RB951G-2HnD
2 PPPoE ISPs: 50mbps dynamic IP and 70 mbps static IP. I setup both internets in failover like shown here:
http://forum.mikrotik.com/t/simple-2-wan-failover/74089/1
but it doesn’t work perfectly, sometimes webpages do not load, video games do not start.
Now I have:
dhcp for LAN
bridged LAN+wifi
firewall to only accept LAN connections and drop invalid connections
DNS caching
most of it is just copied from some internet guide or forum post, I don’t understand much in RouterOS. Now I want PCC load balancing + failover like here:
http://www.youtube.com/watch?v=ECqntLlhaz8#t=16m
But it’s way beyond my routeros skills.
- I am willing to pay someone to set it up for me, how much will it cost? As I understand it will only take like 30 minutes if the guy knows what he is doing? I can pay: paypal, webmoney, skrill (moneybookers), pokerstars.
- Will speed increase like 50+50 or 50+70?
- Does PCC method+failover load the router hardware much? I can change speeds to 70+100, will RB951G handle that?
icq: 471-591-986
skype: slipkn67
Hi.
Please contact me on my signature with your post atacched for more detail.
Regards
Sent from my mobile phone using Tapatalk.
This code is all over the internet, in every PCC mikrotik video:
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=WAN-OUT
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=WAN-OUT
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WAN-OUT per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=WAN-OUT action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=WAN-OUT action=mark-routing new-routing-mark=to_WAN2
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=2 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
It’s so simple, it would take 30 seconds to prepare IP addresses, gateway names, etc. And another 5 seconds to copy/paste the code. So please ignore the part where I said “I am willing to pay”. c0d3rSh3ll asked $100 for this. LOL. No ++ carma for him this time.
In order for the code to work I have to match:
WAN1 and WAN2:
Gateway IP addresses like 192.168.3.1 in IP → Address List:
WAN-OUT - I rename my bridge1 to WAN-OUT.
copy/paste the code and…
IT
DOESNT
FUCKING
WORK
Where did I make a mistake?
I have no wifi on the RB now. This config doesn’t use a wifi module.
Follow this guide:
System - Reset Configuration (check "No Default Configuration) - Yes
Plug ISP1 to port-1
Plug ISP2 to port-2
Plug computer to port-5 (5=master; 3+4=slave)
Winbox (connect by mac-address) login:admin password:
“New Terminal”
Change here (for admin access to the router): mylogin and mypassword
user add name=mylogin password=mypassword group=full
quit
login to the router with the new login&password
user disable admin
/interface
set 0 name=”eth1-wan1” disabled=no
set 1 name=”eth2-wan2” disabled=no
set 2 name=”eth3-lan-slave” disabled=no
set 3 name=”eth4-lan-slave” disabled=no
set 4 name=”eth5-lan” disabled=no
ethernet set eth3-lan-slave,eth4-lan-slave master-port=eth5-lan
Change here: pppoe1login pppoe1password pppoe2login pppoe2password
/interface pppoe-client
add name="pppoe1" interface=eth1-wan1 user="pppoe1login" password="pppoe1password" max-mtu=1492 max-mru=1492 add-default-route=no use-peer-dns=yes disabled=no
add name="pppoe2" interface=eth2-wan2 user="pppoe2login" password="pppoe2password" max-mtu=1492 max-mru=1492 add-default-route=no use-peer-dns=yes disabled=no
/ip address
add address=192.168.1.1/24 interface=eth5-lan
/ ip pool
add name="dhcp-pool-local" ranges=192.168.1.10-192.168.1.254
/ ip dhcp-server
add name="dhcp-local" interface=eth5-lan address-pool=dhcp-pool-local disabled=no
/ ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 dns-server=192.168.1.1
/ip dns
set servers=8.8.8.8,8.8.4.4 allow-remote-requests=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
set www disabled=yes
set www-ssl disabled=yes
/ip neighbor discovery set eth1-wan1 discover=no
/ip neighbor discovery set eth2-wan2 discover=no
/system
clock set time-zone-name=Europe/Moscow
ntp client set enabled=yes mode=unicast primary-ntp=31.135.73.5 secondary-ntp=82.100.248.10
/ip firewall address-list
add list=lan-ip address=192.168.1.0-192.168.1.255 comment="All IP of my LAN"
/ip firewall nat
add chain=srcnat out-interface=pppoe1 action=masquerade
add chain=srcnat out-interface=pppoe2 action=masquerade
/ip firewall filter
add chain=input connection-state=invalid action=drop comment="Drop input invalid connection packets"
add chain=forward connection-state=invalid action=drop comment="Drop forward invalid connection packets"
add chain=input connection-state=established action=accept comment="Allow input established connections"
add chain=forward connection-state=established action=accept comment="Allow forward established connections"
add chain=input connection-state=related action=accept comment="Allow input related connections"
add chain=forward connection-state=related action=accept comment="Allow forward related connections"
add chain=input src-address-list=lan-ip action=accept comment="Allow all input for local net "
add chain=forward src-address-list=lan-ip action=accept comment="Allow all forward for local net "
add chain=input action=accept protocol=icmp comment="Allow input Ping"
