Allied Telesis AT-WR4500 User Manual
AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers
113
RouterOS v3 Configuration and User Guide
You can use policy routing even if you use masquerading on your private networks. The source address
will be the same as it is in the local network. In previous versions of RouterOS the source address
changed to 0.0.0.0
It is impossible to recognize peer-to-peer traffic from the first packet. Only already established
connections can be matched. That also means that in case source NAT is treating Peer-to-Peer traffic
differently from the regular traffic, Peer-to-Peer programs will not work (general application is policy-
routing redirecting regular traffic through one interface and Peer-to-Peer traffic - through another). A
known workaround for this problem is to solve it from the other side: making not Peer-to-Peer traffic to
go through another gateway, but all other useful traffic go through another gateway. In other words, to
specify what protocols (HTTP, DNS, POP3, etc.) will go through the gateway A, leaving all the rest (so
Peer-to-Peer traffic also) to use the gateway B (it is not important, which gateway is which; it is only
important to keep Peer-to-Peer together with all traffic except the specified protocols).
will be the same as it is in the local network. In previous versions of RouterOS the source address
changed to 0.0.0.0
It is impossible to recognize peer-to-peer traffic from the first packet. Only already established
connections can be matched. That also means that in case source NAT is treating Peer-to-Peer traffic
differently from the regular traffic, Peer-to-Peer programs will not work (general application is policy-
routing redirecting regular traffic through one interface and Peer-to-Peer traffic - through another). A
known workaround for this problem is to solve it from the other side: making not Peer-to-Peer traffic to
go through another gateway, but all other useful traffic go through another gateway. In other words, to
specify what protocols (HTTP, DNS, POP3, etc.) will go through the gateway A, leaving all the rest (so
Peer-to-Peer traffic also) to use the gateway B (it is not important, which gateway is which; it is only
important to keep Peer-to-Peer together with all traffic except the specified protocols).
Example
To add the rule specifying that all the packets from the 10.0.0.144 host should lookup the at routing
table:
table:
[admin@AT-WR4562] ip firewall mangle add action=mark-routing new-routing-mark=at \
\... chain=prerouting
[admin@AT-WR4562] ip route> add gateway=10.0.0.254 routing-mark=mt
[admin@AT-WR4562] ip route rule> add src-address=10.0.0.144/32 \
\... table=mt action=lookup
[admin@AT-WR4562] ip route rule> print
Flags: X - disabled, I - invalid
0 src-address=192.168.0.144/32 action=lookup table=mt
[admin@AT-WR4562] ip route rule>
\... chain=prerouting
[admin@AT-WR4562] ip route> add gateway=10.0.0.254 routing-mark=mt
[admin@AT-WR4562] ip route rule> add src-address=10.0.0.144/32 \
\... table=mt action=lookup
[admin@AT-WR4562] ip route rule> print
Flags: X - disabled, I - invalid
0 src-address=192.168.0.144/32 action=lookup table=mt
[admin@AT-WR4562] ip route rule>
5.4.4
Application Examples
Static Equal Cost Multi-Path routing
Consider the following situation where we have to route packets from the network 192.168.0.0/24 to 2
gateways - 10.1.0.1 and 10.1.1.1:
gateways - 10.1.0.1 and 10.1.1.1:
10.1.0.1/28
2 Mbps
Interface: Public1
IP: 10.1.0.2/28
ISP 1
ISP 2
10.1.1.1/28
4 Mbps
192.168.0.0/24
Interface: Public2
IP: 10.1.1.2/28
IP: 10.1.1.2/28
Interface: Local
IP: 192.168.0.1/24
Figure 16: Static Equal Cost Multi-Path Routing example