Mikrotik Load Balancing

Opublikowane 5 marca 2016

Potrzebowałem dobrze działający podział ruchu na dwa łącza, poniższy załatwia problem z niektórymi stronami banków i dostępem z zewnątrz do lokalnych zasobów.

/interface set 1 name=WAN1
/interface set 2 name=WAN2
/interface set 3 name=LAN

/ip address
add address=192.168.88.254/24 interface=LAN
add address=11.11.11.1/24 interface=WAN1
add address=12.12.12.1/24 interface=WAN2

/ip route
add gateway=11.11.11.254 distance=2
add gateway=12.12.12.254 distance=3

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

/ip firewall mangle
add chain=prerouting src-address=192.168.88.0/24 dst-address=11.11.11.0/24 action=accept
add chain=prerouting src-address=192.168.88.0/24 dst-address=12.12.12.0/24 action=accept
add chain=prerouting src-address=192.168.88.0/24 dst-address=192.168.88.0/24 action=accept

add chain=prerouting connection-mark=no-mark in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=prerouting connection-mark=no-mark in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

/ip route
add gateway=11.11.11.254 routing-mark=WAN1_traffic
add gateway=12.12.12.254 routing-mark=WAN2_traffic

/ip firewall mangle
add chain=prerouting in-interface=LAN connection-mark=no-mark action=jump jump-target=policy_routing

add chain=prerouting connection-mark=WAN1_conn src-address=192.168.88.0/24 action=mark-routing new-routing-mark=WAN1_traffic
add chain=prerouting connection-mark=WAN2_conn src-address=192.168.88.0/24 action=mark-routing new-routing-mark=WAN2_traffic
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=WAN1_traffic
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=WAN2_traffic