Community discussions

MikroTik App
 
User avatar
isldboy
just joined
Topic Author
Posts: 1
Joined: Thu Apr 12, 2018 4:48 pm
Location: usa
Contact:

help converting wan failover, not working after ros7 upgrade

Sat Jan 14, 2023 6:08 am

I need help converting my failover to ros7
below is the script i have been using but after upgrading to 7 the failover no longer works some options lost
/ip route
add comment="<PRIMARY>" gateway=<PRIMARY-GATEWAY>
add comment="<SECONDARY>" gateway=<SECONDARY-GATEWAY> routing-mark=backup-rmark
/ip route rule
add action=lookup-only-in-table comment=backup-rule src-address=<ENTIRE-SECONDARY-SUBNET> table=backup-rmark
/ip firewall mangle
add action=mark-routing chain=prerouting comment=backup-failover-nat disabled=yes new-routing-mark=backup-rmark src-address-list=<NAT-LIST>
/tool netwatch
add down-script="/ip firewall mangle enable [/ip firewall mangle find comment~\"backup-failover-nat\"]" host=<REMOTE-HOST> interval=5s timeout=30s up-script=\
"/ip firewall mangle disable [/ip firewall mangle find comment~\"backup-failover-nat\"]"
/ip firewall nat
add action=src-nat chain=srcnat routing-mark=backup-rmark to-addresses=<SECONDARY-SRC-NAT-TO-ADDRESS-RANGE>
add action=src-nat chain=srcnat src-address-list=<NAT-LIST> to-addresses=<PRIMARY-SRC-NAT-TO-ADDRESS-RANGE>

I have tried the following config but am unable to ping any outside IP unless i use the interface Ip itself and then only to thenext hop
/ip address
add address=12.12.12.3/29 comment="Pri-Ckt-AT&T" interface=sfp-sfpplus2
add address=12.13.14.34/29 comment="BackUp-Ckt-Spectrum" interface=sfp-sfpplus3


/routing table
add fib name=backup-rmark

/routing rule
add action=lookup-only-in-table comment=backup-rule src-address=12.13.14.32/29 table=backup-rmark routing-mark=backup-rmark

/ip route
add comment=Pri-Ckt-AT&T distance=1 gateway=12.12.12.1
add comment=BackUp-Ckt-Spectrum distance=2 gateway=12.13.14.33 routing-table=backup-rmark

/ip firewall mangle
add action=mark-routing chain=prerouting comment=backup-failover-nat new-routing-mark=backup-rmark src-address-list=NAT-General-list


/tool netwatch
add down-script="/ip route set [find where comment=\"Pri-Ckt-AT&T\"] distance=3;\r\
\n:log warning \"Pri-Ckt-AT&T 5Gig down, switching to Backup-Ckt-Spectrum 2Gig\"" host=9.9.9.9 interval=7s up-script=\
"/ip route set [find where comment=\"Pri-Ckt-AT&T\"] distance=1;\r\
\n:log warning \"Pri-Ckt-AT&T 5Gig restored\""
add down-script="/ip firewall mangle enable [/ip firewall mangle find comment~\"backup-failover-nat\"]" host=1.1.1.1 interval=\
5s up-script="/ip firewall mangle disable [/ip firewall mangle find comment~\"backup-failover-nat\"]"

/ip firewall nat
add action=src-nat chain=srcnat dst-address-list=!VPN-Networks out-interface=sfp-sfpplus3 routing-mark=backup-rmark to-addresses=12.13.14.34
add action=src-nat chain=srcnat dst-address-list=!VPN-Networks out-interface=sfp-sfpplus2 src-address-list=NAT-General-list to-addresses=12.12.12.3

Who is online

Users browsing this forum: Bing [Bot] and 34 guests