Send specific traffic over LTE interface

RouterOS Beginner Basics
1

Hi all,

I’ve got a unit with USB and have connected a Hauwei 4G USB dongle with the LTE functioning perfectly. This site also has an ADSL link as their main WAN connection and that’s running fine.

I have been able to successfully set the ADSL to main and the 4G to be failover, however I was hoping there is a way to force all traffic from a specific LAN IP over the 4G despite the ADSL being the main link?

Im fairly new to these units and have only really picked up stuff from Winbox. Any advice would be greatly appreciated!

2

Bump! Would love some help with this issue.

3

Hi

In Mangle:PreRouting you can add a routing mark based on required conditions, which would point to a new routing table (other than the default one), an where one would route that traffic over a different gateway, being your lte.

4

Have a client that has Satellite internet. Its Laggy but fast once the download starts.

Ring doorbell was unusable as was the Camera DVR.
Camera DVR needs a public IP.
Ring and LAG makes talking impossible.

Set up the DSL as the secondary ISP…
Made a route for devices I want to use DSL

/ip route
add check-gateway=ping distance=2 gateway=pppoe-out1 routing-mark=DSL

Made some mangle rules to mark the traffic from those devices.

/ip firewall mangle
add action=mark-connection chain=prerouting comment=4DSL connection-mark=\
    no-mark in-interface=pppoe-out1 new-connection-mark=FromDSL passthrough=no
add action=mark-routing chain=prerouting comment="Mark DSL Only Users" \
    new-routing-mark=DSL passthrough=no src-address-list=UseDSL
add action=mark-routing chain=prerouting comment=4DSL connection-mark=FromDSL \
    in-interface=ether2-master new-routing-mark=DSL passthrough=no
add action=mark-routing chain=output comment=4DSL connection-mark=FromDSL \
    new-routing-mark=DSL passthrough=no
add action=mark-routing chain=output dst-address-list=cloud new-routing-mark=\
    DSL passthrough=no

The labeled the units in firewall address list.

/ip firewall address-list
add address=192.168.1.250 list=UseDSL
add address=192.168.1.251 list=UseDSL
add address=cloud.mikrotik.com list=cloud
5

Dude, THANK YOU!

I think this may be a long shot, but is there also a way to tell the Mikrotik Cloud (DDNS) to also update over the LTE rather than the DSL?

Thanks again!!

6

I added the things to make /ip cloud update over the dsl to the post above.

Make sure to accept it as solution and throw me some kudos, so people help me when i ask.

BUT
The 4G is likely nat’d. So the updating its IP address at IP cloud will not get you back in.

7

You’re a champion. Will do!

Luckily the LTE actually has a publicly routeable address, just not static.

Thanks again!

8

Sorry fro the follow up!

I’m having an issue where in no traffic will go over the LTE if the ADSL is active and working, despite the above being entered.

Any ideas?

9

Export

10

Try changing this:
/ip firewall mangle
add action=mark-connection chain=prerouting comment=4DSL connection-mark=
no-mark in-interface=pppoe-out1 new-connection-mark=FromDSL passthrough=no
To this:
/ip firewall mangle
add action=mark-connection chain=prerouting comment=4DSL connection-mark=
no-mark in-interface=pppoe-out1 new-connection-mark=FromDSL passthrough=yes

11

Please remember that what I put up there is an EXPORT from a WORKING SYSTEM where.
Satellite internet is the primary internet and NAT’d.
DSL is the secondary internet and certain devices, INCLUDING IP Cloud Updates, are FORCED to go over the SECONDARY INTERNET. Even when the PRIMARY INTERNET IS UP. When the primary goes down… all traffic goes over the DSL.

12

Sorry all, back from holiday.

Please see export below:

[MikroTik] /ip> export
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
add address=10.10.10.1/24 interface=VLAN10-POS network=10.10.10.0
add address=10.10.20.1/24 interface=VLAN20-CCTV network=10.10.20.0
add address=10.10.30.1/24 interface=VLAN30-WIFI network=10.10.30.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether9
/ip dhcp-relay
add dhcp-server=10.10.10.248 disabled=no interface=VLAN20-CCTV name="CCTV VLAN"
add dhcp-server=10.10.10.248 disabled=no interface=VLAN30-WIFI name="WIFI VLAN"
/ip firewall filter
add action=accept chain=input dst-address=10.10.30.0/24 src-address=\
    10.10.10.0/24
add action=accept chain=input dst-address=10.10.20.0/24 src-address=\
    10.10.10.0/24
add action=accept chain=input dst-address=10.10.10.0/24 src-address=\
    10.10.20.0/24
add action=accept chain=input dst-address=10.10.10.0/24 src-address=\
    10.10.30.0/24
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=FromLTE \
    in-interface=lte1 new-connection-mark=FromLTE passthrough=no
add action=mark-routing chain=prerouting new-routing-mark=LTE passthrough=yes \
    src-address-list=UseLTE
add action=mark-routing chain=prerouting connection-mark=FromLTE in-interface=\
    VLAN20-CCTV new-routing-mark=LTE passthrough=no
add action=mark-routing chain=output connection-mark=FromLTE new-routing-mark=\
    LTE passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="LAN out to DSL" out-interface=\
    pppoe-out1 src-address=10.10.10.0/24
add action=masquerade chain=srcnat comment="LAN out to 4G" disabled=yes \
    out-interface=lte1 src-address=10.10.10.0/24
add action=masquerade chain=srcnat comment="WIFI out to DSL" out-interface=\
    pppoe-out1 src-address=10.10.30.0/24
add action=masquerade chain=srcnat comment="CCTV to DSL" out-interface=\
    pppoe-out1 src-address=10.10.20.0/24
add action=masquerade chain=srcnat comment="CCTV to 4G" disabled=yes \
    out-interface=lte1 src-address=10.10.20.0/24
add action=masquerade chain=srcnat comment="WiFi to 4G" disabled=yes \
    out-interface=lte1 src-address=10.10.30.0/24
add action=dst-nat chain=dstnat comment="Server RDP" dst-port=4356 \
    in-interface=pppoe-out1 log-prefix=RDP protocol=tcp to-addresses=\
    10.10.10.248 to-ports=3389
add action=dst-nat chain=dstnat comment=HIKVISION dst-port=8080 in-interface=\
    pppoe-out1 protocol=tcp to-addresses=10.10.20.250 to-ports=80
add action=dst-nat chain=dstnat comment=PRTG dst-port=4444 in-interface=\
    pppoe-out1 protocol=tcp to-addresses=10.10.10.248 to-ports=4444
add action=dst-nat chain=dstnat comment=BEPOS dst-port=1433 in-interface=\
    pppoe-out1 protocol=tcp to-addresses=10.10.10.170 to-ports=1433
add action=dst-nat chain=dstnat comment=BEPOS dst-port=1434 in-interface=\
    pppoe-out1 protocol=tcp to-addresses=10.10.10.170 to-ports=1434
add action=dst-nat chain=dstnat comment=HIKVISION dst-port=8000 in-interface=\
    pppoe-out1 protocol=tcp to-addresses=10.10.20.250 to-ports=8000
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
[MikroTik] /ip>

The device itself is on VLAN 20

13

Bump

14

You left out
/IP route

15

Whoops.

Have re-applied the settings as per above and done fresh export.

