Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 5 of 5
  1. #1
    Status
    Offline
    EugenX's Avatar
    Newbie
    Join Date
    Nov 2012
    Posts
    22
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Route traffic to one IP through specific gateway

    Hello,

    I need some help to route traffic to one IP through specific gateway, can't solve it by myself, if Mikrotik Indonesia could help me with a correct code I would really appreciate.

    My situation:

    interface1: LAN1 (192.168.0.0)
    interface2: LAN2 (71.40.116.0)
    interface3: WAN1 (77.45.45.120)
    interface4: WAN2 (88.30.30.0)

    In order to make IPSec connection to a another device I need to ping this IP 92.11.11.200, this IP is reachable only from LAN2 network and has to go out through WAN1 interface.
    Now when running tracert 92.11.11.200 I see that is goes through the wrong gateway in this case WAN2.

    So, if you could help me with a rule that will get me to this IP 92.11.11.200 through gateway WAN1.

    *I'm using PCC load balancing.

    Tried this rule but it doesn't work: ip route add dst-address=92.11.11.200/32 gateway=x.x.x.x

    Below is the configuration I use:
    Code:
    /ip firewall mangle add action=accept chain=prerouting disabled=no dst-port=80 protocol=tcp
    add action=accept chain=prerouting disabled=no dst-address=192.168.0.0/24
    add action=accept chain=prerouting disabled=no dst-address=77.45.45.120/30 in-interface=LAN1
    add action=accept chain=prerouting disabled=no dst-address=88.30.30.0/24 in-interface=LAN1
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=WAN1 new-connection-mark=WAN1 passthrough=no
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=WAN2 new-connection-mark=WAN2 passthrough=no
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LAN1 new-connection-mark=WAN1 passthrough=yes per-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LAN1 new-connection-mark=WAN2 passthrough=yes per-connection-classifier=both-addresses:2/1
    add action=mark-routing chain=prerouting connection-mark=WAN1 disabled=no in-interface=LAN1 new-routing-mark=WAN1 passthrough=no
    add action=mark-routing chain=prerouting connection-mark=WAN2 disabled=no in-interface=LAN1 new-routing-mark=WAN2 passthrough=no
    add action=mark-routing chain=output connection-mark=WAN1 disabled=no new-routing-mark=WAN1 passthrough=no
    add action=mark-routing chain=output connection-mark=WAN2 disabled=no new-routing-mark=WAN2 passthrough=no
    add action=accept chain=output disabled=no dst-address=192.168.0.0/24
    add action=mark-connection chain=output connection-mark=no-mark disabled=no dst-address-type=!local new-connection-mark=WAN1 passthrough=yes per-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=output connection-mark=no-mark disabled=no dst-address-type=!local new-connection-mark=WAN2 passthrough=yes per-connection-classifier=both-addresses:2/1
    add action=mark-routing chain=output connection-mark=WAN1 disabled=no new-routing-mark=WAN1 passthrough=no
    add action=mark-routing chain=output connection-mark=WAN2 disabled=no new-routing-mark=WAN2 passthrough=no
    Code:
    /ip route
    add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=77.45.45.121 routing-mark=WAN1 scope=30 target-scope=10
    add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=88.30.30.1 routing-mark=WAN2 scope=30 target-scope=10
    add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=77.45.45.121 scope=30 target-scope=10
    add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=88.30.30.1 scope=30 target-scope=10
    Thank you.

  2. #2
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by EugenX Click here to enlarge
    Hello,

    I need some help to route traffic to one IP through specific gateway, can't solve it by myself, if Mikrotik Indonesia could help me with a correct code I would really appreciate.

    ...
    So, if you could help me with a rule that will get me to this IP 92.11.11.200 through gateway WAN1.

    *I'm using PCC load balancing.

    Tried this rule but it doesn't work: ip route add dst-address=92.11.11.200/32 gateway=x.x.x.x

    ...
    Thank you.
    just add
    Code:
    /ip route rule add dst-address=92.11.11.200 action=lookup table=WAN1
    HTH
    Gunakan FreeRadius sebagai pengganti user manager

  3. #3
    Status
    Offline
    adiputrolds's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Posts
    1,485
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Try This

