Mikrotik Seperate LAN to Different WAN



Mikrotik Seperate LAN to Different WAN

In this tutorial, i will route LAN1 through WAN1, and route LAN2 through WAN2


1. Assign IP on Mikrotik interface

Example: WAN1: 120.136.28.2/30
LAN1: 192.168.100.1/24

WAN2: 120.136.30.2/30
LAN2: 192.168.50.1/24



2. Filter the packet with Mangle

i will copy and past the script, because it is faster
you can manually, check your configuration on the User Interface later.


/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=120.136.28.0/24 action=accept in-interface=LAN1
add chain=prerouting dst-address=120.136.30.0/24 action=accept in-interface=LAN2
add chain=prerouting dst-address-type=!local in-interface=LAN1 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=LAN1 action=mark-routing new-routing-mark=to_WAN1 passthrough=yes
add chain=prerouting connection-mark=WAN2_conn in-interface=LAN2 action=mark-routing new-routing-mark=to_WAN2 passthrough=yes


3. Add load balance route and backup route

/ip route
add dst-address=0.0.0.0/0 gateway=120.136.28.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=120.136.30.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=120.136.28.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=120.136.30.1 distance=2 check-gateway=ping

4. Add nat for WAN1 and WAN2

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

now we can test the connection on LAN1 and LAN2

done!!!


Share on Google Plus

About somono chek

Hi, I am Somono Chek. I've been working in IT field for 8 years. I created this blog for sharing my experiences and knowledge for this 8 years related to IT Skill: Networking, Network Security, Linux Server, Windows Server and other skill related to IT.

3 comments:

  1. Thanks for the tutorial!
    Everything works as expected until I disable wan1. After that I no longer reach the internet.
    If disabling wan2 instead, everything returns to normal. What should be the problem?

    rgds,
    ntsetso

    ReplyDelete
  2. i ahve 6 wan and one lan and 60user. me chata hon ku 10 user her ik wan pe aayn load ke hesaab se kia ye mumkin ha

    ReplyDelete
  3. Hi bro, Thank for videos) I have a question about 2WAN and 2LAN.
    I have WAN1 and LAN1 on mikrotik router (for my internet access) and i want to create new WAN2 and LAN2 for my VoIP. I use on WAN for internet access PPoE connection which you add login and password (like a bridge connection). But for telephones uplink it's dynamic connection. When i connect WAN2 (Voip) uplink to my router it will work.But i can't configurate this. When i select for expamle ethernet6 (master port) show error "you can't create second master-port " Could you hel me about this problem.

    ReplyDelete