Setup guide

ManualsBrandsD-Link ManualsComputer equipmentDWL-500 - 11Mb Wireless LAN PCI Network Card

201

202

203

204

205

206

207

208

209

210

src-address (IP address/mask) - source IP address/mask

dst-address (IP address/mask) - destination IP address/mask

interface (name | all; default: all) - interface name through which the packet arrives. Should be 'all'

for the rule that should match locally generated or masqueraded packets, since at the moment of

processing the routing table these packets have interface name set to loopback

flow (name; default: "") - flow mask of the packet to be mached by this rule. To add a flow, use '/ip

firewall mangle' commands

action (drop | unreachable | lookup; default: unreachable) - action to be processed on packets

matched by this rule:

• drop - silently drop packet

• unreachable - reply that destination host is unreachable

• lookup - lookup route in given routing table

Notes

You can use policy routing even if you use masquerading on your private networks. The source

address will be the same as it is in the local network. In previous versions of RouterOS the source

address changed to 0.0.0.0

Example

To add the rule specifying that all the packets from the 10.0.0.144 host should lookup the mt

routing table:

[admin@Wandy] ip policy-routing rule> add src-address=10.0.0.144/32 \

\... table=mt action=lookup

[admin@Wandy] ip policy-routing rule> print

Flags: X - disabled, I - invalid

# SRC-ADDRESS DST-ADDRESS INTE... FLOW ACTION TABLE

0 0.0.0.0/0 0.0.0.0/0 all lookup main

1 10.0.0.144/32 0.0.0.0/0 all lookup mt

[admin@Wandy] ip policy-routing rule>

Application Examples

Standard Policy-Routing Setup

Suppose we want packets coming from 1.1.1.0/24 to use gateway 10.0.0.1 and packets from

2.2.2.0/24 to use gateway 10.0.0.2. And the rest of packets will use gateway 10.0.0.254:

Command sequence to achieve this:

1. Add 3 new routing tables. One for local network 1.1.1.0/24, one for network 2.2.2.0/24 and the

rest for all other networks (0.0.0.0/0):

[admin@Wandy] ip policy-routing> add name=from_net1; add name=from_net2; add

name=rest

[admin@Wandy] ip policy-routing> print

Flags: D - dynamic

# NAME

0 from_net1

1 from_net2

2 rest

2 D main

[admin@Wandy] ip policy-routing>