Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Mikrotik + Multi-WAN Setup

    Hochgeladen von

    Boy Eload
    332 Ansichten3 Seiten

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    DOC, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    332 Ansichten3 Seiten

    Mikrotik + Multi-WAN Setup

    Hochgeladen von

    Boy Eload

    Copyright:

    © All Rights Reserved
    Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 3

    Mikrotik + Multi-WAN Setup

    In this article, I will show you how to setup 2 internet connection to be used as a load
    balancing and failover connection. It will join two connection and users connected to your
    network will be using the best route for their connection automatically. This will lessen your
    load on a single connection and also give you a failover connection should one of your internet
    connection is unavailable.
    We will be using RB951G-2HnD with wireless network disabled. Connection to clients will be
    made via access point connected to ethernet port 5 on the routerboard.
    First step, prepare your IP address. I will not change the interface name for easy identification
    on which cable goes to which ethernet port. I will assign ether1 with 192.168.1.2/24 (modem
    IP: 192.168.1.1) while ether2 will be assigned with IP address 192.168.2.2/24 (modem:
    192.168.2.1). Connection to the client terminals will be assigned with IP address 10.0.1.1/24
    on ether5. It will be connected to your Access Point. I will also create address list for group
    identification.

    / ip address
    add address=192.168.1.2/24 interface=ether1 disabled=no
    add address=192.168.2.2/24 interface=ether2 disabled=no
    add address=10.0.1.1/24 interface=ether5 disabled=no
    /ip firewall address-list
    add address=10.0.1.0/24 list=Local_NAT_Networks disabled=no

    Now, your addresses creation is complete. The next step is to create firewall rules for each
    internet connection.

    / ip firewall mangle
    add chain=input connection-state=new in-interface=ether1\
    action=mark-connection new-connection-mark=ether1_connection\
    passthrough=yes disabled=no
    add chain=input connection-state=new in-interface=ether2\
    action=mark-connection new-connection-mark=ether2_connection\
    passthrough=yes disabled=no
    add chain=output\
    action=mark-routing connection-mark=ether1_connection new-routing-mark=to_ether1\
    passthrough=yes disabled=no
    add chain=output\
    action=mark-routing connection-mark=ether2_connection new-routing-mark=to_ether2\
    passthrough=yes disabled=no
    add chain=prerouting dst-address=192.168.1.0/24 src-address-list=Local_NAT_Networks\
    action=accept disabled=no
    add chain=prerouting dst-address=192.168.2.0/24 src-address-list=Local_NAT_Networks\
    action=accept disabled=no
    add chain=prerouting connection-state=new dst-address-type=!local hotspot=auth\
    per-connection-classifier=src-address:2/0 src-address-list=Local_NAT_Networks\
    action=mark-connection new-connection-mark=ether1_connection\
    passthrough=yes disabled=no
    add chain=prerouting connection-state=new dst-address-type=!local hotspot=auth\
    per-connection-classifier=src-address:2/1 src-address-list=Local_NAT_Networks\
    action=mark-connection new-connection-mark=ether2_connection\
    passthrough=yes disabled=no
    add chain=prerouting new-routing-mark=to_ether1 src-address-list=Local_NAT_Networks\
    action=mark-routing connection-mark=ether1_connection\
    passthrough=yes disabled=no
    add chain=prerouting new-routing-mark=to_ether2 src-address-list=Local_NAT_Networks\
    action=mark-routing connection-mark=ether2_connection\
    passthrough=yes disabled=no

    The above codes is used to mark all routing from local network to go through ether1 and ether2
    connections. After all of the codes above installed, you will need to setup the routing for
    ether1 and ether2 connections.

    / ip route
    add check-gateway=ping
    routing-mark=to_ether1
    add check-gateway=ping
    routing-mark=to_ether2

    distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1\


    scope=30 target-scope=10 disabled=no
    distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1\
    scope=30 target-scope=10 disabled=no

    add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1\


    scope=30 target-scope=10 disabled=no
    add check-gateway=ping distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1\
    scope=30 target-scope=10 disabled=no

    Finally, after all codes are installed, you want to masquerade all connection from ether1 and
    ether2.

    / ip firewall nat
    add chain=srcnat out-interface=ether1 action=masquerade
    add chain=srcnat out-interface=ether2 action=masquerade

    For the network to interpret request from client connection to internet address, you will need
    to input DNS servers. Here are DNS servers that can be used freely.
    OPENDNS1 => 208.67.222.222
    OPENDNS2 => 208.67.220.220
    GOOGLE DNS1 => 8.8.8.8
    GOOGLE DNS2 => 8.8.4.4
    TMNET DNS1
    TMNET DNS2
    TMNET DNS3
    TMNET DNS4

    =>
    =>
    =>
    =>

    202.188.1.5
    202.188.0.133
    202.188.1.4
    202.188.0.132

    Your're done with your load balancing setup. Now you can proceed to setup your hotspot server
    using the hotspot menu on Winbox. You will need to setup your DHCP with your preferred
    address range. For example 10.10.1.2/24-10.0.1.100/24.

    Das könnte Ihnen auch gefallen