Hi there
I have investigated the High drops that my Router get from UCSD with the help of the new PCAP files that Brian Made available for us
it tern out that my router MikroTik that sit on the DMZ of the Cable modem
Is Probed from the outside world in its Commercial IP and send its Trafic to the UCSD interface which is its default route
How can I redirect packets from the outside world that sent to the router commercial IP to go back to the ISP and not go to the UCSD interface ?
is there any Mikrotik Expert that can tell me what to do ?
I need only to route the ip of the router that sit on the DMZ
I saw that another Mikrotik on the AMPRNT get a lot of drops and it looks it have something similar
Any help is welcome
As i Stated before Im willing to give web telnet Or SSH access
Just for Info the router connected on the DMZ of the Main Cable router it uses 192.168.1.x address and the DMZ point to this address
Regards
Any info is more then welcome
Regards
Ronen - 4Z4ZQ
Ronen Pinchooks (4Z4ZQ) WebSitehttp://www.ronen.org/ www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
On Mon, May 15, 2017 at 10:06 AM, R P ronenp@hotmail.com wrote:
How can I redirect packets from the outside world that sent to the router commercial IP to go back to the ISP and not go to the UCSD interface ?
You can create a firewall rule that adds a routing mark to packets from your 44 addresses and forces them out the tunnel interface, while leaving everything else to go out the commercial IP: https://wiki.mikrotik.com/wiki/Policy_Base_Routing http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_MikroTik_Routers
Tom KD7LXL
As I pointed out many times before, the default route of the router has to be via the gateway's public IP, not the tunnel.
IMHO, the special case is to send replies to access from the internet via the tunnel back to the tunnel:
- set default gateway to your ISP, including masquerade
- mark incoming connections from a non-44 source via tunnel with a connection mark of your liking.
- mark outgoing traffic with that connection mark with a new routing mark
- set the default route for that connection mark/table via tunnel
Marius, YO2LOJ
On 15.05.2017 20:06, R P wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hi there
I have investigated the High drops that my Router get from UCSD with the help of the new PCAP files that Brian Made available for us
it tern out that my router MikroTik that sit on the DMZ of the Cable modem
Is Probed from the outside world in its Commercial IP and send its Trafic to the UCSD interface which is its default route
How can I redirect packets from the outside world that sent to the router commercial IP to go back to the ISP and not go to the UCSD interface ?
is there any Mikrotik Expert that can tell me what to do ?
I need only to route the ip of the router that sit on the DMZ
I saw that another Mikrotik on the AMPRNT get a lot of drops and it looks it have something similar
Any help is welcome
As i Stated before Im willing to give web telnet Or SSH access
Just for Info the router connected on the DMZ of the Main Cable router it uses 192.168.1.x address and the DMZ point to this address
Regards
Any info is more then welcome
Regards
Ronen - 4Z4ZQ
Ronen Pinchooks (4Z4ZQ) WebSitehttp://www.ronen.org/ www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
Marius and others
I have tried to do something but something dont work
first of all i can not do default route to the ISP without doing the other 44 Net Route policy and since i didnt succeed so far i had to do default route to the tunnel otherwise i had no 44 Net connectivity
i have tried to follow the Mikrotik Wiki few times the explain there is far from being simple for users that are not familiar with mikrotik and here the mikrotik is almost not known (i think im among the few in the country that use it) also the photos there of the screen is not correlated to my router screen (probably due to the difference between the OS ) (i use OS6.34.4)
the two lines you gave me "mark trafic" is not understandable to me how to do it
here is what i want to do and what i did to accomplish it
I want to route traffic from source address 192.168.1.180 (the Mikrotik NON 44 net IP that sit on the DMZ) to go via the isp (to 192.168.1.1 (the Router of the ISP)
I created a mangle rule to mark connection from source address 192.168.1.180 as source-192.168.1.180
then i have added static route to route 0.0.0.0/0 (default) trafic from marked source-192.168.1.180 to 192.168.1.1
I can see that trafic couter raise in the firewall rule of the mangle rule but the trafic is not routed to the 192.168.1.1 although i see this route statement in the route table
will it be easier for someone to give me the necessary commands for what i want to do in text or (prefered ) in web interface
What am i doing wrong ?
Regards
Ronen
________________________________ From: 44Net 44net-bounces+ronenp=hotmail.com@hamradio.ucsd.edu on behalf of Marius Petrescu marius@yo2loj.ro Sent: Monday, May 15, 2017 10:15 PM To: AMPRNet working group Subject: Re: [44net] how to route Mikrotik Gateway Commercial IP to the ISP and not to UCSD ?
(Please trim inclusions from previous messages) _______________________________________________
- mark incoming connections from a non-44 source via tunnel with a connection mark of your liking.
- mark outgoing traffic with that connection mark with a new routing mark
- set the default route for that connection mark/table via tunnel
-
Marius Petrescu -
R P -
Tom Hayward