Community discussions

 
freddy73
just joined
Topic Author
Posts: 5
Joined: Sun Aug 04, 2019 8:56 pm

default wan

Sun Aug 04, 2019 9:08 pm

Hello friends, I wanted to ask for help in seeing why traffic does not appear in wan1 but rather prefers to wan2 that I should check, I have partial configuration that I attached thanks for reading this


Freddy
You do not have the required permissions to view the files attached to this post.
 
ros44
newbie
Posts: 37
Joined: Sun Feb 25, 2018 2:05 am
Location: Sofia, Bulgaria

Re: default wan

Sun Aug 04, 2019 9:26 pm

I would use the code display option in the forum instead of attaching a file. It seems to be easier for the readers.
Every moment something magical is happening!
 
freddy73
just joined
Topic Author
Posts: 5
Joined: Sun Aug 04, 2019 8:56 pm

Re: default wan

Mon Aug 05, 2019 4:47 pm

/interface bridge
add fast-forward=no name=bridge1
add name=bridge2_Lan4

/interface ethernet
set [ find default-name=ether1 ] comment=FIBER name=ether1-WAN1 speed=100Mbps
set [ find default-name=ether2 ] comment=CABLE name=ether2-WAN2 speed=100Mbps
set [ find default-name=ether3 ] name=ether3-Hotspot speed=100Mbps
set [ find default-name=ether4 ] name=ether4-Lan2 speed=100Mbps
set [ find default-name=ether5 ] name=ether5-Lan3 speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=sfp1 ] advertise=10M-full,100M-full,1000M-full disabled=yes

/queue tree
add disabled=yes max-limit=300M name="Internet 1" parent=ether1-WAN1 priority=1
add disabled=yes max-limit=200M name="Internet 2" parent=ether2-WAN2 priority=1
add disabled=yes max-limit=1M name="Voz 1" packet-mark=192.168.3.0/24 parent=ether1-WAN1 priority=2
add disabled=yes max-limit=512k name="Voz 2" packet-mark=192.168.3.0/24 parent=ether2-WAN2 priority=2
add disabled=yes max-limit=100M name="Dato 1" packet-mark=192.168.2.0/24 parent=ether1-WAN1 priority=3
add disabled=yes max-limit=30M name="Dato 2" packet-mark=192.168.2.0/24 parent=ether2-WAN2 priority=3
add disabled=yes max-limit=15M name="GApple 1" packet-mark=192.168.40.0/24 parent=ether1-WAN1 priority=4
add disabled=yes max-limit=5M name="GApple 2" packet-mark=192.168.40.0/24 parent=ether2-WAN2 priority=4
add disabled=yes max-limit=60M name="Guest 1" packet-mark=192.168.8.0/21 parent=ether1-WAN1 priority=5
add disabled=yes max-limit=30M name="Guest 2" packet-mark=192.168.8.0/21 parent=ether2-WAN2 priority=5
add disabled=yes max-limit=15M name="MGMT 1" packet-mark=192.168.20.0/24 parent=ether1-WAN1 priority=6
add disabled=yes max-limit=3M name="MGMT 2" packet-mark=192.168.20.0/24 parent=ether2-WAN2 priority=6
add disabled=yes limit-at=5M max-limit=10M name="Video 1" packet-mark=192.168.4.0/24 parent=ether1-WAN1 priority=7
add disabled=yes limit-at=512k max-limit=2M name="Video2" packet-mark=192.168.4.0/24 parent=ether2-WAN2 priority=7
add disabled=yes max-limit=4500k name="Staff 1" packet-mark=192.168.30.0/24 parent=ether1-WAN1
add disabled=yes max-limit=512k name="Staff 2" packet-mark=192.168.30.0/24 parent=ether2-WAN2

/queue type
add kind=pcq name=pcq-download-256k pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=pcq-upload-64k pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=pcq-download-300iway pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=pcq-upload-256k pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=pcq-upload-300iway pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-src-address6-mask=64

