Community discussions

MikroTik App
 
vanthoi
just joined
Topic Author
Posts: 7
Joined: Sun Jan 06, 2019 6:12 pm

Forcing single URL to use specific WAN

Mon Jan 14, 2019 12:31 pm

Hi everybody.

I am currently balancing the load of 6 wan lines.
Everything else is fine. Except I have a mail server located outside the LAN, it generates a sesion error logging with the web browser. This mail server only allows one IP connection per login. Because I have 6 network connections. So it has many IPs connecting to the mail server. So generate the "session expired login mail kerio connect" error

Now there is a way for me to fix my mail: mail.mydomain.com address only to go through wan1, not allowed to go through other wan lines.
I have followed the instructions: https://wiki.mikrotik.com/wiki/Policy_Base_Routing
But nothing has changed.

Thank you!
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Forcing single URL to use specific WAN

Mon Jan 14, 2019 1:00 pm

Hey

Please post what you have done / tried already. What are the ip's involved? What is your current routing table like? Any routing mangling applicable?
 
WeWiNet
Long time Member
Long time Member
Posts: 591
Joined: Thu Sep 27, 2018 4:11 pm

Re: Forcing single URL to use specific WAN

Mon Jan 14, 2019 1:23 pm

With HTTPS you can not mark URL anymore easily with filter rule matching URL text. Even the TLS filter does not work reliably.
If you use such a key word to look for and mark connection I am pretty sure that is reason it does not work.
 
