Simple router Mikrotik Lite can’t works with two ISPs :’
# apr/01/2018 21:52:53 by RouterOS 6.40.6
# software id =
#
# model = RouterBOARD 941-2nD
# serial number =
/interface bridge
add comment=defconf fast-forward=no mtu=1500 name=BRIDGE
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n basic-rates-a/g=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps basic-rates-b=\
1Mbps,2Mbps,5.5Mbps,11Mbps channel-width=20/40mhz-Ce country=russia \
disabled=no distance=indoors frequency=auto max-station-count=5 mode=\
ap-bridge name=WLAN ssid="Nuclear War" wireless-protocol=802.11 \
wmm-support=enabled wps-mode=disabled
/interface ethernet
set [ find default-name=ether2 ] advertise=100M-full name=LAN-MASTER \
rx-flow-control=on tx-flow-control=on
set [ find default-name=ether3 ] advertise=100M-full master-port=LAN-MASTER \
name=LAN-SLAVE rx-flow-control=on tx-flow-control=on
set [ find default-name=ether4 ] advertise=100M-full name=WAN_DOM_RU
set [ find default-name=ether1 ] advertise=100M-full full-duplex=no name=\
WAN_TTK
/interface ovpn-server
add disabled=yes name=ovpn-in1 user=""
/ip neighbor discovery
set LAN-MASTER discover=no
set LAN-SLAVE discover=no
set WAN_DOM_RU discover=no
set WAN_TTK discover=no
set WLAN discover=no
set BRIDGE discover=no
/interface list
add name=INETS
add name=WANS
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
interim-update=5m management-protection=allowed mode=dynamic-keys \
radius-mac-accounting=yes radius-mac-authentication=yes radius-mac-mode=\
as-username-and-password supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=OVPN_srv_pool ranges=192.168.0.254-192.168.100.2
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
BRIDGE name=defconf
/ppp profile
set *0 use-compression=yes use-upnp=no
add local-address=192.168.100.1 name=OVPN_server remote-address=OVPN_srv_pool
set *FFFFFFFE use-compression=yes use-upnp=no
/interface ovpn-client
add certificate=test-client-ovpn-1 connect-to=141.102.32.96 disabled=yes \
mac-address= name=ovpn-out1 profile=OVPN_server user=\
test-user-1
/interface pppoe-client
add comment=DOM disabled=no interface=WAN_DOM_RU keepalive-timeout=disabled \
max-mru=1480 max-mtu=1480 mrru=1600 name=INET_DOM_RU profile=\
default-encryption user=v41617065
add comment=TTK disabled=no interface=WAN_TTK keepalive-timeout=disabled \
max-mru=1480 max-mtu=1480 mrru=1600 name=INET_TTK profile=\
default-encryption user=388002353
/ip neighbor discovery
set INET_TTK discover=no
/queue simple
add burst-limit=3500k/7500k burst-threshold=2500k/4500k burst-time=7s/7s \
disabled=yes max-limit=1500k/1500k name=notebook target=192.168.88.249/32
add burst-limit=3500k/10M burst-threshold=2500k/4500k burst-time=7s/7s \
disabled=yes max-limit=1500k/1500k name=wtf target=192.168.88.251/32
add burst-limit=1M/1500k burst-threshold=500k/1M burst-time=7s/7s disabled=\
yes max-limit=250k/500k name="mob tele2" target=192.168.88.252/32
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
add name=full2 policy="local,read,write,test,winbox,password,web,sniff,api,rom\
on,dude,tikapp,!telnet,!ssh,!ftp,!reboot,!policy,!sensitive"
/interface bridge port
add bridge=BRIDGE interface=LAN-MASTER
add bridge=BRIDGE interface=WLAN
/ip firewall connection tracking
set enabled=yes
/ip settings
set tcp-syncookies=yes
/interface list member
add interface=INET_TTK list=INETS
add interface=INET_DOM_RU list=INETS
add interface=WAN_TTK list=WANS
add interface=WAN_DOM_RU list=WANS
/interface ovpn-server server
set auth=sha1 certificate=test-srv-OVPN cipher=blowfish128 default-profile=\
OVPN_server enabled=yes require-client-certificate=yes
/interface wireless access-list
add interface=WLAN mac-address= vlan-mode=no-tag
add interface=WLAN mac-address= vlan-mode=no-tag
add interface=WLAN mac-address= vlan-mode=no-tag
add comment="my tel" mac-address= vlan-mode=no-tag
add comment="typo baran" mac-address= vlan-mode=no-tag
/ip address
add address=192.168.88.1/24 comment=defconf interface=BRIDGE network=\
192.168.88.0
/ip dhcp-server lease
add address=192.168.88.249 always-broadcast=yes client-id=1:28:56:5a:7e:46:c9 \
comment=Notebook mac-address= server=defconf
add address=192.168.88.251 client-id=1:60:a4:4c:61:f3:96 comment="wtf PC" \
mac-address= server=defconf
add address=192.168.88.250 client-id=1:20:cf:30:b6:2f:ce comment=\
"Miner, srcds PC" mac-address= server=defconf
add address=192.168.88.248 client-id=1:0:8:22:78:f1:19 comment=mom \
mac-address= server=defconf
add address=192.168.88.247 client-id=1:1c:15:1f:f:72:fc comment="my tel" \
