I am running ROS 7.8 on RB750GR2
Scenario:
Problem
pppoe server has been configured on same Ether 4 port and users can connect PPPoE server as well as DHCP. But as soon as a pppoe client connects the Load Balancing stops working and only 1 WAN is used all other WANs goes idle.
Can anyone help me what can be the problem.
I dont run a pppoe server, so tell me what is the purpose of running one?
Why dont you just have lan users on ether4.
In any case you want all user traffic regardless to be PCCd ??
Any other hidden requirements, any external traffic coming into the router? Any VPN traffic ??
Eventually one will want to see a network diagrams and certainly a complete config
/export file=anynameyouwish ( minus router serial number and any public WANIP information )
I just want that clients can plug into any switch or any AP on the network to get dhcp. But i dont want them to know that there is a pppoe server as well which can be connected on the same network.
The reason for a pppoe server is that i have to setup some special privileges for some clients.
I know i can configure pppoe on a separate port or can configure vlans, but i dont want to do that because i cannot access all the router or APs down the line for configuration.
Anyways, here is the config
/interface ethernet
set [ find default-name=ether1 ] mac-address=CC:2D:E0 name=LAN
set [ find default-name=ether2 ] disabled=yes mac-address=CC:2D:E0
name=Test-LAN
set [ find default-name=ether3 ] mac-address=CC:2D:E0 name=WAN2
set [ find default-name=ether4 ] mac-address=CC:2D:E0 name=WAN3
set [ find default-name=ether5 ] mac-address=CC:2D:E0 name=WAN4
/interface list
add name="All WAN"
add name=LANs
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.15.2-192.168.15.254
add name="PPPoE Pool" ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool0 interface=LAN lease-time=1d name=
DHCP_LAN
/ppp profile
add local-address=192.168.20.1 name="PPPoE on LAN" remote-address=
"PPPoE Pool"
set FFFFFFFE local-address=192.168.89.1 remote-address="PPPoE Pool"
/queue type
add kind=fq-codel name=FQ-Codel
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=to_WAN2
add fib name=to_WAN3
add fib name=to_WAN4
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list="All WAN" internet-interface-list="All WAN"
lan-interface-list=LANs wan-interface-list="All WAN"
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add interface=WAN2 list="All WAN"
add interface=WAN3 list="All WAN"
add interface=WAN4 list="All WAN"
add interface=LAN list=LANs
/interface ovpn-server server
set auth=sha1,md5
/interface pppoe-server server
add default-profile="PPPoE on LAN" disabled=no interface=LAN
keepalive-timeout=disabled one-session-per-host=yes service-name=
PPPoE-Special
/ip address
add address=192.168.15.1/24 interface=LAN network=192.168.15.0
add address=192.168.12.250/24 interface=WAN2 network=192.168.12.0
add address=192.168.13.250/24 interface=WAN3 network=192.168.13.0
add address=192.168.14.250/24 interface=WAN4 network=192.168.14.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=192.168.15.2 client-id=1:1c:87:2c:67:cd:88 mac-address=
1C:87:2C:67:CD:88 server=DHCP_LAN
/ip dhcp-server network
add address=192.168.15.0/24 dns-server=192.168.15.1,8.8.8.8 gateway=
192.168.15.1
add address=192.168.20.0/24 dns-server=8.8.8.8 gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,9.9.9.9
/ip dns static
add address=192.168.10.1 name=lan.com
/ip firewall address-list
add address=192.168.15.2-192.168.15.254 list=Clients
add address=192.168.12.250 list=WANs
add address=192.168.13.250 list=WANs
add address=192.168.14.250 list=WANs
/ip firewall filter
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat connection-state=
new in-interface-list="All WAN"
add action=accept chain=forward comment="dstNat Accept"
connection-nat-state=dstnat
add action=add-dst-to-address-list address-list=ABL address-list-timeout=3d
chain=forward comment="Detect MyABL List" content=myabl
out-interface-list="All WAN"
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.12.0/24
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.13.0/24
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.14.0/24
in-interface-list=LANs
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface-list=LANs new-connection-mark=
WAN2_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:4/0
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface-list=LANs new-connection-mark=
WAN3_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:4/1
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface-list=LANs new-connection-mark=
WAN3_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:4/2
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface-list=LANs new-connection-mark=
WAN4_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:4/3
add action=mark-routing chain=prerouting connection-mark=WAN2_conn
in-interface-list=LANs new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_conn
in-interface-list=LANs new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN4_conn
in-interface-list=LANs new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN3_conn
new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN4_conn
new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn
new-routing-mark=to_WAN2 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark="" in-interface=
