18 January 2011

Simple policy routing

So you have 2 x gateways, 192.168.10.1 and 192.168.20.1, and you want traffic sourced from your voip server (10.10.10.50) to go out the 20.1 gateway, and the rest of the traffic to go out the 10.1 gateway. Here is how you would achieve that.

Create a mangle rule to add a routing mark to the traffic sourced from 10.10.10.50
/ip firewall mangle add chain=prerouting src-address=10.10.10.50/32 action=mark-routing routing-mark=20.1gateway passthrough=no

Add default routes for both gateways, appending the routing mark to the 20.1 gateway.
/ip route add gateway=192.168.10.1
/ip route add gateway=192.168.20.1 routing-mark=20.1gateway pref-src=192.168.20.2

Note that you will need to exclude local networks from being marked. Add 'accept' mangle rules for each destination network with passthrough disabled. i.e.
/ip firewall mangle add chain=prerouting src-address=10.10.10.50/32 dst-address=192.168.10.0/24 action=accept passthrough=no

No comments:

Post a Comment