Hi
I'm trying to learn policy routing and failover, so I read the pcunite article about a multiwan scenario one more time.
I came up with this setup in my GNS3 to give it a go, study it, and dive deeper into it possibly:
![Image]()
To make it simple I modified the pcunite Example1.rsc setup. I deleted lined related to ISP3 and ISP4.
However, it seems that I missed something to make it work as expected.
The article says, "Server uses IPS2 only - incoming/outgoing rules". What does it mean exactly? The server goes to internet only via ISP2 (unless failover occurs) and clients from outside connect to the server only via ISP2? Which rules I missed? And what I failed to understand?
Moreover, what is this line for?Could you help me make completely sense of it and come up with a working setup? Thanks
I'm trying to learn policy routing and failover, so I read the pcunite article about a multiwan scenario one more time.
I came up with this setup in my GNS3 to give it a go, study it, and dive deeper into it possibly:
Code:
/interface bridgeadd name=BR1 protocol-mode=none/diskset slot1 slot=slot1 type=hardwareset slot2 slot=slot2 type=hardware/interface listadd name=WANadd name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=POOL1 ranges=192.168.1.10-192.168.1.20/ip dhcp-serveradd address-pool=POOL1 interface=BR1 name=DHCP1/portset 0 name=serial0/routing tableadd disabled=no fib name=ISP1add disabled=no fib name=ISP2/interface bridge portadd bridge=BR1 interface=ether3/ip firewall connection trackingset loose-tcp-tracking=no/ip settingsset rp-filter=loose/interface list memberadd interface=ether1 list=WANadd interface=ether2 list=WANadd interface=BR1 list=LAN/ip addressadd address=10.1.1.2/24 comment=ISP1_Static interface=ether1 network=10.1.1.0add address=192.168.1.1/24 comment=MyLAN interface=BR1 network=192.168.1.0/ip dhcp-clientadd add-default-route=no comment=ISP2_Monitor interface=ether2 script=":if (\$\ bound=1) do={\r\ \n /ip route set [/ip route find where gateway!=\$\"gateway-address\" and \ comment~\"ISP2_Monitor\"] gateway=\$\"gateway-address\"\r\ \n\t:log info \"ISP2_Monitor gateway updated\";\r\ \n}"/ip dhcp-server leaseadd address=192.168.1.123 client-id=1:0:c:29:c3:55:4b mac-address=\ 00:0C:29:C3:55:4B server=DHCP1/ip dhcp-server networkadd address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1/ip dnsset allow-remote-requests=yes servers=9.9.9.9/ip firewall mangleadd action=mark-connection chain=prerouting comment=ISP_LIST \ connection-state=new in-interface=ether1 new-connection-mark=WAN1 \ passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN1 \ in-interface-list=LAN new-routing-mark=ISP1 passthrough=yesadd action=mark-connection chain=prerouting connection-state=new \ in-interface=ether2 new-connection-mark=WAN2 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN2 \ in-interface-list=LAN new-routing-mark=ISP2 passthrough=yesadd action=mark-connection chain=input connection-state=new in-interface=\ ether1 new-connection-mark=WAN1 passthrough=yesadd action=mark-routing chain=output connection-mark=WAN1 new-routing-mark=\ ISP1 passthrough=yesadd action=mark-connection chain=input connection-state=new in-interface=\ ether2 new-connection-mark=WAN2 passthrough=yesadd action=mark-routing chain=output connection-mark=WAN2 new-routing-mark=\ ISP2/ip firewall natadd action=masquerade chain=srcnat comment="Default masquerade" \ out-interface-list=WAN/ip routeadd comment=ISP1_Monitor distance=1 dst-address=1.1.1.1 gateway=10.1.1.1 \ scope=10 target-scope=11add check-gateway=ping comment=ISP1_GW distance=1 dst-address=0.0.0.0/0 \ gateway=1.1.1.1 scope=10 target-scope=12add comment=ISP1_WAN distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ routing-table=ISP1 scope=10 target-scope=12add comment=ISP2_Monitor distance=3 dst-address=8.8.8.8 gateway=10.2.2.1 \ scope=10 target-scope=11add check-gateway=ping comment=ISP2_GW distance=3 dst-address=0.0.0.0/0 \ gateway=8.8.8.8 scope=10 target-scope=12add comment=ISP2_WAN distance=3 dst-address=0.0.0.0/0 gateway=8.8.8.8 \ routing-table=ISP2 scope=10 target-scope=12/routing ruleadd action=lookup-only-in-table dst-address=192.168.1.0/24 table=mainadd action=lookup-only-in-table dst-address=192.168.2.0/24 table=mainadd src-address=192.168.1.123/32/system identityset name=MultiWAN_Router_Example1/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=pool.ntp.org/tool romonset enabled=yesTo make it simple I modified the pcunite Example1.rsc setup. I deleted lined related to ISP3 and ISP4.
However, it seems that I missed something to make it work as expected.
The article says, "Server uses IPS2 only - incoming/outgoing rules". What does it mean exactly? The server goes to internet only via ISP2 (unless failover occurs) and clients from outside connect to the server only via ISP2? Which rules I missed? And what I failed to understand?
Moreover, what is this line for?
Code:
add action=lookup-only-in-table dst-address=192.168.2.0/24 table=mainStatistics: Posted by broderick — Fri Feb 09, 2024 9:50 pm