2 Internet Connections, one for Inbound and one for Outbound

n4p · Thu Oct 05, 2017 7:37 am

Hi,
i wanna ask if it would be possible to setup two internet connections where one is for inbound traffic and one for outbound traffic.
Or a little bit clearer, i have to setup a mikrotik router (router B) behind another router (router A). And i can't configure any portforwardings or something on router A, so no inbound traffic is possible.
Now i wanna use a umts-modem for incoming ipsec/lt2p traffic behind router B.

Is there any possibilty to make these setup?

Thanks for your help!

Kind regards

tomaskir · Thu Oct 05, 2017 12:49 pm

You will need to configure Mangle properly, and handle WAN->Router marking.

Check out this presentation:
https://youtu.be/67Dna_ffCvc

Feel free to skip to around 6:30 - that's when the Mangle stuff starts.

n4p · Thu Oct 05, 2017 2:20 pm

Thanks for answer,
but do i really need to use mangle there?
Can't i do this with route distance?

tomaskir · Thu Oct 05, 2017 2:29 pm

You can have only one default route.
It can go either through WAN1, or WAN2.

As soon as you need some things to go through WAN1, and other things to go through WAN2, you need Mangle.

n4p · Thu Oct 05, 2017 4:10 pm

Hi,
i think i found the solution, there was a description in the forum, so i followed that and configured that on my RB2011.
Currently it look it works correctly, all Connections from the local LAN goes trough WAN1 where is the router without ability to setup any portforwarding.

And if i connect a second laptop on WAN2 i can connect to the router trough IPSec/L2TP.

Here is the Config i followed:

/ip firewall mangle
add action=mark-connection chain=input comment=WAN1 in-interface=ether1-WAN1 \
new-connection-mark=MWAN1
add action=mark-routing chain=output connection-mark=MWAN1 new-routing-mark=\
RWAN1 passthrough=no
add action=mark-connection chain=forward comment=WAN1PF connection-state=new \
in-interface=ether1-WAN1 new-connection-mark=PFMWAN1
add action=mark-routing chain=prerouting connection-mark=PFMWAN1 \
in-interface=bridge-local new-routing-mark=RWAN1
add action=mark-connection chain=input comment=WAN2 in-interface=ether2-WAN2 \
new-connection-mark=MWAN2
add action=mark-routing chain=output connection-mark=MWAN2 new-routing-mark=\
RWAN2 passthrough=no
add action=mark-connection chain=forward comment=WAN2PF connection-state=new \
in-interface=ether2-WAN2 new-connection-mark=PFMWAN2
add action=mark-routing chain=prerouting connection-mark=PFMWAN2 \
in-interface=bridge-local new-routing-mark=RWAN2

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN1
add action=masquerade chain=srcnat out-interface=ether2-WAN2

/ip route
add distance=1 gateway=ether1-WAN1 routing-mark=RWAN1
add distance=1 gateway=ether2-WAN2 routing-mark=RWAN2
add distance=1 gateway=192.168.1.1
add distance=2 gateway=200.100.100.12

Credit goes to zyxnull

Thanks, Kind regards

2 Internet Connections, one for Inbound and one for Outbound

2 Internet Connections, one for Inbound and one for Outbound

Re: 2 Internet Connections, one for Inbound and one for Outbound

Re: 2 Internet Connections, one for Inbound and one for Outbound

Re: 2 Internet Connections, one for Inbound and one for Outbound

Re: 2 Internet Connections, one for Inbound and one for Outbound

Who is online