Community discussions

MikroTik App
 
arthurmitch35
just joined
Topic Author
Posts: 1
Joined: Mon Aug 30, 2021 7:43 pm

Duel wan with same subnet partition to two different lan subnets not working

Mon Aug 30, 2021 7:54 pm

Ok my issue is the following i have two wan static ip addresses from a provider the one is meant for server's on one subnet and the other for users on another subnet so basically i was using one router to split groups to the right wan connection.... but it only uses the one wan and all traffic over wan 2 not splitting it like i tried.... any help would be much appreciated.....
ip:
0 102.39.22.221/29 102.39.22.224 ether1-WAN1
1 192.168.101.1/24 192.168.101.0 ether2-Lan 101
2 192.168.0.1/24 192.168.0.0 bridge2-Lan-Subnet0
3 102.39.22.222/29 102.39.22.224 ether10-WAN2
4 192.168.10.1/24 192.168.10.0 ether5-Lan-Debtsolver

routes:
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 102.39.22.220 1
1 A S 0.0.0.0/0 102.39.22.220 1
2 A S 0.0.0.0/0 102.39.22.220 1
3 ADC 102.39.22.224/29 102.39.22.226 ether1-WAN1 0
ether10-WAN2
4 ADC 192.168.0.0/24 192.168.0.1 bridge2-Lan-Sub... 0
5 ADC 192.168.10.0/24 192.168.10.1 ether5-Lan-Debt... 0
6 ADC 192.168.101.0/24 192.168.101.1 bridge1-Lan-Sub... 0

firewall filter:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=output action=drop protocol=icmp out-interface=ether1-WAN1 log=no log-prefix=""

1 chain=output action=drop protocol=icmp out-interface=ether10-WAN2 log=no log-prefix=""

2 chain=input action=accept protocol=tcp in-interface=ether1-WAN1 dst-port=1723

3 chain=input action=accept protocol=tcp in-interface=ether1-WAN1 dst-port=443

4 chain=input action=accept protocol=tcp in-interface=ether10-WAN2 dst-port=1723

5 chain=input action=accept protocol=tcp in-interface=ether10-WAN2 dst-port=443

6 ;;; Drop DNS Req from WAN-VOX
chain=input action=drop protocol=tcp in-interface=ether1-WAN1 dst-port=53 log=yes

7 ;;; Drop SMTP Req from WAN-VOX
chain=input action=drop protocol=tcp in-interface=ether1-WAN1 dst-port=25 log=yes

8 ;;; Drop DNS Req from WAN-VOX
chain=input action=drop protocol=udp in-interface=ether1-WAN1 dst-port=53 log=yes

9 ;;; Drop DNS Req from WAN-VOX
chain=input action=drop protocol=tcp in-interface=ether10-WAN2 dst-port=53 log=yes

10 ;;; Drop SMTP Req from WAN-VOX
chain=input action=drop protocol=tcp in-interface=ether10-WAN2 dst-port=25 log=yes

11 ;;; Drop DNS Req from WAN-VOX
chain=input action=drop protocol=udp in-interface=ether10-WAN2 dst-port=53 log=yes

12 ;;; Accept established and related packets
chain=input action=accept connection-state=established,related

13 chain=input action=accept in-interface=bridge1-Lan-Subnet101 log=no log-prefix=""

14 chain=input action=accept in-interface=bridge2-Lan-Subnet0 log=no log-prefix=""

15 chain=input action=accept in-interface=ether5-Lan-Debtsolver log=no log-prefix=""

16 ;;; Drop invalid packets
chain=input action=drop connection-state=invalid log=no log-prefix=""

17 ;;; Drop all packets which are not destined to routes IP address
chain=input action=drop dst-address-type=!local log=no log-prefix=""

18 ;;; Drop all packets which does not have unicast source IP address
chain=input action=drop src-address-type=!unicast log=yes log-prefix=""

19 ;;; Drop all packets from public internet which should not exist in public network
chain=input action=drop src-address-list=NotPublic in-interface=ether1-WAN1 log=yes log-prefix=""

20 ;;; Drop all packets from public internet which should not exist in public network
chain=input action=drop src-address-list=NotPublic in-interface=ether10-WAN2 log=yes log-prefix=""

21 ;;; Accept established and related packets
chain=forward action=accept connection-state=established,related

Nat:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=192.168.101.0/24 log=no log-prefix=""

1 chain=srcnat action=masquerade src-address=192.168.10.0/24 log=no log-prefix=""

2 chain=srcnat action=masquerade src-address=192.168.0.0/24 log=no log-prefix=""

3 chain=srcnat action=masquerade src-address=192.168.145.0/24 log=no log-prefix=""

mangle:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-connection new-connection-mark=wan1 passthrough=yes src-address=192.168.101.0/24 log=no log-prefix=""

1 chain=prerouting action=mark-routing new-routing-mark=wan1 passthrough=yes src-address=192.168.101.0/24 connection-mark=wan1 log=no log-prefix=""

2 chain=prerouting action=mark-connection new-connection-mark=wan1 passthrough=yes src-address=192.168.10.0/24 log=no log-prefix=""

3 chain=prerouting action=mark-routing new-routing-mark=wan1 passthrough=yes src-address=192.168.10.0/24 connection-mark=wan1 log=no log-prefix=""

4 chain=prerouting action=mark-connection new-connection-mark=wan2 passthrough=yes src-address=192.168.0.0/24 log=no log-prefix=""

5 chain=prerouting action=mark-routing new-routing-mark=wan2 passthrough=yes src-address=192.168.0.0/24 connection-mark=wan2 log=no log-prefix=""

6 chain=prerouting action=mark-connection new-connection-mark=wan1 passthrough=yes src-address=192.168.145.0/24 log=no log-prefix=""

7 chain=prerouting action=mark-routing new-routing-mark=wan1 passthrough=yes src-address=192.168.145.0/24 connection-mark=wan2 log=no log-prefix=""

Who is online

Users browsing this forum: aoravent, menyarito, phascogale, Soleous75 and 76 guests