The reason resolve work because Mikrotik is a client behind the dongle network, thus the packet involved was only outgoing packet.
Forwarding on lte1 interface will be confusing cause duplicate route to internet. In your screenshot, active flag was on pppoe-out1 interface, so your connection will not go through lte1 interface.

Have you tried to disable the pppoe-out1 interface first then check whether internet works with lte?

If you want to test specific client to use on lte, you can try this
1. Disable add default route on dhcp client on lte1 interface

2. Add route to with
2.a Dst addr = 0.0.0.0/0
2.b Gateway = lte1
2.c Routing mark = lte_route (any name to be used later)


After fixing the route, next is prerouting decision what/when packet to go through this route in IP>Firewall>Mangle.
3. Then add new mangle rule with
3.a Chain = prerouting
3.b Action = mark routing
3.c New routing mark = lte_route (whatever routing mark set in 2.c)
3.d Src address = x.x.x.x (ip address)


Then the device with specified ip in mangle rule will be using the dongle internet, assuming you have added NAT masquerade rule for outgoing interface lte1, since you can open the dongle webUI.

I believe mac address seen by the dongle in the maxis router was at dhcp_USB_4G. Try put that mac address into lte interface in Mikrotik.

Maybe. Try putting the mac address into that bridge and dhcp client interface point to that bridge.

I think lte interface can be added as port into the bridge. Just create a new bridge then add the lte interface as port. No need of dummy interface in between.

This post has been edited by pacat: Sep 23 2020, 09:41 AM

Yup maybe can try set passthrough to bridgeLTE interface.
https://help.mikrotik.com/docs/display/ROS/...sthroughExample

Have you put the mac address into bridgeLTE's mac address? Passthrough mac address is only a filter to pass a client's mac address to the dongle (in case the interface connected to multiple hosts).

Searching for your dongle vid and pid leads to this https://www.development-cycle.com/2017/04/2...e-mf823-inside/. Though not same as yours, is it able to telnet into? Password might not be same.

USB dongle connected to PC or router?


Try with this https://github.com/sta-c0000/tpconf_bin_xml

Try these commands

https://gist.github.com/Anime4000/38db42c2e...-conf-xml-L2291
Take note remote syslog to their server was enabled.

The dongle nat iptables might be created specifically for that hostname, or created upon successful assignment of an ip with that hostname. Still better than mac address since it can change.

Should be enough. Depend on how long you can tolerate downtime before pppoe-out1 interface timeout. Only then will the route via pppoe-out1 removed and route via lte1 become active.

But when pppoe-out1 up again, default route via pppoe-out1 will not active, like current lte1 default route. Only after lte1 reconnected will pppoe-out1 route become active again.

This post has been edited by pacat: Sep 26 2020, 09:53 PM

Yes keep it simple. Less time to troubleshoot in the future.

Unless you can setup vlan 822 in your sfp, I do not know any workaround to make it faster. Is there any vlan config found in backup config file? Or any way to configure vlan using telnet?

To make maxis router to retry dhcp again, try adding script onto bridge822 interface dhcp client. This script will disable and enable ether2 (I think this is where your maxis router located) interface with 5 seconds delay

Or use this command

Should be possible. Just add masquerade rule on outgoing interface of your vlan1.822. For DMZ just dst-nat the in-interface vlan1.822 to the ip gotten by voip interface in maxis router.

To ensure all traffic from vlan2.822 to go through vlan1.822, we need add mangle rules to mark the routing-mark to use the specified route

Also can. But maxis SIP use fqdn in their OutboundProxy (homegw01.maxis.com.my), so need to resolve to know the ip address. Resolve using dns from vlan822 dhcp to get ip to route to vlan822, resolve using public dns will get public ip that can be connected using regular internet.

Any info on VLAN_MANU_MODE?
What happen when set VLAN_MANU_MODE to 1 (Tagging). Any difference in webUI?
Can extract /home/httpd/web from the stick?

This post has been edited by pacat: Oct 3 2020, 04:37 PM

Try resolve homegw01.maxis.com.my with vlan822 dns server. Is it same as public one?

Mine