Community discussions

MikroTik App
 
User avatar
laucupan
just joined
Topic Author
Posts: 12
Joined: Fri Oct 29, 2021 11:19 am

RouterOS v7.0.5 Dual PPPoE Wan Setup.

Fri Oct 29, 2021 1:23 pm

greetings..

i'm new to this mikrotik thing. just purchase a RB5009UG router (thinking its a good investment for future upgrade) replacing my old tenda w20e router. for load balancing n port forwarding.

the old tenda is easy to configure. just plug it change the wan n enter credential n then im good too go.not so much with port forwarding.so im thinking the rb5009ug will be better.

well i cant be more wrong with this rb5009ug with its routeros 7. so many guide in the web for dual wan pppoe is stil using routeros6. been strugling with it for almost a week now with no avail.

i have managed to connect to the internet with just 1 wan. but not having any luck with 2.

i tried the guide here
https://www.youtube.com/watch?v=p2XliQ2 ... el=wifiLAB
but stil no luck, can someone point me to the dual wan pppoe setup with routeros7? preferably with pcc load balancing?

this is also the script i follow with no luck. cant someone also point it out where it went wrong?
Mikrotik Local Ip
192.168.88.1/24

dhcp-lan
192.168.88.0/24

ether2= WAN1
ether3= WAN2
Bridge Lan = ether1, ether4-9


pppoe-out1=ether2 
pppoe-out2=ether3
both with default route uncheck.

/routing/table/add name=to_wan1 fib
/routing/table/add name=to_wan2 fib


/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2


/ip firewall mangle
add action=accept chain=prerouting disabled=no in-interface=pppoe-out1
add action=accept chain=prerouting disabled=no in-interface=pppoe-out2

add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address=192.168.88.0/24
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address=192.168.88.0/24

add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=no new-routing-mark=to_wan1 passthrough=yes src-address=192.168.88.0/24
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=no new-routing-mark=to_wan2 passthrough=yes src-address=192.168.88.0/24


/ip route

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-table=to_wan1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-table=to_wan2 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2 scope=30 target-scope=10
thanx, much apreciated..

ps. wan1 need its own dns. cant do with the public dns. so should i check the peer dns in the pppoe setting?
 
User avatar
laucupan
just joined
Topic Author
Posts: 12
Joined: Fri Oct 29, 2021 11:19 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Wed Nov 03, 2021 8:35 am

hm any1 got a working setup for dual wan pppoe in routeros7 that i can look up? specially the iproute part. because from all the guide i see for dual wan pppoe setup which is for routeros6 the ip route section is where i failed. i got unreachable at that part.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Wed Nov 03, 2021 1:26 pm

Typically you setup up PPPOE clients on your router
and you should be roughly good to go.

However one needs to know what special requilrements one may have.
a. what kind of use do you want to have for your WANS.
- primary and failover?
- use both all the time (load balance)?

b. any other special requirements.

Finally
post your complete config here to see where your config issues are.
/export hide-sensitive file=anynameyouwish
 
User avatar
laucupan
just joined
Topic Author
Posts: 12
Joined: Fri Oct 29, 2021 11:19 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Wed Nov 03, 2021 3:02 pm

thanx for the reply. yes i could set it up if just 1 pppoe. either wan1 or wan2. but its another story for both wan.

im trying to do load balance using source adrress with failover

this is my setting.
# jan/02/1970 00:26:36 by RouterOS 7.0.5
# software id = 4J4D-MAIY
#
# model = RB5009UG+S+
# serial number = 

/interface bridge
add name=bridge-LAN

/interface ethernet
set [ find default-name=ether2 ] name=ether2-WAN1
set [ find default-name=ether3 ] name=ether3-WAN2

/interface pppoe-client
add disabled=no interface=ether2-WAN1 name=pppoe-out1 use-peer-dns=yes user=\
    xxx
add disabled=no interface=ether3-WAN2 name=pppoe-out2 user=\
    xxx

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=dhcp_pool0 ranges=192.168.88.200-192.168.88.254

/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge-LAN lease-time=15m name=dhcp-LAN

/routing table
add fib name=to_wan1
add fib name=to_wan2

/interface bridge port
add bridge=bridge-LAN interface=ether1
add bridge=bridge-LAN interface=ether4
add bridge=bridge-LAN interface=ether5
add bridge=bridge-LAN interface=ether6
add bridge=bridge-LAN interface=ether7
add bridge=bridge-LAN interface=ether8

/ip address
add address=192.168.88.1/24 interface=bridge-LAN network=192.168.88.0

/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=192.168.88.1

/ip dns
set servers=8.8.8.8,1.1.1.1

/ip firewall mangle
add action=accept chain=prerouting in-interface=pppoe-out1
add action=accept chain=prerouting in-interface=pppoe-out2

add action=mark-connection chain=prerouting dst-address-type=!local \
    new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/0 src-address=192.168.88.0/24
add action=mark-connection chain=prerouting dst-address-type=!local \
    new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/1 src-address=192.168.88.0/24

add action=mark-routing chain=prerouting connection-mark=wan1_conn \
    new-routing-mark=to_wan1 passthrough=yes src-address=192.168.88.0/24
add action=mark-routing chain=prerouting connection-mark=wan2_conn \
    new-routing-mark=to_wan2 passthrough=yes src-address=192.168.88.0/24

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=\
    192.168.88.0/24
add action=masquerade chain=srcnat out-interface=pppoe-out2 src-address=\
    192.168.88.0/24

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out1 routing-table=to_wan1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out2 routing-table=to_wan2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
    pppoe-out2 scope=30 target-scope=10

/routing rule
add action=lookup-only-in-table disabled=no dst-address=192.168.88.0/24 \
    table=main
from most of the guide that i follow its quite simillar. but the difference is that iproute. using this i got unreachable within a few sec i enter it. i read that they change the way to do iproute in routeros7.
i'll apreciate it if u can show me where do i got wrong?

thanx.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Wed Nov 03, 2021 3:15 pm

Change Target scope so its larger than Scope.

Mangle rules incomplete.
FIXED

add action=mark-connection chain=prerouting dst-address-type=!local connection-mark=no-mark \
new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/0 in-interface=bridge
add action=mark-connection chain=prerouting dst-address-type=!local connection-mark=no-mark \
new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1 in-interface=bridge

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

add action=mark-routing chain=prerouting connection-mark=wan1_conn \
new-routing-mark=to_wan1 passthrough=yes in-interface=bridge
add action=mark-routing chain=prerouting connection-mark=wan2_conn \
new-routing-mark=to_wan2 passthrough=yes in-interface=bridge

add action=mark-routing chain=output connection-mark=wan1_conn new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=output connection-mark=wan2_conn new-routing-mark=to_wan2 passthrough=yes

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no \
in-interface=pppoe-out1 new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no \
in-interface=pppoe-out2 new-connection-mark=wan2_conn passthrough=yes

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
Last edited by anav on Wed Nov 03, 2021 3:45 pm, edited 1 time in total.
 
User avatar
laucupan
just joined
Topic Author
Posts: 12
Joined: Fri Oct 29, 2021 11:19 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Wed Nov 03, 2021 3:37 pm

does the mangle missing this 4 step?
add chain=prerouting in-interface=pppoe-out1 connection-mark=no-mark action=mark-connection \
    new-connection-mark=wan1_conn
add chain=prerouting in-interface=pppoe-out2 connection-mark=no-mark action=mark-connection \ 
    new-connection-mark=wan2_conn

add chain=output connection-mark=wan1_conn action=mark-routing new-routing-mark=to_wan1     
add chain=output connection-mark=wan2_conn action=mark-routing new-routing-mark=to_wan2

i got this from the pcc wiki. but all 3 guide i follow dont have this step.

also the scope and target scope its for marking for failover right? hm.. what is the rule to change it too any wiki to read?

edit: ah sorry didnt see the edit there. let me try that that next.
 
User avatar
laucupan
just joined
Topic Author
Posts: 12
Joined: Fri Oct 29, 2021 11:19 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Thu Nov 04, 2021 12:16 pm

i already aply the changes as so..
/ip firewall mangle
add action=accept chain=prerouting in-interface=pppoe-out1
add action=accept chain=prerouting in-interface=pppoe-out2

add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out1 new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out2 new-connection-mark=wan2_conn passthrough=yes
    
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=bridge-LAN new-connection-mark=wan1_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0 src-address=\
    192.168.88.0/24
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=bridge-LAN new-connection-mark=wan2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 src-address=\
    192.168.88.0/24
    
add action=mark-routing chain=prerouting connection-mark=wan1_conn \
    in-interface=bridge-LAN new-routing-mark=to_wan1 passthrough=yes \
    src-address=192.168.88.0/24
add action=mark-routing chain=prerouting connection-mark=wan2_conn \
    in-interface=bridge-LAN new-routing-mark=to_wan2 passthrough=yes \
    src-address=192.168.88.0/24
    
add action=mark-routing chain=output connection-mark=wan1_conn \
    new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=output connection-mark=wan2_conn \
    new-routing-mark=to_wan2 passthrough=yes
    
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=\
    192.168.88.0/24
add action=masquerade chain=srcnat out-interface=pppoe-out2 src-address=\
    192.168.88.0/24

also change the scope and target scope of the iproute

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out1 pref-src="" routing-table=to_wan1 scope=30 \
    suppress-hw-offload=no target-scope=60
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out2 pref-src="" routing-table=to_wan2 scope=30 \
    suppress-hw-offload=no target-scope=60
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=60
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
    pppoe-out2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=60
but stil no luck. when i try to ping to 8.8.8.8 stil got no route to host.but when i use the ping from the tool interface from interface pppoe1 or 2 i got the response.but when i use the bridge lan interface i got no route to host.

should i try to upgrade the routeros? if i check the stable version all i got is 6.xx and not 7.xx if i rembered rb5009ug is routeros7 only.but i cant find a stable routeros7 other that the included 7.0.5

thanx.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Thu Nov 04, 2021 3:02 pm

No you have to wait for stable 7.05.

Post your complete config again to have a relook of your latest settings please.
/export hide-sensitive file=anynameyouwish
 
User avatar
laucupan
just joined
Topic Author
Posts: 12
Joined: Fri Oct 29, 2021 11:19 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Thu Nov 04, 2021 4:50 pm

No you have to wait for stable 7.05.
but the firmware included in the rb5009ug is the 7.0.5 stable?

here is my complete setting again. thanx for the help.
# jan/02/1970 00:49:41 by RouterOS 7.0.5
# software id = 4J4D-MAIY
#
# model = RB5009UG+S+
# serial number = 

/interface bridge
add name=bridge-LAN

/interface ethernet
set [ find default-name=ether2 ] name=ether2-WAN1
set [ find default-name=ether3 ] name=ether3-WAN2

/interface pppoe-client
add disabled=no interface=ether2-WAN1 name=pppoe-out1 use-peer-dns=yes user=\
    xxx
add disabled=no interface=ether3-WAN2 name=pppoe-out2 user=\
    xxx

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=dhcp_pool0 ranges=192.168.88.200-192.168.88.254

/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge-LAN lease-time=15m name=dhcp-LAN

/routing table
add fib name=to_wan1
add fib name=to_wan2

/interface bridge port
add bridge=bridge-LAN interface=ether1
add bridge=bridge-LAN interface=ether4
add bridge=bridge-LAN interface=ether5
add bridge=bridge-LAN interface=ether6
add bridge=bridge-LAN interface=ether7
add bridge=bridge-LAN interface=ether8

/ip address
add address=192.168.88.1/24 interface=bridge-LAN network=192.168.88.0

/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1

/ip firewall mangle
add action=accept chain=prerouting in-interface=pppoe-out1
add action=accept chain=prerouting in-interface=pppoe-out2

add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out1 new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out2 new-connection-mark=wan2_conn passthrough=yes

add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=bridge-LAN new-connection-mark=wan1_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0 src-address=\
    192.168.88.0/24
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=bridge-LAN new-connection-mark=wan2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 src-address=\
    192.168.88.0/24

add action=mark-routing chain=prerouting connection-mark=wan1_conn \
    in-interface=bridge-LAN new-routing-mark=to_wan1 passthrough=yes \
    src-address=192.168.88.0/24
add action=mark-routing chain=prerouting connection-mark=wan2_conn \
    in-interface=bridge-LAN new-routing-mark=to_wan2 passthrough=yes \
    src-address=192.168.88.0/24

add action=mark-routing chain=output connection-mark=wan1_conn \
    new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=output connection-mark=wan2_conn \
    new-routing-mark=to_wan2 passthrough=yes

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=\
    192.168.88.0/24
add action=masquerade chain=srcnat out-interface=pppoe-out2 src-address=\
    192.168.88.0/24


/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out1 pref-src="" routing-table=to_wan1 scope=30 \
    suppress-hw-offload=no target-scope=60
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out2 pref-src="" routing-table=to_wan2 scope=30 \
    suppress-hw-offload=no target-scope=60

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=60
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
    pppoe-out2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=60

/routing rule
add action=lookup-only-in-table disabled=no dst-address=192.168.111.0/24 \
    table=main


 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Thu Nov 04, 2021 5:03 pm

HAHA you blew the mangling copy....................
The only thing you have correct is the first two lines.
The rest was not changed to what I had recommended.
Can lead a horse to water.................

