Hi everyone,
I got two ISP: static and dynamic (PPPoE)
Static ISP is the main one, dynamic is reserve.
Several devices and VMs are connected to the internet.
I’d like to connect wireless wifi network and certain addresses (devices and VMs) to the reserve ISP.
How can I do that?
Here’s my config:
/interface bridge
add name=bridge_lan
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether2_lan
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether4_lan
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether5_lan
/interface pppoe-client
add disabled=no interface=ether3 name=pppoe-out1 password=*** user=***
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-eC country=no_country_set disabled=no frequency=auto \
frequency-mode=manual-txpower mode=ap-bridge name=wlan1_lan_2GHZ ssid=TT \
station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \
channel-width=20/40/80mhz-XXXX country=no_country_set disabled=no \
frequency=auto frequency-mode=manual-txpower mode=ap-bridge name=\
wlan2_lan_5GHZ ssid=Begemot-5 station-roaming=enabled wireless-protocol=\
802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys supplicant-identity=\
MikroTik wpa-pre-shared-key=*** wpa2-pre-shared-key=***
/ip pool
add name=dhcp ranges=192.168.17.2-192.168.17.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge_lan name=dhcp1
/queue simple
add disabled=yes max-limit=0/1M name=192.168.17.250 target=192.168.17.250/32
add disabled=yes max-limit=0/1M name=192.168.17.249 target=192.168.17.249/32
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge_lan hw=no interface=ether2_lan
add bridge=bridge_lan hw=no interface=ether4_lan
add bridge=bridge_lan hw=no interface=ether5_lan
add bridge=bridge_lan interface=wlan1_lan_2GHZ
add bridge=bridge_lan interface=wlan2_lan_5GHZ
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=bridge_lan list=LAN
add interface=pppoe-out1 list=WAN
add interface=ether3 list=WAN
/ip address
add address=192.168.17.1/24 interface=bridge_lan network=192.168.17.0
add address=10.154.42.124/25 interface=ether1 network=10.154.42.0
/ip dhcp-server lease
add address=192.168.17.250 client-id=1:a0:56:f3:76:86:69 mac-address=\
A0:56:F3:76:86:69 server=dhcp1
add address=192.168.17.251 client-id=1:90:e6:ba:1e:e1:7d mac-address=\
90:E6:BA:1E:E1:7D server=dhcp1
add address=192.168.17.249 client-id=1:7c:d1:c3:f8:7c:3d mac-address=\
7C:D1:C3:F8:7C:3D server=dhcp1
add address=192.168.17.248 client-id=1:38:aa:3c:b8:9e:10 mac-address=\
38:AA:3C:B8:9E:10 server=dhcp1
add address=192.168.17.247 client-id=1:58:11:22:b1:4c:95 comment=Main \
mac-address=58:11:22:B1:4C:95 server=dhcp1
add address=192.168.17.246 client-id=1:12:30:c8:e1:36:27 mac-address=\
12:30:C8:E1:36:27 server=dhcp1
add address=192.168.17.241 client-id=1:0:c:29:7c:48:49 mac-address=\
00:0C:29:7C:48:49 server=dhcp1
add address=192.168.17.245 client-id=1:0:c:29:26:b7:32 mac-address=\
00:0C:29:26:B7:32 server=dhcp1
add address=192.168.17.240 client-id=1:0:c:29:52:7c:24 mac-address=\
00:0C:29:52:7C:24 server=dhcp1
add address=192.168.17.239 client-id=1:0:c:29:d9:de:9a mac-address=\
00:0C:29:D9:DE:9A server=dhcp1
add address=192.168.17.238 client-id=1:0:c:29:4f:63:28 mac-address=\
00:0C:29:4F:63:28 server=dhcp1
/ip dhcp-server network
add address=192.168.17.0/24 gateway=192.168.17.1
/ip dns
set servers=91.200.216.7,91.200.216.2,217.11.190.2,193.111.11.2
/ip firewall address-list
add address=192.168.17.0/24 list=LAN-IP
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address-list=\
allowed_ether1 new-routing-mark=to_ether1 passthrough=no
add action=mark-routing chain=prerouting dst-address-list=allowed_pppoe \
new-routing-mark=to_pppoe passthrough=no
add action=mark-routing chain=prerouting dst-address-list=YouTube-IP \
new-routing-mark=to_pppoe src-address-list=LAN-IP
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip firewall raw
add action=add-dst-to-address-list address-list=YouTube-IP \
address-list-timeout=none-dynamic chain=prerouting comment=YouTube-IP \
content=.youtube.com dst-address-list=!LAN-IP src-address-list=LAN-IP
add action=add-dst-to-address-list address-list=YouTube-IP \
address-list-timeout=none-dynamic chain=prerouting content=\
.googlevideo.com dst-address-list=!LAN-IP src-address-list=LAN-IP
add action=add-dst-to-address-list address-list=YouTube-IP \
address-list-timeout=none-dynamic chain=prerouting content=\
.youtube.googleapis.com dst-address-list=!LAN-IP src-address-list=LAN-IP
add action=add-dst-to-address-list address-list=YouTube-IP \
address-list-timeout=none-dynamic chain=prerouting content=.youtu.be \
dst-address-list=!LAN-IP src-address-list=LAN-IP
add action=add-dst-to-address-list address-list=YouTube-IP \
address-list-timeout=none-dynamic chain=prerouting content=.ytimg.com \
dst-address-list=!LAN-IP src-address-list=LAN-IP
/ip route
add check-gateway=ping distance=1 gateway=10.154.42.1 pref-src=10.154.42.124 \
routing-mark=to_ether1
add check-gateway=ping distance=1 gateway=pppoe-out1 routing-mark=to_pppoe
add check-gateway=ping comment=TTL distance=1 gateway=10.154.42.1 pref-src=\
10.154.42.124
add check-gateway=ping comment=SATURN distance=2 gateway=pppoe-out1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Dushanbe
/system identity
set name=Translator
/system scheduler
/tool traffic-monitor
add interface=wlan2_lan_5GHZ name=tmon1 threshold=0