Community discussions

MikroTik App
Topic Author
Posts: 42
Joined: Thu Jun 17, 2004 4:44 pm

PCC setup

Sat Apr 03, 2010 11:21 am

Dear All
My router is connected to internet through 2 gateway.
GW 1=
++ their router IP is
++ they give me IP of ... and ask me to nat my local address to it

GW2 =
++ Their router IP is
++ they give me IP of
++ they ask me to NAT my local address to

My local network is at

Here is my configuration

/ip address

add address= broadcast= comment="" disabled=no \

interface=sife network=

add address= broadcast= comment="" disabled=no \

interface=ether1 network=

add address= broadcast= comment="" disabled=no \

interface=ether5 network=

add address= comment="" disabled=no \

interface=sife b

/ip route

add check-gateway=ping disabled=no distance=1 dst-address= gateway=\ routing-mark=rou-pptik scope=30 target-scope=10

add check-gateway=ping comment="" disabled=no distance=2 dst-address=\ gateway= routing-mark=rou-sife scope=30 \


add check-gateway=ping disabled=no distance=1 dst-address= gateway=\ scope=30 target-scope=10

add check-gateway=ping disabled=no distance=2 dst-address= gateway=\ scope=30 target-scope=10

/ip route rule

add action=lookup comment="" disabled=no routing-mark=rou-pptik src-address=\ table=rou-pptik

add action=lookup comment="" disabled=no routing-mark=rou-sife src-address=\ table=rou-sife

/ip firewall address-list

add address= comment="" disabled=no list=local

/ip firewall connection tracking

set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \

tcp-close-wait-timeout=10s tcp-established-timeout=1d \

tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \

tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \

tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s

/ip firewall mangle

add action=mark-connection chain=prerouting comment="PCC 2/0 --> con-sife" \

disabled=no dst-address-list=!local new-connection-mark=con-sife \

passthrough=no per-connection-classifier=both-addresses:2/1

add action=mark-connection chain=prerouting comment="PCC 2/1 --> con-pptik" \

connection-state=new disabled=no dst-address-list=!local \

new-connection-mark=con-pptik passthrough=no per-connection-classifier=\


add action=mark-routing chain=prerouting comment="con-pptik --> rou-pptik" \

connection-mark=con-pptik disabled=no new-routing-mark=rou-pptik \


add action=mark-routing chain=prerouting comment="con-sife---> rou-sife" \

connection-mark=con-sife disabled=no new-routing-mark=rou-sife \


/ip firewall nat

add action=src-nat chain=srcnat comment=nat-sife connection-mark=con-sife \

disabled=no to-addresses=

add action=src-nat chain=srcnat comment="nat pptik" connection-mark=con-pptik \

disabled=no to-addresses=

I do check from a notebook attached as local (
I Look at the NAT tab of /ip/firewall ... looks like the number is increasing.
But the connection is fail .... looks like that the "route-mark" based gateway choose is not work.

My router is RB450 with ROS 4.6
My config is based on
The different is that :
++ My Physical connection to the two gateway is only single UTP connection
++ I use src-nat ... not masquerade

Kindly please give me any enlightment

Who is online

Users browsing this forum: MSN [Bot], patrickmkt and 97 guests