/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new in-interface=ether5 new-connection-mark=conn1 nth=4,1
add action=mark-routing chain=prerouting connection-mark=conn1 in-interface=ether5 new-routing-mark=conn1 passthrough=no
add action=mark-connection chain=prerouting connection-state=new in-interface=ether5 new-connection-mark=conn2 nth=4,2
add action=mark-routing chain=prerouting connection-mark=conn2 in-interface=ether5 new-routing-mark=conn2 passthrough=no
add action=mark-connection chain=prerouting connection-state=new in-interface=ether5 new-connection-mark=conn3 nth=4,3
add action=mark-routing chain=prerouting connection-mark=conn3 in-interface=ether5 new-routing-mark=conn3 passthrough=no
add action=mark-connection chain=prerouting connection-state=new in-interface=ether5 new-connection-mark=conn4 nth=4,4
add action=mark-routing chain=prerouting connection-mark=conn4 in-interface=ether5 new-routing-mark=conn4 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat connection-mark=conn1 out-interface=ether1
add action=masquerade chain=srcnat connection-mark=conn2 out-interface=ether2
add action=masquerade chain=srcnat connection-mark=conn3 out-interface=ether3
add action=masquerade chain=srcnat connection-mark=conn4 out-interface=ether4
/system script
add name=ether2_force policy=read,write source=":if ([/interface find name=\"e\
ther2\"] = \"\") do={\r\
\n\t:error \"Target interface does not exist\";\r\
\n\t}\r\
\n\t\r\
\n:if ([/interface get [find name=\"ether2\"] disabled ]) do={\r\
\n\t:error \"Target interface ether2 is disabled.\";\r\
\n\t}\r\
\n\r\
\n:if ([/ip dhcp-client find interface=\"ether2\"] = \"\") do={\r\
\n\t:error \"Target interface is not running a DHCP client.\";\r\
\n\t}\r\
\n\r\
\n:if ([/ip dhcp-client get [find interface=\"ether2\"] status] != \"bound\
\") do={\r\
\n\t:error \"DHCP client is not bound to an address.\";\r\
\n\t}\r\
\n\t\r\
\n:local dhcpgateway [/ip dhcp-client get [find interface=\"ether2\"] gate\
way];\r\
\n:if (\$dhcpgateway = \"\") do={\r\
\n\t:error \"Interface has not been assigned a gateway address.\";\r\
\n\t}\r\
\n\t\r\
\n:local oldgatewayid [/ip route find comment=\"ether2_force\"];\r\
\n\r\
\n:if (\"\$oldgatewayid\" = \"\") do={\r\
\n\t:log warning \"Adding route\";\r\
\n\t:execute \"/ip route add \\\r\
\n\t\tdst-address=0.0.0.0/0 \\\r\
\n\t\tcomment=ether2_force \\\r\
\n\t\trouting-mark=conn2 \\\r\
\n\t\tgateway=\$dhcpgateway\";\r\
\n\t:error \"All done.\";\r\
\n\t}\r\
\n\r\
\n:local oldgateway [/ip route get number=\"\$oldgatewayid\" gateway];\r\
\n:if (\"\$oldgateway\" != \"\$dhcpgateway\") do={\r\
\n\t/ip route set numbers=\"\$oldgatewayid\" gateway=\"\$dhcpgateway\";\r\
\n\t}\r\
\n\r\
\n#The Same IP Gatway\r\
\n\r\
\n:local dhcpgateway [/ip dhcp-client get [find interface=\"ether2\"] gate\
way];\r\
\n\r\
\n /ip route set [find comment=\"ether2_force\"] gateway=(\$dhcpgateway.\"\
%ether2\")\r\
\n\r\
\n# Disable Schedule\r\
\n\r\
\n:local RCount [/system scheduler get [find name =schedule2] run-count]\r\
\n\r\
\n:if (\$RCount >2) do={\r\
\n/system scheduler set [find name=\"schedule2\"] disable=yes\r\
\n#: log warning phalla;\r\
\n}"
add name=ether3_force policy=read,write source=":if ([/interface find name=\"e\
ther3\"] = \"\") do={\r\
\n\t:error \"Target interface does not exist\";\r\
\n\t}\r\
\n\t\r\
\n:if ([/interface get [find name=\"ether3\"] disabled ]) do={\r\
\n\t:error \"Target interface ether3 is disabled.\";\r\
\n\t}\r\
\n\r\
\n:if ([/ip dhcp-client find interface=\"ether3\"] = \"\") do={\r\
\n\t:error \"Target interface is not running a DHCP client.\";\r\
\n\t}\r\
\n\r\
\n:if ([/ip dhcp-client get [find interface=\"ether3\"] status] != \"bound\
\") do={\r\
\n\t:error \"DHCP client is not bound to an address.\";\r\
\n\t}\r\
\n\t\r\
\n:local dhcpgateway [/ip dhcp-client get [find interface=\"ether3\"] gate\
way];\r\
\n:if (\$dhcpgateway = \"\") do={\r\
