Contents
Script
generated from https://buananetpbun.github.io/pcc.html
ROS 7.X
#############################################################
# LOAD BALANCING (LB) PCC SCRIPT GENERATOR
# Date/Time: 6/27/2022, 1:19:22 PM
# Created By: BuanaNETPBun.Github.io - fb.me/buananet.pbun
# Load Balancing Method -> PCC (Per Connection Clasifier)
#############################################################
/ip firewall address-list
add address=192.168.0.0/16 list=LOCAL-IP comment="LB By BNT"
add address=172.16.0.0/12 list=LOCAL-IP comment="LB By BNT"
add address=10.0.0.0/8 list=LOCAL-IP comment="LB By BNT"
/ip firewall nat
add chain=srcnat out-interface="ether1-WAN" action=masquerade comment="LB By BNT"
add chain=srcnat out-interface="ether2-WAN" action=masquerade comment="LB By BNT"
/routing table
add name="to-ether1-WAN" fib comment="LB By BNT"
add name="to-ether2-WAN" fib comment="LB By BNT"
/ip route
add check-gateway=ping distance=1 gateway="10.5.51.1" routing-table="to-ether1-WAN" comment="LB By BNT"
add check-gateway=ping distance=1 gateway="192.168.1.1" routing-table="to-ether2-WAN" comment="LB By BNT"
add check-gateway=ping distance=1 gateway="10.5.51.1" comment="LB By BNT"
add check-gateway=ping distance=2 gateway="192.168.1.1" comment="LB By BNT"
/ip firewall mangle
add action=mark-connection chain=input in-interface="ether1-WAN" new-connection-mark="cm-ether1-WAN" passthrough=yes comment="LB By BNT"
add action=mark-connection chain=input in-interface="ether2-WAN" new-connection-mark="cm-ether2-WAN" passthrough=yes comment="LB By BNT"
add action=mark-routing chain=output connection-mark="cm-ether1-WAN" new-routing-mark="to-ether1-WAN" passthrough=yes comment="LB By BNT"
add action=mark-routing chain=output connection-mark="cm-ether2-WAN" new-routing-mark="to-ether2-WAN" passthrough=yes comment="LB By BNT"
add action=mark-connection chain=prerouting dst-address-list=!LOCAL-IP dst-address-type=!local new-connection-mark="cm-ether1-WAN" passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address-list=LOCAL-IP comment="LB By BNT"
add action=mark-connection chain=prerouting dst-address-list=!LOCAL-IP dst-address-type=!local new-connection-mark="cm-ether2-WAN" passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address-list=LOCAL-IP comment="LB By BNT"
add action=mark-routing chain=prerouting connection-mark="cm-ether1-WAN" dst-address-list=!LOCAL-IP new-routing-mark="to-ether1-WAN" passthrough=yes src-address-list=LOCAL-IP comment="LB By BNT"
add action=mark-routing chain=prerouting connection-mark="cm-ether2-WAN" dst-address-list=!LOCAL-IP new-routing-mark="to-ether2-WAN" passthrough=yes src-address-list=LOCAL-IP comment="LB By BNT"
Hotspot Setting
-
Setting hotspot as usual
-
Change mangle for PCC (every mangel with "per-connection-classifier" set) by argument hotspot=auth
Note :
because now mange rule is applied only to hotspot (or pppoe if you set it), IF you want to use Load Balance to be used on other lan (or bypassed hotspot client), you need to make another PCC mangle with separate address list
example :add action=mark-connection chain=prerouting dst-address-list=!OTHER-LOCAL-IP dst-address-type=!local new-connection-mark="cm-ether1-WAN" passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address-list=OTHER-LOCAL-IP comment="LB By BNT" add action=mark-connection chain=prerouting dst-address-list=!OTHER-LOCAL-IP dst-address-type=!local new-connection-mark="cm-ether2-WAN" passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address-list=OTHER-LOCAL-IP comment="LB By BNT"
And make sure thoose address list is incuded to
LOCAL-IP
or address list name you use on your setting, so it will stil get route mangle from the last line from above script. OR you can just make new mangel route rule wihtOTHER-LOCAL-IP
address list -
EDIT dinamic firewall dns nat created from hotspot setup to alow dns traffic if user is authenticated, because otherwise authenticated hotspot user dns traffic will be blocked.
/ip firewall nat set 2,3 hotspot=!auth
adjust the
2,3
part to match your firewall configuration, make sure its the DNS part from dynamically created hotspot rule.The rules above will change to the default when we disable and re-enable the hotspot service, so it must be re-set if we want to use it again.