Good day! The problem with two different providers WAN with … (
Mikrotik RB750
Reset all settings without the addition of default rules …
I set up a 2-WAN interface:
WAN1 - 1.1.1.1/29 (ether1) - 1.1.1.1 - gateway; 1.1.1.2-5 range of IP issued by ISP
WAN2 - 2.2.2.1/29 (ether2) - 2.2.2.1 - gateway; 2.2.2.2-5 range of IP issued by ISP
Network:
Master-Lan - 192.168.1.0/24 (ether3)
For ether4 ether5 and set the master port ether3. Configured routing … included “masquerade” … “Net” works and is defined as the external IP 1.1.1.2
The problem (fall off “Net”) arises when I turn off the “masquerade” and prescribe:
chain = srcnat action = src-nat to-addresses = 1.1.1.5 src-address = 192.168.1.0 / 24 out-interface = ether1 log = no log-prefix = “”
And if you do the same on the WAN2 “srcnat” works (works, “Net” and your external IP is determined by that which in “to-addresses”).
I also noticed in the “Interface” from the WAN1 field “Switch” and empty it from WAN2 “Switch1” like ether3-ether5 …
I reset via NetInstall - did not help … And how you can remove it at WAN2 “Switch1” as WAN1? Or it means nothing?
[admin@MikroTik] > ip set pri
ip-forward: yes
send-redirects: yes
accept-source-route: no
accept-redirects: no
secure-redirects: yes
rp-filter: no
tcp-syncookies: no
max-arp-entries: 8192
arp-timeout: 30s
icmp-rate-limit: 10
icmp-rate-mask: 0x1818
allow-fast-path: yes
ipv4-fast-path-active: no
ipv4-fast-path-packets: 0
ipv4-fast-path-bytes: 0
ipv4-fasttrack-active: no
ipv4-fasttrack-packets: 0
ipv4-fasttrack-bytes: 0
A) Masquerade is how IPv4 routers have to work with Internal to Public addresses. 192.168.X.X is not internet routable.
Ports 2-5 are on a switch chip, which means if they were used for lan purposes, they would not tax the routing cpu. The allows you to bridge those ports w/o using actual bridges which uses cpu resources.
If you haven’t done so already, change the master of ports 3,4,5 to none, ether3, ether3 respectively.
With your two WAN / ISP setup, whats your main goal? Failover?
I reset via NetInstall - did not help … And how you can remove it at WAN2 “Switch1” as WAN1? Or it means nothing? (see Attachments)
Yes, my main goal Failover.
Now it is running two simultaneous WAN …
routing is configured through WAN1 and the Internet, and “srcnat” working with different IP
For Example:
chain = srcnat action = src-nat to-addresses = 1.1.1.2 src-address = 192.168.1.0 / 24 out-interface = ether1 log = no log-prefix = ""
or
chain = srcnat action = src-nat to-addresses = 1.1.1.5 src-address = 192.168.1.0 / 24 out-interface = ether1 log = no log-prefix = ""
But when I switch on the routing WAN2 is only one IP (2.2.2.2) can go to the 'Net …
For Example:
chain = srcnat action = src-nat to-addresses = 2.2.2.2 src-address = 192.168.1.0 / 24 out-interface = ether1 log = no log-prefix = ""
If I change the “to-addresss” on 2.2.2.3-5 then the Internet is lost.
last night “srcnat” did not work for WAN2 when changing the IP … this morning, without changing anything, and try to … work.)
What caused the delay and how long will learn more ..
Someone has an idea? Why is there a delay “srcnat” when switching routing?
212.45.0.3 - DNS ISP1
85.114.0.81 - DNS ISP2
# DST-ADDRESS PREF-SRC GATEWAY DIS
0 X S ;;; routing mark from address list
0.0.0.0/0 1.1.1.1 1
1 X S 0.0.0.0/0 2.2.2.1 1
2 A S ;;; gw2
0.0.0.0/0 2.2.2.1 2
3 X S ;;; gw1
0.0.0.0/0 1.1.1.1 2
4 A S 85.114.0.81/32 2.2.2.1 1
5 ADC 2.2.2.0/29 2.2.2.2 if2 0
6 ADC 192.168.0.0/24 192.168.0.2 master-LAN 0
7 ADC 192.168.1.0/24 192.168.1.8 master-LAN 0
8 S 212.45.0.3/32 1.1.1.1 1
changed in the routing “Distance” from 2 to 1 and now … “srcnat” work without delay … off on the mikrotik - works …)
The problem occurs when you change the router with a different MAC address…
MAC address cloning after tear on the second router Problem disappeared. 