This is a strange way of handing out multiple IPs. It is usually considered to be a big No-No to make multiple connections to the same device. You normally have to configure manually for the additional IPs. You might contact your ISP to be sure you have done this correctly.
@2frogs what do u mean configure manually?
ISP is leasing the IP via their DHCP server and I can get it with mikrotik dhcp client. I cannot control how ISP does their cabling work as well..
I do believe for home use internet service, they don’t expect their customers to have enterprise grade router at home. They suggest customers to have a seperate router to make connection to their modem and obtain IP address, which I won’t follow them because I believe mikrotik can do it all in one.
What @2frogs says (or say? hard to guess) is important, and it did not come to my mind at all from reading your OP, although it should.
Some ISPs do provide multiple IP addresses this way (one IP addres per MAC address via DHCP, no other way can be agreed, “that’s how our product specification looks like, take it or leave it”), but I haven’t guessed from your OP that the two WANs are connected to the same L2 segment and thus both may get and address from the same subnet and therefore the same gateway IP. Can you check that both the default routes added by the DHCP clients (/ip route print shows them with a D for Dynamic in the lefmost column) show the same IP address as gateway?
If it is the case, you’ll need to configure also the interface name in the gateway item of the routes, which requires to disable the automatic addition of the routes by teh DHCP client and to add them manually instead.
I’ll give you the script to do these changes in a while.
Hi Sindy,
below is the /ip route print result. please have a look.
DST address Gateway Distance routing mark
AS 0.0.0.0/0 223.x.x.1 reachable ETH3-WAN2 1 via-wan2
DAS 0.0.0.0/0 221.x.x.1 reachable ETH1-WAN1 0
DS 0.0.0.0/0 223.x.x.1 reachable ETH3-WAN2 1
DAC 172.16.10.0/24 ETH2-LAN1 reachable 0
DAC 221.x.x.0/24 ETH1-WAN1 reachable 0
DAC 223.x.x.0/24 ETH3-WAN2 reachable 0
OK, so same subnet and gateway IP at both WAN interfaces is not the reason why it doesn’t work. So I’ve checked your updated export and found my mistake.
To fix that mistake, run
/ip firewall mangle set [find chain~“cmark-pr”] new-connection-mark=wan2-conn
I wanted to emphasize the fact that connection-mark and routing-mark are not the same thing, and ended up with mixing their names up. So I was assigning one value of connection-mark based on in-interface, and translating another connection-mark value to a routing-mark.
Unrelated to the above, try “reply with quote” to see how I’ve forced fixed character width to the table below:
DST address Gateway Distance routing mark
AS 0.0.0.0/0 223.x.x.1 reachable ETH3-WAN2 1 via-wan2
DAS 0.0.0.0/0 221.x.x.1 reachable ETH1-WAN1 0
DS 0.0.0.0/0 223.x.x.1 reachable ETH3-WAN2 1
DAC 172.16.10.0/24 ETH2-LAN1 reachable 0
DAC 221.x.x.0/24 ETH1-WAN1 reachable 0
DAC 223.x.x.0/24 ETH3-WAN2 reachable 0
yeah~ @sindy it works now, thank you so much!
sorry for the messy formatting, seldom post on phpbb lol
Good. So now it may be the right time to read e.g. this supercharged introduction into how firewall rules work.
nice post indeed, didn’t know firewall rules setting (skill-wise) can be that flexible, lesson learnt!