Page 1 of 1

Dual Wan config on my router

Posted: Tue Oct 08, 2019 1:24 pm
by mshahid85
Hi,

is it possible to run (input) dual wan on same router (out 1 LAN) ???
In my scenario, i have 1 static wan connection and 2nd wan is PPpoe.
Static WAN 1 = 10.1.1.1
PPpoe WAN 2 = 192.168.15.1
static wan is already working in my work place and want to add 2nd wan PPpoe connection in my WAN side,
both WAN will use or work on my single LAN.
LAN IP 192.168.1.1
now i want to set LAN ip for my both wans, like
192.168.1.10 for wan1 and 192.168.1.20 for wan2
ip will be same and if i want to switch the internet, i just change the gateway of my pc or client and internet keeps work smoothly ,,,,

is it possible or not??
if it is possible then please help me!!!!!

Re: Dual Wan config on my router

Posted: Tue Oct 08, 2019 3:20 pm
by Anumrak
Hey. Why you want 2 LAN IPs for your WANs? Just use your single LAN for both WAN with different route distance, and create address list, for example "WAN", to add both interfaces there and use source NAT with masquerade action for your LAN. That's it.

Re: Dual Wan config on my router

Posted: Tue Oct 08, 2019 9:39 pm
by Sob
There could be some reason why WAN should be selectable by device in LAN simply by using different gateways.

And yes, it's possible: Switching WANs by Host Gateway Selection

Re: Dual Wan config on my router

Posted: Wed Oct 09, 2019 8:25 am
by mshahid85
Hey. Why you want 2 LAN IPs for your WANs? Just use your single LAN for both WAN with different route distance, and create address list, for example "WAN", to add both interfaces there and use source NAT with masquerade action for your LAN. That's it.

Anumrak you said well, exactly really i want to do what you are saying, but i have no idea how to do it?? i have tried many thing but 2nd wan is not working in my scenario ,,,
i do not want to set failover, i want to use both wans internet, i want to set 10 users in wan 1 and wanna set 20 users on wan 2 and they can communicate with each other, all users remain in same (single LAN) network, just change the gateway manually 10 to 20 or shift on wan 2,

2 wans work in my single LAN,,,,,

Re: Dual Wan config on my router

Posted: Fri Oct 11, 2019 9:52 am
by mshahid85
no one is answering my question :( :( :(

Please Help!!!!!!!!!

Re: Dual Wan config on my router

Posted: Fri Oct 11, 2019 10:01 am
by dmitris
Can you make a network diagram? Maybe than we'll understand better what you want to achieve.

Re: Dual Wan config on my router

Posted: Fri Oct 11, 2019 10:26 am
by mshahid85
i have attached a pic of my desire scenario...
please help, WAN-01 is already running in my network i want to add PPpoe internet,

please help

Re: Dual Wan config on my router

Posted: Fri Oct 11, 2019 11:07 am
by dmitris
Now i see, the simplest way to do that is divide 1 x /24 to 2 x /25
it will give you two separate subnet spaces:
IP-s: 192.168.1.2 - 192.168.1.126
MASK 255.255.255.128
GW LAN1 == 192.168.1.1/25

IP-s: 192.168.1.130 - 192.168.1.254
MASK 255.255.255.128
GW LAN2 == 192.168.1.129/25

When subnets is made, you can simply add src-nat for each subnet..
Subnet1:
/ip firewall nat 
add chain=srcnat src-address=192.168.1.0/25 out-interface=WAN1 action=masquerade

Subnet2:
/ip firewall nat 
add chain=srcnat src-address=192.168.1.128/25 out-interface=WAN2 action=masquerade

Re: Dual Wan config on my router

Posted: Fri Oct 11, 2019 11:34 am
by mkx
When subnets is made, you can simply add src-nat for each subnet..

Is it really this simple? My impression is that dst-nat is done after routing decision is made (which actually selects the out-interface). Which means that src-address property in NAT rules example doesn't help. Instead it would be necessary to establish two routing tables (with default route via each WAN, distinguished by using different routing marks) and mangle rules that will mark packets originating from each of LAN subnets with corresponding routing marks ...

And note that mangling and fasttracking are exclusive, so one has to disable the fasttracking firewall filter rule to make mangling work. This in turn reduces routing performance of router and could happen that routing capacity actually drops below WAN line(s) capacity.

Re: Dual Wan config on my router

Posted: Fri Oct 11, 2019 11:59 am
by dmitris
in contradictory i want to say that DST-NAT in PREROUTING chain and it is done before routing decision, not after as you said, check packet flow diagram....

