This may well be almost an FAQ as I have seen similar but not exact questions.
The scenario is that currently LTE 4G is our only internet. Soon we will also have an ADSL line running. The ISP will provide the router and there is no physical possibility of a wire between the LTE Chatau router in the loft (close to the directional LTE antenna on the end of the roof) and the phone line entry point in the house close to which the ADSL router will need to be situated.
The question I am asking is:
Considering those limitations, what options do I have for combining those services within RoS so we can benefit from the extra capacity of ADSL?
I have educated myself to understand that a bonding interface as I first thought is not workable, as (I read in another post that) LTE is not ethernet and in addition there is no de-bonding at the receiving side. Additionally the speeds of service will be different by around 10Mbps, ADSL at 15mbps and LTE at 25mbps (can't wait for fibre). So given that is there some of sort of DUAL WAN option which could be configured ?
Hardware wise the two options I have are:
1. I could utilize an old wireless bridge I have [or buy a new one] and situate that in proximity to the LTE router and in the loft and run a cable between the two so that I can use a physical ethernet port in any ROS7 configuration steps required.
2. I could create a virtual WLAN interface dedicated to communication with the ADSL router WIFI.
Networking isn't my strong point to be honest, but I am not absolutely clueless either. Any practical advice or pointers and methods would be appreciated.
Re: Combining LTE and ADSL
You can't use bonding to add two Internet connections together. It doesn't work that way.
You can however load-balance between the two connections.
You can however load-balance between the two connections.
Re: Combining LTE and ADSL
Thank you - yes I understand that bonding isn't possible as per the post - can you tell me more about how I might set up load balancing please ?
Re: Combining LTE and ADSL
Now that you know that bonding is not possible and you need to have load balancing, search again on the forum!
-
-
K0NCTANT1N
Frequent Visitor
- Posts: 59
- Joined:
Re: Combining LTE and ADSL
My recommended PCC load balancing: https://youtu.be/9IhOUwB49i8?si=gASsJh7SgOMIRzaQThank you - yes I understand that bonding isn't possible as per the post - can you tell me more about how I might set up load balancing please ?
Re: Combining LTE and ADSL
I am newish to ROS and Mikrotik and I have been amazed at the flexibility and capability of the Router OS software which I use at home.
Background:
I am using a Chapelle 5G modem over an LTE [4G] cellular network for WAN and this has always and still works absolutely fine. A single ethernet cable into port 1 connects all my physical boxes which run [many] VM’s for professional work. I was delighted to find that I could create VLAN’s on Ethernet 1 which enabled me to replicate configurations close to my work. We also use the Mikrotik device’s WIFI to connect phones and the like and for a long time this was all we needed and worked all the time without faults.
Present developments:
I recently discovered that I could get an additional [copper based] internet connection [via a good deal]. Since copper is truly unlimited and LTE is “fair use” unlimited we added copper to the house at an existing entry point. Mikrotik is the main control and has an OS interface unlike the ADSL modem which has been attached to the copper inlet. To connect the two routers I could have used one of the internal WIFI antennas in the Mikrotik but I want to retain these and instead I am using an old but serviceable 2.4 GHz wifi bridge. This is plugged into Ethernet port 5 on the Mikrotik router. There is no physical possibility to bring the two routers into proximity for a wired connection. LTE modem needs to be close the antenna to avoid LTE attenuation due long coax. Antenna needs to be on the roof. Mikrotik in loft space. Copper comes underground and enters on the ground floor. The bridge works fine and I can ping the copper modem internal IP fine from the terminal screen in RoS.
The Goals:
- Enable connection load balancing. I have watched this video https://www.youtube.com/watch?v=nlb7XAv57tw
- Create WAN failover if one goes offline. I have watched this video https://m.youtube.com/watch?v=iA3yDMDZ-20
What I have done in addition to understanding and attempting to implement the described configurations in the above two videos:
Reading on this forum I have found out some potential pitfalls that I would have otherwise fallen into.
- Double NAT which I would have hit by adding Ethernet 5 to the WAN “interface List” for internet traffic leaving via ADSL router.
- PCC mangle rules “!local” would have potentially prevented packets routing correctly between the existing VLAN’s on Ethernet 1. (I have not fixed this yet)
- I have removed Ethernet 5 from the Bridge, since it isn’t going to communicate with the other ports and added it to LAN “interface list”.
