Nalam igy van megoldva, a WAN1 az egy PPPoE, a WAN2 meg fix publikus IP.
Itt ha elmegy az elsodleges akkor atall masodlagosra, de ha visszater a kapcsolat akkor a folyamatban levo session meg marad a masodlagoson.
Mindket kapcsolaton fogad es azon is valaszol bejovo kapcsolatokra, mert kivulrol egy healthcheck van a DNS rekordokon es atall a masodlagos kapcsolat IP cimere a rekord, ha offline lesz az elsodleges.
Szerk: publikus DNS-eket hasznalok a gateway checkre, a 10.1.1.1 es 10.2.2.2 dummy cimek a routolast segitendo, hogy ne interface allapottol, hanem tenyleges internet elerestol fuggjon a failover.
A 123.1.2.254 IP a WAN2 fix IP gateway-e a szolgaltato oldalon.
# Default routes
/ip route
add distance=1 gateway=WAN1 routing-mark=WAN1-route
add distance=2 gateway=123.1.2.254 routing-mark=WAN2-route
add distance=1 gateway=WAN1
add distance=2 gateway=123.1.2.254
# NAT masquerade
/ip firewall nat add chain=srcnat out-interface=WAN1 action=masquerade
/ip firewall nat add chain=srcnat out-interface=WAN2 action=masquerade
/ip firewall mangle
### Connection marks
# New LAN->WAN connections to keep on original interface in case of failover
add chain=postrouting connection-state=new out-interface=WAN1 action=mark-connection new-connection-mark=WAN1-masq-connection
add chain=postrouting connection-state=new out-interface=WAN2 action=mark-connection new-connection-mark=WAN2-masq-connection
# New WAN->Router
add chain=input connection-state=new in-interface=WAN1 action=mark-connection new-connection-mark=WAN1-incoming
add chain=input connection-state=new in-interface=WAN2 action=mark-connection new-connection-mark=WAN2-incoming
# Forwarded WAN->LAN
add chain=prerouting connection-state=new in-interface=WAN1 action=mark-connection new-connection-mark=WAN1-forward
add chain=prerouting connection-state=new in-interface=WAN2 action=mark-connection new-connection-mark=WAN2-forward
### Route marks
# LAN->WAN MASQ route existing connection to original route
add chain=prerouting in-interface=LAN connection-mark=WAN1-masq-connection action=mark-routing new-routing-mark=WAN1-route
add chain=prerouting in-interface=LAN connection-mark=WAN2-masq-connection action=mark-routing new-routing-mark=WAN2-route
# Router->WAN
add chain=output connection-mark=WAN1-incoming action=mark-routing new-routing-mark=WAN1-route
add chain=output connection-mark=WAN2-incoming action=mark-routing new-routing-mark=WAN2-route
# LAN->WAN forward repsonse
add chain=postrouting connection-mark=WAN1-forward action=mark-routing new-routing-mark=WAN1-route
add chain=postrouting connection-mark=WAN2-forward action=mark-routing new-routing-mark=WAN2-route
# Routes based on marks
/ip route
add dst-address=0.0.0.0/0 gateway=WAN1 routing-mark=WAN1-route
add dst-address=0.0.0.0/0 gateway=WAN2 routing-mark=WAN2-route
# todo: remove gateways
/ip route
add dst-address=1.1.1.1 gateway=WAN1 scope=10
add dst-address=208.67.220.220 gateway=WAN1 scope=10
add dst-address=8.8.8.8 gateway=123.1.2.254 scope=10
add dst-address=208.67.222.222 gateway=123.1.2.254 scope=10
add dst-address=10.1.1.1 gateway=1.1.1.1 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.1.1.1 gateway=208.67.220.220 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.2.2.2 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.2.2.2 gateway=208.67.222.222 scope=10 target-scope=10 check-gateway=ping
add distance=1 gateway=10.1.1.1 routing-mark=WAN1-route check-gateway=ping
add distance=1 gateway=10.2.2.2 routing-mark=WAN2-route check-gateway=ping