Scribd
Upload
99 views

2 Wan Loadbalancing - Icyflame Studio

This document configures a router with two WAN connections and an internal LAN interface for a wireless hotspot. It sets IP addresses and enables DHCP on the LAN, creates an address pool and hotspot profile. Firewall and NAT rules are added to manage traffic between the interfaces and masquerade the hotspot network. Routing marks and rules send traffic over specific WANs. An administrator user is also configured for the hotspot.

Uploaded by

Èsțò Ńò Mé Ĝùsțà
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
99 views

2 Wan Loadbalancing - Icyflame Studio

This document configures a router with two WAN connections and an internal LAN interface for a wireless hotspot. It sets IP addresses and enables DHCP on the LAN, creates an address pool and hotspot profile. Firewall and NAT rules are added to manage traffic between the interfaces and masquerade the hotspot network. Routing marks and rules send traffic over specific WANs. An administrator user is also configured for the hotspot.

Uploaded by

Èsțò Ńò Mé Ĝùsțà
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

/interface ethernet

set [ find default-name=ether5 ] name=LAN


set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes

/ip hotspot profile


add dns-name=abhsek.com hotspot-address=192.168.0.1 name=hsprof1

/ip pool
add name=hs-pool-5 ranges=192.168.0.2-192.168.0.254

/ip dhcp-server
add address-pool=hs-pool-5 disabled=no interface=LAN lease-time=23h59m59s \
name=dhcp1

/ip hotspot
add address-pool=hs-pool-5 interface=LAN name=hotspot1 profile=hsprof1

/ip address
add address=192.168.0.1/24 interface=LAN network=192.168.0.0
add address=192.168.1.4/24 interface=WAN1 network=192.168.1.0
add address=192.168.2.4/24 interface=WAN2 network=192.168.2.0

/ip dhcp-server network


add address=192.168.0.0/24 comment="hotspot network" gateway=192.168.0.1

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip firewall filter


add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes

/ip firewall mangle


add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=\
WAN1_conn passthrough=yes
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=\
WAN2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=yes
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=\
LAN
add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface=\
LAN
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=LAN new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=LAN new-routing-mark=to_WAN2 passthrough=yes

/ip firewall nat


add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.0.0/24

/ip hotspot user


add name=admin password=admin

/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1 \
scope=255
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2 \
scope=255
add check-gateway=ping distance=1 gateway=192.168.1.1 scope=255
add check-gateway=ping distance=2 gateway=192.168.2.1 scope=255

You might also like