- I have changed the default firewall -> NAT rule to only apply to LTE1 not the default “WAN” “interface list”.
Here is a diagram of my setup.
This is the output from terminal:export
Some things like static DHCP leases and kid control have been redacted.
What testing have I completed to look at the problem:
1. No LAN client is able to ping the “copper” WAN side 192.168.254.253 and 192.168.254.254 both fail but 192.168.254.250 (ether5 on the router) works ok.
2. From a terminal session on Mikrotik ping 192.168.254.250, 192.168.254.253 and192.168.254.254 all working, but beyond that fails. ISP DNS, 8.8.8.8, 8.8.4.4 all fail [with LTE disabled leaving only copper up to transmit from].
3. When I check "log" on the four default drop rules, no log is generated – so no packets are being dropped – I suspect this is because I am generating ICMP traffic for which there is a rule to accept.
4. When connected to the ADSL router either with ethernet or via its WIFI all expected WAN connections are working.
What do I need help with ?
I can’t use the new copper internet via PCC as I would like, this is the main issue I want to fix.
If I disable the LTE1 interface the WAN goes offline and does not fail over.
As far as I can tell, the problem is that packets from the LAN do not get routed to ether5 default gateway. As far as I can tell this is not because they are being dropped by the firewall. I am wondering what other information I could provide to shed further light on the problem and whether the problem lies in the way I have set up the addresses and or routes or is in fact a problem I am as of yet unaware of?
Finally I am attaching a couple of screen shots from the Winbox as sometimes this is quicker than reading a lot of text.
Thanks for all previous replies and any pointers or tips offered on this problem.
Background:
I am using a Chapelle 5G modem over an LTE [4G] cellular network for WAN and this has always and still works absolutely fine. A single ethernet cable into port 1 connects all my physical boxes which run [many] VM’s for professional work. I was delighted to find that I could create VLAN’s on Ethernet 1 which enabled me to replicate configurations close to my work. We also use the Mikrotik device’s WIFI to connect phones and the like and for a long time this was all we needed and worked all the time without faults.
Present developments:
I recently discovered that I could get an additional [copper based] internet connection [via a good deal]. Since copper is truly unlimited and LTE is “fair use” unlimited we added copper to the house at an existing entry point. Mikrotik is the main control and has an OS interface unlike the ADSL modem which has been attached to the copper inlet. To connect the two routers I could have used one of the internal WIFI antennas in the Mikrotik but I want to retain these and instead I am using an old but serviceable 2.4 GHz wifi bridge. This is plugged into Ethernet port 5 on the Mikrotik router. There is no physical possibility to bring the two routers into proximity for a wired connection. LTE modem needs to be close the antenna to avoid LTE attenuation due long coax. Antenna needs to be on the roof. Mikrotik in loft space. Copper comes underground and enters on the ground floor. The bridge works fine and I can ping the copper modem internal IP fine from the terminal screen in RoS.
The Goals:
- Enable connection load balancing. I have watched this video https://www.youtube.com/watch?v=nlb7XAv57tw
- Create WAN failover if one goes offline. I have watched this video https://m.youtube.com/watch?v=iA3yDMDZ-20
What I have done in addition to understanding and attempting to implement the described configurations in the above two videos:
Reading on this forum I have found out some potential pitfalls that I would have otherwise fallen into.
- Double NAT which I would have hit by adding Ethernet 5 to the WAN “interface List” for internet traffic leaving via ADSL router.
- PCC mangle rules “!local” would have potentially prevented packets routing correctly between the existing VLAN’s on Ethernet 1. (I have not fixed this yet)
- I have removed Ethernet 5 from the Bridge, since it isn’t going to communicate with the other ports and added it to LAN “interface list”.
- I have changed the default firewall -> NAT rule to only apply to LTE1 not the default “WAN” “interface list”.
Here is a diagram of my setup.
This is the output from terminal:export
Some things like static DHCP leases and kid control have been redacted.