    Code:
    /ip firewall mangle add action=accept chain=prerouting disabled=no dst-port=80 protocol=tcp
    add action=accept chain=prerouting disabled=no dst-address=192.168.0.0/24
    add action=accept chain=prerouting disabled=no dst-address=77.45.45.120/30 in-interface=LAN1
    add action=accept chain=prerouting disabled=no dst-address=88.30.30.0/24 in-interface=LAN1
    add action=mark-connection chain=prerouting disabled=no in-interface=LAN2 dst-address=92.11.11.200 new-connection-mark=WAN1 passthrough=yes
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=WAN1 new-connection-mark=WAN1 passthrough=yes
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=WAN2 new-connection-mark=WAN2 passthrough=yes
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LAN1 new-connection-mark=WAN1 passthrough=yes per-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LAN1 new-connection-mark=WAN2 passthrough=yes per-connection-classifier=both-addresses:2/1
    add action=mark-routing chain=prerouting connection-mark=WAN1 disabled=no in-interface=LAN2 new-routing-mark=WAN1 passthrough=no
    add action=mark-routing chain=prerouting connection-mark=WAN1 disabled=no in-interface=LAN1 new-routing-mark=WAN1 passthrough=no
    add action=mark-routing chain=prerouting connection-mark=WAN2 disabled=no in-interface=LAN1 new-routing-mark=WAN2 passthrough=no
    add action=mark-routing chain=output connection-mark=WAN1 disabled=no new-routing-mark=WAN1 passthrough=no
    add action=mark-routing chain=output connection-mark=WAN2 disabled=no new-routing-mark=WAN2 passthrough=no
    add action=accept chain=output disabled=no dst-address=192.168.0.0/24
    add action=mark-connection chain=output connection-mark=no-mark disabled=no dst-address-type=!local new-connection-mark=WAN1 passthrough=yes per-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=output connection-mark=no-mark disabled=no dst-address-type=!local new-connection-mark=WAN2 passthrough=yes per-connection-classifier=both-addresses:2/1
    add action=mark-routing chain=output connection-mark=WAN1 disabled=no new-routing-mark=WAN1 passthrough=no
    add action=mark-routing chain=output connection-mark=WAN2 disabled=no new-routing-mark=WAN2 passthrough=no
    Note :
    1. Use passthrough=yes for mark-connection action, because you still need to create routing-mark on your mangle
    2. You have to mark-connection to dst-address=92.11.11.200(static route) before PCC mangle

    Good Luck
    Last edited by adiputrolds; 24-11-2012 at 03:29.

  4. The Following User Says Thank You to adiputrolds For This Useful Post:


  5. #4
    Status
    Offline
    brutuz_1's Avatar
    VIP Member
    Join Date
    Feb 2010
    Posts
    790
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by adiputrolds Click here to enlarge
    Try This

    Code:
    /ip firewall mangle add action=accept chain=prerouting disabled=no dst-port=80 protocol=tcp
    add action=accept chain=prerouting disabled=no dst-address=192.168.0.0/24
    add action=accept chain=prerouting disabled=no dst-address=77.45.45.120/30 in-interface=LAN1
    add action=accept chain=prerouting disabled=no dst-address=88.30.30.0/24 in-interface=LAN1
    add action=mark-connection chain=prerouting disabled=no in-interface=LAN2 dst-address=92.11.11.200 new-connection-mark=WAN1 passthrough=yes
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=WAN1 new-connection-mark=WAN1 passthrough=yes
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=WAN2 new-connection-mark=WAN2 passthrough=yes
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LAN1 new-connection-mark=WAN1 passthrough=yes per-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LAN1 new-connection-mark=WAN2 passthrough=yes per-connection-classifier=both-addresses:2/1
    add action=mark-routing chain=prerouting connection-mark=WAN1 disabled=no in-interface=LAN2 new-routing-mark=WAN1 passthrough=no
    add action=mark-routing chain=prerouting connection-mark=WAN1 disabled=no in-interface=LAN1 new-routing-mark=WAN1 passthrough=no
    add action=mark-routing chain=prerouting connection-mark=WAN2 disabled=no in-interface=LAN1 new-routing-mark=WAN2 passthrough=no
    add action=mark-routing chain=output connection-mark=WAN1 disabled=no new-routing-mark=WAN1 passthrough=no
    add action=mark-routing chain=output connection-mark=WAN2 disabled=no new-routing-mark=WAN2 passthrough=no
    add action=accept chain=output disabled=no dst-address=192.168.0.0/24
    add action=mark-connection chain=output connection-mark=no-mark disabled=no dst-address-type=!local new-connection-mark=WAN1 passthrough=yes per-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=output connection-mark=no-mark disabled=no dst-address-type=!local new-connection-mark=WAN2 passthrough=yes per-connection-classifier=both-addresses:2/1
    add action=mark-routing chain=output connection-mark=WAN1 disabled=no new-routing-mark=WAN1 passthrough=no
    add action=mark-routing chain=output connection-mark=WAN2 disabled=no new-routing-mark=WAN2 passthrough=no
    Note :
    1. Use passthrough=yes for mark-connection action, because you still need to create routing-mark on your mangle
    2. You have to mark-connection to dst-address=92.11.11.200(static route) before PCC mangle

    Good Luck
    Wah dapet ilmu lgi nih cara bikin static routing di LB pcc...
    ikut nongkrong di sini ah....Click here to enlarge

  6. #5
    Status
    Offline
    EugenX's Avatar
    Newbie
    Join Date
    Nov 2012
    Posts
    22
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Thank you guys for a quick response, pos_ronda your solution did the trick Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. setting gateway apabila dial-up lwt rb750 dan rb750 sebagai gateway
    By carlo_bigtunes in forum Beginner Basics
    Replies: 2
    Last Post: 12-01-2012, 21:57
  2. Setting VPN Gateway to Gateway.
    By opas in forum General Networking
    Replies: 0
    Last Post: 09-09-2011, 14:46
  3. Replies: 7
    Last Post: 02-10-2009, 21:49
  4. ngeroute dari AP route ke AP route yang lain...
    By Mr. Bus in forum Wireless Networking
    Replies: 2
    Last Post: 29-07-2009, 11:32
  5. Replies: 2
    Last Post: 23-05-2008, 03:00

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •