Scribd Logo
Upload

Welcome to Scribd!

  • PCC

    Uploaded by

    Hsat Aung
    9 views1 page

    Original Title

    pcc

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views1 page

    PCC

    Uploaded by

    Hsat Aung

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    /ip address

    add address=172.16.16.1 interface=LAN


    add address=192.168.1.1 interface=WAN1
    add address=192.168.2.2 interface=WAN2

    /ip firewall mangle


    add chain=input in-interface=SFP+1 action=mark-connection new-connection-
    mark=WAN1_conn
    add chain=input in-interface=SFP+2 action=mark-connection new-connection-
    mark=WAN2_conn

    add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-


    mark=to_WAN1
    add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-
    mark=to_WAN2

    add chain=prerouting dst-address=10.123.123.0/30 action=accept in-interface=BG-LAN


    add chain=prerouting dst-address=45.250.202.0/30 action=accept in-interface=BG-LAN

    add chain=prerouting dst-address-type=!local in-interface=BG-LAN per-connection-


    classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-
    mark=WAN1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=BG-LAN per-connection-
    classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-
    mark=WAN2_conn passthrough=yes

    add chain=prerouting connection-mark=WAN1_conn in-interface=BG-LAN action=mark-


    routing new-routing-mark=to_WAN1
    add chain=prerouting connection-mark=WAN2_conn in-interface=BG-LAN action=mark-
    routing new-routing-mark=to_WAN2

    /ip route
    add dst-address=0.0.0.0/0 gateway=10.123.123.2 routing-mark=to_WAN1 check-
    gateway=ping
    add dst-address=0.0.0.0/0 gateway=45.250.202.253 routing-mark=to_WAN2 check-
    gateway=ping

    add dst-address=0.0.0.0/0 gateway=10.123.123.2 distance=1 check-gateway=ping


    add dst-address=0.0.0.0/0 gateway=45.250.202.253 distance=2 check-gateway=ping

    /ip firewall nat


    add chain=srcnat out-interface=SFP+1 action=masquerade
    add chain=srcnat out-interface=SFP+2 action=masquerade

    IF YOU HAVE HOTSPOT ENABLED, ADD THIS

    /ip firewall nat


    add action=accept chain=pre-hotspot disabled=no dst-address-type=!local
    hotspot=auth

    You might also like