Scribd
Upload
85 views1 page

Script Load Balance

This document configures IP addresses, DNS, firewall rules, and routing on a router with 3 interfaces. It assigns IP addresses to the interfaces, enables DNS caching, marks and routes traffic based on source interface, and implements source NAT for traffic exiting the WAN interfaces.

Uploaded by

Icun Ci'e Ardi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
85 views1 page

Script Load Balance

This document configures IP addresses, DNS, firewall rules, and routing on a router with 3 interfaces. It assigns IP addresses to the interfaces, enables DNS caching, marks and routes traffic based on source interface, and implements source NAT for traffic exiting the WAN interfaces.

Uploaded by

Icun Ci'e Ardi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

/ip address

add address=30.30.30.1/24 network=30.30.30.0 broadcast=30.30.30.255


interface=ether3
add address=20.20.20.2/24 network=20.20.20.0 broadcast=20.20.20.255 interface=WAN1
add address=10.10.10.2/24 network=10.10.10.0 broadcast=10.10.10.255 interface=WAN2

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-


packet-size=512 servers=8.8.8.8

/ip firewall mangle


add chain=input in-interface=WAN1 action=mark-connection new-connection-
mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-
mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-


mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-
mark=to_WAN2

add chain=prerouting dst-address=20.20.20.0/24 action=accept in-interface=ether3


add chain=prerouting dst-address=10.10.10.0/24 action=accept in-interface=ether3

add chain=prerouting dst-address-type=!local in-interface=ether3 per-connection-


classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-
mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether3 per-connection-
classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-
mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=ether3 action=mark-


routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=ether3 action=mark-
routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=20.20.20.1 routing-mark=to_WAN1 check-
gateway=ping
add dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-mark=to_WAN2 check-
gateway=ping

add dst-address=0.0.0.0/0 gateway=20.20.20.1 distance=1 check-gateway=ping


add dst-address=0.0.0.0/0 gateway=10.10.10.1 distance=2 check-gateway=ping

/ip firewall nat


add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

You might also like