/queue simple
add dst=ether1-WAN1 name=queue_RedInterna1 queue=pcq-upload-300iway/pcq-download-300iway target=192.168.2.0/24
add dst=ether2-WAN2 name=queue_RedInterna2 queue=pcq-upload-300iway/pcq-download-300iway target=192.168.2.0/24
add dst=ether1-WAN1 name=queue_ADMIN1 queue=pcq-upload-256k/pcq-download-300iway target=192.168.20.0/24
add dst=ether2-WAN2 name=queue_ADMIN2 queue=pcq-upload-256k/pcq-download-300iway target=192.168.20.0/24
add name=queue_STAFF queue=pcq-upload-64k/pcq-download-256k target=192.168.30.0/26
add name=queue_GUESTs queue=pcq-upload-256k/pcq-download-300iway target=192.168.8.0/21
add name=queue_GuestApple queue=pcq-upload-256k/pcq-download-300iway target=192.168.40.0/24

/ip firewall filter
add action=accept chain=forward disabled=yes dst-address=192.168.4.60 dst-port=8891 in-interface=ether1-WAN1 out-interface=bridge2_Lan4 protocol=tcp
add action=accept chain=input comment="allows user manager to work with local hosts" src-address=127.0.0.0/24
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="Allow Management Input - 192.168.88.0/21" src-address=192.168.8.0/21
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content=530loginincorrect protocol=tcp
add action=accept chain=output content=530loginincorrect dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=drop chain=input disabled=yes
add action=passthrough chain=unused-hs-chain comment=placehotspotruleshere
add action=accept chain=input comment="Aceptar conexiones establecidas" connection-state=established
add action=accept chain=input comment="Aceptar conexiones relacionadas" connection-state=related
add action=accept chain=input comment="Allow tcp port1723 for PPTP" connection-mark=no-mark connection-nat-state=srcnat,dstnat dst-port=9878 protocol=tcp
add action=add-src-to-address-list address-list=black_list_ssh address-list-timeout=1d chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage4
add action=accept chain=input comment="Aceptar gre protocolo id 4747" protocol=gre
add action=add-src-to-address-list address-list=ssh_stage4 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=black_list_winbox address-list-timeout=1d chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=winbox_stage4
add action=add-src-to-address-list address-list=winbox_stage4 address-list-timeout=3m chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=winbox_stage3
add action=add-src-to-address-list address-list=winbox_stage3 address-list-timeout=3m chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=winbox_stage2
add action=add-src-to-address-list address-list=winbox_stage2 address-list-timeout=3m chain=input connection-state=new dst-port=8291 protocol=tcp src-address-list=winbox_stage1
add action=add-src-to-address-list address-list=winbox_stage1 address-list-timeout=3m chain=input connection-state=new dst-port=8291 protocol=tcp
add action=jump chain=forward connection-state=new jump-target=detect-ddos
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddoser address-list-timeout=10m chain=detect-ddos
add action=drop chain=input comment="Rechazar conexiones invalidas" connection-state=invalid
add action=drop chain=input comment="BLOQUEA DURANTE 24 horas 5 intentos seguidos de login SSH!" dst-port=22 protocol=tcp src-address-list=black_list_ssh
add action=drop chain=input comment="Bloquear ataques FTP" dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add action=drop chain=input comment="BLOQUEA DURANTE 24 horas 5 intentos seguidos de login winbox!" dst-port=8291 protocol=tcp src-address-list=black_list_winbox
add action=accept chain=input comment=winbox disabled=yes dst-port=8291 protocol=tcp
add action=drop chain=forward comment="Permite trafico de MAC 58:F1:02:D3:E3:D2 Empleado solo desde VLAN30" in-interface=!VLAN30 src-mac-address=58:F1:02:D3:E3:D2
add action=drop chain=forward comment="Permite trafico de MAC B0:C5:59:E1:8B:30 Empleado solo desde VLAN30" in-interface=!VLAN30 src-mac-address=B0:C5:59:E1:8B:30
add action=drop chain=forward comment="Permite trafico de MAC AC:36:13:03:30:1D Empleado solo desde VLAN30" in-interface=!VLAN30 src-mac-address=AC:36:13:03:30:1D
add action=drop chain=forward comment="Permite trafico de MAC B4:CE:F6:60:FD:1C Empleado solo desde VLAN30" in-interface=!VLAN30 src-mac-address=B4:CE:F6:60:FD:1C
add action=drop chain=forward comment="Permite trafico de MAC EC:1F:72:23:7B:5D Empleado solo desde VLAN30" in-interface=!VLAN30 src-mac-address=EC:1F:72:23:7B:5D
add action=drop chain=forward comment="Permite trafico de MAC FC:42:03:18:25:D7 Empleado solo desde VLAN30" in-interface=!VLAN30 src-mac-address=FC:42:03:18:25:D7
add action=drop chain=forward comment="Permite trafico de MAC 2C:59:8A:50:53:AB Empleado solo desde VLAN30" in-interface=!VLAN30 src-mac-address=2C:59:8A:50:53:AB
add action=drop chain=forward comment="Permite trafico de MAC 00:34:DA:25:20:61 Empleado solo desde VLAN30" in-interface=!VLAN30 src-mac-address=00:34:DA:25:20:61
add action=drop chain=forward comment="Permite trafico de MAC 00:1E:AD:43:D1:D1 Empleado solo desde VLAN30" in-interface=!VLAN30 src-mac-address=00:1E:AD:43:D1:D1
add action=drop chain=forward comment="Permite trafico de MAC 34:14:5F:41:AE:2B Empleado solo desde VLAN30" in-interface=!VLAN30 src-mac-address=34:14:5F:41:AE:2B

