Hi, everyone
It's my first time using a MikroTik device (and advanced network solutions) and I'm having some trouble achieving what I want. I might be missing some concepts, so any new content will be more than welcome.
I've already been playing around for a few days, made my configs, made a few scripts, but I can't really reach my goal.
I have a main link coming through WAN1 interface. It's a PPPoE Client interface. Its default route has a distance of 1.
I also have a secondary link coming through WAN2 interface. This one is a DHCP Client (and I cannot change this, ISP won't let me change router configs) with a DMZ associated to the leased IP. Its default route has a distance of 2.
On the LAN side I have a server connected, which I want port 2222 to be accessible.
My idea is to achieve a failover in such a way that WAN1 is my default link and route, but that I could also access my server through WAN2 at any time. For now, I can only reach the server by using WAN1 public IP, but not WAN2.
My NAT rules:
#0 is a Loopback NAT, which is a src-nat with src-nat action to point my LAN IPs (from the DHCP Server) to the WAN1 or WAN2 public IP (a script does change that in case WAN1 is out);
#1 is a src-nat with masquerade action for both WAN1 and WAN2.
#2 is a dst-nat with dst-nat action to point incoming connections with port 2222 destination to my server LAN IP and port 2222.
I have no mangle rules for this as, in my thought, I could let the connection come in through WAN1 or WAN2 and leave through the active route on /ip routes. As WAN1 and WAN2 have both different distances, if WAN1 is out, WAN2 would be the in-use route. Is this failover right? Would it work at all?
Firewall also doesn't seem to be the issue, but here are my rules:
#0 Accepts establisheds and related connections
#1 Drops invalid connections
#2 Accepts ICMP (limited)
#3 Accepts WINBOX connection through LAN IPs
#4 Drops all the rest
I'd like some advice to achieve what I want and also if something should be better, such as my firewall rules, nat/mangle rules, etc.
Also, a concept doubt I have:
Is it possible for a TCP socket to be changed from WAN1 to WAN2 without breaking the connection?
Thanks!