Script loadbalance multiwan PPPoE RouterOS 7

Các tính năng chính:

1. Script cho phép bạn gửi lưu lượng từ danh sách địa chỉ đặc biệt qua kết  nối pppoe cụ thể, bỏ qua luật cân bằng tải (Ví dụ: TV của bạn luôn phải đi qua pppoe-02).

2. Script hỗ trợ HAIRPIN-NAT

3. Script giải quyết vấn đề multiwan khi bạn đang xây dựng các đường hầm VPN ra (openvpn, wireguard, IPSec vv). Vui lòng xem phần hồ sơ pppoe.

4. Script thân thiện với CPU

Trong script giả định bạn có 2 liên kết WAN pppoe:

1. ether1 với pppoe-01 (FPT)

2. ether2 với pppoe-02 (VNPT)

Và 2 bridge LAN:

1. Bridge-lan-01 (ether3, ether4, ether5)

2. bridge-lan-02 (sử dụng sau này)

/interface/list/add name=WAN comment="For Internet"
/interface/list/add name=LAN comment="For Local Area Networks"


/interface pppoe-client
add disabled=no interface=ether1 name=pppoe-01 add-default-route=no user=fpt1 password=fpt1
add disabled=no interface=ether2 name=pppoe-02 add-default-route=no user=vnpt1 password=vnpt1


/interface/bridge/
add name=bridge-lan-01 comment=LAN1
add name=bridge-lan-02 comment=LAN2
/interface/bridge/port
add bridge=bridge-lan-01 interface=ether3
add bridge=bridge-lan-01 interface=ether4
add bridge=bridge-lan-01 interface=ether5


/interface/list/member/add interface=ether1 list=WAN comment="Uplink WAN for PPPoE-01"
/interface/list/member/add interface=ether2 list=WAN comment="Uplink WAN for PPPoE-02"
/interface/list/member/add interface=pppoe-01 list=WAN comment=PPPoE-01
/interface/list/member/add interface=pppoe-02 list=WAN comment=PPPoE-02 
/interface/list/member/add interface=bridge-lan-01 list=LAN
/interface/list/member/add interface=bridge-lan-02 list=LAN


/ip/neighbor/discovery-settings/set discover-interface-list=!WAN
/tool/mac-server/set allowed-interface-list=LAN
/tool/mac-server/mac-winbox/set allowed-interface-list=LAN


/ip/firewall/address-list
add address=0.0.0.0/8 comment="\"This\" Network" list=BOGONS
add address=10.0.0.0/8 comment="Private-Use Networks" list=BOGONS
add address=100.64.0.0/10 comment="Shared Address Space. RFC 6598" list=BOGONS
add address=127.0.0.0/8 comment="Loopback" list=BOGONS
add address=169.254.0.0/16 comment="Link Local" list=BOGONS
add address=172.16.0.0/12 comment="Private-Use Networks" list=BOGONS
add address=192.0.0.0/24 comment="IETF Protocol Assignments" list=BOGONS
add address=192.0.2.0/24 comment="TEST-NET-1" list=BOGONS
add address=192.168.0.0/16 comment="Private-Use Networks" list=BOGONS
add address=198.18.0.0/15 comment="Network Interconnect Device Benchmark Testing" list=BOGONS
add address=198.51.100.0/24 comment="TEST-NET-2" list=BOGONS
add address=203.0.113.0/24 comment="TEST-NET-3" list=BOGONS
add address=224.0.0.0/4 comment="Multicast" list=BOGONS
add address=192.88.99.0/24 comment="6to4 Relay Anycast" list=BOGONS
add address=240.0.0.0/4 comment="Reserved for Future Use" list=BOGONS
add address=255.255.255.255 comment="Limited Broadcast" list=BOGONS


/ip/dns/set servers=1.1.1.1,8.8.8.8

/ip/address/add interface=bridge-lan-01 address=192.168.88.1/24 comment="LAN1 IP"
/ip/address/add interface=bridge-lan-02 address=172.16.0.1/23 comment="LAN2 IP"

/routing/rule/add dst-address=192.168.88.0/24 table=main action=lookup comment="to LAN1"
/routing/rule/add dst-address=172.16.0.0/23 table=main action=lookup comment="to LAN2"

/ip/firewall/nat/add action=masquerade chain=srcnat comment="Masquerade WAN (non-ipsec)" ipsec-policy=out,none out-interface-list=WAN
/ip/firewall/nat/add action=src-nat chain=srcnat comment="Hairpin to LAN1" out-interface=bridge-lan-01 src-address=192.168.88.0/24 to-addresses=192.168.88.1
/ip/firewall/nat/add action=src-nat chain=srcnat comment="Hairpin to LAN2" out-interface=bridge-lan-01 src-address=172.16.0.0/23 to-addresses=172.16.0.1

/routing/table/add disabled=no fib name=rtab_pppoe-01
/routing/table/add disabled=no fib name=rtab_pppoe-02


