두 개의 WAN 포트(WAN2 및 WAN3)가 있는 RouterOS 7 라우터(문제 없이 이 두 WAN IP를 사용하여 Winbox에 액세스할 수 있음)와 Wireguard(WG) 서비스를 설정합니다. WAN3 IP로는 WG에 연결할 수 있지만 WAN2 IP로는 연결할 수 없습니다. 구성은 다음과 같습니다.
/interface ethernet
set [ find default-name=ether3 ] comment="wan2" disable-running-check=no
set [ find default-name=ether4 ] comment="wan3" disable-running-check=no
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface wireguard peers
add allowed-address=0.0.0.0/0 interface=wireguard1 public-key="7dUlL*****axiT0="
/ip address
add address=8.1.1.169/26 comment="wan2" interface=ether3 network=8.1.1.128
add address=9.1.1.149/25 comment="wan3" interface=ether4 network=9.1.1.128
add address=10.15.8.1/24 interface=wireguard1 network=10.15.8.0
/ip firewall nat
add action=masquerade chain=srcnat comment="wan2" out-interface=ether3
add action=masquerade chain=srcnat comment="wan3" out-interface=ether4
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=8.1.1.128/26 in-interface=ether3 new-connection-mark=wan2conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=9.1.1.128/25 in-interface=ether4 new-connection-mark=wan3conn passthrough=yes
add action=mark-routing chain=output connection-mark=wan2conn new-routing-mark=vrf2 passthrough=no
add action=mark-routing chain=output connection-mark=wan3conn new-routing-mark=main passthrough=no
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.1.1.129 pref-src="" routing-table=vrf2 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=9.1.1.145 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
패킷 캡처를 시도했으며 결과는 다음과 같습니다.
1 5.132 ether3 wgclientip:50923 8.1.1.169:13231 udp 190 0
2 5.132 ether4 9.1.1.149:13231 wgclientip:50923 udp 134 0
패킷 2는 eth3을 통과해야 하는데 대신 eth4를 통과해야 합니까? 도움을 주셔서 감사합니다.