/ip firewall mangle
add action=accept chain=prerouting in-interface=pppoe-out1
add action=accept chain=prerouting in-interface=pppoe-out2
 
User avatar
laucupan
just joined
Topic Author
Posts: 12
Joined: Fri Oct 29, 2021 11:19 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Fri Nov 05, 2021 3:28 pm

HAHA you blew the mangling copy....................
The only thing you have correct is the first two lines.
The rest was not changed to what I had recommended.
Can lead a horse to water.................

/ip firewall mangle
add action=accept chain=prerouting in-interface=pppoe-out1
add action=accept chain=prerouting in-interface=pppoe-out2
ah sorry for the mistake. i thought i just need to add the one u colour. im pretty new to this mangle mikrotik thing.and whenever i tried to setup the router i got disconected from the internet so i cant really search the problem in the internet. plus my kid n wife use internet for zoom assignment etc. so i can only try to do this in the night after they asleep.

i tried to setting it again from your suggestion.i add the 2 in the top. n then the one u wrote before. is this correct?
# jan/02/1970 00:34:34 by RouterOS 7.0.5
# software id = 4J4D-MAIY
#
# model = RB5009UG+S+
# serial number = 

/interface bridge
add name=bridge-LAN

/interface ethernet
set [ find default-name=ether2 ] name=ether2-WAN1
set [ find default-name=ether3 ] name=ether3-WAN2

/interface pppoe-client
add disabled=no interface=ether2-WAN1 name=pppoe-out1 use-peer-dns=yes user=\
    xxx
add disabled=no interface=ether3-WAN2 name=pppoe-out2 user=\
    xxx

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=dhcp_pool0 ranges=192.168.88.200-192.168.88.254

/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge-LAN lease-time=15m name=dhcp-LAN

/routing table
add fib name=to_wan1
add fib name=to_wan2

/interface bridge port
add bridge=bridge-LAN interface=ether1
add bridge=bridge-LAN interface=ether4
add bridge=bridge-LAN interface=ether5
add bridge=bridge-LAN interface=ether6
add bridge=bridge-LAN interface=ether7
add bridge=bridge-LAN interface=ether8

/ip address
add address=192.168.88.1/24 interface=bridge-LAN network=192.168.88.0

/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1

/ip firewall mangle
add action=accept chain=prerouting in-interface=pppoe-out1
add action=accept chain=prerouting in-interface=pppoe-out2

add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge-LAN new-connection-mark=\
    wan1_conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge-LAN new-connection-mark=\
    wan2_conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/1

add action=mark-routing chain=prerouting connection-mark=wan1_conn \
    in-interface=bridge-LAN new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn \
    in-interface=bridge-LAN new-routing-mark=to_wan2 passthrough=yes

add action=mark-routing chain=output connection-mark=wan1_conn \
    new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=output connection-mark=wan2_conn \
    new-routing-mark=to_wan2 passthrough=yes

add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out1 new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out2 new-connection-mark=wan2_conn passthrough=yes

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out1 routing-table=to_wan1 scope=30 target-scope=60
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out2 routing-table=to_wan2 scope=30 target-scope=60
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out1 scope=30 target-scope=60
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
    pppoe-out2 scope=30 target-scope=60

/routing rule
add action=lookup-only-in-table disabled=no dst-address=192.168.111.0/24 \
    table=main


i stil got a no route to host if i tried to ping 8.8.8.8 from mikrotik terminal.i also tried to change the target scope so its bigger that the scope. do u have any other sugestion? much apreciated. thanx n sorry,
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Fri Nov 05, 2021 6:32 pm

Looks good, but sorry out of ideas.
A fresh look at this may be best from another poster.........
 
User avatar
laucupan
just joined
Topic Author
Posts: 12
Joined: Fri Oct 29, 2021 11:19 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Sat Nov 06, 2021 1:13 am

Looks good, but sorry out of ideas.
A fresh look at this may be best from another poster.........
no worries. thanx for the help. i stil think its the iproute thingy. i read about giving the pppoe client a local address at 8.8.8.8 network but cant really grasped the concept or howto.
 
User avatar
laucupan
just joined
Topic Author
Posts: 12
Joined: Fri Oct 29, 2021 11:19 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Mon Nov 08, 2021 4:08 am

is there any1 that has a working setting for routeros 7 with dual wan pppoe setup with loadbalancing and failover that works? if there, can they share the setup here please?
thanx.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Mon Nov 08, 2021 6:28 am

is there any1 that has a working setting for routeros 7 with dual wan pppoe setup with loadbalancing and failover that works? if there, can they share the setup here please?
thanx.
The issue might be the check-gateway=ping setting, it doesn't make sense for PPPoE since you can't really ping an interface like that, only an IP. Try disabling check gateway.
 
