Hi,
I have simple setup like this
http://wiki.mikrotik.com/wiki/Load_Bala ... e_Gateways
Basically I have two outgoing interfaces and two different gateways, A and B. I have two LAN segments as well. I want to direct LAN1 segment over gateway A and LAN2 segment over gateway B.
Configuration is like in the example. Packets from LAN1 segment are (routing) marked as A and from LAN2 segment as B. In routing table there are two routes, one for packets with routing mark A and one for packets with routing marks B.
Everything is OK when packets are arriving from LAN interface, they are properly marked.
But I have problems with DNS. Router is resolving DNS requests so the packets that are originating in router itself do not have any marks and therefore do not have any route to follow in routing table.
How can I mark the packets going from router itself with some routing mark? For example I want to mark all the traffic from router itself with routing mark A.
How to do that?
What chain should I use?
Re: How to mark packets going from router itself
If i'm not mistaken you should be able to set a route for 0.0.0.0/0 in the routing table (not firewall) for all traffic originating from the router.
Re: How to mark packets going from router itself
Hm,
I'm not sure if I understand the answer. I have two 0.0.0.0/0 routes in the routing table, one for routing marks A and another for routing marks B.
The problem is that traffic originating in router itself gets no routing mark so doesn't know which route to use. And I'm interested how to mark it with routing mark (A or B).
I'm not sure if I understand the answer. I have two 0.0.0.0/0 routes in the routing table, one for routing marks A and another for routing marks B.
The problem is that traffic originating in router itself gets no routing mark so doesn't know which route to use. And I'm interested how to mark it with routing mark (A or B).
Re: How to mark packets going from router itself
Well, it's not really an answer to your question, but the easy fix is by just adding a default route in the default routing table.
routing table A
0.0.0.0/0 -> ISP-A
routing table B
0.0.0.0/0 -> ISB-B
default routing table
0.0.0.0/0 -> ISB-A
the latter is being used for unmarked traffic
routing table A
0.0.0.0/0 -> ISP-A
routing table B
0.0.0.0/0 -> ISB-B
default routing table
0.0.0.0/0 -> ISB-A
the latter is being used for unmarked traffic
Re: How to mark packets going from router itself
My situation is more complicated but I didn't want to go into details.
One gateway is added dynamically over dhcp (dhcp client) and I'm using routing filters with dynamic-in chain to dedicate this default route to routing mark A.
Other gateway for routing mark B is static but this connection can be used only part of the day.
So everytime this dynamic default gateway changes I should manually change default gateway for non marked packets which is impossible.
I could use scripting but want to leave that as last resort.
To make long story short I'm really interested is it possible to mark traffic originating from router itself and if it is, how to do it.
One gateway is added dynamically over dhcp (dhcp client) and I'm using routing filters with dynamic-in chain to dedicate this default route to routing mark A.
Other gateway for routing mark B is static but this connection can be used only part of the day.
So everytime this dynamic default gateway changes I should manually change default gateway for non marked packets which is impossible.
I could use scripting but want to leave that as last resort.
To make long story short I'm really interested is it possible to mark traffic originating from router itself and if it is, how to do it.
Re: How to mark packets going from router itself
ok, another approach should be:
/ip route add dst-address=0.0.0.0/0 gateway=ether1,192.168.0.1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=ether1,192.168.0.1 check-gateway=ping
Re: How to mark packets going from router itself
As I said the gateway IP address is not static, it changes depending what address router gets from dhcp.ok, another approach should be:
/ip route add dst-address=0.0.0.0/0 gateway=ether1,192.168.0.1 check-gateway=ping
I suppose the address 192.168.0.1 in this example you posted is static gateway address. So the problem is I can't put static IP address of gateway as it changes.
Re:
Unfortunately you can't. It doesn't work for ethernet connections.In the example, we have a intetrface and a static address. You can set the interface as gateway.
http://forum.mikrotik.com/viewtopic.php?t=94191
Re: How to mark packets going from router itself
Has anyone found a solution? We have the same problem!
Dynamic (DHCP) WAN address + route mark but the router itself needs a route as well.
Dynamic (DHCP) WAN address + route mark but the router itself needs a route as well.
Re: How to mark packets going from router itself
You can do this in /ip firewall mangle
You need an output chain rule.
In the advanced tab specify connection type is not local.
This will only apply to the router itself. Output is only for traffic originating in the router.
I would post code, but on a mobile.
You need an output chain rule.
In the advanced tab specify connection type is not local.
This will only apply to the router itself. Output is only for traffic originating in the router.
I would post code, but on a mobile.
Re: How to mark packets going from router itself
Something like this:
Code: Select all
add action=mark-routing chain=output comment="Mark Output From Router that is not local" dst-address-type=!local new-routing-mark=TestRoute passthrough=yes
Re: How to mark packets going from router itself
Thanks, could you please explain this a bit more?
We have two output rules:
https://wiki.mikrotik.com/wiki/Manual:PCC
You say we have to add a third "output" rule in the mangle?
We have two output rules:
Code: Select all
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2You say we have to add a third "output" rule in the mangle?
Re: How to mark packets going from router itself
Thanks, added this rule, but now we are unable to connet to the router from LAN (only via MAC address).
Re: How to mark packets going from router itself
Hmm, that didn't happen on mine.Thanks, added this rule, but now we are unable to connet to the router from LAN (only via MAC address).
Remove this
Code: Select all
dst-address-type=!local Code: Select all
dst-address!=<yourLANIPrange>