vanthoi
just joined
Topic Author
Posts: 7
Joined: Sun Jan 06, 2019 6:12 pm

Re: Forcing single URL to use specific WAN

Tue Jan 15, 2019 4:39 am

Hey

Please post what you have done / tried already. What are the ip's involved? What is your current routing table like? Any routing mangling applicable?
I just started with Mikrotik so I don't understand much. Trying to study but seems a bit difficult.
This is my entire current configuration
/interface bridge
add arp=proxy-arp dhcp-snooping=yes igmp-snooping=yes name=LAN
/interface ethernet
set [ find default-name=ether1 ] comment=WAN1-Viettel1 speed=100Mbps
set [ find default-name=ether2 ] comment=WAN2-Viettel2 speed=100Mbps
set [ find default-name=ether3 ] comment=WAN3-VNPT1 speed=100Mbps
set [ find default-name=ether4 ] comment=WAN4-VNPT2 speed=100Mbps
set [ find default-name=ether5 ] comment=WAN5-FPT1 mac-address=C4:71:54:3C:6B:D2 speed=100Mbps
set [ find default-name=ether6 ] comment=WAN6-FPT2 mac-address=C4:71:54:3C:72:E6 speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=sfp-sfpplus1 ] advertise=10M-full,100M-full,1000M-full
set [ find default-name=sfp-sfpplus2 ] advertise=10M-full,100M-full,1000M-full
/interface pppoe-client
add allow=pap,chap disabled=no interface=ether1 max-mru=1480 max-mtu=1480 name=pppoe-out1 password=pass1 user=account1
add allow=pap,chap disabled=no interface=ether2 max-mru=1480 max-mtu=1480 name=pppoe-out2 password=pass2 user=account2
add allow=pap,chap disabled=no interface=ether3 max-mru=1480 max-mtu=1480 name=pppoe-out3 password=pass3 user=account3
add allow=pap,chap disabled=no interface=ether4 max-mru=1480 max-mtu=1480 name=pppoe-out4 password=pass4 user=account4
add allow=pap,chap disabled=no interface=ether5 max-mru=1480 max-mtu=1480 name=pppoe-out5 password=pass5 user=account5
add allow=pap,chap disabled=no interface=ether6 max-mru=1480 max-mtu=1480 name=pppoe-out6 password=pass6 user=account6
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=172.16.0.101-172.16.3.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=LAN lease-time=1h name=dhcp1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=LAN interface=ether7
add bridge=LAN interface=ether8
/ip address
add address=172.16.0.1/22 interface=LAN network=172.16.0.0
/ip dhcp-server network
add address=172.16.0.0/22 gateway=172.16.0.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip dns static
add address=8.8.8.8 name=google
add address=172.16.0.1 name=router
/ip firewall address-list
add address=112.213.90.70 list=Mail
/ip firewall mangle
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out5 new-connection-mark=wan5 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out6 new-connection-mark=wan6 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out5 new-connection-mark=wan5 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out6 new-connection-mark=wan6 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out5 new-connection-mark=wan5 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out6 new-connection-mark=wan6 passthrough=yes
add action=mark-routing chain=output connection-mark=wan1 new-routing-mark=static-wan1 passthrough=no
add action=mark-routing chain=output connection-mark=wan2 new-routing-mark=static-wan2 passthrough=no
add action=mark-routing chain=output connection-mark=wan3 new-routing-mark=static-wan3 passthrough=no
add action=mark-routing chain=output connection-mark=wan4 new-routing-mark=static-wan4 passthrough=no
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out5 new-connection-mark=wan5 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out6 new-connection-mark=wan6 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out5 new-connection-mark=wan5 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out6 new-connection-mark=wan6 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out5 new-connection-mark=wan5 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out6 new-connection-mark=wan6 passthrough=yes
add action=mark-routing chain=output connection-mark=wan1 new-routing-mark=static-wan1 passthrough=no
add action=mark-routing chain=output connection-mark=wan2 new-routing-mark=static-wan2 passthrough=no
add action=mark-routing chain=output connection-mark=wan3 new-routing-mark=static-wan3 passthrough=no
add action=mark-routing chain=output connection-mark=wan4 new-routing-mark=static-wan4 passthrough=no
add action=mark-routing chain=output connection-mark=wan5 new-routing-mark=static-wan5 passthrough=no
add action=mark-routing chain=output connection-mark=wan6 new-routing-mark=static-wan6 passthrough=no
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=wan1_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/0
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=wan2_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/1
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=wan3_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/2
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=wan4_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/3
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=wan5_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/4
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=wan6_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/5
add action=mark-connection chain=prerouting connection-state=established dst-address-type=!local in-interface=LAN new-connection-mark=wan1_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/0
add action=mark-connection chain=prerouting connection-state=established dst-address-type=!local in-interface=LAN new-connection-mark=wan2_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/1
add action=mark-connection chain=prerouting connection-state=established dst-address-type=!local in-interface=LAN new-connection-mark=wan3_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/2
