Syed Jahanzaib Personal Blog to Share Knowledge !

February 1, 2014

Mikrotik: Routing Target Web Site to Secondary WAN Link

Filed under: Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 3:44 PM

If you have two WAN links, and you want to dedicate one link for the specific web site or FACEBOOK traffic only, you can do it with Mikrotik in few simple steps.

First understand the logic, Main idea is to first create the script which will catch the target web site name via dns cache, and then it will add it to a address list with target web site ip addresses. (it will be done automatically via using the script) ,  Now in mangle, create a rule to mark packets with the above created address list, , then in route section, create new route to forward marked packets to go via WAN 2 link.

First add the script


Add the script which will catch the required web site name using dns-cache

# script name: target_web_site
# Script to add TARGET_WEB_SITE DNS IP addresses
# Syed Jahanzaib /
# Script Source: N/A / GOOGLE : )

:log warning "Script Started ... Adding TARGET_WEB_SITE DNS ip's to address list name TARGET_WEB_SITE_dns_ips"
:foreach i in=[/ip dns cache find] do={
:local bNew "true";
:local cacheName [/ip dns cache all get $i name] ;
:if ([:find $cacheName ""] != 0) do={
:local tmpAddress [/ip dns cache get $i address] ;
:put $tmpAddress;
:if ( [/ip firewall address-list find ] = "") do={
:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress");
/ip firewall address-list add address=$tmpAddress list=TARGET_WEB_SITE_dns_ips comment=$cacheName;
} else={
:foreach j in=[/ip firewall address-list find ] do={
:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
:set bNew "false";
:if ( $bNew = "true" ) do={
:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress");
/ip firewall address-list add address=$tmpAddress list=TARGET_WEB_SITE_dns_ips comment=$cacheName;


Schedule the script to run after every 5 minutes  (or hourly basis)

/system scheduler
add disabled=no interval=5m name=target_web_site_schedule on-event=target_web_site_schedule policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb/11/2014 start-time=00:00:00


Now mark traffic for the required web site in PREROUTING chain.

/ip firewall mangle
add action=mark-routing chain=prerouting disabled=no dst-address-list=TARGET_WEB_SITE_dns_ips new-routing-mark=target_website_packets passthrough=yes


Finally, create a route for the marked packets to go via second wan.

/ip route
add comment="Route for marked packets for target web marked packets" disabled=no distance=1 dst-address= gateway= routing-mark=target_website_packets scope=30 target-scope=10


All Done !!!
Now simply open your required web site , adn elt the script run ( or run it manually), now you will see few ip addresses in the ip > firewall > address-list

Its amazing, you can route any Website/traffic to specific WAN link, for example dedicated DSL link for streaming media sites or FB. its kewl 😉

For more info and ideas, please visit following link.

zaiB !


  1. thats good i think its better than load balancing


    Comment by usman — August 7, 2011 @ 7:21 PM

    • Hmmm in some scenario its good.
      For example, at my friends setup, I used it to route only Youtube base traffic to DSl line (10mb x 4 dsl). Main internet backbone was 30mb via fiber optics. but I didn’t wanted it to put youtube load on main feed, therefore I marked Youtube content and route it to RB750 Load balancer. That’s how I saved considerably bandwidth :)~

      Liked by 1 person

      Comment by Pinochio / zaib — August 8, 2011 @ 7:23 AM

      • hello. sir can you plz guide me how to get dns cache in separate load balancer. coz i have two mikrotik 1 for load balance and 2nd is for pppoe server. the problem is i do not get dns cache in load balcer .as i get in pppoe server tell me how to get in load balancer


        Comment by Arslan — October 29, 2016 @ 4:49 PM

  2. i apply the rule but still the same situation kindly tell me how to put the browsing on one wan and download on one wan.Thanks


    Comment by salman — October 14, 2011 @ 1:22 PM

    • plz pura rule likh da samj nai lag rahe is ki


      Comment by waqar — July 31, 2013 @ 11:14 PM

  3. use packet marking.
    Mark the packet with the extentions you want to route to 2nd wan for example .mp3 .exe .flv etc etc.
    Then create new route for marked packet and set its gateway to 2nd wan.


