Cannot connect to Router via alternative routing table

celicas · Mon Dec 28, 2015 2:17 pm

Dear All

Here I have just the router (192.168.0.241, RB1100 AHx2) and its gateway (192.168.0.2, 1-to-1 natted) on ether11 (Pls ignore ether1 address and nat rule, used only for my lan laptop)
I add a default gateway for routing table "ISP1" and I don't use any default gateway on "main".
Finally I mark new connections to my router as "ISP1" and all "ISP1" connection packets with "ISP1" routing marks
Prerouting mangle rule is useless overkill I suppose.

# jan/02/1970 01:38:13 by RouterOS 6.33.3
# software id = RANA-L1Z3
#
/ip address
add address=10.0.37.254/24 interface=ether1 network=10.0.37.0
add address=192.168.0.241/24 interface=ether11 network=192.168.0.0
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new dst-address=192.168.0.241 new-connection-mark=ISP1
add action=mark-connection chain=input connection-state=new dst-address=192.168.0.241 new-connection-mark=ISP1
add action=mark-routing chain=prerouting connection-mark=ISP1 new-routing-mark=ISP1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether11
/ip route
add distance=1 gateway=192.168.0.2 routing-mark=ISP1
add distance=1 dst-address=10.0.37.0/24 gateway=ether1 routing-mark=ISP1

As you can see in the packet sniffer, when I send a packet from the internet to the gateway it forwards it the the router. Also the mangle-input rule logs the packet (when I enable logging). But the router doesn't reply as if it doesn't know any route. Of course as soon as I copy the default "ISP1" route to the "main" it replies promptly.

/tool sniffer
set filter-ip-address=1.2.3.4/32

[admin@MikroTik] > /tool sniffer packet print
 #    TIME INTE... SRC-ADDRESS                                   DST-ADDRESS                                   IP-..  SIZE CPU
 0   7.369 ether11 1.2.3.4:13635                          192.168.0.241:22 (ssh)                        tcp      64   1
 1  23.359 ether11 1.2.3.4:13635                          192.168.0.241:22 (ssh)                        tcp      64   1
 2  43.219 ether11 1.2.3.4:13635                          192.168.0.241:22 (ssh)                        tcp      64   1
 3  63.209 ether11 1.2.3.4:13635                          192.168.0.241:22 (ssh)                        tcp      64   1
 4  83.239 ether11 1.2.3.4:13635                          192.168.0.241:22 (ssh)                        tcp      64   1
 5 103.209 ether11 1.2.3.4:13635                          192.168.0.241:22 (ssh)                        tcp      64   1

Routing between LAN & Internet have worked lovely with quite complex configuration (multiple Lan Subs, ISPs, IPs per ISP) but I still cannot figure out this.
FYI I tried both with 6.33.3 & 6.32.3

Thank you in advance