Hi Experts.

I have problem with my config.

I Have a WAN inside in port SFP01 And a WAN behind NAT on port 07

I have give this ports a IP adresse and config a IP route

Like this :

SFP-Port
Des. Adresse 0.0.0.0/0 Gateway X7.137.116.X17
Distance 1

Port-7
Des. Adresse 0.0.0.0/0 Gateway X0.145.31.X29
Distance 2

The problem is that I can not ping the Port 7 from the network. I’ll be able to access the router from both networks.
I lack something firewall setup, or something else?
I can ping and get access to SFP part.

I in firewall log can i see this line syn received

It looks like you are trying to make load balancing?
If so, follow this configuration example
http://wiki.mikrotik.com/wiki/Manual:PCC

As I see it, the router could just manage both my WANs, I will not double my download or upload speed. But just might forwarede my port from the WAN side to the LAN side.

This is possible when you setup a second routing table for your second WAN and
then define IP Route → Rules to send the traffic to the correct routing table.

So i can make a preroutning under mangel ?

This is not required, with route tables you can define a rule based on source address.
But tagging the traffic and selecting a nexthop in a filter rule is possible as well.

Can you maby give a explem ?

I have this Routes
[admin@MSBR-Core01] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 X S 0.0.0.0/0 10.145.3x.129 1
1 A S 0.0.0.0/0 87.116.3x.218 87.116.3x.217 1
2 ADC 10.145.3x.128/25 10.145.3x.147 ether7 0
3 ADC 87.116.3x.216/29 87.116.3x.218 sfp1 0
4 ADC 192.168.1.0/24 192.168.1.7 TDC 0
[admin@MSBR-Core01] >

Don’t put 2 default routes in the same table and expect to use both.
Think about what you want with the second interface and use either IP->Routes->Rules and two different routing tables,
or match all your traffic on the second interface and use a set nexthop.

like this ?

[admin@MSBR-Core01] /ip route> rule print
Flags: X - disabled, I - inactive
0 dst-address=0.0.0.0/0 routing-mark=wan1_traffic interface=sfp1 action=lookup
table=wan1_traffic

1 dst-address=0.0.0.0/0 routing-mark=wan2_traffic interface=ether7
action=lookup table=wan2_traffic
[admin@MSBR-Core01] /ip route>

No, not with dst-address! That is not a matching criterion for the different paths.
Use source-address for the matching. Match on source address of one interface and contains the default route
for that interface, put the default route of the other one in the normal table.

Dont Work

What I wonder about is why I can not just make a regl which makes both ethernet ports each with their gateway can portforwarde to my local server?

Showing maps an example.

Port SFP1 (87.116.3x.218 / 29) Port 80 forward to (lan-10.145.3x.190)

Port Ether7 (10.145.3x.147 / 25) Port 80 forward to (lan-10.145.3x.190)


I can easily get it to work, if only one IP is enabled. But when both are active works one

Sure it works, I am running such a config myself here.

can i see your config ? :S

My config is of course completely different from what you have, but I just have a second routing table with
a default route for the second path (which is a VPN in my case, but that doesn’t matter), and an IP rule which
matches on the source network for that VPN and sets the lookup to that second routing table.

/ip route rule
add src-address=a.b.c.d/xx table=abcd

/ip route
add distance=1 dst-address=0.0.0.0/0 gateway=gre1 routing-mark=abcd

This same thing would be possible with an IP address as a gateway (when it is connected to some interface)

BTW do not use interface as gateway, it is officially supported only on ppp interfaces.

You are right, this fragment is not actually from my config, I run BGP on the GRE tunnel and receive the
routes from that (and put them in the alternative table).