/ip firewall mangle
add action=accept chain=prerouting comment="Permite trafico 192.168.0.0/24 -> 192.168.2.0/24" dst-address=192.168.2.0/24 src-address=192.168.0.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.0.0/24 -> 192.168.3.0/24" dst-address=192.168.3.0/24 src-address=192.168.0.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.0.0/24 -> 192.168.4.0/24" dst-address=192.168.4.0/24 src-address=192.168.0.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.0.0/24 -> 192.168.20.0/26" dst-address=192.168.20.0/24 src-address=192.168.0.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.0.0/24 -> 192.168.30.0/24" dst-address=192.168.30.0/24 src-address=192.168.0.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.2.0/24 -> 192.168.0.0/24" dst-address=192.168.0.0/24 in-interface=ether4-Lan2
add action=accept chain=prerouting comment="Permite trafico 192.168.2.0/24 -> 192.168.3.0/24" dst-address=192.168.3.0/24 in-interface=ether4-Lan2
add action=accept chain=prerouting comment="Permite trafico 192.168.2.0/24 -> 192.168.4.0/24" dst-address=192.168.4.0/24 src-address=192.168.2.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.2.0/24 -> 192.168.20.0/26" dst-address=192.168.20.0/24 in-interface=ether4-Lan2
add action=accept chain=prerouting comment="Permite trafico 192.168.2.0/24 -> 192.168.30.0/24" dst-address=192.168.30.0/24 in-interface=ether4-Lan2
add action=accept chain=prerouting comment="Permite trafico 192.168.3.0/24 -> 192.168.0.0/24" dst-address=192.168.0.0/24 in-interface=ether5-Lan3
add action=accept chain=prerouting comment="Permite trafico 192.168.3.0/24 -> 192.168.2.0/24" dst-address=192.168.2.0/24 in-interface=ether5-Lan3
add action=accept chain=prerouting comment="Permite trafico 192.168.3.0/24 -> 192.168.4.0/24" dst-address=192.168.4.0/24 src-address=192.168.3.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.3.0/24 -> 192.168.20.0/24" dst-address=192.168.20.0/24 in-interface=ether5-Lan3
add action=accept chain=prerouting comment="Permite trafico 192.168.3.0/24 -> 192.168.30.0/24" dst-address=192.168.30.0/24 in-interface=ether5-Lan3
add action=accept chain=prerouting comment="Permite trafico 192.168.20.0/24 -> 192.168.0.0/24" dst-address=192.168.0.0/24 src-address=192.168.20.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.20.0/24 -> 192.168.2.0/24" dst-address=192.168.2.0/24 src-address=192.168.20.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.20.0/24 -> 192.168.3.0/24" dst-address=192.168.3.0/24 src-address=192.168.20.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.20.0/24 -> 192.168.4.0/24" dst-address=192.168.4.0/24 in-interface=VLAN20
add action=accept chain=prerouting comment="Permite trafico 192.168.20.0/24 -> 192.168.30.0/24" dst-address=192.168.3.0/24 src-address=192.168.20.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.30.0/24 -> 192.168.0.0/24" dst-address=192.168.0.0/24 src-address=192.168.30.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.30.0/24 -> 192.168.2.0/24" dst-address=192.168.2.0/24 src-address=192.168.30.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.30.0/24 -> 192.168.3.0/24" dst-address=192.168.3.0/24 src-address=192.168.30.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.30.0/24 -> 192.168.4.0/24" dst-address=192.168.4.0/24 src-address=192.168.30.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.30.0/24 -> 192.168.20.0/24" dst-address=192.168.20.0/24 src-address=192.168.30.0/24
add action=accept chain=prerouting comment="Permite acceso al router del ISP2 desde 192.168.2.0/24" dst-address=192.168.1.0/24 in-interface=ether4-Lan2
add action=accept chain=prerouting comment="Permite acceso al router del ISP2 desde 192.168.3.0/24" dst-address=192.168.1.0/24 in-interface=ether5-Lan3
add action=accept chain=prerouting comment="Permite acceso al router del ISP2 desde 192.168.20.0/24" dst-address=192.168.1.0/24 src-address=192.168.20.0/24
add action=accept chain=prerouting comment="Permite acceso al router del ISP desde 192.168.30.0/24" dst-address=192.168.1.0/24 src-address=192.168.30.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.4.0/24 -> 192.168.2.0/24" dst-address=192.168.2.0/24 src-address=192.168.4.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.4.0/24 -> 192.168.3.0/24" dst-address=192.168.3.0/24 src-address=192.168.4.0/24
add action=accept chain=prerouting comment="Permite trafico 192.168.4.0/24 -> 192.168.20.0/24" dst-address=192.168.20.0/24 src-address=192.168.4.0/24
