Community discussions

MikroTik App
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

forwarding traffic to a specific WAN interface

Tue Nov 01, 2022 10:49 am

Hello My friends..!
so i have RB951ui and want the LAN 4 + 5 ports on it to use port 3 as the WAN interface like this scenario.
the main WAN connection coming to the Mikrotik router from eth-1, the ip address of eth-1 that it get from this WAN DHCP Server is 192.168.1.111.
then i set eth-2 to give the ip in this range 192.168.10.100-192.168.10.200 so the ip address of the eth-2 is 192.168.10.1
now from this eth-2 port that have the range above, i give my express VPN router internet -connected eth-2 port from mikrotik to WAN port in my expressVPN router-
now from LAN on my express VPN router that have the ip range 192.168.132.1-192.168.132.254 i connect the eth-3 on mikrotik to it. and it take the ip 192.168.132.5
in the end i want to all traffic that leave the eth4 & eth5 to go through the VPN -ie: from eth-3- not from eth1, so how can i do that..?
anyone have any idea please..?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: forwarding traffic to a specific WAN interface

Tue Nov 01, 2022 1:00 pm

Draw a network diagram. see apps
viewtopic.php?p=908118
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: forwarding traffic to a specific WAN interface

Tue Nov 01, 2022 3:28 pm

here we are..
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: forwarding traffic to a specific WAN interface

Tue Nov 01, 2022 11:32 pm

Makes even less sense.......... I have no idea how the MT connects to the internet, ISP modem (what is internet and what is ethernet cabling).
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: forwarding traffic to a specific WAN interface

Wed Nov 02, 2022 5:19 am

Makes even less sense.......... I have no idea how the MT connects to the internet, ISP modem (what is internet and what is ethernet cabling).
ISP modem
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: forwarding traffic to a specific WAN interface

Wed Nov 02, 2022 5:41 am

So basically it's:

ether1 = WAN1 (DHCP)
ether2 = LAN1 (192.168.10.1/24, uses WAN1)
ether3 = WAN2 (DHCP?)
ether4-5 = LAN2 (?.?.?.?/?, uses WAN2)

Correct?
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: forwarding traffic to a specific WAN interface

Wed Nov 02, 2022 9:55 am

So basically it's:

ether1 = WAN1 (DHCP)
ether2 = LAN1 (192.168.10.1/24, uses WAN1)
ether3 = WAN2 (DHCP?)
ether4-5 = LAN2 (?.?.?.?/?, uses WAN2)

Correct?
yes that's correct ..!
ether4-5=LAN2 with ip range 192.168.1.1/24 and it contain only the VPN traffic -ether3 - so all LAN2 traffic pass through ether3 only not ether1.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: forwarding traffic to a specific WAN interface

Wed Nov 02, 2022 1:16 pm

Scenario 1: LAN1 users go to WAN1 due to lower distance of WAN1, if WAN1 is not available users will go to WAN2. LAN2 user are only allowed to use WAN2.

/ip route
dst-address=0.0.0.0/0 gwy=ISP1 table=main distance=1 check-gateway=ping
dst-address=0.0.0.0/0 gwy=ISP2 table=main distance=2
dst-address=0.0.0.0/0 gwy=wireguard table=useWG

/ip table
add name=useWG fib

/ip route rule
add src-address=192.168.1.0/24 action=lookup-only-in-table table=useWG

Scenario 2: LAN1 users go to WAN1 and are not able to use WAN2. LAN2 user are only allowed to use WAN2.

/ip route
dst-address=0.0.0.0/0 gwy=ISP1 table=main
dst-address=0.0.0.0/0 gwy=ISP2 table=main
dst-address=0.0.0.0/0 gwy=ISP1 table=useWAN1
dst-address=0.0.0.0/0 gwy=wireguard table=useWG

/ip table
add name=useWAN1 fib
add name=useWG fib

/ip route rule
add src-address=192.168.10.0/24 action=lookup-only-in-table table=useWAN1
add src-address=192.168.1.0/24 action=lookup-only-in-table table=useWG
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: forwarding traffic to a specific WAN interface

Wed Nov 02, 2022 5:56 pm

A problem I see is that if LAN2 has 192.168.1.1/24 and WAN1 gets 192.168.1.111, it's same subnets on two diffent interfaces, such thing generally doesn't work well.
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: forwarding traffic to a specific WAN interface

Wed Nov 02, 2022 6:06 pm

Scenario 1: LAN1 users go to WAN1 due to lower distance of WAN1, if WAN1 is not available users will go to WAN2. LAN2 user are only allowed to use WAN2.

/ip route
dst-address=0.0.0.0/0 gwy=ISP1 table=main distance=1 check-gateway=ping
dst-address=0.0.0.0/0 gwy=ISP2 table=main distance=2
dst-address=0.0.0.0/0 gwy=wireguard table=useWG

/ip table
add name=useWG fib

/ip route rule
add src-address=192.168.1.0/24 action=lookup-only-in-table table=useWG

Scenario 2: LAN1 users go to WAN1 and are not able to use WAN2. LAN2 user are only allowed to use WAN2.

