Hi,
i wanna ask if it would be possible to setup two internet connections where one is for inbound traffic and one for outbound traffic.
Or a little bit clearer, i have to setup a mikrotik router (router B) behind another router (router A). And i can't configure any portforwardings or something on router A, so no inbound traffic is possible.
Now i wanna use a umts-modem for incoming ipsec/lt2p traffic behind router B.
Is there any possibilty to make these setup?
Thanks for your help!
Kind regards
Re: 2 Internet Connections, one for Inbound and one for Outbound
You will need to configure Mangle properly, and handle WAN->Router marking.
Check out this presentation:
https://youtu.be/67Dna_ffCvc
Feel free to skip to around 6:30 - that's when the Mangle stuff starts.
Check out this presentation:
https://youtu.be/67Dna_ffCvc
Feel free to skip to around 6:30 - that's when the Mangle stuff starts.
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
Mass Config Push, network-wide RouterOS upgrades, and more!
Re: 2 Internet Connections, one for Inbound and one for Outbound
Thanks for answer,
but do i really need to use mangle there?
Can't i do this with route distance?
but do i really need to use mangle there?
Can't i do this with route distance?
Re: 2 Internet Connections, one for Inbound and one for Outbound
You can have only one default route.
It can go either through WAN1, or WAN2.
As soon as you need some things to go through WAN1, and other things to go through WAN2, you need Mangle.
It can go either through WAN1, or WAN2.
As soon as you need some things to go through WAN1, and other things to go through WAN2, you need Mangle.
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
Mass Config Push, network-wide RouterOS upgrades, and more!
Re: 2 Internet Connections, one for Inbound and one for Outbound
Hi,
i think i found the solution, there was a description in the forum, so i followed that and configured that on my RB2011.
Currently it look it works correctly, all Connections from the local LAN goes trough WAN1 where is the router without ability to setup any portforwarding.
And if i connect a second laptop on WAN2 i can connect to the router trough IPSec/L2TP.
Here is the Config i followed:
Credit goes to zyxnull
Thanks, Kind regards
i think i found the solution, there was a description in the forum, so i followed that and configured that on my RB2011.
Currently it look it works correctly, all Connections from the local LAN goes trough WAN1 where is the router without ability to setup any portforwarding.
And if i connect a second laptop on WAN2 i can connect to the router trough IPSec/L2TP.
Here is the Config i followed:
Code: Select all
/ip firewall mangle
add action=mark-connection chain=input comment=WAN1 in-interface=ether1-WAN1 \
new-connection-mark=MWAN1
add action=mark-routing chain=output connection-mark=MWAN1 new-routing-mark=\
RWAN1 passthrough=no
add action=mark-connection chain=forward comment=WAN1PF connection-state=new \
in-interface=ether1-WAN1 new-connection-mark=PFMWAN1
add action=mark-routing chain=prerouting connection-mark=PFMWAN1 \
in-interface=bridge-local new-routing-mark=RWAN1
add action=mark-connection chain=input comment=WAN2 in-interface=ether2-WAN2 \
new-connection-mark=MWAN2
add action=mark-routing chain=output connection-mark=MWAN2 new-routing-mark=\
RWAN2 passthrough=no
add action=mark-connection chain=forward comment=WAN2PF connection-state=new \
in-interface=ether2-WAN2 new-connection-mark=PFMWAN2
add action=mark-routing chain=prerouting connection-mark=PFMWAN2 \
in-interface=bridge-local new-routing-mark=RWAN2
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN1
add action=masquerade chain=srcnat out-interface=ether2-WAN2Code: Select all
/ip route
add distance=1 gateway=ether1-WAN1 routing-mark=RWAN1
add distance=1 gateway=ether2-WAN2 routing-mark=RWAN2
add distance=1 gateway=192.168.1.1
add distance=2 gateway=200.100.100.12Thanks, Kind regards