Syed Jahanzaib Personal Blog to Share Knowledge !

February 1, 2014

Mikrotik: Routing Target Web Site to Secondary WAN Link

Filed under: Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 3:44 PM

If you have two WAN links, and you want to dedicate one link for the specific web site or FACEBOOK traffic only, you can do it with Mikrotik in few simple steps.

First understand the logic, Main idea is to first create the script which will catch the target web site name via dns cache, and then it will add it to a address list with target web site ip addresses. (it will be done automatically via using the script) ,  Now in mangle, create a rule to mark packets with the above created address list, , then in route section, create new route to forward marked packets to go via WAN 2 link.

First add the script

SCRIPT SECTION:

Add the script which will catch the required web site name using dns-cache

###############################################
# script name: target_web_site
# Script to add TARGET_WEB_SITE DNS IP addresses
# Syed Jahanzaib / aacable@hotmail.com
# Script Source: N/A / GOOGLE : )

:log warning "Script Started ... Adding TARGET_WEB_SITE DNS ip's to address list name TARGET_WEB_SITE_dns_ips"
:foreach i in=[/ip dns cache find] do={
:local bNew "true";
:local cacheName [/ip dns cache all get $i name] ;
:if ([:find $cacheName "aacable.wordpress.com"] != 0) do={
:local tmpAddress [/ip dns cache get $i address] ;
:put $tmpAddress;
:if ( [/ip firewall address-list find ] = "") do={
:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress");
/ip firewall address-list add address=$tmpAddress list=TARGET_WEB_SITE_dns_ips comment=$cacheName;
} else={
:foreach j in=[/ip firewall address-list find ] do={
:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
:set bNew "false";
}
}
:if ( $bNew = "true" ) do={
:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress");
/ip firewall address-list add address=$tmpAddress list=TARGET_WEB_SITE_dns_ips comment=$cacheName;
}
}
}
}
# TARGET_WEB_SITE DNS IP ADD Script Ended ...

SCHEDULER SECTION:

Schedule the script to run after every 5 minutes  (or hourly basis)

/system scheduler
add disabled=no interval=5m name=target_web_site_schedule on-event=target_web_site_schedule policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb/11/2014 start-time=00:00:00

MARK PACKETS SECTION:

Now mark traffic for the required web site in PREROUTING chain.

/ip firewall mangle
add action=mark-routing chain=prerouting disabled=no dst-address-list=TARGET_WEB_SITE_dns_ips new-routing-mark=target_website_packets passthrough=yes

ROUTE MARKED PACKETS SECTION:

Finally, create a route for the marked packets to go via second wan.

/ip route
add comment="Route for marked packets for target web marked packets" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=target_website_packets scope=30 target-scope=10

###############################################

All Done !!!
Now simply open your required web site , adn elt the script run ( or run it manually), now you will see few ip addresses in the ip > firewall > address-list

Its amazing, you can route any Website/traffic to specific WAN link, for example dedicated DSL link for streaming media sites or FB. its kewl 😉

For more info and ideas, please visit following link.
http://wiki.mikrotik.com/wiki/Per-Traffic_Load_Balancing

zaiB !

%d bloggers like this: