I really do appreciate the offers for help. I don't really feel right about posting the entire routing table (as is) in a public place though. Then again, omitting info from it may mask the problem. The router has been at the current location for years and has seen at least 6 different gateways and lots of static customers. The routing table is full of public IPs, customer names, carrier names, comments, etc... Not to mention that there are multiple admins working on it - so it's kind of messy. I guess I can just post the pertinent parts and mask the sensitive info - I'm just afraid that may also mask the problem I'm trying to solve here...
Basically, I have two IPs on 1 WAN interface, lets say:
/ip address add address=10.10.0.254/24 interface="WAN1 - Cable"
/ip address add address=10.11.0.254/24 interface="WAN1 - Cable"
/ip firewall nat add chain=srcnat action=masquerade out-interface="WAN1 - Cable"
a mangle for the second gateway:
/ip firewall mangle add src-address=172.16.0.122 action=mark-routing new-routing-mark=OTHER_CABLE_OUT chain=prerouting passthrough=yes
and two main routes:
/ip route add dst-address=0.0.0.0/0 gateway=10.10.0.1 distance=0 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=10.11.0.1 distance=0 check-gateway=ping routing-mark=OTHER_CABLE_OUT
/ip route print detail
32 A S dst-address=0.0.0.0/0 gateway=10.10.0.1 check-gateway=ping interface=WAN1 - Cable gateway-state=reachable
distance=0 scope=255 target-scope=10
38 S ;;; Cable2 Spill-Over
dst-address=0.0.0.0/0 gateway=10.11.0.1 pref-src=10.11.0.254 check-gateway=ping interface=""
gateway-state=unreachable distance=0 scope=255 target-scope=10 routing-mark=OTHER_CABLE_OUT
We have customers setup on 172.16.x.x addresses, among others. Can you see any reason why this basic config wouldn't/shouldn't work? The second route always shows as invalid with an "unknown" interface. I guess I'm going to have to clean this router up eventually - or start over fresh with it. I'm just not sure what or who's service that might "break". This always works perfectly if the routes are on different physical interfaces. I'm almost thinking about trying the VLAN idea dsdee had, just for kicks. So you guys have really run a MT router with multiple gateways on one single WAN interface with success (statically routed - no PPPOE/MLPPP)?
I did try an: /ip route rule :
/ip route rule print detail:
Flags: X - disabled, I - inactive
0 src-address=172.16.0.122/32 action=lookup table=OTHER_CABLE_OUT
This didn't seem to make any difference. I'm not sure I completely understand why it's needed though - I've never needed it in the past with multiple WAN ports. Is it related to using a single WAN port?
Also, not sure what you mean when you say "enter in your local subnets into the alternate routing table". Do you mean don't forget my customer natted addresses/subnets on the LAN port??