Community discussions

MUM Europe 2020
 
wfalcon
just joined
Topic Author
Posts: 24
Joined: Thu Mar 23, 2017 3:03 pm

Redirect Port to specific WAN

Mon Jun 17, 2019 6:13 pm

Hi there!

I hope I can get a clear answer on this one.
So far I haven't found any guide or question about this before (as to my keyword knowledge in searching).

Let's say i have:

WAN1 PPPOE (ISP1) IP: 10.10.10.10 (normal internet access)
WAN2 PPPOE (ISP2) IP: 11.11.11.11 (normal internet access)

is it possible to force redirect all SSH connections that are originating from any of my internal network devices (192.168.1.0/24) to the cloud only through WAN1? and discard and redirect all the other connections to WAN2?

I want it to be like this

WAN1 PPPOE (ISP1) IP: 10.10.10.10 (only SSH passes through here and everything else will be redirected to WAN2)
WAN2 PPPOE (ISP2) IP: 11.11.11.11 (normal internet access)

Your help is much appreciated!
Thanks a lot!
 
anav
Forum Guru
Forum Guru
Posts: 3183
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Redirect Port to specific WAN

Mon Jun 17, 2019 6:19 pm

If WAN2 for whatever reason (ISP problems) goes down do you want everyone to go to WAN1 for backup purposes?

This assumes wan1 and wan2 are not from the same provider, if they are you can disregard this question as both would be not available in the case of ISP failure.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
wfalcon
just joined
Topic Author
Posts: 24
Joined: Thu Mar 23, 2017 3:03 pm

Re: Redirect Port to specific WAN

Mon Jun 17, 2019 6:25 pm

If WAN2 for whatever reason (ISP problems) goes down do you want everyone to go to WAN1 for backup purposes?

This assumes wan1 and wan2 are not from the same provider, if they are you can disregard this question as both would be not available in the case of ISP failure.
Thanks for the reply!
That's a good question actually.

for my basic tests I don't want to switch to WAN1 in case WAN2 went down.
But if you're in a position to help out, could you please show us how it can be applied in both scenarios?

Appreciated a lot
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1796
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Redirect Port to specific WAN  [SOLVED]

Mon Jun 17, 2019 9:30 pm

Hi
You can to that with mangling. In mangle:prerouting, route-mark all all packets for port SSH (tcp:22) (or any other port you might be using), with some mark.
Next step, make sure you have a route over desired isp with that routing-mark.

See https://wiki.mikrotik.com/wiki/Policy_Base_Routing, wrt route mangling it's still correct
 
AidanAus
newbie
Posts: 25
Joined: Wed May 08, 2019 7:35 am

Re: Redirect Port to specific WAN

Tue Jun 18, 2019 9:22 am

something like this would fail over the SSH, take out the second line of the route if you dont want it to fail over
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=SSH passthrough=no \
protocol=tcp dst-port=22
/ip route
add check-gateway=ping distance=1 gateway=10.10.10.10 routing-mark=SSH
add check-gateway=ping distance=2 gateway=11.11.11.11 routing-mark=SSH
add distance=1 gateway=11.11.11.11

Opps put in src-port not dst should be fixed now :P
 
wfalcon
just joined
Topic Author
Posts: 24
Joined: Thu Mar 23, 2017 3:03 pm

Re: Redirect Port to specific WAN

Wed Jun 19, 2019 12:20 pm

Hi
You can to that with mangling. In mangle:prerouting, route-mark all all packets for port SSH (tcp:22) (or any other port you might be using), with some mark.
Next step, make sure you have a route over desired isp with that routing-mark.

See https://wiki.mikrotik.com/wiki/Policy_Base_Routing, wrt route mangling it's still correct

Thank you so much!

something like this would fail over the SSH, take out the second line of the route if you dont want it to fail over
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=SSH passthrough=no \
protocol=tcp dst-port=22
/ip route
add check-gateway=ping distance=1 gateway=10.10.10.10 routing-mark=SSH
add check-gateway=ping distance=2 gateway=11.11.11.11 routing-mark=SSH
add distance=1 gateway=11.11.11.11

Opps put in src-port not dst should be fixed now :P

Thanks for the configurations sample.
It worked like charm
and yes it's dst-port
 
wfalcon
just joined
Topic Author
Posts: 24
Joined: Thu Mar 23, 2017 3:03 pm

Re: Redirect Port to specific WAN

Thu Oct 31, 2019 10:38 am

deleted
Last edited by wfalcon on Fri Nov 01, 2019 10:48 am, edited 1 time in total.
 
Sob
Forum Guru
Forum Guru
Posts: 4997
Joined: Mon Apr 20, 2009 9:11 pm

Re: Redirect Port to specific WAN

Thu Oct 31, 2019 4:16 pm

You can't do that with L7. To route some connection to specific WAN, you need to do so for all its packets, from the very first one. Problem is, first TCP packet is just SYN and it doesn't contain any hostnames or anything. So it goes one way and then after you are able to identify the connection, the rest goes other way, and it doesn't work.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.

Who is online

Users browsing this forum: arnoldmikro, tdw and 23 guests