Community discussions

MikroTik App
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Mon Oct 12, 2015 2:37 pm

Can someone quickly quality assurance my Dual WAN, Dual LAN setup?

Thu Feb 18, 2021 7:34 pm

I have mostly copied the ideas from this video,
BUT... it is almost 6 years old now, so maybe setups are more elegant/changed

Everything seems to work fine now, but I need some quality assurance before going live, since I have never played around with mangle table too much before...

I am running ROS 6.48.1 on a CCR, but labbed in GNS3 as seen in picture.

The requirements are pretty simple:
Two LANs, both are NAT'ed.
LAN1 route all out of ISP1, with failover to ISP2
LAN2 route all out of ISP2, with failover to ISP1

Any input is welcome :) (I will fix firewall/potential dstnat rules later)

The configuration:
/interface ethernet
set [ find default-name=ether5 ] disable-running-check=no name=LAN1
set [ find default-name=ether6 ] disable-running-check=no name=LAN2

set [ find default-name=ether1 ] disable-running-check=no name=WAN1
set [ find default-name=ether2 ] disable-running-check=no name=WAN2

/interface list
add name=WAN
add name=LAN
/interface list member
add interface=WAN1 list=WAN
add interface=WAN2 list=WAN
add interface=LAN1 list=LAN
add interface=LAN2 list=LAN

/ip address
add address= interface=LAN1 network=
add address= interface=LAN2 network=
add address= interface=WAN1 network=
add address= interface=WAN2 network=

/ip firewall address-list
add address= list=LAN1
add address= list=LAN2
add address= list=ALL_LAN
add address= list=ALL_LAN
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=!ALL_LAN new-routing-mark=ISP1_PREF src-address-list=LAN1
add action=mark-routing chain=prerouting dst-address-list=!ALL_LAN new-routing-mark=ISP2_PREF src-address-list=LAN2
add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=ISP1>WAN1
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=ISP2>WAN2
add action=mark-routing chain=output connection-mark=ISP1>WAN1 new-routing-mark=ISP1_PREF
add action=mark-routing chain=output connection-mark=ISP2>WAN2 new-routing-mark=ISP2_PREF
add action=mark-connection chain=forward connection-mark=no-mark in-interface=WAN1 new-connection-mark=WAN1>LANs
add action=mark-connection chain=forward connection-mark=no-mark in-interface=WAN2 new-connection-mark=WAN2>LANs
add action=mark-routing chain=prerouting connection-mark=WAN1>LANs new-routing-mark=ISP1_PREF src-address-list=ALL_LAN
add action=mark-routing chain=prerouting connection-mark=WAN2>LANs new-routing-mark=ISP2_PREF src-address-list=ALL_LAN

/ip firewall nat
add action=masquerade chain=srcnat src-address-list=ALL_LAN
add action=dst-nat chain=dstnat dst-port=2222 protocol=tcp to-addresses= comment="test dstnat to internal network"
/ip route
add check-gateway=arp distance=10 gateway= routing-mark=ISP2_PREF
add check-gateway=arp distance=20 gateway= routing-mark=ISP2_PREF
add check-gateway=arp distance=10 gateway= routing-mark=ISP1_PREF
add check-gateway=arp distance=20 gateway= routing-mark=ISP1_PREF
add check-gateway=arp distance=5 gateway=
add check-gateway=arp distance=5 gateway=

Who is online

Users browsing this forum: arsalan007, Bing [Bot], lixxdee, marotis, masihbelajar, oskarsk, sindy, spmd and 190 guests