/ip firewall
mangle
# The following two lines mark incoming connections with which WAN connection they entered on.
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
# The following two lines mark incoming connections with which WAN connection they entered on.
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
# For related outgoing traffic, the next four lines set a routing mark to send to the corresponding route
# These first two lines handle traffic forwarded into the LAN
add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing new-routing-mark=to_ISP2
# These two lines handle traffic addressed directly to the router
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2
/ip route
# These two lines handle traffic marked for a specific route
add dst-address=0.0.0.0/0 gateway=primary.isp.gw.addr routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=backup.isp.gw.addr routing-mark=to_ISP2 check-gateway=ping
# These two lines are the default routes for new outgoing traffic. Lower distance is preferred
add dst-address=0.0.0.0/0 gateway=primary.isp.gw.addr distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=backup.isp.gw.addr distance=2 check-gateway=ping
# Masquerade both WAN connections
/ip firewall nat
add chain=srcnat out-interface=ISP1 action=masquerade
add chain=srcnat out-interface=ISP2 action=masquerade
Thanks for your infomation..
ReplyDelete