Community discussions

MikroTik App
  4. RouterOS
  5. General

Dual ISP Routing

Post Reply
 
ebernardo
just joined
Topic Author
Posts: 9
Joined: Wed Mar 23, 2016 2:52 am
Location: Brazil
Contact:
Contact ebernardo

Dual ISP Routing

Wed Jul 06, 2016 8:00 pm

Hello,

I have the following network that is almost working, the internal network blocks are going trough the route mark and redirected to the ISP gateway, i made a few exclusions for now but it isnt quite right for me i´d like to know if theres a better way to do it.

A few connections that are destined for the ISP gateway are not being marked and also i can´t get to acess the internal servers.
Currently i disabled the forward firewall which i also would like to know if i should enable . To protect the clientes internal network.

Thanks!

I have the following routers and switchs

3 x CCR1016-12S-1S+ for internet
1 x CRS125-24G-1S-RM for backbone, voip, access control and server
2 x CRS212-1G-10S-1S+-IN for CFTV
10 x RB260GS for client access with vlan 100 on port 1, vlan 110 on port 2, vlan 200 on port 3, and sfp as trunk
10 x RB260GS for CFTV with vlan 400 on port 1-4, and SFP as trunk

1 x ISP on sfp1 on main router with a /28 block provided trough a gpon vlan on a S-RJ01 interface
1 x ISP on sfp2 on main router with a /29 block provided trough a isp provided module trough a vlan on a /31 address

The network is as follows:

vlan 100 for ISP1
vlan 110 for ISP2
vlan 200 for NAT
vlan 300 for VoIP
vlan 400 for Câmeras
I intend to create a vlan 99 for management to access trough a few ports and vpn access.

This is the main router configuration export:
Code: Select all
/interface bridge
add name=Bridge-ISP1
add name=Bridge-CFTV
add name=Bridge-Core
add name=Bridge-ISP2
add name=Bridge-NAT
add name=Bridge-VoIP
add name=Loopback

/interface ethernet
set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="ISP1" l2mtu=2048 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="ISP2" l2mtu=2048 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="ISP3" l2mtu=2048 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="ISP4" l2mtu=2048 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp5 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=2048 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp6 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=2048 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp7 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=2048 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=2048 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=2048 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=CRS125-24G-1S-RM l2mtu=2048 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp11 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="Left Side" l2mtu=2048 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp12 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="Right Side" l2mtu=2048 rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfpplus1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=2048 rx-flow-control=auto tx-flow-control=auto

/interface vlan
add interface=sfp6 name=CFTV-1 vlan-id=400
add interface=sfp7 name=CFTV-2 vlan-id=400
add interface=sfp10 name=CFTV-CRS vlan-id=400
add interface=sfp12 name=CFTV-DIR vlan-id=400
add interface=sfp11 name=CFTV-ESQ vlan-id=400
add interface=sfp7 name=Core-ISP2 vlan-id=110
add interface=sfp12 name=Fixo-DIR-ISP1 vlan-id=100
add interface=sfp12 name=Fixo-DIR-ISP2 vlan-id=110
add interface=sfp11 name=Fixo-ESQ-ISP1 vlan-id=100
add interface=sfp11 name=Fixo-ESQ-ISP2 vlan-id=110
add interface=sfp2 name=ISP2-2450 vlan-id=2450
add interface=sfp10 name=NAT-CRS vlan-id=200
add interface=sfp11 name=NAT-ESQ vlan-id=200
add interface=sfp6 name=VoIP-1 vlan-id=300
add interface=sfp7 name=VoIP-2 vlan-id=300
add interface=sfp10 name=VoIP-CRS vlan-id=300
add interface=sfp12 name=VoIP-DIR vlan-id=300
add interface=sfp11 name=VoIP-ESQ vlan-id=300

/ip neighbor discovery
set CFTV-1 discover=no
set CFTV-2 discover=no
set CFTV-CRS discover=no
set CFTV-DIR discover=no
set CFTV-ESQ discover=no
set Core-ISP2 discover=no
set Fixo-DIR-ISP1 discover=no
set Fixo-ESQ-ISP1 discover=no
set VoIP-1 discover=no
set VoIP-2 discover=no
set VoIP-CRS discover=no
set VoIP-DIR discover=no
set VoIP-ESQ discover=no

/ip pool
add name=VPN ranges=172.25.7.2-172.25.7.5
add name=VoIP ranges=172.25.3.1-172.25.3.61
add name=CFTV ranges=172.25.4.1-172.25.4.61

