Mikrotik (MT) Config

We start by giving and IP address to the MT Router ports and renaming the ports that its easier to
manage.

/ip address

add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=WANOUT

add address=192.168.1.200/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.200/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2
add address=192.168.3.200/24 network=192.168.3.0 broadcast=192.168.3.255 interface=WAN3
add address=192.168.4.200/24 network=192.168.4.0 broadcast=192.168.4.255 interface=WAN4

Here we will add the firewall Mangle rules

/ip firewall mangle

add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn

add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
add chain=input in-interface=WAN4 action=mark-connection new-connection-mark=WAN4_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1

add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
add chain=output connection-mark=WAN4_conn action=mark-routing new-routing-mark=to_WAN4

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=WANOUT

add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=WANOUT
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=WANOUT
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=WANOUT

add chain=prerouting dst-address-type=!local in-interface=WANOUT per-connection-classifier=both-

addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WANOUT per-connection-classifier=both-
addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WANOUT per-connection-classifier=both-
addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WANOUT per-connection-classifier=both-
addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=WANOUT action=mark-routing new-

routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=WANOUT action=mark-routing new-
routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=WANOUT action=mark-routing new-
routing-mark=to_WAN3
add chain=prerouting connection-mark=WAN4_conn in-interface=WANOUT action=mark-routing new-
routing-mark=to_WAN4

Now add the routes so that the MT router know what its gateways are.

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.254 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.254 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.254 routing-mark=to_WAN3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.254 routing-mark=to_WAN4 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.254 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.254 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.254 distance=3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.254 distance=4 check-gateway=ping

Next the Firewall Nat Rules

/ip firewall nat

add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
add chain=srcnat out-interface=WAN3 action=masquerade
add chain=srcnat out-interface=WAN4 action=masquerade

Lastly we need to add the DNS server that we can resolve hostnames

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512

servers= 192.168.1.254,192.168.2.254,192.168.3.254,192.168.4.254