Hi,

Just got a second Internet connection and I want all traffic coming in on that interface to exit out of that interface as well. I do NOT want to load balance. Can Mikrotik do this? I’ve never had more than one gateway before and not sure how to start. I can only have one default gateway but I want to be able to do inbound nat on this lesser quality gateway and redirect to my local servers but the traffic has to leave out the same gateway as well. Basically want to share my local net with both Gateways.

Thanks!
Andy

i can not understand, you write:

" I do NOT want to load balance.

Basically want to share my local net with both Gateways."

what do you want actually ?
may be policy routing is suitable for you ?

Hello,

Use mangling to mark any connections coming into the 2nd connections interface. Mark them as something like ‘gate2’ or something. Then, mark packets with ‘gate2’ matching connection-mark ‘gate2’. Once you’ve got that setup you can mark with a routing-mark on ‘gate2’ packets and they will go back out the same path they came in (one you also setup routing tables for the second gateway). There might be an easier way but I’ve never found one.

Sam

I want any traffic coming into my local network to leave out the same gateway it came in. I have expensive bandwidth and cheap Cogent bandwidth. I want to use the Cogent for mail and ftp and the L3 for Web access. I don’t want to bind the Cogent IP’s to the servers so I was just going to do a destination NAT and redirect those packets to the IP’s that already exist for those servers.

Thanks!

OK,

Looks like Policy routing is the answer. Here is what I tried but still not having luck:

Last night I upgraded to 2.9.1

I should add that this system is colocated and there is no 'local' network. Any packet in has to come out the same way it came in.

Initial gateway is working fine. Trying to get a second gateway (named cogent) to accept pacets in (on the interface: ether7) for a /26 subnet I've been assinged and also make sure that packets exit out of the same interface (cogent)(interface: ether7).

So I:

1. created an address list for the subnet I was assigned:

[bubba@mkfw] ip firewall address-list> pr
Flags: X - disabled, D - dynamic

LIST ADDRESS

0 list1 207.210.xxx.64/26

2)created a a mangle rule named cogent using the above list.

[admin4tb@WebGuyz] ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting in-interface=ether7 routing-mark=cogent
src-address-list=list1 action=mark-routing new-routing-mark=cogent

3. created a default route using the routing-mark=cogent

[admin4tb@WebGuyz] ip route> pr detail
Flags: X - disabled, A - active, D - dynamic,
...
59 A S dst-address=0.0.0.0/0 gateway=207.210.xxx.57 interface=ether7
gateway-state=reachable scope=255 target-scope=10 routing-mark=cogent

tied IP address 207.210.xxx.65 to another interface in the router which is my gateway to that subnet, and tied ip address 207.210.xxx.66 to a server thats behind the firewall.

Also setup a forward rule for all ICMP packets to be allowed to that subnet.

Trying to ping from outside to 207.210.xxx.66 or *.65 is a nogo. I never see the byte count increase for the mangle rule which I guess is the biggest hurdle. Internally the IPs above ping fine.

Not sure what I'm missing but it seems simple enough.

Anyone else trying to mark packets coming in from a gateway and routing back out that same gateway?

This is the first time I've ever mangled anything so I may be doing something stupid.

Thanks for any help.
Andy

All is working. The subnet I was given to use had not be setup up properly by the isp <doah!> I was looking for a complicated problem and overlooked something basic.

Thanks!
Andy