Answer the question
In order to leave comments, you need to log in
B
B
BiRd992015-11-03 10:04:45
BiRd99, 2015-11-03 10:04:45
Help setting up mikrotika?
Good time of day
The problem consists in distributing flows depending on what interface they got.
at the moment:
LAN 192.168.96.0/21 ISP1
1.1.1.2
gateway 1.1.1.1
ISP2 2.2.2.2 gateway 2.2.2.1
in the subnet 2 gateways 192.168.100.60 (Mikrotik) and 192.168.101.254 (TPlink
)
that if the request arrived at IP 192.168.100.60, then it went to ISP1;
if it went to 192.168.101.254, then to ISP2
and if one provider failed, the requests went to the live provider.
I took this article geektimes.ru/post/186284
as a basis,
but how to correctly mark packets not on the subnet, but on the gateway to which they arrived?
3 answer(s)
@BiRd99
@resetsa
@ifaustrue
B
BiRd99, 2015-11-03 @BiRd99
at the moment
something is not working 
[
#@MikroTik] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-connection new-connection-mark=ISP1_in
passthrough=no dst-address=1.1.1.2 in-interface=ether8 log=no
log-prefix=""
1 chain=output action=mark-routing new-routing-mark=ISP1 passthrough=no
connection-mark=ISP1_in log=no log- prefix=""
2 chain=prerouting action=mark-connection new-connection-mark=ISP2_in
passthrough=no dst-address=2.2.2.2 in-interface=ether7 log=no
log-prefix=""
3 chain=output action= mark-routing new-routing-mark=ISP2 passthrough=no
connection-mark=ISP2_in log=no log-prefix=""
4 chain=prerouting action=mark-routing new-routing-mark=List_liner
passthrough=no src-address-list=List_liner log=no log-prefix=""
5 chain=prerouting action=mark-routing new-routing-mark=TEL passthrough=no
src-address=192.168.100.4 log=no log-prefix=""
6 chain=prerouting action=mark-routing new-routing-mark=LAN passthrough=no
src-address=192.168.96.0/21 log=no log-prefix=""
[#@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action= masquerade out-interface=ether8 log=no log-prefix=""
1 chain=srcnat action=masquerade out-interface=ether7 log=no log-prefix=""
[#@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 AS 0.0.0.0/ 0 1.1.1.1 1
1 S 0.0.0.0/0 2.2.2.1 1
2 S 0.0.0.0/0 2.2.2.1 9
3 AS 0.0.0.0/0 1.1.1.1 10
4 S 0.0.0.0/0 2.2.2.1 10
5 S 0.0.0.0/0 2.2.2.1 11
6 AS 0.0.0.0/0 1.1.1.1 11
7 ADC 1.1.1.0/30 1.1.1.2 ether8 0
8 DC 2.2.2.0/30 2.2.2.2 ether7 255
9 ADC 192.168.96.0/21 192.168.100.60 ether1 0
S
Sergey SA, 2015-11-03 @resetsa
I'm afraid that it is not possible to mark packets depending on "what gateway they came to" (there are simply no fields in the packet to indicate the gate), another question is if the addresses hang on different interfaces - then everything is simple.
but I don’t quite understand why you don’t mark clients on Mikrotik itself?
and so the task is classical, mikrotik and 2 providers.
C
Cool Admin, 2015-11-04 @ifaustrue
I did not immediately understand what your pain is. And what prevents to divide clients on ACL? granting on lists access through one or the second interface? Assign two addresses on it, tp-link to the trash, the traffic will go normally, and use the route policies to sort out who will go through which provider (you will also make a reserve there, by checking the provider's gateway with a ping).
Similar questions
N
V
E
A
C
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question