Community discussions

MikroTik App
 
OlofL
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Mon Oct 12, 2015 2:37 pm

Can someone quickly quality assurance my Dual WAN, Dual LAN setup?

Thu Feb 18, 2021 7:34 pm

I have mostly copied the ideas from this video, https://www.youtube.com/watch?v=67Dna_ffCvc
BUT... it is almost 6 years old now, so maybe setups are more elegant/changed

Everything seems to work fine now, but I need some quality assurance before going live, since I have never played around with mangle table too much before...

I am running ROS 6.48.1 on a CCR, but labbed in GNS3 as seen in picture.

The requirements are pretty simple:
Two LANs, both are NAT'ed.
LAN1 route all out of ISP1, with failover to ISP2
LAN2 route all out of ISP2, with failover to ISP1

Any input is welcome :) (I will fix firewall/potential dstnat rules later)

The configuration:
/interface ethernet
set [ find default-name=ether5 ] disable-running-check=no name=LAN1
set [ find default-name=ether6 ] disable-running-check=no name=LAN2

set [ find default-name=ether1 ] disable-running-check=no name=WAN1
set [ find default-name=ether2 ] disable-running-check=no name=WAN2

/interface list
add name=WAN
add name=LAN
/interface list member
add interface=WAN1 list=WAN
add interface=WAN2 list=WAN
add interface=LAN1 list=LAN
add interface=LAN2 list=LAN

/ip address
add address=192.168.1.1/24 interface=LAN1 network=192.168.1.0
add address=172.16.1.1/24 interface=LAN2 network=172.16.1.0
add address=15.15.15.2/24 interface=WAN1 network=15.15.15.0
add address=26.26.26.2/24 interface=WAN2 network=26.26.26.0

/ip firewall address-list
add address=192.168.1.0/24 list=LAN1
add address=172.16.1.0/24 list=LAN2
add address=192.168.1.0/24 list=ALL_LAN
add address=172.16.1.0/24 list=ALL_LAN
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=!ALL_LAN new-routing-mark=ISP1_PREF src-address-list=LAN1
add action=mark-routing chain=prerouting dst-address-list=!ALL_LAN new-routing-mark=ISP2_PREF src-address-list=LAN2
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=ISP1>WAN1
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=ISP2>WAN2
add action=mark-routing chain=output connection-mark=ISP1>WAN1 new-routing-mark=ISP1_PREF
add action=mark-routing chain=output connection-mark=ISP2>WAN2 new-routing-mark=ISP2_PREF
add action=mark-connection chain=forward connection-mark=no-mark in-interface=WAN1 new-connection-mark=WAN1>LANs
add action=mark-connection chain=forward connection-mark=no-mark in-interface=WAN2 new-connection-mark=WAN2>LANs
add action=mark-routing chain=prerouting connection-mark=WAN1>LANs new-routing-mark=ISP1_PREF src-address-list=ALL_LAN
add action=mark-routing chain=prerouting connection-mark=WAN2>LANs new-routing-mark=ISP2_PREF src-address-list=ALL_LAN

/ip firewall nat
add action=masquerade chain=srcnat src-address-list=ALL_LAN
add action=dst-nat chain=dstnat dst-port=2222 protocol=tcp to-addresses=192.168.1.2 comment="test dstnat to internal network"
/ip route
add check-gateway=arp distance=10 gateway=26.26.26.1 routing-mark=ISP2_PREF
add check-gateway=arp distance=20 gateway=15.15.15.1 routing-mark=ISP2_PREF
add check-gateway=arp distance=10 gateway=15.15.15.1 routing-mark=ISP1_PREF
add check-gateway=arp distance=20 gateway=26.26.26.1 routing-mark=ISP1_PREF
add check-gateway=arp distance=5 gateway=26.26.26.1
add check-gateway=arp distance=5 gateway=15.15.15.1
Image

Who is online

Users browsing this forum: adalop, Florian, gotsprings, sindy, spr41178 and 177 guests