/ip dhcp-server
add add-arp=yes address-pool=VoIP bootp-lease-time=lease-time bootp-support=dynamic disabled=no interface=Bridge-VoIP lease-time=1d name=VoIP
add add-arp=yes address-pool=CFTV disabled=no interface=Bridge-CFTV lease-time=1d name=CFTV

/ppp profile
add change-tcp-mss=yes local-address=172.25.7.1 name=VPN-SSTP only-one=no remote-address=VPN

/queue type
add kind=pfifo name=ISP1_Up pfifo-limit=300
add kind=pfifo name=ISP1_Down pfifo-limit=400
add kind=pfifo name=Down
add kind=pfifo name=UP pfifo-limit=20
add kind=pfifo name=ISP2_Down pfifo-limit=400
add kind=pfifo name=ISP2_Up pfifo-limit=300
set 15 pfifo-limit=1000

/queue tree
add limit-at=50M max-limit=70M name="ISP1" parent=global priority=1 queue=ISP1_Down
add limit-at=50M max-limit=70M name="ISP1 Upload" parent=global priority=1 queue=ISP1_Up
add limit-at=1M max-limit=3M name=G06-Download packet-mark=G06-Down parent="ISP1 Download" priority=2 queue=Down
add limit-at=1M max-limit=3M name=G06-Upload packet-mark=G06-Up parent="ISP1 Upload" priority=2 queue=UP
add limit-at=10M max-limit=30M name=G07-Download packet-mark=G07-Down parent="ISP1 Download" priority=2 queue=Down
add limit-at=10M max-limit=30M name=G07-Upload packet-mark=G07-Up parent="ISP1 Upload" priority=2 queue=UP
add limit-at=5M max-limit=15M name=G01-Download packet-mark=G01-Down parent="ISP1 Download" priority=2 queue=Down
add limit-at=5M max-limit=15M name=G01-Upload packet-mark=G01-Up parent="ISP1 Upload" priority=2 queue=UP
add limit-at=5M max-limit=15M name=G02-Download packet-mark=G02-Down parent="ISP1 Download" priority=2 queue=Down
add limit-at=5M max-limit=15M name=G02-Upload packet-mark=G02-Up parent="ISP1 Upload" priority=2 queue=UP
add limit-at=5M max-limit=15M name=G03-Upload packet-mark=G03-Up parent="ISP1 Upload" priority=2 queue=UP
add limit-at=5M max-limit=15M name=G04-Upload packet-mark=G04-Up parent="ISP1 Upload" priority=2 queue=UP
add limit-at=5M max-limit=15M name=G05-Upload packet-mark=G05-Up parent="ISP1 Upload" priority=2 queue=UP
add limit-at=5M max-limit=15M name=G08-Upload packet-mark=G08-Up parent="ISP1 Upload" priority=2 queue=UP
add limit-at=5M max-limit=15M name=G15-Upload packet-mark=G15-Up parent="ISP1 Upload" priority=2 queue=UP
add limit-at=5M max-limit=15M name=G11-Upload packet-mark=G11-Up parent="ISP1 Upload" priority=2 queue=UP
add limit-at=5M max-limit=15M name=G18-Upload packet-mark=G18-Up parent="ISP1 Upload" priority=2 queue=UP
add limit-at=5M max-limit=15M name=G03-Download packet-mark=G03-Down parent="ISP1 Download" priority=2 queue=Down
add limit-at=5M max-limit=15M name=G04-Download packet-mark=G04-Down parent="ISP1 Download" priority=2 queue=Down
add limit-at=5M max-limit=15M name=G05-Download packet-mark=G05-Down parent="ISP1 Download" priority=2 queue=Down
add limit-at=5M max-limit=15M name=G08-Download packet-mark=G08-Down parent="ISP1 Download" priority=2 queue=Down
add limit-at=5M max-limit=15M name=G11-Download packet-mark=G11-Down parent="ISP1 Download" priority=2 queue=Down
add limit-at=5M max-limit=15M name=G15-Download packet-mark=G15-Down parent="ISP1 Download" priority=2 queue=Down
add limit-at=5M max-limit=15M name=G18-Download packet-mark=G18-Down parent="ISP1 Download" priority=2 queue=Down
add limit-at=35M max-limit=50M name=ISP2-Download parent=global priority=1 queue=ISP2_Down
add limit-at=35M max-limit=50M name=ISP2-Upload parent=global priority=1 queue=ISP2_Up
add limit-at=5M max-limit=6M name=177.43.x.x-Down packet-mark=ISP2-147-Down parent=ISP2-Download priority=2 queue=Down
add limit-at=5M max-limit=6M name=177.43.x.x-Up packet-mark=ISP2-147-Up parent=ISP2-Upload priority=2 queue=UP
add limit-at=5M max-limit=6M name=177.43.x.x-Down packet-mark=ISP2-148-Down parent=ISP2-Download priority=2 queue=Down
add limit-at=5M max-limit=6M name=177.43.x.x-Down packet-mark=ISP2-149-Down parent=ISP2-Download priority=2 queue=Down
add limit-at=5M max-limit=6M name=177.43.x.x-Down packet-mark=ISP2-150-Down parent=ISP2-Download priority=2 queue=Down
add limit-at=5M max-limit=6M name=177.43.x.x-Up packet-mark=ISP2-148-Up parent=ISP2-Upload priority=2 queue=UP
add limit-at=5M max-limit=6M name=177.43.x.x-Up packet-mark=ISP2-149-Up parent=ISP2-Upload priority=2 queue=UP
add limit-at=5M max-limit=6M name=177.43.x.x-Up packet-mark=ISP2-150-Up parent=ISP2-Upload priority=2 queue=UP
add limit-at=5M max-limit=15M name=G10-Download packet-mark=G10-Down parent="ISP1 Download" priority=2 queue=Down
add limit-at=5M max-limit=15M name=G10-Upload packet-mark=G10-Up parent="ISP1 Upload" priority=2 queue=UP
add limit-at=5M max-limit=6M name=177.43.x.x-Down packet-mark=ISP2-146-Down parent=ISP2-Download priority=2 queue=Down
add limit-at=5M max-limit=6M name=177.43.x.x-Up packet-mark=ISP2-146-Up parent=ISP2-Upload priority=2 queue=UP
add limit-at=5M max-limit=6M name=G11_Down packet-mark=G11-Down_ISP2 parent=ISP2-Download priority=2 queue=Down
add limit-at=5M max-limit=6M name=G11_Up packet-mark=G11-Up_ISP2 parent=ISP2-Upload priority=2 queue=UP
add name=177.43.x.x-Down packet-mark=ISP2-145-Down parent=ISP2-Download priority=2 queue=Down
add name=177.43.x.x-Up packet-mark=ISP2-145-Up parent=ISP2-Upload priority=2 queue=UP
add limit-at=5M max-limit=15M name=G00-Download packet-mark=Condominio-DOWN parent="ISP1 Download" priority=7 queue=Down
add name=G00-Upload packet-mark=Condominio-UP parent="ISP1 Upload" priority=7 queue=UP

