Load Balance Config – 2 WAN’s

Load Balance Config – 2 WAN’s

loadbalasing
# ################################################
# Author: Pascal #
# Email: Info@wifinederland.nl #
##################################################
/ip firewall address-list
#
# This defines the WAN interfaces for load balancing.
:global WANIF1 “Wan1”
:global WANIF2 “Wan2”
#
# This defines the LAN interface
:global LANIF “Lan”
#
#This defines the default gateways
#
:global GW1 “5.5.5.1”
:global GW2 “4.4.4.1”
#
#
# Set the WAN IP to mangle the source address for output traffic if you have statics, otherwise leave values as is THIS NEEDS WORK
:global WANIP1 “5.5.5.5”
:global WANIP2 “4.4.4.4”
#
#
# ———————– Do not change anything below this line ———————–
#
# Set interface coments NEEDS TESTING
/interface
set [find name=$”WANIF1″] comment=”WAN1″
/interface
set [find name=$”WANIF2″] comment=”WAN2″
#
#Allow connected networks to exit Mangle chain so we don’t load balance to our connected networks
#
/ip firewall mangle
add action=accept chain=prerouting comment=”Allow connected networks to exit Mangle chain so we don’t load balance \
to our connected networks. Put all LAN and WAN connected networks in the address list [ConnectedNetworks]” \
disabled=no dst-address-list=ConnectedNetworks
#
# Create Mangle rules that will sort the traffic into streams
#
add action=mark-connection chain=prerouting comment=\
“Create Mangle rules that will sort the traffic into streams WAN1″ connection-mark=no-mark disabled=no \
dst-address-type=!local in-interface=$”LANIF” new-connection-mark=WAN1 passthrough=yes \
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment=\
“Create Mangle rules that will sort the traffic into streams WAN2″ connection-mark=no-mark disabled=no \
dst-address-type=!local in-interface=$”LANIF” new-connection-mark=WAN2 passthrough=yes \
per-connection-classifier=both-addresses:2/1

#
#Create the mangles to add the routing marks to the packets:
#
add action=mark-routing chain=prerouting comment=”Create the mangles to add the routing marks to the packets based\
on the connection mark in the PREROUTING CHAIN” connection-mark=WAN1 disabled=no \
in-interface=$”LANIF” new-routing-mark=ether1-mark passthrough=yes
add action=mark-routing chain=prerouting comment=”Create the mangles to add the routing marks to the packets based\
on the connection mark in the PREROUTING CHAIN” connection-mark=WAN2 disabled=no \
in-interface=$”LANIF” new-routing-mark=ether2-mark passthrough=yes

#
#Ensures traffic from the router itself returns through the proper interface:
#
add action=mark-routing chain=output comment=\
“This rule ensures traffic from the router itself returns through the proper interface” connection-mark=WAN1 \
disabled=no new-routing-mark=ether1-mark passthrough=yes
add action=mark-routing chain=output comment=\
“This rule ensures traffic from the router itself returns through the proper interface” connection-mark=WAN2 \
disabled=no new-routing-mark=ether2-mark passthrough=yes

#Identify which WAN interface the traffic
#came in and mark the connections appropriately:
#
add action=mark-connection chain=prerouting comment=\
“Identify which WAN interface the traffic came in and mark the connections appropriately” connection-mark=\
no-mark disabled=no in-interface=$”WANIF1″ new-connection-mark=WAN1 passthrough=yes
add action=mark-connection chain=prerouting comment=\
“Identify which WAN interface the traffic came in and mark the connections appropriately” connection-mark=\
no-mark disabled=no in-interface=$”WANIF2″ new-connection-mark=WAN2 passthrough=yes

#
#
# Mark managemnt traffic to the router NEEDS WORK
add action=mark-routing chain=output comment=”Mark traffic from the router” \
new-routing-mark=ether1-mark src-address=$”WANIP1″
add action=mark-routing chain=output comment=”Mark traffic from the router” \
new-routing-mark=ether2-mark src-address=$”WANIP2″
#

#
#
# Masquerade RFC-1918 addresses going out WAN interfaces
#
/ip firewall nat
#
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=$”WANIF1″ \
src-address-list=MasqueradedNetworks comment=”Masquerade traffic out WAN1 from [MasqueradeNetworks]”
add action=masquerade chain=srcnat disabled=no out-interface=$”WANIF2″ \
src-address-list=MasqueradedNetworks comment=”Masquerade traffic out WAN2 from [MasqueradeNetworks]”

#
# Add the marked and unmarked routes with check gateway:
#
/ip route
add check-gateway=ping comment=”Default router WAN1, marked” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
$”GW1″ routing-mark=ether1-mark scope=30 target-scope=10
add check-gateway=ping comment=”Default router WAN2, marked” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
$”GW2″ routing-mark=ether3-mark scope=30 target-scope=10
add comment=”Default router WAN1, unmarked” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=$”GW1″ \
scope=30 target-scope=10
add comment=”Default router WAN2, unmarked” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=$”GW2″ \
scope=30 target-scope=10
#END#

 

Vragen? Chat met ons