Backup WAN allow WInbox connection always

algisr · Wed Mar 06, 2019 9:26 pm

Setup is simple:
/ip route
0.0.0.0/0 GW_MAIN distance=2
0.0.0.0/0 GW_BACKUP distance=3

When main gateway is unreachable all traffic goes via Backup gateway. When main gateway is reachable MikroTik switches from Backup to Main gateway – everything works.

Now I want to allow to connect to backup WAN always via Winbox (even when all traffic goes via Main Gateway). How can I achieve this?

I understand that I need to add default gateway with routing mark and same distance as Main WAN has:

/ip route
0.0.0.0/0 GW_MAIN distance=2
0.0.0.0/0 GW_BACKUP distance=2 routing_mark=Winbox-Backup-Wan
0.0.0.0/0 GW_BACKUP distance=3

Problem is that Mangle rule never catches incoming Winbox connection via Backup wan.

Maybe someone has a working example?

solar77 · Wed Mar 06, 2019 10:02 pm

you can get this routing mark by adding a mangle rule on the Input chain to mark the connection, then on the output chain to add routing mark to this connection
so traffic comes in from interface=wan2, dst-port=8291, protocal=tcp, gets marked by a connection mark, then the return traffic will still have this connection mark. now you can apply routing mark on it, This way the traffic goes back to the interface where it comes from.

example

/ ip firewall mangle
add chain=input in-interface=wlan1 action=mark-connection new-connection-mark=wlan1_conn
add chain=input in-interface=wlan2 action=mark-connection new-connection-mark=wlan2_conn   
add chain=output connection-mark=wlan1_conn action=mark-routing new-routing-mark=to_wlan1     
add chain=output connection-mark=wlan2_conn action=mark-routing new-routing-mark=to_wlan2

it is from
https://wiki.mikrotik.com/wiki/ECMP_loa ... masquerade

hope this helps.

Backup WAN allow WInbox connection always

Backup WAN allow WInbox connection always

Re: Backup WAN allow WInbox connection always

Who is online