Dual Wan Load Balancing (PCC) 1 PPPoe Dynamic IP + 1 Static IP

ramx2 · September 1, 2015, 7:56am

Dear Sirs,

I’ve been playing around with Dual Wan and looking for many scripts online but I’m really lost. There’s too many options but which suits my case.

DHCP is on with pool 192.168.0.100-192.168.0.254

WAN1 : PPPoe ( Dynamic IP) Port Name: pppoe-DialUp / ether1-gateway
WAN2: 192.168.10.1 (Static IP) Port Name: ether5-slave-local

Plz check this script will it work properly?

/interface bridge settings
set use-ip-firewall=yes



/interface bridge settings
set use-ip-firewall-for-pppoe=yes



/ip firewall mangle
add chain=prerouting dst-address=192.168.0.0/24 in-interface=bridge-local action=accept 



/ip firewall mangle
add chain=input  in-interface=pppoe-DialUp connection-mark=no-mark action=mark-connection new-connection-mark=WAN1 passthrough=no
add chain=input  in-interface=ether5-slave-local connection-mark=no-mark action=mark-connection new-connection-mark=WAN2 passthrough=no


/ip firewall mangle
add chain=output  out-interface=pppoe-DialUp connection-mark=WAN1 action=mark-routing new-routing-mark=WAN1 passthrough=no
add chain=output  out-interface=ether5-slave-local connection-mark=WAN2 action=mark-routing new-routing-mark=WAN2 passthrough=no


/ip firewall mangle
add chain=prerouting connection-mark=no-mark dst-address-type=!local  in-interface=bridge-local per-connection-classifier=both-addresses:2/0  action=mark-connection new-connection-mark=WAN1
add chain=prerouting connection-mark=no-mark dst-address-type=!local  in-interface=bridge-local per-connection-classifier=both-addresses:2/1  action=mark-connection new-connection-mark=WAN2



/ip firewall mangle
add chain=prerouting  connection-mark=WAN1 in-interface=bridge-local action=mark-routing new-routing-mark=WAN1  passthrough=no
add chain=prerouting  connection-mark=WAN2 in-interface=bridge-local action=mark-routing new-routing-mark=WAN2  passthrough=no



/ip route
add dst-address=0.0.0.0/0  gateway=pppoe-DialUp routing-mark=WAN1 
add dst-address=0.0.0.0/0  gateway=ether5-slave-local routing-mark=WAN2



/ip route
add dst-address=0.0.0.0/0  gateway=pppoe-DialUp distance=1
add dst-address=0.0.0.0/0  gateway=ether5-slave-local distance=2




Example for dynamic IPs:

/ip firewall nat
add chain=src-nat  out-interface=pppoe-DialUp action=masquerade
add chain=src-nat  out-interface=ether5-slave-local action=masquerade

Example for static IPs of 1.2.3.4 and 4.3.2.1:

/ip firewall nat
add chain=src-nat  out-interface=pppoe-DialUp action=src-nat to-addresses=1.2.3.4
add chain=src-nat  out-interface=ether5-slave-local action=src-nat to-addresses=4.3.2.1

Example for dynamic/Static IPs:
add chain=src-nat  out-interface=pppoe-DialUp action=masquerade
add chain=src-nat  out-interface=ether5-slave-local action=src-nat to-addresses=192.168.10.2

Or shall I go with this script?

#|/ip address 
/ip address add address=192.168.10.2/24 network=192.168.10.0 broadcast=192.168.10.255 interface=ether2 
/ip address add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=ether5 comment="default configuration" 

#|/ip firewall mangle 
/ip firewall mangle add chain=input in-interface=pppoe-out1 action=mark-connection new-connection-mark=ether1_conn 
/ip firewall mangle add chain=input in-interface=ether2 action=mark-connection new-connection-mark=ether2_conn 


/ip firewall mangle add chain=output connection-mark=ether1_conn action=mark-routing new-routing-mark=to_ether1 
/ip firewall mangle add chain=output connection-mark=ether2_conn action=mark-routing new-routing-mark=to_ether2 


/ip firewall mangle add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=ether5 
/ip firewall mangle add chain=prerouting dst-address=192.168.10.0/24 action=accept in-interface=ether5 

/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=ether5 per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=ether1_conn passthrough=yes 
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=ether5 per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=ether2_conn passthrough=yes 
 
/ip firewall mangle add chain=prerouting connection-mark=ether1_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether1 
/ip firewall mangle add chain=prerouting connection-mark=ether2_conn in-interface=ether5 action=mark-routing new-routing-mark=to_ether2 


