let's assume my wireguard server runs under 192.168.77.1:13231 which is active on eth0.

I created a FIB routing table 'VIA ETH0' containing a default route to Interface %ETH0

I added a mangle rule on the OUTPUT chain to add a routing mark "VIA ETH0' on packets matching:
Protocol: udp
source-ip: 192.168.77.1
source-port: 13231

To my understanding, that should be good enough for that routing table and thus the route via ETH0 to be selected on packets originating from the wireguard server.

But unfortunately packets are routed via the default route find in the 'main' routing table.

Only when I add a routing rule to match source: 192.168.77.1 and lookup table 'VIA ETH0' my packets leave the interface I wish, but all other locally generated traffic too and that is not what I want.
Adding a routing rule to match the routing mark does nothing.

What could I be doing wrongly?

At the end, I want to make sure I send replies to wireguard clients on that interface I am receiving traffic from those clients and could be using connection marks for this.

-Benoit-
 
pe1chl
Forum Guru
Forum Guru
Posts: 10197
Joined: Mon Jun 08, 2015 12:09 pm

Re: Mangle: route-mark on output, not working

Thu Jun 23, 2022 7:21 pm

Does it work when you add the preferred source address 192.168.77.1 to the route(s) in the new table?

Who is online

Users browsing this forum: GoogleOther [Bot] and 44 guests