Community discussions

MUM Europe 2020
 
kenigoff
just joined
Topic Author
Posts: 12
Joined: Thu Jun 23, 2016 4:08 pm

2 wans with same gateway (not failover)

Fri Jun 24, 2016 1:14 am

hello,

i'm struggled with configuring 2 wans from same ISP which share same ISP's gateway.
i created manualy 2 routes:
add distance=2 gateway=x.x.x.0%TIS_15 pref-src=x.x.x.207
add distance=1 gateway=x.x.x.0.0%TIS_100 pref-src=x.x.x.22
route with distance 1 is active although route with distance 2 is not active,but enabled (so all lan ips routed to this interface don't have internet). can you point me, what should i do?
i have lot's of mangle rules which are working well and if should i create another 1 or 2? i need both wan interfaces work same time (not failover), for different local subnets.

Please, advice
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: 2 wans with same gateway (not failover)

Fri Jun 24, 2016 1:21 am

If the ISP is using PPPoE, ask them if they can support MLPPP - you can then bond the two using MLPPP and it will automatically do all of the load-balancing and fault protection for you.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
kenigoff
just joined
Topic Author
Posts: 12
Joined: Thu Jun 23, 2016 4:08 pm

Re: 2 wans with same gateway (not failover)

Fri Jun 24, 2016 1:33 am

i don't need any kind of load-balancing. i have 1 wan for internet from my lan (working) and 2 wan for published services (different subnet). and no, my ISP doesn't provide any additional services free of charge (especially MLPPP). both wan with static public ip.
 
kenigoff
just joined
Topic Author
Posts: 12
Joined: Thu Jun 23, 2016 4:08 pm

Re: 2 wans with same gateway (not failover)

Fri Jun 24, 2016 1:03 pm

no thoughts? i've tried many ways already, but it just doesn't want to work. i know how to make it work using cisco ios, but no clue in routeros.
trick with % doesn't work (in one route, 2 gateways and 2 routes with same gateway with %<interface>). also, tried to put pref-src, still nothing.
 
User avatar
BlackVS
Member Candidate
Member Candidate
Posts: 171
Joined: Mon Feb 04, 2013 7:00 pm
Contact:

Re: 2 wans with same gateway (not failover)

Fri Jun 24, 2016 1:34 pm

 i have 1 wan for internet from my lan (working) and 2 wan for published services (different subnet).
If shortly:
1. Set default gateway to the first provider in the main routing table (i.e. no routing mark set in route).
2. Create the other routing table with different name (for example, routing mark set as "WAN2") and set default gateway to the second provider in this table .This table will be used for marked connections only.
3. Mark connections incoming to wan2 for example "to_wan2" (mark connections as "to_wan2" in forward chain for wan2 interface as input) and use second routing table for marked connections for outgoing to global packets (do mark routing as "WAN2" in prerouting chain for packets coming from lan interface and going to global dst addresses).
4. Of course dst-nat on wan2 for published services.
5. If you want to force some services to use wan2 for Internet access (from lan to global) - add corresponding mark routing as WAN2 rule in prerouting chain - for example, set mark route as wan2 for connections from certain src-address to global dst-addresses.
Remember - mark connection just marks connection. And nothing more. Packet goes as usually. Which route table to use is set by further mark routing rules. 
 
kenigoff
just joined
Topic Author
Posts: 12
Joined: Thu Jun 23, 2016 4:08 pm

Re: 2 wans with same gateway (not failover)

Fri Jun 24, 2016 1:38 pm

thanks. created 2 routing tables (main and other) , created 2 routes, default and second marked and it works, even without marking traffic in mangle. i just don't use masquarade, only src-nat with " to ip address".
 
kenigoff
just joined
Topic Author
Posts: 12
Joined: Thu Jun 23, 2016 4:08 pm

Re: 2 wans with same gateway (not failover)

Mon Jun 27, 2016 1:11 pm

hi again, strange but scheme works only sometimes, i.e. it works now, but later, in 10 minutes i see it doesn't work.
check, if everything is correct (published-7 is lan, 10.10.254.0 lan subnet, x.x.x.207 public ip):
mangle:
add action=mark-connection chain=forward in-interface=tis115 new-connection-mark=to_tis115 passthrough=no
add action=mark-routing chain=prerouting connection-mark=to_tis115 dst-address=x.x.x.207 in-interface=published-7 new-routing-mark=TIS15 passthrough=no
add action=mark-routing chain=prerouting dst-address=x.x.x.207 new-routing-mark=TIS15 passthrough=no src-address=10.10.254.0/24
add action=mark-routing chain=prerouting dst-address=8x.x.x.207 new-routing-mark=TIS15 passthrough=no

routes:
add distance=1 gateway=tis100
add distance=1 gateway=tis115 routing-mark=TIS15

/ip route rule
add routing-mark=TIS15 src-address=10.10.254.0/24 table=TIS15
 
User avatar
BlackVS
Member Candidate
Member Candidate
Posts: 171
Joined: Mon Feb 04, 2013 7:00 pm
Contact:

Re: 2 wans with same gateway (not failover)

Mon Jun 27, 2016 1:38 pm

add action=mark-routing chain=prerouting connection-mark=to_tis115 dst-address=x.x.x.207 in-interface=published-7 new-routing-mark=TIS15 passthrough=no
add action=mark-routing chain=prerouting dst-address=x.x.x.207 new-routing-mark=TIS15 passthrough=no src-address=10.10.254.0/24
add action=mark-routing chain=prerouting dst-address=8x.x.x.207 new-routing-mark=TIS15 passthrough=no
Looks strange... x.x.x.207 and 8x.x.x.207 - where they are?