User avatar
laucupan
just joined
Topic Author
Posts: 12
Joined: Fri Oct 29, 2021 11:19 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Tue Nov 23, 2021 5:18 pm

well after much thought i finally bought the hex s. wanted to try 1 last time if its the routeros7 that is different from the 6.
n thanxfully i managed to make it work with the guide from youtube which i cant get it to work with routeros7 even with the same config.
so i guess i just need to keep the rb5009ug until much guide for routeros7 available.

thanx all.
 
amirsalehalavi
just joined
Posts: 3
Joined: Wed Jun 22, 2022 12:39 pm
Location: Tehran, Iran
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Wed Aug 03, 2022 1:19 am

I know it's been almost a year since you asked this question, but in case anyone like me was wondering, here's how I got it to work in RoterOS v7.4:

/routing table
add disabled=no fib name=out_through_WAN1
add disabled=no fib name=out_through_WAN2


/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-WAN1 pref-src=0.0.0.0 routing-table=out_through_WAN1 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-WAN2 pref-src=0.0.0.0 routing-table=out_through_WAN2 scope=30 suppress-hw-offload=no target-scope=10


/ip firewall address-list
add address=192.168.0.0/16 list=Local


/ip firewall mangle

add action=mark-connection chain=input connection-mark=no-mark in-interface=PPPoE_WAN1 new-connection-mark=In_through_WAN1 passthrough=yes
add action=mark-connection chain=input connection-mark=no-mark in-interface=PPPoE_WAN2 new-connection-mark=In_through_WAN2 passthrough=yes

add action=mark-connection chain=forward connection-mark=no-mark in-interface=PPPoE_WAN1 new-connection-mark=In_through_WAN1->Local passthrough=yes
add action=mark-connection chain=forward connection-mark=no-mark in-interface=PPPoE_WAN2 new-connection-mark=In_through_WAN2->Local passthrough=yes

add action=mark-routing chain=output connection-mark=In_through_WAN1 new-routing-mark=out_through_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=In_through_WAN2 new-routing-mark=out_through_WAN2 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=In_through_WAN1->Local new-routing-mark=out_through_WAN1 passthrough=yes src-address-list=Local
add action=mark-routing chain=prerouting connection-mark=In_through_WAN2->Local new-routing-mark=out_through_WAN2 passthrough=yes src-address-list=Local

I found that disabling the following, which was working fine in RouterOS v6 would do the trick:

/ip firewall mangle

add action=mark-routing chain=prerouting connection-mark=In_through_WAN1 disabled=yes new-routing-mark=out_through_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=In_through_WAN2 disabled=yes new-routing-mark=out_through_WAN2 passthrough=yes
 
User avatar
laucupan
just joined
Topic Author
Posts: 12
Joined: Fri Oct 29, 2021 11:19 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Sat Jan 14, 2023 9:42 am

I know it's been almost a year since you asked this question, but in case anyone like me was wondering, here's how I got it to work in RoterOS v7.4:

/routing table
add disabled=no fib name=out_through_WAN1
add disabled=no fib name=out_through_WAN2


/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-WAN1 pref-src=0.0.0.0 routing-table=out_through_WAN1 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-WAN2 pref-src=0.0.0.0 routing-table=out_through_WAN2 scope=30 suppress-hw-offload=no target-scope=10


/ip firewall address-list
add address=192.168.0.0/16 list=Local


/ip firewall mangle

add action=mark-connection chain=input connection-mark=no-mark in-interface=PPPoE_WAN1 new-connection-mark=In_through_WAN1 passthrough=yes
add action=mark-connection chain=input connection-mark=no-mark in-interface=PPPoE_WAN2 new-connection-mark=In_through_WAN2 passthrough=yes

add action=mark-connection chain=forward connection-mark=no-mark in-interface=PPPoE_WAN1 new-connection-mark=In_through_WAN1->Local passthrough=yes
add action=mark-connection chain=forward connection-mark=no-mark in-interface=PPPoE_WAN2 new-connection-mark=In_through_WAN2->Local passthrough=yes

add action=mark-routing chain=output connection-mark=In_through_WAN1 new-routing-mark=out_through_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=In_through_WAN2 new-routing-mark=out_through_WAN2 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=In_through_WAN1->Local new-routing-mark=out_through_WAN1 passthrough=yes src-address-list=Local
add action=mark-routing chain=prerouting connection-mark=In_through_WAN2->Local new-routing-mark=out_through_WAN2 passthrough=yes src-address-list=Local

I found that disabling the following, which was working fine in RouterOS v6 would do the trick:

/ip firewall mangle

add action=mark-routing chain=prerouting connection-mark=In_through_WAN1 disabled=yes new-routing-mark=out_through_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=In_through_WAN2 disabled=yes new-routing-mark=out_through_WAN2 passthrough=yes
hi sir, its almost half a yearn since u answered this n almost a year since i post this question. a few guide for routeros7 with 2wan or more is available.but sadly almost none with 2 pppoe isp
is there any chance i could get ur working script for routeros7 dual wan pppoe? does it has a loadbalancing with recursive failover too?

thanx, because its new year. was thinking that i should try to use the routeros7 router again.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Sat Jan 14, 2023 3:47 pm

I will have another look this weekend time permitting!!
 
User avatar
laucupan
just joined
Topic Author
Posts: 12
Joined: Fri Oct 29, 2021 11:19 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Sun Jan 15, 2023 9:35 am

I will have another look this weekend time permitting!!
ah thanx man. im also stil browsing for viable guide to try. because cant really find the time to disconnect the internet to try it with my wife n children using it.
and stil trying to find whats the difference of my script with amirsalehalavi one.
its already a year passed. n i already forgotten most of the script.
 
amirsalehalavi
just joined
Posts: 3
Joined: Wed Jun 22, 2022 12:39 pm
Location: Tehran, Iran
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Fri Mar 03, 2023 1:05 pm

I know it's been almost a year since you asked this question, but in case anyone like me was wondering, here's how I got it to work in RoterOS v7.4:

/routing table
add disabled=no fib name=out_through_WAN1
add disabled=no fib name=out_through_WAN2


/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-WAN1 pref-src=0.0.0.0 routing-table=out_through_WAN1 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-WAN2 pref-src=0.0.0.0 routing-table=out_through_WAN2 scope=30 suppress-hw-offload=no target-scope=10


/ip firewall address-list
add address=192.168.0.0/16 list=Local


/ip firewall mangle

add action=mark-connection chain=input connection-mark=no-mark in-interface=PPPoE_WAN1 new-connection-mark=In_through_WAN1 passthrough=yes
add action=mark-connection chain=input connection-mark=no-mark in-interface=PPPoE_WAN2 new-connection-mark=In_through_WAN2 passthrough=yes

add action=mark-connection chain=forward connection-mark=no-mark in-interface=PPPoE_WAN1 new-connection-mark=In_through_WAN1->Local passthrough=yes
add action=mark-connection chain=forward connection-mark=no-mark in-interface=PPPoE_WAN2 new-connection-mark=In_through_WAN2->Local passthrough=yes

add action=mark-routing chain=output connection-mark=In_through_WAN1 new-routing-mark=out_through_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=In_through_WAN2 new-routing-mark=out_through_WAN2 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=In_through_WAN1->Local new-routing-mark=out_through_WAN1 passthrough=yes src-address-list=Local
add action=mark-routing chain=prerouting connection-mark=In_through_WAN2->Local new-routing-mark=out_through_WAN2 passthrough=yes src-address-list=Local

