If you're only steering outbound connections, you can skip this. Now in the PREROUTING chain, mark the incoming connections. ip firewall filter add 9 chain=forward action=accept connection-state=established,relatedĬhange the numbers 8 and 9 so that the rules are positioned at the start of your FORWARD chain. ip firewall filter add 8 chain=forward action=fasttrack-connection connection-state=established,related connection-mark=!unid2cm The goal here is to exclude marked connections for the secondary (non-default) WAN from going through fasttrack.
This means the Mikrotik will send packets marked with a given routing mark through the given gateway IP. The values unid2rm and unid3rm are arbitrary text strings. On each default WAN route set a routing mark. This is basic Mikrotik stuff beyond the scope of this answer.ĭifferentiating between the two WAN connections will be done using policy routing. If you don't see two 0.0.0.0/0 routes with the correct gateways, you can create them as static routes ( /ip route add. > /ip route printįlags: X - disabled, A - active, D - dynamic,Ĭ - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,ī - blackhole, U - unreachable, P - prohibitĢ ADC .0/22 IFC2 0 When the DHCP client connects, routes should be added, below is an example. If using a different type of WAN connection such as PPPoE then adjust accordingly. ip dhcp-client add interface=IFC2 default-route-distance=1 ip dhcp-client add interface=IFC1 default-route-distance=1 interface list member add interface=IFC2 list=WAN interface list member add interface=IFC1 list=WAN ether1) interface and IFC2 to be the second WAN port (e.g. Assume IFC1 to be the first WAN port (e.g. Preliminary setup: You will need to set up the two WAN connections. So far, I have managed to access the gateway of the second ADSL, but when I ping the actual destination address of 221.35.12.x, it returns unreachable and when I tracert that address, it shows the packet goes to 192.168.88.1 and from there drops.Ĭan anyone help for the above scenario with a complete solution? 221.35.12.x) their packet has to be routed to Ethernet 2, which is the Second ADSL to connect to main branch. If people want to go to certain destinations (e.g. When people want to access the Internet, the Mikrotik router should route packets automatically to Ethernet 1 interface (first ADSL). I have WiFi enabled Mikrotik as Ap bridge with IP range of 192.168.88.0/24 (everyone connect to this router using WiFi and physical connection) I have another ADSL router (VPN connection to connect to main branch) with IP range of 172.200.1.0/24, connected to Ethernet 2 of my Mikrotik router I have an ADSL router (main internet connection) with IP range of 192.168.1.0/24, connected to Ethernet 1 of my Mikrotik router (WAN Port) I'm new to Mikrotik environment, and I need some help for the following scenario:
0 kommentar(er)
