MikroTik

Community discussions
https://forum.mikrotik.com/

How to add 2 gateways and seperate clients

https://forum.mikrotik.com/viewtopic.php?t=37898

Page 1 of 1

How to add 2 gateways and seperate clients

Posted: Sun Dec 27, 2009 7:41 pm
by kameelperdza
Im using routing on my mikrotiks and was able to setup a gateway by doing this.

add dst network 0.0.0.0/0 gateway 178.242.0.200

But i want to add a second gateway and seperate the busy client from he non-busy clients.

When i add a second gateway to the existing gateway then the internet wont work.

So do i need to create a route to gateway for each network that i have?

for example.

add dst network 192.168.0.0/24 gateway (gateway1)
add dst network 172.16.0.0/24 gateway (gateway2)
add dst network 198.44.1.0/24 gateway (gateway2)
add dst network 192.168.44.0/24 gateway (gateway1)
add dst network 192.168.6.0/24 gateway (gateway1)

Thanx

Re: How to add 2 gateways and seperate clients

Posted: Sun Dec 27, 2009 9:35 pm
by Chupaka
When i add a second gateway to the existing gateway then the internet wont work.
you mean, 'add second gateway to the existing default route'? it's called ECMP and it should work - check your NAT rules...

but if you need something more cool than ECMP - you create different default routes with different routing-marks, and then mark upload packets according to necessary gateway

Re: How to add 2 gateways and seperate clients

Posted: Mon Dec 28, 2009 3:30 pm
by netrat
If you just want to route the other clients through the secondary gateway then you need to use policy routing. This should get you started http://wiki.mikrotik.com/wiki/Policy_Ro ... uterOS_3.x

Re: How to add 2 gateways and seperate clients

Posted: Mon Dec 28, 2009 4:29 pm
by kameelperdza
Thank you for your help :D

Re: How to add 2 gateways and seperate clients

Posted: Wed Dec 30, 2009 11:44 am
by kameelperdza
When i add a second gateway to the existing gateway then the internet wont work.
you mean, 'add second gateway to the existing default route'? it's called ECMP and it should work - check your NAT rules...

but if you need something more cool than ECMP - you create different default routes with different routing-marks, and then mark upload packets according to necessary gateway
Do you mean something like this....
Code: Select all
[admin@KKT-HS] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=prerouting action=mark-routing new-routing-mark=Wuggers
     passthrough=yes src-address=0.0.0.0/0

 1   chain=prerouting action=mark-routing new-routing-mark=Internet Users
     passthrough=yes src-address=0.0.0.0/0
[admin@KKT-HS] /ip firewall mangle>
Code: Select all
[admin@KKT-HS] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        G GATEWAY              DISTANCE IN..
 0 A S  0.0.0.0/0                            r 178.242.0.200        1        et..
 1 A S  0.0.0.0/0                            r 172.16.0.200         1        et..
 3 ADC  10.0.0.0/30        10.0.0.1                               0        wl..
 4 ADC  172.16.0.0/24      172.16.0.1                             0        et..
 5 ADC  178.242.0.0/24     178.242.0.1                            0        et..
 6 ADC  178.242.1.0/24     178.242.1.1                            0        br..
 7 A S  178.242.2.0/24                     r 10.0.0.2             1        wl..
 8 ADC  192.168.0.0/24     192.168.0.10                           0        et..
 9 A S  192.168.10.0/24                    r 178.242.1.2          1        br..
10 A S  192.168.11.0/24                    r 10.0.0.2             1        wl..
11 A S  198.54.15.0/24                     r 10.0.0.2             1        wl..
[admin@KKT-HS] /ip route>
Code: Select all
[admin@KKT-HS] > /ip route rule
[admin@KKT-HS] /ip route rule> print
Flags: X - disabled, I - inactive
 0   src-address=0.0.0.0/0 action=lookup table=Wuggers

 1   src-address=0.0.0.0/0 action=lookup table=Internet Users
[admin@KKT-HS] /ip route rule>
I had a look at http://wiki.mikrotik.com/wiki/Policy_Ro ... erOS_2.9.x

I did the same steps but did no choose any port or protocols becos i want to allow any traffic

Re: How to add 2 gateways and seperate clients

Posted: Wed Dec 30, 2009 1:05 pm
by Chupaka
chain=prerouting action=mark-routing new-routing-mark=Wuggers
passthrough=yes src-address=0.0.0.0/0
this is completely wrong. you mark ALL packets and route them to the Internet, even if they come from the Internet. src-address should be you LAN addresses. or use in-interface=private

Re: How to add 2 gateways and seperate clients

Posted: Thu Dec 31, 2009 7:19 am
by kameelperdza
Im a bit confused.

I want to allow ip range 198.54.15.0/24 and 192.168.10.0/24 to use 178.242.0.200 as their gateway
And allow 192.168.11.0/24 and 192.168.12.0/24 to use 172.16.0.200 as their gateway.

Can you maybe show me how.
thanx

Re: How to add 2 gateways and seperate clients

Posted: Mon Jan 04, 2010 2:20 pm
by Chupaka
Code: Select all
/ip firewall mangle add chain=prerouting src-address=198.54.15.0/24 action=mark-routing new-routing-mark=r_178
/ip firewall mangle add chain=prerouting src-address=192.168.10.0/24 action=mark-routing new-routing-mark=r_178
/ip firewall mangle add chain=prerouting src-address=192.168.11.0/24 action=mark-routing new-routing-mark=r_172
/ip firewall mangle add chain=prerouting src-address=192.168.12.0/24 action=mark-routing new-routing-mark=r_172

/ip route add gateway=178.242.0.200 routing-mark=r_178
/ip route add gateway=172.16.0.200 routing-mark=r_172
something like that. and if you need routing between those subnets, then you should add one more rule on the top with 'action=accept' and dst-address-list=my_local_subnets, then add all your four subnets to that address list

Re: How to add 2 gateways and seperate clients

Posted: Mon Jan 04, 2010 2:35 pm
by kameelperdza
Thank you. I managed to figure it out but when i tried to ping i got TTL expired in transit.
So i tried to run tracert and saw that routing was looping. I added wlan1 to /firewall/mangle/rule1 and now is working.

thank you very much

Re: How to add 2 gateways and seperate clients

Posted: Mon Jan 04, 2010 3:07 pm
by Chupaka
you are welcome =)

Re: How to add 2 gateways and seperate clients

Posted: Tue Mar 14, 2017 9:16 pm
by fbslim
Code: Select all
/ip firewall mangle add chain=prerouting src-address=198.54.15.0/24 action=mark-routing new-routing-mark=r_178
/ip firewall mangle add chain=prerouting src-address=192.168.10.0/24 action=mark-routing new-routing-mark=r_178
/ip firewall mangle add chain=prerouting src-address=192.168.11.0/24 action=mark-routing new-routing-mark=r_172
/ip firewall mangle add chain=prerouting src-address=192.168.12.0/24 action=mark-routing new-routing-mark=r_172

/ip route add gateway=178.242.0.200 routing-mark=r_178
/ip route add gateway=172.16.0.200 routing-mark=r_172
something like that. and if you need routing between those subnets, then you should add one more rule on the top with 'action=accept' and dst-address-list=my_local_subnets, then add all your four subnets to that address list
Мужик!!! Ты гений просто!!! Спасибо огромное!!! :)
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/