I found that disabling the following, which was working fine in RouterOS v6 would do the trick:

/ip firewall mangle

add action=mark-routing chain=prerouting connection-mark=In_through_WAN1 disabled=yes new-routing-mark=out_through_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=In_through_WAN2 disabled=yes new-routing-mark=out_through_WAN2 passthrough=yes
hi sir, its almost half a yearn since u answered this n almost a year since i post this question. a few guide for routeros7 with 2wan or more is available.but sadly almost none with 2 pppoe isp
is there any chance i could get ur working script for routeros7 dual wan pppoe? does it has a loadbalancing with recursive failover too?

thanx, because its new year. was thinking that i should try to use the routeros7 router again.
Hi there,
The script I sent was almost all it took me to get it working.
My scenario was to answer traffic from which link they have been coming in, and there was no load balancing in my scenario.
Anyway, feel free to contact me via skype, maybe we can work it out together. My contact information is available in my profile.
 
DatGiang
just joined
Posts: 1
Joined: Mon Apr 24, 2023 12:23 pm

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Wed Apr 26, 2023 9:41 am



hi sir, its almost half a yearn since u answered this n almost a year since i post this question. a few guide for routeros7 with 2wan or more is available.but sadly almost none with 2 pppoe isp
is there any chance i could get ur working script for routeros7 dual wan pppoe? does it has a loadbalancing with recursive failover too?

thanx, because its new year. was thinking that i should try to use the routeros7 router again.
Hi there,
The script I sent was almost all it took me to get it working.
My scenario was to answer traffic from which link they have been coming in, and there was no load balancing in my scenario.
Anyway, feel free to contact me via skype, maybe we can work it out together. My contact information is available in my profile.
Hi amirsalehalavi,
Can you share the full scrip for me? I try to set up dual wan pppoe with fail over. Thank
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Fri Apr 28, 2023 7:46 pm

Back..........

So your mangles to be on the safe for most situations.
A. Ensure any traffic coming in on a particular WAN leaves the same WAN. This is valid for traffic going to servers or to the routers themselves. This is comprised of two sets of rules, traffic coming in and then traffic leaving. Note the chains used ( prerouting and output ). One should be aware that return traffic from the router ( for traffic sent to the router ) does not go through prerouting on the way back out and thus we need to use the output chain.

add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE_WAN1 new-connection-mark=In_through_WAN1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE_WAN2 new-connection-mark=In_through_WAN2 passthrough=yes


add action=mark-routing chain=output connection-mark=In_through_WAN1 new-routing-mark=out_through_WAN1 passthrough=No
add action=mark-routing chain=output connection-mark=In_through_WAN2 new-routing-mark=out_through_WAN2 passthrough=no


B. Ensure any traffic leaving the LAN gets marked and assigned PCC according to the admins wishes........ This consists of two sets of rules. One to mark and PCC and the second set to ensure the traffic goes out the assigned route.

add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge-LAN new-connection-mark=In_through_WAN1 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge-LAN new-connection-mark=In_through_WAN2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1


add action=mark-routing chain=prerouting connection-mark=In_through_WAN1 in-interface=bridge-LAN \
new-routing-mark=out_through_WAN1 passthrough=no \

add action=mark-routing chain=prerouting connection-mark=In_through_WAN2 in-interface=bridge-LAN \
new-routing-mark=out_through_WAN2 passthrough=no \


DONE......
++++++++++++++++++++++++++++++++++++++++

Tables are fine........
/routing table
add disabled=no fib name=out_through_WAN1
add disabled=no fib name=out_through_WAN2


Assuming sourcenat is done....
/ip firewall nat
add action=masquerade chain=srcnat out-interface=PPPoE-WAN1
add action=masquerade chain=srcnat out-interface=PPPoE-WAN2


++++++++++++++++++++++++++++++++++++++++++++++

Thus assuming issue if not above is with routing.
I am assuming you have selected add default route to both of your pppoe settings......... if thats the case no worries.
If not then you need to add manual routes.
add dst=address=0.0.0.0/0 gwy=PPPoE-WAN1 routing-table=main
add dst=address=0.0.0.0/0 gwy=PPPoE-WAN2 routing-table=main


NOW to have failover there are shortcut methods but will apply the methodology that works if you want to add a third or more WANs.......... bulletproof.
This uses recursive routing which ensures that outside connectivity is discovered ( which seems to be most comment and avoids the scenario where the ISP modem talks to the ISP but the ISP is not connected to the internet ).

Establish the farthest hop
/ip route
add check-gateway=ping dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 { main table }
will be used for WAN1
add check-gateway=ping dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 {main table } will be used for WAN2

Add Cases for Failure..... ( W1-->2) and then a second set for W2-->1)
distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=out_through_WAN1
distance=2 dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 routing-table=out_through_WAN1


distance=1 dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 routing-table=out_through_WAN2
distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=out_through_WAN2


Establish the next hop (direct link).

/ip route
add dst-address=1.1.1.1/32 gateway=PPPoE-WAN1 scope=10 target-scope=13
add dst-address=9.9.9.9/32 gateway=PPPoE-WAN2 scope=10 target-scope=13
Last edited by anav on Thu Jan 04, 2024 1:16 pm, edited 2 times in total.
 
leduycuong12345
just joined
Posts: 2
Joined: Fri Sep 22, 2023 7:00 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Sun Sep 24, 2023 11:44 am

Many tks!! worked like a champ for rb750gr3 version 7.2.3 :) :) . I'm gonna test it right now.
Last edited by tangent on Sun Sep 24, 2023 12:09 pm, edited 1 time in total.
Reason: Removed unnecessary full-quote
 
stasnamco
just joined
Posts: 6
Joined: Fri Dec 29, 2023 9:48 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Wed Jan 03, 2024 3:30 pm

Back..........

