Community discussions

MikroTik App
 
MDG
just joined
Topic Author
Posts: 2
Joined: Fri Jul 24, 2015 2:38 pm

Can someone check this script for errors ?

Mon Jul 27, 2015 2:58 am


/ip address
add address=192.168.1.1/24 interface=LAN
add address=192.168.1.3/24 interface=WAN1
add address=192.168.2.3/24 interface=WAN2


/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=LAN

add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses­-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses­-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses­-and-ports:2/2 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses­-and-ports:2/3 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=LAN action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=LAN action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping
 
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping


/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
 
plisken
Forum Guru
Forum Guru
Posts: 2511
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: Can someone check this script for errors ?

Wed Jul 29, 2015 10:59 am

What routerboard you have?
What will you do with it?
Explain more details please
 
Nova
newbie
Posts: 25
Joined: Mon Aug 04, 2014 3:44 pm
Location: Spain // Germany

Re: Can someone check this script for errors ?

Wed Jul 29, 2015 11:34 am

You should check the wiki:
http://wiki.mikrotik.com/wiki/Manual:PCC
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
I would do:
/ip firewall mangle
add chain=prerouting in-interface=WAN1 connection-mark=no-mark action=mark-connection new-connection-mark=WAN1_conn
add chain=prerouting in-interface=WAN2 connection-mark=no-mark action=mark-connection new-connection-mark=WAN2_conn

I wouldn't add this:
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=LAN

this 2 rules makes nonsense
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses­-and-ports:2/2 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses­-and-ports:2/3 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
10%2 = 0
9%2 = 1
8%2 = 0
7%2 = 1

There is no way possible that any result is 2 or 3.

You should put:
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses­-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses­-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses­-and-ports:4/2 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN per-connection-classifier=both-addresses­-and-ports:4/3 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
The rest seems ok.

Who is online

Users browsing this forum: CGGXANNX and 11 guests