Routing to second WAN device admin

chilloutalready · August 14, 2024, 8:32am

Hello!

I have a HEX RB750Gr3 router and I’ve set it up with 2 WAN using 5G broadband modems on different providers. Everything works pretty well in general but recently the second modem has occassionally disconnected itself and requires restarting.

What makes this difficult though is accessing the admin page for the modem. The first modem is accessible via 192.168.1.1 but I need to lookup the gateway IP of the second one to access it.

Is there a way to assign a static IP address to the second wan interface? Each of the modems have dynamic IP addresses which makes it a bit harder..

Thanks in advance!

Larsa · August 14, 2024, 12:25pm

If you’re accessing your HEX through something like WireGuard you’ll always use the same local IP address for the router no matter where you are.

chilloutalready · August 14, 2024, 6:31pm

Thanks for the reply Larsa

Apologies if it wasn’t clear - this is not regarding accessing RouterOS. This is to access the secondary modem admin interface that I have configured as WAN2 and I need to be able to access that device via a static IP address.

Setup simplistically looks like:

2x 5G modems configured as IP passthrogh and on ETH 1 & 2
ETH 1 & 2 interfaces as WAN 1 & 2
5G modem 1 - internally configured LAN IP as 192.168.1.1
5G modem 2 - internally configured LAN IP as 192.168.2.1
I’ve got routes setup using some mangle rules which works great
The default route/lowest distance is via WAN1

Access to 192.168.1.1 (modem 1) works when on default route or when marked for WAN1

Access to 192.168.2.1 (modem 2) then only works when marked for WAN2

I would like to be able to access modem 2 on 192.168.2.1 when on the default route for example but I am not sure how to go about this.

Although having written this out I’ve now realised that maybe just creating a firewall mangle rule that marks the connection for routing via WAN2 when the dst address is 192.168.2.1 would be sufficient… but is this the best way? I will give that a go for now.

K0NCTANT1N · August 14, 2024, 9:59pm

Hello

Before mangle mark rules:

/ip firewall mangle
add action=accept chain=prerouting comment="allow usage of default routing table for traffic to ISP1 connected networks" dst-address=192.168.1.0/24 in-interface=bridge
add action=accept chain=prerouting comment="allow usage of default routing table for traffic to ISP2 connected networks" dst-address=192.168.2.0/24 in-interface=bridge

Larsa · August 15, 2024, 9:40am

@chilloutalready; If you’re trying to connect to modem #2 from your LAN (which subnet is it btw?) you shouldn’t need mangle rules. Your 5G devices are already on different local subnets so you just need regular routing.

Or is this a problem that only happens when you connect via VPN? How about posting your entire config so we can take a look at it?