Hi all,
I’m the mikrotik newbies.
I try to do the dual wan load balancer with fail over (by checking ping the internet status for WAN1 and WAN2 (I mean ISP1 and ISP2) using below command.
#|
#|
#| Define all parameters
#|
#|
:global wanAddress1 192.168.5.2/29
:global wanNetwork1 192.168.5.0
:global wanNetwork1Subnet 192.168.5.1/29
:global wanBroadcast1 192.168.5.7
:global wanGateway1 192.168.5.1
:global wanAddress2 192.168.5.10/29
:global wanNetwork2 192.168.5.8
:global wanNetwork2Subnet 192.168.5.9/29
:global wanBroadcast2 192.168.5.15
:global wanGateway2 192.168.5.9
:global localAddress 192.168.88.1/24
:global localNetwork 192.168.88.0
:global localNetwork2 192.168.88.0/24
:global localBroadcast 192.168.88.255
:global localGateway 192.168.88.1
:global localDNS 192.168.88.1
:global localPool 192.168.88.10-192.168.88.253
:global dnsServer 8.8.8.8,8.8.4.4
#|
#|
#| Assign interace’s name
#|
#|
/interface set “ether1” name=“PORT1_WAN”
/interface set “ether2” name=“PORT2_WAN”
/interface set “ether3” name=“PORT3_LAN”
/interface set “ether4” name=“PORT4_LAN”
/interface set “ether5” name=“PORT5_LAN”
#|
#|
#| Assign master port switch
#|
#|
/interface ethernet set PORT4_LAN,PORT5_LAN master-port=PORT3_LAN
#|
#|
#| Assign ipaddress to our interfaces
#|
#|
#| Port 1 → WAN 1
/ip address add address=$wanAddress1 network=$wanNetwork1 broadcast=$wanBroadcast1 interface=PORT1_WAN
#| Port 2 → WAN 2
/ip address add address=$wanAddress2 network=$wanNetwork2 broadcast=$wanBroadcast2 interface=PORT2_WAN
#| Port 3 → Local LAN
#| Port 4 → Local LAN
#| Port 5 → Local LAN
/ip address add address=$localAddress network=$localNetwork broadcast=$localBroadcast interface=PORT3_LAN
#|
#| 1,2
#| Mark incoming package on input’s chain
#|
/ip firewall mangle add chain=input in-interface=PORT1_WAN action=mark-connection new-connection-mark=PORT1_WAN_conn
/ip firewall mangle add chain=input in-interface=PORT2_WAN action=mark-connection new-connection-mark=PORT2_WAN_conn
#|
#| 3,4
#| Mark routing package on output’s chain
#|
/ip firewall mangle add chain=output connection-mark=PORT1_WAN_conn action=mark-routing new-routing-mark=to_PORT1_WAN
/ip firewall mangle add chain=output connection-mark=PORT2_WAN_conn action=mark-routing new-routing-mark=to_PORT2_WAN
#|
#| 5,6
#| Accept all packages if they come from local
#|
/ip firewall mangle add chain=prerouting dst-address=$wanNetwork1Subnet action=accept in-interface=PORT3_LAN
/ip firewall mangle add chain=prerouting dst-address=$wanNetwork2Subnet action=accept in-interface=PORT3_LAN
#|
#| 7,8
#| Do the load balance package
#|
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=PORT3_LAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=PORT1_WAN_conn passthrough=yes
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=PORT3_LAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=PORT2_WAN_conn passthrough=yes
#|
#| 9,10
#| Mark output network for packages
#|
/ip firewall mangle add chain=prerouting connection-mark=PORT1_WAN_conn in-interface=PORT3_LAN action=mark-routing new-routing-mark=to_PORT1_WAN
/ip firewall mangle add chain=prerouting connection-mark=PORT2_WAN_conn in-interface=PORT3_LAN action=mark-routing new-routing-mark=to_PORT2_WAN
#|
#| Add routing table
#|
/ip route add dst-address=8.8.8.8 gateway=$wanGateway1 scope=10
/ip route add dst-address=203.144.207.29 gateway=$wanGateway1 scope=10
/ip route add dst-address=8.8.4.4 gateway=$wanGateway2 scope=10
/ip route add dst-address=203.144.207.49 gateway=$wanGateway2 scope=10
/ip route add dst-address=10.1.1.1 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=ping
/ip route add dst-address=10.1.1.1 gateway=203.144.207.29 scope=10 target-scope=10 check-gateway=ping
/ip route add dst-address=10.2.2.2 gateway=8.8.4.4 scope=10 target-scope=10 check-gateway=ping
/ip route add dst-address=10.2.2.2 gateway=203.144.207.49 scope=10 target-scope=10 check-gateway=ping
/ip route add distance=1 gateway=10.1.1.1 routing-mark=to_PORT1_WAN
/ip route add distance=2 gateway=10.2.2.2 routing-mark=to_PORT1_WAN
/ip route add distance=1 gateway=10.2.2.2 routing-mark=to_PORT2_WAN
/ip route add distance=2 gateway=10.1.1.1 routing-mark=to_PORT2_WAN
#|
#|
#| Assign NAT
#|
#|
/ip firewall nat add chain=srcnat out-interface=PORT1_WAN action=masquerade
/ip firewall nat add chain=srcnat out-interface=PORT2_WAN action=masquerade
#|
#|
#| Assign allow DNS
#|
#|
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=$dnsServer
#|
#|
#| Assign DHCP server
#|
#|
/ip pool add name=default-dhcp ranges=$localPool
/ip dhcp-server add name=default address-pool=default-dhcp interface=PORT3_LAN disabled=no
/ip dhcp-server network add address=$localNetwork2 gateway=$localGateway dns-server=$localDNS
Even though the load balance work very well.I found that when I try to ping to some destination let say “www.facebook.com” and saw that this ping packet pass through my “Wan1” port and then I try to make my “Wan1” internet down but WAN1 port still up.
I found that my ping to “facebook.com” lost without any fail over to my WAN2 which is working.
I also try to make another ping session with the same destination (facebook.com) but ping cannot reach the destination I meant the ping packet to facebook.com will pass through only my WAN1 port without going to WAN2.Does anyone know what wrong with my load balance command?
Ps.when I make WAN1 internet down if it’s not facebook.com which was pinging before WAN1 down others website can ping through WAN2 automatically.
Thank you very much