Skip to content

Instantly share code, notes, and snippets.

@cakriwut

cakriwut/router.cfg

Forked from FranMercedesG/router.cfg
Created July 2, 2023 03:04
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cakriwut/c6d1301966e670d471fdae7e4d549200 to your computer and use it in GitHub Desktop.
Save cakriwut/c6d1301966e670d471fdae7e4d549200 to your computer and use it in GitHub Desktop.
Download ZIP
Mikrotik dual dhcp wan recursive failover w/ pcc load balancing
Raw
router.cfg
/interface bridge add auto-mac=no name=bridge
/interface bridge port add bridge=bridge interface=ether1
/interface bridge port add bridge=bridge interface=ether2
/interface bridge port add bridge=bridge interface=ether3
/interface list add name=WAN
/interface list add name=LAN
/interface list member add interface=bridge list=LAN
/interface list member add interface=ether5 list=WAN
/interface list member add interface=ether4 list=WAN
/ip address add address=192.168.88.1/24 interface=bridge network=192.168.88.0
/ip pool add name=pool1 ranges=192.168.88.100-192.168.88.254
/ip dhcp-server add address-pool=pool1 disabled=no interface=bridge name=dhcp1
/ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1
/ip dhcp-client add default-route-distance=32 disabled=no interface=ether5 script="{\r\
\n\t:if (\$bound=1) do={\r\
\n\t\t/ip route set [/ip route find where comment=\"0051_WAN5_GW1\"] gateway=\$\"gateway-address\"\r\
\n\t\t/ip route set [/ip route find where comment=\"0052_WAN5_GW2\"] gateway=\$\"gateway-address\"\r\
\n\t\t/ip firewall mangle set [/ip firewall mangle find where comment=\"ACCEPT_GW1\"] dst-address=\$\"gateway-address\"\r\
\n\t\t/ip firewall connection remove [find connection-mark=\"CONN1\"]\r\
\n\t} \r\
\n}" use-peer-dns=no
/ip dhcp-client add default-route-distance=33 disabled=no interface=ether4 script="{\r\
\n\t:if (\$bound=1) do={\r\
\n\t\t/ip route set [/ip route find where comment=\"0041_WAN4_GW1\"] gateway=\$\"gateway-address\"\r\
\n\t\t/ip route set [/ip route find where comment=\"0042_WAN4_GW2\"] gateway=\$\"gateway-address\"\r\
\n\t\t/ip firewall mangle set [/ip firewall mangle find where comment=\"ACCEPT_GW2\"] dst-address=\$\"gateway-address\"\r\
\n\t\t/ip firewall connection remove [find connection-mark=\"CONN2\"]\r\
\n\t} \r\
\n}" use-peer-dns=no
/routing filter add chain=dynamic-in distance=33 set-distance=2 set-route-comment=0004_WAN4
/routing filter add chain=dynamic-in distance=32 set-distance=1 set-route-comment=0005_WAN5
/ip firewall nat add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=WAN
/ip firewall mangle add action=accept chain=prerouting comment=ACCEPT_GW1 in-interface=bridge
/ip firewall mangle add action=accept chain=prerouting comment=ACCEPT_GW2 in-interface=bridge
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether5 new-connection-mark=CONN1
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether4 new-connection-mark=CONN2
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=CONN1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=CONN2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=CONN1 in-interface=bridge new-routing-mark=ROUTE1
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=CONN2 in-interface=bridge new-routing-mark=ROUTE2
/ip firewall mangle add action=mark-routing chain=output connection-mark=CONN1 new-routing-mark=ROUTE1
/ip firewall mangle add action=mark-routing chain=output connection-mark=CONN2 new-routing-mark=ROUTE2
/ip route add comment=0041_WAN4_GW1 distance=1 dst-address=94.247.43.254/32 gateway=192.168.88.1 scope=10
/ip route add comment=0042_WAN4_GW2 distance=1 dst-address=64.6.64.6/32 gateway=192.168.88.1 scope=10
/ip route add comment=0051_WAN5_GW1 distance=1 dst-address=195.10.195.195/32 gateway=192.168.88.1 scope=10
/ip route add comment=0052_WAN5_GW2 distance=1 dst-address=64.6.65.6/32 gateway=192.168.88.1 scope=10
/ip route add check-gateway=ping comment=0401_WAN4_PING1 distance=1 dst-address=10.2.2.2/32 gateway=94.247.43.254 scope=10
/ip route add check-gateway=ping comment=0402_WAN4_PING2 distance=1 dst-address=10.2.2.2/32 gateway=64.6.64.6 scope=10
/ip route add check-gateway=ping comment=0501_WAN5_PING1 distance=1 dst-address=10.1.1.1/32 gateway=195.10.195.195 scope=10
/ip route add check-gateway=ping comment=0502_WAN5_PING2 distance=1 dst-address=10.1.1.1/32 gateway=64.6.65.6 scope=10
/ip route add comment=4001_WAN4_PRIMARY distance=1 gateway=10.2.2.2 target-scope=30 routing-mark=ROUTE2
/ip route add comment=4002_WAN4_FAILOVER distance=2 gateway=10.2.2.2 routing-mark=ROUTE1
/ip route add comment=5001_WAN5_PRIMARY distance=1 gateway=10.1.1.1 target-scope=30 routing-mark=ROUTE1
/ip route add comment=5002_WAN5_FAILOVER distance=2 gateway=10.1.1.1 routing-mark=ROUTE2
/ip route add distance=20 dst-address=64.6.64.6/32 type=blackhole
/ip route add distance=20 dst-address=64.6.65.6/32 type=blackhole
/ip route add distance=20 dst-address=94.247.43.254/32 type=blackhole
/ip route add distance=20 dst-address=195.10.195.195/32 type=blackhole
/ip firewall address-list add address=192.168.88.0/24 list=local
/ip settings set route-cache=no
/ip upnp set enabled=yes
/ip upnp interfaces add interface=bridge type=internal
/ip upnp interfaces add interface=ether5 type=external
/ip upnp interfaces add interface=ether4 type=external
/tool graphing interface add interface=ether4
/tool graphing interface add interface=ether5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment