Rotas Mikrotik para Correto failover

Roteador gateway ISP1_ROUTE – 192.168.15.1 Vivo
Roteador gateway ISP2_ROUTE – 192.168.18.1 Sumicity

/ip route
#criacao de uma interface virtual somente para auxiliar. Ip diferente de qualquer rede existente. Aqui se troca a priorizacao de qual internet sair
add distance=1 gateway=10.1.1.1
add distance=2 gateway=10.2.2.2

add dst-address=10.1.1.1 gateway=8.8.8.8 scope=10 check-gateway=ping
add dst-address=10.1.1.1 gateway=208.67.220.220 scope=10 check-gateway=ping

add dst-address=10.2.2.2 gateway=8.8.4.4 scope=10 check-gateway=ping
add dst-address=10.2.2.2 gateway=208.67.222.222 scope=10 check-gateway=ping

add dst-address=8.8.8.8 gateway=192.168.15.1 scope=10
add dst-address=208.67.220.220 gateway=192.168.15.1 scope=10

add dst-address=8.8.4.4 gateway=192.168.18.1 scope=10
add dst-address=208.67.222.222 gateway=192.168.18.1 scope=10

add distance=2 gateway=10.1.1.1 routing-mark=ISP1_ROUTE
add distance=1 gateway=10.2.2.2 routing-mark=ISP1_ROUTE
add distance=2 gateway=10.2.2.2 routing-mark=ISP2_ROUTE
add distance=1 gateway=10.1.1.1 routing-mark=ISP2_ROUTE


Configuracao completa (script de exportacao):