add action=mark-connection chain=prerouting connection-state=established dst-address-type=!local in-interface=LAN new-connection-mark=wan4_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/3
add action=mark-connection chain=prerouting connection-state=established dst-address-type=!local in-interface=LAN new-connection-mark=wan5_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/4
add action=mark-connection chain=prerouting connection-state=established dst-address-type=!local in-interface=LAN new-connection-mark=wan6_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/5
add action=mark-connection chain=prerouting connection-state=related dst-address-type=!local in-interface=LAN new-connection-mark=wan1_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/0
add action=mark-connection chain=prerouting connection-state=related dst-address-type=!local in-interface=LAN new-connection-mark=wan2_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/1
add action=mark-connection chain=prerouting connection-state=related dst-address-type=!local in-interface=LAN new-connection-mark=wan3_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/2
add action=mark-connection chain=prerouting connection-state=related dst-address-type=!local in-interface=LAN new-connection-mark=wan4_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/3
add action=mark-connection chain=prerouting connection-state=related dst-address-type=!local in-interface=LAN new-connection-mark=wan5_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/4
add action=mark-connection chain=prerouting connection-state=related dst-address-type=!local in-interface=LAN new-connection-mark=wan6_pcc_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:6/5
add action=mark-routing chain=prerouting connection-mark=wan1_pcc_conn new-routing-mark=wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_pcc_conn new-routing-mark=wan2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan3_pcc_conn new-routing-mark=wan3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan4_pcc_conn new-routing-mark=wan4 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan5_pcc_conn new-routing-mark=wan5 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan6_pcc_conn new-routing-mark=wan6 passthrough=yes
add action=mark-routing chain=prerouting dst-port=5060 new-routing-mark=SIP-WAN3 passthrough=no protocol=udp src-address=172.16.0.10
add action=mark-routing chain=prerouting new-routing-mark=wan3 passthrough=yes src-address=172.16.0.10
add action=mark-routing chain=prerouting comment=KhuongThinh content=mail.khuongthinh.com.vn new-routing-mark=KhuongThinh passthrough=no src-address=172.16.0.0/22
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
add action=masquerade chain=srcnat out-interface=pppoe-out3
add action=masquerade chain=srcnat out-interface=pppoe-out4
add action=masquerade chain=srcnat out-interface=pppoe-out5
add action=masquerade chain=srcnat out-interface=pppoe-out6
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.10 dst-address-type=local dst-port=443 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 \
    to-ports=8089
add action=dst-nat chain=dstnat dst-address=12.12.12.12 dst-port=443 protocol=tcp to-addresses=172.16.0.10 to-ports=8089
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.10 dst-port=8000-65535 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=8000-65535
add action=dst-nat chain=dstnat dst-address=12.12.12.12 dst-port=8000-65535 protocol=tcp to-addresses=172.16.0.10
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.10 dst-port=8000-65535 out-interface=LAN protocol=udp src-address=172.16.0.0/22 to-ports=8000-65535
add action=dst-nat chain=dstnat dst-address=12.12.12.12 dst-port=8000-65535 protocol=udp to-addresses=172.16.0.10
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.10 dst-port=5060 out-interface=LAN protocol=udp src-address=172.16.0.0/22 to-ports=5060
add action=dst-nat chain=dstnat dst-address=12.12.12.12 dst-port=5060 protocol=udp to-addresses=172.16.0.10 to-ports=5060
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.5 dst-port=4370 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4370
add action=dst-nat chain=dstnat comment="CHAM CONG T1" dst-address=111.111.111.111 dst-port=4370 protocol=tcp to-addresses=172.16.0.5 to-ports=4370
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.6 dst-port=4371 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4371
add action=dst-nat chain=dstnat comment="CHAM CONG T2" dst-address=111.111.111.111 dst-port=4371 protocol=tcp to-addresses=172.16.0.6 to-ports=4371
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.7 dst-port=4372 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4372
add action=dst-nat chain=dstnat comment="CHAM CONG T3" dst-address=111.111.111.111 dst-port=4372 protocol=tcp to-addresses=172.16.0.7 to-ports=4372
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.8 dst-port=4373 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4373
add action=dst-nat chain=dstnat comment="CHAM CONG T4" dst-address=111.111.111.111 dst-port=4373 protocol=tcp to-addresses=172.16.0.8 to-ports=4373
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.35 dst-port=443,902 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=443-902
add action=dst-nat chain=dstnat dst-address=111.111.111.111 dst-port=443 protocol=tcp to-addresses=172.16.0.35 to-ports=443
add action=dst-nat chain=dstnat dst-address=222.222.222.222 dst-port=22 protocol=tcp to-addresses=172.16.0.60 to-ports=22
add action=dst-nat chain=dstnat dst-address=111.111.111.111 dst-port=902 protocol=tcp to-addresses=172.16.0.35 to-ports=902
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.60 dst-port=80,443 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=80-443