#|/ip route 
/ip route add dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_wan1 check-gateway=ping 
/ip route add dst-address=0.0.0.0/0 gateway=192.168.10.1 routing-mark=to_ether2 check-gateway=ping 


/ip route add dst-address=0.0.0.0/0 gateway=pppoe-out1 distance=1 check-gateway=ping 
/ip route add dst-address=0.0.0.0/0 gateway=192.168.10.1 distance=2 check-gateway=ping 


#|/ip firewall nat 
/ip firewall nat add chain=srcnat out-interface=pppoe-out1 action=masquerade 
/ip firewall nat add chain=srcnat out-interface=ether2 action=masquerade 


#| DHCP server is on switch, with address pool 192.168.0.100-192.168.0.200 
/ip pool add name=default-dhcp ranges=192.168.0.100-192.168.0.200 
/ip dhcp-server add name=default address-pool=default-dhcp interface=ether5 disabled=no 
/ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.1 dns-server=192.168.0.1 comment="default configuration" 

#| DNS 
/ip dns set allow-remote-requests=yes 
/ip dns static add name=router address=192.168.0.1 

#| Now Configure DNS server so users can resolve hostnames, 
#| Ex.cache-size=5000KiB 
#| DNS Google = 8.8.8.8,8.8.4.4 
#| DNS 3BB = 110.164.252.222,110.164.252.223 
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000K max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4 









For the unequal-speed Internet line, you can edit the code (for example speed WAN 1,2,3 4Mb speed WAN 4 and 8 Mb). 
(The principle is, in the first iteration has many times. Shared Bandwidth just trying to use it as well. Or may be offset to some Link as special needs or not. 
- In the first sample loops are five times 4/0 to 4/4 by trying to spread out through Link Bandwidth used all the same). 

add chain = prerouting dst-address-type =! local in-interface = Local per-connection-classifier = both-addresses-and-ports: 4/0 action = mark-connection new-connection-mark = ether1_conn passthrough = yes. 
add chain = prerouting dst-address-type =! local in-interface = Local per-connection-classifier = both-addresses-and-ports: 4/1 action = mark-connection new-connection-mark = ether2_conn passthrough = yes. 
add chain = prerouting dst-address-type =! local in-interface = Local per-connection-classifier = both-addresses-and-ports: 4/2 action = mark-connection new-connection-mark = ether3_conn passthrough = yes. 
add chain = prerouting dst-address-type =! local in-interface = Local per-connection-classifier = both-addresses-and-ports: 4/3 action = mark-connection new-connection-mark = ether4_conn passthrough = yes. 
add chain = prerouting dst-address-type =! local in-interface = Local per-connection-classifier = both-addresses-and-ports: 4/4 action = mark-connection new-connection-mark = ether4_conn passthrough = yes. 


I recommend copying the code stored as Word, because if you want to change the IP or the other. We can use the search function and replace it.

/ip firewall mangle add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=ether5

This line confused me in the second script what shall I put for the PPPoe as it’s a dynamic instead the (dst-address=192.168.1.0/24) ?

I added a photo for my interfaces.

marting · September 2, 2015, 8:44am

Without having read your whole scripts, I recommend to follow these instructions:
http://wiki.mikrotik.com/wiki/Manual:PCC#Application_Example_-_Load_Balancing
I implemented it this way with good results.

freemannnn · September 2, 2015, 11:25am

the article above is talking for 2 dsl lines with dhcp. is not the same for 1 pppoe and 1 dhcp.

i have also the same question regarding second senario. the same line confusing me also when i have first line with pppoe (bridge modem) and second line with dhcp.
for the moment in a case with pppoe and dhcp i am using the first script and is working good. i dont know why “use-ip-firewall=yes” is needed.

i found the article for 2 pppoe in the link below and is very good. also similar to yours for the first senario.
https://blog.linitx.com/load-balancing-multiple-internet-connections/

marting · September 2, 2015, 11:49am

In fact it is not even talking about DHCP. It only relies on Interfaces. So which point in the article do you think will not work with pppoe interfaces?
Of course you don´t have to add the WAN ip address manually but you don´t have to do with dhcp also.

freemannnn · September 2, 2015, 11:53am

so you mean this line is not needed?
/ip firewall mangle add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=ether5

or what needed for 1 pppoe and 1 dhcp?

marting · September 2, 2015, 12:12pm

No I meant these lines:
/ ip address
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ISP1
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ISP2

Go through the Explanation section and read each paragraph and build it step by step. It is really nice explained.
Either you are willing to put some effort and brains in it or you consult a technican that implements it for you. The forum is for answering questions but not for claiming adapted comprehensive solutions.

Additional benefit is: If you are complete with your solution, you understood what you were doing and can adjust it later, make some extensions or find faults.

ramx2 · September 2, 2015, 9:27pm

Guys, I read too many scenarios thus now I’m having issues with 6.31.. I’m not into scripting

This section is for beginners basics no ? All I’ve asked is for your help! I’ve found too many scenarios 2wan or 3 or 4 + failovers ects..static dynamic but I haven’t found one that fits my need ! I’ve collected too many scripts and so far it didn’t work for me.

Wan1 is PPPoe (Dynamic) - Wan2 Static ip… My routers ports 2 to 5 are bridged.. All tutorials shows no bridge…

Kindly help me out.

Regards,

ramx2 · September 2, 2015, 9:53pm

freemannnn,
Your suggestion didn’t work out with me:

/interface bridge settings
set use-ip-firewall=yes

/interface bridge settings
set use-ip-firewall-for-pppoe=yes

/ip firewall mangle
add chain=prerouting dst-address=192.168.0.0/24 in-interface=bridge-local action=accept 


/ip firewall mangle
add chain=input  in-interface=pppoe-DialUp connection-mark=no-mark action=mark-connection new-connection-mark=WAN1 passthrough=no
add chain=input  in-interface=ether5-slave-local connection-mark=no-mark action=mark-connection new-connection-mark=WAN2 passthrough=no


/ip firewall mangle
add chain=output  out-interface=pppoe-DialUp connection-mark=WAN1 action=mark-routing new-routing-mark=WAN1 passthrough=no
add chain=output  out-interface=ether5-slave-local connection-mark=WAN2 action=mark-routing new-routing-mark=WAN2 passthrough=no


/ip firewall mangle
add chain=prerouting connection-mark=no-mark dst-address-type=!local  in-interface=bridge-local per-connection-classifier=both-addresses:2/0  action=mark-connection new-

connection-mark=WAN1
add chain=prerouting connection-mark=no-mark dst-address-type=!local  in-interface=bridge-local per-connection-classifier=both-addresses:2/1  action=mark-connection new-

connection-mark=WAN2



/ip firewall mangle
add chain=prerouting  connection-mark=WAN1 in-interface=bridge-local action=mark-routing new-routing-mark=WAN1  passthrough=no
add chain=prerouting  connection-mark=WAN2 in-interface=bridge-local action=mark-routing new-routing-mark=WAN2  passthrough=no





/ip route
add dst-address=0.0.0.0/0  gateway=pppoe-DialUp routing-mark=WAN1 
add dst-address=0.0.0.0/0  gateway=ether5-slave-local routing-mark=WAN2


/ip route
add dst-address=0.0.0.0/0  gateway=pppoe-DialUp distance=1
add dst-address=0.0.0.0/0  gateway=ether5-slave-local distance=2



/ip firewall nat
add chain=src-nat  out-interface=pppoe-DialUp action=masquerade
add chain=src-nat  out-interface=ether5-slave-local action=masquerade

marting · September 3, 2015, 7:47am

The posted PCC configuration can be adapted to bridge very simple. Change in-interface=LAN to in-interface=your-bridge and so on.

freemannnn · September 3, 2015, 8:24am

this is the script i am using…
pppoe-out1=bridge modem (main dsl line exclusive for hotel customers)
WAN2=second router with dhcp (second dsl line i am borrowing bandwidth daily 15:00-10:00 time)

i also have schedule to enable and disable WAN2 interface because this is the office internet i am borrowing bandwidth and i dont want to slow them down during working hours (morning).

is working as i want. when i disable wan2 (10:00 in the morning) customers are taking only from pppoe-out1 without any delay!

/ip firewall mangle
add chain=input in-interface=pppoe-out1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=192.168.88.0/24 action=accept in-interface=bridge-local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.88.1 routing-mark=to_WAN1
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.88.1 distance=1
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=pppoe-out1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

ramx2 · September 4, 2015, 6:23am

freemannnn:

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

Since you are using two Wan shouldn’t be like this?

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

I will try your script, the truth I need to add the same schedule to my WAN2 I need it to be available from 12:00 AM > 6:00 AM on daily basis..

Is your WAN2 interface assigned to any “master port” ? Or it’s set to “none” ?

freemannnn · September 4, 2015, 7:21am

Set to “none”