So your mangles to be on the safe for most situations.
A. Ensure any traffic coming in on a particular WAN leaves the same WAN. This is valid for traffic going to servers or to the routers themselves. This is comprised of two sets of rules, traffic coming in and then traffic leaving. Note the chains used ( prerouting and output ). One should be aware that return traffic from the router ( for traffic sent to the router ) does not go through prerouting on the way back out and thus we need to use the output chain.

add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE_WAN1 new-connection-mark=In_through_WAN1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE_WAN2 new-connection-mark=In_through_WAN2 passthrough=yes


add action=mark-routing chain=output connection-mark=In_through_WAN1 new-routing-mark=out_through_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=In_through_WAN2 new-routing-mark=out_through_WAN2 passthrough=yes


B. Ensure any traffic leaving the LAN gets marked and assigned PCC according to the admins wishes........ This consists of two sets of rules. One to mark and PCC and the second set to ensure the traffic goes out the assigned route.

add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge-LAN new-connection-mark=In_through_WAN1 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge-LAN new-connection-mark=In_through_WAN2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1


add action=mark-routing chain=prerouting connection-mark=In_through_WAN1 in-interface=bridge-LAN \
new-routing-mark=out_through_WAN1 passthrough=yes \

add action=mark-routing chain=prerouting connection-mark=In_through_WAN2 in-interface=bridge-LAN \
new-routing-mark=out_through_WAN2 passthrough=yes \


DONE......
++++++++++++++++++++++++++++++++++++++++

Tables are fine........
/routing table
add disabled=no fib name=out_through_WAN1
add disabled=no fib name=out_through_WAN2


Assuming sourcenat is done....
/ip firewall nat
add action=masquerade chain=srcnat out-interface=PPPoE-WAN1
add action=masquerade chain=srcnat out-interface=PPPoE-WAN2


++++++++++++++++++++++++++++++++++++++++++++++

Thus assuming issue if not above is with routing.
I am assuming you have selected add default route to both of your pppoe settings......... if thats the case no worries.
If not then you need to add manual routes.
add dst=address=0.0.0.0/0 gwy=PPPoE-WAN1 routing-table=main
add dst=address=0.0.0.0/0 gwy=PPPoE-WAN2 routing-table=main


NOW to have failover there are shortcut methods but will apply the methodology that works if you want to add a third or more WANs.......... bulletproof.
This uses recursive routing which ensures that outside connectivity is discovered ( which seems to be most comment and avoids the scenario where the ISP modem talks to the ISP but the ISP is not connected to the internet ).

Establish the farthest hop
/ip route
add check-gateway=ping dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 { main table }
will be used for WAN1
add check-gateway=ping dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 {main table } will be used for WAN2

Add Cases for Failure..... ( W1-->2) and then a second set for W2-->1)
distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=out_through_WAN1
distance=2 dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 routing-table=out_through_WAN1


distance=1 dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 routing-table=out_through_WAN2
distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=out_through_WAN2


Establish the next hop (direct link).

/ip route
add dst-address=1.1.1.1/32 gateway=PPPoE-WAN1 scope=10 target-scope=13
add dst-address=9.9.9.9/32 gateway=PPPoE-WAN2 scope=10 target-scope=13
You are amazing!
Thank you very much!
P.S. Please write how to make port forwarding with multiWAN solution? Simple way for 1 WAN by firwall/NAT not working with multiWAN.
P.S.S. I have PPPoE-WAN1, PPPoE-WAN2, PPPoE-WAN3 with white IP address each, need to forward 3306 to local PC with IP: 192.168.1.35 for example?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Wed Jan 03, 2024 4:14 pm

Post your config and I will have a look.
Also an update to what I posted I was not entirely accurate.

1. The output chain rules ensure that external traffic TO THE ROUTER ( aka services like wireguard handshake ) that comes in WANX goes out WANX
2. One still needs prerouting chain rules to ensure that traffic TO SERVERS that came in on WANX, also go out WANX.

Finally, each scenario is different/unique and the full set of traffic flow requirements must be understood before planning the config.
 
stasnamco
just joined
Posts: 6
Joined: Fri Dec 29, 2023 9:48 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Wed Jan 03, 2024 5:40 pm

Post your config and I will have a look.
Also an update to what I posted I was not entirely accurate.

1. The output chain rules ensure that external traffic TO THE ROUTER ( aka services like wireguard handshake ) that comes in WANX goes out WANX
2. One still needs prerouting chain rules to ensure that traffic TO SERVERS that came in on WANX, also go out WANX.

Finally, each scenario is different/unique and the full set of traffic flow requirements must be understood before planning the config.
Thank you for your answer, this is my config for multiWAN:

/interface pppoe-client
add disabled=no interface=ether1 name=PPPoE-WAN1 comment=pppoe_1 password=xxx user=xxx
add disabled=no interface=ether2 name=PPPoE-WAN2 comment=pppoe_2 password=xxx user=xxx
add disabled=no interface=ether3 name=PPPoE-WAN3 comment=pppoe_3 password=xxx user=xxx


/routing table
add disabled=no fib name=out_through_WAN1
add disabled=no fib name=out_through_WAN2
add disabled=no fib name=out_through_WAN3


/ip firewall mangle

add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE-WAN1 new-connection-mark=In_through_WAN1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE-WAN2 new-connection-mark=In_through_WAN2 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE-WAN3 new-connection-mark=In_through_WAN3 passthrough=yes

add action=mark-routing chain=output connection-mark=In_through_WAN1 new-routing-mark=out_through_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=In_through_WAN2 new-routing-mark=out_through_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=In_through_WAN3 new-routing-mark=out_through_WAN3 passthrough=yes

add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge new-connection-mark=In_through_WAN1 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge new-connection-mark=In_through_WAN2 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge new-connection-mark=In_through_WAN3 \
passthrough=yes per-connection-classifier=both-addresses-and-ports:3/2

add action=mark-routing chain=prerouting connection-mark=In_through_WAN1 in-interface=bridge \
new-routing-mark=out_through_WAN1 passthrough=yes 

add action=mark-routing chain=prerouting connection-mark=In_through_WAN2 in-interface=bridge \
new-routing-mark=out_through_WAN2 passthrough=yes 

add action=mark-routing chain=prerouting connection-mark=In_through_WAN3 in-interface=bridge \
new-routing-mark=out_through_WAN3 passthrough=yes 

/ip firewall nat
add action=masquerade chain=srcnat out-interface=PPPoE-WAN1
add action=masquerade chain=srcnat out-interface=PPPoE-WAN2
add action=masquerade chain=srcnat out-interface=PPPoE-WAN3

/ip route
add dst-address=0.0.0.0/0 gateway=PPPoE-WAN1 routing-table=main
add dst-address=0.0.0.0/0 gateway=PPPoE-WAN2 routing-table=main
add dst-address=0.0.0.0/0 gateway=PPPoE-WAN3 routing-table=main

