I'm having a few issues getting a RB450 to work correctly with multiple ISP connections. Everything appears to be working correctly, except that I can't access the MT itself through the public IPs on the secondary ISP.
Here's the config with relevant info
Code: Select all
/interface ethernet
set 0 name=eth1-isp1
set 1 name=eth2-LAN-Office
set 2 name=eth3-isp2
set 3 name=eth4-isp3
set 4 name=eth5
/interface bridge port
add bridge=bridge-lan-office interface=eth2-LAN-Office
/ip address
add address=1.1.1.66/28 comment="isp1 - RB450G" interface=eth1-isp1
add address=192.168.16.254/24 interface=bridge-lan-office
add address=3.3.3.33/28 comment="isp2 - RB450G" interface=eth3-isp2
/ip firewall filter
add chain=input comment="Established Connections" connection-mark=isp1 connection-state=established
add chain=input comment="Established Connections" connection-mark=isp2 connection-state=established
add chain=input comment="Related Connections" connection-mark=isp1 connection-state=related
add chain=input comment="Related Connections" connection-mark=isp2 connection-state=related
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="Management access" connection-mark=isp1 dst-port=2299,8099,8291,8728 protocol=tcp src-address-list=rc-safe
add chain=input comment="Management access" connection-mark=isp2 dst-port=2299,8099,8291,8728 protocol=tcp src-address-list=rc-safe
add action=drop chain=input comment="Drop Everything Else" in-interface=eth3-isp2
add action=drop chain=input comment="Drop Everything Else" in-interface= eth1-isp1
/ip firewall mangle
add action=mark-connection chain=input comment="isp1 - Mark inbound connection" in-interface=eth1-isp1 new-connection-mark=isp1
add action=mark-connection chain=forward comment="isp1 - Mark inbound connection" in-interface=eth1-isp1 new-connection-mark=isp1
add action=mark-connection chain=input comment="isp2 - Mark inbound connection" in-interface=eth3-isp2 new-connection-mark=isp2
add action=mark-connection chain=forward comment="isp2 - Mark inbound connection" in-interface=eth3-isp2 new-connection-mark=isp2
add action=mark-routing chain=prerouting comment="isp1 - Change routing mark if connection mark is isp1" connection-mark=isp1 in-interface=bridge-lan-office new-routing-mark=isp1
add action=mark-routing chain=prerouting comment="isp2 - Change routing Mark if connection mark is isp2" connection-mark=isp2 in-interface=bridge-lan-office new-routing-mark=isp2
add action=mark-routing chain=output comment="isp1 - Mark routing" connection-mark=isp1 new-routing-mark=isp1
add action=mark-routing chain=output comment="isp2 - Mark routing" connection-mark=isp2 new-routing-mark=isp2
/ip route
add comment="Out on isp1 for routing marks" distance=1 gateway=1.1.1.65 routing-mark=isp1
add comment="Out on isp2 for Routing Mark" distance=1 gateway=3.3.3.46 routing-mark=isp2
add comment="Default Out on isp2" distance=10 gateway=3.3.3.46
add comment="Default Out on isp1" distance=20 gateway=1.1.1.65Carlos