Re: MK - 2 verejne ip a port fw
Napsal: 10 Feb 2020 18:13
postni sem tvoje nastavení a neřeš jestli to je nebo není podle návodu
Fórum československých telekomunikací
https://classic.ispforum.cz/
Kód: Vybrat vše
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_ISP2 check-gateway=ping
Noxus28 píše:No lebo cely návod ti je na 2 veci keď nechceš load balancing.
Stačí ti značkovanie čo vstupuje z vonkajšieho interface aby rovnakým aj odišlo. Písal ti to už hapi.Kód: Vybrat vše
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_ISP2 check-gateway=ping
lukasdj píše:Noxus28 píše:No lebo cely návod ti je na 2 veci keď nechceš load balancing.
Stačí ti značkovanie čo vstupuje z vonkajšieho interface aby rovnakým aj odišlo. Písal ti to už hapi.Kód: Vybrat vše
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2
/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_ISP2 check-gateway=ping
OK skusim a napisu. Kazdopadne dekuju moc!
Noxus28 píše:ano. je to keď máš v zápise routes 2+ default brány, pokiaľ jedna neodpovedá, hodí sa nedosiahnuteľná a routing sa prepne na ďalšiu s najnižším distance. Aj keď to samozrejme na prepínanie netu na záložný nie je veľmi spoľahlivé nakoľko brána ti odpovedať môže ale nevieš aké veci za ňou ti nefungujú že