Community discussions

MikroTik App
 
mohammadalsharqi
newbie
Topic Author
Posts: 36
Joined: Fri Jan 07, 2011 12:04 am

Routing Specific DST to another wan NOT WORK!!

Sat Nov 26, 2022 11:09 pm

Hi Team,

I have one main wan which is routing all traffic to it (1.1.1.1), Second wan (192.168.170.1) has local website which is not accessible by other ISP,

I'm trying to route the destination ip of this local website to second wan but it's not work

this is my script
add action=mark-routing chain=prerouting dst-address-list=1001 \
new-routing-mark=Vodu passthrough=yes

add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.170.1 \
pref-src=0.0.0.0 routing-table=Vodu scope=30 suppress-hw-offload=no \
target-scope=10


thanks
 
sindy
Forum Guru
Forum Guru
Posts: 9899
Joined: Mon Dec 04, 2017 9:19 pm

Re: Routing Specific DST to another wan NOT WORK!!

Sat Nov 26, 2022 11:26 pm

That mangle rule and that route alone seem fine to me (except maybe pref-src=0.0.0.0, but you may be using another subversion of ROS 7 than me). So maybe the rule is shadowed or superseded by another one(s), or ymaybe ou have unconditional fasttracking enabled?

In another words, post the complete configuration export after obfuscating the public addresses, service login names, and the serial number.
 
mohammadalsharqi
newbie
Topic Author
Posts: 36
Joined: Fri Jan 07, 2011 12:04 am

Re: Routing Specific DST to another wan NOT WORK!!

