Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- (kepada yth penanya LB PCC)
- *** LB PCC 2 wan ala tukang ngepel WC ***
- - kecepatan internet masing-masing wan = beda
- - ether1 = wan1 = 192.168.1.1 = 20mbps
- - ether2 = wan2 = 192.168.2.1 = 40mbps
- - ether3 = warnet
- - ether4 = hotspot
- - ether5 = kantor
- - ether6 = toko
- - ether7 = wifi rumah-makan
- * LB PCC ini tidak berdasarkan interface sumber user *
- # address list ip lokal
- /ip firewall address-list
- add list="private-lokal" address=0.0.0.0/8
- add list="private-lokal" address=10.0.0.0/8
- add list="private-lokal" address=100.64.0.0/10
- add list="private-lokal" address=127.0.0.0/8
- add list="private-lokal" address=169.254.0.0/16
- add list="private-lokal" address=172.16.0.0/12
- add list="private-lokal" address=192.0.0.0/24
- add list="private-lokal" address=192.0.2.0/24
- add list="private-lokal" address=192.168.0.0/16
- add list="private-lokal" address=198.18.0.0/15
- add list="private-lokal" address=198.51.100.0/24
- add list="private-lokal" address=203.0.113.0/24
- add list="private-lokal" address=224.0.0.0/3
- # ip route
- /ip route
- add check-gateway=ping comment=satu distance=1 gateway=192.168.2.1
- add check-gateway=ping comment=dua distance=2 gateway=192.168.1.1
- add check-gateway=ping comment=exit-1 distance=1 gateway=192.168.2.1 routing-mark=exit-1
- add check-gateway=ping comment=exit-2 distance=1 gateway=192.168.1.1 routing-mark=exit-2
- add check-gateway=ping comment=jalur-1 distance=1 gateway=192.168.2.1 routing-mark=jalur-1
- add check-gateway=ping comment=jalur-2 distance=2 gateway=192.168.1.1 routing-mark=jalur-1
- add check-gateway=ping comment=jalur-2 distance=1 gateway=192.168.1.1 routing-mark=jalur-2
- add check-gateway=ping comment=jalur-1 distance=2 gateway=192.168.2.1 routing-mark=jalur-2
- # nat
- /ip firewall nat
- add action=masquerade chain=srcnat comment=nat-modem out-interface=ether1
- add action=masquerade chain=srcnat comment=nat-modem out-interface=ether2
- # bypass lokal to lokal
- /ip firewall mangle
- add action=accept chain=input dst-address-list=private-lokal src-address-list=private-lokal
- add action=accept chain=prerouting dst-address-list=private-lokal src-address-list=private-lokal
- add action=accept chain=forward dst-address-list=private-lokal src-address-list=private-lokal
- add action=accept chain=postrouting dst-address-list=private-lokal src-address-list=private-lokal
- add action=accept chain=output dst-address-list=private-lokal src-address-list=private-lokal
- # agar in dan out di wan yang sama
- /ip firewall mangle
- add action=mark-connection chain=input comment=exit-1 in-interface=ether1 new-connection-mark=exit-1 passthrough=yes
- add action=mark-routing chain=output comment=exit-1 connection-mark=exit-1 new-routing-mark=exit-1 passthrough=no
- add action=mark-routing chain=prerouting comment=exit-1 connection-mark=exit-1 new-routing-mark=exit-1 passthrough=no
- add action=mark-connection chain=input comment=exit-2 in-interface=ether2 new-connection-mark=exit-2 passthrough=yes
- add action=mark-routing chain=output comment=exit-2 connection-mark=exit-2 new-routing-mark=exit-2 passthrough=no
- add action=mark-routing chain=prerouting comment=exit-2 connection-mark=exit-2 new-routing-mark=exit-2 passthrough=no
- # LB PCC
- /ip firewall mangle
- add action=mark-routing chain=prerouting comment=jalur-1 dst-address-list=!private-lokal dst-address-type=!local new-routing-mark=jalur-1 passthrough=no per-connection-classifier=both-addresses-and-ports:3/0 src-address-list=private-lokal
- add action=mark-routing chain=prerouting comment=jalur-2 dst-address-list=!private-lokal dst-address-type=!local new-routing-mark=jalur-2 passthrough=no per-connection-classifier=both-addresses-and-ports:3/1 src-address-list=private-lokal
- add action=mark-routing chain=prerouting comment=jalur-2 dst-address-list=!private-lokal dst-address-type=!local new-routing-mark=jalur-2 passthrough=no per-connection-classifier=both-addresses-and-ports:3/2 src-address-list=private-lokal
- # fail-over
- /system scheduler
- add interval=20s name=fail-over on-event="log warning (\"=============================\")\r\
- \n#jalur-1 cek\r\
- \n:if ([/ping address=8.8.8.8 interface=ether1 routing=exit-1 count=10] = 0) do={\r\
- \n/ip route disable [find comment=jalur-1 gateway=192.168.1.1 disabled=no]\r\
- \n/ip route set distance=4 [find comment=satu distance=1]\r\
- \nlog error (\"jalur-1 ether1 down\")\r\
- \n} else={\r\
- \n/ip route enable [find comment=jalur-1 gateway=192.168.1.1 disabled=yes]\r\
- \n/ip route set distance=1 [find comment=satu distance=4]\r\
- \nlog warning (\"jalur-1 ether1 up\")\r\
- \n};\r\
- \n\r\
- \n#jalur-2 cek\r\
- \n:if ([/ping address=8.8.8.8 interface=ether2 routing=exit-2 count=10] = 0) do={\r\
- \n/ip route disable [find comment=jalur-2 gateway=192.168.2.1 disabled=no]\r\
- \nlog error (\"jalur-2 ether2 down\")\r\
- \n} else={\r\
- \n/ip route enable [find comment=jalur-2 gateway=192.168.2.1 disabled=yes]\r\
- \nlog warning (\"jalur-2 ether2 up\")\r\
- \n};\r\
- \nlog warning (\"cek koneksi selesai\")\r\
- \nlog warning (\"=============================\")"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
