here is the diagram of my current setup
all ports are master of its own
both router’s ether2 have a static route to opposite side router
both router have a masquerad rule with out interface ether1
now the question is, is this setup is okay and rock solid?
is there any chance of leaking my internet to my friend or vice versa?
is there any chance of leaking my isp subnet to my friend or vice versa.
by the way,
the goal is accessing each others subnet
thanks and regards
anyone? please help me.
It seems that what you are doing should work just fine. If you and your friend want to set up failover through each others ISPs it is possible if a gateway is added. Without a default gateway pointing at each others routers you will not be sharing internet connections.
It looks very good. I love this design. I dont know if you have bandwidth control, priorities and something else. But this is a normal setup for that.
hmm.
thanks for the replys. but you already told me the main problem. now can you help me in that case.
how can i block that internet leaking to my friend if he set his gateway as my ether2 ip address.
This should do the trick:
/ip firewall filter add chain=forward action=drop in-interface=ether2 out-interface=ether1
That will add a filter rule dropping packets from your friends subnet to your isp.