Hi everyone, I have a situation. In my setup, I have two links with internet and need choose one of those to be my cloud ip. How I make this ?
Thanks 👍
Dear,I'd use policy routing - create a dynamic address list:
/ip firewall address-list
add address=cloud.mikrotik.com list=mikrotik-cloud
add address=cloud2.mikrotik.com list=mikrotik-cloud
An address-list configured this way is automatically updated with dynamic entries representing all the IP numbers to which these fqdns resolve.
Then, use a mangle rule to assign a routing-mark to all packets the router itself sends towards these destinations:
/ip firewall mangle
add chain=output dst-address-list=mikrotik-cloud action=mark-routing new-routing-mark=via-wan-x
The next thing is to add a route to actually use the routing-mark assigned:
/ip route
add routing-mark=via-wan-x gateway=ip.of.wan-x.gw
The above seems to be all, but nope, two more points come into play that are not obvious:
- if wan-x goes down, no active route with routing-mark=via-wan-x will remain, and the routing will fall back to the main routing table in such case. You can prevent this by adding
- either a type=blackhole default route with routing-mark=via-wan-x and distance=10
- or a routing rule:
/ip route rule
add routing-mark=via-wan-x action=lookup-only-in-table table=via-wan-x- the routing in chain output (packets originated by the router itself) is done before the packets pass through the mangle table, so the source address is chosen according to the default route currently active. If a routing-mark is assigned in the output chain of mangle, the routing is repeated but the source address of the packet doesn't change. So you have to add a src-nat or masquerade rule to change this:
/ip firewall nat
add chain=srcnat action=masquerade routing-mark=via-wan-x src-address-type=local
Set up 2 dyndns like services. Set them to update the actual interface they are on.
I.e.
Ether 1 = primary.mydomain.com
Ether 2 = secondary.mydomain.com
So the netname is updated on both on a schedule.
Then use the built in ipcloud netname as your "connect to what's hot".
Thanks for reading my post and reply.
Sir, can you help me on TeamViewer or can explain how I can make primary and secondary domain.
Please tell me how i can do this.
Where to perform?? Ip, Firewall etc
I just want to access Mikrotik with Cloud from anywhere / from my cell phone with mynetname.sn
Tell about this scenario
Thanks :)
Sindy.I'd use policy routing - create a dynamic address list:
/ip firewall address-list
add address=cloud.mikrotik.com list=mikrotik-cloud
add address=cloud2.mikrotik.com list=mikrotik-cloud
An address-list configured this way is automatically updated with dynamic entries representing all the IP numbers to which these fqdns resolve.
Then, use a mangle rule to assign a routing-mark to all packets the router itself sends towards these destinations:
/ip firewall mangle
add chain=output dst-address-list=mikrotik-cloud action=mark-routing new-routing-mark=via-wan-x
The next thing is to add a route to actually use the routing-mark assigned:
/ip route
add routing-mark=via-wan-x gateway=ip.of.wan-x.gw
The above seems to be all, but nope, two more points come into play that are not obvious:
- if wan-x goes down, no active route with routing-mark=via-wan-x will remain, and the routing will fall back to the main routing table in such case. You can prevent this by adding
- either a type=blackhole default route with routing-mark=via-wan-x and distance=10
- or a routing rule:
/ip route rule
add routing-mark=via-wan-x action=lookup-only-in-table table=via-wan-x- the routing in chain output (packets originated by the router itself) is done before the packets pass through the mangle table, so the source address is chosen according to the default route currently active. If a routing-mark is assigned in the output chain of mangle, the routing is repeated but the source address of the packet doesn't change. So you have to add a src-nat or masquerade rule to change this:
/ip firewall nat
add chain=srcnat action=masquerade routing-mark=via-wan-x src-address-type=local
Sir, can you share your whatsapp number nmbr for help?Dealing with the 2 ISPs would be:
Recursive routing.
Multiple dyndns like hosts:
Account.dyn.com
I don't use Facebook if I can avoid it.Sir, can you share your whatsapp number nmbr for help?Dealing with the 2 ISPs would be:
Recursive routing.
Multiple dyndns like hosts:
Account.dyn.com
Thanks :)
All the above are various aspects of the same thing.Sindy, do pray tell, what is the value of this IP, in other words, how does the router find out what the IP is???
...
Second the question is :how do I choose one of the WANIPs to be my cloud IP.
I dont understand the question and thus dont understand your answer either.
The cloud IP is assigned per router, not per ISP connection.
Did you not understand?Is any one has solutions of Mikrotik Cloud over dual wan. (dual gateway)
Thanks :)
Please explain your requirements with respect to the two ISP connections.Dear,
I'm also facing problem with *Cloud* over dual Wan and two gateway.
Can you show me screenshot of this solution how I can resolve this
Thanks :)
This worked for me, thanks.I'd use policy routing - create a dynamic address list:
/ip firewall address-list
add address=cloud.mikrotik.com list=mikrotik-cloud
add address=cloud2.mikrotik.com list=mikrotik-cloud
An address-list configured this way is automatically updated with dynamic entries representing all the IP numbers to which these fqdns resolve.
Then, use a mangle rule to assign a routing-mark to all packets the router itself sends towards these destinations:
/ip firewall mangle
add chain=output dst-address-list=mikrotik-cloud action=mark-routing new-routing-mark=via-wan-x
The next thing is to add a route to actually use the routing-mark assigned:
/ip route
add routing-mark=via-wan-x gateway=ip.of.wan-x.gw
The above seems to be all, but nope, two more points come into play that are not obvious:
- if wan-x goes down, no active route with routing-mark=via-wan-x will remain, and the routing will fall back to the main routing table in such case. You can prevent this by adding
- either a type=blackhole default route with routing-mark=via-wan-x and distance=10
- or a routing rule:
/ip route rule
add routing-mark=via-wan-x action=lookup-only-in-table table=via-wan-x- the routing in chain output (packets originated by the router itself) is done before the packets pass through the mangle table, so the source address is chosen according to the default route currently active. If a routing-mark is assigned in the output chain of mangle, the routing is repeated but the source address of the packet doesn't change. So you have to add a src-nat or masquerade rule to change this:
/ip firewall nat
add chain=srcnat action=masquerade routing-mark=via-wan-x src-address-type=local
Google has introduced a per-device generated password that can be used for this. Mikrotik can send e-mails using TLS.The trouble is finally over, with google disabling support for the insecure SMTP.