18 January 2011

Simple policy routing

So you have 2 x gateways, and, and you want traffic sourced from your voip server ( to go out the 20.1 gateway, and the rest of the traffic to go out the 10.1 gateway. Here is how you would achieve that.

Create a mangle rule to add a routing mark to the traffic sourced from
/ip firewall mangle add chain=prerouting src-address= action=mark-routing routing-mark=20.1gateway passthrough=no

Add default routes for both gateways, appending the routing mark to the 20.1 gateway.
/ip route add gateway=
/ip route add gateway= routing-mark=20.1gateway pref-src=

Note that you will need to exclude local networks from being marked. Add 'accept' mangle rules for each destination network with passthrough disabled. i.e.
/ip firewall mangle add chain=prerouting src-address= dst-address= action=accept passthrough=no

