Scribd
Upload
55 views4 pages

Balanceo 2 Lineas + Filelover Nuevo

- The document configures a router with two WAN interfaces (ether1 and ether2) connected to different ISPs, and one LAN interface (ether5). - It sets up IP addresses, DHCP services, DNS forwarding, and firewall NAT rules to provide internet access to the LAN through either WAN connection. - A scheduled script runs every 30 seconds to check the status of each ISP connection via ping tests. If an ISP is down, it disables the corresponding firewall rules and load balances traffic across the remaining active WAN interface.

Uploaded by

Nerio Sanchez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
55 views4 pages

Balanceo 2 Lineas + Filelover Nuevo

- The document configures a router with two WAN interfaces (ether1 and ether2) connected to different ISPs, and one LAN interface (ether5). - It sets up IP addresses, DHCP services, DNS forwarding, and firewall NAT rules to provide internet access to the LAN through either WAN connection. - A scheduled script runs every 30 seconds to check the status of each ISP connection via ping tests. If an ISP is down, it disables the corresponding firewall rules and load balances traffic across the remaining active WAN interface.

Uploaded by

Nerio Sanchez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

/interface ethernet

set [ find default-name=ether1 ] comment=WAN1


set [ find default-name=ether2 ] comment=WAN2
set [ find default-name=ether5 ] comment=LAN

/ip pool
add name=poolOficina ranges=192.168.100.100-192.168.100.190
/ip dhcp-server
add address-pool=poolOficina disabled=no interface=ether5 name=server1

/ip dns
set allow-remote-requests=yes servers=200.48.225.130,200.48.225.146

/ip address
add address=192.168.1.23/24 comment="IPs para puertos WAN" interface=ether1
network=192.168.1.0
add address=192.168.2.23/24 interface=ether2 network=192.168.2.0
add address=192.168.100.253/24 comment="IP para puerto LAN" interface=ether5
network=192.168.100.0

/ip dhcp-server network


add address=192.168.100.0/24 dns-server=200.48.225.130,200.48.225.146
gateway=192.168.100.253 netmask=24

/ip firewall mangle


add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=ether5
add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface=ether5
add action=mark-connection chain=prerouting connection-mark=no-mark in-
interface=ether1 new-connection-mark=ISP1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-
interface=ether2 new-connection-mark=ISP2_conn
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes
dst-address-type=!local in-interface=ether5 new-connection-mark=ISP1_conn per-
connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes
dst-address-type=!local in-interface=ether5 new-connection-mark=ISP2_conn per-
connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ISP1_conn in-
interface=ether5 new-routing-mark=to_ISP1
add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-
interface=ether5 new-routing-mark=to_ISP2
add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-
mark=to_ISP1
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-
mark=to_ISP2

/ip firewall nat


add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2

/ip route
add distance=1 gateway=192.168.1.1 routing-mark=to_ISP1
add distance=1 gateway=192.168.2.1 routing-mark=to_ISP2

/system scheduler
add interval=30s name=schedule1 on-event=failover
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-
date=nov/01/2017 start-time=00:00:00
/system script
add name=failover owner=admin
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
source="#:log info \"Inicio failover para router con 2 ISPs\";\r\
\n\r\
\n:global ispsCaidosAnt;\r\
\n\r\
\n# PARA TRABAJAR CON MULTIPLES ISPS DE VELOCIDADES DIFERENTES\r\
\n# es necesario usar el sistema SGCM de Livaur, ya que genera reglas
adicionales,\r\
\n# se encuentra en el link: https://www.livaur.com/sgcm \r\
\n# \r\
\n# {{ID:nPasos}; {ID:nPasos}};\r\
\n#\r\
\n#\r\
\n:local isps {{1;1}; {2;1} };\r\
\n:local pasos 0;\r\
\n:local ispsCaidos;\r\
\n\r\
\n# Cantidad de pruebas ping que se lanzaran a la IP externa para determinar
si\r\
\n# el ISP est\E1 caido\r\
\n:local nPruebasPing 5;\r\
\n\r\
\n# IP de DNS a donde se lanzan las pruebas de ping\r\
\n# En este caso se usa una IP de OpenDNS\r\
\n:local ipExterna \"200.48.225.130\";\r\
\n\r\
\n# Inicializaci\F3n de los ISP caidos anteriormente\r\
\n:if ([:typeof \$ispsCaidosAnt]=\"nothing\") do={ :set ispsCaidosAnt
{nil}; }\r\
\n\r\
\n\r\
\n# Inicializaci\F3n de los ISPs caidos\r\
\n:if ([:typeof \$ispsCaidos]=\"nothing\") do={ :set ispsCaidos {nil}; }\r\
\n\r\
\n# Proceso de pruebas de conexi\F3n a internet por los distintos ISPs\r\
\n:foreach isp in=[\$isps] do={\r\
\n #:log info (\$isp->1);\r\
\n :local indiceIsp (\$isp->0);\r\
\n\r\
\n :local rping [/ping \$ipExterna routing-table=\"to_ISP\$indiceIsp\" count=\
$nPruebasPing];\r\
\n\r\
\n # Si la respuesta de ping fue 0, entonces el ISP est\E1 caido y se agrega a
la lista de ispsCaidos\r\
\n :if (\$rping=0) do={\r\
\n :set (\$ispsCaidos->\"\$indiceIsp\") \$indiceIsp;\r\
\n :log info \"ISP\$indiceIsp caido\";\r\
\n }\r\
\n}\r\
\n\r\
\n\r\
\n# Compara los ISPs caidos actualmente contra los ISPs caidos previamente\r\
\n# Si son iguales evita ejecutar por completo el script\r\
\n:if ( \$ispsCaidos = \$ispsCaidosAnt) do={\r\
\n :exit;\r\
\n}\r\
\n# Si son diferentes, se actualizan los ispsCaidosAnt\r\
\n:if ( \$ispsCaidos != \$ispsCaidosAnt ) do={\r\
\n :set ispsCaidosAnt (\$ispsCaidos);\r\
\n}\r\
\n\r\
\n\r\
\n# C\E1lculo de los pasos totales\r\
\n:foreach isp in=[\$isps] do={\r\
\n :local estaCaido false;\r\
\n\r\
\n :foreach ispCaido in=[\$ispsCaidos] do={\r\
\n :if (\$isp->0=\$ispCaido) do={\r\
\n :set estaCaido true;\r\
\n }\r\
\n }\r\
\n\r\
\n :if (\$estaCaido=false) do={\r\
\n :set pasos (\$pasos + (\$isp->1));\r\
\n }\r\
\n}\r\
\n#:log info \$pasos;\r\
\n\r\
\n\r\
\n# Desactivacion de las mark_connection de ISPs caidos\r\
\n:foreach isp in=[\$ispsCaidos] do={\r\
\n /ip firewall mangle disable [find new-connection-mark=\"ISP\$isp_conn\" and
per-connection-classifier~\"both-addresses\"];\r\
\n}\r\
\n\r\
\n\r\
\n# Actualizaci\F3n de los pasos en funci\F3n de los ISPs activos\r\
\n:local pasosTmp 0;\r\
\n:foreach isp in=[\$isps] do={\r\
\n :local estaCaido false;\r\
\n :local idIsp (\$isp->0);\r\
\n\r\
\n :foreach ispCaido in=[\$ispsCaidos] do={\r\
\n :if ((\$isp->0)=\$ispCaido) do={\r\
\n :set estaCaido true;\r\
\n }\r\
\n }\r\
\n\r\
\n # Si el ISP no est\E1 caido se procede a actualizar las reglas con
los \"pasos\" correctos\r\
\n :if (\$estaCaido=false) do={\r\
\n # Desactivar las reglas del ISP activo para hacer la actualizacion\r\
\n /ip firewall mangle disable [find new-connection-mark=\"ISP\$idIsp_conn\"
and per-connection-classifier~\"both-addresses\"];\r\
\n\r\
\n # Obtenci\F3n de los IDs de las reglas del ISP con new-connection-mark\r\
\n :local idsReglas [/ip firewall mangle find new-connection-mark=\"ISP\
$idIsp_conn\" and per-connection-classifier~\"both-addresses\"];\r\
\n\r\
\n # Por cada ID de la regla se procede a asignar el total de pasos y el
n\FAmero de paso correspondiente\r\
\n :foreach idRegla in=[\$idsReglas] do={\r\
\n /ip firewall mangle set [find .id=\$idRegla] per-connection-
classifier=\"both-addresses:\$pasos/\$pasosTmp\"\r\
\n\r\
\n #Incremento del contador de pasosTmp\r\
\n :set pasosTmp (\$pasosTmp + 1);\r\
\n }\r\
\n\r\
\n # Activaci\F3n de las reglas del ISP activo\r\
\n /ip firewall mangle enable [find new-connection-mark=\"ISP\$idIsp_conn\"
and per-connection-classifier~\"both-addresses\"];\r\
\n }\r\
\n}\r\
\n\r\
\n\r\
\n#:log info \"Fin failover-script\";\r\
\n"

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy