Community discussions

 
tom8823
just joined
Topic Author
Posts: 16
Joined: Tue Nov 04, 2014 2:06 pm

Accessing Mikrotik when using route-mark

Fri Nov 13, 2015 10:46 am

On my Mikrotik I use 2 WANs from differen ISP.

Let say I have public IP 1.2.3.4 on WAN1 and 5.6.7.8 on WAN2

All my traffic is routed without any routing mark through WAN1. But we have VLAN for guests and I set mark-route and src-nat masquarade to use WAN2. Of course in IP>Router WAN2 has route mark set to "route-guest".

Everything works fine except I can no longer use WAN2 public IP to access Mikrotika with Winbox and I can't use WAN2 IP for DST-NAT.

I know that is probably problem with marking traffic but I don't know how to do that.

Please help
 
pe1chl
Forum Guru
Forum Guru
Posts: 5919
Joined: Mon Jun 08, 2015 12:09 pm

Re: Accessing Mikrotik when using route-mark

Fri Nov 13, 2015 11:36 am

You can mark all traffic with the source address equal to the WAN2 address so it will be routed via WAN2.
 
tom8823
just joined
Topic Author
Posts: 16
Joined: Tue Nov 04, 2014 2:06 pm

Re: Accessing Mikrotik when using route-mark

Fri Nov 13, 2015 12:02 pm

How do I do that? I will be able to access MT with winbox?
 
tom8823
just joined
Topic Author
Posts: 16
Joined: Tue Nov 04, 2014 2:06 pm

Re: Accessing Mikrotik when using route-mark

Mon Nov 16, 2015 1:12 pm

Can anyone help me?
 
User avatar
nickshore
Member
Member
Posts: 473
Joined: Thu Mar 03, 2005 4:14 pm
Location: Suffolk, UK.
Contact:

Re: Accessing Mikrotik when using route-mark

Mon Nov 16, 2015 1:24 pm

If you add a mangle rule which matches new connections with in interface WAN2 and marks them, you can the use that connection mark to make sure that return packets are routed out of WAN2.

eg:
/ip firewall mangle add action=mark-connection chain=input comment="Mark new connections on WAN2" connection-state=new in-interface=WAN2 new-connection-mark=cnxWAN2

/ip firewall mangle add action=mark-routing chain=output comment="route to WAN2" connection-mark=cnxWAN2 dst-address-type=!local \
    new-routing-mark=route-guest passthrough=no
Hope that helps
Nick
Nick Shore MTCNA MTCWE MTCRE MTCINE MTCTCE
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/brand/mikrotik
Official UK MikroTik Distributor
IRC chan: #routerboard on irc.z.je (IPv4 and IPv6)

Who is online

Users browsing this forum: MSN [Bot] and 136 guests