Community discussions

MikroTik App
just joined
Topic Author
Posts: 15
Joined: Sun Sep 15, 2013 6:57 pm
Location: Bulgaria

2 WANs and port forwarding

Tue Apr 08, 2014 12:18 am

Hello everyone,

I am trying to set up my MikroTik router to use 2 WAN connections with the following requirements - one of the connections should be primary, and the other one - secondary - all outbond traffic should pass through the primary WAN connection (when available) and if there is a problem with the primary WAN connection - the outbond traffic must switch to the secondary WAN connection. Both WAN ports must be simultaneously open for inbound connections.
At the end of this post you'll find a summarized scheme of my network topology.
Currently I managed to get everything working exactly as I want - with one notable exception - I am using DMZ on both WAN modems. In order to maintain the possibility to reach their web interfaces I have created port forwarding rules that point back to the LAN interfaces of the modems. Unfortunately reaching their web interface is possible only when using the currently active WAN.
Would you please give me a hint how can I overcome this? Thank you!
/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade GSM subnet" out-interface=ether3-gateway-GSM
add action=masquerade chain=srcnat comment="Masquerade ADSL subnet" out-interface=ether1-gateway-ADSL
add action=dst-nat chain=dstnat comment="ADSL modem" dst-port=808 protocol=tcp to-addresses= to-ports=80
add action=dst-nat chain=dstnat dst-port=809 protocol=tcp to-addresses= to-ports=80

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1-gateway-ADSL new-connection-mark=ADSL_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether3-gateway-GSM new-connection-mark=GSM_conn
add action=mark-routing chain=prerouting connection-mark=ADSL_conn in-interface=bridge-local new-routing-mark=to_ADSL
add action=mark-routing chain=prerouting connection-mark=GSM_conn in-interface=bridge-local new-routing-mark=to_GSM
add action=mark-routing chain=output connection-mark=ADSL_conn new-routing-mark=to_ADSL
add action=mark-routing chain=output connection-mark=GSM_conn new-routing-mark=to_GSM

/ip route
add check-gateway=ping distance=1 gateway= routing-mark=to_ADSL
add check-gateway=ping distance=1 gateway= routing-mark=to_GSM
add check-gateway=ping distance=1 gateway=
add check-gateway=ping distance=2 gateway=
You do not have the required permissions to view the files attached to this post.
User avatar
Forum Guru
Forum Guru
Posts: 2954
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: 2 WANs and port forwarding

Tue Apr 08, 2014 4:06 pm

Search on the forum: PCC.

There are dozen of example as your need.
I'm Italian, not English. Sorry for my imperfect grammar.
Member Candidate
Member Candidate
Posts: 123
Joined: Sat Nov 30, 2013 7:49 am

Re: 2 WANs and port forwarding

Thu Apr 10, 2014 5:05 am

Unfortunately reaching their web interface is possible only when using the currently active WAN
Yup, that would be correct since you don't mark inbound packets, therefore they will be directed to the currently active default route with no routing marks.
The solution is to also mark the inbound traffic on both wan and then redirect then back to their wan ports.

Who is online

Users browsing this forum: safik and 65 guests