Try one this instead three:
add action=mark-routing chain=prerouting connection-mark=to_tis115 dst-address=!10.0.0.0/8 new-routing-mark=TIS15 passthrough=no
I.e. if - any - connection already has mark to_tis1155 and dst-address is not local (!10.0.0.0/8 in our case) - use TIS15 routing table.
 
kenigoff
just joined
Topic Author
Posts: 12
Joined: Thu Jun 23, 2016 4:08 pm

Re: 2 wans with same gateway (not failover)

Mon Jun 27, 2016 1:54 pm

tried yours, still nothing.should i mark forwarded ports as well?internet access from 10.10.254.0/24 doens't work also.
 
User avatar
BlackVS
Member Candidate
Member Candidate
Posts: 171
Joined: Mon Feb 04, 2013 7:00 pm
Contact:

Re: 2 wans with same gateway (not failover)

Mon Jun 27, 2016 3:24 pm

Ok. I propose to start from every beginning %) becuase I suspect that we talk about different little bit things.
Please paint diagram - you network and that you want exactly to get. With subnets, gates, etc.
 
kenigoff
just joined
Topic Author
Posts: 12
Joined: Thu Jun 23, 2016 4:08 pm

Re: 2 wans with same gateway (not failover)

Mon Jun 27, 2016 4:38 pm

WAN1&WAN2 (PPPoE statis IP's) links come from same ISP (same gateway). Published servers on 10.10.254.0/24 subnet. Also i need to access internet from 10.10.254.0/24
Othe subnets are working very well with WAN1 link

Image
 
kenigoff
just joined
Topic Author
Posts: 12
Joined: Thu Jun 23, 2016 4:08 pm

Re: 2 wans with same gateway (not failover)

Tue Jun 28, 2016 10:52 am

no thoughts?
 
deejayq
Member Candidate
Member Candidate
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: 2 wans with same gateway (not failover)

Tue Jun 28, 2016 11:38 am

/ip route rule
add src-address=10.10.254.0/24 table=via-207
add src-address=192.168.0.0/24 table=via-22
add src-address=192.168.1.0/24 table=via-22
add src-address=192.168.2.0/24 table=via-22

/ip route
add dst-address=0.0.0.0/0 gateway=(the interface on which x.x.x.207 is set) routing-mark=via-207
add dst-address=0.0.0.0/0 gateway=(the interface on which x.x.x.22 is set) routing-mark=via-22
(i think there is a mistake in your diagram, the gateway provided by your isp can be x.x.x.0 in certain conditions, but i don't think that is your case, so i assume is x.x.x.1)

this should work (you could also add a default route without any routing-mark, for traffic originating from the router itself.
after that you can add masquerading or other nat-ing.
 
kenigoff
just joined
Topic Author
Posts: 12
Joined: Thu Jun 23, 2016 4:08 pm

Re: 2 wans with same gateway (not failover)

Tue Jun 28, 2016 2:25 pm

/ip route rule
add src-address=10.10.254.0/24 table=via-207
add src-address=192.168.0.0/24 table=via-22
add src-address=192.168.1.0/24 table=via-22
add src-address=192.168.2.0/24 table=via-22

/ip route
add dst-address=0.0.0.0/0 gateway=(the interface on which x.x.x.207 is set) routing-mark=via-207
add dst-address=0.0.0.0/0 gateway=(the interface on which x.x.x.22 is set) routing-mark=via-22
(i think there is a mistake in your diagram, the gateway provided by your isp can be x.x.x.0 in certain conditions, but i don't think that is your case, so i assume is x.x.x.1)

this should work (you could also add a default route without any routing-mark, for traffic originating from the router itself.
after that you can add masquerading or other nat-ing.
gateway actualy is x.x.x.0
i suppose i should use mangle rules above as well?
 
User avatar
BlackVS
Member Candidate
Member Candidate
Posts: 171
Joined: Mon Feb 04, 2013 7:00 pm
Contact:

Re: 2 wans with same gateway (not failover)

Wed Jun 29, 2016 10:23 am

WAN1&WAN2 (PPPoE statis IP's) links come from same ISP (same gateway). Published servers on 10.10.254.0/24 subnet. Also i need to access internet from 10.10.254.0/24
Othe subnets are working very well with WAN1 link
To clarify - published servers should be accessible from Internet via WAN2 and go to the Internet via same WAN2 only?
All other - non published - should use only WAN1?
Later I will do sample configuration for testing and if all Ok - will publish here config.
 
