I’ve been trying many different things and its not seems to be working traffic still goes to the best route and not out of specific gateway.
I marked the connections and marked the traffic with src-address and still no good I see it uses mac of wan2 instead of wan1.
Here is my set up 10 ports 1 and 2 are WAN’s, 3-10 are bridged as are my 2 wlans.
so all LAN traffic is in BRIDGE.
I need some IP’s from the LAN traffic to go through WAN1 where at WAN2 is the default.
Please help by posting a working configuration.
[@gateway1] /ip firewall mangle>
25 ;;; ECMP
chain=input action=mark-connection new-connection-mark=frontier_conn in-interface=ether1
26 ;;; ECMP
chain=input action=mark-connection new-connection-mark=xfinity_conn in-interface=ether2
27 ;;; ECMP
chain=output action=mark-routing new-routing-mark=to_frontier connection-mark=frontier_conn
28 ;;; ECMP
chain=output action=mark-routing new-routing-mark=to_xfinity connection-mark=xfinity_conn
[@gateway1] /ip firewall mangle> /ip route print where !disabled
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S ;;; to_frontier
0.0.0.0/0 x.x.x.x 1
1 A S ;;; to_xfinity
0.0.0.0/0 x.x.x.x 1
2 A S ;;; ECMP_xfinity_frontier
0.0.0.0/0 x.x.x.x 1
x.x.x.x
x.x.x.x
[@gateway1] /ip firewall nat> print where !disabled
Flags: X - disabled, I - invalid, D - dynamic
2 chain=srcnat action=masquerade out-interface=ether1
3 chain=srcnat action=masquerade out-interface=ether2
[@gateway1] /interface bridge port> export
# apr/10/2022 23:53:53 by RouterOS 6.48.4
# software id = NUTA-4YVB
#
# model = RB4011iGS+5HacQ2HnD
# serial number = F03C0EEDBD0B
/interface bridge port
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
add bridge=bridge interface=sfp-sfpplus1
add bridge=bridge interface=wlan1
add bridge=bridge interface=wlan2
add bridge=bridge interface=ether5
Lets say my bridge network is 192.168.0.0/24, 192.168.1.1 is the bridge IP.
I want LAN ip of 192.168.1.38 to go out of WAN1 ONLY never to use WAN2. Can this be achieved. I want to see the MAC between it and WAN2 in the sniffer, how can this be achieved?
You are doing somewhat similar to what I am doing. I also have two ISPs and some traffic goes out on one of them and some traffic goes out on the second ISP. I am not trying to use failover. In my case, I am using different LANs as the separation. I am using routing rules to direct the traffic. If something like that will work for you, I can give more details and examples.
dst-address=0.0.0.0/0 gwy=ISP1 table=main distance=5 check-gateway=ping
dst-address=0.0.0.0/0 gwy=ISP2 table=main distance=10
dst-address=0.0.0./0 gwy=ISP2 table=useSecondary distance=10
/routing table add name=useSecondary fib
/routing rule add src-address=IP1 action=lookup table=useSecondary { for first IP }
/routing rule add src-address=IP2 action=lookup table=useSecondary { for second IP }
...
...
/routing rule add src-address=IPXX action=lookup table=useSecondary { for last IP }
Action=Lookup means that the router will direct such IPs to the secondary ISP and if the secondary ISP is not available will move the traffic to WAN1
If you decided to choose Action=Lookup-only-in-table, the router would NOT move the IP to an available route if WAN2 went down.
Anav, I don’t think I have these options my version is 6.48 there is no /routing table or rule option if I am not mistaken I will double check otherwise this should suffice.
Route Rules are found in IP Routes as another tab selection at the top and one enters them like so (same as before really).
add src-address=IP1 action=lookup table=useSecondary
and so on…
In other words, the only real difference is
a. dont create a table.
b. use Routing Mark in the Route
c. refer to the Routing Mark in the Route rule via the Table designator/parameter in the Route Rule.
[igor@gateway1] /routing>
.. -- go up to root
bfd --
bgp --
export -- Print or save an export script that can be used to restore configuration
filter --
mme --
ospf --
prefix-lists --
rip --
Are you using mikrotik products LOL ??? on a another planet??
I would understand if you said you are from NYC, as its another world, but the rest of NY state is plain hicksville.
…
OR if you insist on using draconian, victorian methods… here is the command line details…
/ip route> add
Creates new item with specified property values.
bgp-as-path –
bgp-atomic-aggregate –
bgp-communities –
bgp-local-pref –
bgp-med –
bgp-origin –
bgp-prepend – check-gateway – Whether all nexthops of this route are checking reachability of gateway by sending arp requests every 10 seconds
comment – Short description of the item
copy-from – Item number
disabled – Defines whether item is ignored or used
distance – Administrative distance of the route
dst-address – Destination address
gateway –
pref-src –
route-tag – routing-mark -- It’s used for policy-routing
scope –
target-scope –
type –
vrf-interface –
AND
/ip route rule> add
Creates new item with specified property values. action –
comment – Short description of the item
copy-from – Item number
disabled – Defines whether item is ignored or used
dst-address –
interface – Interface through which the gateway can be reached
place-before – Item number
routing-mark – src-address – table –
