Community discussions

MikroTik App
 
User avatar
Qu4k3r
just joined
Topic Author
Posts: 10
Joined: Fri Apr 23, 2021 7:13 pm

PCC doubts at home

Mon May 17, 2021 5:29 am

Hello there... A month ago I bought a RB750gr3 for my home and this is my first mitkorik router in production. I've learned a lot about routeros using GNS3 with mikrotik wiki and youtube tutorials. However, I've found some problems on the way and I hope get some help here, so I will appreciate all your comments.

ether1=wan1 (public ip by dhcp from adsl modem 4Mbps)
ether2=wan2 (private ip by dhcp from cable modem 8Mbps)
bridge-LAN-SW=ether3,ether4,ether5

ether3 -> dlink smart switch (2pcs, ddwrt ap mode, etc)

I want to load balance both wans using PCC and according to mikrotik wiki PCC must be like...
/ ip firewall mangle
add chain=prerouting dst-address=10.111.0.0/24  action=accept in-interface=LAN
add chain=prerouting dst-address=10.112.0.0/24  action=accept in-interface=LAN

But in my case should be
/ ip firewall mangle
add chain=prerouting dst-address=x.y.z.0/19  action=accept in-interface=bridge-LAN-SW
add chain=prerouting dst-address=192.168.5.0/24  action=accept in-interface=bridge-LAN-SW
Where x.y.z.0/19 is a public ip address range that changes into a complete different network segment everytime I release/renew dhcp client on wan1 interface.
So I have no way to know that ip address until that interface is linked/bound.
I can't change that dst-address in mangle everytime, and definitely will not place a router between rb750gr3 and adsl modem just to get a private ip for wan1.

My first doubt is...
What do I have to change in that first code line at mangle to get the equivalent or expected result?
Would it work if I change dst-address=x.y.z.0/19 for dst-address-list=!not_in_internet where not_in_internet is an address list described at https://help.mikrotik.com/docs/display/ ... t+Firewall
I think that every ip public address in the planet must be in !not_in_internet but I don't know if doing that could bring a security problem or other kind of problem for using every public ip range available.
 
User avatar
Qu4k3r
just joined
Topic Author
Posts: 10
Joined: Fri Apr 23, 2021 7:13 pm

Re: PCC doubts at home

Wed May 19, 2021 1:11 am

I solved releasing/renewing wan1 for 15 minutes to see which are every possible network segments that isp will assing.
In total, there are 8 different segments of type x.y.z.0/19, then created an address list with all 8 segments, and using "dst-address-list" instead of "dst-address".-

Who is online

Users browsing this forum: No registered users and 32 guests