/ip route
dst-address=0.0.0.0/0 gwy=ISP1 table=main
dst-address=0.0.0.0/0 gwy=ISP2 table=main
dst-address=0.0.0.0/0 gwy=ISP1 table=useWAN1
dst-address=0.0.0.0/0 gwy=wireguard table=useWG

/ip table
add name=useWAN1 fib
add name=useWG fib

/ip route rule
add src-address=192.168.10.0/24 action=lookup-only-in-table table=useWAN1
add src-address=192.168.1.0/24 action=lookup-only-in-table table=useWG
Hello Mr Anav..!
so i will try your method and give you the out put .
i was trying to use a amngle rule to apply that, i used mark connection and mark routing in sequense, but i didn't get what i want, i think your
rules above will solve the problem.
my best regards.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: forwarding traffic to a specific WAN interface

Wed Nov 02, 2022 7:00 pm

Mangle rules are also useful in certain situations. In this case it can be solved in various ways.
The problem with directing a LAN outside to a specific wan by routing rules then prevents lanA to talk to lanB for example.
However solvable by adding another routing rule with dst=LANB, placed before the lan to WAN routing rule in order./......

Mangle is good when you need to ensure remote originated traffic coming into one WAN goes out the same WAN. In your case I believe that
your concern is only outgoing traffic (local originated traffic).
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: forwarding traffic to a specific WAN interface

Fri Nov 11, 2022 11:26 am

Scenario 1: LAN1 users go to WAN1 due to lower distance of WAN1, if WAN1 is not available users will go to WAN2. LAN2 user are only allowed to use WAN2.

/ip route
dst-address=0.0.0.0/0 gwy=ISP1 table=main distance=1 check-gateway=ping
dst-address=0.0.0.0/0 gwy=ISP2 table=main distance=2
dst-address=0.0.0.0/0 gwy=wireguard table=useWG

/ip table
add name=useWG fib

/ip route rule
add src-address=192.168.1.0/24 action=lookup-only-in-table table=useWG

Scenario 2: LAN1 users go to WAN1 and are not able to use WAN2. LAN2 user are only allowed to use WAN2.

/ip route
dst-address=0.0.0.0/0 gwy=ISP1 table=main
dst-address=0.0.0.0/0 gwy=ISP2 table=main
dst-address=0.0.0.0/0 gwy=ISP1 table=useWAN1
dst-address=0.0.0.0/0 gwy=wireguard table=useWG

/ip table
add name=useWAN1 fib
add name=useWG fib

/ip route rule
add src-address=192.168.10.0/24 action=lookup-only-in-table table=useWAN1
add src-address=192.168.1.0/24 action=lookup-only-in-table table=useWG

Hello Mr anav..!
so ok i apply your steps above and it work well ..!.however, what if i want to a specific ip address to exceed this rule, i mean from LAN2 i want two IPs to go through original WAN1 not WAN2 what i have to do in this scenario..?
do i have to create a new route rule for it in this case ..?
why i want to do this..?
well as i mention the incoming traffic from WAN2 is a VPN traffic and i want for a specific devices to not use it.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: forwarding traffic to a specific WAN interface

Fri Nov 11, 2022 2:20 pm

If you need two specific IPs to go through the normal wan just put two routing rules for them before the one that forces them out wan 2

add src-address=IP1 action=lookup-only-in-table table=main
add src-address=IP2 action=lookup-only-in-table table=main
 
pks1357
just joined
Posts: 1
Joined: Fri Apr 14, 2023 2:54 pm

Re: forwarding traffic to a specific WAN interface

Fri Apr 14, 2023 2:59 pm

Scenario 1: LAN1 users go to WAN1 due to lower distance of WAN1, if WAN1 is not available users will go to WAN2. LAN2 user are only allowed to use WAN2.

/ip route
dst-address=0.0.0.0/0 gwy=ISP1 table=main distance=1 check-gateway=ping
dst-address=0.0.0.0/0 gwy=ISP2 table=main distance=2
dst-address=0.0.0.0/0 gwy=wireguard table=useWG

/ip table
add name=useWG fib

/ip route rule
add src-address=192.168.1.0/24 action=lookup-only-in-table table=useWG

Scenario 2: LAN1 users go to WAN1 and are not able to use WAN2. LAN2 user are only allowed to use WAN2.

/ip route
dst-address=0.0.0.0/0 gwy=ISP1 table=main
dst-address=0.0.0.0/0 gwy=ISP2 table=main
dst-address=0.0.0.0/0 gwy=ISP1 table=useWAN1
dst-address=0.0.0.0/0 gwy=wireguard table=useWG

/ip table
add name=useWAN1 fib
add name=useWG fib

/ip route rule
add src-address=192.168.10.0/24 action=lookup-only-in-table table=useWAN1
add src-address=192.168.1.0/24 action=lookup-only-in-table table=useWG
thnx anav , i was searching for this solution for some time for my ccr2004, but your method is simple and elegant, works like charm

Who is online

Users browsing this forum: No registered users and 33 guests