Community discussions

MikroTik App
 
adolfossl
just joined
Topic Author
Posts: 8
Joined: Mon Feb 05, 2018 11:53 am

Multiple internet services & Multiple WAN

Fri Nov 18, 2022 2:13 pm

Hello!
I have two wans connected to the mkrotik with 2 independent IPs, currently they work as failover. I would like to be able to access all the services that I have shared (html, ssh, mail server....) independently from each IP. I start to think it's impossible...
I guess my problem will be in the configuration of mangle or in the routes (Pepe is ISP-1 and LTE1 is ISP-2

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=Pepe new-connection-mark=pepe_conn passthrough=yes
add action=mark-routing chain=output connection-mark=pepe_conn new-routing-mark=to-Pepe passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=lte1 new-connection-mark=Vdfn_conn passthrough=yes
add action=mark-routing chain=output connection-mark=Vdfn_conn new-routing-mark=to-Vdfn passthrough=no
add action=mark-routing chain=prerouting connection-mark=pepe_conn in-interface=bridgeLAN new-routing-mark=to-Pepe passthrough=no
add action=mark-routing chain=prerouting connection-mark=Vdfn_conn in-interface=bridgeLAN new-routing-mark=to-Vdfn passthrough=no


/ip route
add comment="MONITOR Pepe" disabled=no distance=1 dst-address=1.1.1.1/32 gateway=192.168.5.1 pref-src=0.0.0.0 routing-table=main scope=10 \
suppress-hw-offload=no target-scope=10
add comment="MONITOR Vdfn" disabled=no distance=1 dst-address=4.2.2.2/32 gateway=lte1 pref-src=0.0.0.0 routing-table=main scope=10 \
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="ROUTING Pepe" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src=0.0.0.0 routing-table=\
to-Pepe scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="ROUTING Vdfn" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=4.2.2.2 pref-src=0.0.0.0 routing-table=\
to-Vdfn scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="DEFAULT Route - Backup (Vdfn)" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=4.2.2.2 pref-src=0.0.0.0 \
routing-table=main scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="DEFAULT Route - MAIN (Pepe)" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src=0.0.0.0 \
routing-table=main scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="FAILOVER Pepe" disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=4.2.2.2 pref-src=0.0.0.0 routing-table=\
to-Vdfn scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="FAILOVER Vdfn" disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=to-Pepe \
scope=30 suppress-hw-offload=no target-scope=11



Thank you
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multiple internet services & Multiple WAN

Fri Nov 18, 2022 3:49 pm

It's very possible. Your mangle rules seem correct. I'm not completely sure about routes, because I don't use recursive routing often enough myself. As a quick test, you can try these instead of the two (ROUTING Pepe/Vdfn) you have:
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.5.1 routing-table=to-Pepe
add dst-address=0.0.0.0/0 gateway=lte1 routing-table=to-Vdfn
If it doesn't changes anything, then it's either something else in your config (firewall filter or NAT), or some outside influence (ISP config).
 
adolfossl
just joined
Topic Author
Posts: 8
Joined: Mon Feb 05, 2018 11:53 am

Re: Multiple internet services & Multiple WAN

Tue Nov 22, 2022 12:33 pm

Hello everybody again.

Finally, the original config works... but has a stranger problem.....

If I make a direct connection to the Mikrotik (ssh or webmin) through the backup connection it works perfectly. However, if I connect with a computer behind the mikrotik (ssh to a raspberry) the connection becomes very slow. I have discovered that if I have winbox open with torch running on the interface of the backup connection it works fast and stable. Any idea why this happens? Thank you
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multiple internet services & Multiple WAN

Tue Nov 22, 2022 2:11 pm

Fasttrack, probably. Add connection-mark=no-mark to it.
 
adolfossl
just joined
Topic Author
Posts: 8
Joined: Mon Feb 05, 2018 11:53 am

Re: Multiple internet services & Multiple WAN

Tue Nov 22, 2022 2:47 pm

Sorry, I don't understand what I should do.

I've done like this and it's still going slow.

/ip/firewall/filter
add action=accept chain=forward comment="pidesktop TCP4000" connection-mark=no-mark dst-port=4000 in-interface-list=WAN protocol=tcp

/ip firewall nat
add action=dst-nat chain=dstnat comment="pi4desktop TCP 4000 --> 22" dst-port=4000 protocol=tcp to-addresses=192.168.90.254 to-ports=22
 
Sob
Forum Guru
Forum Guru
Posts: 9049
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multiple internet services & Multiple WAN

Tue Nov 22, 2022 3:15 pm

Do you have rule in firewall filter with action=fasttrack-connection? If so, that's the one you should change.
 
adolfossl
just joined
Topic Author
Posts: 8
Joined: Mon Feb 05, 2018 11:53 am

Re: Multiple internet services & Multiple WAN

Wed Nov 23, 2022 11:59 am

Excellent, It's work!!!!!

Thank you very much!!!

Who is online

Users browsing this forum: No registered users and 7 guests