1. Assign IP on Mikrotik interface
Example: WAN1: 120.136.28.2/30
LAN1: 192.168.100.1/24
WAN2: 120.136.30.2/30
LAN2: 192.168.50.1/24
2. Filter the packet with Mangle
i will copy and past the script, because it is faster
you can manually, check your configuration on the User Interface later.
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=120.136.28.0/24 action=accept in-interface=LAN1
add chain=prerouting dst-address=120.136.30.0/24 action=accept in-interface=LAN2
add chain=prerouting dst-address-type=!local in-interface=LAN1 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=LAN1 action=mark-routing new-routing-mark=to_WAN1 passthrough=yes
add chain=prerouting connection-mark=WAN2_conn in-interface=LAN2 action=mark-routing new-routing-mark=to_WAN2 passthrough=yes
3. Add load balance route and backup route
/ip route
add dst-address=0.0.0.0/0 gateway=120.136.28.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=120.136.30.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=120.136.28.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=120.136.30.1 distance=2 check-gateway=ping
4. Add nat for WAN1 and WAN2
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
now we can test the connection on LAN1 and LAN2
done!!!
Blogger Comment
Facebook Comment