Community discussions

MikroTik App
  4. RouterOS
  5. General

Unable to access Hosts after Mark Routing

Post Reply
 
essides
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Mar 10, 2017 6:18 pm
Location: Spain

Unable to access Hosts after Mark Routing

Wed Apr 17, 2024 5:54 pm

Hi there,

I'm doing some test with mark routing settings.

My scenario:

ADDRESS NETWORK INTERFACE
10.10.10.1/24 10.10.10.0 vlan10

Route Table
DST-ADDRESS GATEWAY DISTANCE ROUTING TABLE
0.0.0.0/0 185.xxx.xxx.1%vrrp1 2 via-vrrp1

Code: Select all
ip/firewall/nat/
chain=srcnat action=masquerade out-interface=vrrp1 log=no log-prefix="" 

ip/firewall/mangle/
chain=prerouting action=mark-routing new-routing-mark=via-vrrp1 passthrough=yes in-interface=vlan10
Everything works pretty good, hosts under vlan10 have internet access, but they don't have access to local network ( both sides ) , it's like an independient network.

I tried to add new routes to specific routing table, but it doesn't work.

Is this behavior normal?

In this case, how can I achieve to access to these marking routing interface?

Thanks you.
Top
 
essides
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Mar 10, 2017 6:18 pm
Location: Spain

Re: Unable to access Hosts after Mark Routing

Tue Apr 30, 2024 2:05 am

No one knows why clients/hosts behind an interface that has a marked routing can't be accessed by router ( both sides ) ?

Or anyone can explain mark routing flow diagram?

Thanks you
Top
 
rplant
Member
Member
Posts: 335
Joined: Fri Sep 29, 2017 11:42 am

Re: Unable to access Hosts after Mark Routing

Tue Apr 30, 2024 7:25 am

Hi,
You need to be a little bit careful how you mark your routes.

If they are marked with via-vrrp1, they WILL use routes using table=use-vrrp1

I would tend to force it to go via routing rules.
Code: Select all
ip/firewall/mangle/
chain=prerouting action=mark-routing new-routing-mark=rule-vrrp1 passthrough=yes in-interface=vlan10 

/routing rule
add action=lookup comment="min-prefix=0, all known non 0.0.0.0/0 routes use main" disabled=no dst-address=0.0.0.0/0 min-prefix=0 table=main
add action=lookup comment="use vvrp1" disabled=no routing-mark=rule-vrrp1 table=via-vrrp1
Top
 
rplant
Member
Member
Posts: 335
Joined: Fri Sep 29, 2017 11:42 am

Re: Unable to access Hosts after Mark Routing

Tue Apr 30, 2024 7:42 am

Also:

If you have the default firewall fasttrack rule in place, you need to have an accept rule prior to this rule
for the packets using the via-vrrp1 routing.

(or turn off the fasttrack rule)
Top
 
essides
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Mar 10, 2017 6:18 pm
Location: Spain

Re: Unable to access Hosts after Mark Routing

Tue Apr 30, 2024 9:12 am

Thanks you for your answer.

But after apply those routing rules, behavior is the same.
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], DanMos79, sindy, the2masters, timotei and 19 guests
  4. RouterOS
  5. General