Hellou
I think i have read a lot of posts about failovers, multiwans,... but have not found any relating my issue.
I have 2 ISPs , first (ISP1) is through dsl , there is modem tplink that is pingable from internet, he has local IP-A , and running dhcp server. Mikrotik has dhcp client, requests IP and everything is fine, route 0.0.0.0 has priority 0
However ISP2 needs to set Public IP-B directly on mikrotik. So Ether3 has this IP with prioroty 1. In case of failure of ISP1 , mikrotik switches to ISP2 and traffic goes on. When ISP1 is back online, mikrotik switches back to this provider.
My problem is that Public IP-B is not pingable from internet, until priority is lower than DHCP Client (switch script from netwatch will increase priority of dhcp client default route if ip address that it monitors becomes unavailable through ISP1)
Is there any workaround for this ? I think its bug, if I set an IP on eth i want it to be pingable regardless of the priority of the other ethernet ports and their ip addresses.
Thank you.
failover ping on interfaces
You do not have the required permissions to view the files attached to this post.
Re: failover ping on interfaces
It is not a bug, it is how routing works.
You will need to configure correct mangle for multi-wan, to use a correct route for correct packets.
Here is a presentation that should tell you how. You can ignore the load-balancing part.
http://tiktube.com/video/DofH3iFnjDJomG ... uKlEoLqHq=
You will need to configure correct mangle for multi-wan, to use a correct route for correct packets.
Here is a presentation that should tell you how. You can ignore the load-balancing part.
http://tiktube.com/video/DofH3iFnjDJomG ... uKlEoLqHq=
Re: failover ping on interfaces
great example, and on another mikrotik with 2 and more static "wan" ip addresses on diff ethernets it works (this is mine for example (eth2_to_wlan1 is bridge which is bridging internal network with wifi) :It is not a bug, it is how routing works.
You will need to configure correct mangle for multi-wan, to use a correct route for correct packets.
Here is a presentation that should tell you how. You can ignore the load-balancing part.
http://tiktube.com/video/DofH3iFnjDJomG ... uKlEoLqHq=
Code: Select all
/ip firewall mangle
add chain=prerouting dst-address=10.20.30.0/23 action=accept in-interface=eth2_to_wlan1
add chain=prerouting dst-address=195.168.31.216/29 action=accept in-interface=eth2_to_wlan1
add chain=prerouting in-interface=ether1 connection-mark=no-mark action=mark-connection new-connection-mark=ether1_conn
add chain=prerouting in-interface=ether3 connection-mark=no-mark action=mark-connection new-connection-mark=ether3_conn
add chain=prerouting in-interface=eth2_to_wlan1 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ether1_conn
add chain=prerouting in-interface=eth2_to_wlan1 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ether3_conn
add chain=prerouting connection-mark=ether1_conn in-interface=eth2_to_wlan1 action=mark-routing new-routing-mark=to_ether1
add chain=prerouting connection-mark=ether3_conn in-interface=eth2_to_wlan1 action=mark-routing new-routing-mark=to_ether3
add chain=output connection-mark=ether1_conn action=mark-routing new-routing-mark=to_ether1
add chain=output connection-mark=ether3_conn action=mark-routing new-routing-mark=to_ether3
/ip route
add dst-address=0.0.0.0/0 gateway=10.20.0.1 routing-mark=to_ether1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=195.168.31.217 routing-mark=to_ether3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.20.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=195.168.31.217 distance=1 check-gateway=pingbut the question still stays, why (slightly modified rules (ip addressed only)) do not work on connection where wan1 is private dhcp client address , and wan2 is static public address.
edit:
This is the setup that is not working (for example) i think there is everything set up right (of course there are few "disabled" things so dont mind them)
You do not have the required permissions to view the files attached to this post.