More

    RouterOS Dual Wan DNAT

    Source : https://datahunter.org/node/2595/revisions/13095/view

    [1] 額外加兩條 Route

    /ip route
    add check-gateway=ping distance=1 gateway=192.168.88.1 routing-mark=ISP1_Route
    add check-gateway=ping distance=1 gateway=192.168.10.1 routing-mark=ISP2_Route
    

    [2] 用來略過 [3~N] 的 rule (防 loop 死)

    /ip firewall address-list
    add address=192.168.88.0/24 list=Connected
    add address=192.168.10.0/24 list=Connected
    add address=192.168.8.0/24  list=Connected
    /ip firewall mangle
    add action=accept chain=prerouting comment="Connected Network" \
        dst-address-list=Connected src-address-list=Connected

    [3] Wan to ROS

    add action=mark-connection chain=input connection-mark=no-mark \
        in-interface=ISP_1 new-connection-mark=WAN1->ROS passthrough=yes \
        comment=WAN->ROS
    add action=mark-connection chain=input connection-mark=no-mark \
        in-interface=ISP_2 new-connection-mark=WAN2->ROS passthrough=yes
    add action=mark-routing chain=output connection-mark=WAN1->ROS \
        new-routing-mark=ISP1_Route passthrough=yes
    add action=mark-routing chain=output connection-mark=WAN2->ROS \
        new-routing-mark=ISP2_Route passthrough=yes

    [4] Wan to Lan (For DNAT)

    add action=mark-connection chain=forward connection-mark=no-mark \
        in-interface=ISP_1 new-connection-mark=WAN1->LAN passthrough=yes \
        comment=WAN->LAN
    add action=mark-connection chain=forward connection-mark=no-mark \
        in-interface=ISP_2 new-connection-mark=WAN2->LAN passthrough=yes
    add action=mark-routing chain=prerouting connection-mark=WAN1->LAN \
        in-interface=LAN new-routing-mark=ISP1_Route passthrough=yes
    add action=mark-routing chain=prerouting connection-mark=WAN2->LAN \
        in-interface=LAN new-routing-mark=ISP2_Route passthrough=yes

     

    Recent Articles

    spot_img

    Related Stories

    Stay on op - Ge the daily news in your inbox