mac-address= server=defconf
add address=192.168.88.252 comment=RIG-1 disabled=yes mac-address=\
64:D1:54:F4:DD:C6 server=defconf
add address=192.168.88.245 mac-address= server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 \
netmask=24
/ip dns
set allow-remote-requests=yes max-concurrent-queries=500 \
max-concurrent-tcp-sessions=100 servers=\
8.8.8.8,8.8.4.4,77.88.8.8,77.88.8.1
/ip firewall address-list
add address=192.168.88.251 comment="my pc" list=main
add address=192.168.88.250 comment="miner, srscds-public" list="miner, srcds"
add address=192.168.88.250/31 comment="my homenet" list=nat
add address=176.215.236.142 comment="baza shelehov" list=baza
add address=195.2.253.63 comment="virtual server from ipservers" list=dedics
add address=195.2.22.22 comment="virtual server from ipservers" list=\
dedics
add address=192.168.88.0/24 list=ALL_NAT
add address=195.2.22.22 comment=DB1-MSK list="public rcon"
add address=176.215.236.142 comment=BAZA list="public rcon"
add address=141.102.32.96 comment=TTK+ list="public rcon"
add address=192.168.88.250/31 comment="My & Server" list="public rcon"
add address=176.215.236.22 list=PUBLIC_IP
add address=141.102.32.96 list=PUBLIC_IP
add address=176.215.236.22 comment=DOM.RU list="public rcon"
/ip firewall filter
add action=fasttrack-connection chain=forward comment=\
"defconf: accept established,related" connection-state=\
established,related
add action=drop chain=forward comment=\
"defconf: drop all from INET not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=INETS
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid log-prefix=nvb
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=accept chain=input dst-port=8291 in-interface-list=INETS \
log-prefix="**** WINBOX: " protocol=tcp src-address-list="public rcon"
add action=accept chain=input comment="ICMP REQUEST" dst-address-list=\
"public rcon" in-interface-list=INETS log-prefix="**** ICMP:" protocol=\
icmp
add action=drop chain=input comment="view to other flood" in-interface-list=\
INETS log-prefix=nb
add action=drop chain=input comment="drop all from WAN" in-interface-list=\
WANS log-prefix=DROP
/ip firewall mangle
add action=accept chain=prerouting dst-address-list=PUBLIC_IP in-interface=\
BRIDGE
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=INET_TTK new-connection-mark=TTK_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=INET_DOM_RU new-connection-mark=DOM_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=BRIDGE new-connection-mark=TTK_conn \
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=BRIDGE new-connection-mark=DOM_conn \
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=TTK_conn \
in-interface=BRIDGE new-routing-mark=to_TTK
add action=mark-routing chain=prerouting connection-mark=DOM_conn \
in-interface=BRIDGE new-routing-mark=to_DOM
add action=mark-routing chain=output connection-mark=DOM_conn \
new-routing-mark=to_DOM
/ip firewall nat
add action=masquerade chain=srcnat comment=\
"allow traffic between nat ower wan connection (Hairpin NAT)" \
dst-address=192.168.88.250/31 log-prefix=good_job out-interface=BRIDGE \
src-address-list=ALL_NAT
add action=masquerade chain=srcnat out-interface=INET_TTK
add action=masquerade chain=srcnat out-interface=INET_DOM_RU
add action=dst-nat chain=dstnat comment="allow web access" dst-address-list=\
PUBLIC_IP dst-port=80 protocol=tcp to-addresses=192.168.88.251 to-ports=\
80
add action=netmap chain=dstnat comment="allow valve masterserver connection" \
dst-address-list=PUBLIC_IP dst-port=26900-26902 protocol=udp \
to-addresses=192.168.88.250/31 to-ports=26900-26902
add action=netmap chain=dstnat comment="allow srcds UDP connection" \
dst-address-list=PUBLIC_IP dst-port=27015,27016 log-prefix=\
" >>>>>>> 27015-27016 >>>>>>> " protocol=udp to-addresses=192.168.88.250 \
to-ports=27015-27016
add action=netmap chain=dstnat comment="allow RCON srcds TCP connection" \
dst-address-list=PUBLIC_IP dst-port=27015,27016 protocol=tcp \
src-address-list="public rcon" to-addresses=192.168.88.250 to-ports=\
27015-27016
add action=netmap chain=dstnat comment="allow RCON hlds TCP connection" \
dst-address-list=PUBLIC_IP dst-port=27777 protocol=tcp src-address-list=\
"public rcon" to-addresses=192.168.88.251 to-ports=27777
add action=netmap chain=dstnat comment=L2J dst-address-list=PUBLIC_IP \
dst-port=2106 protocol=tcp to-addresses=192.168.88.251 to-ports=2106
add action=netmap chain=dstnat comment=TORRENT dst-address-list=PUBLIC_IP \
