Improved Netwatch

Caci99 · October 3, 2007, 10:18am

Hi guys
In wiki I found a script which would improve the netwatch with the fail over option.
I wanted to implement it in my router, with problem encoutered though, which I hope can solve in here. Here is the script if the line is down:

:local i 0; {:do {:set i ($i + 1)} while (($i < 5) && ([/ping http://www.google.com src-address 80.70.xx.xx interval=3 count=1]=0)};
:if ($i=5 && [/ip route get [find comment=“Default Route”] distance]=1) do={:log info “Main Gateway down”;
/ip route set [find comment=“Default Route”] distance=3}

Here is the script when the Line is back again:

:local i 0; {:do {:set i ($i + 1)} while (($i < 5) && ([/ping http://www.google.com src-address 80.70.xx.xx interval=3 count=1]=1)};
:if ($i=5 && [/ip route get [find comment=“Default Route”] distance]=3) do={:log info “Main Gateway up”;
/ip route set [find comment=“Default Route”] distance=1}

Now, I have a router with two WAN Interfaces. In the \ip route I have established two routes
the first one points to interface WAN1 with distance 1:

A S ;;; Default Route
0.0.0.0/0 r 80.70.xxx.xxx 1 Wan1

the other one points to interface WAN2 with distance 2:

S 0.0.0.0/0 r 192.168.xxx.xxx 2 Wan2

No the problem is, while the first script will work fine, so when it finds that the Line on WAN1
is down and will change it’s distance into 3, the second script wouldn’t do the reverse, because while the distance is 3 this script would not ping through that route giving always
a time out although the line is back

Caci99 · October 3, 2007, 2:44pm

this was wrong , so I deleted it

Caci99 · October 3, 2007, 2:45pm

As I mentioned above I think the problem is after executing script1 which would chenge the default route:

before script1

;;; Default Route
A S 0.0.0.0/0 r 80.70.xxx.xxx 1 Wan1
S 0.0.0.0/0 r 192.168.xxx.xxx 2 Wan2

after script1

;;; Default Route
S 0.0.0.0/0 r 80.70.xxx.xxx 3 Wan1
AS 0.0.0.0/0 r 192.168.xxx.xxx 2 Wan2

I think I got around this somehow:

Add a firewall mangle like this

chain=output src-address=80.70.xxx.xxx protocol=icmp packet-size=64
action=mark-connection new-connection-mark=Test passthrough=yes

chain=output connection-mark=Test action=mark-routing
new-routing-mark=Test passthrough=no

then go to \ip route and add the following

A S dst-address=0.0.0.0/0 gateway=80.70.xxx.xxx interface=Wan1
gateway-state=reachable distance=1 scope=255 target-scope=10
routing-mark=Test

this way I am sure that pinging http://www.google.com would go through interface Wan1,
but don’t forget to place in the scripts the src-address which should be that of the Wan1

Please, make your comments, this is an attempt which worked fine for me
but I want to know your opinion

Thanks, Toni

Caci99 · October 11, 2007, 11:18am

Yesterday I experienced the first fail of the configuration I made.
You can see that I ping http://www.google.com, and when WAN1 went down
the script didn’t worked. So I tried a ping from the console to find out
that the router wasn’t able to find the IP address, thus halting the script.
It surprised me because all the other times it had worked fine.

So, I looked at the casche of DNS tind out that http://www.google.com was a CNAME
resolving to http://www.l.google.com which was an A Record. So I replaced “www.google.com”
with “www.l.google.com”

Let’s see how it will work