MikroTik

Posted: **Tue May 22, 2012 10:50 pm**

I have two interfaces (WAN1 and WAN2) connected to my ISP.
I would like to use WAN1 for normal internet access and WAN2 for incoming tunnels like PPTP and SSTP for example.

I use one dhcp client for each of the interfaces to gain two external IP addresses.
One of the clients are told to add-default-route and it will add the default route to the IP of the ISP provided gateway.
I have NAT and filter settings based on Interface.

 /ip dhcp-client print
Flags: X - disabled, I - invalid
 #   INTERFACE                         USE ADD STATUS        ADDRESS
 0   WAN1                              yes yes bound         83.233.113.217/25
 1   WAN2                              no  no  bound         83.233.113.156/25

So far everything works fine, but every now and then, I gain IP addresses of the same subnet.

> /ip address print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   192.168.112.1/24   192.168.112.0   Optional
 1   192.168.110.1/24   192.168.110.0   Trusted
 2 D 83.233.113.217/25  83.233.113.128  WAN1
 3 D 83.233.113.156/25  83.233.113.128  WAN2

This means that my default route tells me that the gateway is reached through both WAN1 and WAN2. This is correct.
But the RouterOS selects WAN2 to use (why does it do that?) and then my firewal rules does not apply anymore as they are defined per interface.

/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
 0 ADS  dst-address=0.0.0.0/0 gateway=83.233.113.129 gateway-status=83.233.113.129 reachable via  WAN2 distance=0 scope=30 target-scope=10
        vrf-interface=WAN1
 1 ADC  dst-address=83.233.113.128/25 pref-src=83.233.113.217 gateway=WAN1,WAN2 gateway-status=WAN1 reachable,WAN2 reachable diset-scope=10
 2 ADC  dst-address=192.168.110.0/24 pref-src=192.168.110.1 gateway=Trusted gateway-status=Trusted reachable distance=0 scope=10
 3 ADC  dst-address=192.168.112.0/24 pref-src=192.168.112.1 gateway=Optional gateway-status=Optional reachable distance=0 scope=10

How can I tell my RouterBoard that the default route shall communciate through WAN1 only, even though it can be reached throuch WAN2?

Posted: **Wed May 23, 2012 5:45 pm**

Have you considered tagging the traffic normal internet traffic and the incoming traffic with different routing marks. Adding routing filter to modify your dynamic route then editing your other route?

Posted: **Wed May 23, 2012 6:00 pm**

can you change the dhcp client on wan2 to have a higher default gateway cost?

Posted: **Wed May 23, 2012 10:27 pm**

can you change the dhcp client on wan2 to have a higher default gateway cost?

I don't want to route to WAN2. But if i tell the dhcp client to add a default route but at a high cost then WAN1 is selected.
This works, but I feel that this solution is to "fool" the RouterOS to do what I want.

Thanks for the suggestion anyway.

Posted: **Wed May 23, 2012 10:47 pm**

Have you considered tagging the traffic normal internet traffic and the incoming traffic with different routing marks. Adding routing filter to modify your dynamic route then editing your other route?

Yes, I've been thinking about this, but I don't really know how to do.
If I mangle 0.0.0.0/0 with a routing mark, isn't all packages marked then? Or does other routing rules catch the packages before the default route rule? (Do I make myself understood?)

In the routing rule I can slect dst-address 0.0.0.0/0 directly. Can I use this instead of my using a routing mark?

I would appreciate an example.

Posted: **Wed May 23, 2012 11:58 pm**

In Mangle mark your source address range with the action to add a routing mark.

In routing filter add filter for dynamic routes to use your routing mark.

Posted: **Wed Jul 18, 2012 1:00 am**

Unfortunately these suggestions does not help. Both with mangle and routing rule I can specify different routes (by using different routing marks).
BUT, I have one gateway with one route that is reachable through two interfaces and hence RouterOS treats this as an ECMP route.

It is possible to specify a gateway using x.x.x.x%eth1, but the dhcp-client does not do this when I use it to add the default gateway

I guessed for a while that it was possible to specify this through /routing filter on the dynamic-in chain, but I could not find a way to specify a new gateway, or to specify interface for it.

Does anyone have a clue on how to make this work?

Posted: **Wed Jul 18, 2012 2:16 am**

If you are doing NAT, it's easy, using 2 nat rules and selecting the In and Out (WANx) interface for each one.

Posted: **Wed Jul 18, 2012 11:57 am**

Both addresses are from the same subnet, that is the problem. Either you use VRFs or two routers, one for each address.

Posted: **Mon Oct 15, 2012 11:24 am**

Both addresses are from the same subnet, that is the problem. Either you use VRFs or two routers, one for each address.

My two interfaces WAN1 and WAN2 both reach the gateway as they have addresses on the same subnet. In this case RouterOS selects an arbitrary one of them.
I want my default route communication through WAN1, only, and not through WAN2.

Solution:
I added a VRF on WAN2 for routing-mark "Disabled"

  /ip route vrf
  add disabled=no interfaces=WAN2 routing-mark=Disabled

I don't use the routing mark "Disabled" anywhere and hence that VRF is never matched and WAN2 is never used.
I don't think that VRF is intended to be used in this way, but at least it is a decent solution for what I want to accomplish.

MikroTik

Why is default gateway reachable through two interfaces?

Why is default gateway reachable through two interfaces?

Re: Why is default gateway reachable through two interfaces?

Re: Why is default gateway reachable through two interfaces?

Re: Why is default gateway reachable through two interfaces?

Re: Why is default gateway reachable through two interfaces?

Re: Why is default gateway reachable through two interfaces?

Re: Why is default gateway reachable through two interfaces?

Re: Why is default gateway reachable through two interfaces?

Re: Why is default gateway reachable through two interfaces?

Re: Why is default gateway reachable through two interfaces?