Community discussions

MikroTik App
 
dragonauta
just joined
Topic Author
Posts: 24
Joined: Thu Feb 02, 2017 12:50 am

hairpin with 2 WAN

Wed Dec 23, 2020 8:57 pm

Hi, I'm kind of new and I still learning.
I had 1 ISP, and this hairpin script that worked
# this is the global variable holding the last known public IP
:global HairpinPreviousIP ;

# get the current WAN IP
:local currentIP ;

:do {
    :set currentIP [/ip address get [find interface=ether1-gw] address] ;
} on-error={
    # you could add a failover static IP here, just have something so the script won't fail
    :set currentIP 192.168.0.1 ;
}

# Strip the net mask off the IP address
:for i from=( [:len $currentIP] - 1) to=0 do={
   :if ( [:pick $currentIP $i] = "/") do={
       :set currentIP [:pick $currentIP 0 $i] ;
   }
}

# Public IP has changed
:if ($currentIP != $HairpinPreviousIP) do={

    # clear the address list
    :foreach entry in=[/ip firewall address-list find list="Hairpin"] do={
         /ip firewall address-list remove $entry
     }
     
   # add new address to the address list
   /ip firewall address-list add list="Hairpin" address=$currentIP
   
   # here you could also add other static router IPs to the Hairpin list
   # /ip firewall address-list add list="Hairpin" address=192.168.1.2
   
   # store the new IP
   :set HairpinPreviousIP $currentIP ;
}

Now I have 2 different ISP. Both are pppoe and I have a simple failover (just put different distances).

I'm really lost, looking for a way to select ISP that is already working

This script is fine when you know that your wan is a single interface, but in my case won't work: pppoe-out1 and pppoe-out2 are both active with public-dynamic IP.
 
Sob
Forum Guru
Forum Guru
Posts: 6463
Joined: Mon Apr 20, 2009 9:11 pm

Re: hairpin with 2 WAN

Wed Dec 23, 2020 11:26 pm

You can use scripts in PPP profile, just use this as "On Up":
:local Name [/interface pppoe-client get $interface name]
/ip firewall address-list remove [find where list=Hairpin comment=$Name]
/ip firewall address-list add list=Hairpin address=$"local-address" comment=$Name]
and this as "On Down":
:local Name [/interface pppoe-client get $interface name]
/ip firewall address-list remove [find where list=Hairpin comment=$Name]
It will update the list every time PPPoE clients connects or disconnects. Normally the list will contain both addresses, and that's fine. Only if you'd want incoming connections to work for both at the same time, you'd need to make sure that you route responses the same way from where requests came.
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
erkexzcx
Member Candidate
Member Candidate
Posts: 146
Joined: Mon Oct 07, 2019 11:42 pm

Re: hairpin with 2 WAN

Thu Dec 24, 2020 1:47 am

How about this?
# Add both WAN interfaces to interfaces list.
/interface list add name=WAN
/interface list member add interface=ether1 list=WAN
/interface list member add interface=ether2 list=WAN

# Add this script to your Mikrotik router.
/system script add name=dhcp_client_script source=":if (\$bound=1) do={\r\
    \n\t/ip firewall address-list remove [find where address!=\$\"lease-address\" and list=wan_ips and comment=\"DYNAMIC: WAN IP of \$interface\"]\r\
    \n\t/ip firewall address-list add address=\$\"lease-address\" list=wan_ips comment=\"DYNAMIC: WAN IP of \$interface\"\r\
    \n}"

# Include script in your DHCP client rules for both ISPs.
/ip dhcp-client add disabled=no interface=ether1 script=dhcp_client_script
/ip dhcp-client add disabled=no interface=ether2 script=dhcp_client_script

# Create address-list of your LAN IP subnets.
/ip firewall address-list add address=192.168.0.0/24 list=LANs
/ip firewall address-list add address=192.168.0.1/24 list=LANs
/ip firewall address-list add address=192.168.0.2/24 list=LANs

# Create hairpin NAT and main NAT rules like this.
/ip firewall nat add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address-list=LANs src-address-list=LANs
/ip firewall nat add action=masquerade chain=srcnat comment="Main NAT" out-interface-list=WAN

# Create port forwarding like this.
/ip firewall nat add action=dst-nat chain=dstnat comment="Port forward: web server" dst-address-list=wan_ips dst-port=80 protocol=tcp to-addresses=192.168.0.10
/ip firewall nat add action=dst-nat chain=dstnat comment="Port forward: ftp" dst-address-list=wan_ips dst-port=21 protocol=tcp to-addresses=192.168.0.11

Mentioned script will create "wan_ips" address list and will keep it updated with your IP addresses of your WAN interfaces.

Who is online

Users browsing this forum: No registered users and 23 guests