add action=dst-nat chain=dstnat dst-address=222.222.222.222 dst-port=80,443 protocol=tcp to-addresses=172.16.0.60 to-ports=80-443
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.3 dst-port=443,5900 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=443-5900
add action=dst-nat chain=dstnat dst-address=111.111.222.111 dst-port=443,5900 protocol=tcp to-addresses=172.16.0.3 to-ports=443-5900
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.20 dst-port=2019 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=8000
add action=dst-nat chain=dstnat dst-address=222.222.222.222 dst-port=2019 protocol=tcp to-addresses=172.16.0.20 to-ports=8000
add action=masquerade chain=srcnat comment=KhuongThinh out-interface=pppoe-out3 src-address=172.16.0.0/22
/ip route
add check-gateway=arp comment="Static Route - WAN1" distance=1 gateway=pppoe-out1 routing-mark=static-wan1
add check-gateway=arp comment="Static Route - WAN2" distance=2 gateway=pppoe-out2 routing-mark=static-wan2
add check-gateway=arp comment="Static Route - WAN3" distance=3 gateway=pppoe-out3 routing-mark=static-wan3
add check-gateway=arp comment="Static Route - WAN4" distance=4 gateway=pppoe-out4 routing-mark=static-wan4
add check-gateway=arp comment="Static Route - WAN3" distance=5 gateway=pppoe-out5 routing-mark=static-wan5
add check-gateway=arp comment="Static Route - WAN4" distance=6 gateway=pppoe-out6 routing-mark=static-wan6
add check-gateway=arp comment="WAN 1  - Distance 1" distance=1 gateway=pppoe-out5 routing-mark=wan1
add check-gateway=arp comment="WAN 1  - Distance 2" distance=2 gateway=pppoe-out4 routing-mark=wan1
add check-gateway=arp comment="WAN 1  - Distance 3" distance=3 gateway=pppoe-out3 routing-mark=wan1
add check-gateway=arp comment="WAN 1  - Distance 4" distance=4 gateway=pppoe-out2 routing-mark=wan1
add check-gateway=arp comment="WAN 1  - Distance 5" distance=5 gateway=pppoe-out1 routing-mark=wan1
add check-gateway=arp comment="WAN 1  - Distance 6" distance=6 gateway=pppoe-out6 routing-mark=wan1
add check-gateway=arp comment="WAN 2  - Distance 1" distance=1 gateway=pppoe-out4 routing-mark=wan2
add check-gateway=arp comment="WAN 2  - Distance 2" distance=2 gateway=pppoe-out3 routing-mark=wan2
add check-gateway=arp comment="WAN 2  - Distance 3" distance=3 gateway=pppoe-out2 routing-mark=wan2
add check-gateway=arp comment="WAN 2  - Distance 4" distance=4 gateway=pppoe-out1 routing-mark=wan2
add check-gateway=arp comment="WAN 2  - Distance 5" distance=5 gateway=pppoe-out6 routing-mark=wan2
add check-gateway=arp comment="WAN 2  - Distance 6" distance=6 gateway=pppoe-out5 routing-mark=wan2
add check-gateway=arp comment="WAN 3  - Distance 1" distance=1 gateway=pppoe-out3 routing-mark=wan3
add check-gateway=arp comment="WAN 3  - Distance 2" distance=2 gateway=pppoe-out2 routing-mark=wan3
add check-gateway=arp comment="WAN 3  - Distance 3" distance=3 gateway=pppoe-out1 routing-mark=wan3
add check-gateway=arp comment="WAN 3  - Distance 4" distance=4 gateway=pppoe-out6 routing-mark=wan3
add check-gateway=arp comment="WAN 3  - Distance 5" distance=5 gateway=pppoe-out5 routing-mark=wan3
add check-gateway=arp comment="WAN 3  - Distance 6" distance=6 gateway=pppoe-out4 routing-mark=wan3
add check-gateway=arp comment="WAN 4  - Distance 1" distance=1 gateway=pppoe-out2 routing-mark=wan4
add check-gateway=arp comment="WAN 4  - Distance 2" distance=2 gateway=pppoe-out1 routing-mark=wan4
add check-gateway=arp comment="WAN 4  - Distance 3" distance=3 gateway=pppoe-out6 routing-mark=wan4
add check-gateway=arp comment="WAN 4  - Distance 4" distance=4 gateway=pppoe-out5 routing-mark=wan4
add check-gateway=arp comment="WAN 4  - Distance 6" distance=5 gateway=pppoe-out3 routing-mark=wan4
add check-gateway=arp comment="WAN 4  - Distance 5" distance=5 gateway=pppoe-out4 routing-mark=wan4
add check-gateway=arp comment="WAN 5  - Distance 1" distance=1 gateway=pppoe-out1 routing-mark=wan5
add check-gateway=arp comment="WAN 5  - Distance 2" distance=2 gateway=pppoe-out6 routing-mark=wan5
add check-gateway=arp comment="WAN 5  - Distance 3" distance=3 gateway=pppoe-out5 routing-mark=wan5
add check-gateway=arp comment="WAN 5  - Distance 4" distance=4 gateway=pppoe-out4 routing-mark=wan5
add check-gateway=arp comment="WAN 5  - Distance 3" distance=5 gateway=pppoe-out3 routing-mark=wan5
add check-gateway=arp comment="WAN 5  - Distance 4" distance=6 gateway=pppoe-out2 routing-mark=wan5
add check-gateway=arp comment="WAN 6  - Distance 1" distance=1 gateway=pppoe-out6 routing-mark=wan6
add check-gateway=arp comment="WAN 6  - Distance 2" distance=2 gateway=pppoe-out5 routing-mark=wan6
add check-gateway=arp comment="WAN 6  - Distance 3" distance=3 gateway=pppoe-out4 routing-mark=wan6
add check-gateway=arp comment="WAN 6  - Distance 4" distance=4 gateway=pppoe-out3 routing-mark=wan6
add check-gateway=arp comment="WAN 6  - Distance 5" distance=5 gateway=pppoe-out2 routing-mark=wan6
add check-gateway=arp comment="WAN 6  - Distance 6" distance=6 gateway=pppoe-out1 routing-mark=wan6
add distance=1 gateway=pppoe-out3 routing-mark=SIP-WAN3
add comment=KhuongThinh distance=1 gateway=pppoe-out3 routing-mark=KhuongThinh
add check-gateway=arp comment="Default Route - Distance 1" distance=1 gateway=pppoe-out1
add check-gateway=arp comment="Default Route - Distance 2" distance=2 gateway=pppoe-out2
add check-gateway=arp comment="Default Route - Distance 3" distance=3 gateway=pppoe-out3
add check-gateway=arp comment="Default Route - Distance 4" distance=4 gateway=pppoe-out4
add check-gateway=arp comment="Default Route - Distance 5" distance=5 gateway=pppoe-out5
add check-gateway=arp comment="Default Route - Distance 6" distance=6 gateway=pppoe-out6
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh port=21781
set api disabled=yes
set api-ssl disabled=yes
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Forcing single URL to use specific WAN

