hi, a major help, I have run the configuration that I posted.



/ip address
add address=192.168.10.1/24interface=Local
add address=192.168.1.2/24 interface=WAN1
add address=192.168.2.2/24 interface=WAN2



/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.4.4,8.8.8.8



/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_mark
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_mark

add chain=output connection-mark=WAN1_mark action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=WAN2_mark action=mark-routing new-routing-mark=to_ISP2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_mark passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_mark passthrough=yes

add chain=prerouting connection-mark=WAN1_mark in-interface=Local action=mark-routing new-routing-mark=to_ISP1
add chain=prerouting connection-mark=WAN2_mark in-interface=Local action=mark-routing new-routing-mark=to_ISP2



/ip route
add dst-address=8.8.8.8 gateway=192.168.1.1 scope=10
add dst-address=72.30.2.43 gateway=192.168.1.1 scope=10
add dst-address=8.8.4.4 gateway=192.168.2.1 scope=10
add dst-address=199.59.148.82 gateway=192.168.2.1 scope=10


/ip route
add dst-address=10.1.1.1 gateway=8.8.4.4 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.1.1.1 gateway=72.30.2.43 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.2.2.2 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.2.2.2 gateway=199.59.148.82 scope=10 target-scope=10 check-gateway=ping



/ip route
add distance=1 gateway=10.1.1.1 routing-mark=to_ISP1
add distance=2 gateway=10.2.2.2 routing-mark=to_ISP1
add distance=1 gateway=10.2.2.2 routing-mark=to_ISP2
add distance=2 gateway=10.1.1.1 routing-mark=to_ISP2



/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade


everything is fine and works perfectly, the only thing that bothers me and that when I go on websites such FORUM, BLOG, ticket system, I am always thrown out because of the quick change of IP load balancing.

how can I fix it? please help me use the connection to work.

thanks in advance

please help

You must increase you max UDP packet size. I recommend 4096. You will have truncated answers with 512. Also you will end up with DNS amplification attacks against your router if you have an open DNS. Either block UDP 53 from wan or limit it.

Connections are unidirectional so you don't need to match them in and out. Also your marking all packets with connection marks. Either only mark with a state of new or that are not already marked.

I think these changes could help. Honestly there is a lot here that I don't know the reason for but I think the big deal is that your re marking your connections.




Joshaven Potter
http://joshaven.com
Sent from my iPhone using Tapatalk

thank you I'll try I want to clarify that I have a line from 4 to 7 mb mb and now I'll try to take your advice. thank you very much

hello it seems that the problem is solved, a question but I have to block UDP port 53?

one last piece of information to do this I need to follow this wiki?

http://wiki.mikrotik.com/wiki/DDoS

well it seems that the problem is solved now but I do not understand why I can not put in the bridge Ether3 that is the one that has the ip with ether4 ether5, could you tell me the script to be taken pr to go with the bridge ether4 and ether5 number 3

hello, I'm sorry to say but this system did not work, he continues to throw me out of sites such as forums, blogs etc etc, it seems that the latency in changing the ip in load balancing, how can I solve it?

hello, I can not let go of this load balancing, basically I change the remote ip of continuous ip ip1 and quellodi ISP2 and causes me to fall free from the websites you forums, blogs etc etc, you could kindly tell me a solution? are also willing to let you remotely access my routerboard, if anyone can help me please, because I can not work.

thank you in advance

Good evening to all, please help, I do not know why the configuration with load balancing everything works perfect, but I can not loggarm, on the forum, or makes me constantly logout, you could kindly tell me how can I solve this problem

i need 4 wan folover

i need 4 wan folover

You should use PCC load balancing... here is a great writeup that should help:
http://mum.mikrotik.com/presentations/US12/steve.pdf

This guide assumes the following:

"ISP1" is your 1st wan connection name
"ISP2" is your 2nd wan connection name
"LAN" is your local network name

"ISP1" recieves the IP 111.111.111.1/24 on the network 111.111.111.0/24
"ISP2" recieves the IP 222.222.222.1/24 on the network 222.222.222.0/24

1. If your ISP assigned IP's via DHCP be sure to do the following (if they are assigned static move to step 2):

Log into the routeros webfig or winbox:

• IP
• DHCP Client
• Click on your first WAN DHCP client
• Change "add default gateway" to no
• Repeat the same for your second WAN connection

2. Remove current routing rules

• IP
• Firewall
• Nat
• Remove the entry for "masquerade" to your current single ISP.

3. SSH into your router and run the following script: This script assumes that you have 2 equal WAN connections(ex. two 7/1 DSL lines). If you have unbalanced connections you can modify the section of the script that defines how the traffic is balanced. That starts on line 6.

For example I have a 45/6 connection and a 30/6 connection and I have the following lines( Note that there are 5 lines and the first one starts at 5/0 and moves on from there):
The PCC method automatically does failover. All around good way to load balance 2 connections. You can also balance more connections by configuring the script correctly.