add action=mark-connection chain=prerouting comment="Bridge2_Lan4 de Video marca conexiones ISP1 (conexiones remotas)" connection-mark=no-mark dst-address-type=!local in-interface=bridge2_Lan4 new-connection-mark=ISP1 passthrough=yes
add action=mark-routing chain=prerouting comment="Conexiones de Bridge2Lan4 salen por ruta to_ISP1 (conexiones remotas)" connection-mark=ISP1 in-interface=bridge2_Lan4 new-routing-mark=to_ISP1 passthrough=yes
add action=mark-connection chain=prerouting comment="Marca conexiones desde ISP1" connection-mark=no-mark in-interface=ether1-WAN1 new-connection-mark=ISP1 passthrough=yes
add action=mark-connection chain=prerouting comment="Marca conexiones desde ISP2" connection-mark=no-mark in-interface=ether2-WAN2 new-connection-mark=ISP2 passthrough=yes
add action=mark-routing chain=output comment="Conexiones marcadas como ISP1 salen por ruta to_ISP1" connection-mark=ISP1 new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output comment="Conexiones marcadas como ISP2 salen por ruta to_ISP2" connection-mark=ISP2 new-routing-mark=to_ISP2 passthrough=yes
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red Hotspot a ISP1" connection-mark=no-mark dst-address-type=!local in-interface=bridge1 new-connection-mark=ISP1 passthrough=yes per-connection-classifier=src-address-and-port:5/0
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red Hotspot a ISP1" connection-mark=no-mark dst-address-type=!local in-interface=bridge1 new-connection-mark=ISP1 passthrough=yes per-connection-classifier=src-address-and-port:5/1
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red Hotspot a ISP1" connection-mark=no-mark dst-address-type=!local in-interface=bridge1 new-connection-mark=ISP1 passthrough=yes per-connection-classifier=src-address-and-port:5/2
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red Hotspot a ISP1" connection-mark=no-mark dst-address-type=!local in-interface=bridge1 new-connection-mark=ISP1 passthrough=yes per-connection-classifier=src-address-and-port:5/3
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red Hotspot a ISP2" connection-mark=no-mark dst-address-type=!local in-interface=bridge1 new-connection-mark=ISP2 passthrough=yes per-connection-classifier=src-address-and-port:5/4
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red 192.168.2.0/24 a ISP1" connection-mark=no-mark dst-address-type=!local in-interface=ether4-Lan2 new-connection-mark=ISP1 passthrough=yes per-connection-classifier=src-address-and-port:5/0
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red 192.168.2.0/24 a ISP1" connection-mark=no-mark dst-address-type=!local in-interface=ether4-Lan2 new-connection-mark=ISP1 passthrough=yes per-connection-classifier=src-address-and-port:5/1
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red 192.168.2.0/24 a ISP1" connection-mark=no-mark dst-address-type=!local in-interface=ether4-Lan2 new-connection-mark=ISP1 passthrough=yes per-connection-classifier=src-address-and-port:5/2
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red 192.168.2.0/24 a ISP1" connection-mark=no-mark dst-address-type=!local in-interface=ether4-Lan2 new-connection-mark=ISP1 passthrough=yes per-connection-classifier=src-address-and-port:5/3
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red 192.168.2.0/24 a ISP2" connection-mark=no-mark dst-address-type=!local in-interface=ether4-Lan2 new-connection-mark=ISP2 passthrough=yes per-connection-classifier=src-address-and-port:5/4
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red 192.168.3.0/24 a ISP1" connection-mark=no-mark dst-address-type=!local in-interface=ether5-Lan3 new-connection-mark=ISP1 passthrough=yes per-connection-classifier=src-address-and-port:5/0
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red 192.168.3.0/24 a ISP1" connection-mark=no-mark dst-address-type=!local in-interface=ether5-Lan3 new-connection-mark=ISP1 passthrough=yes per-connection-classifier=src-address-and-port:5/1
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red 192.168.3.0/24 a ISP1" connection-mark=no-mark dst-address-type=!local in-interface=ether5-Lan3 new-connection-mark=ISP1 passthrough=yes per-connection-classifier=src-address-and-port:5/2
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red 192.168.3.0/24 a ISP2" connection-mark=no-mark dst-address-type=!local in-interface=ether5-Lan3 new-connection-mark=ISP2 passthrough=yes per-connection-classifier=src-address-and-port:5/4
