If I understand you correctly and you want to make exception for some destinations, then add a rule like this:
/ip firewall mangle
add chain=prerouting in-interface=LANbridge connection-mark=no-mark dst-address-type=!local dst-address-list=<address list with your destinations> action=mark-connection new-connection-mark=ISP2_conn
and put it before those three with per-connection-classifier.
And communication between LANbridge and WAN2-ether2 is the matter of your firewall. What exactly needs to be done depends on what you have now.
thanks @sob i added rule. but without luck.
10.168.31.1 is local ip accessible with traceroute tool when interface is selected WAN2-ether2 traceroute
when interface is LANbridge it becomes inaccessible.
I don’t see anything clearly wrong. Does the new rule work, i.e. does it mark anything (you can enable logging for it)?
Another problem can be routing, is there srcnat, or do you keep original address when connecting to 10.168.31.1? If it’s the latter, does 10.168.31.1 have route back to whatever the source address is?
Maybe. You wrote that “WAN2 is also LAN”, so if it means that you don’t really need own subnet for LAN, and you could have everything in 10.168.32.0/24, then you could bridge LAN and WAN2 together. But I don’t know enough about your environment, how exactly it all works. For example, if there’s already DHCP server for clients in 10.168.32.0/24, because you’d need it to give out your router as gateway, otherwise you’d have no load balancing, if clients would use different gateway. In short, there’s not enough info.
All computers have local adreses from 10.168.31.3 to 10.168.32.254. MT router needs to get internet from 10.168.32.254 and give to local computers. I attached schematic
LAN with internet access needs to be on Lan bridge? if i want to stay with 10.168.31.3 to 10.168.32.254 for computers ? or it needs to be like interface ?
for now i achieved that works only one internet connection with connection marker to 10.168.32.254 gw, but feels unstable
yes i try to achieve that Mt router will be dhcp for network and default gateway. If i bridge LAN and WAN2 together, whats is best way to do ? add wan2 interface to lanBridge ?
add chain=srcnat out-interface=WAN2-ether2 action=masquerade is needed ?
WTF are you doing??
My favourite expression today, dont take it personal.
Firstly WTF do you mean, that you have two subnets?? 10.168.31.0/24 AND 10.168.32.0/24 ?? Like a normal sane person would do? or some ugly twisted setup that only people with training can understand
All computers have local addresses from 10.168.31.3 to 10.168.32.254
Point two
WTF is this. If you are going to so blatantly mix up WAN and LAN then more detail is required…
MT router needs to get internet from 10.168.32.254
(all computers have local address but my router gets internet from the same local address ??? WTF??? )
According to the first post the LAN is add address=192.168.70.1/24 network=192.168.70.0 interface=LANbridge
Nothing seems to fit …
SO in conclusion,
post your WTF config because nothing makes sense until it is seen
Well, subnets larger than /24 are not as scary as some may think, but what you describe seems as a big mess so far. For start, how did it happen that you have 10.168.32.0/24 on WAN (are you sure about the mask?) and same subnet (possibly part of larger one) in LAN?
This is corporate network(campus network topology) every subnet has its own gw. For network 10.168.31.0 10.168.31.254 and for network 10.168.32.0 gw 10.168.32.254. One house wants to implement internet load balancer. Problem that lan has internet Access with no vlans. I wannted to add router with 10.168.32.253 adress and assing to clients on lan side with same ip network. How can be done? Whats is Best way ?
Yes, this network is big wtf to me. Tomorow i Will post config. But i think its wrong. With 2 internets and 1 normal lan over masqurade it works. But when i add wtf network nothing works.
It depends. Easy way is to have original campus network as one WAN, another connection as second WAN, yet another as third WAN, and put all devices in completely different LAN behind your router, so they won’t be direct part of campus network anymore. Then you’d have regular multi-WAN setup.
But if devices need to stay as part of original campus network, it’s problematic. You’d need your router as semi-transparent bridge and intercept connections to internet, in order to load balance them, which is probably possible, but it won’t be anything very pretty.
In manual it would be probably listed in “things you shouldn’t do” section. I’ll try to think about something. How is it with configuration of devices? Do they get addresses from dhcp? Which would be on regular gateway (10.168.32.254) I assume?
