Scribd
Upload
151 views

PCC LoadBalance3WANs

This document contains a script for configuring load balancing on a Mikrotik router. It begins with licensing information and notes that the script handles NAT and masquerading. It then lists variables that need to be configured, such as WAN interfaces, LAN interface, and default gateways. The majority of the script consists of firewall and routing commands to mark traffic, perform masquerading, and add routes for load balancing across the specified WAN interfaces.

Uploaded by

juan H
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
151 views

PCC LoadBalance3WANs

This document contains a script for configuring load balancing on a Mikrotik router. It begins with licensing information and notes that the script handles NAT and masquerading. It then lists variables that need to be configured, such as WAN interfaces, LAN interface, and default gateways. The majority of the script consists of firewall and routing commands to mark traffic, perform masquerading, and add routes for load balancing across the specified WAN interfaces.

Uploaded by

juan H
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

##################################################

# Version 2.1.2 #
# Steve Discher's PCC Setup ScriptVersion 1.0 #
##################################################
# #
# Author: Steve Discher #
# Email: sdischer@learnmikrotik.com #
##################################################
# LICENSE #
# The purchaser of this script is licensed to #
# install on as many routers as you like, as #
# long as the purchaser owns the router. #
# Support is ONLY available for the router for #
# which you originally purchased (recorded on #
# your invoice). Support for other routers WILL #
# be billed at regular support rates. Please #
# contact the vendor where this script was #
# purchased for further details, or email me #
# at info@learnmikrotik.com #
# #
# NO PERMISSION is granted to share this script #
# in whole or in part outside of the original #
# purchaser's organization. #
##################################################
#
# Note: This script only configures the load balancing. You will need
# to set up Wireless, DNS, DHCP server, and basic IP addressing first before
# importing this script. The script does handle NAT/Masquerade so do not
# create a masquerade rule manually.
#
# Configuration - Configure all of the following variables
#
#
# Add a statement like this for every connected network. For example, any
# network to which you are directly connected should be
# in this list
#
#
# Add a statement like this for every network that will be masqueraded.
# If you are not using RFC-1918 addresses, comment this section out
#
/ip firewall address-list
#
# This defines the WAN interfaces for load balancing.
:global WANIF1 "WAN1"
:global WANIF2 "WAN2"
:global WANIF3 "WAN3"
#
# This defines the LAN interface
:global LANIF "LAN5"
#
#This defines the default gateways
#
:global GW1 ""
:global GW2 ""
:global GW3 ""
#
#
# Set the WAN IP to mangle the source address for output traffic if you have
statics, otherwise leave values as is THIS NEEDS WORK
:global WANIP1 ""
:global WANIP2 ""
:global WANIP3 ""
#
#
# ----------------------- Do not change anything below this line
-----------------------
#
# Set interface coments NEEDS TESTING
/interface
set [find name=$"WANIF1"] comment="WAN1"
/interface
set [find name=$"WANIF2"] comment="WAN2"
/interface
set [find name=$"WANIF3"] comment="WAN3"
#
#Allow connected networks to exit Mangle chain so we don't load balance to our
connected networks
#
/ip firewall mangle
add action=accept chain=prerouting comment="Allow connected networks to exit Mangle
chain so we don't load balance \
to our connected networks. Put all LAN and WAN connected networks in the
address list [ConnectedNetworks]" \
disabled=no dst-address-list=ConnectedNetworks
#
# Create Mangle rules that will sort the traffic into streams
#
add action=mark-connection chain=prerouting comment=\
"Create Mangle rules that will sort the traffic into streams WAN1" connection-
mark=no-mark disabled=no \
dst-address-type=!local in-interface=$"LANIF" new-connection-mark=WAN1
passthrough=yes \
per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting comment=\
"Create Mangle rules that will sort the traffic into streams WAN2" connection-
mark=no-mark disabled=no \
dst-address-type=!local in-interface=$"LANIF" new-connection-mark=WAN2
passthrough=yes \
per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting comment=\
"Create Mangle rules that will sort the traffic into streams WAN2" connection-
mark=no-mark disabled=no \
dst-address-type=!local in-interface=$"LANIF" new-connection-mark=WAN2
passthrough=yes \
per-connection-classifier=both-addresses:3/2

