Community discussions

MikroTik App
 
User avatar
boxybh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Sat Jul 29, 2017 11:16 am

example script by mikrotik how to use pppoe

Mon Oct 04, 2021 3:38 pm

Example 1
Failover With Firewall Marking

This example demonstrates how to set up failover with a firewall mangle, filter and NAT rules.

Detailed Section Overview
IP address
In this example, our provider assigned two upstream links, one connected to ether1 and other to ether2. Our local network has two subnets 192.168.1.0/24 and 192.168.2.0/24

/ip address
add address=10.1.101.18/30 interface=ether1
add address=10.1.200.18/30 interface=ether2( what if this is pppoe)
add address=192.168.1.1/24 interface=ether3
add address=192.168.2.1/24 interface=ether4
Mangle
Connections going through the ether1 interface is marked as "first" and packets going through the ether2 is marked as "other":

/ip firewall mangle
add action=mark-connection chain=forward connection-mark=no-mark new-connection-mark=first out-interface=ether1 passthrough=yes
add action=mark-connection chain=forward connection-mark=no-mark new-connection-mark=other out-interface=ether2 passthrough=yes
Firewall Filter
When the primary link will fail, we will reject all the established connections, so new connections will pass through the secondary link. The same behavior will happen when a primary link will come back again and here we will prevent local IP leakage to a public network, which is one of masquerades disadvantages:

/ip firewall filter
add action=reject chain=forward connection-mark=other out-interface=ether1 reject-with=icmp-network-unreachable
add action=reject chain=forward connection-mark=first out-interface=ether2 reject-with=icmp-network-unreachable
NAT
Instead of masquerade, we will use src-nat for our local networks, because we do not want to purge connections which are one of the masquerade's main features when a primary link fails. We will restrict them with firewall rules (later in this example):

/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 to-address=10.1.101.18 ( how do i define pppoe here)
add action=src-nat chain=srcnat out-interface=ether2 to-address=10.1.200.18
Routes
We will add two default routes. With distance parameter we set route preference:

/ip route add gateway=10.1.101.17 distance=1 check-gateway=ping
/ip route add gateway=10.1.200.17 distance=2


also suppose if i have static ip on wan 1 and 2 the 2(10.1.200.17) is distance 2 so i cannot connect through winbox from outside unitl i mark connection and then mark routing and put same in routes .
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: example script by mikrotik how to use pppoe

Tue Oct 05, 2021 8:08 am

Use code tag, like this:
Example 1
Failover With Firewall Marking

This example demonstrates how to set up failover with a firewall mangle, filter and NAT rules.

Detailed Section Overview
IP address
In this example, our provider assigned two upstream links, one connected to ether1 and other to ether2. Our local network has two subnets 192.168.1.0/24 and 192.168.2.0/24
/ip address
add address=10.1.101.18/30 interface=ether1
add address=10.1.200.18/30 interface=ether2 #( what if this is pppoe)
add address=192.168.1.1/24 interface=ether3
add address=192.168.2.1/24 interface=ether4
Mangle
Connections going through the ether1 interface is marked as "first" and packets going through the ether2 is marked as "other":
/ip firewall mangle
add action=mark-connection chain=forward connection-mark=no-mark new-connection-mark=first out-interface=ether1 passthrough=yes
add action=mark-connection chain=forward connection-mark=no-mark new-connection-mark=other out-interface=ether2 passthrough=yes
Firewall Filter
When the primary link will fail, we will reject all the established connections, so new connections will pass through the secondary link. The same behavior will happen when a primary link will come back again and here we will prevent local IP leakage to a public network, which is one of masquerades disadvantages:
/ip firewall filter
add action=reject chain=forward connection-mark=other out-interface=ether1 reject-with=icmp-network-unreachable
add action=reject chain=forward connection-mark=first out-interface=ether2 reject-with=icmp-network-unreachable
NAT
Instead of masquerade, we will use src-nat for our local networks, because we do not want to purge connections which are one of the masquerade's main features when a primary link fails. We will restrict them with firewall rules (later in this example):
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 to-address=10.1.101.18 #( how do i define pppoe here)
add action=src-nat chain=srcnat out-interface=ether2 to-address=10.1.200.18
Routes
We will add two default routes. With distance parameter we set route preference:
/ip route add gateway=10.1.101.17 distance=1 check-gateway=ping
/ip route add gateway=10.1.200.17 distance=2

also suppose if i have static ip on wan 1 and 2 the 2(10.1.200.17) is distance 2 so i cannot connect through winbox from outside unitl i mark connection and then mark routing and put same in routes .

Who is online

Users browsing this forum: No registered users and 22 guests