Sat Nov 26, 2022 11:33 pm

i'm already disable fasttrack
mangle
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=Whatsapp \
    new-routing-mark=whatsapp passthrough=yes
add action=mark-routing chain=prerouting dst-address=185.151.107.242 \
    new-routing-mark=Vodu passthrough=yes
add action=mark-routing chain=prerouting disabled=yes dst-address-list=facebook \
    new-routing-mark=facebook passthrough=no
add action=mark-routing chain=prerouting dst-address-list=whatsapp_list \
    new-routing-mark=whatsapp passthrough=yes
add action=mark-routing chain=prerouting dst-address-list=Telegram \
    new-routing-mark=Telegram passthrough=yes
add action=mark-packet chain=postrouting comment=GGC dst-address-list=\
    "Light Plus" layer7-protocol=!speedtest new-packet-mark=Light-GGC \
    passthrough=no src-address-list=GGC
add action=mark-packet chain=postrouting dst-address-list="Economy Plus" \
    layer7-protocol=!speedtest new-packet-mark=Economy-GGC passthrough=no \
    src-address-list=GGC
add action=mark-packet chain=postrouting dst-address-list="Standard Plus" \
    layer7-protocol=!speedtest new-packet-mark=Standard-GGC passthrough=no \
    src-address-list=GGC
add action=mark-packet chain=postrouting dst-address-list="Active Plus" \
    new-packet-mark=Active-GGC passthrough=no src-address-list=GGC
add action=mark-packet chain=postrouting dst-address-list="Turbo Plus" \
    new-packet-mark=Turbo-GGC passthrough=no src-address-list=GGC
add action=mark-packet chain=postrouting dst-address-list="Business Plus" \
    new-packet-mark=Business-GGC passthrough=no src-address-list=GGC
add action=mark-packet chain=postrouting comment=Bandwidth/SpeedTest \
    layer7-protocol=speedtest new-packet-mark=Bandwidth-DN passthrough=no
add action=mark-packet chain=postrouting layer7-protocol=speedtest \
    new-packet-mark=Bandwidth-UP passthrough=no
add action=mark-packet chain=postrouting comment=FNA dst-address-list=\
    "Light Plus" new-packet-mark=Light-FNA passthrough=no src-address-list=FNA
add action=mark-packet chain=postrouting dst-address-list="Economy Plus" \
    new-packet-mark=Economy-FNA passthrough=no src-address-list=FNA
add action=mark-packet chain=postrouting dst-address-list="Standard Plus" \
    new-packet-mark=Standard-FNA passthrough=no src-address-list=FNA
add action=mark-packet chain=postrouting dst-address-list="Active Plus" \
    new-packet-mark=Active-FNA passthrough=no src-address-list=FNA
add action=mark-packet chain=postrouting dst-address-list="Turbo Plus" \
    new-packet-mark=Turbo-FNA passthrough=no src-address-list=FNA
add action=mark-packet chain=postrouting dst-address-list="Business Plus" \
    new-packet-mark=Business-FNA passthrough=no src-address-list=FNA
add action=mark-packet chain=postrouting comment=ping disabled=yes \
    new-packet-mark=PING passthrough=no src-address-list=PING
add action=mark-packet chain=postrouting comment=google-service \
    dst-address-list="Light Plus" new-packet-mark=Light-Plus-google \
    passthrough=no src-address-list=google-service
add action=mark-packet chain=postrouting dst-address-list="Economy Plus" \
    new-packet-mark=Economy-Plus-google passthrough=no src-address-list=\
    google-service
add action=mark-packet chain=postrouting dst-address-list="Standard Plus" \
    new-packet-mark=Standard-Plus-google passthrough=no src-address-list=\
    google-service
add action=mark-packet chain=postrouting dst-address-list="Active Plus" \
    new-packet-mark=Active-Plus-google passthrough=no src-address-list=\
    google-service
add action=mark-packet chain=postrouting dst-address-list="Business Plus" \
    new-packet-mark=Business-Plus-google passthrough=no src-address-list=\
    google-service
add action=mark-packet chain=postrouting dst-address-list="Turbo Plus" \
    new-packet-mark=Turbo-Plus-google passthrough=no src-address-list=\
    google-service
add action=mark-packet chain=postrouting comment=service new-packet-mark=snap \
    passthrough=no src-address-list=snap
add action=mark-packet chain=postrouting new-packet-mark=Limelight passthrough=\
    no src-address-list=Limelight
add action=mark-packet chain=postrouting new-packet-mark=Akamai passthrough=no \
    src-address-list=Akamai
add action=mark-packet chain=postrouting dst-address-list=Active-Users \
    layer7-protocol=speedtest new-packet-mark=fast-SP passthrough=no
add action=mark-packet chain=postrouting new-packet-mark=TikTok passthrough=no \
    src-address-list=tiktok
add action=mark-packet chain=postrouting new-packet-mark=PUBG passthrough=no \
    src-address-list=pubg
add action=mark-packet chain=postrouting new-packet-mark=xnxx passthrough=no \
    src-address-list=xnxx
add action=mark-packet chain=postrouting disabled=yes new-packet-mark=1001 \
    passthrough=no src-address-list=1001
add action=mark-packet chain=postrouting new-packet-mark=apple passthrough=yes \
    src-address-list=apple
add action=mark-packet chain=postrouting new-packet-mark=Telegram passthrough=\
    yes src-address-list=Telegram
add action=mark-packet chain=postrouting new-packet-mark=Amzaon passthrough=no \
    src-address-list=Amazon
add action=mark-packet chain=postrouting disabled=yes new-packet-mark=Shabakaty \
    passthrough=no src-address-list=Shabakaty
add action=mark-packet chain=postrouting disabled=yes new-packet-mark=\
    scope-service passthrough=no src-address-list=scope-service
add action=mark-routing chain=prerouting comment=PUBG dst-address-list=pubg \
    dst-port=53,3013,9030,17000,20002,20001,20000,39220 new-routing-mark=\
    PUBG_PING passthrough=no protocol=udp
add action=mark-routing chain=prerouting dst-address-list=pubg dst-port=\
    17500,3013,3357,14000,18018,7889,6568,15692,443,80,10012,18082 \
    new-routing-mark=PUBG_PING passthrough=no protocol=tcp
add action=mark-routing chain=prerouting dst-address-list=pubg dst-port=\
    8000-8999 new-routing-mark=PUBG_PING passthrough=no protocol=tcp
add action=mark-routing chain=prerouting dst-address-list=pubg dst-port=\
    8000-8999 new-routing-mark=PUBG_PING passthrough=no protocol=udp
add action=mark-routing chain=prerouting dst-address-list=pubg dst-port=\
    10000-10999 new-routing-mark=PUBG_PING passthrough=no protocol=udp
add action=mark-routing chain=prerouting dst-address-list=pubg dst-port=\
    20000-20999 new-routing-mark=PUBG_PING passthrough=no protocol=udp
add action=mark-routing chain=prerouting connection-mark=pubg new-routing-mark=\
    PUBG_PING passthrough=yes
add action=mark-routing chain=prerouting dst-address-list=pubg \
    new-routing-mark=PUBG passthrough=yes
add action=mark-connection chain=prerouting comment=messenger dst-address-list=\
    facebook dst-port=40000-40999 new-connection-mark=Messenger passthrough=yes \
    protocol=udp
add action=mark-connection chain=prerouting dst-port=3478 new-connection-mark=\
    Messenger passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=Messenger \
    new-packet-mark=Messenger passthrough=yes
add action=mark-packet chain=postrouting comment=INT dst-address-list=\
    "Light Plus" layer7-protocol=!speedtest new-packet-mark=Light-INT \
    passthrough=yes
add action=mark-packet chain=postrouting dst-address-list="Economy Plus" \
    layer7-protocol=!speedtest new-packet-mark=Economy-INT passthrough=yes
add action=mark-packet chain=postrouting dst-address=!25.5.10.0/24 \
    dst-address-list="Standard Plus" layer7-protocol=!speedtest \
    new-packet-mark=Standard-INT passthrough=yes
add action=mark-packet chain=postrouting dst-address-list="Active Plus" \
    new-packet-mark=Active-INT passthrough=yes
add action=mark-packet chain=postrouting dst-address-list="Turbo Plus" \
    new-packet-mark=Turbo-INT passthrough=yes
add action=mark-packet chain=postrouting dst-address-list="Business Plus" \
    new-packet-mark=Business-INT passthrough=yes
add action=mark-packet chain=prerouting comment=ICMP new-packet-mark=ICMP \
    passthrough=yes protocol=icmp
add action=mark-packet chain=postrouting new-packet-mark=ICMP passthrough=yes \
    protocol=icmp
add action=mark-packet chain=forward new-packet-mark=ICMP passthrough=yes \
    protocol=icmp
route
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.170.1 pref-src=0.0.0.0 routing-table=whatsapp scope=30 \
    suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" \
    routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes dst-address=45.10.200.0/24 gateway=172.16.11.1
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=protonwg01 pref-src=\
    0.0.0.0 routing-table=protonvpn_wg scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.170.1 \
    pref-src=0.0.0.0 routing-table=Vodu scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.170.1 \
    pref-src=0.0.0.0 routing-table=Telegram scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.170.1 \
    pref-src=0.0.0.0 routing-table=PUBG_PING scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.170.1 \
    pref-src=0.0.0.0 routing-table=PUBG scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=185.151.107.0/24 gateway=192.168.170.1 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.170.1 \
    pref-src=0.0.0.0 routing-table=facebook scope=30 suppress-hw-offload=no \
    target-scope=10
 
