Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

multi-WAN, one dst always through one WAN

Post Reply
 
User avatar
CinderBDT907
just joined
Topic Author
Posts: 3
Joined: Sat Nov 11, 2023 10:49 pm
Location: Alaska

multi-WAN, one dst always through one WAN

Sun Mar 16, 2025 11:13 pm

I read and tried to modify and implement this solution, which is about source address.
But it isn't working, and I am not sure if it is because a different solution is needed when the restriction is to destination address instead.

I have two WAN connections, which is working well. Only one of the WAN connections has a static IP from the ISP. In order to connect to the destination, I have to be listed in the firewall in front of the destination, so I want to always use the static IP WAN when I send traffic to that destination.

The traffic does not seem to be going out the static IP WAN, because it is not hitting the firewall in front of the destination.

Thank you for any suggestion.

Here are what I think are relevant lines in config:
Code: Select all
#RouterOS 7.19beta5
/interface list member
add comment="all LAN ports bridged" disabled=no interface=bridge list=LAN
add comment="dual WAN configuration" disabled=no interface=WAN_ether1 list=\
    WAN
add disabled=no interface=WAN_ether2 list=WAN
/routing table
add disabled=no fib name=to_WAN1
add disabled=no fib name=to_WAN2
add comment="For traffic that is only going out on static IP." \
    disabled=no fib name=useWAN1only
/ip firewall mangle
add action=accept chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" dst-address=192.168.1.0/24 \
    in-interface=bridge
add action=accept chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" dst-address=192.168.2.0/24 \
    in-interface=bridge
add action=mark-connection chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=no-mark \
    in-interface=WAN_ether1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=no-mark \
    in-interface=WAN_ether2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" !connection-bytes \
    !connection-limit connection-mark=no-mark !connection-nat-state \
    !connection-rate !connection-state !connection-type !content disabled=no \
    !dscp !dst-address !dst-address-list dst-address-type=!local !dst-limit \
    !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
    !in-bridge-port-list in-interface=bridge !in-interface-list \
    !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
    log=no log-prefix="" new-connection-mark=WAN1_conn !nth !out-bridge-port \
    !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
    !packet-size passthrough=yes per-connection-classifier=both-addresses:2/0 \
    !port !priority !protocol !psd !random !routing-mark !src-address \
    !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
    !tcp-mss !time !tls-host !ttl
add action=mark-connection chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" !connection-bytes \
    !connection-limit connection-mark=no-mark !connection-nat-state \
    !connection-rate !connection-state !connection-type !content disabled=no \
    !dscp !dst-address !dst-address-list dst-address-type=!local !dst-limit \
    !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
    !in-bridge-port-list in-interface=bridge !in-interface-list \
    !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit \
    log=no log-prefix="" new-connection-mark=WAN2_conn !nth !out-bridge-port \
    !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
    !packet-size passthrough=yes per-connection-classifier=both-addresses:2/1 \
    !port !priority !protocol !psd !random !routing-mark !src-address \
    !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags \
    !tcp-mss !time !tls-host !ttl
add action=mark-routing chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=WAN1_conn \
    in-interface=bridge new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=WAN2_conn \
    in-interface=bridge new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=WAN1_conn \
    new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2 passthrough=yes
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.1.1 pref-src="" routing-table=to_WAN1 scope=30 \
    suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.2.1 pref-src="" routing-table=to_WAN2 scope=30 \
    suppress-hw-offload=no target-scope=10
add comment=\
    https://help.mikrotik.com/docs/display/ROS/Per+connection+classifier \
    distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1
add comment=\
    https://help.mikrotik.com/docs/display/ROS/Per+connection+classifier \
    disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add comment="to force traffic out static IP WAN1 https://forum.mikrotik.com/\
    viewtopic.php\?t=188388#p951507" disabled=no distance=1 dst-address=\
    206.81.93.160/32 gateway=WAN_ether1 routing-table=useWAN1only scope=30 \
    suppress-hw-offload=no target-scope=10
/routing rule
add action=lookup-only-in-table comment="to send traffic bound for specific endpoint\
    only through static IP WAN https://forum.mikrotik.com/viewtopic.php\?\
    t=188388#p951507" disabled=no dst-address=198.51.100.1/32 table=\
    useWAN1only
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 23437
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: multi-WAN, one dst always through one WAN

Mon Mar 17, 2025 12:11 am

Since you don't know the problem, why do you think you know the relevent parts of the config. :-)
Seems illogical.
In any case
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys, long dhcp leases etc.)
and for the love of god, dont use VERBOSE export!!!

Please draw a diagram to show the equipment involved here as your explanation is not making sense.
It would seem as though either you or the ISP has their own firewall device besides their modem and your MT
I just cannot figure if its between the two or on the far side the ISPs modem..........

Also, did you want the LAN users to access both WANS at the same time, so the full availability of your paid throughput is being used, with the exception of when traffic is headed to one destination IP.
or did you have in mind A primary WAN for all traffic and then a secondary as backup and the single destination should use the backup.