add action=mark-connection chain=prerouting comment="Marca la quinta parte de conexiones de Red 192.168.3.0/24 a ISP1" connection-mark=no-mark dst-address-type=!local in-interface=ether5-Lan3 new-connection-mark=ISP1 passthrough=yes per-connection-classifier=src-address-and-port:5/3
add action=mark-routing chain=prerouting comment="Conexiones de Red Hotspot marcadas como ISP1 salen por ruta to_ISP1" connection-mark=ISP1 in-interface=bridge1 new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting comment="Conexiones de Red Hotspot marcadas como ISP2 salen por ruta to_ISP2" connection-mark=ISP2 in-interface=bridge1 new-routing-mark=to_ISP2 passthrough=yes
add action=mark-routing chain=prerouting comment="Conexiones de Red 192.168.2.0/24 marcadas como ISP1 salen por ruta to_ISP1" connection-mark=ISP1 in-interface=ether4-Lan2 new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting comment="Conexiones de Red 192.168.2.0/24 marcadas como ISP2 salen por ruta to_ISP2" connection-mark=ISP2 in-interface=ether4-Lan2 new-routing-mark=to_ISP2_ passthrough=yes
add action=mark-routing chain=prerouting comment="Conexiones de Red 192.168.3.0/24 marcadas como ISP1 salen por ruta to_ISP1" connection-mark=ISP1 in-interface=ether5-Lan3 new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting comment="Conexiones de Red 192.168.3.0/24 marcadas como ISP2 salen por ruta to_ISP2" connection-mark=ISP2 in-interface=ether5-Lan3 new-routing-mark=to_ISP2 passthrough=yes
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.4.0/24 out-interface=ether1-WAN1 passthrough=yes
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.4.0/24 out-interface=ether2-WAN2 passthrough=yes
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.3.0/24 out-interface=ether1-WAN1 passthrough=yes src-address=192.168.3.0/24
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.3.0/24 out-interface=ether2-WAN2 passthrough=yes src-address=192.168.3.0/24
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.2.0/24 out-interface=ether1-WAN1 passthrough=yes src-address=192.168.2.0/24
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.2.0/24 out-interface=ether2-WAN2 passthrough=yes src-address=192.168.2.0/24
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.8.0/21 out-interface=ether1-WAN1 passthrough=yes src-address=192.168.8.0/21
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.8.0/21 out-interface=ether2-WAN2 passthrough=yes src-address=192.168.8.0/21
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.40.0/24 out-interface=ether1-WAN1 passthrough=yes src-address=192.168.40.0/24
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.40.0/24 out-interface=ether2-WAN2 passthrough=yes src-address=192.168.40.0/24
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.20.0/24 out-interface=ether1-WAN1 passthrough=yes src-address=192.168.20.0/24
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.20.0/24 out-interface=ether2-WAN2 passthrough=yes src-address=192.168.20.0/24
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.30.0/24 out-interface=ether2-WAN2 passthrough=yes src-address=192.168.30.0/24
add action=mark-connection chain=postrouting disabled=yes new-connection-mark=192.168.30.0/24 out-interface=ether1-WAN1 passthrough=yes src-address=192.168.30.0/24
add action=mark-packet chain=postrouting connection-mark=192.168.4.0/24 disabled=yes new-packet-mark=192.168.4.0/24 out-interface=ether1-WAN1 passthrough=no
add action=mark-packet chain=postrouting connection-mark=192.168.4.0/24 disabled=yes new-packet-mark=192.168.4.0/24 out-interface=ether2-WAN2 passthrough=no
add action=mark-packet chain=postrouting connection-mark=192.168.3.0/24 disabled=yes new-packet-mark=192.168.3.0/24 passthrough=no
add action=mark-packet chain=postrouting connection-mark=192.168.2.0/24 disabled=yes new-packet-mark=192.168.2.0/24 passthrough=no
add action=mark-packet chain=postrouting connection-mark=192.168.8.0/21 disabled=yes new-packet-mark=192.168.8.0/21 passthrough=no
add action=mark-packet chain=postrouting connection-mark=192.168.20.0/24 disabled=yes new-packet-mark=192.168.20.0/24 passthrough=no
add action=mark-packet chain=postrouting connection-mark=192.168.30.0/24 disabled=yes new-packet-mark=192.168.30.0/24 passthrough=no
add action=mark-packet chain=postrouting connection-mark=192.168.40.0/24 disabled=yes new-packet-mark=192.168.40.0/24 passthrough=no

