Hello All,
I am quite new to mikrotik rb and am scratching my head trying to work out how to build a config that does what I expect.
I am testing using an RB750 - I think I have the basics right but am missing the next steps…
My configuration is as follows.
Ethernet 1 is connected to ISP1
Ethernet 2 is connected to ISP2
Ethernet 3 and 4 has a DHCP server linked to the ports to provide addresses in subnet 192.168.1.0
Ethernet 5 has a DHCP server linked to the port to provide addresses in subnet 192.168.100.0
Both ISP connections would normally be up.
I would like to route specific source hosts in the 192.168.1.0 network over ISP1 by default but if public dns servers are not accessible via ISP1 route those specific hosts over ISP2
as an example source 192.168.1.15 should route over ISP1 , source 192.168.1.16 should route over ISP2
If public DNS servers are not accessible via ISP1, traffic from 192.168.1.15 should route over ISP2
if public DNS servers are not accessible via ISP2, traffic from source 192.168.1.16 should route over ISP1
All traffic from subnet 192.168.100.0 should route ONLY over ISP2 and if public DNS servers are not accessible via ISP2 this traffic should not be routed.
My config is as follows
/interface ethernet
set [ find default-name=ether1 ] name=“ether1 Wan 1”
set [ find default-name=ether2 ] name=“ether2 Wan 2”
set [ find default-name=ether3 ] name=“ether3 MY LAN”
set [ find default-name=ether4 ] master-port=“ether3 MY LAN” name=
“ether4 MY LAN”
set [ find default-name=ether5 ] bandwidth=10M/10M name=“ether5 USER LAN”
/ip neighbor discovery
set “ether1 Wan 1” discover=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
mac-cookie-timeout=3d
/ip pool
add name=MY_DHCP_POOL ranges=192.168.1.5-192.168.1.15
add name=BAR_DHCP_POOL ranges=192.168.100.10-192.168.100.100
/ip dhcp-server
add address-pool=MY_DHCP_POOL disabled=no interface=“ether3 MY LAN” lease-time=
1h name=“MY DHCP”
add address-pool=BAR_DHCP_POOL disabled=no interface=“ether5 USER LAN”
lease-time=1h name=“BAR DHCP”
/ip address
add address=192.168.1.1/24 comment=“default configuration” interface=
“ether3 MY LAN” network=192.168.1.0
add address=192.168.100.1/24 interface=“ether5 USER LAN” network=192.168.100.0
/interface ethernet
set [ find default-name=ether1 ] name=“ether1 Wan 1”
set [ find default-name=ether2 ] name=“ether2 Wan 2”
set [ find default-name=ether3 ] name=“ether3 MY LAN”
set [ find default-name=ether4 ] master-port=“ether3 MY LAN” name=
“ether4 MY LAN”
set [ find default-name=ether5 ] bandwidth=10M/10M name=“ether5 USER LAN”
/ip neighbor discovery
set “ether1 Wan 1” discover=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
mac-cookie-timeout=3d
/ip pool
add name=MY_DHCP_POOL ranges=192.168.1.5-192.168.1.15
add name=BAR_DHCP_POOL ranges=192.168.100.10-192.168.100.100
/ip dhcp-server
add address-pool=MY_DHCP_POOL disabled=no interface=“ether3 MY LAN” lease-time=
1h name=“MY DHCP”
add address-pool=BAR_DHCP_POOL disabled=no interface=“ether5 USER LAN”
lease-time=1h name=“BAR DHCP”
/ip address
add address=192.168.1.1/24 comment=“default configuration” interface=
“ether3 MY LAN” network=192.168.1.0
add address=192.168.100.1/24 interface=“ether5 USER LAN” network=192.168.100.0
/ip dhcp-client
add comment=“default configuration” dhcp-options=hostname,clientid disabled=no
interface=“ether1 Wan 1”
add dhcp-options=clientid,hostname disabled=no interface=“ether2 Wan 2”
/ip dhcp-server network
add address=192.168.1.0/24 comment=“default configuration” dns-server=
192.168.1.1 gateway=192.168.1.1
add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment=“default configuration” disabled=yes protocol=icmp
add chain=input comment=“default configuration” connection-state=established
disabled=yes
add chain=input comment=“default configuration” connection-state=related
disabled=yes
add action=drop chain=input comment=“default configuration” disabled=yes
in-interface=“ether1 Wan 1”
add chain=forward comment=“default configuration” connection-state=established
disabled=yes
add chain=forward comment=“default configuration” connection-state=related
disabled=yes
add action=drop chain=forward comment=“default configuration” connection-state=
invalid disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=“ether1 Wan 1” routing-mark=
ISP_1
add action=masquerade chain=srcnat out-interface=“ether2 Wan 2” routing-mark=
ISP_2
/ip upnp
set allow-disable-external-interface=no
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=“ether2 Wan 2”
add interface=“ether3 MY LAN”
add interface=“ether4 MY LAN”
add interface=“ether5 USER LAN”
I believe I need to
1 - Mark the packet if the source is 192.168.1.15 as ISP1 routing
2 - Mark the packet if the source is 192.168.1.1- as ISP2 routing
3 - Mark the packet if the source is 192.168.100.0 as ISP2 routing
4 - Determine if public DNS servers are available via ISP1 and ISP2 and if so add a dynamic route
Any guidance much appreciated