Also, you have a whole bunch of other mangles on the go.
Please detail why you have each mangle, what use case are they addressing.
Top
 
User avatar
CinderBDT907
just joined
Topic Author
Posts: 3
Joined: Sat Nov 11, 2023 10:49 pm
Location: Alaska

Re: multi-WAN, one dst always through one WAN

Mon Mar 17, 2025 2:35 am

Since you don't know the problem, why do you think you know the relevent parts of the config. :-)
Seems illogical.
That's a good point. I post here the config and a diagram.
Thank you for looking over the situation.
It would seem as though either you or the ISP has their own firewall device besides their modem and your MT
I just cannot figure if its between the two or on the far side the ISPs modem..........
You are correct. There is a device that is filtering packets in front of the far endpoint to allow only the connections with the static IP assigned by my ISP.
I have entered that into the diagram.
The setup works perfectly when I have the LTE modem unplugged (when there is only one functional route).
MikroTik router diagram 2025-03-16.png
Also, did you want the LAN users to access both WANS at the same time, so the full availability of your paid throughput is being used, with the exception of when traffic is headed to one destination IP.
Yes. The traffic is supposed to go out 50/50 on the two WAN links, except for this traffic to the one particular remote endpoint, which should only go out WAN1.
Also, you have a whole bunch of other mangles on the go.
Please detail why you have each mangle, what use case are they addressing.
Thank you; I will attempt to explain the mangles in a later reply.
Code: Select all
# 2025-03-16 15:54:26 by RouterOS 7.19beta5
# software id = 8QA2-FE62
#
# model = RBD25G-5HPacQD2HPnD
/interface bridge
add admin-mac=C4:AD:34:xx:xx:xx auto-mac=no comment="bridge all wlan ports" \
    name=bridge port-cost-mode=short
/interface ethernet
set [ find default-name=ether1 ] comment="fiber link" name=WAN_ether1
set [ find default-name=ether2 ] comment="hotspot router" name=WAN_ether2
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country="united states" \
    disabled=no mode=ap-bridge ssid=ourhouse wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac country="united states" \
    disabled=no mode=ap-bridge ssid=ourhouse wireless-protocol=802.11
/caps-man security
add authentication-types=wpa2-psk comment=defconf disable-pmkid=yes \
    encryption=aes-ccm group-encryption=aes-ccm name=capSec
/caps-man configuration
add channel.band=2ghz-b/g/n .control-channel-width=20mhz .extension-channel=\
    XX comment=defconf datapath.client-to-client-forwarding=yes \
    .local-forwarding=yes distance=indoors installation=indoor name=cfg-2ghz \
    security=capSec ssid=MikroTikxxxxxx-2
add channel.band=5ghz-a/n/ac .control-channel-width=20mhz .extension-channel=\
    XXXX comment=defconf datapath.client-to-client-forwarding=yes \
    .local-forwarding=yes distance=indoors installation=indoor name=\
    cfg-5ghz-ac security=capSec ssid=MikroTikxxxxxx-5
add channel.band=5ghz-a/n .control-channel-width=20mhz .extension-channel=XX \
    comment=defconf datapath.client-to-client-forwarding=yes \
    .local-forwarding=yes distance=indoors installation=indoor name=\
    cfg-5ghz-an security=capSec ssid=MikroTikxxxxxx-5
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk comment=defconf disable-pmkid=yes mode=\
    dynamic-keys name=wpsSync supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan3 ] antenna-gain=4 band=5ghz-a/n/ac \
    channel-width=20/40mhz-XX country="united states" disabled=no mode=\
    ap-bridge security-profile=wpsSync ssid=SYNC-xxxxxx wireless-protocol=\
    802.11
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add add-arp=yes address-pool=default-dhcp bootp-support=none interface=bridge \
    lease-time=2d name=defconf server-address=192.168.88.1
/ip smb users
set [ find default=yes ] disabled=yes
/routing table
add comment="for traffic that is on static IP" disabled=no fib name=to_WAN1
add comment="for traffic that is going out LTE" disabled=no fib \
    name=to_WAN2
add comment=\
    "For traffic that is only going out on static IP." \
    disabled=no fib name=useWAN1only
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add comment=defconf disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled comment=defconf hw-supported-modes=gn \
    master-configuration=cfg-2ghz name-format=prefix-identity name-prefix=\
    2ghz
add action=create-dynamic-enabled comment=defconf hw-supported-modes=ac \
    master-configuration=cfg-5ghz-ac name-format=prefix-identity name-prefix=\
    5ghz-ac
add action=create-dynamic-enabled comment=defconf hw-supported-modes=an \
    master-configuration=cfg-5ghz-an name-format=prefix-identity name-prefix=\
    5ghz-an
/interface bridge port
add bridge=bridge ingress-filtering=no interface=wlan2 internal-path-cost=10 \
    path-cost=10
add bridge=bridge ingress-filtering=no interface=wlan3 internal-path-cost=10 \
    path-cost=10
add bridge=bridge ingress-filtering=no interface=wlan1 internal-path-cost=10 \
    path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment="all LAN ports bridged" interface=bridge list=LAN
add comment="dual WAN configuration" interface=WAN_ether1 list=WAN
add interface=WAN_ether2 list=WAN
/interface ovpn-server server
