Hello Everyone,
I’m new here and just started using Mikrotik. I have set up a small lab at my home with a Mikrotik RB750r2 router and just encountered a problem. I have successfully configured the Load Balancer and it’s working flawlessly over 2 WAN connections but the problem which I’m facing is once my first WAN is down I really can’t access the internet even the second connection is working perfectly. In order to use the internet, I have to disable the interface of WAN1 then I can access the internet. Please find below my network structure:
- WAN1 - It’s a Fiber Connection connected with a Huawei modem my ISP is using PPPoE authentication. I have assigned this: 192.168.0.1 address to the LAN of this modem and LAN cable is connected with the ETHER 1
- WAN2 - It’s an ADSL connection connected with a Modem provided by my ISP and again they’re using PPPoE authentication. I have assigned this: 192.168.10.1 address to the LAN of this modem and LAN cable is connected with the ETHER 3.
- LAN: I’m using ETHER 2 as my LAN interface and using DHCP and assigned this: 192.168.88.1 pool and my home router is connected with the LAN interface IP is 192.168.100.1
See below the traceroute when my WAN 1 was down:
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
1 192.168.100.1 (192.168.100.1) 13.728 ms 87.630 ms 2.012 ms
2 * * *
3 192.168.10.1 (192.168.10.1) 63.648 ms 1.674 ms
192.168.0.1 (192.168.0.1) 1.352 ms
4 * * *
5 10.0.6.1 (10.0.6.1) 69.875 ms 26.876 ms 34.302 ms
6 10.0.3.89 (10.0.3.89) 248.156 ms 23.786 ms 24.990 ms
7 10.0.6.49 (10.0.6.49) 43.037 ms 85.450 ms 104.436 ms
8 10.253.4.108 (10.253.4.108) 42.076 ms 40.550 ms 42.670 ms
9 10.253.4.26 (10.253.4.26) 43.178 ms 40.959 ms 42.659 ms
10 74.125.118.170 (74.125.118.170) 61.837 ms 64.462 ms 60.189 ms
11 10.23.222.190 (10.23.222.190) 64.734 ms * 122.856 ms
12 dns.google (8.8.8.8) 62.472 ms 62.726 ms 127.126 ms
Please see below my configuration:
/interface bridge
add admin-mac=C4:AD:34:CD:66:69 auto-mac=no comment=defconf disabled=yes \
name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=LAN1
set [ find default-name=ether1 ] disabled=yes name=WAN1
set [ find default-name=ether3 ] name=WAN2
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add dns-name=hamza.tariq hotspot-address=192.168.88.1 html-directory=\
flash/hotspot name=hsprof1
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp disabled=no interface=LAN1 lease-time=1h name=dhcp1
/ip hotspot
add address-pool=dhcp interface=LAN1 name=hotspot1 profile=hsprof1
/interface bridge port
add bridge=bridge comment=defconf interface=LAN1
add bridge=bridge comment=defconf interface=WAN2
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=all
/interface list member
add comment=defconf interface=LAN1 list=LAN
add comment=FIBERLINK interface=WAN1 list=WAN
add comment=PTCL interface=WAN2 list=WAN
/interface pppoe-server server
add disabled=no interface=LAN1 keepalive-timeout=disabled service-name=\
"Server 1"
/ip address
add address=192.168.88.1/24 comment=defconf interface=LAN1 network=\
192.168.88.0
add address=192.168.10.2/24 interface=WAN2 network=192.168.10.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=WAN1
/ip dhcp-server lease
add address=192.168.88.252 client-id=1:b0:be:76:d2:4f:53 mac-address=\
B0:BE:76:D2:4F:53 server=dhcp1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input dst-port=80 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=accept chain=input disabled=yes dst-address=192.168.0.1 protocol=\
tcp src-address=192.168.88.0/24
/ip firewall mangle
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=\
WAN1_conn passthrough=yes
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=\
WAN2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=yes
add action=accept chain=prerouting dst-address=192.168.0.0 in-interface=LAN1
add action=accept chain=prerouting dst-address=192.168.10.0 in-interface=LAN1
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=LAN1 new-connection-mark=WAN1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=LAN1 new-connection-mark=WAN2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=LAN1 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=LAN1 new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.88.0/24
/ip hotspot user
add name=admin
/ip route
add check-gateway=ping distance=1 gateway=192.168.0.1 routing-mark=to_WAN1 \
scope=255
add check-gateway=ping distance=1 gateway=192.168.10.1 routing-mark=to_WAN2 \
scope=255
add check-gateway=ping distance=1 gateway=192.168.0.1 scope=255
add check-gateway=ping distance=2 gateway=192.168.10.1 scope=255
/ppp secret
add local-address=117.102.48.100 name=ppp1 password=111222 remote-address=\
117.102.48.1 service=pppoe
/system clock
set time-zone-name=Asia/Karachi
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool traffic-monitor
add disabled=yes interface=LAN1 name=tmon1 threshold=0
I’d really appreciate if you guys can help! 
Thanks!