    Comment by Pinochio~:) — October 14, 2011 @ 1:58 PM

  4. kindly u can tell me the script Thanks


    Comment by Salman — October 17, 2011 @ 12:56 AM

  5. In this paket marking youtube streaming will also be balance?


    Comment by salman — October 17, 2011 @ 7:19 PM

    • Actually the method described in this post will mark packets for specific destination ips, then request for these destination will be routed to second gateway. These ips can be any web site ip whether its you-tube or any other.


      Comment by Pinochio~:) — October 18, 2011 @ 10:52 AM

  6. Sir u can give me example of packet marking.That how to do



    Comment by salman — October 27, 2011 @ 1:51 PM

  7. Q:1- Can we route youtube (same addresses) on 2 to 3 wan links at a time? and give us Rules.
    Q:2- Can we use PCC with this routing.



    Comment by crownwirelessm — December 18, 2011 @ 2:09 PM

    • 1# You can define only one Route for specific marked packets.
      2# Yes you can use PCC with some minor editing.


      Comment by Pinochio~:) — December 19, 2011 @ 10:40 AM

      • when i use you tube routing, then all other traffic automatically route to second WAN link?



        Comment by crownwirelessazam — December 24, 2011 @ 1:17 PM

      • Well, the target was to route youtube or FLV related traffic to one WAN link and all other traffic to Second WAN link.
        Describe in detail if you have any query regarding it.


        Comment by Pinochio~:) — December 24, 2011 @ 2:32 PM

      • can you please tell us what are the minor editing needed for this to work with PCC?


        Comment by Mayssam Ismail — December 11, 2016 @ 7:11 PM

  8. Youtube routing
    /ip route add comment=”” disabled=no distance=1 dst-address= gateway= routing-mark=youtube scope=255 target-scope=10

    all other traffic routing
    /ip route add comment=”” disabled=no distance=1 dst-address= gateway= scope=255 target-scope=10 check-gateway=ping

    for failover DSL-2
    /ip route add comment=”” disabled=no distance=2 dst-address= gateway= scope=255 target-scope=10 check-gateway=ping

    is this ok?



    Comment by muhammad azam — December 27, 2011 @ 3:00 PM

  9. Youtube routing
    /ip route add comment=”” disabled=no distance=1 dst-address= gateway=”DSL-1 IP address” routing-mark=youtube scope=255 target-scope=10
    all other traffic routing
    /ip route add comment=”” disabled=no distance=1 dst-address= gateway=”DSL-2 IP address” scope=255 target-scope=10 check-gateway=ping
    for failover DSL-2
    /ip route add comment=”” disabled=no distance=2 dst-address= gateway=”DSL-1 IP address” scope=255 target-scope=10 check-gateway=ping

    is this ok?



    Comment by muhammad azam — December 27, 2011 @ 3:02 PM

  10. Good job. Sir i want better youtube service on one wan. i.e, prioritize youtube over downloading


    Comment by waqar — May 10, 2012 @ 11:20 PM

  11. Dear Jhanzaib Bhai…. AOA

    I cant able to traceout the IP’s of youtube, as they hide he IP’s on the backend of….. Kindlt tell me how to deal with this issue…. IP is showing at nslookup but its not to be UTUBE IP


    Comment by kashif khan — September 1, 2012 @ 9:08 PM

    • Create a address list name Youtube

      Try this

      /ip firewall mangle chain=prerouting action=add-dst-to-address-list protocol=tcp address-list=Youtube address-list-timeout=60m in-interface=!ether2(WAN Interface) dst-port=80

      Addresses will be added to Youtube address list and will be there for 1 hour.


      Comment by Syed Jahanzaib / Pinochio~:) — September 1, 2012 @ 10:49 PM

  12. Asalam O Alikum sir

    sir thanks for this article.. sir if you can please tell how to use this thing with pcc, i hve tried it but not working 😦


    Comment by ZJ — September 22, 2012 @ 2:07 PM

  13. Hi, can some one help me to make one WAN for browsing (HTTP&HTTPS), and the other one for Download and youtube?



    please help!