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=dst-nat chain=dstnat comment="mikrotik cloud" disabled=yes dst-address=192.168.1.1 dst-port=80 protocol=tcp to-addresses=192.168.1.3 to-ports=80
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat disabled=yes
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=dst-nat chain=dstnat comment=central disabled=yes dst-port=10000,20000 in-interface=ether1-WAN1 protocol=tcp to-addresses=192.168.2.1
add action=dst-nat chain=dstnat comment="C\C1MARAS Redireccionamiento DVR1" dst-port=6000 in-interface=ether1-WAN1 protocol=tcp to-addresses=192.168.4.11
add action=dst-nat chain=dstnat dst-port=2020 in-interface=ether1-WAN1 protocol=udp to-addresses=192.168.2.1
add action=dst-nat chain=dstnat dst-port=2020 in-interface=ether1-WAN1 protocol=tcp to-addresses=192.168.2.1
add action=dst-nat chain=dstnat dst-port=8080 in-interface=ether1-WAN1 log=yes protocol=tcp to-addresses=192.168.4.11
add action=dst-nat chain=dstnat comment="Redireccionamiento a DVR2" dst-port=8891 in-interface=ether1-WAN1 log=yes protocol=tcp to-addresses=192.168.4.60 to-ports=8891
add action=dst-nat chain=dstnat comment="Redireccionamiento a DVR2" dst-port=9687 in-interface=ether1-WAN1 protocol=tcp to-addresses=192.168.4.60
add action=dst-nat chain=dstnat comment="Redireccionamiento a DVR2" dst-port=7405 in-interface=ether1-WAN1 protocol=tcp to-addresses=192.168.4.60
add action=dst-nat chain=dstnat dst-port=2587 in-interface=ether1-WAN1 protocol=udp to-addresses=192.168.3.254
add action=dst-nat chain=dstnat comment="Redireccionamiento a DVR2" dst-port=7366 in-interface=ether1-WAN1 protocol=udp to-addresses=192.168.4.60
add action=dst-nat chain=dstnat comment="Redireccionamiento a DVR2" dst-port=9814 in-interface=ether1-WAN1 protocol=udp to-addresses=192.168.4.60
add action=dst-nat chain=dstnat dst-port=9878 in-interface=ether1-WAN1 protocol=tcp to-addresses=192.168.2.20
add action=dst-nat chain=dstnat dst-port=4747 in-interface=ether1-WAN1 protocol=udp to-addresses=192.168.2.20
add action=masquerade chain=srcnat out-interface=ether1-WAN1
add action=masquerade chain=srcnat out-interface=ether2-WAN2

