So after adding address to Port3 it created dynamic route.
I have now added new static route and it seems to be working. Is this step expected or I have something misconfigured ? I'll send export soon.
Static route added manually :
DST address :xxx.xxx.72/29 , Gateway: Port3, distance 1
The dynamic route automatically added is:
DST address : 255.255.255.248, Gateway: Port3, pref source: xxx.xxx.xxx.73, distance 0
The full config is :
# dec/06/2021 19:50:34 by RouterOS 6.49.2
# software id =
#
#
#
/interface bridge
add mtu=1500 name=bridge_lan_01 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] loop-protect=on name=eth1_wan_pppoe
set [ find default-name=ether2 ] loop-protect=on name=eth2_lan_01_phy
set [ find default-name=ether1 ] auto-negotiation=no disable-running-check=no loop-protect=on name=eth3_lan_01_virt speed=1Gbps
set [ find default-name=ether2 ] disable-running-check=no name=eth4_wan_shared_virt
/interface pppoe-client
add add-default-route=yes allow=chap dial-on-demand=yes disabled=no interface=eth1_wan_pppoe name=pppoe-out1 user=XXXX
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.200
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge_lan_01 name=dhcp1
/ipv6 dhcp-server
add address-pool=delegation interface=bridge_lan_01 name=dhcp1
/interface bridge port
add bridge=bridge_lan_01 interface=eth2_lan_01_phy
add bridge=bridge_lan_01 interface=eth3_lan_01_virt
/ipv6 settings
set accept-router-advertisements=yes
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge_lan_01 list=LAN
/ip address
add address=192.168.1.1/24 interface=eth2_lan_01_phy network=192.168.1.0
add address=192.168.1.1/24 interface=bridge_lan_01 network=192.168.1.0
add address=xxx.xxx.xxx.73 interface=eth4_wan_shared_virt network=255.255.255.248
/ip dhcp-server network
add address=0.0.0.0/24 gateway=0.0.0.0 netmask=24
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip dns
set servers=1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=pppoe-out1 log=yes
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=pppoe-out1 log=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN src-address=192.168.1.0/24
/ip route
add distance=1 dst-address=xxx.xxx.xxx.72/29 gateway=eth4_wan_shared_virt
/ipv6 address
add address=::1 from-pool=delegation interface=bridge_lan_01
/ipv6 dhcp-client
add add-default-route=yes interface=pppoe-out1 pool-name=delegation pool-prefix-length=56 request=prefix
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=pppoe-out1 passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=pppoe-out1 passthrough=yes protocol=tcp tcp-flags=syn
/ipv6 nd
set [ find default=yes ] interface=bridge_lan_01 managed-address-configuration=yes other-configuration=yes ra-interval=20s-1m
/system clock
set time-zone-name=Europe/London
If I remove the route
add distance=1 dst-address=xxx.xxx.xxx.72/29 gateway=eth4_wan_shared_virt
it stops working.
Also the eth4_wan_shared_virt is what Port3 represents there on drawing