/routing ospf area
add area-id=0.0.0.1 name=CD-CO-PRI
/routing ospf instance
set [ find default=yes ] distribute-default=always-as-type-1 redistribute-connected=as-type-1 router-id=172.25.254.254

/snmp community
set [ find default=yes ] addresses=172.25.0.0/22 name=Dinamarca

/system logging action
set 3 remote=172.25.0.20
add name=Dude remote=172.25.0.20 target=remote

/interface bridge port
add bridge=Bridge-Core interface=sfp6
add bridge=Bridge-Core interface=sfp7
add bridge=Bridge-ISP1 interface=sfp1
add bridge=Bridge-ISP1 interface=Fixo-DIR-ISP1
add bridge=Bridge-VoIP interface=VoIP-1
add bridge=Bridge-VoIP interface=VoIP-2
add bridge=Bridge-VoIP interface=VoIP-DIR
add bridge=Bridge-VoIP interface=VoIP-ESQ
add bridge=Bridge-ISP1 interface=Fixo-ESQ-ISP1
add bridge=Bridge-VoIP interface=VoIP-CRS
add bridge=Bridge-ISP2 interface=Fixo-DIR-ISP2
add bridge=Bridge-ISP2 interface=Fixo-ESQ-ISP2
add bridge=Bridge-ISP2 interface=Core-ISP2
add bridge=Bridge-CFTV interface=CFTV-CRS
add bridge=Bridge-CFTV interface=CFTV-DIR
add bridge=Bridge-CFTV interface=CFTV-ESQ
add bridge=Bridge-CFTV interface=CFTV-1
add bridge=Bridge-CFTV interface=CFTV-2
add bridge=Bridge-NAT interface=NAT-ESQ
add bridge=Bridge-NAT interface=NAT-CRS

