Community discussions

MikroTik App
 
poinths
newbie
Topic Author
Posts: 29
Joined: Tue May 09, 2006 5:52 am

2 ISPs serving two LANs with RB750G/RB450G

Tue Oct 18, 2011 7:47 pm

Hi,
Try to achieve a simple task with a RB750G (ROS 5.7).

Port
1 1st-ISP - 10.0.10.2 (gw 10.0.10.1)
2 2nd-ISP - 192.168.1.2 (gw 192.168.1.1)
3 Hotspot-LAN - 10.5.50.1
4 Office-LAN - 192.168.88.1
5

All I want is that Office-LAN is using 2nd-ISP and Hotspot-LAN is using 1st-ISP.
From what I understand I have to use the Mangle functionality to mark routes and connection.
I have another RB450G using this but with pcc load balancing and two ISPs. Works great!
But this one is supposed to be simple and I did not use any pcc or other policy stuff.

I set up two static default routes and use Router Mark wan1 and wan2.
/ip route
1 A S dst-address=0.0.0.0/0 gateway=pppoe-out1 gateway-status=2nd-ISP reachable distance=1
scope=30 target-scope=10 routing-mark=wan2

2 A S dst-address=0.0.0.0/0 gateway=ether1-Internet1 gateway-status=1st-ISP reachable
distance=1 scope=30 target-scope=10 routing-mark=wan1

3 A S dst-address=0.0.0.0/0 gateway=ether1-Internet1 gateway-status=1st-ISP reachable
distance=1 scope=30 target-scope=10

In order to use routing marks I obviously have to set them and that happens (only) in the firewall mangle part.
To get to the Internet I also have to set masquerading for both ports.

I tried several combinations to get /ip firewall mangle and nat going, but it seems I missing something as my traceroutes are not hitting the target and only reach the port on the RB and then timeout.
I set a mangle rule for 'mark-connection' and one for mark-routing' per ISP marking them with wan1 and wan2.

Is there somewhere kind of a recipe with (many) examples using mangle and nat for this purpose?

I presume I will receive replies (if any) with RTFM ... but I did. Seems I am not wiser afterwards.

Any help appreciated. Thanks!
 
poinths
newbie
Topic Author
Posts: 29
Joined: Tue May 09, 2006 5:52 am

Re: 2 ISPs serving two LANs with RB750G/RB450G

Wed Oct 19, 2011 2:18 pm

OK, seems I got it working.
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new disabled=no new-connection-mark=wan1 passthrough=yes src-address=10.5.50.0/24
add action=mark-routing chain=prerouting connection-mark=wan1 connection-state=new disabled=no new-routing-mark=wan1 passthrough=yes src-address=10.5.50.0/24
add action=mark-routing chain=prerouting connection-mark=wan1 connection-state=established disabled=no new-routing-mark=wan1 passthrough=yes src-address=10.5.50.0/24
add action=mark-routing chain=prerouting connection-mark=wan1 connection-state=related disabled=no new-routing-mark=wan1 passthrough=yes src-address=10.5.50.0/24

add action=mark-connection chain=prerouting connection-state=new disabled=no new-connection-mark=wan2 passthrough=yes src-address=192.168.88.0/24
add action=mark-routing chain=prerouting connection-mark=wan2 connection-state=new disabled=no new-routing-mark=wan2 passthrough=yes src-address=192.168.88.0/24
add action=mark-routing chain=prerouting connection-mark=wan2 connection-state=established disabled=no new-routing-mark=wan2 passthrough=yes src-address=192.168.88.0/24
add action=mark-routing chain=prerouting connection-mark=wan2 connection-state=related disabled=no new-routing-mark=wan2 passthrough=yes src-address=192.168.88.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=no src-address=10.5.50.0/24
add action=masquerade chain=srcnat disabled=no src-address=192.168.88.0/24
/ip route
add check-gateway=arp disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=wan2 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.0.10.1 routing-mark=wan1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.0.10.1 scope=30 target-scope=1
And in case ISP2 for the Office-LAN goes down or reached the download limit it will fallback to ISP1.

Seems trial and error can produce results.

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], emunt6 and 87 guests