Re: Dual Wan config on my router

Posted: Fri Oct 11, 2019 1:34 pm
by dmitris
When subnets is made, you can simply add src-nat for each subnet..

Is it really this simple? My impression is that dst-nat is done after routing decision is made (which actually selects the out-interface). Which means that src-address property in NAT rules example doesn't help. Instead it would be necessary to establish two routing tables (with default route via each WAN, distinguished by using different routing marks) and mangle rules that will mark packets originating from each of LAN subnets with corresponding routing marks ...

And note that mangling and fasttracking are exclusive, so one has to disable the fasttracking firewall filter rule to make mangling work. This in turn reduces routing performance of router and could happen that routing capacity actually drops below WAN line(s) capacity.
You were right.....The second default route will be inactive within the same routing table.

Re: Dual Wan config on my router

Posted: Fri Oct 11, 2019 2:29 pm
by mkx
in contradictory i want to say that DST-NAT in PREROUTING chain and it is done before routing decision, not after as you said, check packet flow diagram....

DST-NAT is indeed in prerouting. However, the NAT rules are about SRC-NAT and that's done in postrouting which comes after routing decision. See routing diagram.

Re: Dual Wan config on my router

Posted: Fri Oct 11, 2019 2:30 pm
by mshahid85
first of all many many thanks to all of you for concerning ,,,,

actually one reason behind this both wans into single LAN, both networks will communicate with each other, as i know about subnetting, FIRST SUBNET IS UNKNOWN FOR OTHER SUBNET, that's why i want to deploy both WANs into my LAN,

let me clear this, 192.168.1.1 gateway is for executive persons, they are using ERP software which is connected with server, that's why i want to set this gateway for my executive officers, and 192.168.1.2 for other users.
both will work in same LAN and they can share each other any thing very simply,

now please tell me what to do??

Re: Dual Wan config on my router

Posted: Fri Oct 11, 2019 2:42 pm
by mkx
I guess this thread is about similar issue ...

Re: Dual Wan config on my router

Posted: Fri Oct 11, 2019 2:45 pm
by dmitris
in contradictory i want to say that DST-NAT in PREROUTING chain and it is done before routing decision, not after as you said, check packet flow diagram....

DST-NAT is indeed in prerouting. However, the NAT rules are about SRC-NAT and that's done in postrouting which comes after routing decision. See routing diagram.
You are right...

Re: Dual Wan config on my router

Posted: Fri Oct 11, 2019 2:55 pm
by Sob
Just reminding, there's also this post in this very thread, linking to another thread which describes exactly what you say you want to have.

Re: Dual Wan config on my router

Posted: Mon Oct 14, 2019 8:18 am
by mshahid85
Just reminding, there's also this post in this very thread, linking to another thread which describes exactly what you say you want to have.

what does this mean??

Re: Dual Wan config on my router

Posted: Mon Oct 14, 2019 6:37 pm
by Sob
It means that I already posted a link to what should be the answer you're looking for, but for some reason you seemed to miss it.

Re: Dual Wan config on my router

Posted: Tue Oct 15, 2019 8:06 am
by mshahid85
It means that I already posted a link to what should be the answer you're looking for, but for some reason you seemed to miss it.
Oh! ok,
let me check, and really sorry for that , how could do this, sorry let me check please,,,
and thanks for your reply,

Re: Dual Wan config on my router

Posted: Tue Oct 22, 2019 1:40 pm
by mshahid85
It means that I already posted a link to what should be the answer you're looking for, but for some reason you seemed to miss it.

i did what you have said but i cant able to ping or run internet on other gateway, i am missing many things,
sorry but i didnt understand, because i am new in Mikrotik Router, that person have configure vlan in router, but i do not want to set vlan. and where is VRRP IP setting, i have founded vrrp setting in mikrotik but how to config an ip into it??? i am very confused , please help me to take out of it............

i have 2 different ISP, please tell me how to config my router,
Ethernet 1 = 111.167.10.1 WAN ( wan=1 is already running in my network, i want to add my 2nd ISP into LAN, )
Ethernet 2 = 192.168.15.1 WAN
Ethernet 5 = 192.168.1.1 (LAN for both Wans)
192.168.1.1 is for WAN 1 and 192.168.1.2 is for wan 2.

please help me.....

