This topology explaining what i'm trying to do: It works but sometimes Bridge2 can reach ISP_1 & ISP_2 and download from them only instead of downloading from its specified wans ( ISP_3 & ISP_4)
Here is my configurations: Load Balancing ISP_1 & ISP_2 for Bridge1:
Code: Select all
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address-list=balance in-interface=Bridge1
/ip address add address=192.168.111.1/24 interface=Bridge1
/ip address add address=192.168.1.33/24 interface=ISP_1
/ip address add address=192.168.2.33/24 interface=ISP_2
/ip firewall mangle add chain=input in-interface=ISP_1 action=mark-connection new-connection-mark=ISP1_conn
/ip firewall mangle add chain=input in-interface=ISP_2 action=mark-connection new-connection-mark=ISP2_conn
/ip firewall mangle add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
/ip firewall mangle add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2
/ip firewall mangle add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Bridge1
/ip firewall mangle add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=Bridge1
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=Bridge1 per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP3_conn passthrough=yes
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=Bridge1 per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP4_conn passthrough=yes
/ip firewall mangle add chain=prerouting connection-mark=ISP3_conn in-interface=Bridge1 action=mark-routing new-routing-mark=to_ISP1
/ip firewall mangle add chain=prerouting connection-mark=ISP4_conn in-interface=Bridge1 action=mark-routing new-routing-mark=to_ISP2
/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_ISP1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_ISP2 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
/ip firewall nat add action=masquerade chain=srcnat src-address=192.168.111.0/24 disabled=no
/ip firewall nat add chain=srcnat out-interface=ISP_1 action=masquerade
/ip firewall nat add chain=srcnat out-interface=ISP_2 action=masqueradeCode: Select all
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address-list=balance in-interface=Bridge2
/ip address add address=192.168.112.1/24 interface=Bridge2
/ip address add address=192.168.3.33/24 interface=ISP_3
/ip address add address=192.168.4.33/24 interface=ISP_4
/ip firewall mangle add chain=input in-interface=ISP_3 action=mark-connection new-connection-mark=ISP3_conn
/ip firewall mangle add chain=input in-interface=ISP_4 action=mark-connection new-connection-mark=ISP4_conn
/ip firewall mangle add chain=output connection-mark=ISP3_conn action=mark-routing new-routing-mark=to_ISP3
/ip firewall mangle add chain=output connection-mark=ISP4_conn action=mark-routing new-routing-mark=to_ISP4
/ip firewall mangle add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Bridge2
/ip firewall mangle add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Bridge2
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=Bridge2 per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn passthrough=yes
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=Bridge2 per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn passthrough=yes
/ip firewall mangle add chain=prerouting connection-mark=ISP3_conn in-interface=Bridge2 action=mark-routing new-routing-mark=to_ISP3
/ip firewall mangle add chain=prerouting connection-mark=ISP4_conn in-interface=Bridge2 action=mark-routing new-routing-mark=to_ISP4
/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_ISP3 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_ISP4 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=2 check-gateway=ping
/ip firewall nat add action=masquerade chain=srcnat src-address=192.168.112.0/24 disabled=no
/ip firewall nat add chain=srcnat out-interface=ISP_3 action=masquerade
/ip firewall nat add chain=srcnat out-interface=ISP_4 action=masquerade
