Powered by Blogger.

Mikrotik two WAN Load balance

1. Assign IP on Mikrotik interface

Example: WAN1: 120.136.28.2/30
WAN2: 120.136.30.2/30
Local: 192.168.100.1/24

2. Configure DNS and DHCP


3. Filter the packet with Mangle

i will copy and past the script, cause it is faster
you can manually, check your configuration on the User Interface later.


/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=120.136.28.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=120.136.30.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2


4. Add load balance route and backup route

/ip route
add dst-address=0.0.0.0/0 gateway=120.136.28.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=120.136.30.1 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=120.136.28.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=120.136.30.1 distance=2 check-gateway=ping

5. Add nat for WAN1 and WAN2


/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

now go to Win XP-01 to test the Connection Load Banlance

Done ..
    Blogger Comment
    Facebook Comment