Route specific IP address ranges through either WAN1 or 2

iggylee · October 28, 2012, 4:47am

Hello everyone,

Been lurking around but had issues registering an account here. But finally managed to

Not sure to post this here or the “General Support”

Background:

RB450G running RouterOS 5.21
Ether1 - ISP1 (DHCP)
Ether2 - ISP2 (DHCP)

Default route now goes to Ether1.

Issue here is that ISP2 was recently subscribed due to me giving up my ADSL.

I have a specific list of IP addresses/subnets in mangle which I would like to be sent to ISP2 on ether2 - all based on this wiki http://wiki.mikrotik.com/wiki/Per-Traffic_Load_Balancing

This worked, until i switched over to my new ISP.

For some reason, it just won’t allow me to route traffic to ISP2 anymore no matter what I try.

Appreciate some/advice/help on this.

Thanks!

mixig · October 29, 2012, 8:43pm

can you copy/paste mangle and ip route config?

iggylee · November 25, 2012, 7:44am

Hi..

Apologies for the late update.

Mangle export config output:

# nov/25/2012 15:42:57 by RouterOS 5.21
# software id = 9WT6-2LNG
#
/ip firewall mangle
add action=mark-connection chain=input disabled=yes in-interface=ether1 new-connection-mark=SN-in passthrough=yes
add action=mark-routing chain=output connection-mark=SN-in disabled=yes new-routing-mark=SN-out passthrough=no
add action=mark-connection chain=input disabled=yes in-interface=ether2 new-connection-mark=VQ-in passthrough=yes
add action=mark-routing chain=output connection-mark=VQ-in disabled=yes new-routing-mark=VQ-out passthrough=no
add action=mark-routing chain=prerouting comment="Forced Test Route To WAN2" disabled=no dst-address-list=TEST \
    new-routing-mark=SMALLNETBLDER passthrough=no src-address=192.168.68.0/24
add action=mark-routing chain=prerouting comment="General HTTP Traffic" disabled=no dst-port=80 new-routing-mark=HTTP \
    passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting comment="General SSL Traffic" disabled=no dst-port=443 new-routing-mark=HTTPS \
    passthrough=no protocol=tcp
add action=mark-routing chain=prerouting comment="P2P Filter Traffic" disabled=no new-routing-mark=P2P p2p=all-p2p \
    passthrough=no

IP Route export config output:

# nov/25/2012 15:44:06 by RouterOS 5.21
# software id = 9WT6-2LNG
#
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=ether1 routing-mark=SN-out scope=30 target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=ether2 routing-mark=VQ-out scope=30 target-scope=10
add comment="General HTTP Traffic" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=ether1 routing-mark=HTTP scope=255 \
    target-scope=10
add comment="General SSL Traffic" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=ether1 routing-mark=HTTPS scope=255 \
    target-scope=10
add comment="P2P Filter" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=ether1 routing-mark=P2P scope=255 \
    target-scope=10
add comment="Test Route" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether2 routing-mark=SMALLNETBLDER scope=255 \
    target-scope=10
add comment="added by setup" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.68.254 scope=30 target-scope=10

Hope you guys can give me some input/help as i’m totally stumped…

mixig · November 25, 2012, 1:22pm

add action=mark-routing chain=prerouting comment="Forced Test Route To WAN2" disabled=no dst-address-list=TEST \
    new-routing-mark=SMALLNETBLDER passthrough=no src-address=192.168.68.0/24

Does this rule has matching traffic, does the counter is growing?

iggylee · November 25, 2012, 3:16pm

Yes it does.

Basically I put int smallnetbuilder’s subnet as “TEST” and by right - it should thow it to WAN2.
But it doesn’t and i’m stumped…

Page doesn’t load with a connection time out.

Could it be the priority / order the DHCP IP is grabbed by bother ether1 or 2?

mixig · November 25, 2012, 8:19pm

no i am just guessing, so traffic is passing through that rule, passthrough is set to no, so traffic is not moving through the manlge, it get to the routing decision… you get timeout… i would say dns is the problem (second provider is using another dns then first provider) but i see that you are using address list (i assume ip addresses) for destination in the mangle…so dont know, try with some public dns anyway… if you do traceroute what do you get?

iggylee · November 26, 2012, 7:54pm

Yup, I’m using “Address Lists” under firewall to select certain/different subnets

Basically to throw certain subnets to WAN2 as the provider i have on WAN1 throttles traffic like no tomorrow.

Ok.

Set with google’s DNS 8.8.8.8/8.8.4.4

Lease obtained via DHCP from my desktop shows its using the above DNS.

Tracert out goes to the mikrotik, out WAN2 then the packet just drops - Destinaton host unreachable.
Ping gets the same response.

Could it be due to my firewall rule?

iggylee · November 29, 2012, 5:01am

Anyone has any solution to this?

iggylee · December 15, 2012, 4:43am

Update:

Tore down my router. Re-did everything from scratch according to the given article:
http://wiki.mikrotik.com/wiki/Per-Traffic_Load_Balancing

I’ve manually set my DNS servers (2 ISPs’ + Google DNS) with DNS caching enabled on the mikrotik. DHCP is issuing IP + DNS pointed to the mikrotik.

My question is - do I still need to set a default gateway as I’m still unable to surf.

I’m only able to surf when a default gateway is assigned.