/interface bridge settings
set use-ip-firewall=yes

/interface l2tp-server server
set enabled=yes

/interface sstp-server server
set authentication=mschap2 certificate=Dinamarca default-profile=VPN-SSTP enabled=yes max-mru=1500 max-mtu=1500

/ip address
add address=172.25.0.62/26 interface=Bridge-Core network=172.25.0.0
add address=172.25.25.249/30 interface=sfp12 network=172.25.25.248
add address=172.25.25.253/30 interface=sfp11 network=172.25.25.252
add address=172.25.254.254 interface=Loopback network=172.25.254.254
add address=186.225.x.x/28 interface=Bridge-ISP1 network=186.225.x.x
add address=172.25.25.245/30 interface=sfp10 network=172.25.25.244
add address=177.43.x.x/29 interface=Bridge-ISP2 network=177.43.x.x
add address=172.25.3.62/26 interface=Bridge-VoIP network=172.25.3.0
add address=172.25.4.62/26 interface=Bridge-CFTV network=172.25.4.0
add address=177.19.x.x interface=ISP2-2450 network=177.19.x.x

/ip cloud
set ddns-enabled=yes

/ip dhcp-server lease
add address=172.25.3.61 mac-address=00:0C:29:65:1B:04 server=VoIP
add address=172.25.3.60 always-broadcast=yes mac-address=00:0C:29:96:A0:D1 server=VoIP
add address=172.25.3.2 mac-address=00:0B:82:74:FA:3F server=VoIP
add address=172.25.3.59 mac-address=4C:5E:0C:74:77:C6 server=VoIP
add address=172.25.3.1 comment=VoIP mac-address=00:1F:D0:01:2A:94 server=VoIP
add address=172.25.3.58 mac-address=90:94:E4:D3:87:EB server=VoIP
add address=172.25.4.1 comment=CFTV mac-address=8C:E7:48:6B:60:52 server=CFTV
add address=172.25.4.45 comment=Poste_E03 mac-address=4C:5E:0C:F5:40:B4 server=CFTV
add address=172.25.4.40 comment=Poste_D01 mac-address=4C:5E:0C:F5:40:5A server=CFTV
add address=172.25.4.44 comment=Poste_D03 mac-address=4C:5E:0C:F5:42:74 server=CFTV
add address=172.25.4.51 comment=Poste_E06 mac-address=4C:5E:0C:F5:42:59 server=CFTV
add address=172.25.4.42 comment=Poste_D02 mac-address=4C:5E:0C:F5:43:4A server=CFTV
add address=172.25.4.43 comment=Poste_E02 mac-address=4C:5E:0C:F5:42:6A server=CFTV
add address=172.25.4.47 comment=Poste_E04 mac-address=4C:5E:0C:F5:43:4C server=CFTV
add address=172.25.4.52 comment=Poste_D07 mac-address=4C:5E:0C:F5:42:54 server=CFTV
add address=172.25.4.53 comment=Poste_E07 mac-address=4C:5E:0C:F5:42:60 server=CFTV
add address=172.25.4.41 comment=Poste_E01 mac-address=4C:5E:0C:F5:42:C4 server=CFTV
add address=172.25.4.48 comment=Poste_D05 mac-address=4C:5E:0C:F5:42:63 server=CFTV
add address=172.25.4.5 mac-address=44:19:B6:4F:EB:82 server=CFTV
add address=172.25.4.4 mac-address=44:19:B6:56:B5:C8 server=CFTV
add address=172.25.4.6 mac-address=44:19:B6:4F:F4:80 server=CFTV
add address=172.25.4.7 mac-address=44:19:B6:4F:EB:22 server=CFTV
add address=172.25.4.27 mac-address=44:19:B6:4F:E9:E3 server=CFTV
add address=172.25.4.26 mac-address=44:19:B6:4F:ED:64 server=CFTV
add address=172.25.4.12 mac-address=44:19:B6:56:B5:4D server=CFTV
add address=172.25.4.13 mac-address=44:19:B6:4F:EE:90 server=CFTV
add address=172.25.4.33 mac-address=44:19:B6:55:86:FB server=CFTV
add address=172.25.4.32 mac-address=44:19:B6:4F:EB:23 server=CFTV
add address=172.25.4.20 mac-address=C4:2F:90:E8:BC:A1 server=CFTV
add address=172.25.4.21 mac-address=C4:2F:90:E8:BC:B0 server=CFTV
add address=172.25.4.34 always-broadcast=yes mac-address=08:9E:01:E4:3D:A4 server=CFTV
add address=172.25.4.11 mac-address=C4:2F:90:E8:BC:0C server=CFTV
add address=172.25.4.10 mac-address=C4:2F:90:E8:BB:9B server=CFTV
add address=172.25.4.25 mac-address=C4:2F:90:E8:BB:A8 server=CFTV
add address=172.25.4.24 mac-address=C4:2F:90:E8:BC:7A server=CFTV
add address=172.25.4.17 mac-address=C4:2F:90:E8:BB:B1 server=CFTV
add address=172.25.4.16 mac-address=C4:2F:90:E8:BC:BA server=CFTV
add address=172.25.4.23 mac-address=C4:2F:90:E8:BC:8A server=CFTV
add address=172.25.4.22 mac-address=C4:2F:90:E8:BC:5A server=CFTV
add address=172.25.4.9 mac-address=C4:2F:90:E8:BC:9E server=CFTV
add address=172.25.4.8 mac-address=C4:2F:90:E8:BC:6D server=CFTV
add address=172.25.4.18 mac-address=C4:2F:90:E8:BB:ED server=CFTV
add address=172.25.4.19 mac-address=C4:2F:90:E8:BC:68 server=CFTV
add address=172.25.4.14 mac-address=C4:2F:90:E8:BC:58 server=CFTV
add address=172.25.4.15 mac-address=C4:2F:90:E8:BC:6F server=CFTV
add address=172.25.4.49 comment=Poste_E05 mac-address=4C:5E:0C:F5:23:CB server=CFTV
add address=172.25.4.50 comment=Poste_D06 mac-address=4C:5E:0C:F5:23:1C server=CFTV
add address=172.25.4.46 comment=Poste_D04 mac-address=4C:5E:0C:BE:C0:C3 server=CFTV
add address=172.25.4.59 comment=Poste_R03 mac-address=4C:5E:0C:F5:40:B3 server=CFTV
add address=172.25.4.56 comment=Poste_D09 mac-address=4C:5E:0C:F5:43:50 server=CFTV
add address=172.25.4.2 always-broadcast=yes mac-address=44:19:B6:43:F8:48 server=CFTV
add address=172.25.4.3 always-broadcast=yes mac-address=44:19:B6:43:F8:47 server=CFTV

