2 LAN 2 WAN and failover
Step 1: Assign Interfaces
Open Winbox → Go to Interfaces.
Rename interfaces for clarity:
WAN1 → ISP-I
WAN2 → ISP-II
LAN1 → First LAN (e.g., Office)
LAN2 → Second LAN (e.g., Guest)
⚙️ Step 2: Configure WAN IPs / DHCP Clients
If WANs get IP from ISPs via DHCP:
Go to IP → DHCP Client.
Add WAN1 and WAN2.
Make sure “Add Default Route” is unchecked (we will add routes manually).
If static:
Go to IP → Addresses.
Assign IPs (e.g., 192.168.1.2/24 to WAN1, 192.168.2.2/24 to WAN2).
Set Gateways in IP → Routes.
⚙️ Step 3: Configure LANs
Go to IP → Addresses.
Add addresses:
192.168.10.1/24 → LAN1
192.168.20.1/24 → LAN2
Go to IP → DHCP Server:
Create DHCP servers for LAN1 & LAN2.
Define IP pools.
⚙️ Step 4: Add NAT Masquerade Rules
Go to IP → Firewall → NAT.
Add rules for both WANs:
Chain: srcnat
Out Interface: WAN1 → Action: masquerade
Out Interface: WAN2 → Action: masquerade
⚙️ Step 5: Configure Load Balancing (PCC Method)
We’ll use Per Connection Classifier (PCC) for even load balancing.
Go to IP → Firewall → Mangle.
Add rules:
Mark Connections (per WAN)
Chain: prerouting
In Interface: LAN1, LAN2
PCC: both-addresses-and-ports:2/0
Action: mark-connection → WAN1_conn
Chain: prerouting
In Interface: LAN1, LAN2
PCC: both-addresses-and-ports:2/1
Action: mark-connection → WAN2_conn
Mark Routing (per WAN)
Chain: prerouting
Connection Mark: WAN1_conn
Action: mark-routing → WAN1_route
Chain: prerouting
Connection Mark: WAN2_conn
Action: mark-routing → WAN2_route
⚙️ Step 6: Add Routes
Go to IP → Routes:
0.0.0.0/0 → Gateway: WAN1 Gateway → Routing Mark: WAN1_route
0.0.0.0/0 → Gateway: WAN2 Gateway → Routing Mark: WAN2_route
Also, add a default route without routing mark for router-originated traffic (DNS, updates):
0.0.0.0/0 → Gateway: WAN1 or WAN2 (with distance=1).
⚙️ Step 7: Firewall / Security
Allow LAN access to WAN.
Block WAN access to router except necessary services.
Enable NAT rules.
