You'll see reading it: i'm a noob to Mikrotik (and bought one to discover it). I'm facing a no way issue and is bored to reset it after making mistake, so I stopped on a basic configuration.
My router is connected to 2 ISPs with dynamic IP: one facing ONT, one facing a bridge behind a cable router. All IPs/gateways configured on the Mikrotik are with DHCP client and are publics one.
Main ISP is my main output, and I would like it to be the first Internet access for 99% of my appartment.
Second ISP is a backup output, and I would like it to be the first Internet access for a specific address list. I'm currently experiencing with only one adress: 192.168.69.210.
192.168.69.210 have a incoming port translation only from ISP2. It works when ISP1 is down.
It's now that you tell me RTFM (I did it but I'm maybe too stupid), but I would like to be able to :
- force ISP2 for a specific address list.
- force ISP1 as main ISP, keeping ISP2 for backup and port translation.
- make port translation on ISP2 work when ISP1 is up.
I tried things with mangle and so but it doesn't work :/
If you have hints or so doing it, I'll be really pleased to read them.
Regards,
ps: My working configuration working with nothing of that is:
Code: Select all
/interface ethernet
set [ find default-name=ether6 ] comment="WAN Sfr" name=ISP_2
set [ find default-name=combo1 ] name=ether0
set [ find default-name=sfp-sfpplus1 ] name=etherS0
set [ find default-name=ether7 ] name=orange-support
/interface bridge
add name=LAN
/interface vlan
add comment="WAN Orange" interface=orange-support name=ISP_1 vlan-id=832
/interface list
add name=WAN
add name=INSIDE
/ip dhcp-client option
add code=60 name=vendor-class-identifier value=0x736167656d
add code=77 name=userclass value=0x2b46535644534c5f6c697665626f782e496e7465726e65742e736f66746174686f6d652e4c697665626f7833
add code=90 name=authsend value=0x00000000000000000000001a0900000xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
/ip pool
add name=dhcp_pool0 ranges=192.168.69.100-192.168.69.199
/ip dhcp-server
add address-pool=dhcp_pool0 bootp-support=none disabled=no interface=LAN lease-time=6d name=dhcp1
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=LAN interface=etherS0
add bridge=LAN hw=no interface=ether0
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=LAN interface=ether5
add bridge=LAN disabled=yes interface=ISP_2
add bridge=LAN broadcast-flood=no disabled=yes interface=orange-support unknown-multicast-flood=no unknown-unicast-flood=no
add bridge=LAN interface=ether1
add bridge=LAN interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=*2000011
/ip settings
set route-cache=no
/interface detect-internet
set detect-interface-list=WAN lan-interface-list=INSIDE wan-interface-list=WAN
/interface list member
add interface=ISP_1 list=WAN
add interface=ISP_2 list=WAN
add interface=LAN list=INSIDE
/ip address
add address=192.168.69.254/24 interface=ether2 network=192.168.69.0
/ip dhcp-client
add dhcp-options=hostname,clientid,authsend,userclass,vendor-class-identifier disabled=no interface=ISP_1
add disabled=no interface=ISP_2
/ip dhcp-server lease
add address=192.168.69.209 client-id=1:0:0:0:0:37:8e mac-address=00:00:00:00:37:8E server=dhcp1
/ip dhcp-server network
add address=192.168.69.0/24 dns-server=192.168.69.254 domain=appart.info-res.fr gateway=192.168.69.254 ntp-server=192.168.69.254
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=208.67.222.222,208.67.220.220,8.8.8.8,1.1.1.1
/ip firewall address-list
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A" disabled=yes list=bogons
add address=127.0.0.0/16 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B" disabled=yes list=bogons
add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C" disabled=yes list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
add address=192.168.69.0/24 list=local
/ip firewall filter
add action=accept chain=input in-interface=LAN
add action=accept chain=input comment="accept established,related" connection-state=established,related
add action=accept chain=input comment="allow ICMP" in-interface-list=WAN protocol=icmp
add action=accept chain=forward dst-address-list=LAN dst-port=50805 in-interface=ISP_2 protocol=tcp
add action=drop chain=input connection-state=invalid
add action=drop chain=input comment="block everything else" in-interface-list=WAN
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=50805 in-interface=ISP_2 protocol=tcp to-addresses=192.168.69.210
add action=masquerade chain=srcnat out-interface=ISP_1
add action=masquerade chain=srcnat out-interface=ISP_2
/lcd
set color-scheme=dark default-screen=stats
/lcd pin
set pin-number=0377
/lcd screen
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
set 4 disabled=yes
/system clock
set time-zone-name=Europe/Paris
/system identity
set name=rtr.appart.info-res.fr
/system leds
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
/system routerboard settings
set auto-upgrade=yes silent-boot=yes
/tool mac-server
set allowed-interface-list=INSIDE
/tool mac-server mac-winbox
set allowed-interface-list=INSIDE