##################################################

# Version 2.1.2 #
# Steve Discher's PCC Setup ScriptVersion 1.0 #
##################################################
# #
# Author: Steve Discher #
# Email: sdischer@learnmikrotik.com #
##################################################
# LICENSE #
# The purchaser of this script is licensed to #
# install on as many routers as you like, as #
# long as the purchaser owns the router. #
# Support is ONLY available for the router for #
# which you originally purchased (recorded on #
# your invoice). Support for other routers WILL #
# be billed at regular support rates. Please #
# contact the vendor where this script was #
# purchased for further details, or email me #
# at info@learnmikrotik.com #
# #
# NO PERMISSION is granted to share this script #
# in whole or in part outside of the original #
# purchaser's organization. #
##################################################
#
# Note: This script only configures the load balancing. You will need
# to set up Wireless, DNS, DHCP server, and basic IP addressing first before
# importing this script. The script does handle NAT/Masquerade so do not
# create a masquerade rule manually.
#
# Configuration - Configure all of the following variables
#
#
# Add a statement like this for every connected network. For example, any
# network to which you are directly connected should be
# in this list
#
#
# Add a statement like this for every network that will be masqueraded.
# If you are not using RFC-1918 addresses, comment this section out
#
/ip firewall address-list
#
# This defines the WAN interfaces for load balancing.
:global WANIF1 "WAN1"
:global WANIF2 "WAN2"
:global WANIF3 "WAN3"
#
# This defines the LAN interface
:global LANIF "LAN5"
#
#This defines the default gateways
#
:global GW1 ""
:global GW2 ""
:global GW3 ""
#
#
# Set the WAN IP to mangle the source address for output traffic if you have
statics, otherwise leave values as is THIS NEEDS WORK
:global WANIP1 ""
:global WANIP2 ""
:global WANIP3 ""
#
#
# ----------------------- Do not change anything below this line
-----------------------
#
# Set interface coments NEEDS TESTING
/interface
set [find name=$"WANIF1"] comment="WAN1"
/interface
set [find name=$"WANIF2"] comment="WAN2"
/interface
set [find name=$"WANIF3"] comment="WAN3"
#
#Allow connected networks to exit Mangle chain so we don't load balance to our
connected networks
#
/ip firewall mangle
add action=accept chain=prerouting comment="Allow connected networks to exit Mangle
chain so we don't load balance \
to our connected networks. Put all LAN and WAN connected networks in the
address list [ConnectedNetworks]" \
disabled=no dst-address-list=ConnectedNetworks
#
# Create Mangle rules that will sort the traffic into streams
#
add action=mark-connection chain=prerouting comment=\
"Create Mangle rules that will sort the traffic into streams WAN1" connection-
mark=no-mark disabled=no \
dst-address-type=!local in-interface=$"LANIF" new-connection-mark=WAN1
passthrough=yes \
per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting comment=\
"Create Mangle rules that will sort the traffic into streams WAN2" connection-
mark=no-mark disabled=no \
dst-address-type=!local in-interface=$"LANIF" new-connection-mark=WAN2
passthrough=yes \
per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting comment=\
"Create Mangle rules that will sort the traffic into streams WAN2" connection-
mark=no-mark disabled=no \
dst-address-type=!local in-interface=$"LANIF" new-connection-mark=WAN2
passthrough=yes \
per-connection-classifier=both-addresses:3/2

#
#Create the mangles to add the routing marks to the packets:
#
add action=mark-routing chain=prerouting comment="Create the mangles to add the
routing marks to the packets based\
on the connection mark in the PREROUTING CHAIN" connection-mark=WAN1
disabled=no \
in-interface=$"LANIF" new-routing-mark=ether1-mark passthrough=yes
add action=mark-routing chain=prerouting comment="Create the mangles to add the
routing marks to the packets based\
 on the connection mark in the PREROUTING CHAIN" connection-mark=WAN2
disabled=no \
in-interface=$"LANIF" new-routing-mark=ether2-mark passthrough=yes
add action=mark-routing chain=prerouting comment="Create the mangles to add the
routing marks to the packets based\
on the connection mark in the PREROUTING CHAIN" connection-mark=WAN3
disabled=no \
in-interface=$"LANIF" new-routing-mark=ether3-mark passthrough=yes

#
#Ensures traffic from the router itself returns through the proper interface:
#
add action=mark-routing chain=output comment=\
"This rule ensures traffic from the router itself returns through the proper
interface" connection-mark=WAN1 \
disabled=no new-routing-mark=ether1-mark passthrough=yes
add action=mark-routing chain=output comment=\
"This rule ensures traffic from the router itself returns through the proper
interface" connection-mark=WAN2 \
disabled=no new-routing-mark=ether2-mark passthrough=yes
add action=mark-routing chain=output comment=\
"This rule ensures traffic from the router itself returns through the proper
interface" connection-mark=WAN3 \
disabled=no new-routing-mark=ether3-mark passthrough=yes

#Identify which WAN interface the traffic/Volumes/C/Documents and

Settings/Steve/Desktop/Carabelle Beach-19700102-0130.backup
/Volumes/C/Documents and Settings/Steve/Desktop/Carabelle.rsc came in and mark the
connections appropriately:
#
add action=mark-connection chain=prerouting comment=\
"Identify which WAN interface the traffic came in and mark the connections
appropriately" connection-mark=\
no-mark disabled=no in-interface=$"WANIF1" new-connection-mark=WAN1
passthrough=yes
add action=mark-connection chain=prerouting comment=\
"Identify which WAN interface the traffic came in and mark the connections
appropriately" connection-mark=\
no-mark disabled=no in-interface=$"WANIF2" new-connection-mark=WAN2
passthrough=yes
add action=mark-connection chain=prerouting comment=\
"Identify which WAN interface the traffic came in and mark the connections
appropriately" connection-mark=\
no-mark disabled=no in-interface=$"WANIF3” new-connection-mark=WAN3
passthrough=yes
#
#
# Mark managemnt traffic to the router NEEDS WORK
add action=mark-routing chain=output comment="Mark traffic from the router" \
new-routing-mark=ether1-mark src-address=$"WANIP1"
add action=mark-routing chain=output comment="Mark traffic from the router" \
new-routing-mark=ether2-mark src-address=$"WANIP2"
add action=mark-routing chain=output comment="Mark traffic from the router" \
new-routing-mark=ether3-mark src-address=$"WANIP3"
#
#
#
# Masquerade RFC-1918 addresses going out WAN interfaces
#
/ip firewall nat
#
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=$"WANIF1" \
src-address-list=MasqueradedNetworks comment="Masquerade traffic out WAN1 from
[MasqueradeNetworks]"
add action=masquerade chain=srcnat disabled=no out-interface=$"WANIF2" \
src-address-list=MasqueradedNetworks comment="Masquerade traffic out WAN2 from
[MasqueradeNetworks]"
add action=masquerade chain=srcnat disabled=no out-interface=$"WANIF3" \
src-address-list=MasqueradedNetworks comment="Masquerade traffic out WAN3 from
[MasqueradeNetworks]"
#
# Add the marked and unmarked routes with check gateway:
#
/ip route
add check-gateway=ping comment="Default router WAN1, marked" disabled=no distance=1
dst-address=0.0.0.0/0 gateway=\
$"GW1" routing-mark=ether1-mark scope=30 target-scope=10
add check-gateway=ping comment="Default router WAN2, marked" disabled=no distance=1
dst-address=0.0.0.0/0 gateway=\
$"GW2" routing-mark=ether2-mark scope=30 target-scope=10
add check-gateway=ping comment="Default router WAN3, marked" disabled=no distance=1
dst-address=0.0.0.0/0 gateway=\
$"GW3" routing-mark=ether3-mark scope=30 target-scope=10
add comment="Default router WAN1, unmarked" disabled=no distance=1 dst-
address=0.0.0.0/0 gateway=$"GW1" \
scope=30 target-scope=10
add comment="Default router WAN2, unmarked" disabled=no distance=1 dst-
address=0.0.0.0/0 gateway=$"GW2" \
scope=30 target-scope=10
add comment="Default router WAN3, unmarked" disabled=no distance=1 dst-
address=0.0.0.0/0 gateway=$"GW3" \
scope=30 target-scope=10

#END#