dst-port=50000 protocol=udp to-addresses=192.168.88.251 to-ports=50000
add action=netmap chain=dstnat comment=L2J dst-address-list=PUBLIC_IP \
dst-port=7777 protocol=tcp to-addresses=192.168.88.251 to-ports=7777
add action=netmap chain=dstnat comment="allow hlds UDP connection" \
dst-address-list=PUBLIC_IP dst-port=27777 protocol=udp to-addresses=\
192.168.88.251 to-ports=27777
add action=netmap chain=dstnat comment="Team Viewer" dst-address-list=\
PUBLIC_IP dst-port=5938 protocol=tcp to-addresses=192.168.88.251 \
to-ports=5938
add action=netmap chain=dstnat comment="srcds clientport" dst-address-list=\
PUBLIC_IP dst-port=27080 protocol=udp to-addresses=192.168.88.250 \
to-ports=27080
add action=netmap chain=dstnat comment="allow srctv connection" \
dst-address-list=PUBLIC_IP dst-port=27400 protocol=udp to-addresses=\
192.168.88.250 to-ports=27400
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec policy
set 0 disabled=yes
/ip route
add distance=1 gateway=INET_TTK routing-mark=to_TTK
add distance=1 gateway=INET_DOM_RU routing-mark=to_DOM
add check-gateway=ping distance=1 gateway=INET_TTK,INET_DOM_RU
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes port=8080
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add name=test-user-1 profile=OVPN_server service=ovpn
/system clock
set time-zone-autodetect=no time-zone-name=Asia/...
/system identity
set name=...
/system package update
set channel=bugfix
/system routerboard settings
set cpu-frequency=750MHz
/tool mac-server
set [ find default=yes ] disabled=yes
add disabled=yes interface=BRIDGE
add interface=LAN-MASTER
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add disabled=yes interface=BRIDGE
add interface=LAN-MASTER
I tried to setup my “two ISP” by this wiki https://wiki.mikrotik.com/wiki/Manual:PCC and it works, but.. Not understand how it works, but when I enable the Torch, my internets’ speed and response are increasing. Without torch connection very slowly! Many cites opppens very very slowly :\ http://forum.mikrotik.com/t/use-two-isp-simulatenously/111111/9
and one.. when i tracerting some WAN host, I can’t see my router(WAN ip from ISPs) is it normally?
1 * * * TIMEOUT (There must be ISPs' IP)
2 1 ms 1 ms 1 ms 10.71.255.126 (There is a ISPs' gateway)
3 1 ms 1 ms 1 ms ae-2-435.bgw01.irkutsk.ertelecom.ru [109.194.24.18]
4 61 ms 61 ms 60 ms ertelecom-gw.transtelecom.net [188.43.11.121]
5 58 ms 58 ms 58 ms mskn08.transtelecom.net [188.43.11.122]
6 125 ms 125 ms 125 ms irk06.transtelecom.net [217.150.50.90] (tracered IP)
Looking at your config, personally, I suspect you copied things and just changed IP’s, etc to fit in with your situation without understanding what you did, so I will reset to factory default and start again.
Also suspect your fasttrack does not work, there is a “forward” rule missing that should be immediately under/after the fasttrack rule.
You seem to be using action netmap where you want port forwarding and should have used dst-nat, etc
My points above might be incorrect, but looking at your current config without a full understanding / view of your environment, can’t really offer assistance.
Fro your traceroute, it looks like it ws done from a pc inside the network, then no, you will not see the ISP’s IP but your internal gateway IP, again, it seems your firewall is blocking this, so see my points above
I’ve two ISP(WAN on eth1, eth4) and LAN(Bridge on eth2-et3, +wlan). What I need? I wanna using load balancer, and manage my incoming traffic(dst-nat, local server wich can acces to www and can open ports on both ISPs IP adresses. I don’t understand anything in networks but PCC works fine only when I enable a torch in my winbox. I think it’s not a normal, and nobody can answer why it happens…
I used a guide from wiki, of course I adapted it on the my router )) There’re a some differences, my ISPs’ coonfiguration not same as in wiki. ISPs’ IP address and its gateway from one network, but netwoks are dififerent in the my ISP2. ISPs’ WAN IP its an one network and its gateway from another network. But it works..
What’s this that forward, at first it was, I think, maybe, I could to delete it..
P.S. and torch fenomen, what a hell ))))) When disabled, speed and connection are slowly. But.. all connections will be work very perfectly if I enable torch..
Disable / delete rule below and test again
/ip firewall filter
add action=fasttrack-connection chain=forward comment=\
"defconf: accept established,related" connection-state=\
established,related