Mikrotik - Utilizar link 1 saida e link 2 somente entrada (Acesso remoto, cameras)

1. Mikrotik - Utilizar link 1 saida e link 2 somente entrada (Acesso remoto, cameras)

vargasf
(usa Outra)

Enviado em 28/12/2016 - 15:33h

Bom dia,

Possuo 2 links
Link 1 - copel 40mb que nao permite liberar portas externas para acessar cameras e acesso remoto server
Link 2 - 10mb dedicado que permite liberar portas para acessar as cameras e acesso remoto

Preciso fazer com que tudo saia pela copel link 1 e o link 2 fique so aguardando alguem requisitar externamente acesso nas cameras e servidor acesso remoto.

possuo uma RB750GL upgrade firmware 3.33

Muito obrigado desde já e um otimo ano novo a todos.
Flaviano Vargas

0 0

Quote

2. 2 Link 2 Lan

apracz
(usa Debian)

Enviado em 05/01/2017 - 16:53h

2 REGRAS, veja qual se adequa a voce

====== REGRA 1 ====

/ip firewall mangle
add chain=prerouting in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_connection
add chain=prerouting in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_connection

add chain=prerouting in-interface=LAN1 connection-mark=WAN1_connection action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting in-interface=LAN1 connection-mark=WAN2_connection action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting in-interface=LAN2 connection-mark=WAN1_connection action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting in-interface=LAN2 connection-mark=WAN2_connection action=mark-routing new-routing-mark=to_WAN2

add chain=output src-address=1.1.1.1 action=mark-routing new-routing-mark=to_WAN1
add chain=output src-address=2.2.2.2 action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 routing-mark=to_WAN1 gateway=1.1.1.11
add dst-address=0.0.0.0/0 routing-mark=to_WAN2 gateway=2.2.2.2

========== fim regra 1========

=========REGRA 2==================
/ip address
add address=192.168.100.2/24 network=192.168.100.0 broadcast=192.168.100.255 interface=1-Wan
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=2-Wan
add address=192.168.0.100/24 network=192.168.0.0 broadcast=192.168.0.255 interface=3-Rede
/ip firewall mangle
add chain=input in-interface=1-Wan action=mark-connection new-connection-mark=1-Wan_conn
add chain=input in-interface=2-Wan action=mark-connection new-connection-mark=2-Wan_conn
add chain=output connection-mark=1-Wan_conn action=mark-routing new-routing-mark=to_1-Wan
add chain=output connection-mark=2-Wan_conn action=mark-routing new-routing-mark=to_2-Wan
add chain=prerouting dst-address=192.168.100.0/24 action=accept in-interface=3-Rede
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=3-Rede
add chain=prerouting dst-address-type=!3-Rede in-interface=3-Rede per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=1-Wan_conn passthrough=yes
add chain=prerouting dst-address-type=!3-Rede in-interface=3-Rede per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=2-Wan_conn passthrough=yes
add chain=prerouting connection-mark=1-Wan_conn in-interface=3-Rede action=mark-routing new-routing-mark=to_1-Wan
add chain=prerouting connection-mark=2-Wan_conn in-interface=3-Rede action=mark-routing new-routing-mark=to_2-Wan
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.100.1 routing-mark=to_1-Wan check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_2-Wan check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.100.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=2 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=1-Wan action=masquerade
add chain=srcnat out-interface=2-Wan action=masquerade

====== FIM REGRA 2=================

0 0

Quote