Với thiết bị Router Mikrotik, sản phẩm đến từ LATVIA dường như còn khá mới mẻ với thị trường Việt Nam thì việc cấu hình còn khá bỡ ngỡ cho các bạn.Sau đây mình sẽ share cho các bạn code cấu hình load balancing, failover 2 WAN kết hợp NAT inbound cho các ports 8000,88,554 trên router MikroTik thực tế tham khảo:

/ip firewall mangle

add chain=prerouting dst-address=192.168.1.0/24 in-interface=bridge1

add action=mark-connection chain=input connection-mark=no-mark in-interface=\

pppoe-out1 new-connection-mark=WAN1 passthrough=no

add action=mark-connection chain=input connection-mark=no-mark in-interface=\

pppoe-out2 new-connection-mark=WAN2 passthrough=no

add action=mark-routing chain=output connection-mark=WAN1 new-routing-mark=\

WAN1 passthrough=no

add action=mark-routing chain=output connection-mark=WAN2 new-routing-mark=\

WAN2 passthrough=no

add action=mark-connection chain=prerouting connection-state=new dst-port=\

8000,88,554 in-interface=pppoe-out1 new-connection-mark=WAN1 passthrough=\

no protocol=tcp

add action=mark-connection chain=prerouting connection-state=new dst-port=\

8000,88,554 in-interface=pppoe-out2 new-connection-mark=WAN2 passthrough=\

no protocol=tcp

add action=mark-connection chain=prerouting connection-mark=no-mark \

dst-address-type=!local in-interface=bridge1 new-connection-mark=WAN1 \

per-connection-classifier=both-addresses:2/0

add action=mark-connection chain=prerouting connection-mark=no-mark \

dst-address-type=!local in-interface=bridge1 new-connection-mark=WAN2 \

per-connection-classifier=both-addresses:2/1

add action=mark-routing chain=prerouting connection-mark=WAN1 in-interface=\

bridge1 new-routing-mark=WAN1 passthrough=no

add action=mark-routing chain=prerouting connection-mark=WAN2 in-interface=\

bridge1 new-routing-mark=WAN2 passthrough=no

/ip firewall nat

add action=masquerade chain=srcnat out-interface=pppoe-out1

add action=masquerade chain=srcnat out-interface=pppoe-out2

add action=dst-nat chain=dstnat dst-address-type=local dst-port=88 protocol=\

tcp to-addresses=192.168.1.200 to-ports=88

add action=masquerade chain=srcnat dst-address=192.168.1.200 dst-port=88 \

out-interface=bridge1 protocol=tcp src-address=192.168.1.0/24

add action=dst-nat chain=dstnat dst-address-type=local dst-port=8000 \

protocol=tcp to-addresses=192.168.1.200 to-ports=8000

add action=masquerade chain=srcnat dst-address=192.168.1.200 dst-port=8000 \

out-interface=bridge1 protocol=tcp src-address=192.168.1.0/24

add action=dst-nat chain=dstnat dst-address-type=local dst-port=554 protocol=\

tcp to-addresses=192.168.1.200 to-ports=554

add action=masquerade chain=srcnat dst-address=192.168.1.200 dst-port=554 \

out-interface=bridge1 protocol=tcp src-address=192.168.1.0/24