Policy based routing - what's wrong?

whitbread · Fri Dec 04, 2015 1:42 pm

What I try to accomlish is policy based routing based on source IP.

I followed http://wiki.mikrotik.com/wiki/Testwiki/ ... ic_routing

Using "Set up routing policy using ip route rule" works fine, but I always get into timeout errors when using "Set up routing policy using ip firewall mangle". I can see packet count going up in the mangle rule but I always run into timeout.

So what is the difference between:

/ip route rule
add disabled=yes dst-address=37.120.169.172/32 table=Routing_VPN_GW

and

/ip firewall mangle
add action=jump chain=prerouting comment="Traffic -> !Localnet" \
    dst-address-list=!LocalNet dst-address-type=unicast jump-target=\
    Fwd_www_up src-address=192.168.0.0/16
add action=mark-routing chain=Fwd_www_up dst-address=37.120.169.172 \
    new-routing-mark=Routing_VPN_GW passthrough=no

I know, example uses destination IP for testing purpuses.

whitbread · Tue Dec 15, 2015 12:40 pm

Did I do anything wrong or nobody around to help?

dareru · Thu Dec 17, 2015 7:10 pm

maybe this can help you..

http://blog.butchevans.com/2008/09/mikr ... n-example/

telnetpr · Tue Dec 22, 2015 3:28 pm

Try this

ip firewall mangle add chain=prerouting src-address=192.168.0.0/16 action=mark-routing new-routing-mark=TEST

And the route

ip route add dst-address=0.0.0.0/0 gateway=192.168.0.1 distance=2 routing-mark=TEST

IP ADDRESSES ARE JUST FOR EXAMPLES YOU JUST USE YOUR GATEWAY AND IP ADDRESS BLOCKS

AND TEST WITH TRACEROUTE USING ROUTING MARK

whitbread · Mon Dec 28, 2015 10:55 am

Thx for your help so far - I am still testing...

Policy based routing - what's wrong?

Policy based routing - what's wrong?

Re: Policy based routing - what's wrong?

Re: Policy based routing - what's wrong?

Re: Policy based routing - what's wrong?

Re: Policy based routing - what's wrong?

Who is online