/ip dhcp-server network
add address=172.25.3.0/26 dns-server=172.25.3.62 gateway=172.25.3.62
add address=172.25.4.0/26 dns-server=172.25.4.62 gateway=172.25.4.62

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip firewall address-list
add address=172.25.0.0/26 list="Rede Interna"
add address=172.25.1.0/26 list="Rede Interna"
add address=172.25.2.0/26 list="Rede Interna"
add address=172.25.3.0/26 list="Rede Interna"
add address=172.25.7.0/29 list="Rede Interna"
add address=172.25.4.0/26 list="Rede Interna"
add address=186.225.x.x list=Dude
add address=177.43.x.x list=Dude
add address=172.25.25.0/24 list="Rede Interna"
add address=177.19.x.x list=Dude
add address=172.25.2.57 disabled=yes list=NAT_ISP2
add address=172.25.1.20 list=Condominio
add address=172.25.4.1 list=Condominio
add address=172.25.25.246 list=Condominio
add address=172.25.25.250 list=Condominio
add address=172.25.25.254 list=Condominio
add address=172.25.4.60 list=Condominio
add address=172.25.4.61 list=Condominio
add address=172.25.3.60 list=Condominio
add address=172.25.4.34 list=Condominio
add address=186.225.x.x list=Reserva
add address=186.225.x.x list=Reserva
add address=186.225.x.x list=Reserva
add address=186.225.x.x list=Reserva
add address=186.225.x.x list=Reserva
add address=186.225.x.x list=Reserva
add address=186.225.x.x list=Reserva
add address=186.225.x.x list=Reserva
add address=186.225.x.x list=Reserva
add address=186.225.x.x list=Reserva
add address=177.43.x.x/28 list=SIP
add address=186.225.x.x/28 list=SIP
add address=186.250.x.x list=SIP
add address=186.250.x.x list=SIP
add address=177.125.x.x list=SIP
add address=186.250.x.x list=SIP
add address=186.233.x.x list=SIP
add address=172.25.0.0/26 list=Rede
add address=172.25.1.0/26 list=Rede
add address=172.25.2.0/26 list=Rede
add address=172.25.3.0/26 list=Rede
add address=172.25.4.0/26 list=Rede
add address=172.25.7.0/29 list=Rede
add address=172.25.25.0/24 list=Rede
add address=177.43.x.x/28 list=Rede
add address=186.225.x.x/28 list=Rede
add address=186.250.x.x list=SIP
add address=177.43.x.x list=Dude
add address=186.250.x.x list=SIP

