~!!!~ Article By Syed Jahanzaib ~!!!~
Recently at a local cable.network setup, I was asked by the admin that he wanted to add an extra DSL line just for some specific users (VIP users who are paying some extra money for better speed, as the current single dsl is gettting congested by the over subscribed users). he wanted to manage all users via single Mikrotik BOX.
I accomplished this task by adding 2nd DSL line with the Mikrotik BOX and few rules, and Alhamdolillah it worked fine 
. I am sharing just a basic logic , You can take this idea and modify it according to your requirement, either use this logic and mix it with hotspot or pppoe base setup. In this example, user MAC-IP was binded.
Let us assume that we have 2 Users lists.
DSL1_USERS_LIST = 192.168.2.6
DSL2_USERS_LIST = 192.168.2.7
DSL1 Router IP = 192.168.5.2
DSL2 Router IP = 192.168.6.2
And we want that depending on the source IP address, Mikrotik send the traffic out through DSL-1 OR DSL-2.
To accomplish this task, the simple logic is …
STEP#1: First we will create ADDRESS-LIST, and add our users in the list,
STEP#2: Then We have to add two IP Firewall Mangle rules to mark the packets originated from user 1 and user2.
STEP#3: Then we should specify two default routes (destination 0.0.0.0/0) with appropriate routing marks and gateways.
STEP#4: Then simple add one NAT rule for local ip series and Action masquerade.
The complete script is as follows. The basic idea is taken from http://wiki.mikrotik.com/wiki/Load_Balancing_over_Multiple_Gateways, Its a very nice GUI base tutorial to follow to achieve some advance subnet base LB.
/ip address add address=192.168.2.1/24 disabled=no interface=LAN network=192.168.2.0 add address=192.168.5.1/24 disabled=no interface=WAN1 network=192.168.5.0 add address=192.168.6.1/24 disabled=no interface=WAN2 network=192.168.6.0 /ip firewall address-list add address=192.168.2.6 disabled=no list=DSL1_USERS_LIST add address=192.168.2.7 disabled=no list=DSL2_USERS_LIST /ip firewall mangle add action=mark-routing chain=prerouting disabled=no new-routing-mark=wan1_user passthrough=no src-address-list=DSL1_USERS_LIST add action=mark-routing chain=prerouting disabled=no new-routing-mark=wan2_user passthrough=no src-address-list=DSL2_USERS_LIST /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.5.2 routing-mark=wan1_user scope=30 target-scope=10 add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.6.2 routing-mark=wan2_user scope=30 target-scope=10 /ip firewall nat add action=masquerade chain=srcnat disabled=no src-address=192.168.2.0/24
TESTING:
Test the setup by tracing the route to some web address on the Internet!
Go to user1 whose ip address is 192.168.2.6 and do tracert to any web site. for example yahoo.com or if u r testing only (considering you dunt have access to dns serveR)
tracert -d 8.8.8.8
======
RESULT
=======================================
TESTING FROM DSL1_USERS_LIST = 192.168.2.6
=======================================
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-xx-xx-xx-xx-xx
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.6
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
C:\Documents and Settings\zaib>tracert yahoo.com
Tracing route to yahoo.com [209.191.122.70]
over a maximum of 30 hops
1 <1 ms <1 ms 2 ms 192.168.2.1
2 2 ms 2 ms 3 ms 192.168.5.2
.
.
=======================================
TESTING FROM DSL2_USERS_LIST = 192.168.2.7
=======================================
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-xx-xx-xx-xx-xx
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
C:\Documents and Settings\zaib>tracert yahoo.com
Tracing route to yahoo.com [209.191.122.70]
over a maximum of 30 hops
1 <1 ms <1 ms 2 ms 192.168.2.1
2 2 ms 2 ms 3 ms 192.168.6.2
.
.
Regard’s
SYED JAHANZAIB
Nice sharing Jahanzaib bhai! can we do this with any other open source linux distros???
Comment by faizan — October 28, 2011 @ 12:22 AM
sir do this work with hotspot on same pc?