/ip route
add check-gateway=ping dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=main
add check-gateway=ping dst-address=0.0.0.0/0 gateway=7.7.7.7 scope=10 target-scope=14 routing-table=main
add check-gateway=ping dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 routing-table=main

add distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=out_through_WAN1
add distance=2 dst-address=0.0.0.0/0 gateway=7.7.7.7 scope=10 target-scope=14 routing-table=out_through_WAN1
add distance=3 dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 routing-table=out_through_WAN1

add distance=1 dst-address=0.0.0.0/0 gateway=7.7.7.7 scope=10 target-scope=14 routing-table=out_through_WAN2
add distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=out_through_WAN2
add distance=3 dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 routing-table=out_through_WAN2

add distance=1 dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=14 routing-table=out_through_WAN3
add distance=2 dst-address=0.0.0.0/0 gateway=7.7.7.7 scope=10 target-scope=14 routing-table=out_through_WAN3
add distance=3 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=14 routing-table=out_through_WAN3

add dst-address=1.1.1.1/32 gateway=PPPoE-WAN1 scope=10 target-scope=13
add dst-address=7.7.7.7/32 gateway=PPPoE-WAN2 scope=10 target-scope=13
add dst-address=9.9.9.9/32 gateway=PPPoE-WAN3 scope=10 target-scope=13
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Thu Jan 04, 2024 2:01 am

Okay so you have a port forwarding requirement but no external traffic TO THE ROUTER ( aka no vpn services etc. no wireguard ).
In which case you dont need the output chain set of rules But YOU ARE MISSING THE MARK ROUTES FOR THE RETURN due to PORT FOWARDING via PREROUTING!!!!
A small note if you did need output chain rules, passthrough for marking routes should be NO.

interface pppoe-client
add disabled=no interface=ether1 name=PPPoE-WAN1 comment=pppoe_1 password=xxx user=xxx
add disabled=no interface=ether2 name=PPPoE-WAN2 comment=pppoe_2 password=xxx user=xxx
add disabled=no interface=ether3 name=PPPoE-WAN3 comment=pppoe_3 password=xxx user=xxx


/routing table
add disabled=no fib name=out_through_WAN1
add disabled=no fib name=out_through_WAN2
add disabled=no fib name=out_through_WAN3


/ip firewall mangle

(first we mark connections coming in WAN needed generally for traffic to the router (none in this case) and traffic to servers on the LAN)
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE-WAN1 new-connection-mark=In_through_WAN1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE-WAN2 new-connection-mark=In_through_WAN2 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE-WAN3 new-connection-mark=In_through_WAN3 passthrough=yes


(then we mark routes for the traffic when its being considered for routing )
add action=mark-routing chain=prerouting connection-mark=In_through_WAN1 in-interface=PPPoE-WAN1 new-routing-mark=out_through_WAN1 passthrough=NO
add action=mark-routing chain=prerouting connection-mark=In_through_WAN2 in-interface=PPPoE-WAN2 new-routing-mark=out_through_WAN2 passthrough=NO
add action=mark-routing chain=prerouting connection-mark=In_through_WAN3 in-interface=PPPoE-WAN3 new-routing-mark=out_through_WAN3 passthrough=NO

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

(next we mark connections- for traffic with no marks coming from the bridge)
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local \
in-interface=bridge new-connection-mark=In_through_WAN1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local \
in-interface=bridge new-connection-mark=In_through_WAN2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local \
in-interface=bridge new-connection-mark=In_through_WAN3 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/2

(then we mark routes to ensure it goes out the prescribed WAN)
add action=mark-routing chain=prerouting connection-mark=In_through_WAN1 new-routing-mark=out_through_WAN1 passthrough=NO
add action=mark-routing chain=prerouting connection-mark=In_through_WAN2 new-routing-mark=out_through_WAN2 passthrough=NO
add action=mark-routing chain=prerouting connection-mark=In_through_WAN3 new-routing-mark=out_through_WAN3 passthrough=NO

/ip firewall nat
add action=masquerade chain=srcnat out-interface=PPPoE-WAN1
add action=masquerade chain=srcnat out-interface=PPPoE-WAN2
add action=masquerade chain=srcnat out-interface=PPPoE-WAN3

/ip route ( recursive routing part1 )
add distance=1 check-gateway=ping dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=12 routing-table=main
add distance=2 check-gateway=ping dst-address=0.0.0.0/0 gateway=7.7.7.7 scope=10 target-scope=12 routing-table=main
add distance=3 check-gateway=ping dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=12 routing-table=main

(recursive routing part 2)
add distance=1 dst-address=1.1.1.1/32 gateway=PPPoE-WAN1 scope=10 target-scope=11 routing-table=main
add distance=2 dst-address=7.7.7.7/32 gateway=PPPoE-WAN2 scope=10 target-scope=11 routing-table=main
add distance=3 dst-address=9.9.9.9/32 gateway=PPPoE-WAN3 scope=10 target-scope=11 routing-table=main

(Routing for New routing tables)
add check-gateway=ping dst-address=0.0.0.0/0 gateway=PPoE-WAN1 routing-table=out_through_WAN1
add check-gateway=ping dst-address=0.0.0.0/0 gateway=PPoE-WAN2 routing-table=out_through_WAN2
add check-gateway=ping dst-address=0.0.0.0/0 gateway=PPoE-WAN3 routing-table=out_through_WAN3

What we have here is a natural failover setup with WAN1 higher priority than WAN2 and WAN higher priority than WAN3 in the Routing Table MAIN.
WAN1 -->WAN2--.WAN3
WAN2-->WAN1-->WAN3
WAN3-->WAN1-->WAN2

That means for PCC, that"
if WAN1 fails all its share of the traffic will go to WAN2 and if WAN2 also fails all the load goes to WAN3
if WAN2 fails all its share of the traffic will go to WAN1 and if WAN1 also fails all the load goes to WAN3
If WAN3 fails all its share of the traffic will go to WAN1 and if WAN1 also fails all the load goes to WAN2

If you wanted equal load sharing in case of failure (WAN1 fail gets spread equally over WAN2, WAN3)................. it gets more complex.
 
stasnamco
just joined
Posts: 6
Joined: Fri Dec 29, 2023 9:48 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Thu Jan 04, 2024 8:33 am


