Hello my friends,
Merry Christmas to all of you, and I hope you have a great weekend..!
I have the following scenario:
I have MikroTik CCR2004 with two WAN connections:
WAN-1 connected to Ether-1 from ONU-1
WAN-2 connected to Ether-13 from ONU-2
For WAN-1, I have two public IP addresses, and I am using both of them. I assigned the IPs as follows:
ether-1 = xxx.xx.xx.85
ether-1 = xxx.xx.xx.84
I have also assigned SRC NAT rules for both IPs to the following two bridges that use this IPs
Bridge-1 = 192.168.0.1/24
Bridge-2 = 10.0.0.0/24
For WAN-2, I have also two public IP addresses, but I am using only one of them:
ether-13 = xxx.xx.xx.123
I have assigned a SRC NAT rule for the following bridge and I want it to use this public IP.
Bridge-3 = 172.16.0.1/24
All public IPs in WAN -1- and WAN -2- have the same gateway.
The problem is that I am unable to get Bridge-3 subnet to connect to the internet.
You can see the configuration file for more details.
Problem with Two Separate WAN Connections on MikroTik CCR2004
You do not have the required permissions to view the files attached to this post.
Last edited by NanoTik on Tue Dec 24, 2024 2:28 pm, edited 1 time in total.
Re: Problem with Two Separate WAN Connections on MikroTik CCR2004
Merry Christmas to you too! I have only skimmed your configuration but I think the problem is that you have used a routing rule for scr-address 172.16.0.0/24 which looks ONLY at the Server 2 routing table ("action=lookup-only-in-table"). Problem is there is no route configured for Server 2 routing table so nothing is basically reachable.
Re: Problem with Two Separate WAN Connections on MikroTik CCR2004
Hello, my friend!Merry Christmas to you too! I have only skimmed your configuration but I think the problem is that you have used a routing rule for scr-address 172.16.0.0/24 which looks ONLY at the Server 2 routing table ("action=lookup-only-in-table"). Problem is there is no route configured for Server 2 routing table so nothing is basically reachable.
Thank you for your attention. No, there is a route configuration for Server 2, but I changed the name in the file above. Now I’ve corrected the name as it should be.
My problem was that I forgot to add ether13 to the WAN address list table. However, I still have an issue: I am not sure if all the other traffic from Bridge 1 and Bridge 2 is also using ether13, which I don’t want to happen.
Re: Problem with Two Separate WAN Connections on MikroTik CCR2004
It shouldn't but this is easy to check anyway. Hook up a pc and issue traceroute or tracert and check the hops. Or simpler, go a browser and type what is my ip address. You should see different public ip addresses when connecting to different bridges. For example, when using bridge x it shows x.x.x.x and when using bridge y it shows y.y.y.y or whatever. This means the traffic goes out a different interface
Re: Problem with Two Separate WAN Connections on MikroTik CCR2004
First thing. check your configuration, whenever there is a "*" (asterisk followed by a (hex) number, it is a reference to *something* that was deleted/moved/renamed and that RoS cannot find anymore, it is a placeholder for something that was there but doesn't exist anymore:
ether13 is not in interface-list LAN or WAN.
your way of naming things is confusing, personally I would call things in the same order, and - if possible - avoid spaces (as they imply the use of double quotes, and this before or later will bite you back when using CLI), these:
and these are NOT valid:
bridge1-Wifi ->bridge_Wifi_0
"bridge2-Server -1-" -> bridge_Server_1
"bridge3-Server -2-" -> bridge_Server_2
Your routes and routing tables/rules are a mess because they make reference to fib's that either do not exist or are empty.
Here again, be consistent in naming, *like*:
/routing table
add disabled=no fib name="Server 1 " -> Table_Server_1
add disabled=no fib name=Wifi -> Table_Wifi_0
add disabled=no fib name="Server 2 " -> Table_Server_2
/interface list member
add interface=ether1 list=WAN
add interface=bridge1-Wifi list=LAN
add interface=*16 list=LAN
add interface=macvlan1 list=WAN
add interface=wireguard1 list=LAN
add interface="bridge2-Server -1-" list=LAN
add interface="bridge3-Server -2-" list=LAN
Then, a few semi-random notes:/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 \
pref-src="" routing-table="ERP Server" scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 \
pref-src="" routing-table=Wifi scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 routing-table=main \
suppress-hw-offload=no
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 \
pref-src="" routing-table=*2 scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 \
pref-src="" routing-table="Manifest Server" scope=30 suppress-hw-offload=\
no target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=172.16.0.1 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
ether13 is not in interface-list LAN or WAN.
your way of naming things is confusing, personally I would call things in the same order, and - if possible - avoid spaces (as they imply the use of double quotes, and this before or later will bite you back when using CLI), these:
miss closing quotes./interface bridge
add name=bridge1-Wifi
add name="bridge2-Server -1-
add name="bridge3-Server -2-
and these are NOT valid:
I would rename them:add bridge="bridge2-Server -1-ERP" interface=ether7
add bridge="bridge2-Server -1-ERP" interface=ether8
bridge1-Wifi ->bridge_Wifi_0
"bridge2-Server -1-" -> bridge_Server_1
"bridge3-Server -2-" -> bridge_Server_2
Your routes and routing tables/rules are a mess because they make reference to fib's that either do not exist or are empty.
