Preferred source ignored?
I just noticed on our 3.0b6 unit that it appears to be ignoring the preferred source option on static routes, and is just using the ip of whatever interface it goes out of.
Basically we have two routers the same, except one is 2.9.38 or thereabouts, and the other is 3.0b6.
They both have two public interfaces, and a loopback, and a private side.
for example (not the real addresses obviously):
ether1 1.1.1.2
ether2 2.2.2.2
loopback 3.3.3.2
ether3: 192.168.1.1
there are default routes such that:
0.0.0.0 1.1.1.1 pref source 3.3.3.2
0.0.0.0 2.2.2.1 pref source 3.3.3.2
Then there is a firewall masquerade setup from the private side, which in the 2.9.38 case translates to 3.3.3.2 and goes out whichever public interface is available. But on the 3.0b6 router, it translates to the public ip of whichever interface its choosing to go out of.
Basically, we want the routers to have public addresses that are used for NAT and are independent of whichever physical interfaces happen to be up at the time. This is working on the 2.9.38 router by setting the pref source option, but not on the 3.0b6 router.
They both have two public interfaces, and a loopback, and a private side.
for example (not the real addresses obviously):
ether1 1.1.1.2
ether2 2.2.2.2
loopback 3.3.3.2
ether3: 192.168.1.1
there are default routes such that:
0.0.0.0 1.1.1.1 pref source 3.3.3.2
0.0.0.0 2.2.2.1 pref source 3.3.3.2
Then there is a firewall masquerade setup from the private side, which in the 2.9.38 case translates to 3.3.3.2 and goes out whichever public interface is available. But on the 3.0b6 router, it translates to the public ip of whichever interface its choosing to go out of.
Basically, we want the routers to have public addresses that are used for NAT and are independent of whichever physical interfaces happen to be up at the time. This is working on the 2.9.38 router by setting the pref source option, but not on the 3.0b6 router.
Re: Preferred source ignored?
has anyone found a solution? This is still a problem in routeros 3?
Thanks
Thanks
-
-
NetworkPro
Forum Guru
- Posts: 1376
- Joined:
- Location: bit.ly/the-qos
- Contact:
Re: Preferred source ignored?
I just found out that this seems to be a problem on 5.0RC4 with
- HotSpot
- on a Bridge port
- with multiple VLANs bridged
- with multiple IPs on the bridge port that have nothing to do with the HotSpot network
The pref source seems to be randomly mistaken. As verified with a sniff on the outgoing interface - the arp requests are asking for 192.168.x.a , tell <wrong address not in this subnet>
- HotSpot
- on a Bridge port
- with multiple VLANs bridged
- with multiple IPs on the bridge port that have nothing to do with the HotSpot network
The pref source seems to be randomly mistaken. As verified with a sniff on the outgoing interface - the arp requests are asking for 192.168.x.a , tell <wrong address not in this subnet>
Re: Preferred source ignored?
Not good idea.- HotSpot
- on a Bridge port
HotSpot is applied per interface.
When you have such situation,
Separate HotSpot interface and other bridge port from the same bridge, when there is nothing to do with HotSpot.- with multiple IPs on the bridge port that have nothing to do with the HotSpot network
-
-
NetworkPro
Forum Guru
- Posts: 1376
- Joined:
- Location: bit.ly/the-qos
- Contact:
Re: Preferred source ignored?
Hello sergejs.
Thank you for the fast reply.
In the previous post I meant "on a bridge interface" and not "bridge port".
I did not put a separate HotSpot on each VLAN because I wanted to manage only one HotSpot (and save my efforts for banging my head with the User Manager v5rc4)
I added the VLANs to a bridge interface in the MT and I put forward filters so that no frames would be forwarded to/from each VLAN. The frames would only get to the MT itself (input bridge chain).
This enables me to have full control over the frames that reach the MikroTik and to have some Layer 2 security (no broadcasts pass over from VLAN to VLAN).
Right now I have a bridge interface that has the HotSpot enabled on it and it has only the HotSpot IP address and no other IP addresses. This hopefully gets rid of the mentioned problem with preferred source, seems working so far.
I hope this setup is "a good idea" ? If not - do tell how to change.
Thank you.
Thank you for the fast reply.
In the previous post I meant "on a bridge interface" and not "bridge port".
I did not put a separate HotSpot on each VLAN because I wanted to manage only one HotSpot (and save my efforts for banging my head with the User Manager v5rc4)
I added the VLANs to a bridge interface in the MT and I put forward filters so that no frames would be forwarded to/from each VLAN. The frames would only get to the MT itself (input bridge chain).
This enables me to have full control over the frames that reach the MikroTik and to have some Layer 2 security (no broadcasts pass over from VLAN to VLAN).
Right now I have a bridge interface that has the HotSpot enabled on it and it has only the HotSpot IP address and no other IP addresses. This hopefully gets rid of the mentioned problem with preferred source, seems working so far.
I hope this setup is "a good idea" ? If not - do tell how to change.
Thank you.
Re: Preferred source ignored?
Yes, please report if you get any problems with the particular setup.Right now I have a bridge interface that has the HotSpot enabled on it and it has only the HotSpot IP address and no other IP addresses. This hopefully gets rid of the mentioned problem with preferred source, seems working so far.
I hope this setup is "a good idea" ? If not - do tell how to change.