Indice   FAQ  
Iscriviti  Login
Indice RouterOS RouterOS

Route statica per forzare un IP LAN su GW specifico

Tutto su questo sistema operativo linux based - Configurazioni, dubbi, problematiche &....

Route statica per forzare un IP LAN su GW specifico

Messaggioda RedFoxy » mar 9 lug 2019, 18:13

Ciao a tutti!
Mi sono avvicinato da un mesetto al mondo Mikrotik, per ora ho usato solo il modello RB760iGS, mi trovo bene e lo sto montando in diversi posti, la configurazione tipica in cui lo uso è FTTH + backup su LTE (con tunnel GRE), ma spesso mi è capitato di usarlo con due modem ADSL + backup su LTE, in questo caso specifico ho delle necessità di routing, determinati IP devono essere raggiunti passando prima dalla ADSL 2 e in caso non funziona dalla ADSL 1 e in fine dalla linea LTE, mentre tutto il resto del traffico prima dalla ADSL 1, poi dalla LTE e in fine dalla ADSL 2, questo l'ho fatto senza problema usando in IP -> Routes e definendo i le distance sui gateway e sugli ip, ora ho un problema simile ma che su Mikrotik va affrontato in modo diverso.

Ho un computer della rete locale, con ip statico, che deve usare SEMPRE un gateway diverso dal default gateway, e solo se quella linea è down deve uscire dal default gateway e quindi dalla linea LTE di backup, ho provato a cercare e l'unica soluzione che sono riuscito a mettere in pratica mi da diversi problemi di lentezza, in pratica in prerouting in firewall -> mangle, marco i pacchetti:
- chain: prerouting,
- src. address: 192.168.1.10,
- action: mark routing,
- new routing mark: prova,

quindi in ip -> routes ho creato una rotta ove gli dico di uscire tramite la l'ip del router collegato alla eth4:
- dst. address 0.0.0.0/0,
- gateway: 192.168.10.254,
- type: unicast,
- distance: 1
- scope: 30
- target scope: 10
- routing mark: prova

Questo sistema funziona solo che si lamentano di andare lenti, che prima collegati direttamente al modem andavano più veloci, ma non solo il computer preposto a uscire tramite quel gateway, ma anche gli altri... La cosa mi sembra molto strana ma non vorrei aver sbagliato qualcosa o che il marcare rallenti il router.

Idee?

Grazie in anticipo!
RedFoxy
Mikrotik Curious User
Mikrotik Curious User
 
Messaggi: 5
Iscritto il: mar 9 lug 2019, 14:22
Uso routerOS dalla Versione: v6.x

Re: Route statica per forzare un IP LAN su GW specifico

Messaggioda abbio90 » ven 12 lug 2019, 21:47

prova ad allegare la configurazione completa
da terminale
export file=conf
poi vai su file e ti trovi un file conf.rsc
lo trascini su desktop, lo apri con blocco note e incolli qui la configurazione
abbio90
Mikrotik-User 9° Liv
Mikrotik-User 9° Liv
 
Messaggi: 62
Iscritto il: lun 26 giu 2017, 18:11
Località: Oristano
Uso routerOS dalla Versione: v4.x

Re: Route statica per forzare un IP LAN su GW specifico

Messaggioda RedFoxy » lun 15 lug 2019, 8:58

abbio90 ha scritto:prova ad allegare la configurazione completa
da terminale
export file=conf
poi vai su file e ti trovi un file conf.rsc
lo trascini su desktop, lo apri con blocco note e incolli qui la configurazione