Tue Jan 15, 2019 11:34 am

Some remarks:
* in mangle you only need to mark connections once: for new only is enough, it will stick for the remainder of connection's life (so no need for established & related marking)
* marking in prerouting covers both input & forward
* (remove duplicates: mangle)
* for pcc you should assign connection (& by consequence routing) only once: now you balance new, established & related independently
* the logic of wanx routing tables is curious: wan1: distance=1->wan5
* and MOST important part is missing: no routing rule for mail server.

So you need to add something along the way:
/ip route rule
add action=lookup dst-address=<ip mail server> table=static-wan1
edit: added context of add ...
Last edited by sebastia on Tue Jan 15, 2019 8:02 pm, edited 2 times in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Forcing single URL to use specific WAN

Tue Jan 15, 2019 7:12 pm

add action=lookup dst-address=<ip mail server> table=static-wan1
Can you break down how that works.
I have a fail over dual WAN scenario and the mail server is on the secondary WAN,
Thus i created a route rule so that this works in my case.......

/ip route
add check-gateway=ping distance=2 gateway=8.8.4.4
add check-gateway=ping distance=3 gateway=208.67.220.220
add distance=10 gateway=ISPEastlinkgateway
add distance=2 dst-address=8.8.4.4/32 gateway=vlanbellgateway scope=10
add comment=Email_bypass distance=1 dst-address=24.222.0.20/32 gateway=\
ISPEastlinkgateway

add distance=3 dst-address=208.67.220.220/32 gateway=vlanbellgateway1 scope=10

ARE YOU SAYING THERE IS A BETTER WAY to construct a route rule to access the mail servers?
Such as:
add action=lookup dst-address=<24.222.0/32> table=dynamic-wan2
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Forcing single URL to use specific WAN

Tue Jan 15, 2019 8:05 pm

ARE YOU SAYING THERE IS A BETTER WAY to ...
different way, one of many..

Can you break down how that works.
the "additional" routing table will function as normal routing table, but will be applied to select packets only, with the matching routing-mark (which implies mangling) or as directed by the rule
in the above rule: "for traffic to <ip mail server> do a route lookup in the table static-wan1 (and fall back to main if no route found)"

Will the rule I created based on your example work?
using /32 on main routing table will work as well. For a single ip it's doable. Here, the logic of "most specific first" is relied upon.
Last edited by sebastia on Tue Jan 15, 2019 9:17 pm, edited 2 times in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Forcing single URL to use specific WAN

Tue Jan 15, 2019 8:43 pm

Hmm okay, that elicited a response that was incomprehensible so I will rephrase the question LOL.

Will the rule I created based on your example work?
Which is more efficient.
I have not setup any mangle rules by the way and your example shows no reference (preferred source etc) or link to any mangled packets???
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Forcing single URL to use specific WAN

Tue Jan 15, 2019 9:24 pm

Which is more efficient.
both the "/ip route rule" and "route using /32" are using normal routing functionality, so from efficiency pov are same

for these two approaches there is no need for mangling, so these can be combined with FastTrack, but with "route-mark" in mangle table there is much more flexibility on possible conditions
 
vanthoi
just joined
Topic Author
Posts: 7
Joined: Sun Jan 06, 2019 6:12 pm

Re: Forcing single URL to use specific WAN

Tue Jan 22, 2019 5:59 pm

Some remarks:
* in mangle you only need to mark connections once: for new only is enough, it will stick for the remainder of connection's life (so no need for established & related marking)
* marking in prerouting covers both input & forward
* (remove duplicates: mangle)
* for pcc you should assign connection (& by consequence routing) only once: now you balance new, established & related independently
* the logic of wanx routing tables is curious: wan1: distance=1->wan5
* and MOST important part is missing: no routing rule for mail server.

So you need to add something along the way:
/ip route rule
add action=lookup dst-address=<ip mail server> table=static-wan1
edit: added context of add ...

First. I thank you for helping me!

Because I am a Vietnamese. So the days near the new year, I'm very busy. So I didn't keep up with the topic.
Previously to temporarily fix I moved the mangle to: per-connection-classifier = both-addresses.
To test it your way, I can do it after the Lunar New Year.

Since I just used Mikrotik, I didn't have much experience to configure it. You said I have duplicate mangles, can you show me those Mangles!

At the moment, I have the problem that my NAT configurations seem to be working unstable. Sometimes it works sometimes not.
I followed the instructions on Mikrotik's wiki. But still can't find a solution. It may be corrupted due to problematic load balancing of my 6 WAN lines.

And below is the configuration I am using:
/interface bridge
add arp=proxy-arp dhcp-snooping=yes igmp-snooping=yes name=LAN
/interface ethernet
set [ find default-name=ether1 ] comment=WAN1-Viettel1 speed=100Mbps
set [ find default-name=ether2 ] comment=WAN2-Viettel2 speed=100Mbps
set [ find default-name=ether3 ] comment=WAN3-VNPT1 speed=100Mbps
set [ find default-name=ether4 ] comment=WAN4-VNPT2 speed=100Mbps
set [ find default-name=ether5 ] comment=WAN5-FPT1 mac-address=C4:71:54:3C:6B:D2 speed=100Mbps
set [ find default-name=ether6 ] comment=WAN6-FPT2 mac-address=C4:71:54:3C:72:E6 speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=sfp-sfpplus1 ] advertise=10M-full,100M-full,1000M-full
set [ find default-name=sfp-sfpplus2 ] advertise=10M-full,100M-full,1000M-full
/interface pppoe-client
add allow=pap,chap disabled=no interface=ether1 max-mru=1480 max-mtu=1480 name=pppoe-out1 password=pass1 user=account1
add allow=pap,chap disabled=no interface=ether2 max-mru=1480 max-mtu=1480 name=pppoe-out2 password=pass2 user=account2
add allow=pap,chap disabled=no interface=ether3 max-mru=1480 max-mtu=1480 name=pppoe-out3 password=pass3 user=account3
add allow=pap,chap disabled=no interface=ether4 max-mru=1480 max-mtu=1480 name=pppoe-out4 password=pass4 user=account4
add allow=pap,chap disabled=no interface=ether5 max-mru=1480 max-mtu=1480 name=pppoe-out5 password=pass5 user=account5
add allow=pap,chap disabled=no interface=ether6 max-mru=1480 max-mtu=1480 name=pppoe-out6 password=pass6 user=account6
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=172.16.0.101-172.16.3.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=LAN lease-time=1h name=dhcp1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=LAN interface=ether7
add bridge=LAN interface=ether8
/ip address
add address=172.16.0.1/22 interface=LAN network=172.16.0.0
/ip dhcp-server network
add address=172.16.0.0/22 gateway=172.16.0.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip dns static
add address=8.8.8.8 name=google
add address=172.16.0.1 name=router
/ip firewall mangle
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out5 new-connection-mark=wan5 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out6 new-connection-mark=wan6 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out5 new-connection-mark=wan5 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out6 new-connection-mark=wan6 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out5 new-connection-mark=wan5 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out6 new-connection-mark=wan6 passthrough=yes
add action=mark-routing chain=output connection-mark=wan1 new-routing-mark=static-wan1 passthrough=no
add action=mark-routing chain=output connection-mark=wan2 new-routing-mark=static-wan2 passthrough=no
add action=mark-routing chain=output connection-mark=wan3 new-routing-mark=static-wan3 passthrough=no
add action=mark-routing chain=output connection-mark=wan4 new-routing-mark=static-wan4 passthrough=no
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out5 new-connection-mark=wan5 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=pppoe-out6 new-connection-mark=wan6 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out5 new-connection-mark=wan5 passthrough=yes
add action=mark-connection chain=prerouting connection-state=established in-interface=pppoe-out6 new-connection-mark=wan6 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out3 new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out4 new-connection-mark=wan4 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out5 new-connection-mark=wan5 passthrough=yes
add action=mark-connection chain=prerouting connection-state=related in-interface=pppoe-out6 new-connection-mark=wan6 passthrough=yes
add action=mark-routing chain=output connection-mark=wan1 new-routing-mark=static-wan1 passthrough=no
add action=mark-routing chain=output connection-mark=wan2 new-routing-mark=static-wan2 passthrough=no
add action=mark-routing chain=output connection-mark=wan3 new-routing-mark=static-wan3 passthrough=no
add action=mark-routing chain=output connection-mark=wan4 new-routing-mark=static-wan4 passthrough=no
add action=mark-routing chain=output connection-mark=wan5 new-routing-mark=static-wan5 passthrough=no
add action=mark-routing chain=output connection-mark=wan6 new-routing-mark=static-wan6 passthrough=no
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/0
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/1
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=wan3_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/2
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=wan4_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/3
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=wan5_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/4
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=wan6_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/5
add action=mark-connection chain=prerouting connection-state=established dst-address-type=!local in-interface=LAN new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/0
add action=mark-connection chain=prerouting connection-state=established dst-address-type=!local in-interface=LAN new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/1
add action=mark-connection chain=prerouting connection-state=established dst-address-type=!local in-interface=LAN new-connection-mark=wan3_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/2
add action=mark-connection chain=prerouting connection-state=established dst-address-type=!local in-interface=LAN new-connection-mark=wan4_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/3
add action=mark-connection chain=prerouting connection-state=established dst-address-type=!local in-interface=LAN new-connection-mark=wan5_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/4
add action=mark-connection chain=prerouting connection-state=established dst-address-type=!local in-interface=LAN new-connection-mark=wan6_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/5
add action=mark-connection chain=prerouting connection-state=related dst-address-type=!local in-interface=LAN new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/0
add action=mark-connection chain=prerouting connection-state=related dst-address-type=!local in-interface=LAN new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/1
add action=mark-connection chain=prerouting connection-state=related dst-address-type=!local in-interface=LAN new-connection-mark=wan3_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/2
add action=mark-connection chain=prerouting connection-state=related dst-address-type=!local in-interface=LAN new-connection-mark=wan4_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/3
add action=mark-connection chain=prerouting connection-state=related dst-address-type=!local in-interface=LAN new-connection-mark=wan5_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/4
add action=mark-connection chain=prerouting connection-state=related dst-address-type=!local in-interface=LAN new-connection-mark=wan6_pcc_conn passthrough=yes per-connection-classifier=both-addresses:6/5
add action=mark-routing chain=prerouting connection-mark=wan1_pcc_conn new-routing-mark=wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_pcc_conn new-routing-mark=wan2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan3_pcc_conn new-routing-mark=wan3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan4_pcc_conn new-routing-mark=wan4 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan5_pcc_conn new-routing-mark=wan5 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan6_pcc_conn new-routing-mark=wan6 passthrough=yes
add action=mark-routing chain=prerouting dst-port=5060 new-routing-mark=SIP-WAN3 passthrough=no protocol=udp src-address=172.16.0.10
add action=mark-routing chain=prerouting new-routing-mark=wan3 passthrough=yes src-address=172.16.0.10
add action=mark-routing chain=prerouting dst-port=8000 new-routing-mark=Camera passthrough=no protocol=tcp src-address=172.16.0.20
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
add action=masquerade chain=srcnat out-interface=pppoe-out3
add action=masquerade chain=srcnat out-interface=pppoe-out4
add action=masquerade chain=srcnat out-interface=pppoe-out5
add action=masquerade chain=srcnat out-interface=pppoe-out6
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.10 dst-address-type=local dst-port=8089 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=8089
add action=dst-nat chain=dstnat dst-address=111.111.113 dst-port=8089 protocol=tcp to-addresses=172.16.0.10 to-ports=8089
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.10 dst-port=8000-65535 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=8000-65535
add action=dst-nat chain=dstnat dst-address=111.111.113 dst-port=8000-65535 protocol=tcp to-addresses=172.16.0.10
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.10 dst-port=8000-65535 out-interface=LAN protocol=udp src-address=172.16.0.0/22 to-ports=8000-65535
add action=dst-nat chain=dstnat dst-address=111.111.113 dst-port=8000-65535 protocol=udp to-addresses=172.16.0.10
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.10 dst-port=5060 out-interface=LAN protocol=udp src-address=172.16.0.0/22 to-ports=5060
add action=dst-nat chain=dstnat dst-address=111.111.113 dst-port=5060 protocol=udp to-addresses=172.16.0.10 to-ports=5060
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.5 dst-port=4370 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4370
add action=dst-nat chain=dstnat comment="CHAM CONG T1" dst-address=111.111.114 dst-port=4370 protocol=tcp to-addresses=172.16.0.5 to-ports=4370
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.6 dst-port=4371 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4371
add action=dst-nat chain=dstnat comment="CHAM CONG T2" dst-address=111.111.114 dst-port=4371 protocol=tcp to-addresses=172.16.0.6 to-ports=4371
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.7 dst-port=4372 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4372
add action=dst-nat chain=dstnat comment="CHAM CONG T3" dst-address=111.111.114 dst-port=4372 protocol=tcp to-addresses=172.16.0.7 to-ports=4372
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.8 dst-port=4373 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=4373
add action=dst-nat chain=dstnat comment="CHAM CONG T4" dst-address=111.111.114 dst-port=4373 protocol=tcp to-addresses=172.16.0.8 to-ports=4373
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.35 dst-port=443,902 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=443-902
add action=dst-nat chain=dstnat dst-address=111.111.114 dst-port=443 protocol=tcp to-addresses=172.16.0.35 to-ports=443
add action=dst-nat chain=dstnat dst-address=111.111.111 dst-port=22 protocol=tcp to-addresses=172.16.0.60 to-ports=22
add action=dst-nat chain=dstnat dst-address=111.111.114 dst-port=902 protocol=tcp to-addresses=172.16.0.35 to-ports=902
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.60 dst-port=80,443 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=80-443
add action=dst-nat chain=dstnat dst-address=111.111.111 dst-port=80,443 protocol=tcp to-addresses=172.16.0.60 to-ports=80-443
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.3 dst-port=443,5900 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=443-5900