User avatar
BlackVS
Member Candidate
Member Candidate
Posts: 171
Joined: Mon Feb 04, 2013 7:00 pm
Contact:

Re: 2 wans with same gateway (not failover)

Wed Jun 29, 2016 7:07 pm

Just playing with similar to your network - see work config below.
I started from default config.
Here is I show two possible ways - route rules (variant 1) and mangle mark route (variant 2). Here they are equal. But variant 2 is more flexible.
In the case if you wish publish same services via both wan's in the same time - mark connections rules needed.
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-lan0
set [ find default-name=ether3 ] name=ether3-lan1
set [ find default-name=ether4 ] name=ether4-lan2
set [ find default-name=ether5 ] name=ether5-published
/interface pppoe-client
add disabled=no interface=ether1-gateway name=pppoe-out1 password=ppp1 user=ppp1
add disabled=no interface=ether1-gateway name=pppoe-out2 password=ppp2 user=ppp2
/ip pool
add name=pool-0 ranges=192.168.0.100-192.168.0.199
add name=pool-2 ranges=192.168.2.100-192.168.2.199
add name=pool-1 ranges=192.168.1.100-192.168.1.199
add name=pool-254 ranges=10.10.254.100-10.10.254.199
/ip dhcp-server
add address-pool=pool-0 disabled=no interface=ether2-lan0 name=server0
add address-pool=pool-1 disabled=no interface=ether3-lan1 name=server1
add address-pool=pool-2 disabled=no interface=ether4-lan2 name=server2
add address-pool=pool-254 disabled=no interface=ether5-published name=server254
/ip address
add address=192.168.0.1/24 interface=ether2-lan0 network=192.168.0.0
add address=192.168.2.1/24 interface=ether4-lan2 network=192.168.2.0
add address=192.168.1.1/24 interface=ether3-lan1 network=192.168.1.0
add address=10.10.254.254/24 interface=ether5-published network=10.10.254.0
/ip dhcp-client
add add-default-route=no comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server lease
add address=10.10.254.10 client-id=1:0:c:42:cf:40:db mac-address=00:0C:42:CF:40:DB server=server254
/ip dhcp-server network
add address=10.10.254.0/24 dns-server=8.8.8.8 gateway=10.10.254.254
add address=192.168.0.0/24 dns-server=8.8.8.8 gateway=192.168.0.1
add address=192.168.1.0/24 dns-server=8.8.8.8 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=8.8.8.8 gateway=192.168.2.1
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established,related
add chain=input comment="default configuration" dst-port=8291 protocol=tcp
add action=drop chain=input comment="default configuration" disabled=yes in-interface=ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" connection-state=established,related
add chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new disabled=yes in-interface=ether1-gateway
/ip firewall mangle
add action=mark-routing chain=prerouting comment="Forward all from ether5-published to wan2. Variant2" in-interface=\
    ether5-published new-routing-mark=to-wan2
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="default configuration" out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="default configuration" out-interface=pppoe-out2
add action=dst-nat chain=dstnat comment=\
    "Publish 10.10.254.10 in Internet via WAN2" dst-address=10.177.2.22 \
    dst-port=80 in-interface=pppoe-out2 protocol=tcp \
    to-addresses=10.10.254.10
/ip route
add comment="Default gateway for published" distance=1 gateway=10.177.2.1%pppoe-out2 routing-mark=to-wan2
add comment="Default gateway for all" distance=1 gateway=10.177.2.1%pppoe-out1
/ip route rule
add action=lookup-only-in-table comment=\
    "Forward all from ether5-published to wan2. Variant1" disabled=yes \
    interface=ether5-published table=to-wan2

 
User avatar
skyctgbd
just joined
Posts: 13
Joined: Thu Oct 01, 2015 3:48 pm
Location: Chittagong, Bangladesh.

Re: 2 wans with same gateway (not failover)

Wed Jun 29, 2016 9:44 pm

Try defining the outbound interface.
For example replace this.
    
/ip route
 add dst-address=0.0.0.0/0 gateway=1.2.3.4 routing-mark=to_wan-ISP1 check-gateway=ping
 add dst-address=0.0.0.0/0 gateway=1.2.3.4 routing-mark=to_wan-ISP2 check-gateway=ping
 

With following

 
/ip route
 add dst-address=0.0.0.0/0 gateway=1.2.3.4%eth1-ISP routing-mark=to_wan-ISP1 check-gateway=ping
 add dst-address=0.0.0.0/0 gateway=1.2.3.4%eth2-ISP routing-mark=to_wan-ISP2 check-gateway=ping

Replace the eth1-ISP with your own wan interface name , use the notation % for sure.
If it works , let me know.

Who is online

Users browsing this forum: bekars, Google [Bot], r0ckr and 69 guests