So from below config i have 2 default routes I would like the default router to always be via 10.20.0.2 so i can access management via 10.20.0.48 BUT i need any traffic from dhcp_pool1 ranges=10.10.10.2-10.10.10.254 to go out via 192.168.26.1
loosely we can say that routing rules are easier to establish but are less selective, while mangling is usually more complex but can be more selective.
There are some difference in syntax between v6 and v7, I see from your config that you are running RouterOS 6.45.9 (which you shouldn’t).
You should run either latest “long term” of v6, i.e. 6.49.18: http://forum.mikrotik.com/t/v6-49-18-long-term-is-released/181750/1
or “take the jump” and get a version 7 (IMHO possibly not the latest-latest one that may still have bugs).
It is entirely up to you, latest v6 is very stable while v7 has still some quirks but offers some features that v6 doesn’t have and never will have, but I wouldn’t “finalize” a configuration on v6 to then decide to upgrade and need to translate/convert/adapt it to the new release. For a CRS - which is a switch with some router capabilities - probably the v6 is fine.
Thanks for the reply and sorry for the confusion. Basically users will connect to specific ports i.e eth2 as configured and get an ip via dhcp from the mikrotik. Internet traffic for them should go out via the 192.168.26.1 isp gateway BUT I still need to be able to access the miktorik via winbox etc via my internal network using the ip 10.10.20.48
Yep, but you have a “strange” set of IP addresses.
bridge has BOTH 192.168.88.1 AND 10.20.0.48 it is not clear at all if it is conceptually LAN, WAN or what
ether2 has the dhcp server on it and is 10.10.10.1, it is conceptually LAN
ether23 is the WAN port and has 192.168.26.254 (this connects to the router/modem/gateway at 192.168.26.1)
I have to presume that you are not using the bridge for connecting clients, and you have another switch connected to ether2 to which all users are connected.
The 10.20.0.48 is an address given to the bridge, so you can access it from any port BUT ether2 and ether23.
As well, to one of these ports you need to connect the device that has 10.20.0.2 and that is indicated as a possible gateway in routes (but without a NAT).
So it is not clear if the bridge is used as management network or as a link to a gateway or what.
Maybe if you could post a sketch of your network setup it will be easier to understand, even a photo of a hand drawn one on a piece of paper would do.
Bridge is just used for management nothing else i.e not connecting clients.192.168.88.1 can be removed and was only there as was default ip. No switch in ether 2 it will just have a single lan client per port.
ether2 lan
ether23 wan
what i need to do is lan cleint plugged into ether2 and get ip from mikrotik dhcp server (works) from lan client i can ping wan gateway (isp router) i.e 192.168.26.1 but form lan client I can’t ping internet i.e 8.8.8.8 through 192.168.26.1
And that this thread was about another request/setting (which I don’t fully understand), connected to the use of 10.20.0.48 (which is another IP address on the bridge) and 10.20.0.0 network.
What is the device with IP 10.20.0.2 that is set as (secondary?) gateway?
