Hello, I have an RB3011 that is setup with dual WAN. I’m unable to ping, or access winbox on the second WAN’s static public IP address.
I have setup the public static IP (that works when we input the same static IP in to the ethernet settings of a laptop) for the failover to ETH3. I’ve also setup a routing rule so the router knows it’s a WAN route. When I send a ping from an external source to the failover IP it comes back as denied. When I deactivate the static IP in the address window in WinBox, the external ping changes to non-existant. I’m working on this remotely, so I can’t change the priority of the two WAN’s to test if the failover without advanced scripting is actually working or not ( https://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting ). Why am I unable to access Winbox, or send/receive a ping externally to the public static IP address?
Thanks in advance for any and all help.
RouterOS v6.42.7
/interface ethernet
set [ find default-name=ether1 ] name=ETH1-PrimaryWAN
set [ find default-name=ether2 ] name=ETH2-Unused speed=10Mbps
set [ find default-name=ether3 ] name=ETH3-BackupWAN
set [ find default-name=ether4 ] name=ETH4-Unused
set [ find default-name=ether5 ] name=ETH5-Unused
set [ find default-name=ether6 ] name=ETH6-CaptivePortal
set [ find default-name=ether7 ] name=ETH7-CaptivePortal
set [ find default-name=ether8 ] name=ETH8-CaptivePortal
set [ find default-name=ether9 ] name=ETH9-CaptivePortal
set [ find default-name=ether10 ] name=ETH10-CaptivePortal
/ip firewall mangle
add action=mark-connection chain=input comment=WAN1Primary in-interface=ETH1-PrimaryWAN new-connection-mark=MWAN1
add action=mark-routing chain=output connection-mark=MWAN1 new-routing-mark=WAN1 passthrough=no
add action=mark-connection chain=forward comment=WAN1PF connection-state=new in-interface=ETH1-PrimaryWAN new-connection-mark=PFMWAN1
add action=mark-routing chain=prerouting connection-mark=PFMWAN1 in-interface=ETH3-BackupWAN new-routing-mark=RWAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=MWAN2 new-routing-mark=RWAN2 passthrough=no
add action=mark-connection chain=input comment=WAN2 in-interface=ETH3-BackupWAN new-connection-mark=MWAN2 passthrough=yes
add action=mark-connection chain=forward comment=WAN2FP connection-state=new in-interface=ETH3-BackupWAN new-connection-mark=PFMWAN2
passthrough=yes
add action=mark-connection chain=forward comment=WAN2PF connection-state=new in-interface=ETH3-BackupWAN new-connection-mark=PFMWAN2
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=PFMWAN2 in-interface=ETH3-BackupWAN new-routing-mark=RWAN2 passthrough=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=LocalConfigBridge network=192.168.88.0
add address=192.168.50.1/24 comment=“Captive Portal” interface=CaptivePortalBridge network=192.168.50.0
add address=192.168.55.1/24 comment=“VLAN10” interface=VLAN10 network=192.168.55.0
add address=71.xxx.xxx.xxx/24 comment=“Primary WAN” interface=ETH1-PrimaryWAN network=71.xxx.xxx.xxx
add address=96.xxx.xxx.xxx/24 comment=“Failover WAN” interface=ETH3-BackupWAN network=96.xxx.xxx.xxx
/ip route
add distance=1 gateway=ETH1-PrimaryWAN routing-mark=RWAN1
add distance=2 gateway=ETH3-BackupWAN routing-mark=RWAN2
add check-gateway=ping distance=1 dst-address=8.8.8.8/32 gateway=ETH1-PrimaryWAN scope=10
add check-gateway=ping distance=2 dst-address=8.8.8.8/32 gateway=ETH3-BackupWAN scope=10