Dual WAN question

erussell · October 1, 2014, 9:22pm

I have been struggling with how to accomplish what would seem like a rather simple configuration.

My scenario is that I have 2 ADSL connections. What I am trying to do is to have one specific system on my LAN pass all traffic through 1 ADSL connection and all others on the LAN pass all traffic through the other ADSL connection.

My LAN is rather basic, 192.168.0.0/24, with the 1 system in particular being 192.168.0.15 which I want to pass through one specific ADSL connection.

I’ve tried various combinations of packet marking etc with no success.

Perhaps someone could point me in the right direction.

jarda · October 2, 2014, 5:26am

Packet / connection marking is just one part. The second part is to set the routes. What didn’t work? Marking or routing? Have you checked the firewall - connection if marking works as you want?

erussell · October 2, 2014, 1:36pm

To mark the connection I used:

/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=FTP_SERVER src-address=192.168.0.15

I can see that this is working.

I had tried this:

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=192.168.0.0/24
add action=masquerade chain=srcnat connection-mark=FTP_SERVER out-interface=pppoe-out2

As for the routes, I am not sure which direction I need to go. Any help that you could provide would be great.

erussell · October 8, 2014, 4:42pm

I have went back and forth a bit and still have not sorted it out. I have tried to make use of a routing mark in combination with a MASQ and a route. Here are the relevant sections (when I try this, all packets from 192.168.0.15 will not flow). If make route a specific address via the routing mark it does work:

oct/08/2014 12:26:21 by RouterOS 6.19

software id = UNB1-1UHQ

/interface bridge
add l2mtu=1598 name=bridge1
/interface pppoe-client
add ac-name=“” add-default-route=yes allow=pap,chap,mschap1,mschap2
default-route-distance=1 dial-on-demand=no disabled=no interface=ether1
keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=disabled name=
pppoe-out1 password=XXXXXXXXX profile=default service-name=“”
use-peer-dns=no user=XXXXXXX@bellnet.ca
add ac-name=“” add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=ether2 keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out2 password=XXXXXXXX
profile=default service-name=“” use-peer-dns=no user=
XXXXXXXXXXX@teksavvy.com

/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether7

/ip address
add address=192.168.0.5/24 interface=bridge1 network=192.168.0.0

/ip firewall filter
add chain=input connection-state=established
add chain=input connection-state=related
add chain=input protocol=icmp
add chain=input dst-address-type=broadcast
add chain=input dst-address-type=multicast
add chain=input dst-port=22 protocol=tcp src-address=192.168.0.0/24
add chain=input dst-port=53 protocol=tcp src-address=192.168.0.0/24
add chain=input dst-port=53 protocol=udp src-address=192.168.0.0/24
add chain=input dst-port=8292 protocol=tcp
add action=drop chain=input

/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=192.168.0.15
new-connection-mark=ProviderB
add action=mark-connection chain=prerouting new-connection-mark=ProviderB
src-address=192.168.0.15
add action=mark-routing chain=prerouting connection-mark=ProviderB
new-routing-mark=ProviderB passthrough=no

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2

/ip route
add distance=1 gateway=pppoe-out2 routing-mark=ProviderB

[admin@Bell Fixed] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 pppoe-out2 1
1 ADS 0.0.0.0/0 64.230.11.15 1
2 ADC 64.230.11.15/32 70.28.15.144 pppoe-out1 0
3 ADC 192.168.0.0/24 192.168.0.5 bridge1 0
4 ADC 206.248.154.104/32 69.165.147.80 pppoe-out2 0