add action=dst-nat chain=dstnat dst-address=115.79.199.41 dst-port=443,5900 protocol=tcp to-addresses=172.16.0.3 to-ports=443-5900
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.20 dst-port=8000 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=8000
add action=dst-nat chain=dstnat dst-address=111.111.111 dst-port=8000 protocol=tcp to-addresses=172.16.0.20 to-ports=8000
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.20 dst-port=90 out-interface=LAN protocol=tcp src-address=172.16.0.0/22 to-ports=90
add action=dst-nat chain=dstnat dst-address=111.111.111 dst-port=90 protocol=tcp to-addresses=172.16.0.20 to-ports=90
/ip route
add check-gateway=arp comment="Static Route - WAN1" distance=1 gateway=pppoe-out1 routing-mark=static-wan1
add check-gateway=arp comment="Static Route - WAN2" distance=2 gateway=pppoe-out2 routing-mark=static-wan2
add check-gateway=arp comment="Static Route - WAN3" distance=3 gateway=pppoe-out3 routing-mark=static-wan3
add check-gateway=arp comment="Static Route - WAN4" distance=4 gateway=pppoe-out4 routing-mark=static-wan4
add check-gateway=arp comment="Static Route - WAN3" distance=5 gateway=pppoe-out5 routing-mark=static-wan5
add check-gateway=arp comment="Static Route - WAN4" distance=6 gateway=pppoe-out6 routing-mark=static-wan6
add check-gateway=arp comment="WAN 1  - Distance 1" distance=1 gateway=pppoe-out5 routing-mark=wan1
add check-gateway=arp comment="WAN 1  - Distance 2" distance=2 gateway=pppoe-out4 routing-mark=wan1
add check-gateway=arp comment="WAN 1  - Distance 3" distance=3 gateway=pppoe-out3 routing-mark=wan1
add check-gateway=arp comment="WAN 1  - Distance 4" distance=4 gateway=pppoe-out2 routing-mark=wan1
add check-gateway=arp comment="WAN 1  - Distance 5" distance=5 gateway=pppoe-out1 routing-mark=wan1
add check-gateway=arp comment="WAN 1  - Distance 6" distance=6 gateway=pppoe-out6 routing-mark=wan1
add check-gateway=arp comment="WAN 2  - Distance 1" distance=1 gateway=pppoe-out4 routing-mark=wan2
add check-gateway=arp comment="WAN 2  - Distance 2" distance=2 gateway=pppoe-out3 routing-mark=wan2
add check-gateway=arp comment="WAN 2  - Distance 3" distance=3 gateway=pppoe-out2 routing-mark=wan2
add check-gateway=arp comment="WAN 2  - Distance 4" distance=4 gateway=pppoe-out1 routing-mark=wan2
add check-gateway=arp comment="WAN 2  - Distance 5" distance=5 gateway=pppoe-out6 routing-mark=wan2
add check-gateway=arp comment="WAN 2  - Distance 6" distance=6 gateway=pppoe-out5 routing-mark=wan2
add check-gateway=arp comment="WAN 3  - Distance 1" distance=1 gateway=pppoe-out3 routing-mark=wan3
add check-gateway=arp comment="WAN 3  - Distance 2" distance=2 gateway=pppoe-out2 routing-mark=wan3
add check-gateway=arp comment="WAN 3  - Distance 3" distance=3 gateway=pppoe-out1 routing-mark=wan3
add check-gateway=arp comment="WAN 3  - Distance 4" distance=4 gateway=pppoe-out6 routing-mark=wan3
add check-gateway=arp comment="WAN 3  - Distance 5" distance=5 gateway=pppoe-out5 routing-mark=wan3
add check-gateway=arp comment="WAN 3  - Distance 6" distance=6 gateway=pppoe-out4 routing-mark=wan3
add check-gateway=arp comment="WAN 4  - Distance 1" distance=1 gateway=pppoe-out2 routing-mark=wan4
add check-gateway=arp comment="WAN 4  - Distance 2" distance=2 gateway=pppoe-out1 routing-mark=wan4
add check-gateway=arp comment="WAN 4  - Distance 3" distance=3 gateway=pppoe-out6 routing-mark=wan4
add check-gateway=arp comment="WAN 4  - Distance 4" distance=4 gateway=pppoe-out5 routing-mark=wan4
add check-gateway=arp comment="WAN 4  - Distance 6" distance=5 gateway=pppoe-out3 routing-mark=wan4
add check-gateway=arp comment="WAN 4  - Distance 5" distance=5 gateway=pppoe-out4 routing-mark=wan4
add check-gateway=arp comment="WAN 5  - Distance 1" distance=1 gateway=pppoe-out1 routing-mark=wan5
add check-gateway=arp comment="WAN 5  - Distance 2" distance=2 gateway=pppoe-out6 routing-mark=wan5
add check-gateway=arp comment="WAN 5  - Distance 3" distance=3 gateway=pppoe-out5 routing-mark=wan5
add check-gateway=arp comment="WAN 5  - Distance 4" distance=4 gateway=pppoe-out4 routing-mark=wan5
add check-gateway=arp comment="WAN 5  - Distance 3" distance=5 gateway=pppoe-out3 routing-mark=wan5
add check-gateway=arp comment="WAN 5  - Distance 4" distance=6 gateway=pppoe-out2 routing-mark=wan5
add check-gateway=arp comment="WAN 6  - Distance 1" distance=1 gateway=pppoe-out6 routing-mark=wan6
add check-gateway=arp comment="WAN 6  - Distance 2" distance=2 gateway=pppoe-out5 routing-mark=wan6
add check-gateway=arp comment="WAN 6  - Distance 3" distance=3 gateway=pppoe-out4 routing-mark=wan6
add check-gateway=arp comment="WAN 6  - Distance 4" distance=4 gateway=pppoe-out3 routing-mark=wan6
add check-gateway=arp comment="WAN 6  - Distance 5" distance=5 gateway=pppoe-out2 routing-mark=wan6
add check-gateway=arp comment="WAN 6  - Distance 6" distance=6 gateway=pppoe-out1 routing-mark=wan6
add distance=1 gateway=pppoe-out3 routing-mark=SIP-WAN3
add distance=1 gateway=pppoe-out1 routing-mark=Camera
add check-gateway=arp comment="Default Route - Distance 1" distance=1 gateway=pppoe-out1
add check-gateway=arp comment="Default Route - Distance 2" distance=2 gateway=pppoe-out2
add check-gateway=arp comment="Default Route - Distance 3" distance=3 gateway=pppoe-out3
add check-gateway=arp comment="Default Route - Distance 4" distance=4 gateway=pppoe-out4
add check-gateway=arp comment="Default Route - Distance 5" distance=5 gateway=pppoe-out5
add check-gateway=arp comment="Default Route - Distance 6" distance=6 gateway=pppoe-out6
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh port=21781
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/Ho_Chi_Minh

Who is online

Users browsing this forum: No registered users and 29 guests