On my platform (mikrotik RB750Gr3 + MikroTik RouterOS 6.38.7) i’m have two providers (1 - pppoe, 2 - static ip).
My working configuration (code 1) is
/interface ethernet {
set ether3 name=ether3-master;
set ether4 master-port=ether3-master;
set ether5 master-port=ether3-master;
};
/ip address add address=192.168.0.1/24 interface=ether3-master;
/ip dns {
set allow-remote-requests=yes
static add name=router address=192.168.0.1
};
/ip pool add name="default-dhcp" ranges=192.168.0.100-192.168.0.250;
/ip dhcp-server add name=defconf address-pool="default-dhcp" interface=ether3-master lease-time=1d disabled=no;
/ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.1 comment="defconf";
/ip address add address=217.116.55.202/255.255.255.252 interface=ether2 comment="rk";
/ip dns set servers=217.116.48.20,185.46.198.10,217.116.48.21,185.46.198.14;
/interface pppoe-client add name=pppoe-vmeste user=uuu password=ppp interface=ether1 disabled=no;
:delay 2s;
/ip firewall nat add chain=srcnat action=masquerade;
/ip firewall {
filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
filter add chain=input action=accept connection-state=established,related comment="defconf: accept established,related"
filter add chain=input action=drop in-interface=pppoe-vmeste comment="defconf: drop all from VMESTE"
filter add chain=input action=drop in-interface=ether2 comment="defconf: drop all from RK"
filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
filter add chain=forward action=accept connection-state=established,related comment="defconf: accept established,related"
filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=pppoe-vmeste comment="defconf: drop all from VMESTE not DSTNATed"
filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether2 comment="defconf: drop all from RK not DSTNATed"
};
/ip firewall mangle add action=mark-connection chain=prerouting in-interface=pppoe-vmeste new-connection-mark=cin_ISP1 passthrough=no comment="twowork";
/ip firewall mangle add action=mark-connection chain=prerouting in-interface=ether2 new-connection-mark=cin_ISP2 passthrough=no comment="twowork";
/ip firewall mangle add action=mark-routing chain=output connection-mark=cin_ISP1 new-routing-mark=rout_ISP1 passthrough=no comment="twowork";
/ip firewall mangle add action=mark-routing chain=output connection-mark=cin_ISP2 new-routing-mark=rout_ISP2 passthrough=no comment="twowork";
/ip route add distance=1 gateway=185.46.196.6 routing-mark=rout_ISP1 check-gateway=ping comment="twowork";
/ip route add distance=1 gateway=217.116.55.201 routing-mark=rout_ISP2 check-gateway=ping comment="twowork";
/ip firewall mangle add action=mark-routing chain=prerouting disabled=no new-routing-mark=mixed src-address=192.168.0.0/24 dst-address=!192.168.0.0/24 comment="twowork";
#use ECMP for balancing
/ip route add dst-address=0.0.0.0/0 gateway=185.46.196.6,217.116.55.201 routing-mark=mixed comment="twowork";
But my network have some ip phones. And in that configuration ip phones doesnt work, because, as i think, for his work needed connection with static ip. Im have one (its on ether2 interface). And so i’m added in my config some code (code 2) below:
/ip firewall address-list add address=192.168.0.116 disabled=no list=RK_USER
/ip firewall address-list add address=192.168.0.111 disabled=no list=RK_USER
/ip firewall address-list add address=192.168.0.132 disabled=no list=RK_USER
/ip firewall address-list add address=192.168.0.107 disabled=no list=RK_USER
/ip firewall mangle add action=mark-routing chain=prerouting disabled=no new-routing-mark=rk_user dst-address=!192.168.0.0/24 src-address-list=RK_USER
/ip route add dst-address=0.0.0.0/0 gateway=217.116.55.201 routing-mark=rk_user comment="twowork";
In that way im waiting that all traffic from ip address list RK_USER must process across ether2 interface, but in fact that no one ip from net 192.168.0.0/24 can’t reach any internet address at all.
in general, I am finally overloaded) Please, advise what is wrong.
Thank you.