NAT Failover

winanjaya · January 6, 2016, 5:59am

I have 2 WAN (Eth1 & Eth2), How to setup NAT failover in Mikrotik?

Eth0 → 10.100.100.3/24
Eth1 → ISP 1 (202.a.b.c) Primary
Eth2 → ISP 2 (203.d.e.f) Secondary

I want to nat mail server (10.100.100.5) to ISP1 202.a.b.c and ISP2 203.d.e.f
when ISP1 goes down then ISP2 will take over..

any body has experienced on this?

macgaiver · January 6, 2016, 8:00am

NAT is only “cosmetic feature” , it doesn’t decide where your traffic is going, you need to configure routing failover (or load balancing, or both). and configure NAT for both situations.

This might be good place to start:
http://wiki.mikrotik.com/wiki/Manual:PCC

Also some adjustments should be made in connection tracking. There are 2 common ways:

reduce connection timeouts, so that connections with old public IP expires faster
some script that clears conntrack on failover event.

ploquets · September 6, 2017, 6:55pm

The worst timeout is for TCP Established, which is set as 1d by default.
So, what would be the consequences of putting the TCP Established timeout like in 10 minutes, for example?

Here we are used to work with 2 or more recursive routes, with check gateway enabled…
What do you suggest about integrating this with a failover script to clear the conntrack table?

Thanks for your attention.