Dual WAN router, ping problem.

Lotar · June 15, 2012, 1:00pm

Hi.

I just finished setting up a routerboard (450g) to act as a internet router with 2 GW and fail-over following the Improved netwach script.

First gw has a static IP (cable connected from media converter directly). The second one is a ADSL line connected to a modem/wifi router witch in turn gives me a local IP (192.168.1.2). Fail over work’s great, internet work’s fine. But… i can only ping internet IPs from my local network on the first GW.

If i plug my laptop directly in the adsl modem/router, pinging works fine, so no problem there. I think the problem is between the mikrotik and the adsl modem. (on the adsl modem i put mikrotik’s ip in DMZ)

my setup is:

internet - GW1 (85.23.x.x) - Mikrotik port 1
internet - GW2 (ADSL with dynamic ip allocation 100.23.x.x) -adsl router internal GW (192.168.1.1) - Mikrotik port 2 (192.168.1.2)

Lan - 192.168.10.1 - Mikrotik port 3

When the internet is on the back-up line (adsl) i can’t ping anything outside the network.

Any ideas ??

CelticComms · June 15, 2012, 9:20pm

Look at the routing table and do a trace route to 8.8.8.8 in both conditions - see how far the trace is getting and how the routing table looks when in the “failover” condition.

Lotar · June 18, 2012, 8:12am

ok, i did the setup again and now the ping work’s in link fail-over mode (adsl line)
Now i have a new ping related problem.

When both connections are up, i can ping/traceroute any ip on the main link but if i select the interface to be the second one (adsl) with the first one connected, i can’t ping/trace anything. I want to monitor an external host on the second link only, to know when the back-up line is down (and i have no fail-over).
my setup is:
/ip routes

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S ;;; Default Route
0.0.0.0/0 81.181.x.x 1
1 S 0.0.0.0/0 192.168.1.1 2
2 A S ;;; ping facebook on gateway 1
69.171.229.11/32 ether1-gateway 1
3 ADC 81.181.x.x/24 81.181.x.x ether1-gateway 0
4 A S ;;; ping wiki.ro on gateway 2
91.198.174.225/32 ether2-gateway2 1
5 ADC 192.168.1.0/24 192.168.1.2 ether2-gateway2 0
6 ADC 192.168.13.0/24 192.168.13.1 ether3-master-l… 0
fail over scripts:
script 1:
:local i 0; {:do {:set i ($i + 1)} while (($i < 5) && ([/ping 69.171.229.11 interval=3 count=1]=0))};
:if ($i=5 && [/ip route get [find comment=“Default Route”] distance]=1) do={:log info “PRIMAYR LINK DOWN”; /ip route set [find comment=“Default Route”] distance=3
:delay 15s
/tool e-mail send to=“alerts@xxxx.ro” subject=([/system identity get name] .
" net is down") from=tehnic@xxxx.ro body=([/system identity get name] . “-” . [/system clock get time] .
" call the man")
:log info “mail sent”
}

script 2:
:local i 0; {:do {:set i ($i + 1)} while (($i < 5) && ([/ping 69.171.229.11 interval=3 count=1]=1))};
:if ($i=5 && [/ip route get [find comment=“Default Route”] distance]=3) do={:log info “PRIMARY LINK UP”;
/ip route set [find comment=“Default Route”] distance=1;
/tool e-mail send to=“alerts@xxxx.ro” subject=([/system identity get name] .
" net is UP") from=tehnic@xxxx.ro body=([/system identity get name] . “-” . [/system clock get time] .
" main link is up")
:log info “mail sent”
}

to check my back-up link while the main one is up i do this:

script 3:

:local i 0; {:do {:set i ($i + 1)} while (($i < 5) && ([/ping 91.198.174.225 interval=3 count=1]=0))};
:if ($i=5) do={:log info “ADSL LINK DOWN”;
/tool e-mail send to=“alerts@xxxx.ro” subject=([/system identity get name] .
" adsl is down") from=tehnic@xxxx.ro body=([/system identity get name] . “-” . [/system clock get time] .
" adsl")
:log info “mail sent”
}

script 4:

:local i 0; {:do {:set i ($i + 1)} while (($i < 5) && ([/ping 91.198.174.225 interval=3 count=1]=1))};
:if ($i=5) do={:log info “ADSL LINK UP”;
/tool e-mail send to=“alerts@xxxx.ro” subject=([/system identity get name] .
" ADSL LINK UP") from=tehnic@xxxx.ro body=([/system identity get name] . “-” . [/system clock get time] .
" ADSL LINK UP")
:log info “mail sent”
}

script 1 and 2 are scheduled to run every 10s and 3 and 4 every 1m.

1and 2 work fine. 3 and 4 don’t work. When 3 run’s it reports link down even if link is up.

dtoffo · June 19, 2012, 4:39pm

to be sure to ping using a specific gateway, I usually create a routing table (say “routing1”) with that gateway only and force ping to use it passing the parameter routing-table
example:

:ping address=8.8.8.8 routing-table=routing1

in winbox you can find the parameter in advanced

from the netwatch-like scripts I made my own using routing marks as base and without touching routes and routing rules.
In my tests if I disable rules I have the problem that next check will not use the path I expect.