![]() ![]() ![]() And only after successful completion of these two steps, the packet is processed by mangle rules in chain output. Then, a source address is assigned to that packet, according to the properties of that route (the local address indicated in the pref-src parameter or, if no pref-src is specified, the local address associated to the output interface), unless the packet is a response. When some process running on the router itself sends a packet, the first step is to find a route for that packet using routing table main, which consists of routes with no routing-mark assigned. The whole problem is that the use of policy routing for packets generated by the router itself is a bit counter-intuitive. What am I doing wrong? I configured L2tp with IPSec on second Mikrotik without dual WAN configuration and everything work. Code: Select all Flags: X - disabled, I - invalid, D - dynamicĬhain=input action=drop connection-state=invalidĬhain=input action=accept connection-state=establishedĬhain=input action=accept connection-state=relatedĬhain=input action=accept src-address-list=admin-access log=no log-prefix=""Ĭhain=input action=accept protocol=udp dst-port=500,1701,4500 log=yes log-prefix="VPN"Ĭhain=input action=drop log=no log-prefix=""Ĭhain=forward action=drop connection-state=invalid protocol=tcpĨ allow already established connectionsĬhain=forward action=accept connection-state=establishedĬhain=forward action=accept connection-state=relatedġ0 chain=output action=accept log=no log-prefix="" /ip firewall mangle> printĠ chain=input action=mark-connection new-connection-mark=WAN1_conn passthrough=yes in-interface=WAN1 log=no log-prefix=""ġ chain=input action=mark-connection new-connection-mark=WAN2_conn passthrough=yes in-interface=WAN2 log=no log-prefix=""Ģ chain=output action=mark-routing new-routing-mark=to_WAN1 passthrough=yes connection-mark=WAN1_conn log=no log-prefix=""ģ chain=output action=mark-routing new-routing-mark=to_WAN2 passthrough=yes connection-mark=WAN2_conn log=no log-prefix=""Ĭhain=prerouting action=accept dst-address=xx.xx.19.152/29 in-interface=bridge log=no log-prefix=""Ĭhain=prerouting action=accept dst-address=xx.xx.16.24/29 in-interface=bridge log=no log-prefix=""Ħ chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes dst-address-type=!local in-interface=bridge per-connection-classifier=both-addresses:2/0 log=no log-prefix=""ħ chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes dst-address-type=!local in-interface=bridge per-connection-classifier=both-addresses:2/1 log=no log-prefix=""Ĭhain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes src-address=192.168.0.250 dst-address-type=!local in-interface=bridge log=no log-prefix=""ĩ chain=prerouting action=mark-routing new-routing-mark=to_WAN1 passthrough=yes connection-mark=WAN1_conn in-interface=bridge log=no log-prefix=""ġ0 chain=prerouting action=mark-routing new-routing-mark=to_WAN2 passthrough=yes connection-mark=WAN2_conn in-interface=bridge log=no log-prefix="" ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |