Separate internet while using 3 modems

mikroman98 · October 31, 2024, 5:45am

I have 3 4G modems:
Modem A network: 192.168.1.0/24
Modem B network: 192.168.2.0/24
Modem C network: 192.168.3.0/24

Each modem is connected to 1 ethernet on my MikroTik router board 750:
Modem A: ether1
Modem B: ether2
Modem C: ether3

On each network, I have several Windows PCs. My goal is this:
I want each network to be able to use internet via only their 4G modems, for example network A users should only be connected to the internet via Modem A, and so on. On the other hand, I want all these 3 networks to be able to share folders on their local networks. For example, suppose I have a folder on my Windows PC, the folder name is “shares” and is located on network A, I want all users on all these 3 networks to be able to see and use this shared folder. How can I configure my router to do this?
Thanks in advance.

TheCat12 · October 31, 2024, 10:31am

I think you need a router with more ports or possibly you would have to configure VLANs but would still need an additional switch

erlinden · October 31, 2024, 11:08am

Have a look at this great topic:
http://forum.mikrotik.com/t/multiwan-with-routeros/163698/1

aesmith · October 31, 2024, 11:20am

In RoS6.x you could use “routing marks”. Create three Internet routes 0.0.0.0/0 one for each modem. Use mangle to set the appropriate routing mark on traffic originating from each of those subnets.

anav · October 31, 2024, 11:24am

AESMITH, you are being like a premature ej…

Are all three modems from same provider, was wondering what backup functionality was needed if modem A stops working for example.
If from same provider could assume no neeed for backup as if one goes down it probably means all three go down.

Any port forwarding going on?
Any incoming VPNs?

To clarify, are you able to put all users going to modem1 on LAN subnetA, modem2 LAN subnetB, and modem3 LAN subnet C ??
How are you identifying which users need to go to each modem if not by subnet???

mikroman98 · November 2, 2024, 8:39am

you are all right! I forgot about PCs!
I changed my router to RB3011UiAS-RM.

Here is updated scenario along with the related diagram:

I have 3 4G modems:
Modem A (192.168.1.1) is connected to ether 3
Modem B (192.168.2.1) is connected to ether 2
Modem C (192.168.3.1) is connected to ether 1.

I have 3 separated networks:
192.168.1.0/24: all PCs are connected together via an unmanaged switch and port 1 of that switch is connected to ether 4.
192.168.2.0/24: all PCs are connected together via an unmanaged switch and port 1 of that switch is connected to ether 5.
192.168.3.0/24: all PCs are connected together via an unmanaged switch and port 1 of that switch is connected to ether 6.

My goal is this:
I want each network to be able to use internet via only their 4G modems, for example network A users should only be connected to the internet via Modem A, and so on. On the other hand, I want all these 3 networks to be able to share folders on their local networks. For example, suppose I have a folder on my Windows PC, the folder name is “shares” and is located on network A, I want all users on all these 3 networks to be able to see and use this shared folder. How can I configure my router to do this?[/img]

TheCat12 · November 2, 2024, 11:09am

The image of the diagram is a bit broken. Could you repost it somehow? Also, it would be nice to answer @anav’s questions whether a fallback scenario (one modem stops functioning) would be needed and whether there’ll be incoming VPNs

anav · November 2, 2024, 1:20pm

Folder sharing sounds like a windows problem. With Mikrotik we can deal in subnets and IP addresses mostly.

mikroman98 · November 3, 2024, 8:14am

here is the link to the image: https://ibb.co/48w541d
The routerboard is fresh and without any configuration and I don’t need a fallback scenario.

jaclaz · November 3, 2024, 9:57am

“Forcing” the internet access to the one or the other router (ether1/ether2/ether3) could be - I believe - done with routing rules based on source ports (ether4/ether5/ether6):
https://help.mikrotik.com/docs/spaces/ROS/pages/59965508/Policy+Routing

The other requirement (windows share across different networks) is trickier, there are TCP and/or UDP ports (137 and 138 and possibly also 139 for NetBios and 445 for SMB, depending on the Windows OS’s in use) that need to be forwarded (or anyway allowed):
https://petri.com/smb-port-445-139-138-137/
https://juggernaut-sec.com/ad-recon-netbios-smb-part-1/

But I haven’t found any valid example of a similar setup (which in theory should be a common enough scenario), maybe it is so easy and common that noone talks about it?

mikroman98 · November 3, 2024, 10:16am

I think majority of this scenario is related to firewall and routing. I don’t think any port forwarding is needed.

jaclaz · November 3, 2024, 12:16pm

Well, yes, firewall is the thing that might (or might not) allow the ports on the different subnets to talk to each other, so, it is about firewall.

Not so sure about routing, in the sense that the routes (at IP level) should be autogenerated in the Mikrotik router, i.e. come out as DAC (dynamic, active connected) automatically once you assign the ip addresses to ether 4/5/6, but Windows shares seemingly use other mechanisms, and that takes us back to firewall settings, both on the Mikrotik and on the Windows clients.

Here:
http://forum.mikrotik.com/t/regarding-windows-file-share-smb-between-2-networks-interfaces/129419/1
there is some reference to issues with broadcast, but as often happens, only hints, not proper, complete solutions/examples

TheCat12 · November 3, 2024, 2:14pm

Looking at the diagram, the following setup would suffice - bridge ether1 with ether4, ether2 with ether5, ether3 with ether6, create an interface list for the bridges and add them to it accordingly and then create the following firewall rule:

/ip firewall filter
add action=accept chain=forward in-interface-list="bridge_int_list" out-interface-list="bridge_int_list"

but that would render the firewall of the router useless.

That’s why a more complex approach should be taken - create three other subnets and with the help of routing tables and rules make them use the appropriate modem:

/ip address
add address=192.168.10.1/24 interface=ether4
add address=192.168.20.1/24 interface=ether5
add address=192.168.30.1/24 interface=ether6

/routing table
add fib name=to_modem1
add fib name=to_modem2
add fib name=to_modem3

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=to_modem1
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-table=to_modem2
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-table=to_modem3

/routing rule
add action=lookup-only-in-table min-prefix=0 table=main
add action=lookup-only-in-table src-address=192.168.10.0/24 table=to_modem1
add action=lookup-only-in-table src-address=192.168.20.0/24 table=to_modem2
add action=lookup-only-in-table src-address=192.168.30.0/24 table=to_modem3

The first of the routing rules should in theory allow communication between the subnets and since ether2-ether10 are LAN ports, no firewall edits should be required either