I have a very (very!) basic knowledge of Mikrotik Router OS and have an RB5009UG configured for a PPPOE FTTP connection. I have a couple of VLANS and muddled my way through a fair while ago to get them routing out through the FTTP connection. The main LAN (on which the router has it’s static address) is class C and the VLANS also class C – all’s been good.
Now I have an external fibre fault and so currently have no FTTP. I’m not sure when this is going to be fixed, but I do have both a consumer 4G ethernet router (MiFi) and a Starlink router with an ethernet adapter (used when travelling). The 4G router already has a static IP on the same LAN as the Mikrotik, and I could easily do the same for StarLink to get that accessible too.
Here’s my plea; for someone with little / knowledge of RouterOS, can anyone tell me if there is a simple way via Winbox to add a temporary static route, rule, or similar to temporarily redirect all traffic to the alternate 4G or Starlink gateway router rather than the FTTP PPPOE interface (and if so be kind enough to give me an idiots guide to setting it up)?
I appreciate my question will be annoying for lots of reasons, but it’s one of those situations where I am hoping for a quick fix to get some connectivity back whilst waiting for the FTTP fibre to get fixed!
The FTTP termination and the Mikrotik router are both in a building away from the main house (that’s the only place they would terminate the fibre). The 4G router is in the main house (as there is no signal where the FTTP / router is) so whilst the temporary gateway is on the same LAN it’s not possible to cable it into a physical port on the Mikrotik router as it’s off a switch in the main house. I believe what you kindly suggested would need me to remove a port from the bridge and then configure it as a new gateway Interface - which would obviously work, but sadly not physically possible (unless I have completely mis-understood, which is quite possible). What I’d need to do is basically set a static route of some kind to forward all traffic that currently is routed out through the PPPOE inteface to the LAN address of the 4G router instead (plus any other rules or settings that are needed for this to work in RouterOS). Sorry - I should have explained all that!
Well, this makes things more complex.
The issue is that probably you want (I presume and hope) to maintain the same level of security your current firewall (on the RB5009) is giving you.
If you add another router in any port of any device connected to LAN, it will be ... well ... LAN, which means that the only firewall (if any) will be on the 4G router.
Right now, with either static IP addressing or by means of a DHCP server/client, you have set on the LAN a route to 0.0.0.0/0 with as gateway the IP that corresponds to the RB5009.
You need to change these settings so that the gateway IP is now the one corresponding to the 4G router modem.
I presume[1] that you have a DHCP server on the bridge (or however LAN) of the RB5009, if this is the case, you need to change the settings on that DHCP server (keeping it running on the RB5009, and keeping the RB5009 connected to the LAN), in this case the DHCP server on the 4G modem/router needs to be disabled.
OR you can simply disconnect the RB5009 and enable the DHCP server on the 4G modem/router configuring it to provide IP addresses and itself as gateway.
All this if you have a "plain" network, if you have VLANs or some other more complex settings, steps will vary.
Very likely it is possible to "redirect" the IP currently set as gateway to another IP (that of the 4G modem/router) but how it can be done depends on a number of factors.
Without your current configuration it is impossible to provide more detailed info.
[1] this is the most common configuration, but not the only possible one.
Thanks for coming back on this, really appreciated. This should (hopefully) only be short term until the fibre is fixed, so I am not critically worried about keeping the security level afforded by the Mikrotik in the interim.
The 4G router has a firewall (of sorts), but does not support VLANs or the like. If I just enabled DHCP on the 4G router and switch off the Mikrotik I would lose my VLAN’s as these are configured on the Mikrotik, so I would have to flatten all my switch configs etc. and that’s a fair bit of work for something that is hopefully very short term.
I therefore hoped I could simply change ‘the route of last resort’ on the Mikrotik to direct all outbound traffic to the 4G router’s LAN address instead of the PPPOE interface. I have tried going into the Dial-Out tab of the PPPOE Interface and changing the Default Route Distance to 2, then adding a new route under IP > Routing with a Dst Address of 0.0.0.0/0, a gateway of the 4G router’s LAN IP, and a Distance of 1. I hoped this would basically force all outbound traffic that reached the Mikrotik to be forwarded to the 4G Router as it had a lower distance (and this would be simple to reverse out as soon as FTTP was restored), but it doesn’t work as hoped (for reasons very obvious to most I expect / blatantly showing my lack of RouterOS knowledge!!).
I’m not sure if what I am trying to do is possible on RouterOS, or at least without a significant amount of config / skill in routerOS that I just don’t have.
I would take a differnent approach.
I would not turn on DHCP on the 4G router and would simply let it do its thing.
a. a bridge mode would be ideal, passing the 4G wanip to the Router, and if not
b. pass the LAN subnet from the 4G router to the RB5009 as a WAN input on the MT and applied to the port on the connection from the ***switch to the router.
c. create a vlan on the router and pass this vlan to the switch and then the switch would untag the vlan on the port leading to the 4g router
d. the MT router gets an ip dhcp client with interface being the new vlan.
e. this will be WAN2
Hi Anav, the 4G router is on the same subnet as the LAN (bridge) of the Mikrotik, hence why I am trying to route all traffic to it’s address rather than create an alternate port / Interface. I could do it on other products, but sadly just do not know Mikrotik RouterOS anywhere near enough
To be clear,
a. you have no vlans ( so one flat LAN subnet )
b. your connection to the 4g modem is from the one flat lan that is connected to the switch?
c. Is the switch managed or unmanaged?
d. Does the switch serve any other purpose or is connection solely between router and 4G modem?
I’m really struggling with this - if I could get the VLANs routing to the 4G gateway on the LAN that would give me something - from what I am trying to piece together I believe I need to create a Firewall Mangle? Basically wanting to route all traffic from a VLAN to the seperate 4G router’s IP address on the LAN instead of the FTTP PPPOE interface. Can this be done?
I can help when you start answering questions LOL.
Will also be important to see config
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys, network dhcp leases )
Thanks everyone, managed to figure it out (or at least get it working).
No Mangle Rule or anything complex needed in the end, just Route Add with the 4G gateway as the Gateway, 0.0.0.0/0 as Dst and a Distance of 10. Editied the existing PPPOE setting and changed the automatically added Route to Distance 10 (prioriting the new route), then edited the NAT Mascarade to remove the defined OUT Interface entirely (allowing the new route of lat resort that I added to apply to all traffic including the vLANs.
Less my understanding and more fumbling and drawing on the helpful replies on here, but got it up and working in the end. Many thanks everyone once again.