Answer the question
In order to leave comments, you need to log in
A
A
Andrew2019-09-18 13:29:49
Andrew, 2019-09-18 13:29:49
How to set up routing on Mikrotik when the bridge mode is running?
Hello.
Earlier on this wonderful site I found out whether routing can be used on Mikrotik (RouterOS 6.39) when the bridge mode is running, it seems like it is possible.
Is it possible to use bridge mode in Mikrotik together with routing?
But here it was not possible to set it up somehow.
Therefore, once again on the site I ask for help from knowledgeable people!
The situation is this:
Two segments of the ONE network 192.168.1.0/24 are plugged into Mikrotik, each segment is connected to its own Ethernet port.
These two ports are combined into a bridge. The address 192.168.1.1 is registered on the bridge
. Two segments of the same network see each other, hosts ping.
In the first segment of the network there are users, and in the second segment there are several gateways for different providers. The ultimate goal is to configure traffic marking by source using IP Firewall Mangle and routing mark and direct different sources to different providers.
However, this has not yet come to marking, Mikrotik pings all gateways, but when you try to use the IP address of any gateway to write a route (IP Routes), Mikrotik says that the address is not available, you enter the route, but it is not active. Everything responds as I already wrote.
Here is the config:
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether2 ] name=External
set [ find default-name=ether1 ] name=Internal
/interface bridge port
add bridge=bridge1 interface=Internal
add bridge=bridge1 interface=External
/interface bridge settings
set use-ip-firewall=yes
/ip address
add address=192.168.1.1 interface=bridge1 network=192.168.1.1
/ip route
add distance=1 gateway=192.168.1.200 routing-mark=gate0
add distance=1 gateway=bridge1
Please tell me what is my mistake?
Thanks in advance for your answers!
3 answer(s)
@20ivs
@rionnagel
2
20ivs, 2019-09-18 @20ivs
if these several gateways come to Mikrotik, then on the port to which the gateway comes you write its address, mask. and these ports do not need to be shoved into the bridge.
in routes you specify dst 0.0.0.0/0 gw the corresponding gateway. the same with the second. the first one added will be the default gateway.
further in firewall - address lists you create the list. for example, the name is social, the address is vk.com, Mikrot will determine all the IPs of the domain himself.
further in the firewall - mangle create a rule prerouting - dst. address list - specify the required one, action - mark routing
in the route to the required interface, specify the routing mark - the rule created in the step above.
and so by analogy.
then remove your extra "segments" and do the above with the port to which the switch comes. no need to shove it into any bridge. and this is provided that they (gateways) are available and pinged.
routes are specified as described above. same labeling rules.
R
rionnagel, 2019-09-18 @rionnagel
In mangle prerouting with action mark routing where? Where are the rules? It would be desirable to set up a firewall. network=192.168.1.1 as you've already been told can't be a network address, especially when it's an interface address. There network=192.168.1.0 should be there.
If you need to damn understand whom to send through the devil understand which provider. Then for each provider in the mangle for prerouting, create a routing mark, and addresses through the address sheets, for example, can be done. Also, for each provider in the routes, register a separate route with a brand.
unreachable you most likely because there is no gateway check, check gateway is called crap - you can choose ping or arp there.
One subnet with both users and gateways is like that if you want to manage Mikrotik. In different subnets zafigachte.
Similar questions
W
I
B
C
C
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question