Comment by adeel ahmed — November 13, 2011 @ 9:03 PM
I never tested this in on HOTSPOT particularly, But The theory says it can work
It will work I am sure.
Comment by Pinochio~:) — November 14, 2011 @ 10:35 AM
sir…i interested with this consep…how to setup this concep with external proxy…
may u help me sir
Comment by Mukhsin — January 3, 2012 @ 4:45 PM
Wan1 & Wan2 —- (eth1&2) RB450 (eth4) —- Lan
(eth3)
‘ |
‘ Proxy
Comment by Mukhsin — January 3, 2012 @ 4:49 PM
just wanna to ask you one question..
1) can i change the default ip (192.168.88.1) to different ip like 10.200.0.1?
2) Here my connection
ISP RB750GL switch
How i want to config my router? I have to use 10.200.0.1/24 ip for my LAN
Comment by nisa — January 9, 2012 @ 11:20 AM
am so sorry that I post my recent post in “About Me” page
now
how I can split the IP range of (for example 10.0.0.2-10.0.0.254) in to two groups (A&B)
Group A take NET from ADSL1 ,and Group B take NET from ADSL2 ?
do I have to enter the IP for each Group ?
as I mentioned before ,I use the article “http://wiki.mikrotik.com/wiki/Load_Balancing_over_Multiple_Gateways”
but it didn’t work for me
I need it in PPoE and Hotspot
am very grateful to you ,and to any one who can assist me in this
My Best Regards
(also I send you email about that)
Comment by Firas A.Kareem — February 9, 2012 @ 8:18 PM
Dear its easy to achieve your goal. If you read the article thoroughly , you will be able to make it.
First create two address list, DSL1_Users and DSL2_Users , then add ips in these address list as per your requirements, now mark packets for these address list, and define route for specific marked packets to go through your desired wan link.
Just follow the guide.
in Address list, use your user ip pool (i.e hotspot or pppoe pool)
Comment by Syed Jahanzaib / Pinochio~:) — February 10, 2012 @ 9:05 AM
you are right Mr.Sayd ,I did it ,I put in user list 1:10.0.0.0/25 and 10.0.0.128/25 in user list 2
many thanks to your wonderful ideas !
I have simple question ..or request …
can I put welcome screen in PPoE servers (like login screen of Hotspot)
I want to put a page ,so my clients learn how to setup a PPoE connection
i.e ,when some one connect to my router,rather than Hotspot Login page ,he see that page only,so he learn how to setup PPoE connection,and then connect
Accept my Regards
Comment by Firas A.Kareem — February 11, 2012 @ 6:09 AM
PPPoE doesn’t support this feature.
However you can create custom pppoe dialer, through which when user connects, it opens your local intranet page with instructions. You can use auto-it to create automatd dialer, use your own logic with the following guide.
http://aacable.wordpress.com/2011/09/27/howto-create-windows-7-pppoe-dialer-installer-package-using-auto-it/
Or another approach is to block internet ads and put your own ad with your local intranet page which have all the required links and your service info, for example like the following.
http://aacable.wordpress.com/2011/06/01/squid-howto-block-ads/
Comment by Syed Jahanzaib / Pinochio~:) — February 11, 2012 @ 11:42 AM
Salaam Brother,
Sorry my previous post does not make sence!
******************************************************************************************************************
I am thinking if the following scenrio is possible.
Is it possible in policy routing? That it spread clients equally on wan links. For example:-
If I have 3 wan links and there are 3 users are online, then each client should me on each wan etc etc…
Hope you understand.
Comment by nominet — May 8, 2012 @ 12:57 PM
You can’t do it using PCC. PCC have its algorithm to distribute users among multiple wan links. try with src-address.
Or use policy base routing to distribute users using pools assignment.
Comment by Syed Jahanzaib / Pinochio~:) — May 8, 2012 @ 3:09 PM
It can be achieved by using pools assignments but this is not exactly thing I wanted to do.
I want mikrotik to automatically spread users on wan’s. Is there no other ways other than PCC?
Thanks…
Comment by nominet — May 8, 2012 @ 4:08 PM