add chain=forward action=accept protocol=icmp comment="Allow forward Ping"
add chain=input action=drop comment="All other inputs drop"
add chain=forward action=drop comment="All other forwards drop"
/ip route
add check-gateway=ping comment="WAN 1 – Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe1 routing-mark=wan1
add check-gateway=ping comment="WAN 2 – Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe2 routing-mark=wan2
add check-gateway=ping comment="WAN 1 – Distance 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe2 routing-mark=wan1
add check-gateway=ping comment="WAN 2 – Distance 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe1 routing-mark=wan2
add check-gateway=ping comment="Default Route – Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe1
add check-gateway=ping comment="Default Route – Distance 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe2
add check-gateway=ping comment="Static Route – WAN1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe1 routing-mark=static-wan1
add check-gateway=ping comment="Static Route – WAN2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe2 routing-mark=static-wan2
/ip firewall mangle
add action=mark-connection chain=input comment="Mark new inbound connection wan1" connection-state=new disabled=no in-interface=pppoe1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=input comment="Mark new inbound connection wan2" connection-state=new disabled=no in-interface=pppoe2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark established inbound connection wan1" connection-state=established disabled=no in-interface=pppoe1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark established inbound connection wan2" connection-state=established disabled=no in-interface=pppoe2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark related inbound connection wan1" connection-state=related disabled=no in-interface=pppoe1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark related inbound connection wan2" connection-state=related disabled=no in-interface=pppoe2 new-connection-mark=wan2 passthrough=yes
add action=mark-routing chain=output comment="Mark new inbound route wan1" connection-mark=wan1 disabled=no new-routing-mark=static-wan1 passthrough=no
add action=mark-routing chain=output comment="Mark new inbound route wan2" connection-mark=wan2 disabled=no new-routing-mark=static-wan2 passthrough=no
add action=mark-connection chain=prerouting comment="Mark traffic that isn’t local with PCC mark rand (2 possibilities) – option 1" connection-state=new disabled=no dst-address-type=!local in-interface=eth5-lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="Mark traffic that isn’t local with PCC mark rand (2 possibilities) – option 2" connection-state=new disabled=no dst-address-type=!local in-interface=eth5-lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-connection chain=prerouting comment="Mark established traffic that isn’t local with PCC mark rand (2 possibilities) – option 1" connection-state=established disabled=no dst-address-type=!local in-interface=eth5-lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="Mark established traffic that isn’t local with PCC mark rand (2 possibilities) – option 2" connection-state=established disabled=no dst-address-type=!local in-interface=eth5-lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-connection chain=prerouting comment="Mark related traffic that isn’t local with PCC mark rand (2 possibilities) – option 1" connection-state=related disabled=no dst-address-type=!local in-interface=eth5-lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="Mark related traffic that isn’t local with PCC mark rand (2 possibilities) – option 2" connection-state=related disabled=no dst-address-type=!local in-interface=eth5-lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment="Mark routing for PCC mark – option 1" connection-mark=wan1_pcc_conn disabled=no new-routing-mark=wan1 passthrough=yes
add action=mark-routing chain=prerouting comment="Mark routing for PCC mark – option 2" connection-mark=wan2_pcc_conn disabled=no new-routing-mark=wan2 passthrough=yes
Did everything as written above and when I do a speedtest only 1 connection passes traffic, 2nd has 0/0. And it’s random, sometimes 1st ISP loads 50 mbps, sometimes 2nd ISP with 70 mbps:
What also is strange - it always shows my IP from ISP1. Did you add some rule in the script to not PCC http traffic?
I just downloaded 100GB file in utorrent, speed was stable around 12.5-13.5MB/sec:
http://imageshack.com/a/img62/9919/ca3o.png
Router CPU load was always 80%+ and that’s without bridging wifi+ethernet. Tried turning off all firewall rules, nothing changed 
You can see in the screenshot that both links downloaded ~50GB each, even if 2nd ISP is 40% faster. Total speed is limited by the slowest ISP I guess.
Other than that it works well, failover was the main reason for changing router. And now I have even more than that, thank you!
PS: I think mikrotik’s and speedtest.net’s 1 mbps = 10001000 bit/sec and not 10241024 bits/sec. Otherwise I don’t understand why speeds would show faster than ISP provides.