/ip/firewall/mangle/add action=mark-connection chain=prerouting comment="Connmark in from PPPoE-01" \
    connection-mark=no-mark in-interface=pppoe-01 new-connection-mark=connmark_pppoe-01 passthrough=no
/ip/firewall/mangle/add action=mark-connection chain=prerouting comment="Connmark in from PPPoE-02" \
    connection-mark=no-mark in-interface=pppoe-02 new-connection-mark=connmark_pppoe-02 passthrough=no

/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark \
    comment="Address List via PPPoE-01" dst-address-list=!BOGONS dst-address-type=!local new-connection-mark=connmark_pppoe-01 \
    passthrough=yes src-address-list=Via_PPPoE-01
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark \
    comment="Address List via PPPoE-02" dst-address-list=!BOGONS dst-address-type=!local new-connection-mark=connmark_pppoe-02 \
    passthrough=yes src-address-list=Via_PPPoE-02

/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark \
    comment="LoadBalance transit connections via PPPoE-01" dst-address-list=!BOGONS dst-address-type=!local new-connection-mark=connmark_pppoe-01 \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark \
    comment="LoadBalance transit connections via PPPoE-02" dst-address-list=!BOGONS dst-address-type=!local new-connection-mark=connmark_pppoe-02 \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1


/ip/firewall/mangle/add action=mark-routing chain=prerouting \
    comment="Routemark transit out via PPPoE-01" connection-mark=connmark_pppoe-01 \
    dst-address-type=!local in-interface-list=!WAN new-routing-mark=rtab_pppoe-01 passthrough=no
/ip/firewall/mangle/add action=mark-routing chain=prerouting \
    comment="Routemark transit out via PPPoE-02" connection-mark=connmark_pppoe-02 \
    dst-address-type=!local in-interface-list=!WAN new-routing-mark=rtab_pppoe-02 passthrough=no


/ip/firewall/mangle/add action=mark-routing chain=output \
    comment="Routemark local out via PPPoE-01" connection-mark=connmark_pppoe-01 \
    dst-address-type=!local new-routing-mark=rtab_pppoe-01 passthrough=no
/ip/firewall/mangle/add action=mark-routing chain=output \
    comment="Routemark local out via PPPoE-02" connection-mark=connmark_pppoe-02 \
    dst-address-type=!local new-routing-mark=rtab_pppoe-02 passthrough=no

/interface/bridge/add name=bridge-loopback comment="Loopback interface for emergency routing"
/ip/route/add distance=254 gateway=bridge-loopback comment="Emergency route"

/ip/route/add comment="Unmarked via PPPoE-01" distance=1 gateway=pppoe-01
/ip/route/add comment="Unmarked via PPPoE-02" distance=2 gateway=pppoe-02

/ip route add comment="Marked via PPPoE-01 Main" distance=1 gateway=pppoe-01 routing-table=rtab_pppoe-01
/ip route add comment="Marked via PPPoE-01 Backup" distance=2 gateway=pppoe-02 routing-table=rtab_pppoe-01

/ip route add comment="Marked via PPPoE-02 Main" distance=1 gateway=pppoe-02 routing-table=rtab_pppoe-02
/ip route add comment="Marked via PPPoE-02 Backup" distance=2 gateway=pppoe-01 routing-table=rtab_pppoe-02


/ppp profile
add name=profile-pppoe-01 comment="Add/remove route rule for pppoe-01" on-down="/routing/rule/ remove [find comment=\"From PPPoE-01 IP to Inet\"]" on-up=":if [:tobool ([/routing/rule/ find comment=\"From PPPoE-01 IP to \
    Inet\"])] do={\r\
    \n  /routing/rule/ set [find comment=\"From PPPoE-01 IP to Inet\"] \\\r\
    \n    src-address=\$\"local-address\" table=rtab_pppoe-01} else={\r\
    \n  /routing/rule/ add action=lookup comment=\"From PPPoE-01 IP to Inet\" src-address=\$\"local-address\" table=rtab_pppoe-01 }"

/interface/pppoe-client/set pppoe-01 profile=profile-pppoe-01

/ppp profile
add name=profile-pppoe-02  comment="Add/remove route rule for pppoe-02" on-down="/routing/rule/ remove [find comment=\"From PPPoE-02 IP to Inet\"]" on-up=":if [:tobool ([/routing/rule/ find comment=\"From PPPoE-02 IP to \
    Inet\"])] do={\r\
    \n  /routing/rule/ set [find comment=\"From PPPoE-02 IP to Inet\"] \\\r\
    \n    src-address=\$\"local-address\" table=rtab_pppoe-02} else={\r\
    \n  /routing/rule/ add action=lookup comment=\"From PPPoE-02 IP to Inet\" src-address=\$\"local-address\" table=rtab_pppoe-02 }"

/interface/pppoe-client/set pppoe-02 profile=profile-pppoe-02

Leave a Reply

Your email address will not be published. Required fields are marked *