I currently have 4.5 meg backbone and added a dsl line to one of my towers to speed things up and have a redundunt route to take if one fails. My first problem is that I am unable to access my dsl modem through the rb532. Here is my setup.
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 10.0.200.0/23 10.0.200.36 ether8
1 ADC 192.168.1.0/24 192.168.1.47 ether1
2 ADC 192.168.16.0/24 192.168.16.1 ether3
3 ADC 192.168.17.0/24 192.168.17.1 ether7
4 ADC 192.168.22.0/24 192.168.22.1 ether3
5 ADC 192.168.36.0/24 192.168.36.1 ether3
6 ADC 192.168.70.0/24 192.168.70.1 ether2
7 A S 0.0.0.0/0 r 192.168.1.1 ether1
8 S 0.0.0.0/0 r 10.0.200.1 2 ether8

[admin@MikroTik] ip> address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.70.1/24 192.168.70.0 192.168.70.255 ether2
1 192.168.16.1/24 192.168.16.0 192.168.16.255 ether3
2 192.168.22.1/24 192.168.22.0 192.168.22.255 ether3
3 192.168.36.1/24 192.168.36.0 192.168.36.255 ether3
4 192.168.1.47/24 192.168.1.0 192.168.1.255 ether1
5 10.0.200.36/23 10.0.200.0 10.0.201.255 ether8
6 192.168.17.1/24 192.168.17.0 192.168.17.255 ether7


[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat src-address=192.168.16.0/24 action=masquerade

1 chain=srcnat src-address=192.168.36.0/24 action=masquerade

2 chain=srcnat src-address=192.168.22.0/24 action=masquerade

3 chain=srcnat src-address=192.168.70.0/24 action=masquerade

4 chain=srcnat src-address=192.168.17.0/24 action=masquerade

5 X chain=dstnat dst-address=10.0.200.36 protocol=tcp dst-port=59162
action=dst-nat to-addresses=192.168.16.2 to-ports=80

6 chain=dstnat dst-address=10.0.200.36 protocol=tcp dst-port=59111
action=dst-nat to-addresses=192.169.1.1 to-ports=80


What other settings do I need to get access. When I'm trying to gain access I am located on port 8 which is the 10.0.200.0/23 network and the dsl line is on ether 1 with 192.168.1.47 address on rb and dsl modem ip is 192.168.1.1. I did have access when directly plugged into it. As you can see I'm using to gateways with a very simple failover method which isn't working because when the dsl line fails it takes about 30 seconds to cause the ping to 192.168.1.1 to fail and cause it to switch. Then the ping will come back within seconds and switch back to the dsl even if its not fully functional. Any help on this would be greatly appreciated. Thanks

My failover problem is that I'm pinging the next device to make a decision on whether to switch gateways. How can I ping another address to make this decision. thanks

illiniwireless -

Failover - there are a few scripts running around on the forum that can 'fix' what you are trying to do. There are two parts to doing it right though.

Part one is getting the script and adapting it to your system (putting in the correct IP addresses and such).

Part two is to use the route rule table. You'll have to know what IP address is the next one upstream from the MT through whatever device, i.e. your dsl modem - what is on the other end past the wan ip address of the dsl modem - in other words the dsl modem gateway....

Once you have these two pieces you can write a route rule that basically says - If the src address is such and the dst address is such-and-such then lookup table so-and-so. Table so-and-so would give a route to route that specific packet to, interface and gateway. When that IP doesn't respond (and you can set the time in the script) then the route would be down and the script will re-write the default gateway to your alternate. The script will also continue to run and when your dsl came back on line then the script would then re-write the default route again to your dsl line....

As to your other problem....

Your dsl modem probably does not know where to route packets from your 10.0.200.0/23 network to....so it sends the reply to whatever it's default gateway is.... Your best bet here is to src-nat your 10.0.200.0/23 going to 192.168.1.1 with an IP that the dsl modem would recognize as being local - something in the 192.168.1.xx range I would imagine...

If you cannot find that failover script - let me know - I have a generic copy around here somewhere.....

Thom

thom.lawless@rapidwifi.com

Thank you very much for the info. I will see how far I can get on this and then let you know if I need more help.

Thanks again

lliniwireless -
So - how did it go? Did you find the 'missing link' is your setup?

Thom

Sorry, I've been out of town for a few days. I will be working on this Monday and Tuesday.

Just thought I'd let you know that I fixed my problem. I tried the improved netwatch but failed to make it work so I made my own changes to that script (which was my first) and got it to work.

http://wiki.mikrotik.com/wiki/Improved_Netwatch_II

Thanks for your info.