Community discussions

MikroTik App
 
AzDsL
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Sun May 22, 2022 4:17 am

Redirecting Tracert/Traceroute traffic to a specific gateway in a Dual ISP/WAN set-up

Thu Jun 16, 2022 6:37 am

Good day!

In a dual WAN set-up with different ISPs (different gateways), is it possible to route all traffic going to the internet to WAN-1 (ISP1) but reroute any traffic initiated by Tracert/Traceroute command that is targeting any public destination IP address to WAN-2 (ISP2)?

The trick is to make all traffic from LAN to WAN looks like they are passing through WAN-2 (ISP2) when users conduct a traceroute, wherein in reality it passes through WAN-1 (ISP1). Traceroute result should show IP addresses of ISP2 and not from ISP1.

If this trick is doable, how can it be done?

Sample MT Interface Port Assigment:
Ether 1 = WAN1 (ISP1)
Ether 2 = WAN2 (ISP2)
Ether 3 = Bridge (All Services)
Ether 4 = Bridge (All Services)
Ether 5 = Bridge (All Services)

Same objective also goes to conducting a speed test wherein the gateway or IP address of ISP2 should be the one to appear in the speed test result.

Note: there should be no traffic going to WAN-2 (ISP2) except when doing traceroute and speed test.

I know this is not a standard practice but I would appreciate if someone could help me acheive the above objectives.

Thank you in advance.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Redirecting Tracert/Traceroute traffic to a specific gateway in a Dual ISP/WAN set-up

Thu Jun 16, 2022 8:31 am

There is no reliable way for traceroute, and no way at all for speedtest.
 
User avatar
ingdaka
Trainer
Trainer
Posts: 452
Joined: Thu Aug 30, 2012 3:06 pm
Location: Albania
Contact:

Re: Redirecting Tracert/Traceroute traffic to a specific gateway in a Dual ISP/WAN set-up

Fri Jun 17, 2022 10:15 pm

If is simple trace route that works with ICMP you can! Mark ICMP traffic and send it via a gateway!
 
R1CH
Forum Guru
Forum Guru
Posts: 1099
Joined: Sun Oct 01, 2006 11:44 pm

Re: Redirecting Tracert/Traceroute traffic to a specific gateway in a Dual ISP/WAN set-up

Sat Jun 18, 2022 12:39 am

Traceroute works with any protocol, Linux uses UDP for example but you can even use TCP. This whole idea seems shady as hell, like you're hiding what service you're really selling and tricking your customers.
 
AzDsL
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Sun May 22, 2022 4:17 am

Re: Redirecting Tracert/Traceroute traffic to a specific gateway in a Dual ISP/WAN set-up

Sat Jun 18, 2022 4:56 am

If is simple trace route that works with ICMP you can! Mark ICMP traffic and send it via a gateway!


Thank you for giving light to have this idea doable. Would appreciate if you can help provide sample of actual config to make this work.

Sample MT Interface Port & IP Address Assigment:
Ether 1 = WAN1 (ISP1)
Ether 2 = WAN2 (ISP2)
Ether 3 = Bridge (All Services)
Ether 4 = Bridge (All Services)
Ether 5 = Bridge (All Services)

ISP1 IP Address = 111.111.111.1/30
ISP2 IP Address = 222.222.222.1/30
Bridge IP Address = 10.10.10.1/24
 
AzDsL
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Sun May 22, 2022 4:17 am

Re: Redirecting Tracert/Traceroute traffic to a specific gateway in a Dual ISP/WAN set-up

Sat Jun 18, 2022 5:01 am

Traceroute works with any protocol, Linux uses UDP for example but you can even use TCP. This whole idea seems shady as hell, like you're hiding what service you're really selling and tricking your customers.

Thank you for your response. Could you please elaborate what specific ports for each protocol traceroutes/tracerts are using?
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Redirecting Tracert/Traceroute traffic to a specific gateway in a Dual ISP/WAN set-up

Sat Jun 18, 2022 6:19 am

try this mangle rule at the top for traceroute
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=isp2 passthrough=no ttl=less-than:6
 
AzDsL
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Sun May 22, 2022 4:17 am

Re: Redirecting Tracert/Traceroute traffic to a specific gateway in a Dual ISP/WAN set-up

Sat Jun 18, 2022 6:47 am

try this mangle rule at the top for traceroute
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=isp2 passthrough=no ttl=less-than:6

Thank you for your suggestion but can you please explain what is ttl=less-than:6 for? What it has to do with traceroute traffic?
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Redirecting Tracert/Traceroute traffic to a specific gateway in a Dual ISP/WAN set-up

Sat Jun 18, 2022 1:06 pm

Have a look how traceroute actually works and what is the purpose of TTL in general and in traceroute in particular. Sniffing traceroute traffic and analysing it using Wireshark is a great way to learn that. If you use something else than Mikrotik itself (Windows, Linux) to run the traceroute (tracert, mtr) tool, you'll also see why @ingdaka's suggestion to apply specific routing to ICMP traffic would actually only work for niche scenarios (and worse than that, it would also break some things, but you won't see these from a packet sniff of traceroute). It will also make you understand what @R1CH wrote and that there is no list of ports you could use to reliably distinguish traceroute traffic from other one.

Rest assured that cheating on your customers will fire back sooner or later.

Who is online

Users browsing this forum: Bing [Bot], JDF and 90 guests