MultiWAN without redundancy

kohral · December 30, 2021, 7:53am

Hello everybody. There are many articles on the Internet on how to configure MultiWAN on Router OS. I have a similar task, but there is one fundamental difference - I need to configure 3 WAN networks and 3 LAN networks on one router, which will work according to the scheme:

WAN1 (pppoe, 89.169.x.x) - LAN1 (bridge 10.1.0.1/24)
WAN2 (pppoe, 89.170.x.x) - LAN2 (bridge 10.2.0.1/24)
WAN3 (pppoe, 89.171.x.x) - LAN3 (bridge 10.3.01./24)

Each WAN-LAN pair should be independent from the others, and LAN users should not see users from other LANs. Each LAN has different users and different services (web servers, mail, network controllers, ERP, and so on).

I don’t need redundancy - if one WAN falls, then falls the corresponding internet connection and corresponding LAN loose internet access.

What is the best and more correct way to implement this? Mangle, VLAN? Advise …

P.S. using ROUTER OS 7.1.1

THANKS

shailparmar · December 30, 2021, 8:22am

You can achieve this via policy based routing.

Create three separate address list for thre lan pools
Create three Mangle rules for mark routing to three address list.
Create three default routes with routing mark and cooresponding wan gateway.
Masquerade rules for all wans or ip pools.

anav · December 30, 2021, 12:38pm

SIX ROUTES
Dst-address=0.0.0.0/0 gateway=WAN1-gw table=main
Dst-address=0.0.0.0/0 gateway=WAN2-gw table=main
Dst-address=0.0.0.0/0 gateway=WAN3-gw table=main

Dst-address=0.0.0.0/0 gateway=WAN1-gw table=LAN1-Traffic
Dst-address=0.0.0.0/0 gateway=WAN2-gw table=LAN2-Traffic
Dst-address=0.0.0.0/0 gateway=WAN3-gw table=LAN3-Traffic

THREE ROUTE RULES
Where you have three corresponding Route Rules (that are constructed thusly)
Source address=subnet of LAN (like 10.1.0.0/24)
Action: Lookup-only-in-table
Table: LANX-Traffic

Done! (no mangling required)

As for source nat you could do it with one rule
add chain=srcnat action=masquerade out-interface-list=WAN

Or three separate rules (which I tend to do)
add chain=srcnat action=masquerade out-interface=pppoe1-out
add chain=srcnat action=masquerade out-interface=pppoe2-out
add chain=srcnat action=masquerade out-interface=pppoe3-out