\n\t:error \"Interface has not been assigned a gateway address.\";\r\
\n\t}\r\
\n\t\r\
\n:local oldgatewayid [/ip route find comment=\"ether3_force\"];\r\
\n\r\
\n:if (\"\$oldgatewayid\" = \"\") do={\r\
\n\t:log warning \"Adding route\";\r\
\n\t:execute \"/ip route add \\\r\
\n\t\tdst-address=0.0.0.0/0 \\\r\
\n\t\tcomment=ether3_force \\\r\
\n\t\trouting-mark=conn3 \\\r\
\n\t\tgateway=\$dhcpgateway\";\r\
\n\t:error \"All done.\";\r\
\n\t}\r\
\n\r\
\n:local oldgateway [/ip route get number=\"\$oldgatewayid\" gateway];\r\
\n:if (\"\$oldgateway\" != \"\$dhcpgateway\") do={\r\
\n\t/ip route set numbers=\"\$oldgatewayid\" gateway=\"\$dhcpgateway\";\r\
\n\t}\r\
\n\r\
\n\r\
\n#The Same IP Gatway\r\
\n\r\
\n:local dhcpgateway [/ip dhcp-client get [find interface=\"ether3\"] gate\
way];\r\
\n\r\
\n /ip route set [find comment=\"ether3_force\"] gateway=(\$dhcpgateway.\"\
%ether3\")\r\
\n\r\
\n# Disable Schedule\r\
\n\r\
\n:local RCount [/system scheduler get [find name =schedule3] run-count]\r\
\n\r\
\n:if (\$RCount >2) do={\r\
\n/system scheduler set [find name=\"schedule3\"] disable=yes\r\
\n#: log warning phalla;\r\
\n}"
add name=ether4_force policy=read,write source=":if ([/interface find name=\"e\
ther4\"] = \"\") do={\r\
\n\t:error \"Target interface does not exist\";\r\
\n\t}\r\
\n\t\r\
\n:if ([/interface get [find name=\"ether4\"] disabled ]) do={\r\
\n\t:error \"Target interface ether4 is disabled.\";\r\
\n\t}\r\
\n\r\
\n:if ([/ip dhcp-client find interface=\"ether4\"] = \"\") do={\r\
\n\t:error \"Target interface is not running a DHCP client.\";\r\
\n\t}\r\
\n\r\
\n:if ([/ip dhcp-client get [find interface=\"ether4\"] status] != \"bound\
\") do={\r\
\n\t:error \"DHCP client is not bound to an address.\";\r\
\n\t}\r\
\n\t\r\
\n:local dhcpgateway [/ip dhcp-client get [find interface=\"ether4\"] gate\
way];\r\
\n:if (\$dhcpgateway = \"\") do={\r\
\n\t:error \"Interface has not been assigned a gateway address.\";\r\
\n\t}\r\
\n\t\r\
\n:local oldgatewayid [/ip route find comment=\"ether4_force\"];\r\
\n\r\
\n:if (\"\$oldgatewayid\" = \"\") do={\r\
\n\t:log warning \"Adding route\";\r\
\n\t:execute \"/ip route add \\\r\
\n\t\tdst-address=0.0.0.0/0 \\\r\
\n\t\tcomment=ether4_force \\\r\
\n\t\trouting-mark=conn4 \\\r\
\n\t\tgateway=\$dhcpgateway\";\r\
\n\t:error \"All done.\";\r\
\n\t}\r\
\n\r\
\n:local oldgateway [/ip route get number=\"\$oldgatewayid\" gateway];\r\
\n:if (\"\$oldgateway\" != \"\$dhcpgateway\") do={\r\
\n\t/ip route set numbers=\"\$oldgatewayid\" gateway=\"\$dhcpgateway\";\r\
\n\t}\r\
\n\r\
\n\r\
\n\r\
\n#The Same IP Gatway\r\
\n\r\
\n:local dhcpgateway [/ip dhcp-client get [find interface=\"ether4\"] gate\
way];\r\
\n\r\
\n /ip route set [find comment=\"ether4_force\"] gateway=(\$dhcpgateway.\"\
%ether4\")\r\
\n\r\
\n\r\
\n# Disable Schedule\r\
\n\r\
\n:local RCount [/system scheduler get [find name =schedule4] run-count]\r\
\n\r\
\n:if (\$RCount >2) do={\r\
\n/system scheduler set [find name=\"schedule4\"] disable=yes\r\
\n#: log warning phalla;\r\
\n}"
add name=ether1_force policy=read,write source=":if ([/interface find name=\"e\
ther1\"] = \"\") do={\r\
\n\t:error \"Target interface does not exist\";\r\
\n\t}\r\
\n\t\r\
\n:if ([/interface get [find name=\"ether1\"] disabled ]) do={\r\
\n\t:error \"Target interface ether1 is disabled.\";\r\
\n\t}\r\
\n\r\
\n:if ([/ip dhcp-client find interface=\"ether1\"] = \"\") do={\r\
\n\t:error \"Target interface is not running a DHCP client.\";\r\
\n\t}\r\
\n\r\
\n:if ([/ip dhcp-client get [find interface=\"ether1\"] status] != \"bound\
\") do={\r\
\n\t:error \"DHCP client is not bound to an address.\";\r\
\n\t}\r\
\n\t\r\
\n:local dhcpgateway [/ip dhcp-client get [find interface=\"ether1\"] gate\
way];\r\
\n:if (\$dhcpgateway = \"\") do={\r\
\n\t:error \"Interface has not been assigned a gateway address.\";\r\
\n\t}\r\
\n\t\r\
\n:local oldgatewayid [/ip route find comment=\"ether1_force\"];\r\
\n\r\
\n:if (\"\$oldgatewayid\" = \"\") do={\r\
\n\t:log warning \"Adding route\";\r\
\n\t:execute \"/ip route add \\\r\
\n\t\tdst-address=0.0.0.0/0 \\\r\
\n\t\tcomment=ether1_force \\\r\
\n\t\trouting-mark=conn1 \\\r\
\n\t\tgateway=\$dhcpgateway\";\r\
\n\t:error \"All done.\";\r\
\n\t}\r\
\n\r\
\n:local oldgateway [/ip route get number=\"\$oldgatewayid\" gateway];\r\
\n:if (\"\$oldgateway\" != \"\$dhcpgateway\") do={\r\
\n\t/ip route set numbers=\"\$oldgatewayid\" gateway=\"\$dhcpgateway\";\r\
\n\t}\r\
\n\r\
\n#The Same IP Gatway\r\
\n\r\
\n:local dhcpgateway [/ip dhcp-client get [find interface=\"ether1\"] gate\
way];\r\
\n\r\
\n /ip route set [find comment=\"ether1_force\"] gateway=(\$dhcpgateway.\"\
%ether1\")\r\
\n\r\
\n# Disable Schedule\r\
\n\r\
\n:local RCount [/system scheduler get [find name =schedule1] run-count]\r\
\n\r\
\n:if (\$RCount >2) do={\r\
\n/system scheduler set [find name=\"schedule1\"] disable=yes\r\
\n#: log warning phalla;\r\
\n}"
/system scheduler
add disabled=yes interval=10s name=schedule1 on-event=\
"\r\
\n/system script run ether1_force" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
add disabled=yes interval=10s name=schedule2 on-event=\
"\r\
\n/system script run ether2_force\r\
\n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-time=startup
add disabled=yes interval=10s name=schedule4 on-event=\
"\r\
\n/system script run ether4_force\r\
\n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-time=startup
add disabled=yes interval=10s name=schedule3 on-event=\
"\r\
\n/system script run ether3_force\r\
\n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-time=startup
add name=Enable-All-Schedules on-event=" /system scheduler set [find name=\"sc\
hedule1\"] disable=no;\r\
\n\r\
\n /system scheduler set [find name=\"schedule2\"] disable=no;\r\
\n\r\
\n /system scheduler set [find name=\"schedule3\"] disable=no;\r\
\n\r\
\n /system scheduler set [find name=\"schedule4\"] disable=no;\r\
\n\r\
\n /system scheduler set [find name=\"schedule5\"] disable=no;" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup
2 comments
Write commentsBom dia,
ReplyComo fazer um balance pcc com esse scritp para recriar as regras no mangle?
:global activeroutesold;
:local activeroutes 0;
:local route;
:local tes;
:local divs 0;
:local less;
:local routingmarks;
:local arrayrouting;
:local routemark;
:log info "BEGIN***********************************************************"
:foreach route in=[/ip route find where comment~"^[a-z]*balanceo" active=yes] do={
:set tes [ /ip route get $route routing-mark ];
:set activeroutes ($activeroutes + 1)
:set routingmarks ($routingmarks, $tes);
}
:log info $activeroutes;
:log info $activeroutesold;
:if ($activeroutes != $activeroutesold) do={
/ip firewall
mangle {
:foreach a in=[find where comment~"^[a-z]*balance" ] do={
remove $a }
}
:set arrayrouting [:toarray $routingmarks]
:set divs $activeroutes;
:set less $activeroutes;
:for i from=0 to=($activeroutes-1) do={
:set routemark [:pick $routingmarks $i]
:set divs ($activeroutes - $less);
:set less ($less - 1);
:log info "$routemark";
:log info "$activeroutes/$divs"
/ip firewall mangle
:log info "Setting filters";
add action=mark-connection chain=prerouting comment="balance conn $routemark" \
disabled=no dst-address-type=!local in-interface=local \
new-connection-mark="$routemark" passthrough=yes per-connection-classifier=\
"both-addresses:$activeroutes/$divs" place-before=3
add action=mark-routing chain=prerouting comment="balance route $routemark" \
connection-mark="$routemark" disabled=no in-interface=local new-routing-mark=\
"$routemark" passthrough=no place-before=3
}
} else={:log info "routes has no changed"};
:log info ("$activeroute active routes");
:set activeroutesold $activeroutes;
:log info "END********************************************************************"
Dear Sir, is there any way to make failover working with Src-Nat?
ReplyEmoticonEmoticon