Codice: Seleziona tutto
# jul/15/2019 09:51:22 by RouterOS 6.45.1
# software id = KKNC-EV7A
#
# model = RB760iGS
# serial number = AXXXXXXXXXXX
/interface bridge
add name=bridge-LAN
/interface ethernet
set [ find default-name=ether1 ] name=ether1-Voce speed=100Mbps
set [ find default-name=ether2 ] name=ether2-WAN1 speed=100Mbps
set [ find default-name=ether3 ] name=ether3-LTE speed=100Mbps
set [ find default-name=ether4 ] name=ether4-SISS speed=100Mbps
set [ find default-name=ether5 ] name=ether5-LAN speed=100Mbps
/interface gre
add local-address=172.17.2.77 name=gre-N4Com remote-address=172.18.1.2
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool-LAN ranges=192.168.1.70
/ip dhcp-server
add address-pool=dhcp_pool-LAN disabled=no interface=bridge-LAN lease-time=1d \
    name=dhcp-LAN
/system logging action
set 3 bsd-syslog=yes remote=9.21.11.16 syslog-facility=local0
/interface bridge port
add bridge=bridge-LAN interface=ether5-LAN
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=bridge-LAN list=LAN
add interface=ether2-WAN1 list=WAN
add interface=ether1-Voce list=WAN
add interface=gre-N4Com list=WAN
/ip address
add address=86.10.38.18/30 interface=ether1-Voce network=86.10.38.16
add address=86.105.238.110/30 interface=ether2-WAN1 network=86.10.38.8
add address=192.168.1.150/24 interface=bridge-LAN network=192.168.1.0
add address=172.17.2.77/30 interface=ether3-LTE network=172.17.2.76
add address=172.17.22.86/30 interface=gre-N4Com network=172.17.22.84
add address=192.168.10.50/24 interface=ether4-SISS network=192.168.10.0
/ip dhcp-server lease
add address=192.168.1.70 client-id=1:0:15:65:fc:87:78 mac-address=\
    00:15:65:FC:87:78 server=dhcp-LAN
/ip dhcp-server network
add address=86.10.38.16/30 gateway=86.10.38.18
add address=192.168.1.0/24 gateway=192.168.1.150
/ip dns
set servers=128.65.200.80,8.8.8.8
/ip firewall filter
add action=accept chain=input src-address=1.1.2.30/29
add action=accept chain=input src-address=2.1.2.3/29
add action=accept chain=input src-address=3.1.2.3/29
add action=accept chain=input src-address=4.1.2.3
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
    protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=siss passthrough=no \
    src-address=192.168.1.203
/ip firewall nat
add action=dst-nat chain=dstnat disabled=yes dst-port=888 protocol=tcp \
    to-addresses=192.168.1.70 to-ports=80
add action=dst-nat chain=dstnat dst-port=8291 protocol=tcp to-addresses=\
    192.168.1.150 to-ports=8291
add action=dst-nat chain=dstnat dst-port=161 protocol=udp to-addresses=\
    192.168.1.150 to-ports=161
add action=dst-nat chain=dstnat protocol=icmp to-addresses=192.168.1.150
add action=src-nat chain=srcnat out-interface=gre-N4Com to-addresses=\
    86.10.10.17
add action=masquerade chain=srcnat comment="IP Masquerade"
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=192.168.10.200 routing-mark=siss
add check-gateway=ping distance=10 gateway=8.1.2.3
add distance=10 gateway=gre-N4Com
add distance=30 gateway=9.1.2.3
add distance=5 dst-address=37.59.19.114/32 gateway=9.1.2.3
add distance=10 dst-address=37.59.19.114/32 gateway=8.1.2.3
add distance=20 dst-address=37.59.19.114/32 gateway=gre-N4Com
add distance=5 dst-address=37.59.21.6/32 gateway=9.1.2.3
add distance=10 dst-address=37.59.21.6/32 gateway=8.1.2.3
add distance=20 dst-address=37.59.21.6/32 gateway=gre-N4Com
add distance=5 dst-address=54.37.179.19/32 gateway=9.1.2.3
add distance=10 dst-address=54.37.179.19/32 gateway=8.1.2.3
add distance=20 dst-address=54.37.179.19/32 gateway=gre-N4Com
add distance=5 dst-address=54.37.179.20/32 gateway=9.1.2.3
add distance=10 dst-address=54.37.179.20/32 gateway=8.1.2.3
add distance=20 dst-address=54.37.179.20/32 gateway=gre-N4Com
add distance=5 dst-address=54.37.179.21/32 gateway=9.1.2.3
add distance=10 dst-address=54.37.179.21/32 gateway=8.1.2.3
add distance=20 dst-address=54.37.179.21/32 gateway=gre-N4Com
add distance=5 dst-address=54.38.92.15/32 gateway=9.1.2.3
add distance=10 dst-address=54.38.92.15/32 gateway=8.1.2.3
add distance=20 dst-address=54.38.92.15/32 gateway=gre-N4Com
add distance=5 dst-address=54.38.92.16/32 gateway=9.1.2.3
add distance=10 dst-address=54.38.92.16/32 gateway=8.1.2.3
add distance=20 dst-address=54.38.92.16/32 gateway=gre-N4Com
add distance=5 dst-address=94.23.67.34/32 gateway=9.1.2.3
add distance=10 dst-address=94.23.67.34/32 gateway=8.1.2.3
add distance=20 dst-address=94.23.67.34/32 gateway=gre-N4Com
add distance=5 dst-address=94.23.70.231/32 gateway=9.1.2.3
add distance=10 dst-address=94.23.70.231/32 gateway=8.1.2.3
add distance=20 dst-address=94.23.70.231/32 gateway=gre-N4Com
add distance=5 dst-address=147.135.129.92/32 gateway=9.1.2.3
add distance=10 dst-address=147.135.129.92/32 gateway=8.1.2.3
add distance=20 dst-address=147.135.129.92/32 gateway=gre-N4Com
add distance=5 dst-address=147.135.129.93/32 gateway=9.1.2.3
add distance=10 dst-address=147.135.129.93/32 gateway=8.1.2.3
add distance=20 dst-address=147.135.129.93/32 gateway=gre-N4Com
add distance=1 dst-address=172.17.0.0/20 gateway=ether3-LTE
add distance=1 dst-address=172.18.1.0/30 gateway=ether3-LTE
add distance=5 dst-address=178.33.239.175/32 gateway=9.1.2.3
add distance=10 dst-address=178.33.239.175/32 gateway=8.1.2.3
add distance=20 dst-address=178.33.239.175/32 gateway=gre-N4Com
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/snmp
set enabled=yes
/system clock
set time-zone-name=Europe/Rome
/system identity
set name="Mikrotik"
/system logging
set 0 action=remote prefix=INFO
set 1 action=remote prefix=ERROR
set 2 action=remote prefix=WARN
set 3 action=remote prefix=CRIT
add action=remote prefix=FW topics=firewall
add action=remote prefix=HEALTH topics=health
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
RedFoxy
Mikrotik Curious User
Mikrotik Curious User
 
Messaggi: 5
Iscritto il: mar 9 lug 2019, 14:22
Uso routerOS dalla Versione: v6.x



Torna a RouterOS

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti