Community discussions

MikroTik App
  4. RouterOS
  5. General

separate netwoks

Post Reply
 
eghtedari2000
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Tue Aug 11, 2009 10:11 am

separate netwoks

Thu Jan 06, 2011 3:23 pm

hi

i have 2 range of ip

172.17.5.0/24 and 192.17.6.0/28

i want to mangle these, can you please say me in source address with which character , i can separate them form together?

thanks
Top
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6703
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:
Contact sergejs

Re: separate netwoks

Thu Jan 06, 2011 3:27 pm

1) Use address-list, if you need one mangle rule for both subnets.
Add both networks to /ip firewall address-list, set one mangle rule with src-address-list.

2) Create two mangle rules with the same mark-connection/mark-packet.
Top
 
eghtedari2000
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Tue Aug 11, 2009 10:11 am

Re: separate netwoks

Thu Jan 06, 2011 3:33 pm

1) Use address-list, if you need one mangle rule for both subnets.
Add both networks to /ip firewall address-list, set one mangle rule with src-address-list.

2) Create two mangle rules with the same mark-connection/mark-packet.

i know

but i wanted to know in source address i separate them with comma, or dash or ...?
Top
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6703
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:
Contact sergejs

Re: separate netwoks

Thu Jan 06, 2011 3:37 pm

You can use only range there,

Code: Select all
ip firewall mangle add src-address=

SrcAddress ::= [!]Range
  Range ::= A.B.C.D[-A.B.C.D |0..32 |/A.B.C.D ]    (IP address range)
To use one mangle rule for both networks, use address-list.
Top
 
eghtedari2000
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Tue Aug 11, 2009 10:11 am

Re: separate netwoks

Thu Jan 06, 2011 3:39 pm

You can use only range there,

Code: Select all
ip firewall mangle add src-address=

SrcAddress ::= [!]Range
  Range ::= A.B.C.D[-A.B.C.D |0..32 |/A.B.C.D ]    (IP address range)
To use one mangle rule for both networks, use address-list.
can you type the sample for me with my ip addresses that i said in top, and the way that i should type in GUI?

also i think press ! beside ranges

thanks
Top
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: separate netwoks

Thu Jan 06, 2011 4:01 pm

Code: Select all
/ip firewall address-list
add list=whatever address=172.17.5.0/24
add list=whatever address=192.17.6.0/28
/ip firewall mangle
add chain=prerouting action=accept src-address-list=whatever
Paste that into the terminal window of the GUI and then inspect the things the commands created in the GUI to figure out how to create others like them via the GUI.
Top
 
eghtedari2000
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Tue Aug 11, 2009 10:11 am

Re: separate netwoks

Fri Jan 07, 2011 8:05 am

Code: Select all
/ip firewall address-list
add list=whatever address=172.17.5.0/24
add list=whatever address=192.17.6.0/28
/ip firewall mangle
add chain=prerouting action=accept src-address-list=whatever
Paste that into the terminal window of the GUI and then inspect the things the commands created in the GUI to figure out how to create others like them via the GUI.
hi, thanks alot, good way.

can you please say me in one mangle rule, how can i put more than 1 protocol, for example, both gre and ipsec and tcp?

thanks
Top
 
negge
newbie
Posts: 43
Joined: Fri Jul 10, 2009 11:05 am

Re: separate netwoks

Fri Jan 07, 2011 3:10 pm

can you please say me in one mangle rule, how can i put more than 1 protocol, for example, both gre and ipsec and tcp?
You can't. You will need one rule per protocol. Just copy a previous rule then change the protocol type and you'll be fine.
Top
Post Reply
  4. RouterOS
  5. General