Here is a working set of mangle rules for a single Mikrotik router acting as a PPPoE server, and 2 internet gateways.
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no \
in-interface=isp1 new-connection-mark=isp1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no \
in-interface=isp2 new-connection-mark=isp2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no \
dst-address-type=!local new-connection-mark=isp1_conn passthrough=yes \
per-connection-classifier=src-address-and-port:2/0 src-address=\
10.10.100.0/24
add action=mark-routing chain=prerouting connection-mark=isp1_conn disabled=no \
dst-address-type=!local new-routing-mark=to_isp1 passthrough=no \
src-address=10.10.100.0/24
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no \
dst-address-type=!local new-connection-mark=isp2_conn passthrough=yes \
per-connection-classifier=src-address-and-port:2/1 src-address=\
10.10.100.0/24
add action=mark-routing chain=prerouting connection-mark=isp2_conn disabled=no \
dst-address-type=!local new-routing-mark=to_isp2 passthrough=no \
src-address=10.10.100.0/24
add action=mark-routing chain=output connection-mark=isp1_conn disabled=no \
new-routing-mark=to_isp1 passthrough=yes
add action=mark-routing chain=output connection-mark=isp2_conn disabled=no \
new-routing-mark=to_isp2 passthrough=yes
Add 2 static default routes for each gateway. Append appropriate routing marks to 1 of these.
/ip route
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
172.16.1.1 routing-mark=to_isp1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
172.16.2.1 routing-mark=to_isp2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
172.16.2.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
172.16.1.1 scope=30 target-scope=10
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no \
in-interface=isp1 new-connection-mark=isp1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no \
in-interface=isp2 new-connection-mark=isp2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no \
dst-address-type=!local new-connection-mark=isp1_conn passthrough=yes \
per-connection-classifier=src-address-and-port:2/0 src-address=\
10.10.100.0/24
add action=mark-routing chain=prerouting connection-mark=isp1_conn disabled=no \
dst-address-type=!local new-routing-mark=to_isp1 passthrough=no \
src-address=10.10.100.0/24
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no \
dst-address-type=!local new-connection-mark=isp2_conn passthrough=yes \
per-connection-classifier=src-address-and-port:2/1 src-address=\
10.10.100.0/24
add action=mark-routing chain=prerouting connection-mark=isp2_conn disabled=no \
dst-address-type=!local new-routing-mark=to_isp2 passthrough=no \
src-address=10.10.100.0/24
add action=mark-routing chain=output connection-mark=isp1_conn disabled=no \
new-routing-mark=to_isp1 passthrough=yes
add action=mark-routing chain=output connection-mark=isp2_conn disabled=no \
new-routing-mark=to_isp2 passthrough=yes
Add 2 static default routes for each gateway. Append appropriate routing marks to 1 of these.
/ip route
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
172.16.1.1 routing-mark=to_isp1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
172.16.2.1 routing-mark=to_isp2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
172.16.2.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
172.16.1.1 scope=30 target-scope=10
Comments
Post a Comment