Page 1 of 1

Multiple WAN --- basic configuration.

Posted: Mon Apr 21, 2014 10:13 pm
by elarrarte
Hi people, after reading policy routing howto, I cant make it to work as expected.

I m setting up 2 WAN router, firmware 6.10

1 - Address configuration
/ip address add interface=wan1 address=IP-WAN1
/ip address add interface=wan2 address=IP-WAN2

2 - Route configuration
/ip route add gateway=GW-WAN1 routing-mark=rm-wan1
/ip route add gateway=GW-WAN2 routing-mark=rm-wan2

3 - Mark incoming connections
/ip firewall mangle
add chain=input in-interface=wan1 action=mark-connection new-connection-mark=cm-wan1
add chain=input in-interface=wan2 action=mark-connection new-connection-mark=cm-wan2

4 - Route connections to the corresponding interface
/ip firewall mangle
add chain=output connection-mark=cm-wan1 action=mark-routing new-routing-mark=rm-wan1
add chain=output connection-mark=cm-wan2 action=mark-routing new-routing-mark=rm-wan2

When I ping from outside to IP-WAN1, counters begin to increase on:
chain=input in-interface=wan1 action=mark-connection new-connection-mark=cm-wan1

But are always 0 in:
add chain=output connection-mark=cm-wan1 action=mark-routing new-routing-mark=rm-wan1

I 've found a lot of examples that cover such scenario, but all of them have differences.
I just want to ping both interfaces. When this is working, I want to forward some ports through them.

Thanks in advance!

Re: Multiple WAN --- basic configuration.

Posted: Mon Apr 21, 2014 11:41 pm
by Egate

Re: Multiple WAN --- basic configuration.

Posted: Tue Apr 22, 2014 3:31 am
by nerdtron
This one is very good. Basically, you segment the LAN into two networks, each having their own gateways.
http://wiki.mikrotik.com/wiki/Load_Bala ... e_Gateways

Re: Multiple WAN --- basic configuration.

Posted: Tue Apr 22, 2014 5:54 pm
by elarrarte
Thank you guys, but that s not what I want. I dont care load balancing or failover at this moment, just want both WANs answer my pings.

Re: Multiple WAN --- basic configuration.

Posted: Wed Apr 23, 2014 7:35 am
by nerdtron
You can't ping both by default since you can't have 2 default gateways at the same time.

Try adding src-address from your ping.
ping [gateway wan1] src-address=[ip of interface wan1]

Re: Multiple WAN --- basic configuration.

Posted: Tue May 06, 2014 3:59 pm
by elarrarte
I used this document, very good one to understand this situation:
http://lartc.org/howto/lartc.rpdb.multiple-links.html

That 's the way I used to do it with linux routers. I know linux iptables and Mikrotik are quite de same, but ... I just want to know if there is an official Mikrotik way to do the same thing.

I 've tested it and it works.

The steps are:
- IP configuration under /ip address
interface: wan1 ip: wan1-ip
interface: wan2 ip: wan2-ip
...
interface: wanN ip: wanN-ip

- Route configuration under /ip route
dst-address: 0.0.0.0/0 gateway: wan1-gw mark: rm-wan1
dst-address: 0.0.0.0/0 gateway: wan2-gw mark: rm-wan2
...
dst-address: 0.0.0.0/0 gateway: wanN-gw mark: rm-wanN

- Rule configuration under /ip route rule
src-address: wan1-ip lookup-table: rm-wan1
src-address: wan2-ip lookup-table: rm-wan2
...
src-address: wanN-ip lookup-table: rm-wanN

With that simple steps, all connections made to the router coming in a specific interface will be answered back the same interface correctly.

This allows, for example, to make Winbox connections to any WAN link in the router. This could be useful: you can manage the router via wan2 if wan1 is overloaded.
In my case, wan1 is the default-gw for internet browsing, wan2 is used for remote business offices and wan3 is used for users VPNs ---> that 's why I need wan2 and wan3 to answer back local connections regardless they are not the main default gateway. No need to load balance or failover.