Mikrotik Routing Question ...

C

clanser

Member
Joined
Oct 19, 2007
Messages
26
Reaction score
0
The mikrotik boffins please advise me how to do this ...
Here is the setup:
2 different wisp cpe's connected to ether 1 and ether 2 on routerboard.
ether 3 goes to ethernet switch and other pc's on my lan.
One of the pc's on the lan has a static ip assigned to it and must only get internet access from the one cpe.
All other pc's on the lan must use the 2nd cpe for internet access.
all pc's on lan must be in same ip range and subnet as printers.NAS,etc are shared.
I understand how to route a network range to a gateway ip but how do I route internet traffic only from a specific pc's ip address to the relevant cpe's ip?
I am a newb to mikrotik so please make instructions clear :D
Thanks for help.
Clanser
 
You might have to implement VLAN's and then setup ACL's on your router to allow for Internet and printer but block other stuff. But then again, i'm very new to Mikrotik hardware and don't know what it can and can't do.
 
You need to use a routing mark for that

IP>Firewall> mangle > New rule

1st rule
General Tab: Chain = prerouting
Src Address = ip of static pc
Action Tab: Action = Mark connection
New conection mark = static_pc_connections
Passthrough = yes

2nd rule

General Tab: Chain = prerouting
Src Address = ip of static pc
Connection mark = static_pc_connections
Action Tab: Action = Mark routing
New Routing mark = static_pc_route
Passthrough = no

Now you need to create a route for this specific traffic( assuming that your PC has the routerboard as it's gateway)

IP> Routes> New route
Destination = 0.0.0.0/0
Gateway = ip address of CPE1
Routing mark = static_pc_route

Your routerboard will now route all internet traffic through the CPE1...

Let me know if this works?? :)
 
Tks guys for the response !
Headstrong ,will these rules only route the pc with static ip's internet traffic to cpe 1 ?
the other pc's on my lan must use cpe 2 for internet traffic.
Would you mind explaining what prerouting,mark routing and passthrough mean?
Thanks Clanser
 
Yes it will....provided that you have another route for the other ip range?

well data is sent from your lan to your routerboard( gateway), and then the routerboard re-routes the traffic to the respective CPE and then it goes to the internet. It is called prerouting because you are doing something to the data before the routerboard re-routes the data to the CPE..make sense?

Mark routing basically gives the data a temporary tag so that the routerboard knows which path to send the data ( ie out CPE1 or CPE2)

Passthrough just means move onto the next firewall rule or stop.......So the firewall does 2 things to the data from your static IP pc...1st it "tags" all connections from you static ip pc with the tag "static_pc_connections". Then it marks all packets that relate to these connections with the routing tag "static_pc_route"

Then when it comes to choosing a CPE to send the data, by default it will go2 CPE2 ( you do have this route right?) but only the data with the "static_pc_route" tag will be send to the CPE1

I hope I explained that alright?
 
Last edited:
Thanks Headstrong.
makes perfect sense !
will try it out and let you know results.
Regards Clanser
 
headstrong
btw your email,webhosting.... link for R9 pm is dead
wanted to take a look at your hosting packages !
 
Link fixed thanks :)

Yeah give it a shot and let me know how it works
 
Hi Headstrong
Only had a chance now to configure my rb !
Will post results.
btw what does the small block to the left of the src ip address mean?
tks again for help.
Regards Clanser
 
Oh would also like to ask...
need to set rb as a dhcp server on one ethernet interface.
Had a look but can't see where to set range of ip addresses that can be allocated,
I have to restrict this as I have some static ip addresses on my network.
How would you do this ?
 
clanser said:
Hi Headstrong
Only had a chance now to configure my rb !
Will post results.
btw what does the small block to the left of the src ip address mean?
tks again for help.
Regards Clanser
Click to expand...

The square block means exclude...so it either accepts a specific ip range or rejects a specific ip range

clanser said:
Oh would also like to ask...
need to set rb as a dhcp server on one ethernet interface.
Had a look but can't see where to set range of ip addresses that can be allocated,
I have to restrict this as I have some static ip addresses on my network.
How would you do this ?
Click to expand...

just use the DHCP setup wizard
IP>DHCP Server and click on "DHCP Setup"
It helps if the ip pool for these clients are in the same range as the ip address of the interface on which the DHCP server is running
 
Hi Headstrong
Thanks all worked fine.
Will play with the dhcp server setup now
Thanks for your help !
Clanser
 
Hi Headstrong,
If you are still watching this thread :)
Is there some easier way to switch 1 pc between the 2 cpe's (network ranges) without changing pc and dns server ip addresses every time?
Thanks Clanser
 
Well if each CPE is a mikrotik then yes you can

You will need to setup a pppoe server on each CPE device with different pppoe accounts
Then simple dial the respective account that relates to the CPE which you want to connect through
 
Ok that makes sense,actually easier than expected :)
In the mean time the scenario here has changed ...
I need to route all port 80 traffic to one cpe and the rest to the other cpe.
How could I do this?
Unfortunately only 1 cpe is a routerboard,other is a nanostation and I dont have access to its settings.
Thanks again for help,
Clanser
 
clanser said:
Ok that makes sense,actually easier than expected :)
In the mean time the scenario here has changed ...
I need to route all port 80 traffic to one cpe and the rest to the other cpe.
How could I do this?
Unfortunately only 1 cpe is a routerboard,other is a nanostation and I dont have access to its settings.
Thanks again for help,
Clanser
Click to expand...

Routing port 80 traffic over 1 CPE and the rest over another CPE is much more complicated because your PC sends all data to 1 CPE at a time...so you will need a program on your PC to do that..not sure what to recommend tho..
 
Thanks for info,headstrong
will look further into this.
Thanks for the help !
Regards Clanser
 
I dial 2 pptp's from 2 different routerboards, one is a low bw, low latency account, other is a bit more for leeching, all I do is have my pc's gw to the routerboard I want internet from.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X