Dual WAN Dual LAN setup problems

vladniko · September 26, 2020, 9:26pm

Hello, I recently bought a ccr2004 and I have medium knowledge in networking.
I have an assigned /24 PI without AS. My ISP provided me a local ip (10.0.42.2/24) which I can route my class trough. This subnet is used exclusively on servers.
I have another isp with static IP which I’ll be using with NAT for the work LAN.
How can I avoid making a default static route? Trying marking routes with mangle leaves me with gateway ip useless (no route to host from Internet). I have planned to use that ip for tunneling.

/routing table
add fib name=IPclass

/ip address
add address=10.0.42.2/24 interface=sfp-sfpplus1 network=10.0.42.0
add address=x.x.x.1/24 interface=bond40G network=x.x.x.0

/ip firewall mangle
add action=mark-routing chain=prerouting passthrough=yes src-address=x.x.x.0/24
/ip route
add gateway=10.0.42.1@main routing-table=IPclass

Without mangle and separate routing table x.x.x.1 can be ping-ed form Internet but I can not use NAT for the other subnets.

sindy · September 30, 2020, 8:23pm

Why would you want to avoid using a static route? Sorry, I’m not familiar with the RouterOS 7 syntax of routing yet, so cannot give you the exact commands as I would on a ROS 6.x, but my feeling is that you basically need two routing tables, one for the public /24 and ISP 1 and the other one for ISP 2 and the private LAN subnet(s). If you don’t plan any failovers between the WAN interfaces, VRF should be sufficient (where the routing-marks are assigned as the packets enter via an interface which is a member of a VRF instance); if you want something more complex, you’ll have to assign the routing-marks using mangle rules.