Code: Select all
MikroTik RouterOS 7.3.1 (c) 1999-2022 https://www.mikrotik.com/
[admin@MikroTik] > terminal
[admin@MikroTik] /terminal> :export
# may/13/2024 13:55:53 by RouterOS 7.3.1
# software id = 4EBY-K8H6
#
# model = D53G-5HacD2HnD
# serial number = xxxx
/interface bridge
add admin-mac=18:FD:74:13:93:62 auto-mac=no comment=defconf name=bridge
/interface lte
set [ find ] allow-roaming=no band="" name=lte1 nr-band=""
/interface ethernet
set [ find default-name=ether1 ] arp=reply-only
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country="united kingdom" disabled=no distance=indoors \
frequency=auto installation=indoor mode=ap-bridge ssid=ATSS wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee country="united kingdom" disabled=no distance=indoors \
frequency=auto installation=indoor mode=ap-bridge ssid=ATSS wireless-protocol=802.11
/interface vlan
add interface=ether1 name=vlan2 vlan-id=2
add interface=ether1 name=vlan3 vlan-id=3
add interface=ether1 name=vlan4 vlan-id=4
add interface=ether1 name=vlan5 vlan-id=5
add interface=ether1 name=vlan6 vlan-id=6
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] name=EE
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=profile supplicant-identity=MikroTik
/interface wireless
add mac-address=1A:FD:74:13:93:68 master-interface=wlan2 name=wlan3 security-profile=profile ssid="ATSS Guest"
add mac-address=1A:FD:74:13:93:67 master-interface=wlan1 name=wlan4 security-profile=profile ssid="ATSS Guest"
/ip dhcp-server
add add-arp=yes interface=bridge lease-time=5d name=defconf
/ip dhcp-server option
add code=254 name="Delivery Optimization" value=0x30363637306261382d366461632d343066372d383661352d376233323731646361366430
add code=6 name="DNS Servers" value="'192.168.1.130''192.168.1.119''192.168.1.120'"
add code=67 name="UEFI Boot File" value=0x5c626f6f745c783634756566695c7764736d6766772e656669
add code=67 name="BIOS boot File" value=0x5c626f6f745c7836345c7764736e62702e636f6d
add code=6 name="LAN DNS Servers" value="'192.168.1.1'"
/ip dhcp-server option sets
add name="VMNets UEFI Boot" options="DNS Servers,UEFI Boot File,Delivery Optimization"
add name=LANNets options="Delivery Optimization,UEFI Boot File,LAN DNS Servers"
add name="VMNets BIOS BOOT" options="DNS Servers,BIOS boot File,Delivery Optimization"
/ip firewall layer7-protocol
add name=home.local regexp=home.local
/ip pool
add name=dhcp_VLAN2 ranges=192.169.1.20-192.169.1.254
add name=dhcp_VLAN3 ranges=192.170.1.20-192.170.1.254
add name=dhcp_VLAN4 ranges=192.171.1.20-192.171.1.254
add name=dhcp_VLAN5 ranges=192.172.1.20-192.172.1.254
add name=dhcp_VLAN6 ranges=192.173.1.20-192.173.1.254
/routing table
add disabled=no fib name=LTE
add disabled=no fib name=EE
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=wlan3
add bridge=bridge interface=wlan4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
add interface=ether5 list=LAN
/interface wireless access-list
add ap-tx-limit=2000000 interface=wlan4
add ap-tx-limit=2000000 interface=wlan3
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=192.168.1.0
add address=192.169.1.1/24 interface=vlan2 network=192.169.1.0
add address=192.170.1.1/24 interface=vlan3 network=192.170.1.0
add address=192.171.1.1/24 interface=vlan4 network=192.171.1.0
add address=192.172.1.1/24 interface=vlan5 network=192.172.1.0
add address=192.173.1.1/24 interface=vlan6 network=192.173.1.0
add address=192.168.254.250/24 interface=ether5 network=192.168.254.0
/ip dhcp-server
add add-arp=yes address-pool=dhcp_VLAN2 dhcp-option-set=*1 interface=vlan2 lease-time=1w3d name=dhcp2
add add-arp=yes address-pool=dhcp_VLAN3 dhcp-option-set=*1 interface=vlan3 lease-time=1w3d10m name=dhcp3
add add-arp=yes address-pool=dhcp_VLAN4 dhcp-option-set=*1 interface=vlan4 lease-time=1w3d10m name=dhcp4
add add-arp=yes address-pool=dhcp_VLAN5 dhcp-option-set=*1 interface=vlan5 lease-time=1w3d10m name=dhcp5
add add-arp=yes address-pool=dhcp_VLAN6 dhcp-option-set=*1 interface=vlan6 lease-time=1w3d10m name=dhcp6
/ip dhcp-server leases - removed
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dhcp-option-set=LANNets gateway=192.168.1.1 netmask=24 next-server=192.168.1.124
add address=192.169.1.0/24 dhcp-option-set="VMNets UEFI Boot" gateway=192.169.1.1 netmask=24 next-server=192.168.1.124
add address=192.170.1.0/24 dhcp-option-set="VMNets UEFI Boot" gateway=192.170.1.1 netmask=24 next-server=192.168.1.124
