Page 1 of 1

Winbox connection behind DSL modem of ISP2

Posted: Wed Mar 25, 2020 5:20 pm
by Matthiastik
Good morning,

i have 2 ISP and main ISP with IP public is failing quite often and ISP2 with DSL modem have dynamic IP and question is how can i connect using
winbox? i have currently port knocking for access to router tht works on ISP1 with public IP.

I assume that i need to create an VPN and hope DSL modem does not block that kind of traffic ...

Thank you

Re: Winbox connection behind DSL modem of ISP2

Posted: Wed Mar 25, 2020 11:00 pm
by Sob
VPN is generally good thing, but you don't have to use it, you can keep using WinBox directly, if you like it that way. You just need to make sure that when request comes from ISP2, router sends response there. So mark new incoming connections from internet based on interface and then mark routing for response packet, to go back the same way.

If you have no idea how, then check https://wiki.mikrotik.com/wiki/Manual:PCC. It's primarily about load balancing, so don't blindly copy it, but focus on that I wrote. Important for you are these parts:
/ip firewall mangle
...
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
...
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1     
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2

/ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_ISP2 check-gateway=ping

Re: Winbox connection behind DSL modem of ISP2

Posted: Thu Mar 26, 2020 12:01 am
by Matthiastik
Sorry i forget, DSL modem have nat so mikrotik is behind nat and getting an Local IP 192.168.x.x .

cheers,

Re: Winbox connection behind DSL modem of ISP2  [SOLVED]

Posted: Thu Mar 26, 2020 12:47 am
by Sob
If DSL modem has public address and can forward ports to RB, it's no problem. If not, you're out of luck.