Hello,
In our Mikrotik setup we have several ports including eth1 not having public internet connection due to security reasons so we cant running mikrotik updates for example.
But we have other port with internet connection (using for connect winbox for example) so we want change “internet” connection of mikrotik to this port. How?
Thanks,
Of course there is no security in removing internet from ether1 and then providing it on another port than ether1, but that is your policy
so you probably consider it a good thing.
Software updates on MikroTik are not at all tied to ether1. When the router can connect to the internet via whatever route, no matter on
what port, it can even be via VPN, it can do updates. It uses the normal routing table for updates, not a fixed interface.
You need to make sure that the IP->DNS service is configured even when you do not use the resolver for other things (just remove the
allow-remote-requests checkmark in that case, now there is some useful security measure!).
Also make sure that when the path to internet has a smaller MTU than 1500 at some place, you put a “clamp tcp mss” rule in the mangle
chain at that place.
Hello,
We have the IP → DNS configurated with Google Open DNS and still have the problem. In fact i need connectivity to other things beyond updates but unfortunately dont work.
My route list in attach, any help? The interface ether have connectivity to exterior (with ping tool of winbox selected that port works fine).
Your active default route points to ether1 but you say you don’t have internet connectivity there.
That is not going to work. You need to limit the routes to what actually works.