mikrotik Failover (WAN Backup) /双WAN 故障转移

最新推荐文章于 2024-10-10 10:58:41 发布

panyong2010

最新推荐文章于 2024-10-10 10:58:41 发布

阅读量497

点赞数

文章标签：数据库运维 java

版权

本文介绍了如何通过设置源地址转换(NAT)和路由表，以及防火墙的mangle规则，实现基于ISP的流量标记和分发。同时，配置了基于ping可达性的递归路由，确保网络连接的可靠性。针对两个不同的ISP接口，设置了不同的目标地址和网关，以实现动态选择最佳路径。

摘要由CSDN通过智能技术生成

源地址转换（Source NAT）

/ip/firewall/nat

add chain=srcnat action=masquerade out-interface=ether1

add chain=srcnat action=masquerade out-interface=ether2

路由表和防火墙规则来标记流量

/routing/table

add fib name=to_ISP1

add fib name=to_ISP2

/ip/firewall/mangle

add chain=output connection-state=new connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn out-interface=ether1

add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1 out-interface=ether1

add chain=output connection-state=new connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn out-interface=ether2

add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2 out-interface=ether2

We will split the routing configuration into three parts. First, we will configure Host1 and Host2 as destination addresses in the routing section:

/ip/route/

add dst-address=8.8.8.8 scope=10 gateway=10.111.0.1

add dst-address=8.8.4.4 scope=10 gateway=10.112.0.1

建议国内目标地址替换为阿里DNS或者腾讯DNS，两个WAN的目标地址需要配置为不一样

如果是拨号的接口，可以把网关IP更改为接口名称 pppoe-out1

Now configure routes that will be resolved recursively, so they will only be active when they are reachable with ping:

/ip/route/

add distance=1 gateway=8.8.8.8 routing-table=to_ISP1 target-scope=11 check-gateway=ping

add distance=2 gateway=8.8.4.4 routing-table=to_ISP1 target-scope=11 check-gateway=ping

Configure similar recursive routes for the second gateway:

/ip/route/

add distance=1 gateway=8.8.4.4 routing-table=to_ISP2 target-scope=11 check-gateway=ping

add distance=2 gateway=8.8.8.8 routing-table=to_ISP2 target-scope=11 check-gateway=ping

关注