#
#Create the mangles to add the routing marks to the packets:
#
add action=mark-routing chain=prerouting comment="Create the mangles to add the
routing marks to the packets based\
on the connection mark in the PREROUTING CHAIN" connection-mark=WAN1
disabled=no \
in-interface=$"LANIF" new-routing-mark=ether1-mark passthrough=yes
add action=mark-routing chain=prerouting comment="Create the mangles to add the
routing marks to the packets based\
on the connection mark in the PREROUTING CHAIN" connection-mark=WAN2
disabled=no \
in-interface=$"LANIF" new-routing-mark=ether2-mark passthrough=yes
add action=mark-routing chain=prerouting comment="Create the mangles to add the
routing marks to the packets based\
on the connection mark in the PREROUTING CHAIN" connection-mark=WAN3
disabled=no \
in-interface=$"LANIF" new-routing-mark=ether3-mark passthrough=yes

#
#Ensures traffic from the router itself returns through the proper interface:
#
add action=mark-routing chain=output comment=\
"This rule ensures traffic from the router itself returns through the proper
interface" connection-mark=WAN1 \
disabled=no new-routing-mark=ether1-mark passthrough=yes
add action=mark-routing chain=output comment=\
"This rule ensures traffic from the router itself returns through the proper
interface" connection-mark=WAN2 \
disabled=no new-routing-mark=ether2-mark passthrough=yes
add action=mark-routing chain=output comment=\
"This rule ensures traffic from the router itself returns through the proper
interface" connection-mark=WAN3 \
disabled=no new-routing-mark=ether3-mark passthrough=yes

#Identify which WAN interface the traffic/Volumes/C/Documents and


Settings/Steve/Desktop/Carabelle Beach-19700102-0130.backup
/Volumes/C/Documents and Settings/Steve/Desktop/Carabelle.rsc came in and mark the
connections appropriately:
#
add action=mark-connection chain=prerouting comment=\
"Identify which WAN interface the traffic came in and mark the connections
appropriately" connection-mark=\
no-mark disabled=no in-interface=$"WANIF1" new-connection-mark=WAN1
passthrough=yes
add action=mark-connection chain=prerouting comment=\
"Identify which WAN interface the traffic came in and mark the connections
appropriately" connection-mark=\
no-mark disabled=no in-interface=$"WANIF2" new-connection-mark=WAN2
passthrough=yes
add action=mark-connection chain=prerouting comment=\
"Identify which WAN interface the traffic came in and mark the connections
appropriately" connection-mark=\
no-mark disabled=no in-interface=$"WANIF3” new-connection-mark=WAN3
passthrough=yes
#
#
# Mark managemnt traffic to the router NEEDS WORK
add action=mark-routing chain=output comment="Mark traffic from the router" \
new-routing-mark=ether1-mark src-address=$"WANIP1"
add action=mark-routing chain=output comment="Mark traffic from the router" \
new-routing-mark=ether2-mark src-address=$"WANIP2"
add action=mark-routing chain=output comment="Mark traffic from the router" \
new-routing-mark=ether3-mark src-address=$"WANIP3"
#
#
#
# Masquerade RFC-1918 addresses going out WAN interfaces
#
/ip firewall nat
#
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=$"WANIF1" \
src-address-list=MasqueradedNetworks comment="Masquerade traffic out WAN1 from
[MasqueradeNetworks]"
add action=masquerade chain=srcnat disabled=no out-interface=$"WANIF2" \
src-address-list=MasqueradedNetworks comment="Masquerade traffic out WAN2 from
[MasqueradeNetworks]"
add action=masquerade chain=srcnat disabled=no out-interface=$"WANIF3" \
src-address-list=MasqueradedNetworks comment="Masquerade traffic out WAN3 from
[MasqueradeNetworks]"
#
# Add the marked and unmarked routes with check gateway:
#
/ip route
add check-gateway=ping comment="Default router WAN1, marked" disabled=no distance=1
dst-address=0.0.0.0/0 gateway=\
$"GW1" routing-mark=ether1-mark scope=30 target-scope=10
add check-gateway=ping comment="Default router WAN2, marked" disabled=no distance=1
dst-address=0.0.0.0/0 gateway=\
$"GW2" routing-mark=ether2-mark scope=30 target-scope=10
add check-gateway=ping comment="Default router WAN3, marked" disabled=no distance=1
dst-address=0.0.0.0/0 gateway=\
$"GW3" routing-mark=ether3-mark scope=30 target-scope=10
add comment="Default router WAN1, unmarked" disabled=no distance=1 dst-
address=0.0.0.0/0 gateway=$"GW1" \
scope=30 target-scope=10
add comment="Default router WAN2, unmarked" disabled=no distance=1 dst-
address=0.0.0.0/0 gateway=$"GW2" \
scope=30 target-scope=10
add comment="Default router WAN3, unmarked" disabled=no distance=1 dst-
address=0.0.0.0/0 gateway=$"GW3" \
scope=30 target-scope=10

#END#

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy