Last active
March 28, 2024 06:32
-
-
Save marfillaster/63c547d512b81f8207fc1c8a8e5986fe to your computer and use it in GitHub Desktop.
Mikrotik dual/triple dhcp wan recursive failover w/ pcc load balancing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/interface bridge add name=bridge | |
/interface bridge port | |
add bridge=bridge interface=ether3 | |
add bridge=bridge interface=ether2 | |
add bridge=bridge interface=ether1 | |
/interface list | |
add comment=defconf name=WAN | |
add comment=defconf name=LAN | |
/interface list member | |
add interface=bridge list=LAN | |
add interface=ether5 list=WAN | |
add interface=ether4 list=WAN | |
/interface detect-internet set internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN | |
/ip upnp | |
set enabled=yes | |
/ip upnp interfaces | |
add interface=bridge type=internal | |
add interface=ether5 type=external | |
add interface=ether4 type=external | |
/ip settings | |
set allow-fast-path=no | |
/ip address add address=192.168.88.1/24 interface=bridge network=192.168.88.0 | |
/ip firewall address-list add address=192.168.88.0/24 list=local | |
/ip firewall nat | |
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=WAN | |
/ip firewall mangle | |
add action=accept chain=prerouting comment="bridge access" dst-address-list=local in-interface=bridge | |
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether4 new-connection-mark=CONN2 passthrough=yes | |
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether5 new-connection-mark=CONN1 passthrough=yes | |
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=CONN1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 | |
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=CONN2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 | |
add action=mark-routing chain=prerouting connection-mark=CONN1 in-interface=bridge new-routing-mark=ISP1 passthrough=yes | |
add action=mark-routing chain=prerouting connection-mark=CONN2 in-interface=bridge new-routing-mark=ISP2 passthrough=yes | |
add action=mark-routing chain=output connection-mark=CONN1 new-routing-mark=ISP1 passthrough=yes | |
add action=mark-routing chain=output connection-mark=CONN2 new-routing-mark=ISP2 passthrough=yes | |
/routing filter | |
add chain=dynamic-in distance=33 set-distance=2 set-route-comment=ISP2 set-scope=10 | |
add chain=dynamic-in distance=34 set-distance=3 set-route-comment=ISP1 set-scope=10 | |
/ip dhcp-client | |
add default-route-distance=33 disabled=no interface=ether4 script="{\ | |
\n :if (\$bound=1) do={\ | |
\n /ip route set [/ip route find where comment=\"ISP2_VALIDATE\"] gateway=\$\"gateway-address\"\ | |
\n } \ | |
\n /ip firewall connection remove [find connection-mark=\"CONN1\"]\ | |
\n /ip firewall connection remove [find connection-mark=\"CONN2\"]\ | |
\n}" use-peer-dns=no use-peer-ntp=no | |
add default-route-distance=32 disabled=no interface=ether5 script="{\ | |
\n :if (\$bound=1) do={\ | |
\n /ip route set [/ip route find where comment=\"ISP1_VALIDATE\"] gateway=\$\"gateway-address\"\ | |
\n } \ | |
\n /ip firewall connection remove [find connection-mark=\"CONN1\"]\ | |
\n /ip firewall connection remove [find connection-mark=\"CONN2\"]\ | |
\n}" use-peer-dns=no use-peer-ntp=no | |
/ip route | |
add comment=ISP1_VALIDATE distance=1 dst-address=185.228.168.9/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP1_VALIDATE distance=1 dst-address=208.67.220.220/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP1_VALIDATE distance=1 dst-address=208.67.222.222/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP2_VALIDATE distance=1 dst-address=94.140.14.14/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP2_VALIDATE distance=1 dst-address=94.140.15.15/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP2_VALIDATE distance=1 dst-address=8.20.247.20/32 gateway=127.0.0.1 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=185.228.168.9 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=208.67.220.220 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=208.67.222.222 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=94.140.14.14 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=94.140.15.15 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=8.20.247.20 scope=10 | |
add distance=1 gateway=10.1.1.1 routing-mark=ISP1 | |
add distance=2 gateway=10.2.2.1 routing-mark=ISP1 | |
add distance=1 gateway=10.2.2.1 routing-mark=ISP2 | |
add distance=2 gateway=10.1.1.1 routing-mark=ISP2 | |
add distance=20 dst-address=185.228.168.9/32 type=blackhole | |
add distance=20 dst-address=208.67.220.220/32 type=blackhole | |
add distance=20 dst-address=208.67.222.222/32 type=blackhole | |
add distance=20 dst-address=94.140.14.14/32 type=blackhole | |
add distance=20 dst-address=94.140.15.15/32 type=blackhole | |
add distance=20 dst-address=8.20.247.20/32 type=blackhole |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/interface bridge add name=bridge | |
/interface bridge port | |
add bridge=bridge interface=ether2 | |
add bridge=bridge interface=ether1 | |
/interface list | |
add comment=defconf name=WAN | |
add comment=defconf name=LAN | |
/interface list member | |
add interface=bridge list=LAN | |
add interface=ether5 list=WAN | |
add interface=ether4 list=WAN | |
add interface=ether3 list=WAN | |
/interface detect-internet set internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN | |
/ip upnp | |
set enabled=yes | |
/ip upnp interfaces | |
add interface=bridge type=internal | |
add interface=ether5 type=external | |
add interface=ether4 type=external | |
add interface=ether3 type=external | |
/ip settings | |
set allow-fast-path=no | |
/ip address add address=192.168.88.1/24 interface=bridge network=192.168.88.0 | |
/ip firewall address-list add address=192.168.88.0/24 list=local | |
/ip firewall nat | |
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=WAN | |
/ip firewall mangle | |
add action=accept chain=prerouting comment="bridge access" dst-address-list=local in-interface=bridge | |
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether3 new-connection-mark=CONN3 passthrough=yes | |
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether4 new-connection-mark=CONN2 passthrough=yes | |
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether5 new-connection-mark=CONN1 passthrough=yes | |
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=CONN1 passthrough=yes per-connection-classifier=both-addresses-and-ports:3/0 | |
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=CONN2 passthrough=yes per-connection-classifier=both-addresses-and-ports:3/1 | |
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=CONN3 passthrough=yes per-connection-classifier=both-addresses-and-ports:3/2 | |
add action=mark-routing chain=prerouting connection-mark=CONN1 in-interface=bridge new-routing-mark=ISP1 passthrough=yes | |
add action=mark-routing chain=prerouting connection-mark=CONN2 in-interface=bridge new-routing-mark=ISP2 passthrough=yes | |
add action=mark-routing chain=prerouting connection-mark=CONN3 in-interface=bridge new-routing-mark=ISP3 passthrough=yes | |
add action=mark-routing chain=output connection-mark=CONN1 new-routing-mark=ISP1 passthrough=yes | |
add action=mark-routing chain=output connection-mark=CONN2 new-routing-mark=ISP2 passthrough=yes | |
add action=mark-routing chain=output connection-mark=CONN3 new-routing-mark=ISP3 passthrough=yes | |
/routing filter | |
add chain=dynamic-in distance=32 set-distance=1 set-route-comment=ISP3 set-scope=10 | |
add chain=dynamic-in distance=33 set-distance=2 set-route-comment=ISP2 set-scope=10 | |
add chain=dynamic-in distance=34 set-distance=3 set-route-comment=ISP1 set-scope=10 | |
/ip dhcp-client | |
add default-route-distance=34 disabled=no interface=ether3 script="{\ | |
\n :if (\$bound=1) do={\ | |
\n /ip route set [/ip route find where comment=\"ISP3_VALIDATE\"] gateway=\$\"gateway-address\"\ | |
\n } \ | |
\n /ip firewall connection remove [find connection-mark=\"CONN1\"]\ | |
\n /ip firewall connection remove [find connection-mark=\"CONN2\"]\ | |
\n /ip firewall connection remove [find connection-mark=\"CONN3\"]\ | |
\n}" use-peer-dns=no use-peer-ntp=no | |
add default-route-distance=33 disabled=no interface=ether4 script="{\ | |
\n :if (\$bound=1) do={\ | |
\n /ip route set [/ip route find where comment=\"ISP2_VALIDATE\"] gateway=\$\"gateway-address\"\ | |
\n } \ | |
\n /ip firewall connection remove [find connection-mark=\"CONN1\"]\ | |
\n /ip firewall connection remove [find connection-mark=\"CONN2\"]\ | |
\n /ip firewall connection remove [find connection-mark=\"CONN3\"]\ | |
\n}" use-peer-dns=no use-peer-ntp=no | |
add default-route-distance=32 disabled=no interface=ether5 script="{\ | |
\n :if (\$bound=1) do={\ | |
\n /ip route set [/ip route find where comment=\"ISP1_VALIDATE\"] gateway=\$\"gateway-address\"\ | |
\n } \ | |
\n /ip firewall connection remove [find connection-mark=\"CONN1\"]\ | |
\n /ip firewall connection remove [find connection-mark=\"CONN2\"]\ | |
\n /ip firewall connection remove [find connection-mark=\"CONN3\"]\ | |
\n}" use-peer-dns=no use-peer-ntp=no | |
/ip route | |
add comment=ISP1_VALIDATE distance=1 dst-address=185.228.168.9/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP1_VALIDATE distance=1 dst-address=208.67.220.220/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP1_VALIDATE distance=1 dst-address=208.67.222.222/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP2_VALIDATE distance=1 dst-address=94.140.14.14/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP2_VALIDATE distance=1 dst-address=94.140.15.15/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP2_VALIDATE distance=1 dst-address=8.20.247.20/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP3_VALIDATE distance=1 dst-address=9.9.9.9/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP3_VALIDATE distance=1 dst-address=9.9.9.10/32 gateway=127.0.0.1 scope=10 | |
add comment=ISP3_VALIDATE distance=1 dst-address=8.26.56.26/32 gateway=127.0.0.1 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=185.228.168.9 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=208.67.220.220 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=208.67.222.222 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=94.140.14.14 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=94.140.15.15 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.2.2.1/32 gateway=8.20.247.20 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.3.3.1/32 gateway=9.9.9.9 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.3.3.1/32 gateway=9.9.9.10 scope=10 | |
add check-gateway=ping distance=1 dst-address=10.3.3.1/32 gateway=8.26.56.26 scope=10 | |
add distance=1 gateway=10.1.1.1 routing-mark=ISP1 | |
add distance=2 gateway=10.2.2.1 routing-mark=ISP1 | |
add distance=3 gateway=10.3.3.1 routing-mark=ISP1 | |
add distance=1 gateway=10.2.2.1 routing-mark=ISP2 | |
add distance=2 gateway=10.1.1.1 routing-mark=ISP2 | |
add distance=3 gateway=10.3.3.1 routing-mark=ISP2 | |
add distance=1 gateway=10.3.3.1 routing-mark=ISP3 | |
add distance=2 gateway=10.2.2.1 routing-mark=ISP3 | |
add distance=3 gateway=10.1.1.1 routing-mark=ISP3 | |
add distance=20 dst-address=185.228.168.9/32 type=blackhole | |
add distance=20 dst-address=208.67.220.220/32 type=blackhole | |
add distance=20 dst-address=208.67.222.222/32 type=blackhole | |
add distance=20 dst-address=94.140.14.14/32 type=blackhole | |
add distance=20 dst-address=94.140.15.15/32 type=blackhole | |
add distance=20 dst-address=8.20.247.20/32 type=blackhole | |
add distance=20 dst-address=9.9.9.9/32 type=blackhole | |
add distance=20 dst-address=9.9.9.10/32 type=blackhole | |
add distance=20 dst-address=8.26.56.26/32 type=blackhole |
Hi guys, maybe not related to this topic, but I've tried PCC and NTH configuration with my mikrotik rb750gr3 with two ISPs and sometimes I've some troubles with some applications, one of those is GIT when I try to make a pull or a push isn't working, do you know what could be the issue? can be a configuration on my mikrotik? I can share a script if you want.
Hello, is there a version of the script, sweat the 7th series of routeros? This one doesn't work(
Not even imported. Can you make an update on the 7th с of routeros?
Is there a way to use dynamic wan adresses? The ips on my wans change (dynamic ips...)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hi. trying dual.cfg revision 16 Jun, not working with two dhcp-clients. only work when disable one of dhcp clients.
all working