How to add 2 gateways and seperate clients

kameelperdza · December 27, 2009, 5:41pm

Im using routing on my mikrotiks and was able to setup a gateway by doing this.

add dst network 0.0.0.0/0 gateway 178.242.0.200

But i want to add a second gateway and seperate the busy client from he non-busy clients.

When i add a second gateway to the existing gateway then the internet wont work.

So do i need to create a route to gateway for each network that i have?

for example.

add dst network 192.168.0.0/24 gateway (gateway1)
add dst network 172.16.0.0/24 gateway (gateway2)
add dst network 198.44.1.0/24 gateway (gateway2)
add dst network 192.168.44.0/24 gateway (gateway1)
add dst network 192.168.6.0/24 gateway (gateway1)

Thanx

Chupaka · December 27, 2009, 7:35pm

you mean, ‘add second gateway to the existing default route’? it’s called ECMP and it should work - check your NAT rules…

but if you need something more cool than ECMP - you create different default routes with different routing-marks, and then mark upload packets according to necessary gateway

netrat · December 28, 2009, 1:30pm

If you just want to route the other clients through the secondary gateway then you need to use policy routing. This should get you started http://wiki.mikrotik.com/wiki/Policy_Routing_in_RouterOS_3.x

kameelperdza · December 28, 2009, 2:29pm

Thank you for your help

kameelperdza · December 30, 2009, 9:44am

Do you mean something like this…

[admin@KKT-HS] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=prerouting action=mark-routing new-routing-mark=Wuggers
     passthrough=yes src-address=0.0.0.0/0

 1   chain=prerouting action=mark-routing new-routing-mark=Internet Users
     passthrough=yes src-address=0.0.0.0/0
[admin@KKT-HS] /ip firewall mangle>

[admin@KKT-HS] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        G GATEWAY              DISTANCE IN..
 0 A S  0.0.0.0/0                            r 178.242.0.200        1        et..
 1 A S  0.0.0.0/0                            r 172.16.0.200         1        et..
 3 ADC  10.0.0.0/30        10.0.0.1                               0        wl..
 4 ADC  172.16.0.0/24      172.16.0.1                             0        et..
 5 ADC  178.242.0.0/24     178.242.0.1                            0        et..
 6 ADC  178.242.1.0/24     178.242.1.1                            0        br..
 7 A S  178.242.2.0/24                     r 10.0.0.2             1        wl..
 8 ADC  192.168.0.0/24     192.168.0.10                           0        et..
 9 A S  192.168.10.0/24                    r 178.242.1.2          1        br..
10 A S  192.168.11.0/24                    r 10.0.0.2             1        wl..
11 A S  198.54.15.0/24                     r 10.0.0.2             1        wl..
[admin@KKT-HS] /ip route>

[admin@KKT-HS] > /ip route rule
[admin@KKT-HS] /ip route rule> print
Flags: X - disabled, I - inactive
 0   src-address=0.0.0.0/0 action=lookup table=Wuggers

 1   src-address=0.0.0.0/0 action=lookup table=Internet Users
[admin@KKT-HS] /ip route rule>

I had a look at http://wiki.mikrotik.com/wiki/Policy_Routing_in_RouterOS_2.9.x

I did the same steps but did no choose any port or protocols becos i want to allow any traffic

Chupaka · December 30, 2009, 11:05am

chain=prerouting action=mark-routing new-routing-mark=Wuggers
passthrough=yes src-address=0.0.0.0/0

this is completely wrong. you mark ALL packets and route them to the Internet, even if they come from the Internet. src-address should be you LAN addresses. or use in-interface=private

kameelperdza · December 31, 2009, 5:19am

Im a bit confused.

I want to allow ip range 198.54.15.0/24 and 192.168.10.0/24 to use 178.242.0.200 as their gateway
And allow 192.168.11.0/24 and 192.168.12.0/24 to use 172.16.0.200 as their gateway.

Can you maybe show me how.
thanx

Chupaka · January 4, 2010, 12:20pm

/ip firewall mangle add chain=prerouting src-address=198.54.15.0/24 action=mark-routing new-routing-mark=r_178
/ip firewall mangle add chain=prerouting src-address=192.168.10.0/24 action=mark-routing new-routing-mark=r_178
/ip firewall mangle add chain=prerouting src-address=192.168.11.0/24 action=mark-routing new-routing-mark=r_172
/ip firewall mangle add chain=prerouting src-address=192.168.12.0/24 action=mark-routing new-routing-mark=r_172

/ip route add gateway=178.242.0.200 routing-mark=r_178
/ip route add gateway=172.16.0.200 routing-mark=r_172

something like that. and if you need routing between those subnets, then you should add one more rule on the top with ‘action=accept’ and dst-address-list=my_local_subnets, then add all your four subnets to that address list

kameelperdza · January 4, 2010, 12:35pm

Thank you. I managed to figure it out but when i tried to ping i got TTL expired in transit.
So i tried to run tracert and saw that routing was looping. I added wlan1 to /firewall/mangle/rule1 and now is working.

thank you very much

Chupaka · January 4, 2010, 1:07pm

you are welcome =)

fbslim · March 14, 2017, 7:16pm

Chupaka:

/ip firewall mangle add chain=prerouting src-address=198.54.15.0/24 action=mark-routing new-routing-mark=r_178
/ip firewall mangle add chain=prerouting src-address=192.168.10.0/24 action=mark-routing new-routing-mark=r_178
/ip firewall mangle add chain=prerouting src-address=192.168.11.0/24 action=mark-routing new-routing-mark=r_172
/ip firewall mangle add chain=prerouting src-address=192.168.12.0/24 action=mark-routing new-routing-mark=r_172

/ip route add gateway=178.242.0.200 routing-mark=r_178
/ip route add gateway=172.16.0.200 routing-mark=r_172

something like that. and if you need routing between those subnets, then you should add one more rule on the top with ‘action=accept’ and dst-address-list=my_local_subnets, then add all your four subnets to that address list

Мужик!!! Ты гений просто!!! Спасибо огромное!!!