More

    RouterOS Dual Wan FailOver

    Source : https://datahunter.org/node/2595/revisions/13095/view

    Step1: 為 NIC 改合適的名稱

    /interface ethernet
    set [ find default-name=ether1 ] comment=WTT   name=ISP_1
    set [ find default-name=ether2 ] comment=HKBN  name=ISP_2
    set [ find default-name=ether5 ] arp=proxy-arp name=LAN

    Step2: 把 Wan Port 歸類

    /interface list
    add name=WAN
    /interface list member
    add interface=ISP_1 list=WAN
    add interface=ISP_2 list=WAN

    Step3: 為 NIC 設定 IP

    LAN

    /ip address
    add address=192.168.8.1/24 interface=LAN network=192.168.8.0

    ISP1 (DHCP)

    /ip dhcp-client
    add default-route-distance=254 interface=ISP_1

    ISP2 (Static IP)

    /ip address
    add address=10.10.10.101/24 interface=ISP_2 network=10.10.10.0

    Step4: Route

    /ip route
    add distance=12 gateway=10.10.10.1

    Step5: 應有的 Filter Rule

    /ip firewall filter
    add action=fasttrack-connection chain=forward
    add action=accept chain=input protocol=icmp comment="#### allow ping #####"
    add action=accept chain=forward connection-state=established,related comment="#### First ####"
    add action=drop   chain=forward connection-state=invalid
    add action=accept chain=input   connection-state=established,related
    add action=drop   chain=input   connection-state=invalid
    add action=accept chain=input   in-interface=LAN comment="#### LAN ####"
    add action=accept chain=forward in-interface=LAN
    add action=drop chain=input   in-interface-list=WAN comment="#### LAST ####"
    add action=drop chain=forward in-interface-list=WAN

    Step6: WTT FailOver rule (因為它是 DHCP, 所以要用 ‘/routing filter’ 設定 ‘check-gateway’ )

    /routing filter
    add action=accept chain=dynamic-in distance=254 set-check-gateway=ping \
        set-distance=11

    Step7: 上網 NAT

    /ip firewall address-list
    add address=192.168.8.0/24 list=LAN
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface-list=WAN src-address-list=LAN comment="Internet NAT"
    

    Step8: DNAT

    /ip firewall filter
    add action=accept chain=forward comment=NAT dst-port=55555 protocol=tcp
    /ip firewall nat
    add action=dst-nat chain=dstnat dst-port=55555 protocol=tcp to-addresses=\
        192.168.8.2 to-ports=55555

    Recent Articles

    spot_img

    Related Stories

    Stay on op - Ge the daily news in your inbox