I’ve got two WAN connections in a failover configuration. But I also want to be able to accept connections destined for the backup’s IP, from the internet, when the primary connection is still active
I’ve build a configuration in a staging environment but this isn’t working, I can’t establish a connection to 1.1.1.2:23. Can anybody tell me what is wrong here?
/ip address
### WAN1 IP from DHCP client
add address=1.1.1.2/24 interface=ether2_WAN2 network=1.1.1.0
add address=2.1.1.1/24 interface=ether3_LAN network=2.1.1.0
/ip dhcp-client
add disabled=no interface=ether4_WAN1
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new \
in-interface=ether2_WAN2 new-connection-mark=CONMARK passthrough=yes
add action=mark-routing chain=prerouting connection-mark=CONMARK new-routing-mark=RMARK passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2_WAN2
add action=masquerade chain=srcnat out-interface=ether4_WAN1
add action=dst-nat chain=dstnat dst-port=23 in-interface=ether2_WAN2 protocol=tcp to-addresses=2.1.1.2
/ip route
### WAN1 route from DHCP client
add distance=1 gateway=1.1.1.1 routing-mark=RMARK
add distance=2 gateway=1.1.1.1