Here again, be consistent in naming, *like*:
/routing table
add disabled=no fib name="Server 1 " -> Table_Server_1
add disabled=no fib name=Wifi -> Table_Wifi_0
add disabled=no fib name="Server 2 " -> Table_Server_2
Re: Problem with Two Separate WAN Connections on MikroTik CCR2004
Thank you for your advice jaclaz. I have changed the real names of all my interfaces, routing tables, and rules for security reasons, as they refer to actual server names. That’s why you see "ERP" and "Manifest" used as placeholders. Despite that, my focus remains on the main configuration.First thing. check your configuration, whenever there is a "*" (asterisk followed by a (hex) number, it is a reference to *something* that was deleted/moved/renamed and that RoS cannot find anymore, it is a placeholder for something that was there but doesn't exist anymore:/interface list member
add interface=ether1 list=WAN
add interface=bridge1-Wifi list=LAN
add interface=*16 list=LAN
add interface=macvlan1 list=WAN
add interface=wireguard1 list=LAN
add interface="bridge2-Server -1-" list=LAN
add interface="bridge3-Server -2-" list=LANThen, a few semi-random notes:/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 \
pref-src="" routing-table="ERP Server" scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 \
pref-src="" routing-table=Wifi scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 routing-table=main \
suppress-hw-offload=no
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 \
pref-src="" routing-table=*2 scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 \
pref-src="" routing-table="Manifest Server" scope=30 suppress-hw-offload=\
no target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=172.16.0.1 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
ether13 is not in interface-list LAN or WAN.
your way of naming things is confusing, personally I would call things in the same order, and - if possible - avoid spaces (as they imply the use of double quotes, and this before or later will bite you back when using CLI), these:miss closing quotes./interface bridge
add name=bridge1-Wifi
add name="bridge2-Server -1-
add name="bridge3-Server -2-
and these are NOT valid:I would rename them:add bridge="bridge2-Server -1-ERP" interface=ether7
add bridge="bridge2-Server -1-ERP" interface=ether8
bridge1-Wifi ->bridge_Wifi_0
"bridge2-Server -1-" -> bridge_Server_1
"bridge3-Server -2-" -> bridge_Server_2
Your routes and routing tables/rules are a mess because they make reference to fib's that either do not exist or are empty.
Here again, be consistent in naming, *like*:
/routing table
add disabled=no fib name="Server 1 " -> Table_Server_1
add disabled=no fib name=Wifi -> Table_Wifi_0
add disabled=no fib name="Server 2 " -> Table_Server_2
My current issue is: how can I ensure that Bridge 1 and Bridge 2 exclusively use the WAN-1 bandwidth and route, while Bridge 3 exclusively uses the WAN-2 bandwidth and route?
Re: Problem with Two Separate WAN Connections on MikroTik CCR2004
It seems to me you were already on the right track:
1) add a dedicated routing table
2) add a route/gateway on that routing table for the intended gateway
3) add a routing rule filtering the source address range and making use of that router table
Loosely, if it was 3 times 1:1, it would be something *like*:
Assuming that you can choose LAN addresses and have bridge1 and bridge2 in two contiguous subnets, you can instead use a /23 in routing rule and have only two tables, I would try something *like*:
1) add a dedicated routing table
2) add a route/gateway on that routing table for the intended gateway
3) add a routing rule filtering the source address range and making use of that router table
Loosely, if it was 3 times 1:1, it would be something *like*:
Code: Select all
/routing table
add disabled=no fib name=table1
add disabled=no fib name=table2
add disabled=no fib name=table3
/ip address
add address=172.16.1.1/24 interface="bridge1"
add address=172.16.2.1/24 interface="bridge2"
add address=172.16.3.1/24 interface="bridge3"
/ip route
add distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 routing-table=table1
add distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 routing-table=table2
add distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 routing-table=table3
/routing rule
add action=lookup-only-in-table src-address=172.16.1.1/24 table=table1
add action=lookup-only-in-table src-address=172.16.2.1/24 table=table2
add action=lookup-only-in-table src-address=172.16.3.1/24 table=table3
Code: Select all
/routing table
add disabled=no fib name=table1-2
add disabled=no fib name=table3
/ip address
add address=172.16.1.1/24 interface="bridge1"
add address=172.16.2.1/24 interface="bridge2"
add address=172.16.3.1/24 interface="bridge3"
/ip route
add distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 routing-table=table1-2
add distance=1 dst-address=0.0.0.0/0 gateway=xxx.xx.xx.1 routing-table=table3
/routing rule
add action=lookup-only-in-table src-address=172.16.1.1/23 table=table1-2
add action=lookup-only-in-table src-address=172.16.3.1/24 table=table3Re: Problem with Two Separate WAN Connections on MikroTik CCR2004
I will soon ask some questions here as I am actively searching for a similar goal. In my case, I think I need to tinker more with the routes, and I will use yours now as inspiration, but I have the same "problem" as you. The public IPs WANs are from the same ISP and have the same gateway. Mine are even PPoEs so even with profiles I end up not being able to select gateway, which is a generic 10.0.0.1.
All public IPs in WAN -1- and WAN -2- have the same gateway.
Disabling one or another PPOEs solves the routes I have in place but my goal actually is to separate (isolate if possible) 1 ISP1 + 1 bridge1 + 1 DHCP1 from the other 1 ISP2 + 1 bridge2 + 1 DHCP2, no load balancing, no failover, trying to keep it very simple.
Having the same ISPs gateway can be your problem too.
Kind regards,
Paul