Community discussions

MikroTik App
 
David00
just joined
Topic Author
Posts: 9
Joined: Tue Mar 29, 2022 1:06 am

Help With Dual WAN Setup

Tue Mar 29, 2022 1:45 am

Hello, experienced network engineer here, but new to MikroTiks. My old router decided to fail overnight, so I'm deploying a new hEX S with RouterOS v6.48.6 at home, where I have dual WANs.

One WAN is from the ISP that I work for, and so I have access to the company backbone and private space through this WAN connection (ie, I can access our private 10 and 172 space at various properties around the country through this WAN connection).

The other WAN is just standard 1 Gbps up/down residential service that I use for everything non-work related.

I have my home network up and running through the 1 Gbps LAN right now, but I'm struggling to get my work's WAN connection up. Please note I am NOT looking for load balancing or WAN aggregation. I'm simply looking to route traffic going to specific networks out of my work's WAN connection, and all other traffic out my standard residential WAN connection.

My work WAN is in eth4 and is not tagged. My residential WAN is in eth1 and is tagged with VLAN 201 (ISP requirement, not mine). I have a couple different VLANs setup that both get NAT'ed / masqueraded to the WAN interface list, which includes both eth4 and VLAN 201.

Here's an example of what I want to do.

Traffic from my LAN that's destined for 10.0.0.0/16 or 1.2.3.0/28 (for example) should go out my work WAN, eth4. (I know it's weird for private IPs to go out over a WAN interface, but keep in mind we are the ISP and we route private space through across our backbone). There are also a range of public IPs that I want to go out eth4.

Traffic from my LAN that is destined to any other address not mentioned above should go out my residential WAN, VLAN 201.

Traffic from my LAN needs to be NAT'd through either WAN interface that it goes through on its way out.


<BREAK>

I'm having trouble establishing basic layer 3 connectivity on the work WAN. It's a static /30 public address, untagged, and goes directly on the physical interface (eth4). I'm trying to use the RouterOS GUI to ping my upstream gateway from this WAN interface, and I'm getting timeouts. For instance, if I am 1.1.1.2/30, I'm trying to ping 1.1.1.1 with a source of 1.1.1.2, and these are failing. So, I need to get this figured out first before being able to finish the dual WAN setup.

Any ideas why this is failing? 1.1.1.0/30 is a connected route, so I can't imagine that the other WAN or any other routes have anything to do with this. I have a firewall filter rule at the very top of my firewall rules to accept all traffic going to <my work WAN>/30 while setting this up.

I have a feeling it has something to do with the bridge configuration, which I am not familiar with at all in MikroTik. I've done some research here on the forums and the current understanding is that the bridge configuration is obsolete (yet I see references to "bridge reachable" when looking at the routing table under IP -> Routes).

Thank you so much for your time and any assistance. I'd be happy to share configs upon request (but I'll also need some guidance on how to get them; the CLI doesn't appear to support any show commands!)

Who is online

Users browsing this forum: CGGXANNX and 43 guests