WAN3 new-connection-mark=WAN3_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yes
add action=mark-routing chain=prerouting comment=
"MyABL Route to WAN3" dst-address-list=ABL new-routing-mark=
to_WAN3 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list="All WAN"
add action=dst-nat chain=dstnat comment=""""Port Fwd for AC68u""""""
dst-port=11945 in-interface-list="All WAN" protocol=udp to-addresses=
192.168.15.2 to-ports=11945
/ip firewall service-port
set rtsp disabled=no
/ip route
add comment="Monitor WAN 2" disabled=no distance=1 dst-address=1.1.1.1/32
gateway=192.168.12.1 pref-src="" routing-table=main scope=10
suppress-hw-offload=no target-scope=10
add comment="Monitor WAN3" disabled=no distance=1 dst-address=39.39.39.39/32
gateway=192.168.13.1 pref-src="" routing-table=main scope=10
suppress-hw-offload=no target-scope=10
add comment="Monitor WAN4" disabled=no distance=1 dst-address=8.8.4.4/32
gateway=192.168.14.1 pref-src=0.0.0.0 routing-table=main scope=10
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Routing WAN 2" disabled=no distance=1
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=to_WAN2
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Routing WAN 3" disabled=no distance=1
dst-address=0.0.0.0/0 gateway=39.39.39.39 pref-src="" routing-table=
to_WAN3 scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Routing WAN 4" disabled=no distance=1
dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" routing-table=to_WAN4
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Default WAN 2" disabled=no distance=1
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src=0.0.0.0 routing-table=main
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Default WAN 3" disabled=no distance=2
dst-address=0.0.0.0/0 gateway=39.39.39.39 pref-src=0.0.0.0 routing-table=
main scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Default WAN 4" disabled=no distance=3
dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src=0.0.0.0 routing-table=main
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 2 to 3" disabled=no distance=2
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=to_WAN3
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 3 to 4" disabled=no distance=2
dst-address=0.0.0.0/0 gateway=39.39.39.39 pref-src=0.0.0.0 routing-table=
to_WAN4 scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 4 to 3" disabled=no distance=2
dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src=0.0.0.0 routing-table=
to_WAN3 scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 2 to 4" disabled=no distance=3
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=to_WAN4
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 3 to 2" disabled=no distance=3
dst-address=0.0.0.0/0 gateway=39.39.39.39 pref-src="" routing-table=
to_WAN2 scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Failover WAN 4 to 2" disabled=no distance=3
dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" routing-table=to_WAN2
scope=30 suppress-hw-offload=no target-scope=11
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ppp secret
add name=********* profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
add name=*********** profile="PPPoE on LAN" service=pppoe
PCC should work as normal, on the surface if PCC works before invoking ppp server, it should work afterwards, Just more subnets ending up using PCC…
What is it that we are not aware of??? You must have changed something if it stops working!!
(1) Why do you have this enabled?
/ip firewall connection tracking
set enabled=yes
(2) Im no ppp expert but what interface are you supposed to identify here… Okay just a bad choice of words.
I would never use the word LAN to identify an etherport because its used elsewhere on MT as standard terminology.
Suggest maybe ether1-LAN etc…
/interface pppoe-server server
add default-profile=“PPPoE on LAN” disabled=no interface**=LAN**
keepalive-timeout=disabled one-session-per-host=yes service-name=
PPPoE-Special
(3) I no ppp expert but why here is there a reference to two diff subnets??
/ppp profile
add local-address=192.168.20.1 name=“PPPoE on LAN” remote-address=
“PPPoE Pool”
set FFFFFFFE local-address=192.168*.89**.1 remote-address=“PPPoE Pool”
(4) I dont see Missing???
/ip dhcp-server for pppoe subnet???
It has an ip pool, ip address, ip dhcp-server network though!
I suspect this is done through the ppp interface.
(5) I would get rid of this static setting as it seems to have no purpose, not tied to any known subnet.
/ip dns static
add address=192.168.10.1 name=lan.com
(6) Lets look at the sparse firewall rules…can only assume you are behind another router…
I cannot even begin to comprehend what the heck you aim to accomplish with these rules, so will let you explain!!
As of right now would recommend two things
a. remove all the garbage below and then keep troubleshooting.
b. once you have success then put in a small but decent firewall set of rules close to default.
/ip firewall filter
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat connection-state=
new in-interface-list=“All WAN”
add action=accept chain=forward comment=“*dstNat Accept”
connection-nat-state=dstnat
add action=add-dst-to-address-list address-list=ABL address-list-timeout=3d
chain=forward comment=“Detect MyABL List” content=myabl
out-interface-list=“All WAN”
(7) It seems as if you have expectations of external users coming in and reaching your LAN correct ???
