Kode Program Fail opOver

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping

http://opreknetwork.blogspot.co.id/2014/08/setting-load-balancing-2-isp-dengan-
pcc.html

/ip route
add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-
mark=route-to-isp1 distance=1
add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-
mark=route-to-isp1 distance=2
add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-
mark=route-to-isp2 distance=1
add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-
mark=route-to-isp2 distance=2

### Bagian 1, Mengarahkan traffic masuk dari setiap interface wan, agar keluar
pada interface yang sesuai
/ip firewall mangle
add action=mark-connection chain=prerouting comment="IN/OUT FOR EACH WAN" \
connection-mark=no-mark in-interface=Modem1 new-connection-mark=\
cm_in_isp1
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=Modem2 new-connection-mark=cm_in_isp2
add action=mark-routing chain=output connection-mark=cm_in_isp1 \
new-routing-mark=via_Modem1
add action=mark-routing chain=output connection-mark=cm_in_isp2 \
new-routing-mark=via_Modem2

### Bagian 2, Jump paket dengan klasifikasi TCP 80, dan membuat custom chain nth-
balancer, klasifikasikan setiap koneksi dengan state new
add action=jump chain=prerouting comment="LB NTH JUMPER [!!! only for tcp 80
traffic]" \
connection-state=new dst-address-list=!rfc1918 dst-port=80 in-interface=\
all-ethernet jump-target=nth-balancer protocol=tcp
add action=mark-connection chain=nth-balancer comment="LB NTH BALANCER
CLASSIFIER" \
in-interface=ether3-lan new-connection-mark=cm_nth_balancer_1 nth=2,1
add action=mark-connection chain=nth-balancer in-interface=ether3-lan \
new-connection-mark=cm_nth_balancer_2 nth=2,2
add action=return chain=nth-balancer in-interface=ether3-lan

### Bagian 3, paket yang telah diklasfikasikan secara NTH, di-routing-kan ke

masing-masing gateway upstream
add action=mark-routing chain=prerouting comment="LB NTH ROUTE" \
connection-mark=cm_nth_balancer_1 in-interface=ether3-lan new-routing-mark=\
via_Modem1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=cm_nth_balancer_2 \
in-interface=ether3-lan new-routing-mark=via_Modem2 passthrough=no

### Bagian 4, Jump paket dengan klasifikasi selain TCP 80, dan membuat custom
chain, pcc-balancer, klasifikasikan setiap koneksi dengan dst-address dan port yang
sama kedalam satu kelompok
add action=jump chain=prerouting comment="LB PCC JUMPER [for any traffic]" \
dst-address-list=!rfc1918 in-interface=ether3-lan jump-target=pcc-balancer \
protocol=!ospf
add action=jump chain=prerouting dst-address-list=!rfc1918 in-interface=ether3-
lan \
jump-target=pcc-balancer protocol=tcp
add action=jump chain=prerouting dst-address-list=!rfc1918 in-interface=ether3-
lan \
jump-target=pcc-balancer protocol=udp
add action=mark-connection chain=pcc-balancer comment="LB PCC BALANCER
CLASSIFIER" \
in-interface=ether3-lan new-connection-mark=cm_pcc_balancer_1 \
per-connection-classifier=dst-address-and-port:2/0
add action=mark-connection chain=pcc-balancer in-interface=ether3-lan \
new-connection-mark=cm_pcc_balancer_2 per-connection-classifier=\
dst-address-and-port:2/1
add action=return chain=pcc-balancer in-interface=ether3-lan

### Bagian 5. Paket yang telah diklasifikasikan secara PCC, di-routing-kan ke

masing-masing gateway upstream
add action=mark-routing chain=prerouting comment="LB PCC ROUTE" \
connection-mark=cm_pcc_balancer_1 in-interface=ether3-lan new-routing-mark=\
via_Modem1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=cm_pcc_balancer_2 \
in-interface=ether3-lan new-routing-mark=via_Modem2 passthrough=no

### Bagian 6. Membuat address list yang terdiri dari Blok IP Private, rules load
balancing tidak akan diaplikasikan untuk paket yang berasal dari network local
dengan tujuan ke network local juga
/ip firewall address-list
add address=192.168.0.0/24 list=rfc1918
add address=172.16.0.0/12 list=rfc1918
add address=10.0.0.0/8 list=rfc1918

### Bagian 7. Membuat routing table default dan custom routing table untuk masing-
masih provider.
/ip route
add check-gateway=ping distance=1 gateway=Modem1 routing-mark=via_Modem1
add check-gateway=ping distance=1 gateway=Modem2 routing-mark=via_Modem2
add distance=1 gateway=Modem1
add distance=2 gateway=Modem2

### Bagian 8. Melakukan SNAT/MASQUERADE ke arah interface public agar ip private

dibelakang router dapat mengakses internet
/ip fi nat
add action=masquerade chain=srcnat comment="MASQ PUBLIC" out-interface=\
Modem1
add action=masquerade chain=srcnat comment="MASQ PUBLIC" out-interface=\
Modem2

================================================

/ip address
add address=192.168.0.166/24 network=192.168.0.0 broadcast=192.168.0.255
interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255
interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255
interface=WAN2

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-

packet-size=512 servers=8.8.8.8
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-
mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-
mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-

mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-
mark=to_WAN2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local

add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-

classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-
mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-
classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-
mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-

routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-
routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-
gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-
gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping

/ip firewall nat

add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

PCC WITH UN-EQUAL WAN LINKS

If you have Un-Equal WAN Links, for example WAN,1 is of 4MB and WAN,2 is of 8 Mb,
and you want to force MT to use WAN42link more then other because of its capacity,
Then you have to Add more PCC rules assigning the same two marks to a specific link
i.e WAN2 , something like

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-

classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-
mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-
classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-
mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-
classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-
mark=WAN2_conn passthrough=yes