add address=192.171.1.0/24 dhcp-option-set="VMNets UEFI Boot" gateway=192.171.1.1 netmask=24 next-server=192.168.1.124
add address=192.172.1.0/24 dhcp-option-set="VMNets UEFI Boot" gateway=192.172.1.1 netmask=24 next-server=192.168.1.124
add address=192.173.1.0/24 dhcp-option-set="VMNets UEFI Boot" gateway=192.173.1.1 netmask=24 next-server=192.168.1.124
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall address-list
add address=192.168.1.118 list=LanServers
add address=192.168.1.119 list=LanServers
add address=192.168.1.120 list=LanServers
add address=192.168.1.121 list=LanServers
add address=192.168.1.125 list=LanServers
add address=192.168.1.126 list=LanServers
add address=192.168.1.130 list=LanServers
/ip firewall filter
add action=jump chain=forward comment="jump to kid-control rules" jump-target=kid-control
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=accept chain=input dst-port=53 in-interface-list=LAN protocol=udp
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
in-interface-list=WAN
add action=drop chain=forward disabled=yes dst-port=443 in-interface=bridge out-interface=lte1 protocol=tcp src-address-list=LanServers
add action=drop chain=forward disabled=yes dst-address-type="" dst-port=443 in-interface=vlan2 out-interface=lte1 protocol=tcp
add action=drop chain=forward disabled=yes dst-port=443 in-interface=vlan3 out-interface=lte1 protocol=tcp
add action=drop chain=forward disabled=yes dst-port=443 in-interface=vlan4 out-interface=lte1 protocol=tcp
add action=drop chain=forward disabled=yes dst-port=443 in-interface=vlan5 out-interface=lte1 protocol=tcp
add action=drop chain=forward disabled=yes dst-port=443 in-interface=vlan6 out-interface=lte1 protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=192.168.1.1 dst-port=53 layer7-protocol=home.local new-connection-mark=\
home.local-forward protocol=tcp
add action=mark-connection chain=prerouting dst-address=192.168.1.1 dst-port=53 layer7-protocol=home.local new-connection-mark=\
home.local-forward protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new in-interface=lte1 new-connection-mark=LTE_conn
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new in-interface=ether5 new-connection-mark=EE_conn
add action=mark-routing chain=output connection-mark=LTE_conn new-routing-mark=LTE
add action=mark-routing chain=output connection-mark=EE_conn new-routing-mark=EE
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local in-interface-list=LAN \
new-connection-mark=LTE_conn per-connection-classifier=src-address-and-port:2/0 src-address-type=""
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local in-interface-list=LAN \
new-connection-mark=EE_conn per-connection-classifier=src-address-and-port:2/1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=lte1
add action=dst-nat chain=dstnat connection-mark=home.local-forward to-addresses=192.168.1.130
add action=masquerade chain=srcnat connection-mark=home.local-forward
/ip route
add disabled=no distance=2 dst-address=0.0.0.0/32 gateway=8.8.8.8 pref-src=0.0.0.0 routing-table=LTE scope=30 suppress-hw-offload=no \
target-scope=32
add disabled=no distance=1 dst-address=8.8.8.8/32 gateway=lte1 pref-src=0.0.0.0 routing-table=LTE scope=30 suppress-hw-offload=no \
target-scope=31
add check-gateway=ping disabled=no distance=4 dst-address=0.0.0.0/32 gateway=8.8.4.4 pref-src=0.0.0.0 routing-table=EE scope=30 \
suppress-hw-offload=no target-scope=38
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=lte1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=8.8.4.4/32 gateway=ether5 pref-src=0.0.0.0 routing-table=EE scope=30 \
suppress-hw-offload=no target-scope=37
/ip service
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/London
/system leds settings
set all-leds-off=after-1h
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system scheduler
add interval=1d name=reboot-1am on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=apr/22/2024 start-time=01:00:00
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "
/tool graphing
set store-every=24hours
/tool graphing interface
add interface=lte1
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sms
set port=lte1
/tool sniffer
set memory-limit=1000KiB
/tool traffic-monitor
add interface=vlan2 name=tmon1
[admin@MikroTik] /terminal>
1. No LAN client is able to ping the “copper” WAN side 192.168.254.253 and 192.168.254.254 both fail but 192.168.254.250 (ether5 on the router) works ok.