Re: Dual Wan config on my router

Posted: Tue Oct 22, 2019 3:42 pm
by Sob
I don't know how much you know about multi-WAN config in general, and I don't want to explain everything from the beginning, that was done already many times by many people. But in short, very basic dual-WAN config can be:
/ip address
add address=111.167.10.1/?? interface=ether1
add address=192.168.15.1/?? interface=ether2
add address=192.168.1.1/24 interface=ether5
/ip route
add dst-address=0.0.0.0/0 gateway=111.167.10.? 
add dst-address=0.0.0.0/0 gateway=192.168.15.? distance=2
add dst-address=0.0.0.0/0 gateway=111.167.10.? table=wan1
add dst-address=0.0.0.0/0 gateway=192.168.15.? table=wan2
Everything from LAN will use WAN1 by default if it's available. If not, it will switch to WAN2. It's the first two routes. Now if you want to force something to use specific WAN, you can do things like:
/ip firewall mangle
add chain=prerouting src-address=192.168.1.10 action=mark-routing new-routing-mark=wan2
add chain=prerouting src-address=192.168.1.20 protocol=tcp dst-port=80,443 action=mark-routing new-routing-mark=wan2
It will force everything from 192.168.1.10 and web browsing from 192.168.1.20 to use WAN2.

You can find better config at https://wiki.mikrotik.com/wiki/Manual:PCC. Even though it's about load balancing, it shows and explains general principles. I suggest to read and understand it. The actual load balancing is just the two rules with per-connection-classifier option.

And finally the main topic. If you add second address to be used as gateway for WAN2:
/ip address
add address=192.168.1.2/24 interface=ether5
it won't help you, because you can't tell which one client used. Router doesn't see that, because how it works is that clients uses ARP to resolve IP address to MAC address and it sends packets there. Destination IP address belongs to target server and IP address of gateway isn't contained anywhere.

The trick is to (mis)use VRRP (for the lack of better options):
/interface vrrp
add interface=ether5 name=vrrp1
/ip address
add address=192.168.1.2/32 interface=vrrp1 comment="mask /32 is important"
/ip firewall mangle
add chain=prerouting in-interface=vrrp1 action=mark-routing new-routing-mark=wan2
This way you get another MAC address on VRRP interface, so 192.168.1.1 and 192.168.1.2 will each have different one, and router will be able to tell which one client used. And that's it.

Re: Dual Wan config on my router

Posted: Wed Oct 23, 2019 9:07 am
by mshahid85
I don't know how much you know about multi-WAN config in general, and I don't want to explain everything from the beginning, that was done already many times by many people. But in short, very basic dual-WAN config can be:
/ip address
add address=111.167.10.1/?? interface=ether1
add address=192.168.15.1/?? interface=ether2
add address=192.168.1.1/24 interface=ether5
/ip route
add dst-address=0.0.0.0/0 gateway=111.167.10.? 
add dst-address=0.0.0.0/0 gateway=192.168.15.? distance=2
add dst-address=0.0.0.0/0 gateway=111.167.10.? table=wan1
add dst-address=0.0.0.0/0 gateway=192.168.15.? table=wan2
Everything from LAN will use WAN1 by default if it's available. If not, it will switch to WAN2. It's the first two routes. Now if you want to force something to use specific WAN, you can do things like:
/ip firewall mangle
add chain=prerouting src-address=192.168.1.10 action=mark-routing new-routing-mark=wan2
add chain=prerouting src-address=192.168.1.20 protocol=tcp dst-port=80,443 action=mark-routing new-routing-mark=wan2
It will force everything from 192.168.1.10 and web browsing from 192.168.1.20 to use WAN2.

You can find better config at https://wiki.mikrotik.com/wiki/Manual:PCC. Even though it's about load balancing, it shows and explains general principles. I suggest to read and understand it. The actual load balancing is just the two rules with per-connection-classifier option.

And finally the main topic. If you add second address to be used as gateway for WAN2:
/ip address
add address=192.168.1.2/24 interface=ether5
it won't help you, because you can't tell which one client used. Router doesn't see that, because how it works is that clients uses ARP to resolve IP address to MAC address and it sends packets there. Destination IP address belongs to target server and IP address of gateway isn't contained anywhere.

The trick is to (mis)use VRRP (for the lack of better options):
/interface vrrp
add interface=ether5 name=vrrp1
/ip address
add address=192.168.1.2/32 interface=vrrp1 comment="mask /32 is important"
/ip firewall mangle
add chain=prerouting in-interface=vrrp1 action=mark-routing new-routing-mark=wan2
This way you get another MAC address on VRRP interface, so 192.168.1.1 and 192.168.1.2 will each have different one, and router will be able to tell which one client used. And that's it.



Thanks sob brother, thank you very much for your detail,
God bless you,
thanks form the start till to end.