I am trying to set up my MikroTik router to use 2 WAN connections with the following requirements - one of the connections should be primary, and the other one - secondary - all outbond traffic should pass through the primary WAN connection (when available) and if there is a problem with the primary WAN connection - the outbond traffic must switch to the secondary WAN connection. Both WAN ports must be simultaneously open for inbound connections.
At the end of this post you'll find a summarized scheme of my network topology.
Currently I managed to get everything working exactly as I want - with one notable exception - I am using DMZ on both WAN modems. In order to maintain the possibility to reach their web interfaces I have created port forwarding rules that point back to the LAN interfaces of the modems. Unfortunately reaching their web interface is possible only when using the currently active WAN.
Would you please give me a hint how can I overcome this? Thank you!
Code: Select all
/ip firewall nat add action=masquerade chain=srcnat comment="Masquerade GSM subnet" out-interface=ether3-gateway-GSM add action=masquerade chain=srcnat comment="Masquerade ADSL subnet" out-interface=ether1-gateway-ADSL add action=dst-nat chain=dstnat comment="ADSL modem" dst-port=808 protocol=tcp to-addresses=192.168.10.254 to-ports=80 add action=dst-nat chain=dstnat dst-port=809 protocol=tcp to-addresses=192.168.5.1 to-ports=80 /ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1-gateway-ADSL new-connection-mark=ADSL_conn add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether3-gateway-GSM new-connection-mark=GSM_conn add action=mark-routing chain=prerouting connection-mark=ADSL_conn in-interface=bridge-local new-routing-mark=to_ADSL add action=mark-routing chain=prerouting connection-mark=GSM_conn in-interface=bridge-local new-routing-mark=to_GSM add action=mark-routing chain=output connection-mark=ADSL_conn new-routing-mark=to_ADSL add action=mark-routing chain=output connection-mark=GSM_conn new-routing-mark=to_GSM /ip route add check-gateway=ping distance=1 gateway=192.168.10.254 routing-mark=to_ADSL add check-gateway=ping distance=1 gateway=192.168.5.1 routing-mark=to_GSM add check-gateway=ping distance=1 gateway=192.168.10.254 add check-gateway=ping distance=2 gateway=192.168.5.1