2. From a terminal session on Mikrotik ping 192.168.254.250, 192.168.254.253 and192.168.254.254 all working, but beyond that fails. ISP DNS, 8.8.8.8, 8.8.4.4 all fail [with LTE disabled leaving only copper up to transmit from].
3. When I check "log" on the four default drop rules, no log is generated – so no packets are being dropped – I suspect this is because I am generating ICMP traffic for which there is a rule to accept.
4. When connected to the ADSL router either with ethernet or via its WIFI all expected WAN connections are working.
What do I need help with ?
I can’t use the new copper internet via PCC as I would like, this is the main issue I want to fix.
If I disable the LTE1 interface the WAN goes offline and does not fail over.
As far as I can tell, the problem is that packets from the LAN do not get routed to ether5 default gateway. As far as I can tell this is not because they are being dropped by the firewall. I am wondering what other information I could provide to shed further light on the problem and whether the problem lies in the way I have set up the addresses and or routes or is in fact a problem I am as of yet unaware of?
Finally I am attaching a couple of screen shots from the Winbox as sometimes this is quicker than reading a lot of text.
Thanks for all previous replies and any pointers or tips offered on this problem.
You do not have the required permissions to view the files attached to this post.
Re: Combining LTE and ADSL
Provided you setup the wireless bridge correctly as WAN ... did you carefully watch that video K0NCTANT1N provided ?
It does work but you REALLY need to pay very close attention to what is being said AND shown !
I had to watch it 3 times before I got all missing parts when setting it up on AC3 LTE using cable modem and LTE in PCC.
That setup doesn't care if the WAN access is wire, wifi, LTE, ... whatever.
PS your last post should have been your first in this thread. EXCELLENT problem description !
It does work but you REALLY need to pay very close attention to what is being said AND shown !
I had to watch it 3 times before I got all missing parts when setting it up on AC3 LTE using cable modem and LTE in PCC.
That setup doesn't care if the WAN access is wire, wifi, LTE, ... whatever.
PS your last post should have been your first in this thread. EXCELLENT problem description !
Re: Combining LTE and ADSL
Thank you, only three times? You must be a clever chap, I watched parts of it over 20 times I think and completely agree that close attention is required.
I am wondering how if it would be possible to ping the ISP ADSL modem address from Terminal if the bridge was not working? So that makes me think that is working.
One more screen grab I forgot to add before.
This shows the rules are working, but what's happening is that while the connections are being marked, they are all failing back to the LTE side since the "EE" side is down - I can see that in the Mangle statistics.
What I particularly notice is that the packet count is broadly equal but the byte count is nothing for the EE side and all on the LTE side [highlighted line].
I am wondering how if it would be possible to ping the ISP ADSL modem address from Terminal if the bridge was not working? So that makes me think that is working.
One more screen grab I forgot to add before.
This shows the rules are working, but what's happening is that while the connections are being marked, they are all failing back to the LTE side since the "EE" side is down - I can see that in the Mangle statistics.
What I particularly notice is that the packet count is broadly equal but the byte count is nothing for the EE side and all on the LTE side [highlighted line].
You do not have the required permissions to view the files attached to this post.
Last edited by yinmeout on Mon May 13, 2024 4:57 pm, edited 1 time in total.
Re: Combining LTE and ADSL
Your ether5 is not defined as WAN ?
Why not ?
And why not use default srcnat rule for interface-list WAN ?
Why not ?
And why not use default srcnat rule for interface-list WAN ?
