Hello,
first of all here is my config:
/ip route
add distance=1 gateway=192.168.178.1 routing-mark=to_WAN-DSL
add distance=1 gateway=192.168.2.1 routing-mark=to_WAN-LTE
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.178.1 1
1 A S 0.0.0.0/0 192.168.2.1 1
2 ADC 10.10.66.0/24 10.10.66.1 ether3 0
3 ADC 192.168.2.0/24 192.168.2.2 ether1-WAN-LTE 0
4 ADC 192.168.88.0/24 192.168.88.1 ether3 0
5 ADC 192.168.178.0/24 192.168.178.2 ether2-WAN-DSL 0
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=\
established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether1-WAN-LTE
add action=drop chain=input in-interface=ether2-WAN-DSL
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=\
established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=\
established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=\
!dstnat connection-state=new in-interface=ether1-WAN-LTE
add action=drop chain=forward in-interface=ether2-WAN-DSL
/ip firewall mangle
add action=mark-routing chain=prerouting comment="Internal Mark" dst-address=192.168.178.1 \
in-interface=ether3 new-routing-mark=to_WAN-DSL passthrough=no
add action=mark-routing chain=prerouting comment="Default Mark" dst-address-type=!local in-interface=\
ether3 new-routing-mark=to_WAN-LTE passthrough=yes
add action=mark-routing chain=prerouting comment=Test dst-address-type=!local in-interface=ether3 \
new-routing-mark=to_WAN-DSL passthrough=yes src-address=10.10.66.101
add action=mark-routing chain=prerouting dst-port=443 in-interface=ether3 new-routing-mark=to_WAN-LTE \
passthrough=yes protocol=tcp src-address=10.10.66.101
add action=mark-routing chain=prerouting dst-address-type=!local dst-port=80 in-interface=ether3 \
new-routing-mark=to_WAN-LTE passthrough=yes protocol=tcp src-address=10.10.66.101
add action=mark-routing chain=prerouting dst-port=1194 in-interface=ether3 new-routing-mark=to_WAN-LTE \
passthrough=no protocol=udp src-address=10.10.66.101
add action=mark-routing chain=prerouting dst-address-type=!local dst-port=563 in-interface=ether3 \
new-routing-mark=to_WAN-LTE passthrough=no protocol=tcp src-address=10.10.66.101
add action=mark-routing chain=prerouting dst-address-type=!local dst-port=119 in-interface=ether3 \
new-routing-mark=to_WAN-LTE passthrough=no protocol=tcp src-address=10.10.66.101
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1-WAN-LTE
add action=masquerade chain=srcnat out-interface=ether2-WAN-DSL
My problem with this is that I can not update the Mikrotik router because it says ‘no internet connection’.
Can someone point me in the right direction?
Are configured DNS servers accessible trough both WAN interfaces?
You need routes for the main table. If you want load balancing or stuff like that, use magle. For starters do something like this:
add distance=1 gateway=192.168.178.1
And of course set dns if you want update.
