2 WAN, only FAILOVER

pandiadi · July 6, 2013, 9:06pm

Hi

I have got a problem with failover feature.

ISP1-------------------------- (Public IP)
RB LAN 10.11.0.5:443
ISP2—Router-----------(192.168.0.0/24)

I would like run (etc.) https services on both ISP connection but doesen’t work.

I use these properties:

mange

0 chain=prerouting action=mark-connection new-connection-mark=ISP2_conn passthrough=yes in-interface=ether2-WAN2

1 chain=prerouting action=mark-connection new-connection-mark=ISP1_conn passthrough=yes in-interface=INET-VLAN

2 chain=output action=mark-routing new-routing-mark=ISP2_rout passthrough=no connection-mark=ISP2_conn

3 chain=output action=mark-routing new-routing-mark=ISP1_rout passthrough=yes connection-mark=ISP1_conn

route

0 A S dst-address=0.0.0.0/0 gateway=192.168.0.10 gateway-status=192.168.0.10 reachable via ether2-WAN2 distance=1 scope=30
target-scope=10 routing-mark=ISP2_rout

1 A S dst-address=0.0.0.0/0 gateway=a.b.c.222 gateway-status=82.141.136.222 reachable via INET-VLAN distance=1 scope=30
target-scope=10 routing-mark=ISP1_rout

2 A S dst-address=0.0.0.0/0 gateway=a.b.c.222 gateway-status=a.b.c.222 reachable via INET-VLAN distance=1 scope=30
target-scope=10

3 S dst-address=0.0.0.0/0 gateway=192.168.0.10 gateway-status=192.168.0.10 reachable via ether2-WAN2 distance=2 scope=30
target-scope=10

I create the needed DNAT and MASQ rules to both interface but doesen’t work on ISP2 interface. Work only on ISP1.

What am i doing wrong?

THX

ahmedramze · July 16, 2013, 11:12am

You looking for Failover not for load balance.

No need to these scripts just need to monitor the ISP with DNS and change route according to failures WAN only 7 lines.

WAN1 192.168.1.2/24 with gateway 192.168.1.1 ISP1
WAN2 192.168.2.2/24 with gateway 192.168.2.1 ISP2

/ip address add address=192.168.1.2/24 interface=WAN1
/ip address add address=192.168.2.2/24 interface=WAN2

ISP1 will be the Main and ISP2 will be the Backup , now route all traffic into ISP1

/ip route add gateway=192.168.1.1

Now Set monitor IP of WAN1 will use public DNSs like 8.8.8.8 , 8.8.4.4

/ip route add dst-address=8.8.8.8 gateway=192.168.1.1 commit=ISP1

/tool netwatch
add down-script=ISP1_Down host=8.8.8.8 interval=10s timeout=500ms up-script=ISP1_UP

/system script
add name=ISP1_Down  source="ip route set [/ip route find dst-address=0.0.0.0/0]  gateway=192.168.2.1"
add name=ISP1_UP  source="ip route set [/ip route find dst-address=0.0.0.0/0]  gateway=192.168.1.1"

This I tested and work 100%

if you looking for Load Balancing its different code.

pandiadi · July 17, 2013, 7:10pm

Hi!

Thank you for your reply!

Yes, fail over, not load balancing but not only outgoing!

Failover incoming traffic same time both ISP connections!!!

etc.: terminal server on ISP1 and ISP2.