Re: Combining LTE and ADSL
The reason for ether5 not being in WAN and the modification of the default srcnat rule is to avoid packets destined for transmission over the Copper WAN from being Nat'd as they leave the Mikrotik "WAN" [for which there is a mangle NAT rule] and then being Nat's a second time as they are transmitted outward from the copper ADSL modem.
I could since I have now modified the Nat Mangle rule, but Ether5 back into "WAN". But if I do that I am sure whether I would then need to remove it from "LAN". If I remove it from LAN the rule which drops all input not coming from LAN would then be true and drop those input frames.
Therefore, until I get more vision on the matter, these are my deductions.
Many thanks again
I could since I have now modified the Nat Mangle rule, but Ether5 back into "WAN". But if I do that I am sure whether I would then need to remove it from "LAN". If I remove it from LAN the rule which drops all input not coming from LAN would then be true and drop those input frames.
Therefore, until I get more vision on the matter, these are my deductions.
Many thanks again
Re: Combining LTE and ADSL
That drop rule will only be effective for connections coming straight in.
If they first go out, they are established, return packages are therefor not new and will be accepted.
IMHO ether5 should be considered WAN, not LAN.
If they first go out, they are established, return packages are therefor not new and will be accepted.
IMHO ether5 should be considered WAN, not LAN.
Re: Combining LTE and ADSL
Thank you accepted and understood.
I have removed ether5 from LAN and added it to WAN.
Still no ping from an ethernet connected client out on the copper side - but still pinging fine from the Terminal screen
[admin@MikroTik] > ping 192.168.254.254
SEQ HOST SIZE TTL TIME STATUS
0 192.168.254.254 56 64 2ms54us
1 192.168.254.254 56 64 1ms715us
2 192.168.254.254 56 64 1ms693us
sent=3 received=3 packet-loss=0% min-rtt=1ms693us avg-rtt=1ms820us max-rtt=2ms54us
[admin@MikroTik] > ping 192.168.254.253
SEQ HOST SIZE TTL TIME STATUS
0 192.168.254.253 56 255 1ms249us
1 192.168.254.253 56 255 578us
sent=2 received=2 packet-loss=0% min-rtt=578us avg-rtt=913us max-rtt=1ms249us
[admin@MikroTik] >
Client on LAN - powershell [windows]
PS W:\Users\yinmeout> ping 192.168.254.254
Pinging 192.168.254.254 with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 192.168.254.254:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
PS W:\Users\yinmeout> ping 192.168.254.253
Pinging 192.168.254.253 with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 192.168.254.253:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
PS W:\Users\yinmeout> ping 192.168.254.250
Pinging 192.168.254.250 with 32 bytes of data:
Reply from 192.168.254.250: bytes=32 time<1ms TTL=64
Reply from 192.168.254.250: bytes=32 time<1ms TTL=64
Scratching head on already raw spot.
I have removed ether5 from LAN and added it to WAN.
Still no ping from an ethernet connected client out on the copper side - but still pinging fine from the Terminal screen
[admin@MikroTik] > ping 192.168.254.254
SEQ HOST SIZE TTL TIME STATUS
0 192.168.254.254 56 64 2ms54us
1 192.168.254.254 56 64 1ms715us
2 192.168.254.254 56 64 1ms693us
sent=3 received=3 packet-loss=0% min-rtt=1ms693us avg-rtt=1ms820us max-rtt=2ms54us
[admin@MikroTik] > ping 192.168.254.253
SEQ HOST SIZE TTL TIME STATUS
0 192.168.254.253 56 255 1ms249us
1 192.168.254.253 56 255 578us
sent=2 received=2 packet-loss=0% min-rtt=578us avg-rtt=913us max-rtt=1ms249us
[admin@MikroTik] >
Client on LAN - powershell [windows]
PS W:\Users\yinmeout> ping 192.168.254.254
Pinging 192.168.254.254 with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 192.168.254.254:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
PS W:\Users\yinmeout> ping 192.168.254.253
Pinging 192.168.254.253 with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 192.168.254.253:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
PS W:\Users\yinmeout> ping 192.168.254.250
Pinging 192.168.254.250 with 32 bytes of data:
Reply from 192.168.254.250: bytes=32 time<1ms TTL=64
Reply from 192.168.254.250: bytes=32 time<1ms TTL=64
Scratching head on already raw spot.