Community discussions

MikroTik App
 
Bayemmm
just joined
Topic Author
Posts: 2
Joined: Mon Oct 17, 2022 4:42 am

Assigning Specific list of IP to WAN 2

Mon Oct 17, 2022 4:52 am

Hi, I'm new to mikrotik hardware i'm wondering how to assign a specific list of IP's from Address List to a WAN 2. Currently its kinda working. Here's my current setup.

Mangle: scr address list: RoutesISP2 , action: mark routing, New routing mark: RouteISP2
Routes: dst.Address: 0.0.0.0, gateway: (my static ip), Routing mark: RouteISP2.

It's working for internet connectivity and it was redirecting traffic to WAN2, but i was unable to connect to my local computer within the network.

The problem is i was unable to access local IP's. and my goal was Assigning IP's to a WAN2 also could access local IP's at the same time

If you guys have any suggestion for my setup. Im newbie so please provide details step by step.

Thank you.
 
Bayemmm
just joined
Topic Author
Posts: 2
Joined: Mon Oct 17, 2022 4:42 am

Re: Assigning Specific list of IP to WAN 2

Tue Oct 18, 2022 5:20 am

Any one have any idea?
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Assigning Specific list of IP to WAN 2

Wed Oct 26, 2022 3:16 am

In short, if it shouldn't go to internet, don't mark it. Simplest way would be to add another condition to mangle rule, dst-address=!192.168.0.0/16 ("!" means "not"; and use whatever subnet you have in LAN). But it's not very efficient, because it's done (conditions are checked) for every packet, so it's better to first mark connection, and then work with that, e.g:
/ip firewall mangle
add chain=prerouting connection-state=new src-address-list=RoutesISP2 dst-address=!192.168.0.0/16 action=mark-connection new-connection-mark=toISP2 passthrough=yes
add chain=prerouting in-interface=<LAN> connection-mark=toISP2 action=mark-routing new-routing-mark=RouteISP2
Multiple destination subnets to exclude can be handled using address list, same as sources.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14520
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Assigning Specific list of IP to WAN 2

Wed Oct 26, 2022 2:40 pm

Nice!!
To the OP how many people (users) are you talking about?
Can you put them all on one subnet?

@Sob to keep using fastrack for the rest of the traffic in the forward chain is this correct/recommended? - putting these two rules before fastrack rule...
/ip firewall filter
add action=accept chain=forward connection-state=established,related src-address-list=RoutesISP2
add action=accept chain=forward connection-state=established,related dst-address-list=RoutesISP2
{default fastrack rule}
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Assigning Specific list of IP to WAN 2

Wed Oct 26, 2022 3:27 pm

That's another advantage of marking connections, you can simply add connection-mark=no-mark to fasttrack rule and it won't touch marked ones.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14520
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Assigning Specific list of IP to WAN 2

Wed Oct 26, 2022 4:03 pm

Super sweet, nice touch!! Near genius! (no not looking for any favours LOL)

Who is online

Users browsing this forum: No registered users and 21 guests