Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

2 WAN failover stuck

Locked
 
mm007
just joined
Topic Author
Posts: 1
Joined: Mon Apr 23, 2018 8:49 pm

2 WAN failover stuck

Mon Apr 23, 2018 8:56 pm

Hi,
somehow my 2 wan failover does not work anymore. I might changed something in the past and I'm not sure what. I'm sure that both WAN are working fine and has working internet access.

Current always WanTelenor server the internet and if I unplug it, then there is not internet. It does not switch to WAN1.

When I specify the following where 192.168.88.254 is my ip, then I have internet access on WAN1 while others still use WanTelenor:
add action=mark-routing chain=prerouting dst-address=!192.168.87.0/24 new-routing-mark=PrimaryWan passthrough=yes src-address=192.168.88.254 src-address-list=""

The current configuration is the following:

82.000.000.5 -> WAN1 (it is a static ip, so I hide it)
82.000.000.30 -> WAN1 gateway
192.168.87.2 -> WanTelenor
192.168.87.1 -> WanTelenor gateway
Code: Select all
/ip address
add address=82.000.000.5 interface=WAN1 network=82.000.000.30
add address=192.168.87.2 interface=WanTelenor network=192.168.87.1

/ip route
add check-gateway=ping distance=1 gateway=82.000.000.30 routing-mark=PrimaryWan
add check-gateway=ping distance=10 gateway=192.168.87.1

/ip firewall filter
add action=drop chain=input dst-address=82.000.000.5 dst-port=53 protocol=udp
add action=drop chain=input dst-address=82.000.000.5 dst-port=53 protocol=tcp
add action=accept chain=input comment="Accept Established / Related Input" connection-state=established,related
add action=accept chain=input comment="Allow Management Input - 192.168.88.0/24" src-address=192.168.88.0/24
add action=accept chain=input comment="PPTP VPN" dst-port=1723 protocol=tcp
add action=accept chain=input comment="PPTP VPN" dst-port=500 protocol=udp
add action=accept chain=input comment="PPTP VPN" dst-port=1701 protocol=udp
add action=accept chain=input comment="PPTP VPN" dst-port=4500 protocol=udp
add action=accept chain=input comment="PPTP VPN" protocol=ipsec-esp
add action=accept chain=input comment="PPTP VPN" protocol=ipsec-ah
add action=drop chain=input comment="Drop Input" log-prefix="Input Drop"
add action=accept chain=forward comment="Accept Established / Related Forward" connection-state=established,related
add action=accept chain=forward comment="Allow forward traffic LAN >> WAN" out-interface=WAN1 src-address=192.168.88.0/24
add action=accept chain=forward out-interface=bridge1 src-address=192.168.88.0/24
add action=accept chain=forward comment="Allow forward traffic LAN >> WAN" out-interface=WanTelenor src-address=192.168.88.0/24
add action=drop chain=forward comment="Drop Bogon Forward >> Ether1" in-interface=WAN1 log=yes log-prefix="Bogon Forward Drop" src-address-list=Bogon
add action=drop chain=forward comment="Drop Forward"


/ip firewall mangle
add action=accept chain=prerouting dst-address=82.000.000.5 in-interface=WAN1
add action=accept chain=prerouting dst-address=192.168.87.2 in-interface=WanTelenor
add action=mark-routing chain=prerouting comment="Use PrimaryWan connection" dst-address=!192.168.87.0/24 new-routing-mark=PrimaryWan passthrough=yes src-address=192.168.88.254 src-address-list=""

/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WanTelenor
add action=accept chain=srcnat
Top
 
anavds
newbie
Posts: 36
Joined: Wed Apr 04, 2018 2:47 pm

Re: 2 WAN failover stuck

Wed Apr 25, 2018 6:46 pm

I would say the problem is both in mangle and routing rules.
keep it simple!!!

There should be two plain routing rules without any mangling involved.
(These are similar to the functionality of the out of the box default route created by router)

IP route destination 0.0.0.0/0 gateway IP of ISP primary, check ping gateway, distance = 1
IP route destination 0.0.0.0/0 gateway IP of ISP secondary, distance =2

In this case all users will get routed out the primary ISP and if it goes down, will route traffic through secondary ISP
In your case would look like:
IP route destination 0.0.0.0/0 192.168.87.1 , check ping gateway, distance = 1
IP router destination 0.0.0.0/0 82.000.000.30, , distance = 2

IP mangle - the simple intent is to ensure that all your traffic uses WAN2 (secondary ISP).
source address your IP, use new route mark, in-interface LAN.
(source address 192.168.88.254, in-interface LAN, new router mark - name MYIP comment (useonly-WAN2)

New IP route rule (new third rule)
Destination - 0.0.0./0 gateway IP 82.000.000.30, mark route rule - MYIP

other comments.............
mangle rules are a mess, the first two don't mark anything???????????
Third rule is butt ugly and don't understand it (destination external should be stated in routing rules not mangle rules).
Top
Locked

Who is online

Users browsing this forum: No registered users and 106 guests
  4. RouterOS
  5. Beginner Basics