dual-wan external access

rico29 · December 18, 2019, 10:51am

Hello
I have a mikrotik router (v6.46) with 2 wan access :

1 SDSL with static ip address (router 185.1.1.211, gateway 185.1.1.210)
1 ADSL with pppoe dialer (add default route cheecked).

I’m trying to access the router from WAN on its public addresses.
I’ve created mangle rules to mark incming trafic on these interfaces :

/ip firewall mangle
add action=mark-routing chain=prerouting in-interface=ether1-SDSL new-routing-mark=route_via_sdsl passthrough=no
add action=mark-routing chain=prerouting in-interface=pppoe-adsl new-routing-mark=route_via_adsl passthrough=no

Then I created routes for these routing marks :

/ip route 
add check-gateway=ping distance=1 gateway=185.1.1.210 pref-src=185.1.1.211 routing-mark=route_via_sdsl
add distance=1 gateway=pppoe-adsl routing-mark=route_via_adsl

the default route in the main routing table is pppoe-adsl.

and I created 2 routing rules too :

/ip route rule
add routing-mark=route_via_sdsl table=route_via_sdsl
add routing-mark=route_via_adsl table=route_via_adsl

when I ping IP of the pppoee dialer from wan, everything work as expected (ping received on pppoe-adsl, reply sent from pppoe-adsl with pppoe-adsl as source address
when I ping IP of the SDSL interface from wan, everything work as expected (ping received on SDSL interface, reply sent from SDSL interface with 185.1.1.211 as source address

My problem is that when I try to access the router via web :

when I access it on pppoe-adsl IP address, replies are sent from pppoe-interface with pppoe-interface address as source address
when I acces it on SDSL IP address, replies are sent from pppoe-interface with SDSL ip address as source address

[user@rtr] /tool sniffer> packet print 
 #    TIME INTERFACE            SRC-ADDRESS                                         DST-ADDRESS                                         IP-PROTOCOL  SIZE CPU FP 
 3   0.258 ether1-SDSL          80.13.x.x:49729                                   185.1.1.211:80 (http)                           tcp           479   0 no 
 4   0.258 pppoe-adsl           185.1.1.211:80 (http)                           80.13.x.x:49729                                   tcp            52   0 no

As I’m accessing the router on its WAN addresses, I guess there’s no nat rules involved. Firewall rules are OK here (accept all).

AM I doing something wrong or does it look like a bug ?
Regards

SiB · December 18, 2019, 10:57am

You just do 20% of full setup.
Full HowTo here:

Bandwidth-based load-balancing with failover. This presentation also covers Mangle.
This was presented at the MUM (MikroTik User Meeting) in New Orelans, USA.
Tomas Kirnak - YouTube: https://www.youtube.com/watch?v=67Dna_ffCvc&t=1s
http://mum.mikrotik.com/presentations/US12/tomas.pdf

rico29 · December 18, 2019, 11:09am

Hello SiB.

I was just missing 2 mangle rules per wan access :

/ip firewall mangle
add action=mark-connection chain=input in-interface=ether1-SDSL new-connection-mark=conn_via_sdsl packet-mark=no-mark passthrough=yes
add action=mark-routing chain=output connection-mark=conn_via_sdsl new-routing-mark=route_via_sdsl passthrough=yes

Thank you !
Regards