Model: rb750r2
RouterOS: 6.49.8
Hey,
I’ve got the attached config used to failover between 2 WANs on ether1 and ether5. The failover works, but the netwatch doesn’t send emails when connection’s down and when it comes back on (mail credentials are good).
Any ideas?
/interface bridge
add admin-mac=6C:3B:6B:16:FB:E9 auto-mac=no comment=\
"created from master port" name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
6C:3B:6B:16:FB:E8 name=ether1-gateway
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
6C:3B:6B:16:FB:E9
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
6C:3B:6B:16:FB:EA
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
6C:3B:6B:16:FB:EB
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
6C:3B:6B:16:FB:EC name=ether5-gateway
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=10.9.10.10-10.9.10.80
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay disabled=no \
interface=bridge1 name=defconf
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=bridge1 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=bridge1 list=mactel
add interface=bridge1 list=mac-winbox
add interface=ether1-gateway list=WAN
/ip address
add address=10.9.10.1/24 comment=defconf interface=bridge1 network=10.9.10.0
add address=192.168.7.2/24 interface=ether1-gateway network=192.168.7.0
add address=192.168.8.2/24 comment=3G interface=ether5-gateway network=\
192.168.8.0
/ip dhcp-server network
add address=10.9.10.0/24 comment=defconf gateway=10.9.10.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=10.9.10.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=accept chain=input comment="wan ssh" dst-port=6222 protocol=tcp
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=ether1-gateway
add action=drop chain=input comment="defconf: drop all from WAN2" \
in-interface=ether5-gateway
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1-gateway
add action=drop chain=forward comment=\
"defconf: drop all from WAN2 not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether5-gateway
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway
add action=drop chain=forward comment="default configuration WAN2" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether5-gateway
add action=drop chain=output comment=\
"Drop pings to 8.8.8.8 if they go through PROVIDER2" dst-address=8.8.8.8 \
out-interface=ether5-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="defconf: masquerade WAN2" \
out-interface=ether5-gateway
/ip route
add comment=PROVIDER1 distance=1 gateway=192.168.7.1 scope=11
add comment=PROVIDER2 distance=10 gateway=192.168.8.1
add comment="Force test pings through PROVIDER1" distance=1 dst-address=\
8.8.8.8/32 gateway=192.168.7.1
/ip service
set telnet disabled=yes
set ssh port=6222
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Bucharest
/system ntp client
set enabled=yes primary-ntp=84.232.245.55 secondary-ntp=82.77.52.43
/tool e-mail
set address=mail-server-ip from=mail@mail.com password=password \
start-tls=yes user=mail@mail.com
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool netwatch
add comment=CheckCon down-script="/ip route set [find comment=\"PROVIDER1\"] d\
istance=20\
\n/ip route set [find comment=\"PROVIDER2\"] disabled=no\
\n/tool e-mail send to=\"admin@mail.com\" body=\"Connection with PROVIDER\
1 Lost, Switched to PROVIDER2 \" subject=\"LOCATION\
\_Lost connection with PROVIDER1 \"\
\n/ ip firewall connection remove [find dst-address=\"VPN-IP\"]" \
host=8.8.8.8 interval=5s timeout=2s up-script="/ip route set [find comment\
=\"PROVIDER1\"] distance=1\
\n/ip route set [find comment=\"PROVIDER2\"] disabled=no\
\n/tool e-mail send to=\"admin@mail.com\" body=\"Connection with PROVIDER\
1 Regained, Switched back to PROVIDER1\" subject=\"LOCATION \
Regained connection with PROVIDER1\"\
\n/ip firewall connection remove [find dst-address=\"VPN-IP\"]"
Cheers,
Alex