My concern is:
Traffic-Counters do not state high numbers.
SOME traffic is seen, this is mainly when a new connection starts, main traffic remains unseen.
Only when LTE is active, more traffic from WLAN-Client is seen on firewall passing through to LTE-Modem.
My best guess is: The wireless client is starting a connection through his defined gateway (the MikroTik) but when the default route to internet is known (DSL: Modem1) traffic remains on Modem1 and do not pass the MikroTik-Device. Which seems efficient and clever but unseen by the bridge’s firewall then.
How can I force the traffic through the MikroTik-Board, regardless, which Route is active?
I think I need everything bridged in order to get the wireless clients get an IP-Address (via Broadcast) from the MikroTik.
I do not want to change my wireless setup as Modem1 has a great ability for MESH and I’m using this with another AccessPoint.
Do I need to connect a second link to Modem1 in order to force outgoing traffic through it? And does it make sense to alter this?
I can block access to everything with the firewall on MikroTik - so I’m just wondering where the traffic is going after connections are established.
Thanks for enlighting me - still learning
Best,
Martin
First of all: configuring bridge to use firewall can be usable, but comes with significant problems. One being the fact that it can only affect traffic passing bridge (and it seems that in your case this may not be the case). Another problem might be that you may have fasttrack enabled … that improves firewall performance a lot, but also “hides” quite some traffic from counters. Also: since real gateway (e.g. modem1) is on same IP subnet as clients, many routers can send out ICMP message informing client to use another gateway (for that particular destination), causing traffic to entirely bypass that router.
And the most important one: when there will be switch to backup internet connection, all on-going connections will drop inevitably.
The best way to force traffic through router is to configure it as router. Which means: move both modems to different IP subnet and configure clients to use your router as gateway. You will likely loose ability to use modem’s WiFi as LAN access point but that really depends on flexibility of modem. But without modem1 being highly flexible, you won’t be able to (permanently) push traffic between wireless clients and internet through another router.
I need Modem1 - at least until fiber will be in place at our location finally… - for the DLS-Dialup-process.
The RB5009 will be used afterwards, either with SFP+ or the 2,5 Gbit - Ethernet, depending on what’s possible with our providers then.
Modem1 could work as a pure modem, too, with PPPOE-Passthrough.
But, in this case I may lose my wireless mesh, which indeed this device runs flawlessly at a great performance.
But looked again: Good hint on this - Since Wireless and LAN are bridged together, too, it could be a start to establish PPOE-Connection through the RB5009 and take a look at the traffic on the device.
Your “best way” approach would create a “double-nat” if I choose to create three differnt subnets (to_ISP1 ↔ Clients ↔ to_ISP2)… correctly?
I do fear that DHCP-requests and offers are not going to get in or out the client-subnet, if not initiated there (Broadcast).
Interesting thing, as you mention it. Of course connections like downloads are getting disrupted when failover happens.
But Streaming-Media or surfing is nearly flawlessly due to the clients’ ability to retransmit or buffering. That’s one thing I’m happy to see in this setup.
It’s just a temporarily setup until fiber… but I think you seconded my guess, that the traffic just remains on Modem1.
I will check on fasttrack, though, if it makes any difference. It IS enabled in the ruleset. If fasttrack is the reason it would be annoying since all of the thoughts where the traffic went would be unnecessary
Thanks for your thoughts!
*edit:
Disregard the part about Fasttrack - I’m not able to see RX-Packages or TX-Packages on bridge or switchport, so the traffic simply is not there…
Anav’s answers are always ultimate, all-encompassing, and… true
You’re right, that’s the solution I want.
As long as DSL is still in place I would need to buy two APs (preferably good ones and with POE) to ensure connectivity in our house.
If the RB is doing the job (connecting to the internet with fiber), I can place “Modem1” behind it and use the Mesh already in place.
I just have no patience… that’s the current situation - getting fiber in a German village is the most challenging quest ever
Man… I’m writing a network documentation at the moment in case I get rolled over by a truck and my family needs to fix the Internet - two more accesspoints to add or not to add. I’m really thinking about it
*edit: Considering „solved“ now. It seems that‘s the way traffic flows in this configuration.
