After searching the web, I hope someone will be able to help me.
I have actually 3 WAN connection, WAN1, WAN2 and WAN3.
I wonder if there's anyway to force ports to go trough a Specified WAN1.
Ex. If I use Steam and I host a game server on port 3074 ans 27000-27050 I want it only on WAN1.
Also is there any way to setup vlan to go WAN2 an WAN3 only?
I don't want my Hotspot to go through WAN1
Thanks alot for any help!
Code: Select all
[admin@MikroTik] /ip firewall filter> /export compact
# feb/27/2013 17:23:17 by RouterOS 6.0rc9
# software id = XPXI-LV8Q
#
/interface ethernet
set 0 name=Local
set 1 name=WAN1
set 2 name=WAN2
set 3 disabled=yes name=WAN3
/interface wireless
set 0 disabled=no l2mtu=2290 mode=ap-bridge
/ip dhcp-server
add interface=WAN1 name=dhcp2
add interface=wlan1 name=dhcp3
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=dhcp_pool1 ranges=192.168.0.20-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=Local name=dhcp1
/ip address
add address=192.168.0.1/24 interface=Local network=192.168.0.0
add address=192.168.1.5/24 interface=WAN1 network=192.168.1.0
add address=192.168.2.5/24 interface=WAN2 network=192.168.2.0
add address=192.168.3.5/24 interface=WAN3 network=192.168.3.0
/ip dhcp-server lease
add address=192.168.0.10 client-id=**HIDDEN** mac-address=**HIDDEN** server=dhcp1
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=8.8.4.4,8.8.8.8
/ip firewall filter
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new \
dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
/ip firewall mangle
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=WAN1_conn
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=WAN2_conn
add action=mark-connection chain=input in-interface=WAN3 new-connection-mark=WAN3_conn
add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=to_WAN2
add action=mark-routing chain=output connection-mark=WAN3_conn new-routing-mark=to_WAN3
add chain=prerouting dst-address=192.168.1.0/24
add chain=prerouting dst-address=192.168.2.0/24
add chain=prerouting dst-address=192.168.3.0/24
add action=mark-routing chain=prerouting connection-mark=WAN2_conn new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn new-routing-mark=to_WAN3
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1 !to-addresses !to-ports
add action=masquerade chain=srcnat out-interface=WAN2 !to-addresses !to-ports
add action=masquerade chain=srcnat out-interface=WAN3 !to-addresses !to-ports
add action=dst-nat chain=dstnat dst-port=3074 in-interface=WAN1 protocol=tcp to-addresses=192.168.0.10 to-ports=3074
add action=dst-nat chain=dstnat dst-port=3074 in-interface=WAN1 protocol=udp to-addresses=192.168.0.10 to-ports=3074
add action=dst-nat chain=dstnat dst-port=27000-27050 in-interface=WAN1 protocol=tcp to-addresses=192.168.0.10 to-ports=\
27000-27050
add action=dst-nat chain=dstnat dst-port=27000-27050 in-interface=WAN1 protocol=udp to-addresses=192.168.0.10 to-ports=\
27000-27050
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN3
add check-gateway=ping distance=1 gateway=192.168.1.1
add check-gateway=ping distance=1 gateway=192.168.3.1
add check-gateway=ping distance=1 gateway=192.168.2.1