/ip firewall filter
add chain=input comment="Firewall Input" connection-state=established,related
add action=drop chain=input connection-state=invalid
add chain=input comment="Libera WinBOX" dst-port=8291 protocol=tcp
add chain=input comment="Libera SSTP" dst-port=443 protocol=tcp
add chain=input src-address-list=Rede
add action=drop chain=input
add chain=forward comment="Firewall Forward" connection-state=established,related disabled=yes
add action=drop chain=forward connection-state=invalid disabled=yes
add chain=forward disabled=yes src-address-list=Rede
add action=drop chain=forward connection-nat-state=!dstnat disabled=yes log=yes

/ip firewall mangle
add action=mark-connection chain=input comment="Marcar ISP1" connection-mark=no-mark in-interface=Bridge-ISP1 new-connection-mark=ISP1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!Rede in-interface=Bridge-ISP1 new-connection-mark=ISP1
add action=mark-routing chain=prerouting comment="Marcar Route ISP1" connection-mark=ISP1 in-interface=Bridge-ISP1 new-routing-mark=ISP1
add action=mark-routing chain=output connection-mark=ISP1 new-routing-mark=ISP1 passthrough=no
add action=mark-packet chain=forward comment="186.225.x.x - G06" connection-mark=ISP1 new-packet-mark=G06-Up passthrough=no src-address=186.225.x.x
add action=mark-packet chain=forward connection-mark=ISP1 dst-address=186.225.x.x new-packet-mark=G06-Down passthrough=no
add action=mark-packet chain=forward comment="186.225.x.x - G07" connection-mark=ISP1 new-packet-mark=G07-Up passthrough=no src-address=186.225.x.x
add action=mark-packet chain=forward connection-mark=ISP1 dst-address=186.225.x.x new-packet-mark=G07-Down passthrough=no
add action=mark-packet chain=forward comment="186.225.x.x - G01" connection-mark=ISP1 new-packet-mark=G01-Up passthrough=no src-address=186.225.x.x
add action=mark-packet chain=forward connection-mark=ISP1 dst-address=186.225.x.x new-packet-mark=G01-Down passthrough=no
add action=mark-packet chain=forward comment="186.225.x.x - G02" connection-mark=ISP1 new-packet-mark=G02-Up passthrough=no src-address=186.225.x.x
add action=mark-packet chain=forward connection-mark=ISP1 dst-address=186.225.x.x new-packet-mark=G02-Down passthrough=no
add action=mark-packet chain=forward comment="186.225.x.x - G03" connection-mark=ISP1 new-packet-mark=G03-Up passthrough=no src-address=186.225.x.x
add action=mark-packet chain=forward connection-mark=ISP1 dst-address=186.225.x.x new-packet-mark=G03-Down passthrough=no
add action=mark-packet chain=forward comment="186.225.x.x - G05" connection-mark=ISP1 new-packet-mark=G05-Up passthrough=no src-address=186.225.x.x
add action=mark-packet chain=forward connection-mark=ISP1 dst-address=186.225.x.x new-packet-mark=G05-Down passthrough=no
add action=mark-packet chain=forward comment="186.225.x.x - G15" connection-mark=ISP1 new-packet-mark=G15-Up passthrough=no src-address=186.225.x.x
add action=mark-packet chain=forward connection-mark=ISP1 dst-address=186.225.x.x new-packet-mark=G15-Down passthrough=no
add action=mark-packet chain=forward comment="186.225.x.x - G18" connection-mark=ISP1 new-packet-mark=G18-Up passthrough=no src-address=186.225.x.x
add action=mark-packet chain=forward connection-mark=ISP1 dst-address=186.225.x.x new-packet-mark=G18-Down passthrough=no
add action=mark-packet chain=forward comment="186.225.x.x - G11" connection-mark=ISP1 new-packet-mark=G11-Up passthrough=no src-address=186.225.x.x
add action=mark-packet chain=forward connection-mark=ISP1 dst-address=186.225.x.x new-packet-mark=G11-Down passthrough=no
add action=mark-packet chain=forward comment="186.225.x.x - G10" connection-mark=ISP1 new-packet-mark=G10-Up passthrough=no src-address=186.225.x.x
