Hi all!
Can someone can validate config i wan to put in my router SVP?
I have two wan, one is fixed ip and the other is dhcp.
/ip route
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=ether1-public routing-mark=to-public1 scope=30 target-scope=10
add comment=“” disabled=no distance=10 dst-address=0.0.0.0/0 gateway=
ether6-public2-unlimited routing-mark=to-public1 scope=30 target-scope=10
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=ether6-public2-unlimited routing-mark=to-public2 scope=30 target-scope=10
add comment=“” disabled=no distance=10 dst-address=0.0.0.0/0 gateway=
ether1-public routing-mark=to-public2 scope=30 target-scope=10
/ip firewall mangle
add action=mark-connection chain=prerouting comment=“CM for public1” disabled=no
in-interface=ether3-inside-ospf new-connection-mark=to-public1 passthrough=yes
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment=“CM for public2” disabled=no
in-interface=ether3-inside-ospf new-connection-mark=to-public2 passthrough=yes
per-connection-classifier=both-addresses:2/1
/ip firewall nat
add action=masquerade chain=srcnat comment=“Masq for public1” disabled=no
out-interface=ether1-public
add action=masquerade chain=srcnat comment=“Masq for public2” disabled=no
out-interface=ether6-public2-unlimited
/ip firewall mangle
add action=mark-connection chain=prerouting comment=“CM for GW1” disabled=no
in-interface=ether3-inside-ospf new-connection-mark=to-public1 passthrough=yes
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment=“CM for GW2” disabled=no
in-interface=ether3-inside-ospf new-connection-mark=to-public2 passthrough=yes
per-connection-classifier=both-addresses:2/1
/ip firewall mangle
add action=mark-connection chain=output comment=“CM for public1 - output”
connection-mark=no-mark disabled=no new-connection-mark=to-public1 passthrough=
yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=output comment=“CM for public2 - output”
connection-mark=no-mark disabled=no new-connection-mark=to-public2 passthrough=
yes per-connection-classifier=both-addresses:2/1
/ip firewall mangle
add action=mark-connection chain=input comment="CM input public1 "
connection-mark=no-mark disabled=no in-interface=ether1-public
new-connection-mark=to-public1 passthrough=yes
add action=mark-connection chain=input comment=“CM input public2”
connection-mark=no-mark disabled=no in-interface=ether6-public2-unlimited
new-connection-mark=to-public2 passthrough=yes
/ip firewall mangle
add action=mark-routing chain=prerouting comment=“RM for public1”
connection-mark=to-public1 disabled=no in-interface=ether3-inside-ospf new-routing-mark=to-public1
passthrough=yes
add action=mark-routing chain=prerouting comment=“RM for public2”
connection-mark=to-public2 disabled=no in-interface=ether3-inside-ospf new-routing-mark=to-public2
passthrough=yes
Thanks!!
Patrick