1.Server in local network must be available from two different ISPs through 21 port.
2.Clients from local network should goes on the internet through ISP1 but some part of local network should go through ISP2 which i manually set with address list.
3.Load balancing or failover not required.
My setup:
ISP1 public IP 10.0.0.1
ISP2 public IP 10.0.1.1
Local server 192.168.1.2
List of local IPs that should goes on the internet through ISP1 192.168.10.0/24 by default.
List of local IPs that should goes on the internet through ISP2 192.168.20.0/24 set manually from adress list.
I achieved that server available from two different ISPs through 21 port and everything working fine. But any demands to make manual separation of clients by different ISPs breaks the scheme with server accessibility from two ISPs at same time. Thank you for any help. Here my config:
Code: Select all
/ip firewall nat
0 chain=srcnat action=src-nat to-addresses=10.0.0.1 out-interface=ether1
log=no log-prefix=""
1 chain=srcnat action=src-nat to-addresses=10.0.1.1 out-interface=ether2
log=no log-prefix=""
2 chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=21
protocol=tcp dst-address=10.0.0.1 in-interface=ether1 dst-port=21
log=no log-prefix=""
3 chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=21
protocol=tcp dst-address=10.0.1.1 in-interface=ether2 dst-port=21
log=no log-prefix=""
/ip firewall mangle
0 chain=input action=mark-connection new-connection-mark=isp1-conn
in-interface=ether1 log=no log-prefix=""
1 chain=input action=mark-connection new-connection-mark=isp2-conn
in-interface=ether2 log=no log-prefix=""
2 chain=output action=mark-routing new-routing-mark=isp1-conn log=no
log-prefix=""
3 chain=output action=mark-routing new-routing-mark=isp2-conn log=no
log-prefix=""
4 chain=forward action=mark-connection new-connection-mark=isp1-conn-f
in-interface=ether1 log=no log-prefix=""
5 chain=forward action=mark-connection new-connection-mark=isp2-conn-f
in-interface=ether2 log=no log-prefix=""
6 chain=prerouting action=mark-routing new-routing-mark=isp1-route
connection-mark=isp1-conn-f in-interface=bridge1 log=no log-prefix=""
7 chain=prerouting action=mark-routing new-routing-mark=isp2-route
connection-mark=isp2-conn-f in-interface=bridge1 log=no log-prefix=""
/ip route
0 A S dst-address=0.0.0.0/0 gateway=10.0.0.254
gateway-status=10.0.0.254 reachable via ether1 distance=1 scope=30
target-scope=10 routing-mark=isp1-route
1 A S dst-address=0.0.0.0/0 gateway=10.0.1.254
gateway-status=10.0.1.254 reachable via ether2 distance=1 scope=30
target-scope=10 routing-mark=isp2-route
2 A S dst-address=0.0.0.0/0 gateway=10.0.0.254
gateway-status=10.0.0.254 reachable via ether1 distance=1 scope=30
target-scope=10
3 S dst-address=0.0.0.0/0 gateway=10.0.1.254
gateway-status=10.0.1.254 reachable via ether2 distance=2 scope=30
target-scope=10
4 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=ether1
gateway-status=ether1 reachable distance=0 scope=10
5 ADC dst-address=10.0.1.0/24 pref-src=10.0.1.1 gateway=ether2
gateway-status=ether2 reachable distance=0 scope=10
6 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.1 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10
7 ADC dst-address=192.168.10.0/24 pref-src=192.168.10.1 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10
8 ADC dst-address=192.168.20.0/24 pref-src=192.168.20.1 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10