Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Routing decision question

Locked
 
rowland
just joined
Topic Author
Posts: 11
Joined: Sun Nov 13, 2011 7:49 pm

Routing decision question

Tue Dec 13, 2011 7:58 pm

I'm looking at http://wiki.mikrotik.com/wiki/Packet_Flow#Diagram Layer 3 diagram. I'm trying to figure out why a routing decision is made to move a particular packet from the Prerouting to Input instead of Forward.

The general topology is LAN <--> RB450G <--> ISP with a PPPoE connection to the ISP. Let the IP provided by the PPPoE server be XXX.XXX.XXX.XXX. I've created dst-nat rules so that external XXX.XXX.XXX.XXX:PORT requests get redirected to an internal server. I've verified that Http connection requests to XXX.XXX.XXX.XXX:PORT from the ISP side of the RB450G work correctly. I'm trying to establish an http connection to XXX.XXX.XXX.XXX:PORT from the LAN side of the router and want the request to be routed to the ISP and then be a connection request from the ISP. But the packet moves from Preroute to Input instead of moving to Forward. The following log entries show this.
Code: Select all
echo: firewall,info input: in:ether3-LAN out:(none), proto TCP (SYN), 192.168.1.25
:49217->XXX.XXX.XXX.XXX:PORT, len 48
echo: firewall,info output: in:(none) out:ether3-LAN, proto TCP (ACK,RST), XXX.XXX.XXX.XXX:PORT->192.168.1.25:49217, len 40

/IP ROUTE looks like.
Code: Select all
#         DST-ADDRESS        PREF-SRC       GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                                  10.0.6.1                     1
 1 ADC  10.0.6.1/32        XXX.XXX.XXX.XXX  pppoe                     0
 2 ADC  192.168.1.0/24     192.168.1.2     ether3-LAN                 0
This only happens for XXX.XXX.XXX.XXX (i.e. the IP provided by the PPoE Server). E.G. the packet for an internal connection request for XXX.XXX.XXX.XXX+1:PORT gets moved from Preroute to Forward.

Can anyone tell me how to do this?
Top
 
blake
Member
Member
Posts: 426
Joined: Mon May 31, 2010 10:46 pm
Location: Arizona

Re: Routing decision question

Thu Dec 15, 2011 5:41 am

It goes to the input chain because the dst-address is an IP that is local to the router.

You haven't described your topology in great detail. But, I would assume you're looking for this. http://wiki.mikrotik.com/wiki/Hairpin_NAT
Top
 
rowland
just joined
Topic Author
Posts: 11
Joined: Sun Nov 13, 2011 7:49 pm

Re: Routing decision question

Thu Dec 15, 2011 5:34 pm

It goes to the input chain because the dst-address is an IP that is local to the router.

You haven't described your topology in great detail. But, I would assume you're looking for this. http://wiki.mikrotik.com/wiki/Hairpin_NAT
Thanks,

I had seen http://wiki.mikrotik.com/wiki/Hairpin_NAT but that wasn't quite what I wanted. I wanted the packet to actually go to the ISP and then have the ISP route the packet back to my router.

I had tried putting in an IP route with a dst address of the ISP, but that seems to have been ignored in favor of the fact that the IP is local to the router. Is there any way to know how the "Routing Decision" box in http://wiki.mikrotik.com/wiki/Packet_Flow#Diagram makes decisions?
Top
Locked
  4. RouterOS
  5. Beginner Basics