[user@MikroTik] /ip> export
# aug/21/2018 16:44:08 by RouterOS 6.42.6
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
add address=10.10.10.1/24 interface=VLAN10-POS network=10.10.10.0
add address=10.10.20.1/24 interface=VLAN20-CCTV network=10.10.20.0
add address=10.10.30.1/24 interface=VLAN30-WIFI network=10.10.30.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether9
/ip dhcp-relay
add dhcp-server=10.10.10.248 disabled=no interface=VLAN20-CCTV name="CCTV VLAN"
add dhcp-server=10.10.10.248 disabled=no interface=VLAN30-WIFI name="WIFI VLAN"
/ip firewall address-list
add address=10.10.20.250 list=Use4G
add address=cloud.mikrotik.com list=cloud
/ip firewall filter
add action=accept chain=input dst-address=10.10.30.0/24 src-address=10.10.10.0/24
add action=accept chain=input dst-address=10.10.20.0/24 src-address=10.10.10.0/24
add action=accept chain=input dst-address=10.10.10.0/24 src-address=10.10.20.0/24
add action=accept chain=input dst-address=10.10.10.0/24 src-address=10.10.30.0/24
/ip firewall mangle
add action=mark-connection chain=prerouting comment=ForLTE connection-mark=no-mark in-interface=lte1 new-connection-mark=From4G passthrough=no
add action=mark-routing chain=prerouting comment="Mark 4G Only Users" new-routing-mark=4G passthrough=no src-address-list=Use4G
add action=mark-routing chain=output comment=4G connection-mark=From4G new-routing-mark=4G passthrough=no
add action=mark-routing chain=output dst-address-list=cloud new-routing-mark=4G passthrough=no
add action=mark-routing chain=prerouting comment=4G connection-mark=From4G in-interface=VLAN20-CCTV new-routing-mark=4G passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="LAN out to DSL" out-interface=pppoe-out1 src-address=10.10.10.0/24
add action=masquerade chain=srcnat comment="LAN out to 4G" out-interface=lte1 src-address=10.10.10.0/24
add action=masquerade chain=srcnat comment="WIFI out to DSL" out-interface=pppoe-out1 src-address=10.10.30.0/24
add action=masquerade chain=srcnat comment="CCTV to DSL" out-interface=pppoe-out1 src-address=10.10.20.0/24
add action=masquerade chain=srcnat comment="CCTV to 4G" out-interface=lte1 src-address=10.10.20.0/24
add action=masquerade chain=srcnat comment="WiFi to 4G" out-interface=lte1 src-address=10.10.30.0/24
add action=dst-nat chain=dstnat comment="Server RDP" dst-port=4356 in-interface=pppoe-out1 log-prefix=RDP protocol=tcp to-addresses=10.10.10.248 to-ports=3389
add action=dst-nat chain=dstnat comment=CCTV dst-port=8080 in-interface=pppoe-out1 protocol=tcp to-addresses=10.10.20.250 to-ports=80
add action=dst-nat chain=dstnat comment=MON dst-port=4444 in-interface=pppoe-out1 protocol=tcp to-addresses=10.10.10.248 to-ports=4444
add action=dst-nat chain=dstnat comment=POS dst-port=1433 in-interface=pppoe-out1 protocol=tcp to-addresses=10.10.10.170 to-ports=1433
add action=dst-nat chain=dstnat comment=POS dst-port=1434 in-interface=pppoe-out1 protocol=tcp to-addresses=10.10.10.170 to-ports=1434
add action=dst-nat chain=dstnat comment=CCTV dst-port=8000 in-interface=pppoe-out1 protocol=tcp to-addresses=10.10.20.250 to-ports=8000
/ip firewall service-port
set sip disabled=yes
/ip route
add check-gateway=ping distance=2 gateway=lte1 routing-mark=4G
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api-ssl disabled=yes

Interface export in case that helps:

/interface lte
set [ find ] mac-address=0C:5B:8F:27:9A:64 name=lte1
/interface ethernet
set [ find default-name=ether5 ] comment="Optus ADSL WAN. Connects to Netgear DM200 in Bridge" name=ETH5-DSL_WAN
set [ find default-name=ether10 ] comment="Port has DHCP enabled & route distance 10. Used for FAILOVER ONLY" name=ETH10-DHCP_WAN
set [ find default-name=ether1 ] comment="LAN TRUNK" name=FAMOUS_LANTRUNK
/interface pppoe-client
add add-default-route=yes comment="PPPOE Dialer for dsl" disabled=no interface=ETH5-DSL_WAN name=pppoe-out1 password=password user=user@dsl.con
/interface vlan
add interface=LANTRUNK name=VLAN10-POS vlan-id=10
add interface=LANTRUNK name=VLAN20-CCTV vlan-id=20
add interface=LANTRUNK name=VLAN30-WIFI vlan-id=30
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

If you want to have a deeper look, shoot me a PM with your email and I can touch base there. Happy to provide some sort of payment also!

16

in mangle…

First you have to mark the connection as it came in.
Then you need to use that mark to mark routing.
Then you use that routing mark to output.

The a route that matches that routing mark.