Only to keep things as together as possible I just “sold” this Filo’s approach to a new user, with a few changes.
I got rid of the separate routing table and of the mangle by adding a “narrow” /32 route to the “canary” ip address in “main” table.
And I didn’t use the “comment” as selector in the Netwatch script (this is a pet peeve of mine, comments may be changed accidentally six months or a year later, the setup would stop working and finding out what happened would be more difficult).
Because of some reasons (I suspect the address on ether1 coming from DHCP server instead of being static) when the ether1 is physically disconnected from the ISP router (think of the ethernet cable going bad or just the ISP router or its power supply failing) the “main” route becomes inactive, and the whole setup starts flapping each time the netwatch script runs.
So I added a blackhole route to the same /32 address with distance 2.
The thread is here:
As it is a bit difficult to follow due to all the tests made, here it is the overall setup using the SAME IP addresses and structure of the original Filo’s post:
- Prerequirements:
- Network with DHCP done by MicroTik (in this case: 192.188.1.0/24)
- Standard Gateway in DHCP will be the MikroTik (here: 192.188.1.1)
- Internet available at (for Example) 192.168.1.1 (in this case DSL)
- Internet available at (for Example) 192.168.1.250 (LTE-Modem)
- Both interfaces connected to the two devices above characterized as WAN in interface list and masqueraded in /ip firewall nat
- Routing:
- Standard Route 0.0.0.0/0 set to 192.168.1.250 with Distance 1 comment=LTE-Failover → (keep it DEACTIVATED)
- Standard Route 0.0.0.0/0 set to 192.168.1.1 with Distance 2
- Narrow Route 8.8.4.4/32 set to 192.168.1.1 with Distance 1
- Narrow Blackhole route 8.8.4.4/32 with Distance 2
3. Go to ROUTING → TABLES
- Create a Routing Table named (for Example) “DSL” - check FIB
4. Go To IP → ROUTES → Click +
- Dst,Address: 0.0.0.0/0
- Gateway: 192.168.1.1 (your Primary Gateway)
- Routing Table: Select above created ROUTING TABLE (here: “DSL”)
5. Go to IP → FIREWALL → Tab MANGLE
Create a MANGLE-Rule:
- Tab → GENERAL
– Chain: output
– Dst.Address: 8.8.8.8
– Protocol: 1 (icmp)
- Tab → ACTION
– Action: mark routing
– New Routing Mark: Select above created ROUTING TABLE (here: “DSL”)
6. 3.Go to TOOLS → NETWATCH
-Tab → HOST
– Create a Netwatch Host:
— Host: 8.8.8.8 8.8.4.4
— Type: icmp
— Interval: 00:00:30
— Timeout: 5.00
-Tab → Down
/ip route enable [find comment=LTE-Failover] [find dst-address=0.0.0.0/0 and gateway=192.168.1.250]
-Tab → Up
/ip route disable [find comment=LTE-Failover] [find dst-address=0.0.0.0/0 and gateway=192.168.1.250]
It seems like it works nicely and it is simpler to implement.
EDIT: added the detail that interfaces should be WAN and masqueraded
EDIT2: re-formatted the strikethrough that was lost in the board update