I just noticed on our 3.0b6 unit that it appears to be ignoring the preferred source option on static routes, and is just using the ip of whatever interface it goes out of.

what configuration does it have? (ip and routes)

Basically we have two routers the same, except one is 2.9.38 or thereabouts, and the other is 3.0b6.

They both have two public interfaces, and a loopback, and a private side.
for example (not the real addresses obviously):
ether1 1.1.1.2
ether2 2.2.2.2
loopback 3.3.3.2
ether3: 192.168.1.1

there are default routes such that:
0.0.0.0 1.1.1.1 pref source 3.3.3.2
0.0.0.0 2.2.2.1 pref source 3.3.3.2

Then there is a firewall masquerade setup from the private side, which in the 2.9.38 case translates to 3.3.3.2 and goes out whichever public interface is available. But on the 3.0b6 router, it translates to the public ip of whichever interface its choosing to go out of.

Basically, we want the routers to have public addresses that are used for NAT and are independent of whichever physical interfaces happen to be up at the time. This is working on the 2.9.38 router by setting the pref source option, but not on the 3.0b6 router.

using masq or src-nat ? I just loaded b7 so I will test this later this afternoon.

Sam

Using chain srcnat with an action of masquerade.

Just a note that this still seems to be a problem in 3.0b7

has anyone found a solution? This is still a problem in routeros 3?

Thanks

I just found out that this seems to be a problem on 5.0RC4 with

- HotSpot
- on a Bridge port
- with multiple VLANs bridged
- with multiple IPs on the bridge port that have nothing to do with the HotSpot network

The pref source seems to be randomly mistaken. As verified with a sniff on the outgoing interface - the arp requests are asking for 192.168.x.a , tell

- HotSpot
- on a Bridge port

Not good idea.
HotSpot is applied per interface.

When you have such situation,

- with multiple IPs on the bridge port that have nothing to do with the HotSpot network

Separate HotSpot interface and other bridge port from the same bridge, when there is nothing to do with HotSpot.

Hello sergejs.

谢谢你的快速回复。

In the previous post I meant "on a bridge interface" and not "bridge port".

I did not put a separate HotSpot on each VLAN because I wanted to manage only one HotSpot (and save my efforts for banging my head with the User Manager v5rc4)

I added the VLANs to a bridge interface in the MT and I put forward filters so that no frames would be forwarded to/from each VLAN. The frames would only get to the MT itself (input bridge chain).

This enables me to have full control over the frames that reach the MikroTik and to have some Layer 2 security (no broadcasts pass over from VLAN to VLAN).

Right now I have a bridge interface that has the HotSpot enabled on it and it has only the HotSpot IP address and no other IP addresses. This hopefully gets rid of the mentioned problem with preferred source, seems working so far.

I hope this setup is "a good idea" ? If not - do tell how to change.

Thank you.

Right now I have a bridge interface that has the HotSpot enabled on it and it has only the HotSpot IP address and no other IP addresses. This hopefully gets rid of the mentioned problem with preferred source, seems working so far.

I hope this setup is "a good idea" ? If not - do tell how to change.

Yes, please report if you get any problems with the particular setup.