What we have here is a natural failover setup with WAN1 higher priority than WAN2 and WAN higher priority than WAN3 in the Routing Table MAIN.
WAN1 -->WAN2--.WAN3
WAN2-->WAN1-->WAN3
WAN3-->WAN1-->WAN2

That means for PCC, that"
if WAN1 fails all its share of the traffic will go to WAN2 and if WAN2 also fails all the load goes to WAN3
if WAN2 fails all its share of the traffic will go to WAN1 and if WAN1 also fails all the load goes to WAN3
If WAN3 fails all its share of the traffic will go to WAN1 and if WAN1 also fails all the load goes to WAN2

If you wanted equal load sharing in case of failure (WAN1 fail gets spread equally over WAN2, WAN3)................. it gets more complex.
Thank you very much!
But theory not work so good on practice. I tried to disable WAN1, after WAN2 and so on many times. In the result, now its random, for example WAN1 disable, WAN2 and WAN3 are enable, but port forwarding work only with WAN3. But before its was WAN2)))

Please tell me, if I wanted equal and port forwarding to any WAN IP in same time? is it hard to do?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Thu Jan 04, 2024 1:18 pm

If its not working then I need to see full config as answering any more questions requires complete understanding.
/export file=anynameyouwish (minus router serial number, public wanip information, keys etc..)
 
stasnamco
just joined
Posts: 6
Joined: Fri Dec 29, 2023 9:48 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Thu Jan 04, 2024 9:14 pm

If its not working then I need to see full config as answering any more questions requires complete understanding.
/export file=anynameyouwish (minus router serial number, public wanip information, keys etc..)
Ok. I will do export. tomorrow.

Tell me please one more thing:
Do you specially remove this routes from my config before:
/ip route
add dst-address=0.0.0.0/0 gateway=PPPoE-WAN1 routing-table=main
add dst-address=0.0.0.0/0 gateway=PPPoE-WAN2 routing-table=main
add dst-address=0.0.0.0/0 gateway=PPPoE-WAN3 routing-table=main


I ask, cause right now only one WAN at one time working. No more load sharing between WANs(((
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Thu Jan 04, 2024 11:25 pm

Yup, they were not required if doing recursive on the main routing table.
As stated full config, no more part configs..........
 
stasnamco
just joined
Posts: 6
Joined: Fri Dec 29, 2023 9:48 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Fri Jan 05, 2024 6:11 am

Yup, they were not required if doing recursive on the main routing table.
As stated full config, no more part configs..........
Thank you very much for your attentions to my problem!

But with your last config load sharing between WANs not working(((
WAN1-on, WAN2-on, WAN3-on but traffic go only through WAN1;
WAN1-OFF, WAN2-on, WAN3-on traffic go only through WAN3;
WAN1-OFF, WAN2-on, WAN3-OFF - no internet connection for PC clients;

With old full config that I sent before load sharing between WANs works perfect! but no port-forwarding(((
 
stasnamco
just joined
Posts: 6
Joined: Fri Dec 29, 2023 9:48 am

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Fri Jan 05, 2024 6:13 am

/interface pppoe-client
add disabled=no interface=ether1 name=PPPoE-WAN1 password=xxx user=xxx
add disabled=no interface=ether2 name=PPPoE-WAN2 password=xxx user=xxx
add disabled=no interface=ether3 name=PPPoE-WAN3 password=xxx user=xxx


/routing table
add disabled=no fib name=out_through_WAN1
add disabled=no fib name=out_through_WAN2
add disabled=no fib name=out_through_WAN3


/ip firewall mangle

add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE-WAN1 new-connection-mark=In_through_WAN1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE-WAN2 new-connection-mark=In_through_WAN2 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PPPoE-WAN3 new-connection-mark=In_through_WAN3 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=In_through_WAN1 in-interface=PPPoE-WAN1 new-routing-mark=out_through_WAN1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=In_through_WAN2 in-interface=PPPoE-WAN2 new-routing-mark=out_through_WAN2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=In_through_WAN3 in-interface=PPPoE-WAN3 new-routing-mark=out_through_WAN3 passthrough=no

add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local \
in-interface=bridge new-connection-mark=In_through_WAN1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local \
in-interface=bridge new-connection-mark=In_through_WAN2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local \
in-interface=bridge new-connection-mark=In_through_WAN3 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/2

add action=mark-routing chain=prerouting connection-mark=In_through_WAN1 new-routing-mark=out_through_WAN1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=In_through_WAN2 new-routing-mark=out_through_WAN2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=In_through_WAN3 new-routing-mark=out_through_WAN3 passthrough=no

/ip firewall nat
add action=masquerade chain=srcnat out-interface=PPPoE-WAN1
add action=masquerade chain=srcnat out-interface=PPPoE-WAN2
add action=masquerade chain=srcnat out-interface=PPPoE-WAN3

/ip route 
add distance=1 check-gateway=ping dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=10 target-scope=12 routing-table=main
add distance=2 check-gateway=ping dst-address=0.0.0.0/0 gateway=7.7.7.7 scope=10 target-scope=12 routing-table=main
add distance=3 check-gateway=ping dst-address=0.0.0.0/0 gateway=9.9.9.9 scope=10 target-scope=12 routing-table=main

add distance=1 dst-address=1.1.1.1/32 gateway=PPPoE-WAN1 scope=10 target-scope=11 routing-table=main
add distance=2 dst-address=7.7.7.7/32 gateway=PPPoE-WAN2 scope=10 target-scope=11 routing-table=main
add distance=3 dst-address=9.9.9.9/32 gateway=PPPoE-WAN3 scope=10 target-scope=11 routing-table=main

add check-gateway=ping dst-address=0.0.0.0/0 gateway=PPPoE-WAN1 routing-table=out_through_WAN1
add check-gateway=ping dst-address=0.0.0.0/0 gateway=PPPoE-WAN2 routing-table=out_through_WAN2
add check-gateway=ping dst-address=0.0.0.0/0 gateway=PPPoE-WAN3 routing-table=out_through_WAN3
This is last config from your idea that not work good for me cause no load sharing between WANs((
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RouterOS v7.0.5 Dual PPPoE Wan Setup.

Fri Jan 05, 2024 10:27 pm

Please post full config so I can see what is going on. please.
/export file=anynameyouwish ( minus router serial number and any public WANIP information )

Who is online

Users browsing this forum: Google [Bot], lurker888 and 35 guests