Community discussions

MikroTik App
 
misha11
just joined
Topic Author
Posts: 4
Joined: Tue Mar 27, 2012 3:28 pm

two providers and static pool of external IP from one ofthem

Tue Mar 27, 2012 4:04 pm

Hi I have some problem with situation below:

ether1 - ISP1, IP: A.A.A.A/30
ether2 - ISP2, IP: B.B.B.B/30
ether3 - lan IP: 192.168.0.1/16 and C.C.C.1/24 and pool of external IPs from provider ISP2

I would like to use internet from provider ISP1 for computers from range 192.168.0.0/16 (NAT) and internet from provider ISP2 for computers with external IP.

my config:
/ip firewall mangle
add action=mark-routing chain=prerouting comment="" disabled=no \
new-routing-mark=to_ISP1 passthrough=no src-address=192.168.0.0/16
add action=mark-routing chain=prerouting comment="" disabled=no \
new-routing-mark=to_ISP2 passthrough=no src-address=C.C.C.0/24



/ip route
add comment="ISP1" disabled=no distance=1 dst-address=0.0.0.0/0 \
gateway=A.A.A.1 routing-mark=to_ISP1 scope=30 target-scope=10
add comment="ISP2" disabled=no distance=1 dst-address=0.0.0.0/0 \
gateway=B.B.B.49 routing-mark=to_ISP2 scope=30 target-scope=10


/ip firewall nat
add action=masquerade chain=srcnat comment=nat disabled=no \
src-address=192.168.0.0/16


please helt because with this config nothing works.

Misha
 
User avatar
jvr
just joined
Posts: 10
Joined: Tue May 17, 2011 7:12 pm

Re: two providers and static pool of external IP from one of

Fri Mar 30, 2012 7:45 am

Try changing your mangle rules:

/ip firewall mangle
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=mark_ISP1 passthrough=yes src-address=192.168.0.0/16
add action=mark-routing chain=prerouting comment="" disabled=no \
new-routing-mark=to_ISP1 passthrough=no connection-mark=mark_ISP1
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=mark_ISP2 passthrough=yes src-address=C.C.C.0/24
add action=mark-routing chain=prerouting comment="" disabled=no \
new-routing-mark=to_ISP2 passthrough=no connection-mark=mark_ISP2

That's off the top of my head. The idea is that you mark the connection first, then mark the routing based on the connection mark.

Also, if your default route is through ISP1, there would be no need to mark for ISP1 at all (or vice versa). You only need to policy route for stuff that you don't want using the default route.

Who is online

Users browsing this forum: No registered users and 14 guests