/ip route
add check-gateway=ping distance=1 gateway=208.67.222.222 routing-mark=to_ISP1 target-scope=30
add check-gateway=ping distance=1 gateway=208.67.220.220 routing-mark=to_ISP2 target-scope=30
add check-gateway=ping distance=1 gateway=208.67.220.220
add check-gateway=ping distance=1 gateway=208.67.222.222
add check-gateway=ping distance=2 dst-address=208.67.220.220/32 gateway=192.168.1.1 scope=10
add check-gateway=ping distance=1 dst-address=208.67.222.222/32 gateway=192.168.1.1 scope=10
 
freddy73
just joined
Topic Author
Posts: 5
Joined: Sun Aug 04, 2019 8:56 pm

Re: default wan

Mon Aug 05, 2019 5:07 pm

Thanks for the comment I will be attentive to any help
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1700
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: default wan

Mon Aug 05, 2019 11:41 pm

Hey, the recursive routing paths, map to same gateway .1.1
 
freddy73
just joined
Topic Author
Posts: 5
Joined: Sun Aug 04, 2019 8:56 pm

Re: default wan

Tue Aug 06, 2019 2:00 am

Thank you for responding, these are the gateway of each router of the provider, the public ip is on the router. Should the LAN network segment of the ISP change?
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1700
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: default wan

Tue Aug 06, 2019 8:07 pm

If you can do, then the gateway will be explicit / unique. Right now that's not the case. Otherwise qualify the interface that should be used: gateway="IP%interface"
 
freddy73
just joined
Topic Author
Posts: 5
Joined: Sun Aug 04, 2019 8:56 pm

Re: default wan

Thu Aug 08, 2019 5:40 am

thanks for the help I corrected the problem by putting the public ip of 1 of the 2 ISPs in the mikrotik.

Who is online

Users browsing this forum: No registered users and 27 guests