LB

1. *** LB PCC 2 wan ala tukang ngepel WC ***
2.  
3. - kecepatan internet masing-masing wan = beda
4. - ether1 = wan1 = 192.168.1.1 = 20mbps
5. - ether2 = wan2 = 192.168.2.1 = 50mbps
6. - ether3 = warnet
7. - ether4 = hotspot
8. - ether5 = kantor
9. - ether6 = toko
10. - ether7 = wifi rumah-makan
11.  
12. * LB PCC ini tidak berdasarkan interface sumber user *
13.  
14. # address list ip lokal
15. /ip firewall address-list
16. add list="private-lokal" address=0.0.0.0/8
17. add list="private-lokal" address=10.0.0.0/8
18. add list="private-lokal" address=100.64.0.0/10
19. add list="private-lokal" address=127.0.0.0/8
20. add list="private-lokal" address=169.254.0.0/16
21. add list="private-lokal" address=172.16.0.0/12
22. add list="private-lokal" address=192.0.0.0/24
23. add list="private-lokal" address=192.0.2.0/24
24. add list="private-lokal" address=192.168.0.0/16
25. add list="private-lokal" address=198.18.0.0/15
26. add list="private-lokal" address=198.51.100.0/24
27. add list="private-lokal" address=203.0.113.0/24
28. add list="private-lokal" address=224.0.0.0/3
29.  
30. # ip route
31. /ip route
32. add check-gateway=ping comment=satu distance=1 gateway=192.168.2.1
33. add check-gateway=ping comment=dua distance=2 gateway=192.168.1.1
34. add check-gateway=ping comment=exit-1 distance=1 gateway=192.168.2.1 routing-mark=exit-1
35. add check-gateway=ping comment=exit-2 distance=1 gateway=192.168.1.1 routing-mark=exit-2
36. add check-gateway=ping comment=jalur-1 distance=1 gateway=192.168.2.1 routing-mark=jalur-1
37. add check-gateway=ping comment=jalur-2 distance=2 gateway=192.168.1.1 routing-mark=jalur-1
38. add check-gateway=ping comment=jalur-2 distance=1 gateway=192.168.1.1 routing-mark=jalur-2
39. add check-gateway=ping comment=jalur-1 distance=2 gateway=192.168.2.1 routing-mark=jalur-2
40.  
41. # nat
42. /ip firewall nat
43. add action=masquerade chain=srcnat comment=nat-modem out-interface=ether1
44. add action=masquerade chain=srcnat comment=nat-modem out-interface=ether2
45.  
46. # bypass lokal to lokal
47. /ip firewall mangle
48. add action=accept chain=input dst-address-list=private-lokal src-address-list=private-lokal
49. add action=accept chain=prerouting dst-address-list=private-lokal src-address-list=private-lokal
50. add action=accept chain=forward dst-address-list=private-lokal src-address-list=private-lokal
51. add action=accept chain=postrouting dst-address-list=private-lokal src-address-list=private-lokal
52. add action=accept chain=output dst-address-list=private-lokal src-address-list=private-lokal
53.  
54. # agar in dan out di wan yang sama
55. /ip firewall mangle
56. add action=mark-connection chain=input comment=exit-1 in-interface=ether1 new-connection-mark=exit-1 passthrough=yes
57. add action=mark-routing chain=output comment=exit-1 connection-mark=exit-1 new-routing-mark=exit-1 passthrough=no
58. add action=mark-routing chain=prerouting comment=exit-1 connection-mark=exit-1 new-routing-mark=exit-1 passthrough=no
59. add action=mark-connection chain=input comment=exit-2 in-interface=ether2 new-connection-mark=exit-2 passthrough=yes
60. add action=mark-routing chain=output comment=exit-2 connection-mark=exit-2 new-routing-mark=exit-2 passthrough=no
61. add action=mark-routing chain=prerouting comment=exit-2 connection-mark=exit-2 new-routing-mark=exit-2 passthrough=no
62.  
63. # LB PCC
64. /ip firewall mangle
65. add action=mark-routing chain=prerouting comment=jalur-1 dst-address-list=!private-lokal dst-address-type=!local new-routing-mark=jalur-1 passthrough=no per-connection-classifier=both-addresses-and-ports:5/0 src-address-list=private-lokal
66. add action=mark-routing chain=prerouting comment=jalur-1 dst-address-list=!private-lokal dst-address-type=!local new-routing-mark=jalur-1 passthrough=no per-connection-classifier=both-addresses-and-ports:5/1 src-address-list=private-lokal
67. add action=mark-routing chain=prerouting comment=jalur-2 dst-address-list=!private-lokal dst-address-type=!local new-routing-mark=jalur-2 passthrough=no per-connection-classifier=both-addresses-and-ports:5/2 src-address-list=private-lokal
68. add action=mark-routing chain=prerouting comment=jalur-2 dst-address-list=!private-lokal dst-address-type=!local new-routing-mark=jalur-2 passthrough=no per-connection-classifier=both-addresses-and-ports:5/3 src-address-list=private-lokal
69. add action=mark-routing chain=prerouting comment=jalur-2 dst-address-list=!private-lokal dst-address-type=!local new-routing-mark=jalur-2 passthrough=no per-connection-classifier=both-addresses-and-ports:5/4 src-address-list=private-lokal
70.  
71. # fail-over
72. /system scheduler
73. add interval=20s name=fail-over on-event="log warning (\"=============================\")\r\
74. \n#jalur-1 cek\r\
75. \n:if ([/ping address=8.8.8.8 interface=ether1 routing=exit-1 count=10] = 0) do={\r\
76. \n/ip route disable [find comment=jalur-1 gateway=192.168.1.1 disabled=no]\r\
77. \n/ip route set distance=4 [find comment=satu distance=1]\r\
78. \nlog error (\"jalur-1 ether1 down\")\r\
79. \n} else={\r\
80. \n/ip route enable [find comment=jalur-1 gateway=192.168.1.1 disabled=yes]\r\
81. \n/ip route set distance=1 [find comment=satu distance=4]\r\
82. \nlog warning (\"jalur-1 ether1 up\")\r\
83. \n};\r\
84. \n\r\
85. \n#jalur-2 cek\r\
86. \n:if ([/ping address=8.8.8.8 interface=ether2 routing=exit-2 count=10] = 0) do={\r\
87. \n/ip route disable [find comment=jalur-2 gateway=192.168.2.1 disabled=no]\r\
88. \nlog error (\"jalur-2 ether2 down\")\r\
89. \n} else={\r\
90. \n/ip route enable [find comment=jalur-2 gateway=192.168.2.1 disabled=yes]\r\
91. \nlog warning (\"jalur-2 ether2 up\")\r\
92. \n};\r\
93. \nlog warning (\"cek koneksi selesai\")\r\
94. \nlog warning (\"=============================\")"