MikroTik

is it possibile to add route in mikrotik router1 for one host?

scenario:
PC's
IP over dhcp 192.168.1.100-254/24
GW 192.168.1.1

Mikrotik router1 have 3 intreface
IP 192.168.1.1/24
192.168.10.1/24
192.168.100.1/24
route list
AS 0.0.0.0/0 GW 192.168.1.37
DAC 192.168.10.0/24
DAC 192.168.100.0/24

router2 SDSL internet
IP 192.168.1.37

router3 ADSL internet
IP 192.168.1.59


how to make PC with 192.168.1.150/GW192.168.1.1 use router2 as gateway over router1?


TX
m

Yes

IP Firewall Mangle
Action=Routing Mark specify source IP

IP Routes
add route distance 1 to other router for 0.0.0.0/0 then require the routing mark.

I understand what You mean, but need help how to... there is too many fields



Uploaded with ImageShack.us



tx

IP Firewall Mangle
Chain=prerouting put in the source IP address go to action tab Mark routing Insert name of routing mark (Make a name up)

Ip route
distance=1 dst-address=0.0.0.0/0 gateway="Ip of destination router) routing-mark="The name you made up in the first rule" pref-src=0.0.0.0 scope=30 target-scope=10

Thank You tws101
it works

no, it is not OK
after adding IP firewall mangle and ip route, router don't use routing table for added source to other interfaces on different subnets and added static routes to other routers

I don't understand what you mean. The default behavior is if no route with the mark is present it will use the main routing table.

I like to make that host manuel (192.168.101.48) use routing table, and if no destination then use gateway 192.168.1.59 instead 192.168.1.37


[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 0.0.0.0 192.168.1.59 1
1 X S 0.0.0.0/0 0.0.0.0 192.168.1.59 1
2 A S 0.0.0.0/0 192.168.1.37 1
3 A S 10.113.64.0/24 192.168.1.3 1
4 A S 10.114.64.0/24 192.168.1.3 1
5 A S ;;; Balestra, dorada
167.10.0.0/16 192.168.1.66 1
6 ADC 192.168.1.0/24 192.168.1.1 system 0
7 A S 192.168.2.0/24 192.168.1.3 1
8 A S 192.168.3.0/24 192.168.1.3 1
9 A S 192.168.4.0/24 192.168.1.3 1
10 A S 192.168.5.0/24 192.168.1.3 1
11 A S 192.168.6.0/24 192.168.1.3 1
12 A S 192.168.7.0/24 192.168.1.3 1
13 ADC 192.168.10.0/24 192.168.10.1 10.1 0
14 ADC 192.168.101.0/24 192.168.101.1 HW 0
15 ADC 192.168.102.0/24 192.168.102.1 2kat 0
16 ADC 192.168.103.0/24 192.168.103.1 marketing 0
17 ADC 192.168.104.0/24 192.168.104.1 storage 0
18 ADC 192.168.105.0/24 192.168.105.1 105.1 0
19 ADC 192.168.106.0/24 192.168.106.1 106.1 0
20 ADC 192.168.107.0/24 192.168.107.1 107.1 0
21 ADC 192.168.108.0/24 192.168.108.1 108,0 0

[admin@MikroTik] /ip route> ..
[admin@MikroTik] /ip> firewall
[admin@MikroTik] /ip firewall> mangle
[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-routing new-routing-mark=manuel
passthrough=yes src-address=192.168.101.48

1 chain=prerouting action=mark-routing new-routing-mark=mario
passthrough=yes src-address=192.168.101.33

Disable passthrough

per this page
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle

Passthrough ignores the rule and just tracks it.

@tws101
You are wrong, there is a difference between 'action=passthrough' and 'passthrough' property.

passthrough (yes | no; default: yes) - whether to let the packet to pass further (like action passthrough) after marking it with a given mark (property only valid if action is mark packet, connection or routing mark)

For some unknown reason this property is not described in Wiki article mentioned by you, but you can find it here:
http://www.mikrotik.com/testdocs/ros/2.9/ip/mangle.php

Regards, Grzegorz.

@tws101
You are wrong, there is a difference between 'action=passthrough' and 'passthrough' property.

passthrough (yes | no; default: yes) - whether to let the packet to pass further (like action passthrough) after marking it with a given mark (property only valid if action is mark packet, connection or routing mark)

For some unknown reason this property is not described in Wiki article mentioned by you, but you can find it here:
http://www.mikrotik.com/testdocs/ros/2.9/ip/mangle.php

Regards, Grzegorz.

Good to know. They need to update that wiki.

what to do now?
with enabled route with Routing mark I can use another gateway (192.168.1.59) and main 192.168.1.0/24 subnet but can't get to other static and dinamic routes
and with disabled route with Routing mark I can get static and dynamic route and default gateway 192.168.1.37 (but I need gateway 192.168.1.59 for host 192.168.101.48)

Will you please post your routing table and highlight routes that are failing with the marked traffic?

You have to indicate to the Mangle rule that it should not act for internal IPs

For example, if all your LANs are on 192.168.0.0/16 subnet, you must configure it as follows:



If destination address is outside 192.168.0.0/16 network, it will add the routing mark. But if the dst is a 192.168 address, it will do nothing

If you've some other LAN networks with differents ranges, you must use Address Lists for that

Regards

great
yes, I need to add some other LAN networks with differents ranges:
10.113.64.0/24, 10.114.64.0/24 and 167.10.0.0/16 to address list.
how to???

TX
m.


[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-routing new-routing-mark=manuel
passthrough=yes src-address=192.168.101.48 dst-address=!192.168.0.0/16