namo
November 6, 2009, 6:44am
1
code 1
/ip address
add address=1.1.1.2/24 disabled=no interface=outside1
add address=1.1.2.2/24 disabled=no interface=outside2
add address=10.0.0.1/24 disabled=no interface=hotspot
/ip firewall address-list
add address=10.0.0.0/24 disabled=no list=Local_NAT_Networks
/ip firewall mangle
add action=mark-connection chain=input connection-state=new disabled=no in-interface=outside1 new-connection-mark=outside1_connection passthrough=yes
add action=mark-connection chain=input connection-state=new disabled=no in-interface=outside2 new-connection-mark=outside2_connection passthrough=yes
add action=mark-routing chain=output connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes
add action=mark-routing chain=output connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=1.1.1.0/24 src-address-list=Local_NAT_Networks
add action=accept chain=prerouting disabled=no dst-address=1.1.2.0/24 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=outside1_connection passthrough=yes per-connection-classifier=src-address:2/0 src-address-list=Local_NAT_Networks
add action=mark-connection chain=prerouting connection-state=new disabled=no dst-address-type=!local hotspot=auth new-connection-mark=outside2_connection passthrough=yes per-connection-classifier=src-address:2/1 src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting connection-mark=outside1_connection disabled=no new-routing-mark=to_outside1 passthrough=yes src-address-list=Local_NAT_Networks
add action=mark-routing chain=prerouting connection-mark=outside2_connection disabled=no new-routing-mark=to_outside2 passthrough=yes src-address-list=Local_NAT_Networks
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-mark=to_outside1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.2.1 routing-mark=to_outside2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=5 dst-address=0.0.0.0/0 gateway=1.1.1.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.2.1 scope=30 target-scope=10
code 2
/ ip address
add address=192.168.100.1/24 network=192.168.100.0 broadcast=192.168.100.255 interface=Local
add address=192.168.0.5/24 network=192.168.0.0 broadcast=192.168.0.255 interface=WAN1
add address=192.168.1.5/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN2
/ ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=WAN2
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=WAN2
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-mark=WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=2 check-gateway=ping
/ ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
any better code?
fewi
November 6, 2009, 6:59am
2
The first one is mine. It’s modified to work with Hotspot networks. If you’re using Hotspots, the second one won’t work for you. If you’re not using Hotspots, the first one will not work for you so choose the second one, though I would replace the masquerade NAT rules with specific srcnat entries explicitly choosing a public IP to NAT to. Masquerade ‘automagically’ works and that’s not a good thing with multiple WAN links.
If you end up choosing option two, add this:
add action=accept chain=prerouting disabled=no dst-address=192.168.0.5/24 src-address=192.168.100.1/24
add action=accept chain=prerouting disabled=no dst-address=192.168.1.5/24 src-address=192.168.100.1/24
at the top of the prerouting chain rules, though. Reasons for that are explained in the PCC wiki entry.
namo
November 6, 2009, 7:22am
3
fewi:
The first one is mine. It’s modified to work with Hotspot networks. If you’re using Hotspots, the second one won’t work for you. If you’re not using Hotspots, the first one will not work for you so choose the second one, though I would replace the masquerade NAT rules with specific srcnat entries explicitly choosing a public IP to NAT to. Masquerade ‘automagically’ works and that’s not a good thing with multiple WAN links.
If you end up choosing option two, add this:
add action=accept chain=prerouting disabled=no dst-address=192.168.0.5/24 src-address=192.168.100.1/24
add action=accept chain=prerouting disabled=no dst-address=192.168.1.5/24 src-address=192.168.100.1/24
at the top of the prerouting chain rules, though. Reasons for that are explained in the PCC wiki entry.
I am using the first one because I use Hotspot
namo
November 6, 2009, 8:57am
4
there seem error in the red bold lines
/ip firewall mangle
the error is bad argument name per-connection-classifier
fewi
November 6, 2009, 4:09pm
5
http://wiki.mikrotik.com/wiki/PCC
Notes
namo
November 7, 2009, 1:50pm
6
Then what is the solution for load balancing Hotspot for version 3.22(IS the upgrade from 3.22 to 3.30 free. Do you recommed to upgrade to 4.2)
Note: all line in your code has been excuted expect the lines in red
namo
November 7, 2009, 4:15pm
7
namo:
there seem error in the red bold lines
/ip firewall mangle
the error is bad argument name per-connection-classifier
Now I have 1 active ADSL line(outside2) and I upgrade RouterOS to 4.2 but when I added the lines in red, the internet stop working. Does the code require that both lines are working