sindy
Forum Guru
Forum Guru
Posts: 9899
Joined: Mon Dec 04, 2017 9:19 pm

Re: Routing Specific DST to another wan NOT WORK!!

Sat Nov 26, 2022 11:53 pm

So what exactly does not work? You have multiple routing tables consisting of a single default route via the same gateway of the second WAN - does the issue affect all of them or only the one named Voda? Also, in the OP, the rule assigning new-routing-mark=Voda matches on dst-address-list, whereas the single rule assigning that routing-mark in the export matches on just dst-address.

Does the mangle rule count as you attempt to connect to the destination address?
 
mohammadalsharqi
newbie
Topic Author
Posts: 36
Joined: Fri Jan 07, 2011 12:04 am

Re: Routing Specific DST to another wan NOT WORK!!

Sun Nov 27, 2022 12:05 am

I've tried to use address list or single dst address and both not work
all other prerouting works fine except this address
 
sindy
Forum Guru
Forum Guru
Posts: 9899
Joined: Mon Dec 04, 2017 9:19 pm

Re: Routing Specific DST to another wan NOT WORK!!

Sun Nov 27, 2022 9:58 am

So once again, do the packet & byte counters of that rule grow as you attempt to connect to that server? Yes/No
If they don't, try pinging that address from a connected device (not from the router itself). Do the counters grow in that case? Yes/No
Change the dst-address in the rule to some other public IP address that is not important for you and ping that address from a connected device. Do the rule's counters grow? Yes/No

Also, just by chance, is that address not up on another interface of the router itself?
 
mohammadalsharqi
newbie
Topic Author
Posts: 36
Joined: Fri Jan 07, 2011 12:04 am

Re: Routing Specific DST to another wan NOT WORK!!

Sun Nov 27, 2022 6:51 pm

i followed you and found the reason and everything fine now :)) thanks too much
I need the best option to forward Game ports to another wan, Cause i've used Routing and it was too high.

Who is online

Users browsing this forum: Amazon [Bot] and 27 guests