shaposhnikoff · November 6, 2019 22:16
diff --git a/mikrotik two WAN backup b/mikrotik two WAN backup
 /ip firewall mangle
 # mark incoming connections (same rules cover both traffic for router and traffic forwarded to LAN)

 add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether1-primary new-connection-mark=conn_primary passthrough=no
    
 add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether2-backup new-connection-mark=conn_backup passthrough=no
    
 # jump to another table for all potentially outgoing connections

 add action=jump chain=output jump-target=routing
 add action=jump chain=prerouting in-interface=LAN jump-target=routing
 add action=jump chain=prerouting in-interface=WIFI jump-target=routing
 # no need to process packets which are not going out through any ISP
 add action=return chain=routing dst-address-type=local,broadcast,multicast
 add action=return chain=routing dst-address-list="Internal LAN"
 # set routing marks for marked connections
 add action=mark-routing chain=routing connection-mark=conn_primary \
    new-routing-mark=main passthrough=no
 add action=mark-routing chain=routing connection-mark=conn_backup \
    new-routing-mark=backup passthrough=no
 # unmarked connections
 add action=mark-routing chain=routing connection-mark=no-mark disabled=yes \
    new-routing-mark=backup passthrough=no comment="enable this to use backup isp"
 add action=mark-routing chain=routing connection-mark=no-mark \
    new-routing-mark=main passthrough=no

 # routes
 /ip route
 add dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-mark=backup
 add dst-address=0.0.0.0/0 gateway=2.2.2.2
	/ip firewall mangle
	# mark incoming connections (same rules cover both traffic for router and traffic forwarded to LAN)

	add action=mark-connection chain=prerouting connection-mark=no-mark \
	in-interface=ether1-primary new-connection-mark=conn_primary passthrough=no

	add action=mark-connection chain=prerouting connection-mark=no-mark \
	in-interface=ether2-backup new-connection-mark=conn_backup passthrough=no

	# jump to another table for all potentially outgoing connections

	add action=jump chain=output jump-target=routing
	add action=jump chain=prerouting in-interface=LAN jump-target=routing
	add action=jump chain=prerouting in-interface=WIFI jump-target=routing
	# no need to process packets which are not going out through any ISP
	add action=return chain=routing dst-address-type=local,broadcast,multicast
	add action=return chain=routing dst-address-list="Internal LAN"
	# set routing marks for marked connections
	add action=mark-routing chain=routing connection-mark=conn_primary \
	new-routing-mark=main passthrough=no
	add action=mark-routing chain=routing connection-mark=conn_backup \
	new-routing-mark=backup passthrough=no
	# unmarked connections
	add action=mark-routing chain=routing connection-mark=no-mark disabled=yes \
	new-routing-mark=backup passthrough=no comment="enable this to use backup isp"
	add action=mark-routing chain=routing connection-mark=no-mark \
	new-routing-mark=main passthrough=no

	# routes
	/ip route
	add dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-mark=backup
	add dst-address=0.0.0.0/0 gateway=2.2.2.2