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=“All WAN”
add action=dst-nat chain=dstnat comment=“"""Port Fwd for AC68u"""""”
dst-port=11945 in-interface-list=“All WAN” protocol=udp to-addresses=
192.168.15.2 to-ports=11945
Any expectations of internal users using the Server? and if so how, ( by dyndns name or the more direct LANIP ? )
(8) Looking at mangle rules. Lets look at what is required conceptually.
A. Have to ensure any users coming in externally for mainly the internal server, on any WAN, go back out the same WAN.
This rule has two purposes, to mark incoming traffic headed toward a server etc, or to the router itself!
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=“” in-interface=
WAN3 new-connection-mark=WAN3_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yes
B. Next we have to ensure all users originating traffic heading for the WANs are both connection marked and PCCd. Since we have the standard LAN and anther ppp subnet to worry about (not really an interface) we need to use a firewall address list vice and interface list approach.
/ip firewall address list
add address=192.168.15.0/24 list=ALL-users
add address=192.168.20.0/24 list=ALL-users
And then the PCC rules.
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local src-address-list=ALL-users new-connection-mark=
WAN2_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:4/0
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local src-address-list=ALL-users new-connection-mark=
WAN3_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:4/1
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local src-address-list=ALL-users new-connection-mark=
WAN3_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:4/2
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local src-address-list=ALL-users new-connection-mark=
WAN4_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:4/3
C. Next, for the LAN and PPP traffic identified we want to associate that marked traffic withe the specific routes accordingly!!!
It is not totally necessary to include the LANSIDE members just for information.
add action=mark-routing chain=prerouting connection-mark=WAN2_conn
src-address-list=ALL-users new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_conn
src-address-list=ALL-users new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN4_conn
src-address-list=ALL-users new-routing-mark=to_WAN4 passthrough=yes
D. Lastly we want to ensure any traffic that was headed for the router itself through the WANs,
gets sent back out the same interface.
Note: Return traffic from the Router itself does not go through preouting and thus we must use output chain.
add action=mark-routing chain=output connection-mark=WAN3_conn
new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN4_conn
new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn
new-routing-mark=to_WAN2 passthrough=yes
E. I do not believe these mangle rules will serve any purpose on your config and can be removed! <---- I am wrong here, needed for OP to talk to modems!!
This ‘extra set of rules’ is typically used to reach modems or if other WANIPs in ones config, not noted are in play here!!
_/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.12.0/24
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.13.0/24
in-interface-list=LANs
add action=accept chain=prerouting dst-address=192.168.14.0/24
in-interface-list=LAN_s
Before I even attempt to digest your IP routes.
Yuu need to detail your intentions with the WANs for all cases…
It would appear you have
a. normal single flat recursive case - ALL WANS working.
b. what happens when wans fail.
Confirm please.
a. if WAN2 fails, send WAN2 traffic to Wan3, if Wan3 then fails, send WAN2 traffic to Wan4
b. if WAN3 fails, send WAN3 traffic to Wan2, if Wan2 then fails, send WAN3 traffic to Wan4
c. If WAN4 fails, send WAN4 traffic to Wan2, if Wan2, then fails, send WAN4 traffic to Wan3
Being a newbie I set those up after consulting a lot of videos.
I just want to have recursive routes with failover, so if WAN2 fails, send WAN2 traffic to WAN3 to WAN4 and so on
Thanks a lot @anav
Actually my WAN2, 3 and 4 are ISP Modems and they cannot be put in bridge mode for pppoe as i dont have the PPPoE usernames and passwords for them. Otherwise i can access them
About the settings, Yes there were a lot of mistakes, I have corrected them all as per your advice
Yes I meant to say…
a. if WAN2 fails, send WAN2 traffic to Wan3, if Wan3 then fails, send WAN2 & WAN3 traffic to Wan4
b. if WAN3 fails, send WAN3 traffic to Wan2, if Wan2 then fails, send WAN3 &WAN2 traffic to Wan4
c. If WAN4 fails, send WAN4 traffic to Wan2, if Wan2, then fails, send WAN4 & WAN2 traffic to Wan3
This should get you close in terms of IP routes.
