:global wanAddress1 192.168.10.2/24
:global wanNetwork1 192.168.10.0
:global wanNetwork1Subnet 192.168.10.1/24
:global wanBroadcast1 192.168.10.255
:global wanGateway1 192.168.10.1
:global wanAddress2 192.168.20.2/24
:global wanNetwork2 192.168.20.0
:global wanNetwork2Subnet 192.168.20.1/24
:global wanBroadcast2 192.168.20.255
:global wanGateway2 192.168.20.1
:global localAddress 192.168.100.1/24
:global localNetwork 192.168.100.0
:global localNetwork2 192.168.100.0/24
:global localBroadcast 192.168.100.255
:global localGateway 192.168.100.1
:global localDNS 192.168.100.1
:global localPool 192.168.100.10-192.168.100.200
:global dnsServer 8.8.8.8,8.8.4.4
#| Assign interace's name
/interface set "ether1" name="PORT1_WAN"
/interface set "ether2" name="PORT2_WAN"
/interface set "ether3" name="PORT3_LAN"
/interface set "ether4" name="PORT4_LAN"
/interface set "ether5" name="PORT5_LAN"
#| Assign master port switch
/interface ethernet set PORT4_LAN,PORT5_LAN master-port=PORT3_LAN
#| Assign ipaddress to our interfaces
#| Port 1 -> WAN 1
/ip address add address=$wanAddress1 network=$wanNetwork1 broadcast=$wanBroadcast1 interface=PORT1_WAN
#| Port 2 -> WAN 2
/ip address add address=$wanAddress2 network=$wanNetwork2 broadcast=$wanBroadcast2 interface=PORT2_WAN
#| Port 3 -> Local LAN
#| Port 4 -> Local LAN
#| Port 5 -> Local LAN
/ip address add address=$localAddress network=$localNetwork broadcast=$localBroadcast interface=PORT3_LAN
#| Mark incoming package on input's chain
/ip firewall mangle add chain=input in-interface=PORT1_WAN action=mark-connection new-connection-mark=PORT1_WAN_conn
/ip firewall mangle add chain=input in-interface=PORT2_WAN action=mark-connection new-connection-mark=PORT2_WAN_conn
#| Mark routing package on output's chain
/ip firewall mangle add chain=output connection-mark=PORT1_WAN_conn action=mark-routing new-routing-mark=to_PORT1_WAN
/ip firewall mangle add chain=output connection-mark=PORT2_WAN_conn action=mark-routing new-routing-mark=to_PORT2_WAN
#| Accept all packages if they come from local
/ip firewall mangle add chain=prerouting dst-address=$wanNetwork1Subnet action=accept in-interface=PORT3_LAN
/ip firewall mangle add chain=prerouting dst-address=$wanNetwork2Subnet action=accept in-interface=PORT3_LAN
#| Do the load balance package
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=PORT3_LAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=PORT1_WAN_conn passthrough=yes
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=PORT3_LAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=PORT2_WAN_conn passthrough=yes
#| Mark output network for packages
/ip firewall mangle add chain=prerouting connection-mark=PORT1_WAN_conn in-interface=PORT3_LAN action=mark-routing new-routing-mark=to_PORT1_WAN
/ip firewall mangle add chain=prerouting connection-mark=PORT2_WAN_conn in-interface=PORT3_LAN action=mark-routing new-routing-mark=to_PORT2_WAN
#| Add routing table
/ip route add dst-address=0.0.0.0/0 gateway=$wanGateway1 routing-mark=to_PORT1_WAN check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=$wanGateway1 distance=1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=$wanGateway2 routing-mark=to_PORT2_WAN check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=$wanGateway2 distance=2 check-gateway=ping
#| Assign NAT
/ip firewall nat add chain=srcnat out-interface=PORT1_WAN action=masquerade
/ip firewall nat add chain=srcnat out-interface=PORT2_WAN action=masquerade
#| Assign allow DNS
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=$dnsServer
#| Assign DHCP server
/ip pool add name=default-dhcp ranges=$localPool
/ip dhcp-server add name=default address-pool=default-dhcp interface=PORT3_LAN disabled=no
/ip dhcp-server network add address=$localNetwork2 gateway=$localGateway dns-server=$localDNS
ไม่มีความคิดเห็น:
แสดงความคิดเห็น