I use this:
/ip firewall mangle
add action=accept chain=prerouting comment=\
"Connected Network Accept - Main RT" dst-address-list=Connected \
src-address-list=Connected
add action=mark-connection chain=input comment="Mark Connection in ISP1" \
connection-mark=no-mark in-interface=ether1-ISP1 new-connection-mark=\
ISP1_ROS passthrough=yes
add action=mark-connection chain=input comment="Mark Connection in ISP2" \
connection-mark=no-mark in-interface=ether2-ISP2 new-connection-mark=\
ISP2_ROS passthrough=yes
add action=mark-routing chain=output comment="Assign RT for ISP1" \
connection-mark=ISP1_ROS new-routing-mark=ISP1_Route passthrough=yes
add action=mark-routing chain=output comment="Assign RT for ISP2" \
connection-mark=ISP2_ROS new-routing-mark=ISP2_Route passthrough=yes
add action=mark-connection chain=forward comment=\
"Mark Connection from ISP1 to LAN" connection-mark=no-mark in-interface=\
ether1-ISP1 new-connection-mark=ISP1_LAN passthrough=yes
add action=mark-connection chain=forward comment=\
"Mark Connection from ISP2 to LAN" connection-mark=no-mark in-interface=\
ether2-ISP2 new-connection-mark=ISP2_LAN passthrough=yes
add action=mark-routing chain=prerouting comment="Assign RT for LAN to ISP1" \
connection-mark=ISP1_LAN new-routing-mark=ISP1_Route passthrough=yes
add action=mark-routing chain=prerouting comment="Assign RT for LAN to ISP2" \
connection-mark=ISP2_LAN new-routing-mark=ISP2_Route passthrough=yes
add action=mark-connection chain=prerouting comment=\
"Mark Connections from LAN to WAN" connection-mark=no-mark \
dst-address-list=!Connected new-connection-mark=LAN_WAN passthrough=yes \
src-address-list=LAN
add action=mark-routing chain=prerouting comment=\
"Load-Balancing here // Split 1/2" connection-mark=LAN_WAN \
new-routing-mark=ISP1_Route passthrough=yes per-connection-classifier=\
dst-address:2/1 src-address-list=LAN
add action=mark-routing chain=prerouting comment=\
"Load-Balancing here // Split 1/2" connection-mark=LAN_WAN \
new-routing-mark=ISP2_Route passthrough=yes per-connection-classifier=\
dst-address:2/0 src-address-list=LAN
add action=mark-connection chain=prerouting comment=\
"Mark Connections binded to ISP1" connection-mark=LAN_WAN \
new-connection-mark=Bind_ISP1 passthrough=yes routing-mark=ISP1_Route
add action=mark-connection chain=prerouting comment=\
"Mark Connections binded to ISP2" connection-mark=LAN_WAN \
new-connection-mark=Bind_ISP2 passthrough=yes routing-mark=ISP2_Route
add action=mark-routing chain=prerouting comment="Bind Connection to ISP1" \
connection-mark=Bind_ISP1 new-routing-mark=ISP1_Route passthrough=yes \
src-address-list=LAN
add action=mark-routing chain=prerouting comment="Bind Connection to ISP2" \
connection-mark=Bind_ISP2 new-routing-mark=ISP2_Route passthrough=yes \
src-address-list=LAN
tangram:
You need routes for the main table. If you want load balancing or stuff like that, use magle. For starters do something like this:
add distance=1 gateway=192.168.178.1
And of course set dns if you want update.
If I add these two routes to the main table, my connection to the internet gets super slow. As soon as I disable them, the speed is good again.
Looking at your mangle, you first mark the connections and based on these you assign routing marks.
I dont want load balancing, everything should go to my LTE ISP connection except one IP where HTTP/HTTPS goes to LTE and the rest to DSL.
torchhypnosis:
tangram:
You need routes for the main table. If you want load balancing or stuff like that, use magle. For starters do something like this:
add distance=1 gateway=192.168.178.1
And of course set dns if you want update.
If I add these two routes to the main table, my connection to the internet gets super slow. As soon as I disable them, the speed is good again.
Looking at your mangle, you first mark the connections and based on these you assign routing marks.
I dont want load balancing, everything should go to my LTE ISP connection except one IP where HTTP/HTTPS goes to LTE and the rest to DSL.
Then just switch route metric so you use only the lte:
add distance=2 gateway=192.168.178.1
I would set ping test so if lte fails you still have dsl. For the ip you want out lte you need to mark traffic and use specific routing table.
Maybe this helps:https://mum.mikrotik.com/presentations/US12/tomas.pdf
I completely removed my config and replaced it with the one from the .pdf. At first nothing changed, connection was wicked slow with the default routes enabled.
Thanks for the help.
Update: Ok it didn’t work but I found the solution in another forum. I had to disable fasttrack.