Community discussions

MikroTik App
 
Kelob
just joined
Topic Author
Posts: 6
Joined: Thu Jan 04, 2018 1:32 pm

Forwarding connection with 2 ISP

Thu Nov 17, 2022 10:55 am

Hello everyone,
I have a network like in the drawing. The main router is a Mikrotik at work connected to my old ISP1 with an privat IP address. From there I have a connection to several places including my home with a Mikrotik. Recently I got a new ISP2 at my home. I configured everything so, that only my home is using ISP2, the rest uses ISP1, but I have the possibilty to connect to every device from my home, and with my home router from work. Used to do that static routing table. Every forwarding from outside trough the router at work is working perfect, until it's the network before my home router.
The problem is, when I wanna use my ISP1 IP address to connect from outside with my home router, with f.e. winbox. When I send a packet for WOL, it's getting trough and wakes up a computer. I'm aware that the problem is, that the incoming connection is going to my home router, but the router sends it back to the wrong gate.
I tried something like this, but its not working.
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new dst-port=8728 in-interface=ether3 new-connection-mark=\
    API_c passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting connection-mark=API_c new-routing-mark=API_r passthrough=yes

/ip route
add distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.65 routing-mark=API_r
192.168.1.65 is my gate for eth3 at home.


Can you please help me with that?
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Forwarding connection with 2 ISP  [SOLVED]

Thu Nov 17, 2022 2:41 pm

You're almost there. Aside from everything in your config that might conflict with it, and which we know nothing about because you didn't post it:

- second mangle rule (which is for other connected devices) needs in-interface=eth2, because you want it only for response packets
- if you want to access router itself, you need similar rule also in output chain
 
Kelob
just joined
Topic Author
Posts: 6
Joined: Thu Jan 04, 2018 1:32 pm

Re: Forwarding connection with 2 ISP

Thu Nov 17, 2022 3:38 pm

- second mangle rule (which is for other connected devices) needs in-interface=eth2, because you want it only for response packets
- if you want to access router itself, you need similar rule also in output chain

Did what you suggested and now it looks like this and everything is working fine, thank you very much! 8)
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new dst-port=8728 in-interface=ether3 new-connection-mark=API_c passthrough=yes \
    protocol=tcp
add action=mark-routing chain=output new-routing-mark=API_r passthrough=yes protocol=tcp src-port=8728
Is that ok or should I change something in it?
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Forwarding connection with 2 ISP

Thu Nov 17, 2022 4:59 pm

If you do it this way, then you don't use connection marks for anything, because the only condition for route marking is src-port=8728. So it will work for access from eth3, but it will break it for eth2 (could be influenced by other parts of config). So I'd replace src-port=8728 in second rule with connection-mark=API_c.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14520
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Forwarding connection with 2 ISP

Thu Nov 17, 2022 5:34 pm

I have to ask......... are you all trying to shove bandaids on a wound?
In other words is there a more logical approach to meeting the requirements.........................
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Forwarding connection with 2 ISP

Thu Nov 17, 2022 6:16 pm

What exactly seems wrong to you? If it's connected this way, then for the router it's basically like dual WAN config, nothing wrong with that.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14520
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Forwarding connection with 2 ISP

Thu Nov 17, 2022 6:52 pm

My bad, I didnt realize that the office and home routers were at the same location and thus connected via ethernet.
Not sure I get the diagram I guess, nor how everything is mysteriously connected. In fact, since none of it makes senses,
I will leave now and not stress about it ............... no explanation required.
 
Kelob
just joined
Topic Author
Posts: 6
Joined: Thu Jan 04, 2018 1:32 pm

Re: Forwarding connection with 2 ISP

Thu Nov 17, 2022 10:29 pm

If you do it this way, then you don't use connection marks for anything, because the only condition for route marking is src-port=8728. So it will work for access from eth3, but it will break it for eth2 (could be influenced by other parts of config). So I'd replace src-port=8728 in second rule with connection-mark=API_c.

My bad - don't know why I put the src-port instead of the connection-mark :?
Changed it how it supposed to be. Thanks again for your help! :D

Who is online

Users browsing this forum: No registered users and 11 guests