API tools faq
paste
Advertisement
sa_drug

[MT]: Multiwan static

sa_drug
May 2nd, 2019
435
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 3.73 KB | None | 0 0
raw download clone embed print report
  1. # OUTPUT LOADBALANCE / SERVICE PUBLICATION
  2. # STATIC IP ADDRESSES
  3.  
  4. # [ISP1]
  5. IP: 1.1.1.1/30
  6. GW: 1.1.1.2/30
  7. IFACE: wan0
  8.  
  9. # [ISP2]
  10. IP: 2.2.2.1/30
  11. GW: 2.2.2.2/30
  12. IFACE: wan1
  13.  
  14. # [INTERNAL]
  15. NET: 192.168.99.0/24
  16. GW-MT: 192.168.99.1/24
  17. IFACE: lan-bridge
  18. HOST: 192.168.99.100
  19. PORT: 51234
  20.  
  21. # [IFACE-LIST]
  22. /interface list add comment="userconf: contains wan interfaces" name=wan
  23. /interface list member add interface=wan1 list=wan
  24. /interface list member add interface=wan2 list=wan
  25.  
  26. # [FIREWALL ADDRESS-LIST]
  27. # LOCAL-NETWORKS
  28. /ip firewall address-list add address=192.168.99.0/24 list=alst-LOCAL-NETS
  29.  
  30. # [ROUTES]
  31. # MAIN
  32. /ip route add dst-address=8.8.8.8/32 gateway=1.1.1.2 comment="wan1::checkgateway" scope=10
  33. /ip route add dst-address=8.8.4.4/32 gateway=2.2.2.2 comment="wan2::checkgateway" scope=10
  34. /ip route add dst-address=0.0.0.0/0 gateway=8.8.8.8 comment="main::default" сheck-gateway=ping distance=11
  35. /ip route add dst-address=0.0.0.0/0 gateway=8.8.4.4 comment="main:default" сheck-gateway=ping distance=15
  36. # rt-WAN1
  37. /ip route add dst-address=0.0.0.0/0 gateway=8.8.8.8 routing-mark=rt-wan1 comment="wan1::default" distance=11
  38. /ip route add dst-address=0.0.0.0/0 gateway=8.8.4.4 routing-mark=rt-wan1 comment="wan1::default" distance=15
  39. # rt-WAN2
  40. /ip route add dst-address=0.0.0.0/0 gateway=8.8.8.8 routing-mark=rt-wan2 comment="wan2::default" distance=15
  41. /ip route add dst-address=0.0.0.0/0 gateway=8.8.4.4 routing-mark=rt-wan2 comment="wan2::default" distance=11
  42.  
  43. # [ROUTE RULES]
  44. /ip route rule add action=lookup dst-address=192.168.99.0/24 table=main
  45. /ip route rule add action=lookup dst-address=8.8.8.8/32 table=main
  46. /ip route rule add action=lookup dst-address=8.8.4.4/32 table=main
  47. /ip route rule add action=lookup-only-in-table src-address=1.1.1.1 dst-address=0.0.0.0/0 table=rt-wan1
  48. /ip route rule add action=lookup-only-in-table src-address=2.2.2.1 dst-address=0.0.0.0/0 table=rt-wan2
  49.  
  50. # [MANGLE]
  51. # PFWD
  52. /ip firewall mangle add action=mark-connection chain=prerouting comment="cmark::wan1-in" connection-state=new dst-port=51234 dst-address=1.1.1.1 in-interface=wan0 new-connection-mark=cin-wan1 passthrough=yes
  53. /ip firewall mangle add action=mark-routing chain=prerouting comment="lan::wan1-in" connection-mark=cin-wan1 new-routing-mark=rt-wan1 passthrough=no
  54. /ip firewall mangle add action=mark-connection chain=prerouting comment="cmark::wan2-in" connection-state=new dst-port=51234 dst-address=2.2.2.1 in-interface=wan1 new-connection-mark=cin-wan2 passthrough=yes
  55. /ip firewall mangle add action=mark-routing chain=prerouting comment="lan::wan2-in" connection-mark=cin-wan2 new-routing-mark=rt-wan2 passthrough=no
  56.  
  57. # FORWARDING-LOADBALANCE
  58. /ip firewall mangle add action=mark-connection chain=prerouting comment="cmark::wan1-out" connection-state=new,related dst-address-list=!alst-LOCAL-NETS in-interface=lan-bridge new-connection-mark=cout-wan1 per-connection-classifier=both-address-and-ports:2/0 passthrough=yes
  59. /ip firewall mangle add action=mark-routing chain=prerouting comment="lan::wan1-out" connection-mark=cout-wan1 new-routing-mark=rt-wan1 passthrough=no
  60. /ip firewall mangle add action=mark-connection chain=prerouting comment="cmark::wan2-out" connection-state=new,related dst-address-list=!alst-LOCAL-NETS in-interface=lan-bridge new-connection-mark=cout-wan2 per-connection-classifier=both-address-and-ports:2/1 passthrough=yes
  61. /ip firewall mangle add action=mark-routing chain=prerouting comment="lan::wan2-out" connection-mark=cout-wan2 new-routing-mark=rt-wan2 passthrough=no
  62.  
  63. # [NAT]
  64. # PFWD
  65. /ip firewall nat add action=dst-nat chain=dstnat comment="pfwd::wan-all" dst-port=51234 in-interface-list=wan protocol=tcp to-addresses=192.168.99.100
  66. # SRC-NAT
  67. /ip firewall nat add action=src-nat chain=srcnat comment="src-nat::wan1" out-interface=wan0 to-addresses=1.1.1.1 src-address-list=alst-LOCAL-NETS
  68. /ip firewall nat add action=src-nat chain=srcnat comment="src-nat::wan2" оut-interface=wan1 to-addresses=2.2.2.1 src-address-list=alst-LOCAL-NETS
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!