Starting Point Farthest Hop.
add check-gateway=ping distance=5 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 { main table }
add check-gateway=ping distance=10 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 {main table }
add check-gateway=ping distance=15 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 {main table }
Add Cases for Failure… ( W2–> 3 then 4 / W3–> 2 then 4 / W4–> 2 then 3 )
distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=ISP2-route
distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 routing-table=ISP2-route
distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 routing-table=ISP2-route
distance=1 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 routing-table=ISP3-route
distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=ISP3-route
distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 routing-table=ISP3-route
distance=1 dst-address=0.0.0.0/0 gateway=8.8.4.4 scope=10 target-scope=14 routing-table=ISP4-route
distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1.1 scope=10 target-scope=14 routing-table=ISP4-route
distance=3 dst-address=0.0.0.0/0 gateway=39.39.39.39 scope=10 target-scope=14 routing-table=ISP4-route
ADD NEXT HOP (Direct LINK)
add distance=5 dst-address=1.1.1.1/32 gateway=192.168.12.1 scope=10 target-scope=13
add distance=10 dst-address=39.39.39.39/32 gateway=192.168.13.1 scope=10 target-scope=13
add distance=15 dst-address=8.8.4.4/32 gateway=192.168.14.1 scope=10 target-scope=13
Thanks a bundle again
being new to it, i had literally configured it 100 times with partial success reading all from the forums but could never do it right.
Everything is working flawlessly now
Just 1 last query
These “action=accept” rules. Although i have deleted them, I still couldnt understand them exactly.
Moreover, the cpu usage has gone high to 50+, previously it stayed in 20
although everything is working as expected
Cant help you with usage of CPU probably expected with all that mangling etc… But will take another look.
Yes the accept rules we deleted is really there in most configs for no reason.
They are there just in case.
a. one has more WANIPs from the providers in question, but not involved in PCC so that they can function normally if in use.
b. one has Cellular connections involved separate not part of PCC I think.
Wow so everything is working!!! AWESOME…
I have configured routes as above.
Everything was working fine and i checked it by disabling WAN connections individually in router.
However, yesterday my WAN3 internet went down. The modem was up and connected but the internet was not there.
So the failover didnt work and the connections were still forwarded to WAN3 as if it was up.
So the problem is that if the interface is physically down, only then the failover works.
Here is my current routes config based on your advice above
/ip route
add distance=5 dst-address=1.1.1.1/32 gateway=192.168.12.1 scope=10 \ target-scope=13
add distance=10 dst-address=39.39.39.39/32 gateway=192.168.13.1 scope=10 \ target-scope=13
add distance=15 dst-address=8.8.4.4/32 gateway=192.168.14.1 scope=10 \ target-scope=13
add check-gateway=ping distance=5 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ scope=10 target-scope=14
add check-gateway=ping distance=10 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ scope=10 target-scope=14
add check-gateway=ping disabled=no distance=15 dst-address=0.0.0.0/0 gateway=\ 8.8.4.4 pref-src=“” routing-table=main scope=10 suppress-hw-offload=no \ target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ routing-table=to_WAN2 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ pref-src=“” routing-table=to_WAN3 scope=10 suppress-hw-offload=no \ target-scope=14
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src=“” \ routing-table=to_WAN4 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src=“” \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src=“” \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.4.4 \ routing-table=to_WAN4 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src=“” \ routing-table=to_WAN4 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ pref-src=“” routing-table=to_WAN4 scope=10 suppress-hw-offload=no \ target-scope=14
my mistake, potentially, was putting distances on the first three rules and the last three rules.
They are not required so no 5,10,15 on the first three or last three. Try that and see if it works better..
in the meantime will look at your latest rules…
Yeah you had some errors plus my other post…
/ip route
add distance=1 dst-address=1.1.1.1/32 gateway=192.168.12.1 scope=10 \ target-scope=13
add distance=1 dst-address=39.39.39.39/32 gateway=192.168.13.1 scope=10 \ target-scope=13
add distance=1 dst-address=8.8.4.4/32 gateway=192.168.14.1 scope=10 \ target-scope=13
add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ scope=10 target-scope=14
add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ scope=10 target-scope=14
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\ 8.8.4.4 pref-src=“” routing-table=main scope=10 suppress-hw-offload=no \ target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ routing-table=to_WAN2 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ pref-src=“” routing-table=to_WAN**2** scope=10 suppress-hw-offload=no \ target-scope=14
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src=“” \ routing-table=to_WAN**2** scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src=“” \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src=“” \ routing-table=to_WAN3 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.4.4 \ routing-table=to_WAN4 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src=“” \ routing-table=to_WAN4 scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=39.39.39.39 \ pref-src=“” routing-table=to_WAN4 scope=10 suppress-hw-offload=no \ target-scope=14
Thanks a lot
But i already figured that out and corrected
And about those “accept” rules we discussed earlier
when i removed those i could not access my WAN modems, so i had to add those “accept” rules again
my Wan Modems have fol IPs
Hi did you in mean mangle rules?? If so great, I was wondering why they may be necessary, I have never needed to access my wan ISPs modems lol,