add mac-address=FE:7E:CF:xx:xx:xx name=ovpn-server1
/interface wireless cap
set bridge=bridge caps-man-addresses=127.0.0.1 interfaces=wlan1,wlan2
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add add-default-route=no comment="fiber link" interface=WAN_ether1 \
    use-peer-dns=no use-peer-ntp=no
# Interface not active
add add-default-route=no comment="hotspot router" interface=WAN_ether2 \
    use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=\
    9.9.9.10,149.112.112.10 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=9.9.9.10,149.112.112.10
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
add address=159.148.147.204 disabled=yes name=upgrade.mikrotik.com type=A
add address=159.148.172.226 disabled=yes name=upgrade.mikrotik.com type=A
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack disa\
    bled because TTL rewrite conflicts https://forum.mikrotik.com/viewtopic.ph\
    p\?p=838949" connection-state=established,related disabled=yes \
    hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=accept chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" dst-address=192.168.1.0/24 \
    in-interface=bridge
add action=accept chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" dst-address=192.168.2.0/24 \
    in-interface=bridge
add action=mark-connection chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=no-mark \
    in-interface=WAN_ether1 new-connection-mark=WAN1_conn
add action=mark-connection chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=no-mark \
    in-interface=WAN_ether2 new-connection-mark=WAN2_conn
add action=mark-connection chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge new-connection-mark=WAN1_conn \
    per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=WAN1_conn \
    in-interface=bridge new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=WAN2_conn \
    in-interface=bridge new-routing-mark=to_WAN2
add action=mark-routing chain=output comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=WAN1_conn \
    new-routing-mark=to_WAN1
add action=mark-routing chain=output comment=\
    "https://www.youtube.com/watch\?v=GeuuNE3EPBA" connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2
add action=change-ttl chain=postrouting comment="https://forum.mikrotik.com/vi\
    ewtopic.php\?p=838949#p840621\r\
    \nhttps://wiki.mikrotik.com/wiki/Manual:Interface/LTE" new-ttl=set:64 \
    out-interface=WAN_ether2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN_ether1 to-addresses=\
    206.81.93.71
add action=masquerade chain=srcnat out-interface=WAN_ether2
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.1.1 pref-src="" routing-table=to_WAN1 scope=30 \
    suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.2.1 pref-src="" routing-table=to_WAN2 scope=30 \
    suppress-hw-offload=no target-scope=10
add comment=\
    https://help.mikrotik.com/docs/display/ROS/Per+connection+classifier \
    distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1
add comment=\
    https://help.mikrotik.com/docs/display/ROS/Per+connection+classifier \
    disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add comment="to force traffic out static IP WAN1 https://forum.mikrotik.com/\
    viewtopic.php\?t=188388#p951507" disabled=no distance=1 dst-address=\
    206.81.93.160/32 gateway=WAN_ether1 routing-table=useWAN1only scope=30 \
    suppress-hw-offload=no target-scope=10
/ip service
set ftp disabled=yes
set ssh disabled=yes
set telnet disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/routing rule
add action=lookup-only-in-table comment="to send traffic bound for endpoint only through static IP WAN link https://forum.mikrotik.com/viewtopic.php\?\
    t=188388#p951507" disabled=no dst-address=198.51.100.1/32 table=\
    useWAN1only
/system clock
set time-zone-autodetect=no time-zone-name=UTC
/system identity
set name=MyMikroTikAudience
/system leds settings
set all-leds-off=immediate
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set broadcast-addresses=192.168.88.1 enabled=yes
/system ntp client servers
add address=0.pool.ntp.org
add address=1.pool.ntp.org
add address=2.pool.ntp.org
add address=3.pool.ntp.org
/system package update
set channel=testing
/system watchdog
set automatic-supout=no watchdog-timer=no
/tool graphing interface
add allow-address=192.168.88.0/24 interface=WAN_ether1
add allow-address=192.168.88.0/24 interface=WAN_ether2
/tool graphing resource
add allow-address=192.168.88.0/24
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
CinderBDT907
just joined
Topic Author
Posts: 3
Joined: Sat Nov 11, 2023 10:49 pm
Location: Alaska

Re: multi-WAN, one dst always through one WAN

Mon Mar 17, 2025 4:30 am

Here are some notes regarding the mangle rules:
Regarding the TTL rewrite for the LTE hotspot and fasttrack disable:
viewtopic.php?p=838949#p839136
viewtopic.php?p=838949#p840458
The prerouting chain mark connection mangles are from:
MikroTik Tutorial 36 - Load balancing and failover with multiple gateways (2 WAN Links) by TKSJa and the website http://tksja.com/load-balancing-over-multiple-gateways
https://help.mikrotik.com/docs/display/ ... classifier is about sending traffic out and in from the same endpoint to the same endpoint once one is picked, I believe.
Top
Post Reply
  4. RouterOS
  5. Beginner Basics