Hi,
In RouterOS 7.6, I would like to setup a route, which would catch all reply packets RELATED to connection coming from a given interface wg1 and route such packets via wg1 rather than the default route.
In other words, if an incoming connection appears on iface wg1, I need the response to be routed via wg1 again. The response will be addressed to any public IP (0.0.0.0/0). Otherwise, the mikrotik's default route is set to ISP's CGNAT on inteface wan0.
On linux, this can be achieved with this:I have already tried to mark packets with routing-mark, which seems to work (count is increasing), and other steps as follows (gw 10.0.37.1 can be pinged, it is the other peer in wireguard tunnel on wg1).Needless to say, the routing does not work. I would hope that routing table rtr1 would be used for any packets marked with routing mark rtr1, but something does not work.
Any idea?
In RouterOS 7.6, I would like to setup a route, which would catch all reply packets RELATED to connection coming from a given interface wg1 and route such packets via wg1 rather than the default route.
In other words, if an incoming connection appears on iface wg1, I need the response to be routed via wg1 again. The response will be addressed to any public IP (0.0.0.0/0). Otherwise, the mikrotik's default route is set to ISP's CGNAT on inteface wan0.
On linux, this can be achieved with this:
Code:
iptables -t mangle -I PREROUTING 1 -i wg1 -m conntrack --ctstate NEW -j CONNMARK --set-mark 2iptables -t mangle -I PREROUTING 2 -m connmark --mark 2 -j CONNMARK --restore-mark ip rule add fwmark 2 lookup 2ip route add default dev wg1 table 2 Code:
/ip firewall mangle add chain=prerouting in-interface=wg1 action=mark-connection new-connection-mark=rtr1 passthrough=yes/ip firewall mangle add chain=prerouting connection-mark=rtr1 action=mark-routing new-routing-mark=rtr1 passthrough=yes/routing/table add name="rtr1" fib/routing/rule/add routing-mark=rtr1 table=rtr1 action=lookup/ip/route/add dst-address=0.0.0.0/0 gateway=10.0.37.1 routing-table=rtr1Any idea?
Statistics: Posted by Shon3 — Thu Dec 28, 2023 7:31 pm