# mar/29/2022 04:57:06 by RouterOS 6.48.6
# software id = F0IQ-UDP2
#
# model = 750G
# serial number = 268D0182810D
/interface bridge
add fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether4 ] name=GwGrandstreamUP
set [ find default-name=ether5 ] name=Server
set [ find default-name=ether2 ] name=SumicityISP2
set [ find default-name=ether3 ] name=Switch
set [ find default-name=ether1 ] name=VivoISP1
/ip pool
add name=dhcp_pool0 ranges=192.168.17.100-192.168.17.198
/ip dhcp-server
add address-pool=dhcp_pool0 authoritative=after-2sec-delay disabled=no \
interface=bridge1 lease-time=1w3d10m name=dhcp1
/interface bridge port
add bridge=bridge1 interface=Switch
add bridge=bridge1 interface=GwGrandstreamUP
add bridge=bridge1 interface=Server
/ip address
add address=192.168.15.254/24 interface=VivoISP1 network=192.168.15.0
add address=192.168.18.254/24 interface=SumicityISP2 network=192.168.18.0
add address=192.168.17.1/24 interface=bridge1 network=192.168.17.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.17.0/24 dns-server=192.168.17.1,8.8.8.8,8.8.4.4 gateway=\
192.168.17.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.17.254 name=up.abratel.com.br
/ip firewall address-list
add address=200.155.0.0/16 list=BRADESCO
add address=200.201.0.0/16 list=CEF
add address=170.66.0.0/16 list=BB
add address=200.220.0.0/16 list=SANTANDER
add address=200.196.0.0/16 list=ITAU
add address=189.56.0.0/16 list=NOSSACAIXA
add address=161.113.0.0/24 list=HSBC
add address=201.77.231.25 list=PrefMuriae
add address=187.4.128.0/18 list=sicoob
add address=200.252.146.0/24 list=sicoob
add address=187.72.5.139 list=sicoob
add address=186.215.92.171 list=sicoob
add address=177.11.48.200 list="estrela dalva"
add address=192.168.17.0/24 list=lan
add address=192.168.2.0/24 list=lan
add address=192.168.3.0/24 list=lan
add address=192.168.4.0/24 list=lan
add address=192.168.5.0/24 list=lan
add address=192.168.6.0/24 list=lan
add address=192.168.8.0/24 list=lan
add address=192.168.9.0/24 list=lan
add address=192.168.10.0/24 list=lan
add address=192.168.11.0/24 list=lan
add address=192.168.13.0/24 list=lan
add address=192.168.12.0/24 list=lan
add address=192.168.14.0/24 list=lan
add address=up.abratel.com.br list=wan-ip
/ip firewall filter
add action=accept chain=input src-address=24.4.133.107
add action=drop chain=input dst-port=53 in-interface=VivoISP1 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=SumicityISP2 protocol=\
tcp
add action=drop chain=input dst-port=53 in-interface=VivoISP1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=SumicityISP2 protocol=\
udp
add action=drop chain=input comment="drop WINBOX brute forcers" dst-port=81 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=81 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=81 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=81 \
protocol=tcp
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=14w2d chain=input connection-state=new dst-port=81 \
hotspot="" protocol=tcp src-address-list=ssh_stage3
add action=accept chain=input connection-state="" dst-port=81 protocol=tcp
add action=accept chain=forward
add action=accept chain=output
add action=accept chain=input
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.17.0/24 src-address=\
192.168.17.0/24
add action=accept chain=prerouting dst-port=8085 in-interface=bridge1 \
protocol=tcp src-address=192.168.17.0/24
add action=accept chain=prerouting dst-port=4569 in-interface=bridge1 \
protocol=udp src-address=192.168.17.0/24
add action=accept chain=prerouting comment="LIBERAR SITES HTTPS" \
dst-address-list=BB
add action=accept chain=prerouting dst-address-list=SANTANDER
add action=accept chain=prerouting dst-address-list=sicoob
add action=accept chain=prerouting dst-address-list=BRADESCO
add action=accept chain=prerouting dst-address-list=PrefMuriae
add action=mark-connection chain=prerouting dst-address-list="estrela dalva" \
new-connection-mark=ISP2_CONN passthrough=yes
add action=accept chain=prerouting dst-address-list=CEF
add action=accept chain=prerouting dst-address-list=HSBC
add action=accept chain=prerouting dst-address-list=ITAU
add action=accept chain=prerouting dst-address-list=NOSSACAIXA
add action=accept chain=prerouting dst-address-list=SANTANDER
add action=accept chain=prerouting dst-port=443 protocol=tcp
add action=mark-connection chain=prerouting comment=\
------------------------------------------ connection-mark=no-mark \
in-interface=VivoISP1 new-connection-mark=ISP1_CONN passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=SumicityISP2 new-connection-mark=ISP2_CONN passthrough=yes
add action=jump chain=prerouting comment="====================" \
connection-mark=no-mark in-interface=bridge1 jump-target=policy_route
add action=mark-routing chain=prerouting comment="======================" \
connection-mark=ISP1_CONN new-routing-mark=ISP1_ROUTE passthrough=yes \
src-address=192.168.17.0/24
add action=mark-routing chain=prerouting connection-mark=ISP2_CONN \
new-routing-mark=ISP2_ROUTE passthrough=yes src-address=192.168.17.0/24
add action=mark-routing chain=output comment="===========================" \
connection-mark=ISP1_CONN new-routing-mark=ISP1_ROUTE passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_CONN \
new-routing-mark=ISP2_ROUTE passthrough=yes
add action=mark-connection chain=policy_route2 comment=\
"=======================" dst-address-type=!local new-connection-mark=\
ISP1_CONN passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/0
add action=mark-connection chain=policy_route dst-address-type=!local \
new-connection-mark=ISP2_CONN passthrough=yes
/ip firewall nat
add action=src-nat chain=srcnat comment=\
"============= Internet =================" out-interface=VivoISP1 \
to-addresses=192.168.15.254
add action=src-nat chain=srcnat out-interface=SumicityISP2 to-addresses=\
192.168.18.254
add action=dst-nat chain=dstnat dst-port=8085 protocol=tcp to-addresses=\
192.168.17.254 to-ports=8085
add action=masquerade chain=srcnat dst-port=8085 out-interface=bridge1 \
protocol=tcp src-address=192.168.17.0/24 to-addresses=192.168.17.254
add action=masquerade chain=srcnat dst-port=4569 out-interface=bridge1 \
protocol=udp src-address=192.168.17.0/24 to-addresses=192.168.17.254
add action=dst-nat chain=dstnat dst-port=4569 protocol=udp to-addresses=\
192.168.17.254 to-ports=4569
add action=redirect chain=dstnat comment=\
"=========  Winbox Redirect vindo da ISP1 ===========" dst-port=1198 \
in-interface=VivoISP1 log-prefix=TESTE_ISP1 protocol=tcp to-ports=81
add action=redirect chain=dstnat dst-port=1198 in-interface=VivoISP1 \
protocol=tcp to-ports=81
/ip route
add distance=1 gateway=10.1.1.1 routing-mark=ISP1_ROUTE
add distance=2 gateway=10.2.2.2 routing-mark=ISP1_ROUTE
add distance=1 gateway=10.2.2.2 routing-mark=ISP2_ROUTE
add distance=2 gateway=10.1.1.1 routing-mark=ISP2_ROUTE
add distance=1 gateway=10.2.2.2
add distance=2 gateway=10.1.1.1
add distance=1 dst-address=8.8.4.4/32 gateway=192.168.18.1 scope=10
add distance=1 dst-address=8.8.8.8/32 gateway=192.168.15.1 scope=10
add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=\
208.67.220.220 scope=10
add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=8.8.8.8 \
scope=10
add check-gateway=ping distance=1 dst-address=10.2.2.2/32 gateway=8.8.4.4 \
scope=10
add check-gateway=ping distance=1 dst-address=10.2.2.2/32 gateway=\
208.67.222.222 scope=10
add distance=1 dst-address=208.67.220.220/32 gateway=192.168.15.1 scope=10
add distance=1 dst-address=208.67.222.222/32 gateway=192.168.18.1 scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=1199
set ssh disabled=yes
set api disabled=yes
set winbox port=81
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=Up-Abratel
/system ntp client
set enabled=yes primary-ntp=200.160.0.8 secondary-ntp=200.189.40.8
/system package update
set channel=long-term
/tool bandwidth-server
set authenticate=no enabled=no
/tool netwatch
add disabled=yes host=8.8.8.8
add disabled=yes host=8.8.4.4

Deixe um comentário