I have a simple dual wan setup. wan1 is on ether1, and wan2 is on ether 2. Wan1 has a distance of 1, and wan2 has a distance of 2. When wan1 goes down, it automatically switches to wan2, and vice versa. It seems to be working.
My question is, should I be able to go to tools, ping and be able to ping to 8.8.8.8 from interface ether2 (wan2) and get a result? From wan1 I get results, but when I try wan2 I get a timeout. Is this normal because it is not the “active” wan?
Thanks!
Yes because when you define source and you point it to 8.8.8.8 mikrotik looks at the routing table and takes the default route with better distance. And he tries to go out with wan2 IP on wan1 interface, and gets denied from ISP on WAN1, because ISP doesnt know for this segment.
You can solve this with mangle rules for output chain or you can try with ip route rules
two examples:
/ip firewall mangle add src-address=WAN2-IP dst-address=0.0.0.0/0 action=mark-routing new-routing-mark=WAN2 chain=ouput passthrough=yes
/ip route add dst-address=0.0.0.0/0 gateway=WAN2-GW routing-mark=WAN2
or you can try this one:
/ip route rule add src-address=WAN2-IP dst-address=0.0.0.0/0 action=lookup table=WAN2
/ip route add dst-address=0.0.0.0/0 gateway=WAN2-GW routing-mark=WAN2
Thank you for the response.
Which way is better?
I just realized something… what if your wan2 is dynamic? How can you enter an src-address when it is dynamic? Is there another way?
Thanks
I do it with mangle rules.
About dynamic IP, you could create script, that would check let sat every 30 seconds (with scheduler) for IP on your dynamic IP wan port. And updated mangle rule with IP that is currently on wan2 port.