Mikrotik - routing a single address, part of a direct accessed subnet

Question

I have a Mikrotik RB2011 and several TP-Links - WR740N, located at different geo locations, part of my ISP MAN network.

My ISP provides me with an (static) address/mask and a gateway for each device. Ie:

routerboard - 192.168.5.10/24 - gate 192.168.5.1
TPLink1 - 192.168.10.5/24 - gate 192.168.10.1
TPLink2 - 192.168.20.10/24 - gate 192.168.20.1
TPLink3 - 192.168.30.15/24 - gate 192.168.30.1
etc...

Because the routerboard has more than one WAN address, I configured the routes to the networks from above this way:

accessing TPLink1 - 192.168.10.0/24 -> 192.168.5.1
accessing TPLink2 - 192.168.20.0/24 -> 192.168.5.1
accessing TPLink3 - 192.168.30.0/24 -> 192.168.5.1
and so on...

Everything goes fine. I'm able to access each TPLink from the routerboard.

But I have a TPLinkX with an assigned address 192.168.5.6/29 and its network (5.0/29) is physically different from the routerboards one (5.0/24).

So, I added a new route (routerboard site) - 192.168.5.6/32 -> 192.168.5.1 and everything works, but after some time (5-10-15-20 minutes) this route becomes ignored. If I disable the route and enable it again - it becomes to work again (again for a short period of time). By the way, I'm surprised that it even works (although for a brief), because by default I have a dynamic route - 192.168.5.0/24 -> interface with a distance of 0 (generated because the static WAN address).

Is there any way to "bypass" the default route just for one host (or another approach) ?

Thanks in advance

EDIT

/ip routes

# jan/22/2015 13:38:30 by RouterOS 6.25
# software id = 8IZ2-4V85

 0 A S  dst-address=192.168.5.6/32 gateway=192.168.5.1
        gateway-status=192.168.5.1 reachable via  ether1-gateway distance=1 
        scope=30 target-scope=10

 1 ADS  dst-address=0.0.0.0/0 gateway=XXX.XXX.XXX.XXX 
        gateway-status=XXX.XXX.XXX.XXX reachable via  pppoe distance=1 
        scope=30 target-scope=10 

 3 ADC  dst-address=192.168.1.0/24 pref-src=192.168.1.1 gateway=ether2 
        gateway-status=ether2 reachable distance=0 scope=10 

 4 A S  dst-address=192.168.8.0/24 gateway=192.168.5.1 
        gateway-status=192.168.5.1 reachable via  ether1-gateway distance=1 
        scope=30 target-scope=10 

14 A S  dst-address=192.168.12.0/24 gateway=192.168.5.1 
        gateway-status=192.168.5.1 reachable via  ether1-gateway distance=1 
        scope=30 target-scope=10 

15 A S  dst-address=192.168.20.0/24 gateway=192.168.5.1 
        gateway-status=192.168.5.1 reachable via  ether1-gateway distance=1 
        scope=30 target-scope=10 

16 A S  dst-address=192.168.24.0/24 gateway=192.168.5.1 
        gateway-status=192.168.5.1 reachable via  ether1-gateway distance=1 
        scope=30 target-scope=10 

17 ADC  dst-address=192.168.5.0/22 pref-src=192.168.5.11 
        gateway=ether1-gateway gateway-status=ether1-gateway reachable 
        distance=0 scope=10 

23 ADC  dst-address=XXX.XXX.XXX.XXX/32 pref-src=XXX.XXX.XXX.XXX gateway=pppoe client
        gateway-status=pppoe reachable distance=0 scope=10

The problematic one is the first route. It works for a while, but then suddenly becomes ignored.

Also check this post here, might be what you are looking for https://serverfault.com/questions/660916/nat-a-single-ip-using-2nd-wan-internet/661193#661193 — Cha0s, Jan 22 '15 at 10:25
Unfortunately, I've tried it, but it didn't work. I've edited the question with the exported routes. — user266393, Jan 22 '15 at 11:47
Have you looked at policy based routing, using routing marks and assigning the table based on the dst address, sort of like this? http://blog.butchevans.com/2008/09/mikrotik-policy-routing-implementation-example/ It's the other half of the mangle, adding route rules, not just routes. I'd be glad to write up an answer if you haven't tried it.. — NickW, Jan 22 '15 at 12:04
I'm afraid that this could not happen, because I found the following at the mikrotik website: _Note! Policy routing will not function 'as desired' for packets originated from the router or masqueraded packets. It is because these packets have source address 0.0.0.0 at the moment when they are processed by the routing table. Therefore it is not possible to have masquerading with different source addresses._ — user266393, Jan 22 '15 at 14:34

score 0 · Answer 1 · answered Mar 24 '16 at 18:22

You can use rule tab in mikrotik route to specify routing for specific ip like this:

ip route add dst-address=192.168.5.6/32 gateway=192.168.5.1 routing-mark=tplinkx this adds route on table tplinkx

/ip route rule add action=lookup-only-in-table dst-address=192.168.5.6/32 table=tplinkx
this command check if dst-address is 5.6 then look for tplinkx marks routes and not default routes.

Mikrotik - routing a single address, part of a direct accessed subnet

1 Answers1