    Comment by zoomoos — December 12, 2012 @ 6:07 PM

  14. Thank you! Thats what I was looking for 🙂
    I am using YT dst-address mark by content and add to address-list
    right now around 1300 IPs
    but I noticed some streams of downloading are going through YT WAN also…
    but in general it free 40% utilization from WAN_1 to WAN_YT 🙂


    Comment by Arni — February 6, 2013 @ 4:41 AM

  15. Hi every body
    I have 2 inter face as following:
    2-Wan-1 and in the wan interface i have 4 valid ip and i has set all of the 4 IP in the IP Address List.

    As example I want to send all traffic for through the one of the valid ip on WAN-1, and all more traffic to the next valid ip on the same wan interface. Can some one help me?????????


    Comment by Pooyan — March 1, 2013 @ 3:19 AM

  16. You can also use the CONTENT option in advanced tab to mark-routing the packets. Use and mark-routing to whatever wan you need


    Comment by John — December 3, 2013 @ 7:05 AM

  17. WAN-1 for youtube
    WAN-2 for remaining

    this script is working perfectly for specific routing with browsing and online vedios contant..
    but when i need to download it starts downloading from WAN-2 ,,please help me


    Comment by irfan — February 19, 2014 @ 1:29 AM

  18. Thanks for finally writing about >Mikrotik: Routing Target Web Site to Secondary WAN Link | Syed
    Jahanzaib Personnel Blog to Share Knowledge ! <Loved it!


    Comment by juice beauty — March 19, 2014 @ 11:28 PM

  19. plz review the above script it is not work correctly


    Comment by Eng Ahmedm — April 22, 2014 @ 3:11 PM

  20. Syed,

    Thanks for your work.
    Please let me know why in is this url repeatly shown “print $x . “http://fathayu/” …?



    Comment by patito — May 10, 2014 @ 11:21 AM

  21. Hi
    can somebody help me to redirect some trafic for a list of a network address to one WAN, and another address to de second WAN.


    Comment by Alex Monkam — May 23, 2014 @ 1:31 AM

  22. give me youtube address list and facebook address list


    Comment by 3l1t3p0is0n — February 28, 2015 @ 1:23 PM

  23. Hello,
    I have a lease line of 155Mbps from an ISP. This ISP has given me /30 on wan side and /21 LAN pools on Static Route. No BGP is established because I do not have my IP’s & AS thus cannot do peering. Now I want to have only Google/Youtube bandwidth from a new provider and route all Google/YT request to this new ISP. The idea is to save app. 45% bandwidth on my main ISP. How can I achieve this without BGP


    Comment by Aamir — August 16, 2015 @ 5:11 PM

  24. Hello Every One, i am running 3 WAN Load-balancing using PCC method.
    Working great.

    So now i need to use one website to be used selected Wan

    For Example
    i want to open www(dot).WebsiteName(dot).com
    it should only use WAN 2 for this website..

    But it not effect over all load balancing.


    Comment by hammad hassan — October 25, 2015 @ 3:55 PM

  25. in my mikrotik I have configured 2 wans 1 is main and 1 for backup simply 2 wan configured. I am adding 3rd wan for youtube but this script is not working in my router box what should I do ?


    Comment by raheel — February 13, 2016 @ 4:59 PM

  26. asslam Alikum i am Using microtik 951Ui-2Hnd with to diffirent ISP but LAN network some time creating DNS problem How to arrange DNS of Both ISP primary and secondry. i am facing this issue many time try to resolove but it is not resolving Plz help me to to arrange DNS of Two diffirent ISP


    Comment by Muhammad Tariq — April 25, 2016 @ 7:01 PM

  27. Hello, first at all, ¡thanks for sharing!!
    I think there are something wrong with the script, I want to send the traffic for “” to second gateway but when the script fill the address list with so many other sites that does not have relation with “” sites like news portals or on line radio stations. I want to know if I am doing something wrong or that is normal. THANKS!


    Comment by Nicolas Emmanuel — December 16, 2016 @ 7:57 PM

  28. but what about secondry WAN didt that line stop providing traffinc on my board and just provide for facebook ?? or he provide facebook and the other websites ?


    Comment by qassam — January 21, 2017 @ 2:22 PM

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: