Cannot connect to Router via alternative routing table
Posted: Mon Dec 28, 2015 2:17 pm
Dear All
Here I have just the router (192.168.0.241, RB1100 AHx2) and its gateway (192.168.0.2, 1-to-1 natted) on ether11 (Pls ignore ether1 address and nat rule, used only for my lan laptop)
I add a default gateway for routing table "ISP1" and I don't use any default gateway on "main".
Finally I mark new connections to my router as "ISP1" and all "ISP1" connection packets with "ISP1" routing marks
Prerouting mangle rule is useless overkill I suppose.
As you can see in the packet sniffer, when I send a packet from the internet to the gateway it forwards it the the router. Also the mangle-input rule logs the packet (when I enable logging). But the router doesn't reply as if it doesn't know any route. Of course as soon as I copy the default "ISP1" route to the "main" it replies promptly.
Routing between LAN & Internet have worked lovely with quite complex configuration (multiple Lan Subs, ISPs, IPs per ISP) but I still cannot figure out this.
FYI I tried both with 6.33.3 & 6.32.3
Thank you in advance
Here I have just the router (192.168.0.241, RB1100 AHx2) and its gateway (192.168.0.2, 1-to-1 natted) on ether11 (Pls ignore ether1 address and nat rule, used only for my lan laptop)
I add a default gateway for routing table "ISP1" and I don't use any default gateway on "main".
Finally I mark new connections to my router as "ISP1" and all "ISP1" connection packets with "ISP1" routing marks
Prerouting mangle rule is useless overkill I suppose.
Code: Select all
# jan/02/1970 01:38:13 by RouterOS 6.33.3
# software id = RANA-L1Z3
#
/ip address
add address=10.0.37.254/24 interface=ether1 network=10.0.37.0
add address=192.168.0.241/24 interface=ether11 network=192.168.0.0
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new dst-address=192.168.0.241 new-connection-mark=ISP1
add action=mark-connection chain=input connection-state=new dst-address=192.168.0.241 new-connection-mark=ISP1
add action=mark-routing chain=prerouting connection-mark=ISP1 new-routing-mark=ISP1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether11
/ip route
add distance=1 gateway=192.168.0.2 routing-mark=ISP1
add distance=1 dst-address=10.0.37.0/24 gateway=ether1 routing-mark=ISP1
Code: Select all
/tool sniffer
set filter-ip-address=1.2.3.4/32
[admin@MikroTik] > /tool sniffer packet print
# TIME INTE... SRC-ADDRESS DST-ADDRESS IP-.. SIZE CPU
0 7.369 ether11 1.2.3.4:13635 192.168.0.241:22 (ssh) tcp 64 1
1 23.359 ether11 1.2.3.4:13635 192.168.0.241:22 (ssh) tcp 64 1
2 43.219 ether11 1.2.3.4:13635 192.168.0.241:22 (ssh) tcp 64 1
3 63.209 ether11 1.2.3.4:13635 192.168.0.241:22 (ssh) tcp 64 1
4 83.239 ether11 1.2.3.4:13635 192.168.0.241:22 (ssh) tcp 64 1
5 103.209 ether11 1.2.3.4:13635 192.168.0.241:22 (ssh) tcp 64 1
FYI I tried both with 6.33.3 & 6.32.3
Thank you in advance