I'm trying to learn policy routing and failover, so I read the pcunite article about a multiwan scenario one more time.
I came up with this setup in my GNS3 to give it a go, study it, and dive deeper into it possibly:
Code: Select all
/interface bridge
add name=BR1 protocol-mode=none
/disk
set slot1 slot=slot1 type=hardware
set slot2 slot=slot2 type=hardware
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=POOL1 ranges=192.168.1.10-192.168.1.20
/ip dhcp-server
add address-pool=POOL1 interface=BR1 name=DHCP1
/port
set 0 name=serial0
/routing table
add disabled=no fib name=ISP1
add disabled=no fib name=ISP2
/interface bridge port
add bridge=BR1 interface=ether3
/ip firewall connection tracking
set loose-tcp-tracking=no
/ip settings
set rp-filter=loose
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=WAN
add interface=BR1 list=LAN
/ip address
add address=10.1.1.2/24 comment=ISP1_Static interface=ether1 network=10.1.1.0
add address=192.168.1.1/24 comment=MyLAN interface=BR1 network=192.168.1.0
/ip dhcp-client
add add-default-route=no comment=ISP2_Monitor interface=ether2 script=":if (\$\
bound=1) do={\r\
\n /ip route set [/ip route find where gateway!=\$\"gateway-address\" and \
comment~\"ISP2_Monitor\"] gateway=\$\"gateway-address\"\r\
\n\t:log info \"ISP2_Monitor gateway updated\";\r\
\n}"
/ip dhcp-server lease
add address=192.168.1.123 client-id=1:0:c:29:c3:55:4b mac-address=\
00:0C:29:C3:55:4B server=DHCP1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=9.9.9.9
/ip firewall mangle
add action=mark-connection chain=prerouting comment=ISP_LIST \
connection-state=new in-interface=ether1 new-connection-mark=WAN1 \
passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1 \
in-interface-list=LAN new-routing-mark=ISP1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new \
in-interface=ether2 new-connection-mark=WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2 \
in-interface-list=LAN new-routing-mark=ISP2 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=\
ether1 new-connection-mark=WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1 new-routing-mark=\
ISP1 passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=\
ether2 new-connection-mark=WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2 new-routing-mark=\
ISP2
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
out-interface-list=WAN
/ip route
add comment=ISP1_Monitor distance=1 dst-address=1.1.1.1 gateway=10.1.1.1 \
scope=10 target-scope=11
add check-gateway=ping comment=ISP1_GW distance=1 dst-address=0.0.0.0/0 \
gateway=1.1.1.1 scope=10 target-scope=12
add comment=ISP1_WAN distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 \
routing-table=ISP1 scope=10 target-scope=12
add comment=ISP2_Monitor distance=3 dst-address=8.8.8.8 gateway=10.2.2.1 \
scope=10 target-scope=11
add check-gateway=ping comment=ISP2_GW distance=3 dst-address=0.0.0.0/0 \
gateway=8.8.8.8 scope=10 target-scope=12
add comment=ISP2_WAN distance=3 dst-address=0.0.0.0/0 gateway=8.8.8.8 \
routing-table=ISP2 scope=10 target-scope=12
/routing rule
add action=lookup-only-in-table dst-address=192.168.1.0/24 table=main
add action=lookup-only-in-table dst-address=192.168.2.0/24 table=main
add src-address=192.168.1.123/32
/system identity
set name=MultiWAN_Router_Example1
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org
/tool romon
set enabled=yes
To make it simple I modified the pcunite Example1.rsc setup. I deleted lined related to ISP3 and ISP4.
However, it seems that I missed something to make it work as expected.
The article says, "Server uses IPS2 only - incoming/outgoing rules". What does it mean exactly? The server goes to internet only via ISP2 (unless failover occurs) and clients from outside connect to the server only via ISP2? Which rules I missed? And what I failed to understand?
Moreover, what is this line for?
Code: Select all
add action=lookup-only-in-table dst-address=192.168.2.0/24 table=main