You'd assign the MACVLAN the public IP address "manually" in /ip/address, instead of using /ip/dhcp-client. For intents in the firewall/routing, it's a different layer2 interface – which means all example that expect an ethernet interface name, should work same with MACVLAN.
Hello Mr.Amm0, Hello for all..
Back to our discussion I applied MACVLAN setting today and that's work well, so I assign a static IP -(the second Public IP)- and also I created another routing rule -(I dublicate the already existed rule)- and also create a NAT rule because I want the
src-add=192.168.1.1/24 to use the first IP and the other
192.168.0.1/24 to use the Second.
but here is the -expected- issue:
I couldn't mark route to a specific Public IP, I mean know the traffic is routed sometime from Public 1 and sometime from Public 2 and that's make an issue with my dst-nat rules .
for more simplicity here is my configuration
Don't take this silly routing rule into account because it doesn't make any scense here but just I was trying.
# model = CCR2004-16G-2S+
# serial number =
/interface bridge
add name=bridge1
add name=bridge2
/interface macvlan
add disabled=no interface=ether1 mac-address= mode=private \
name=macvlan1
/interface list
add name=LAN
add name=WAN
/ip pool
add name=dhcp_pool0 ranges=192.168.0.100-192.168.0.200
add name=dhcp_pool1 ranges=192.168.1.100-192.168.1.200
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1 lease-time=3h name=dhcp1
add address-pool=dhcp_pool1 interface=bridge2 lease-time=3h name=dhcp2
/port
set 0 name=serial0
set 1 name=serial1
/routing table
add disabled=no fib name=85
add disabled=no fib name=WAN-84
add disabled=no fib name=WAN-85
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge2 interface=ether10
add bridge=bridge2 interface=ether11
add bridge=bridge2 interface=ether12
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
add interface=bridge2 list=LAN
/ip address
add address=192.168.0.1/24 interface=bridge1 network=192.168.0.0
add address=xx.xx.55.84/24 interface=ether1 network=xx.xx.55.0
add address=xx.xx.55.85/24 disabled=no interface=macvlan1 network=\
xx.xx.55.0
add address=192.168.1.1/24 interface=bridge2 network=192.168.1.0
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=xx.xx.xx.xx gateway=192.168.0.1
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set servers=8.8.8.8
/ip firewall filter
add action=accept chain=input comment=\
"\"defconf: accept established, related, untracked\"" \
connection-nat-state="" connection-state=established,related,untracked
add action=drop chain=input comment="\"defconf: drop invalid\"" \
connection-state=invalid
add action=accept chain=input comment="defcon: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback" \
dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf:accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"\"defconf: drop all from WAN not DSTNATed\"" connection-nat-state=\
!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/24 to-addresses=\
xx.xx.55.84
add action=src-nat chain=srcnat src-address=192.168.1.0/24 to-addresses=\
xx.xx.55.85
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xx.xx.55.1 \
pref-src="" routing-table=WAN-84 scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xx.xx.55.1 \
pref-src="" routing-table=WAN-85 scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no dst-address=0.0.0.0/0 gateway=185.24.62.1 routing-table=main \
suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/routing rule
add action=lookup disabled=yes src-address=192.168.0.1/24 table=WAN-84
add action=lookup disabled=yes src-address=192.168.1.1/24 table=WAN-85
any ideas on how to solve this issue..?
specifically what I want is to make bridge 1 use the first Public IP and bridge 2 use the second