Community discussions

MikroTik App
 
gableoley
just joined
Topic Author
Posts: 10
Joined: Wed Jun 08, 2016 9:10 pm

two wan failover (webserver access) HELP PLEASE!!!

Wed Jun 08, 2016 10:20 pm

I have two wan balancer with failover 750UP, but I can't access my webserver from outside (internet)

Local : 192.168.1.0/24  ip 192.168.1.254 Web Server IP 192.168.1.6

wan1 192.168.2.0/24 ip 192.168.2.1
wan2 192.168.3.0/24 ip 192.168.3.1

Thanks in advance

This wan have dynamic IP
Last edited by gableoley on Thu Jun 09, 2016 10:10 pm, edited 1 time in total.
 
jarda
Forum Guru
Forum Guru
Posts: 7763
Joined: Mon Oct 22, 2012 4:46 pm

Re: two wan failover (webserver access) HELP PLEASE!!!

Thu Jun 09, 2016 6:47 am

Looks like you don't have public ip.
 
gableoley
just joined
Topic Author
Posts: 10
Joined: Wed Jun 08, 2016 9:10 pm

Re: two wan failover (webserver access) HELP PLEASE!!!

Thu Jun 09, 2016 6:08 pm

Looks like you don't have public ip.
Well the public ip its given by the ISP and it's dynamic, are you talking about that public ip?
 
jarda
Forum Guru
Forum Guru
Posts: 7763
Joined: Mon Oct 22, 2012 4:46 pm

Re: two wan failover (webserver access) HELP PLEASE!!!

Sat Jun 11, 2016 1:36 pm

So how would you access your router from outside? Hope the mangling for the two wans work good so you need only the dst nat rule to redirect the selected port to internal address. That's all.
 
gableoley
just joined
Topic Author
Posts: 10
Joined: Wed Jun 08, 2016 9:10 pm

Re: two wan failover (webserver access) HELP PLEASE!!!

Sat Jun 11, 2016 10:36 pm

So how would you access your router from outside? Hope the mangling for the two wans work good so you need only the dst nat rule to redirect the selected port to internal address. That's all.
 
gableoley
just joined
Topic Author
Posts: 10
Joined: Wed Jun 08, 2016 9:10 pm

Re: two wan failover (webserver access) HELP PLEASE!!!

Sat Jun 11, 2016 11:25 pm

This is what I have so far and it's working, I can reach my webserver from outside and local network putting the dynamic address provide by the isp.. thanks in advance.

# jan/02/1970 21:17:00 by RouterOS 6.7
# software id = CAGZ-SXJ9
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether5 ] name=ether5-slave-local
set [ find default-name=ether4 ] name=local
set [ find default-name=ether2 ] name=wan1
set [ find default-name=ether3 ] name=wan2
/interface pppoe-client
add add-default-route=yes disabled=no interface=wan1 name=pppoe-wan1 password=xx use-peer-dns=yes user=xx
add add-default-route=yes disabled=no interface=wan2 name=pppoe-wan2 password=xx service-name=wan2 use-peer-dns=yes user=xx
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/ip pool
add name=CEDASAMK ranges=192.168.1.200-192.168.1.253
/ip dhcp-server
add address-pool=CEDASAMK disabled=no interface=local name=dhcp1
/ip address
add address=192.168.2.1/24 comment="default configuration" interface=wan1 network=192.168.2.0
add address=192.168.3.1/24 interface=wan2 network=192.168.3.0
add address=192.168.1.254/24 interface=local network=192.168.1.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=local
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" dns-server=192.168.1.254 gateway=192.168.1.254
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router
add address=192.168.1.254 name=router
/ip firewall address-list
add address=192.168.1.0/24 list=GW01_LAN
/ip firewall mangle
add chain=prerouting dst-address-list=GW01_LAN src-address-list=GW01_LAN
add action=mark-connection chain=forward connection-mark=no-mark in-interface=pppoe-wan1 new-connection-mark=ISP1_Conn passthrough=no
add action=mark-connection chain=forward connection-mark=no-mark in-interface=pppoe-wan2 new-connection-mark=ISP2_Conn passthrough=no

add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-wan1 new-connection-mark=ISP1_Conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-wan2 new-connection-mark=ISP2_Conn

add action=jump chain=prerouting connection-mark=no-mark in-interface=local jump-target=policy_routing
add action=mark-routing chain=prerouting connection-mark=ISP1_Conn new-routing-mark=ISP1-Traffic src-address-list=GW01_LAN
add action=mark-routing chain=prerouting connection-mark=ISP2_Conn new-routing-mark=ISP2-Traffic src-address-list=GW01_LAN

add action=mark-routing chain=output connection-mark=ISP1_Conn new-routing-mark=ISP1-Traffic
add action=mark-routing chain=output connection-mark=ISP2_Conn new-routing-mark=ISP2-Traffic

add action=mark-connection chain=policy_routing dst-address-type=!local new-connection-mark=ISP1_Conn per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=policy_routing dst-address-type=!local new-connection-mark=ISP2_Conn per-connection-classifier=both-addresses:4/1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-wan1
add action=masquerade chain=srcnat out-interface=pppoe-wan2

add action=dst-nat chain=dstnat in-interface=local protocol=tcp src-port=80 to-addresses=192.168.1.6 to-ports=80
add action=masquerade chain=srcnat dst-address=192.168.1.6 dst-port=80 out-interface=local protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat dst-address=dynamic ip dst-port=80 protocol=tcp to-addresses=192.168.1.6 to-ports=80

add action=masquerade chain=srcnat out-interface=wan1
add action=masquerade chain=srcnat out-interface=wan2
/ip route
add check-gateway=arp distance=1 gateway=pppoe-wan1 routing-mark=ISP1-Traffic
add check-gateway=arp distance=1 gateway=pppoe-wan2 routing-mark=ISP2-Traffic
add check-gateway=arp distance=2 gateway=pppoe-wan1
add check-gateway=arp distance=3 gateway=pppoe-wan2
/ip service
set www port=8080



gableoley:
So how would you access your router from outside? Hope the mangling for the two wans work good so you need only the dst nat rule to redirect the selected port to internal address. That's all.

Who is online

Users browsing this forum: No registered users and 21 guests