Community discussions

just joined
Topic Author
Posts: 1
Joined: Fri Jul 12, 2019 12:55 pm

3 WAN ECMP and force several IP's to specific WAN

Fri Jul 12, 2019 1:26 pm


I tried to configure a RB3011UiAS-RM using this guide ... masquerade in order to get 3 WAN load balance.

It's works for almost all network clients but some of them must routed through just one WAN.

This is the current script:
/ip address
add address= interface=ether1 network=
add address= interface=ether6 network=
add address= interface=ether7 network=
add address= interface=ether2 network=

/ip dns
set allow-remote-requests=yes cache-size=5000KiB max-udp-packet-size=2048 servers=,

/ip pool
add name=dhcp ranges=
add name=dhcp_pool1 ranges=

/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether2 lease-time=1d name=dhcp1

/ip dhcp-server network
add address= dns-server= gateway= netmask=16

/ ip route
add dst-address= gateway=,, check-gateway=ping

/ ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade
add chain=srcnat out-interface=ether6 action=masquerade
add chain=srcnat out-interface=ether7 action=masquerade

/ ip firewall mangle
add chain=input in-interface=ether1 action=mark-connection new-connection-mark=wan1_conn
add chain=input in-interface=ether6 action=mark-connection new-connection-mark=wan2_conn
add chain=input in-interface=ether7 action=mark-connection new-connection-mark=wan3_conn
add chain=output connection-mark=wan1_conn action=mark-routing new-routing-mark=to_wan1
add chain=output connection-mark=wan2_conn action=mark-routing new-routing-mark=to_wan2
add chain=output connection-mark=wan3_conn action=mark-routing new-routing-mark=to_wan3

/ ip route
add dst-address= gateway= routing-mark=to_wan1
add dst-address= gateway= routing-mark=to_wan2
add dst-address= gateway= routing-mark=to_wan3
How can I configure a address-list in order to exit by wan3 ( for instance???
Forum Guru
Forum Guru
Posts: 4693
Joined: Mon Apr 20, 2009 9:11 pm

Re: 3 WAN ECMP and force several IP's to specific WAN

Fri Jul 12, 2019 3:56 pm

/ip firewall mangle
add chain=prerouting connection-mark=no-mark src-address-list=<use_wan3_list> action=mark-connection new-connection-mark=wan3_conn passthrough=yes
add chain=prerouting connection-mark=wan3_conn action=mark-routing new-routing-mark=to_wan3
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: No registered users and 38 guests