Hi all!
Can someone can validate config i wan to put in my router SVP?
I have two wan, one is fixed ip and the other is dhcp.
/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=ether1-public routing-mark=to-public1 scope=30 target-scope=10
add comment="" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=\
ether6-public2-unlimited routing-mark=to-public1 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=ether6-public2-unlimited routing-mark=to-public2 scope=30 target-scope=10
add comment="" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=\
ether1-public routing-mark=to-public2 scope=30 target-scope=10
/ip firewall mangle
add action=mark-connection chain=prerouting comment="CM for public1" disabled=no \
in-interface=ether3-inside-ospf new-connection-mark=to-public1 passthrough=yes \
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="CM for public2" disabled=no \
in-interface=ether3-inside-ospf new-connection-mark=to-public2 passthrough=yes \
per-connection-classifier=both-addresses:2/1
/ip firewall nat
add action=masquerade chain=srcnat comment="Masq for public1" disabled=no \
out-interface=ether1-public
add action=masquerade chain=srcnat comment="Masq for public2" disabled=no \
out-interface=ether6-public2-unlimited
/ip firewall mangle
add action=mark-connection chain=prerouting comment="CM for GW1" disabled=no \
in-interface=ether3-inside-ospf new-connection-mark=to-public1 passthrough=yes \
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="CM for GW2" disabled=no \
in-interface=ether3-inside-ospf new-connection-mark=to-public2 passthrough=yes \
per-connection-classifier=both-addresses:2/1
/ip firewall mangle
add action=mark-connection chain=output comment="CM for public1 - output" \
connection-mark=no-mark disabled=no new-connection-mark=to-public1 passthrough=\
yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=output comment="CM for public2 - output" \
connection-mark=no-mark disabled=no new-connection-mark=to-public2 passthrough=\
yes per-connection-classifier=both-addresses:2/1
/ip firewall mangle
add action=mark-connection chain=input comment="CM input public1 " \
connection-mark=no-mark disabled=no in-interface=ether1-public \
new-connection-mark=to-public1 passthrough=yes
add action=mark-connection chain=input comment="CM input public2" \
connection-mark=no-mark disabled=no in-interface=ether6-public2-unlimited \
new-connection-mark=to-public2 passthrough=yes
/ip firewall mangle
add action=mark-routing chain=prerouting comment="RM for public1" \
connection-mark=to-public1 disabled=no in-interface=ether3-inside-ospf new-routing-mark=to-public1 \
passthrough=yes
add action=mark-routing chain=prerouting comment="RM for public2" \
connection-mark=to-public2 disabled=no in-interface=ether3-inside-ospf new-routing-mark=to-public2 \
passthrough=yes
Thanks!!
Patrick