Assigning Specific list of IP to WAN 2

Bayemmm · October 17, 2022, 1:52am

Hi, I’m new to mikrotik hardware i’m wondering how to assign a specific list of IP’s from Address List to a WAN 2. Currently its kinda working. Here’s my current setup.

Mangle: scr address list: RoutesISP2 , action: mark routing, New routing mark: RouteISP2
Routes: dst.Address: 0.0.0.0, gateway: (my static ip), Routing mark: RouteISP2.

It’s working for internet connectivity and it was redirecting traffic to WAN2, but i was unable to connect to my local computer within the network.

The problem is i was unable to access local IP’s. and my goal was Assigning IP’s to a WAN2 also could access local IP’s at the same time

If you guys have any suggestion for my setup. Im newbie so please provide details step by step.

Thank you.

Bayemmm · October 18, 2022, 2:20am

Any one have any idea?

Sob · October 26, 2022, 12:16am

In short, if it shouldn’t go to internet, don’t mark it. Simplest way would be to add another condition to mangle rule, dst-address=!192.168.0.0/16 (“!” means “not”; and use whatever subnet you have in LAN). But it’s not very efficient, because it’s done (conditions are checked) for every packet, so it’s better to first mark connection, and then work with that, e.g:

/ip firewall mangle
add chain=prerouting connection-state=new src-address-list=RoutesISP2 dst-address=!192.168.0.0/16 action=mark-connection new-connection-mark=toISP2 passthrough=yes
add chain=prerouting in-interface=<LAN> connection-mark=toISP2 action=mark-routing new-routing-mark=RouteISP2

Multiple destination subnets to exclude can be handled using address list, same as sources.

anav · October 26, 2022, 11:40am

Nice!!
To the OP how many people (users) are you talking about?
Can you put them all on one subnet?

@Sob to keep using fastrack for the rest of the traffic in the forward chain is this correct/recommended? - putting these two rules before fastrack rule…
/ip firewall filter
add action=accept chain=forward connection-state=established,related src-address-list=RoutesISP2
add action=accept chain=forward connection-state=established,related dst-address-list=RoutesISP2
{default fastrack rule}

Sob · October 26, 2022, 12:27pm

That’s another advantage of marking connections, you can simply add connection-mark=no-mark to fasttrack rule and it won’t touch marked ones.

anav · October 26, 2022, 1:03pm

Super sweet, nice touch!! Near genius! (no not looking for any favours LOL)