2 interfaces, cant winbox on 1

jo2jo · February 15, 2007, 10:26pm

I have 2 public interfaces on my RB 532..one is a dsl line and one is a cable line. I use mangle rules with connection mark and routing mark actions correspond to the static routes (one line uses a mark, one does not.)

If the main line goes down, i just enable the routing mark mangle rule and all of the clients use the other route.

this works great.

my problem is i cant winbox into the RB, from the cable modem IP. It will report syslog logs, to my remote syslog server, from the cable IP but i can not connect. I can ping the cable IP and I have a single FW rule that says to reject anything on the Cablemodem’s ethernet interface that is NOT from my office.

If i disable the rule, i can not ping the cable modem IP, if enable it, i Can.

how do i get winbox access to this interface/ IP?

thanks

janisk · February 16, 2007, 7:59am

do not mangle outgoing traffic. it seems that winbox tries to comunicate, but packets comes from wrong ip address and are dropped, just add excpetion rule

jo2jo · February 16, 2007, 8:04am

??

I dont have any mangle rules applied to outgoing traffic…execpt the route ones, which would tell it to route through the correct, cable interface anyway.

but i did try it, and i disabled all outgoing mangle rules.. still nothing.

any ideas?

janisk · February 16, 2007, 8:22am

exactly. do route forward queue, but skip on outgoing

jo2jo · February 16, 2007, 8:28am

I still dont understand ur point… maybe i did not describe my setup well,

what i’m doing is mangle-> action: Mark Connection(from clients) = “users”

then in 2nd rule, mangle->action: Mark Route : “cable”

and i have a outgoing, static route set to 0.0.0.0/0 and (cable modem GW) condition= Match Route “Cable”

if the last rule is enabled, the clients traffic goes across the cable GW…in the event of an outage on dsl… thats just some background.

point here still is: Even when disabling these Mangle rules i can not connect via winbox via Cable IP, but alaways via primary DSL.

tks

janisk · February 16, 2007, 8:33am

please check your packet flow with current configuration and you will see where is the problem

jo2jo · February 16, 2007, 8:53am

which interface do i sniff to see packets generated from the MT router?

i can see my packets coming in.

thanks

janisk · February 16, 2007, 9:42am

both, if i am not mistaken, then on one interface wou will see incoming packets from your winbox, on another you will see outgoing replies to winbox