Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # OUTPUT LOADBALANCE / SERVICE PUBLICATION
- # STATIC IP ADDRESSES
- # [ISP1]
- IP: 1.1.1.1/30
- GW: 1.1.1.2/30
- IFACE: wan0
- # [ISP2]
- IP: 2.2.2.1/30
- GW: 2.2.2.2/30
- IFACE: wan1
- # [INTERNAL]
- NET: 192.168.99.0/24
- GW-MT: 192.168.99.1/24
- IFACE: lan-bridge
- HOST: 192.168.99.100
- PORT: 51234
- # [IFACE-LIST]
- /interface list add comment="userconf: contains wan interfaces" name=wan
- /interface list member add interface=wan1 list=wan
- /interface list member add interface=wan2 list=wan
- # [FIREWALL ADDRESS-LIST]
- # LOCAL-NETWORKS
- /ip firewall address-list add address=192.168.99.0/24 list=alst-LOCAL-NETS
- # [ROUTES]
- # MAIN
- /ip route add dst-address=8.8.8.8/32 gateway=1.1.1.2 comment="wan1::checkgateway" scope=10
- /ip route add dst-address=8.8.4.4/32 gateway=2.2.2.2 comment="wan2::checkgateway" scope=10
- /ip route add dst-address=0.0.0.0/0 gateway=8.8.8.8 comment="main::default" сheck-gateway=ping distance=11
- /ip route add dst-address=0.0.0.0/0 gateway=8.8.4.4 comment="main:default" сheck-gateway=ping distance=15
- # rt-WAN1
- /ip route add dst-address=0.0.0.0/0 gateway=8.8.8.8 routing-mark=rt-wan1 comment="wan1::default" distance=11
- /ip route add dst-address=0.0.0.0/0 gateway=8.8.4.4 routing-mark=rt-wan1 comment="wan1::default" distance=15
- # rt-WAN2
- /ip route add dst-address=0.0.0.0/0 gateway=8.8.8.8 routing-mark=rt-wan2 comment="wan2::default" distance=15
- /ip route add dst-address=0.0.0.0/0 gateway=8.8.4.4 routing-mark=rt-wan2 comment="wan2::default" distance=11
- # [ROUTE RULES]
- /ip route rule add action=lookup dst-address=192.168.99.0/24 table=main
- /ip route rule add action=lookup dst-address=8.8.8.8/32 table=main
- /ip route rule add action=lookup dst-address=8.8.4.4/32 table=main
- /ip route rule add action=lookup-only-in-table src-address=1.1.1.1 dst-address=0.0.0.0/0 table=rt-wan1
- /ip route rule add action=lookup-only-in-table src-address=2.2.2.1 dst-address=0.0.0.0/0 table=rt-wan2
- # [MANGLE]
- # PFWD
- /ip firewall mangle add action=mark-connection chain=prerouting comment="cmark::wan1-in" connection-state=new dst-port=51234 dst-address=1.1.1.1 in-interface=wan0 new-connection-mark=cin-wan1 passthrough=yes
- /ip firewall mangle add action=mark-routing chain=prerouting comment="lan::wan1-in" connection-mark=cin-wan1 new-routing-mark=rt-wan1 passthrough=no
- /ip firewall mangle add action=mark-connection chain=prerouting comment="cmark::wan2-in" connection-state=new dst-port=51234 dst-address=2.2.2.1 in-interface=wan1 new-connection-mark=cin-wan2 passthrough=yes
- /ip firewall mangle add action=mark-routing chain=prerouting comment="lan::wan2-in" connection-mark=cin-wan2 new-routing-mark=rt-wan2 passthrough=no
- # FORWARDING-LOADBALANCE
- /ip firewall mangle add action=mark-connection chain=prerouting comment="cmark::wan1-out" connection-state=new,related dst-address-list=!alst-LOCAL-NETS in-interface=lan-bridge new-connection-mark=cout-wan1 per-connection-classifier=both-address-and-ports:2/0 passthrough=yes
- /ip firewall mangle add action=mark-routing chain=prerouting comment="lan::wan1-out" connection-mark=cout-wan1 new-routing-mark=rt-wan1 passthrough=no
- /ip firewall mangle add action=mark-connection chain=prerouting comment="cmark::wan2-out" connection-state=new,related dst-address-list=!alst-LOCAL-NETS in-interface=lan-bridge new-connection-mark=cout-wan2 per-connection-classifier=both-address-and-ports:2/1 passthrough=yes
- /ip firewall mangle add action=mark-routing chain=prerouting comment="lan::wan2-out" connection-mark=cout-wan2 new-routing-mark=rt-wan2 passthrough=no
- # [NAT]
- # PFWD
- /ip firewall nat add action=dst-nat chain=dstnat comment="pfwd::wan-all" dst-port=51234 in-interface-list=wan protocol=tcp to-addresses=192.168.99.100
- # SRC-NAT
- /ip firewall nat add action=src-nat chain=srcnat comment="src-nat::wan1" out-interface=wan0 to-addresses=1.1.1.1 src-address-list=alst-LOCAL-NETS
- /ip firewall nat add action=src-nat chain=srcnat comment="src-nat::wan2" оut-interface=wan1 to-addresses=2.2.2.1 src-address-list=alst-LOCAL-NETS
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement