Một cấu hình load balancing, failover 2 WAN kết hợp NAT inbound cho các ports 8000,88,554 trên router MikroTik thực tế tham khảo:
Code:
/ip firewall mangle
add chain=prerouting dst-address=192.168.1.0/24 in-interface=bridge1
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
pppoe-out1 new-connection-mark=WAN1 passthrough=no
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
pppoe-out2 new-connection-mark=WAN2 passthrough=no
add action=mark-routing chain=output connection-mark=WAN1 new-routing-mark=\
WAN1 passthrough=no
add action=mark-routing chain=output connection-mark=WAN2 new-routing-mark=\
WAN2 passthrough=no
add action=mark-connection chain=prerouting connection-state=new dst-port=\
8000,88,554 in-interface=pppoe-out1 new-connection-mark=WAN1 passthrough=\
no protocol=tcp
add action=mark-connection chain=prerouting connection-state=new dst-port=\
8000,88,554 in-interface=pppoe-out2 new-connection-mark=WAN2 passthrough=\
no protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge1 new-connection-mark=WAN1 \
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge1 new-connection-mark=WAN2 \
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1 in-interface=\
bridge1 new-routing-mark=WAN1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN2 in-interface=\
bridge1 new-routing-mark=WAN2 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
add action=dst-nat chain=dstnat dst-address-type=local dst-port=88 protocol=\
tcp to-addresses=192.168.1.200 to-ports=88
add action=masquerade chain=srcnat dst-address=192.168.1.200 dst-port=88 \
out-interface=bridge1 protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat dst-address-type=local dst-port=8000 \
protocol=tcp to-addresses=192.168.1.200 to-ports=8000
add action=masquerade chain=srcnat dst-address=192.168.1.200 dst-port=8000 \
out-interface=bridge1 protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat dst-address-type=local dst-port=554 protocol=\
tcp to-addresses=192.168.1.200 to-ports=554
add action=masquerade chain=srcnat dst-address=192.168.1.200 dst-port=554 \
out-interface=bridge1 protocol=tcp src-address=192.168.1.0/24