add action=mark-packet chain=forward connection-mark=ISP1 dst-address=186.225.x.x new-packet-mark=G10-Down passthrough=no
add action=mark-packet chain=forward comment="186.225.x.x - G08" connection-mark=ISP1 new-packet-mark=G08-Up passthrough=no src-address=186.225.x.x
add action=mark-packet chain=forward connection-mark=ISP1 dst-address=186.225.x.x new-packet-mark=G08-Down passthrough=no
add action=mark-packet chain=forward comment="186.225.x.x - G04" connection-mark=ISP1 new-packet-mark=G04-Up passthrough=no src-address=186.225.x.x
add action=mark-packet chain=forward connection-mark=ISP1 dst-address=186.225.x.x new-packet-mark=G04-Down passthrough=no
add action=mark-connection chain=input comment="Marcar ISP2" connection-mark=no-mark in-interface=Bridge-ISP2 new-connection-mark=ISP2
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list="!Rede Interna" in-interface=Bridge-ISP2 new-connection-mark=ISP2
add action=mark-routing chain=prerouting comment="Rotear ISP2" connection-mark=ISP2 in-interface=Bridge-ISP2 new-routing-mark=ISP2
add action=mark-routing chain=output connection-mark=ISP2 new-routing-mark=ISP2
add action=mark-packet chain=forward comment="177.43.x.x - Condominio" connection-mark=ISP2 new-packet-mark=ISP2-145-Up src-address=177.43.x.x
add action=mark-packet chain=forward connection-mark=ISP2 dst-address=177.43.x.x new-packet-mark=ISP2-145-Down
add action=mark-packet chain=forward comment="177.43.x.x - G00" connection-mark=ISP2 new-packet-mark=ISP2-146-Up src-address=177.43.x.x
add action=mark-packet chain=forward connection-mark=ISP2 dst-address=177.43.x.x new-packet-mark=ISP2-146-Down
add action=mark-packet chain=forward comment="177.43.x.x - G07" connection-mark=ISP2 new-packet-mark=ISP2-147-Up src-address=177.43.x.x
add action=mark-packet chain=forward connection-mark=ISP2 dst-address=177.43.x.x new-packet-mark=ISP2-147-Down
add action=mark-packet chain=forward comment="177.43.x.x - G10" connection-mark=ISP2 new-packet-mark=ISP2-148-Up src-address=177.43.x.x
add action=mark-packet chain=forward connection-mark=ISP2 dst-address=177.43.x.x new-packet-mark=ISP2-148-Down
add action=mark-packet chain=forward comment="177.43.x.x - G04" connection-mark=ISP2 new-packet-mark=ISP2-149-Up src-address=177.43.x.x
add action=mark-packet chain=forward connection-mark=ISP2 dst-address=177.43.x.x new-packet-mark=ISP2-149-Down
add action=mark-packet chain=forward comment="177.43.x.x - G00" connection-mark=ISP2 new-packet-mark=ISP2-150-Up src-address=177.43.x.x
add action=mark-packet chain=forward connection-mark=ISP2 dst-address=177.43.x.x new-packet-mark=ISP2-150-Down
add action=mark-routing chain=prerouting comment="Marcar G11 Rotear ISP2" dst-address-list="!Rede Interna" new-routing-mark=ISP2 src-address=172.25.2.57
add action=mark-connection chain=forward comment="Marcar G11 Down ISP2" dst-address=172.25.2.57 new-connection-mark=G11-Down_ISP2
add action=mark-packet chain=forward comment="Marcar G11 Down ISP2" connection-mark=G11-Down_ISP2 new-packet-mark=G11-Down_ISP2 passthrough=no
add action=mark-connection chain=forward comment="Marcar G11 Up ISP2" new-connection-mark=G11-Up_ISP2 src-address=172.25.2.57
add action=mark-packet chain=forward comment="Marcar G11 Up ISP2" connection-mark=G11-Up_ISP2 new-packet-mark=G11-Up_ISP2 passthrough=no
add action=mark-connection chain=prerouting comment="NAT ISP2" dst-address-list="!Rede Interna" new-connection-mark=NAT_ISP2 src-address-list=NAT_ISP2
add action=mark-packet chain=forward comment="172.25.2.57 - G11" connection-mark=NAT_ISP2 new-packet-mark=G11-Down_ISP2 src-address=172.25.2.57
add action=mark-packet chain=forward connection-mark=NAT_ISP2 dst-address=172.25.2.57 new-packet-mark=G11-Down_ISP2
 
/ip firewall nat
add action=masquerade chain=srcnat comment="Rota Reserva ISP2 - NAO ALTERAR ORDEM" disabled=yes out-interface=ISP2-2450 src-address-list=Reserva
add action=dst-nat chain=dstnat disabled=yes dst-address=189.8.x.x dst-port=53 protocol=udp src-address-list=Reserva to-addresses=8.8.8.8 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-address=189.8.x.x dst-port=53 protocol=udp src-address-list=Reserva to-addresses=8.8.4.4 to-ports=53
add action=masquerade chain=srcnat comment="NAT Condominio" src-address-list=Condominio
add action=masquerade chain=srcnat comment="NAT VPN" src-address=172.25.7.0/29
add action=masquerade chain=srcnat comment=G11-Remais out-interface=ISP2-2450 src-address=172.25.2.57
add action=dst-nat chain=dstnat comment="G11 DVR" dst-address=177.19.x.x dst-port=8082,9002 in-interface=ISP2-2450 protocol=tcp to-addresses=172.25.2.57 to-ports=8082
add action=dst-nat chain=dstnat comment="Acesso Elastix" dst-address-list=Dude dst-port=4569 protocol=udp src-address-list=SIP to-addresses=172.25.3.60 to-ports=4569
add action=dst-nat chain=dstnat dst-address-list=Dude dst-port=5004-5082 protocol=udp src-address-list=SIP to-addresses=172.25.3.60 to-ports=5004-5082
add action=dst-nat chain=dstnat dst-address-list=Dude dst-port=10000-20000 protocol=udp src-address-list=SIP to-addresses=172.25.3.60 to-ports=10000-20000
add action=dst-nat chain=dstnat comment="Acesso DUDE" dst-address-list=Dude dst-port=2210 protocol=tcp to-addresses=172.25.1.20 to-ports=2210
add action=dst-nat chain=dstnat comment="Acesso WEB-DUDE" dst-address-list=Dude dst-port=80 log-prefix=Webdude protocol=tcp to-addresses=172.25.1.20 to-ports=80
add action=dst-nat chain=dstnat comment="Acesso NVR" dst-address-list=Dude dst-port=8080 log-prefix=Camera protocol=tcp to-addresses=172.25.4.1 to-ports=8080
add action=dst-nat chain=dstnat dst-address-list=Dude dst-port=554 log-prefix=Camera protocol=tcp to-addresses=172.25.4.1 to-ports=554
add action=dst-nat chain=dstnat dst-address-list=Dude dst-port=8000 log-prefix=Camera protocol=tcp to-addresses=172.25.4.1 to-ports=8000
/ip route
add check-gateway=ping distance=1 gateway=186.225.x.x routing-mark=ISP1
add check-gateway=ping distance=1 gateway=177.19.x.x routing-mark=ISP2
add check-gateway=ping distance=1 gateway=186.225.x.x target-scope=30
add check-gateway=ping distance=2 gateway=177.19.x.x target-scope=30

/queue interface
set sfpplus1 queue=ethernet-default
set sfp1 queue=ethernet-default
set sfp2 queue=ethernet-default
set sfp3 queue=ethernet-default
set sfp4 queue=ethernet-default
set sfp5 queue=ethernet-default
set sfp6 queue=ethernet-default
set sfp7 queue=ethernet-default
set sfp8 queue=ethernet-default
set sfp9 queue=ethernet-default
set sfp10 queue=ethernet-default
set sfp11 queue=ethernet-default
set sfp12 queue=ethernet-default

/routing ospf interface
add authentication=simple interface=sfp12 network-type=point-to-point
add authentication=simple interface=sfp11 network-type=point-to-point
add authentication=simple interface=sfp8 network-type=point-to-point

/routing ospf network
add area=backbone network=172.25.25.252/30
add area=backbone network=172.25.25.248/30
add area=CD-CO-PRI network=172.25.0.0/26
add area=backbone network=172.25.25.244/30
Top
Post Reply
  4. RouterOS
  5. General