A MikroTik Help

Mahfuz_SS_EHL

Hello,

Suppose, I have 3 Uplinks as PPPoE Interface & I have 3 Wifi Routers connected in a Managed Switch by 3 VLANs from MikroTik. The Wifi Routers have different subnets.

Now, I want to filter traffic from each subnet & pass through different PPPoE interfaces. How can I achieve this ??

If you can't see the image: https://pasteboard.co/3MPUEOPZcMI9.png

adns

Hello,

One solution is that use routing tables. I'll write the config for one interface, you can multiply this. There are other ways (e.g. packet marking), however, I think that it is the most simple way. Firstly you will create interfaces, routing tables for each network and after that, routing table for it. When PPPoE IF reconnects, it will update the IPs in the routing table. It works well for me.

/interface bridge
add name=bridge1 protocol-mode=stp vlan-filtering=yes
/interface vlan
add interface=bridge1 name=p1-vlan vlan-id=40
/ppp profile
add change-tcp-mss=yes name=pppoe-in-1-profile on-up=pppoe-in-1-up
/interface pppoe-client
add disabled=no interface=ether1 name=pppoe-in-1 \
    password=supersecret profile=pppoe-in-1-profile user=username
/routing table
add fib name=pppoe-1-table
/ip address
add address=172.17.40.1/24 interface==p1-vlan network=172.17.40.0
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-in-1 \
    src-address=172.17.40.0/24
/ip route
add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-in-1 \
    routing-table=pppoe-1-table
/routing rule
add action=lookup-only-in-table disabled=no src-address=172.17.40.0/24 table=\
    pppoe-1-table
add action=lookup-only-in-table comment=incoming disabled=no dst-address=\
    1.1.1.1 table=pppoe-1-table
add action=lookup-only-in-table comment=outgoing disabled=no src-address=\
    1.1.1.1 table=pppoe-1-table
/system script
add dont-require-permissions=no name=pppoe-in-1-up policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    Store WAN IP in an address list\
    \n#It helps you to use different routing table\
    for if with dynamic ip\
    \n{\
    \n#WAN IF name\
    \n:local wanif \"pppoe-in-1\"\
    \n#routing table\
    \n:local tablename \"pppoe-1-table\"\
    \n#list name\
    \n:local listname \"pppoe-1-addr\"\
    \n/interface/pppoe-client/monitor \$wanif once do={ :if (\$status= \"conne\
    cted\") do={\
    \n    :global ipaddress [/ip/address/get [find interface=\"\$wanif\"] addr\
    ess ]; \\\
    \n    :global pureipaddress [:pick \$ipaddress -1 [:find \$ipaddress \"/\"\
    \_-1] ]; \\\
    \n    :log info \"The new IP \$ipaddress on interface \$wanif replaced the\
    \_old IP on the address list \$listname\"; \\\
    \n    :execute [/ip/firewall/address-list/remove [find list=\"\$listname\"\
    \_comment=\"\$wanif\"]]; \\\
    \n    :execute [/ip/firewall/address-list/add list=\"\$listname\" comment=\
    \"\$wanif\" address=\$ipaddress timeout=\"10w\"]; \\\
    \n    :execute [/routing/rule/set [find table=\"\$tablename\" comment=\"in\
    coming\"] dst-address=\"\$pureipaddress\"]; \\\
    \n    :execute [/routing/rule/set [find table=\"\$tablename\" comment=\"ou\
    tgoing\"] src-address=\"\$pureipaddress\"]; \\\
    \n    }; }\
    \n}"

Maounique

@Mahfuz_SS_EHL said: Now, I want to filter traffic from each subnet & pass through different PPPoE interfaces. How can I achieve this ??

If I am understanding this correctly, then you need VLANs.

@adns said: There are other ways (e.g. packet marking),

Mahfuz_SS_EHL

@Maounique said: If I am understanding this correctly, then you need VLANs.

Subnets are already assigned to VLANs.

Maounique

@Mahfuz_SS_EHL said: Subnets are already assigned to VLANs.

Then why do you need to filter traffic? Just arrange each subnet to go to the corresponding exit.
If you need some exceptions, then you can route between the subnets and write special rules for every machine which needs an exception, add a route for that.

Mahfuz_SS_EHL

@Maounique said:
Just arrange each subnet to go to the corresponding exit.

This is what I'm looking for.

Maounique

@Mahfuz_SS_EHL said: This is what I'm looking for.

So you already have the VLANs, then there is nothing left to do, just put in each vm or device in the VLAN the gateway for that VLAN (which should be in the VLAN in the first place), problem solved.

Mahfuz_SS_EHL

@Maounique said:

@Mahfuz_SS_EHL said: This is what I'm looking for.

So you already have the VLANs, then there is nothing left to do, just put in each vm or device in the VLAN the gateway for that VLAN (which should be in the VLAN in the first place), problem solved.

Yes, there is the VLAN gateway but how to put each VLAN to passthrough into a specific PPPoE Interface, I was looking for that.

DDOSTECH

Hi, you can create VRF for each vlan on MikroTiK router. Then you can write a static route from the servers on the VLAN side to the gateway of each VRF. You will need to create ACL and do NAT as well.

Croissant

If you have static IPs on the pppoe interfaces just src nat each subnet to it.
if not then you can mark routing in mangle and set routing rules to assign traffic to each gateway

Croissant

just throwing it out there is case you need it, i just upgraded to V7 because wireguard

and as a bonus you dont need mangle anymore to do what you want just create a custom table add the gateway ( pppoe int) to it and then create a simple rule with source being your subnet and specify look only in table then done
you can route as many subnets as you want will little ovehead and assign subnet specific routing rules. i just switched to this to test it out