Alright so, long story short... hEX running on v6.49.1
I have two LTE ISPs - the Main is Afrihost Uncapped and the backup is Rain unlimited off-peak (5GB).
ether1 192.168.10.1 Afrihost LTE Uncapped @ 50-75Mbps
ether2 192.168. 9.1 Rain 4G - 5GB Off-Peak @ 15Mbps if you're lucky
ether3 192.168. 8.1 Main Network - 100% bandwidth
ether4 192.168. 8.1 Will be dedicated to wifi APs - need to be able to limit to 15% download bandwidth or less when I want (Show me how??)
ether5 192.168. 8.1 Will be dedicated CCTV for all 4 DVRs - 100% Bandwidth
Yes, I would like to know how to bridge ether3 4 and 5 but control bandwidth on each. I run my DVRs on dedicated PCs to combine the DVRs and display all cameras around the property (separate buildings) on one screen in my house so I need to be able to see everything on my PC (connected to ether3) from ether4 and ether5 as you would with a standard network switch.
I want Afrihost to pull all the data all the time and Rain to just sit there disabled till just in case the sheet hits the fan then it can take over till Afrihot is back online.
I'm guessing I need to post some script to watch 8.8.8.8 and 8.8.4.4 to constantly make sure Afrihost is A-ok, Rain I'm not worried about in this case as it only needs to be there when Afrihost is down.
I seem to sort of have this running but looks like Rain still receiving some of the data when I look in the interface list.
Secondly, if Rain just so happens to need to run for a full day or more I need a schedule only during its active time to kill it at 17:55 and restore it at 23:05
as this is their peak hrs (when they take more money from you than they should).
thirdly I would like to be able to remotely access my hEX via the Mikrotik iOS/Android app while I'm away to make sure it's all running smooth (I'm aware of the security breach implications)- I tried by turning on DDNS under IP>Cloud and it spat out a DNS name and pub address but my app doesn't seem to connect when I'm off my network, assuming this has something to do with NAT or Firewall? what do I do???
Lastly, I have some stupid old DVR running on a No-IP address via HTTP Port 8220 with server port 6036 on 192.168.8.14 and again I assume it's something to do with NAT, Firewall,
or Port Forward that I can't seem to connect. Fortunately, this paragraph will become null and void once I upgrade this one in the future but for now its working so I want to see it remotely with the rest.
I would really appreciate your help as I have tried and failed with many different methods over months now and right now as per my /export I have internet running and that's about it. and yes @anav I'm darn well sure my code is a complete disaster of a mess so if you could do the honors in cleaning it up and throwing out the trash then I would be most grateful to have all this running like a pro.
Sadly I do not have time to do any online courses due to workload in the security industry and worst off I have a mental span of 15min thanks to ADHD so I struggle to do courses of any sort, I learn best from my mistakes and with the help/guidance from others.
/export hide-sensitive
# dec/01/2021 21:55:14 by RouterOS 6.49.1
# software id = Y1G6-ULK3
#
# model = RB750Gr3
# serial number = CC210B84FB20
/interface ethernet
set [ find default-name=ether2 ] disabled=yes
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.8.120-192.168.8.150
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether3 lease-time=8h name=dhcp1
/queue simple
add disabled=yes max-limit=10M/10M name="Main Queue" target=192.168.8.0/24
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add disabled=yes interface=ether3 trusted=yes
add disabled=yes interface=ether4 trusted=yes
add disabled=yes interface=ether5 trusted=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.10.2/27 interface=ether1 network=192.168.10.0
add address=192.168.9.2/27 interface=ether2 network=192.168.9.0
add address=192.168.8.1/24 interface=ether3 network=192.168.8.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.8.0/24 dns-server=192.168.9.1,192.168.10.1 gateway=192.168.8.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall mangle
add action=mark-connection chain=input in-interface=ether1 new-connection-mark=ISP1_Conn passthrough=yes
add action=mark-connection chain=input in-interface=ether2 new-connection-mark=ISP2_Conn passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_Conn new-routing-mark=To_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_Conn new-routing-mark=To_ISP2 passthrough=yes
add action=accept chain=prerouting in-interface=ether3
add action=mark-connection chain=output connection-mark=no-mark connection-state=new new-connection-mark=ISP1_conn out-interface=ether1
add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=to_ISP1 out-interface=ether1
add action=mark-connection chain=output connection-mark=no-mark connection-state=new new-connection-mark=ISP2_conn out-interface=ether2
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_ISP2 out-interface=ether2
/ip firewall nat
add action=dst-nat chain=dstnat comment=Factory-DVR dst-address=192.168.10.2 dst-port=80 in-interface=ether1 protocol=udp to-addresses=192.168.8.14 to-ports=8220
add action=dst-nat chain=dstnat dst-address=192.168.9.2 dst-port=80 in-interface=ether2 protocol=udp to-addresses=192.168.8.14 to-ports=8220
add action=masquerade chain=srcnat comment=RAIN out-interface=ether1
add action=masquerade chain=srcnat comment=AFRIHOST out-interface=ether2
/ip route
add check-gateway=ping distance=1 gateway=8.8.4.4 routing-mark=to_ISP1
add check-gateway=ping distance=2 gateway=8.8.8.8 routing-mark=to_ISP1
add check-gateway=ping distance=2 gateway=8.8.8.8 routing-mark=to_ISP2
add check-gateway=ping distance=1 gateway=8.8.4.4 routing-mark=to-ISP2
add check-gateway=ping distance=1 gateway=192.168.10.1,192.168.9.1
add check-gateway=ping distance=1 gateway=192.168.10.1
add check-gateway=ping distance=2 gateway=192.168.9.1
add distance=1 dst-address=8.8.4.4/32 gateway=192.168.9.1 scope=10
add distance=1 dst-address=8.8.8.8/32 gateway=192.168.10.1 scope=10
add distance=1 dst-address=192.168.8.0/24 gateway=ether4 pref-src=192.168.8.1 scope=10
add distance=1 dst-address=192.168.8.0/24 gateway=ether5 pref-src=192.168.8.1 scope=10
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name="Cam hEX Router"
/system scheduler
add interval=1d name="Disable RAIN" on-event="/interface disable [find name=ether2]" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=\
oct/24/2021 start-time=17:55:00
add interval=1d name="Enable RAIN" on-event="/interface enable [find name=ether2]" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=\
oct/24/2021 start-time=23:05:00
/tool sniffer
set file-name=arp.pcap filter-interface=ether1
You do not have the required permissions to view the files attached to this post.