Mikrotik Seperate LAN to Different WAN



Mikrotik Seperate LAN to Different WAN

In this tutorial, i will route LAN1 through WAN1, and route LAN2 through WAN2


1. Assign IP on Mikrotik interface

Example: WAN1: 120.136.28.2/30
LAN1: 192.168.100.1/24

WAN2: 120.136.30.2/30
LAN2: 192.168.50.1/24



2. Filter the packet with Mangle

i will copy and past the script, because it is faster
you can manually, check your configuration on the User Interface later.


/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=120.136.28.0/24 action=accept in-interface=LAN1
add chain=prerouting dst-address=120.136.30.0/24 action=accept in-interface=LAN2
add chain=prerouting dst-address-type=!local in-interface=LAN1 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=LAN1 action=mark-routing new-routing-mark=to_WAN1 passthrough=yes
add chain=prerouting connection-mark=WAN2_conn in-interface=LAN2 action=mark-routing new-routing-mark=to_WAN2 passthrough=yes


3. Add load balance route and backup route

/ip route
add dst-address=0.0.0.0/0 gateway=120.136.28.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=120.136.30.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=120.136.28.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=120.136.30.1 distance=2 check-gateway=ping

4. Add nat for WAN1 and WAN2

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

now we can test the connection on LAN1 and LAN2

done!!!


Share on Google Plus

About somono chek

Hi, I am Somono Chek. I've been working in IT field for 8 years. I created this blog for sharing my experiences and knowledge for this 8 years related to IT Skill: Networking, Network Security, Linux Server, Windows Server and other skill related to IT.

1 comments:

  1. Thanks for the tutorial!
    Everything works as expected until I disable wan1. After that I no longer reach the internet.
    If disabling wan2 instead, everything returns to normal. What should be the problem?

    rgds,
    ntsetso

    ReplyDelete