I’m discouraged, please help me to understand this issue.
Could i connect to the Routerboard if the forward and reverse routes are different?
Example:
I have RouterBoard with Dual WAN. I have route to 0.0.0.0/0 from the Gateway_ISP1 only, then i try to ping to IP_WAN1 and IP_WAN2 i get a positive result in both cases. Why? I use torch to investigate this case. When i ping IP_WAN2 (Rx) reverse route passes thru IP_WAN1 (Tx).
Previously, I needed to use a Routing Mark and Mangle or Routing Rules to be able access to Mikrotik thru both WAN interfaces.
I found a part of answer…
I change RP filter to strict and everything was working as before.
RP filter default is ‘no’.
But how did it work before with the default setting?
This is correct. Without any kind of policy routing, the Mikrotik is just going to use the default GW to reach you, and if that route points out via ISP1, then requests coming in ISP2 will be replied to using the ISP1 interface, which can’t work properly, unless ISP1 doesn’t have anti-spoofing rules on their router and your Mikrotik knows not to srcnat the replies with the ISP2 interfaces’s IP address… but more than likely they are (and should be) anti-spoof filtering their customers, so it’s better to use policy routing as you suggested.
Hi, can you detail this RP filter for me?
Hi
Just to be clear: RP filter is only for incoming packets. see https://wiki.mikrotik.com/wiki/Manual:IP/Settings#Properties
It has no impact on routing within the router.