ether1=wan1 (public ip by dhcp from adsl modem 4Mbps)
ether2=wan2 (private ip by dhcp from cable modem 8Mbps)
bridge-LAN-SW=ether3,ether4,ether5
ether3 -> dlink smart switch (2pcs, ddwrt ap mode, etc)
I want to load balance both wans using PCC and according to mikrotik wiki PCC must be like...
Code: Select all
/ ip firewall mangle
add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=LAN
But in my case should be
Code: Select all
/ ip firewall mangle
add chain=prerouting dst-address=x.y.z.0/19 action=accept in-interface=bridge-LAN-SW
add chain=prerouting dst-address=192.168.5.0/24 action=accept in-interface=bridge-LAN-SW
So I have no way to know that ip address until that interface is linked/bound.
I can't change that dst-address in mangle everytime, and definitely will not place a router between rb750gr3 and adsl modem just to get a private ip for wan1.
My first doubt is...
What do I have to change in that first code line at mangle to get the equivalent or expected result?
Would it work if I change dst-address=x.y.z.0/19 for dst-address-list=!not_in_internet where not_in_internet is an address list described at https://help.mikrotik.com/docs/display/ ... t+Firewall
I think that every ip public address in the planet must be in !not_in_internet but I don't know if doing that could bring a security problem or other kind of problem for using every public ip range available.