here is my setup. I have 2 ISPs. "ACT" & "AIRTEL"
I want to setup PCC so that traffic can be shared. (yes, i'm aware pcc is per connection)
ACT is PPPoE (on ether8 -- PPPoE interface is "ACT") & Airtel is Static IP ( 192.168.1.10 ) with a ISP Box (192.168.1.1/24)
I have a container that does DNS, and I have a dstnat rule to force all clients to use that server, regardless of their setting
I have created the rules based on -- I copied this from viewtopic.php?t=179853#p999053
Code: Select all
# 1970-01-02 01:38:37 by RouterOS 7.14.1
# software id = LU4G-2UN3
#
# model = RB5009UG+S+
# serial number = xxxxx
/disk
set data slot=data
/interface ethernet
set [ find default-name=ether1 ] advertise=1G-baseT-full
/interface pppoe-client
add disabled=no interface=ether8 name=ACT user=pppoeuser125231
/interface veth
add address=192.168.100.2/24 gateway=192.168.100.1 gateway6="" name=veth1
/interface list
add name=LAN
/ip pool
add name=Wireless_AP ranges=192.168.50.10-192.168.50.200
add name=LAN_WIRED ranges=192.168.70.10-192.168.70.200
/ip dhcp-server
add address-pool=Wireless_AP interface=ether1 name=WIRELESS_AP
add address-pool=LAN_WIRED interface=ether2 name=WIRED_LAN
/routing table
add disabled=no fib name=ACT_RTB
add disabled=no fib name=AIRTEL_RTB
/container
add envlist=nextdns_param hostname=nextdns interface=veth1 logging=yes root-dir=data/tmp/nextdns start-on-boot=yes
/container config
set ram-high=200.0MiB tmpdir=data/tmp
/container envs
add key=NEXTDNS_ARGUMENTS name=nextdns_param value="-listen :53 -report-client-info -log-queries -profile xxxx -forwarder 3gppnetwork.org=183.83.\
185.156,182.74.53.95,122.186.120.249,61.95.251.207,1.10.10.10,8.8.8.8 -cache-size 20MB"
/interface list member
add interface=ether1 list=LAN
add interface=ether2 list=LAN
/ip address
add address=192.168.50.1/24 interface=ether1 network=192.168.50.0
add address=192.168.70.1/24 interface=ether2 network=192.168.70.0
add address=192.168.1.10/24 interface=ether7 network=192.168.1.0
/ip dhcp-server lease
add address=192.168.50.168 mac-address=xx:xx:xx:xx:xx server=WIRELESS_AP
/ip dhcp-server network
add address=192.168.50.0/24 dns-server=192.168.50.1 gateway=192.168.50.1 netmask=24
add address=192.168.70.0/24 dns-server=192.168.70.1 gateway=192.168.70.1 netmask=24
/ip firewall address-list
add address=192.168.50.1 list=ROUTER_IPS
add address=192.168.70.1 list=ROUTER_IPS
/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input comment="drop invalid packets" connection-state=invalid
add action=accept chain=input comment="accept ICMP" protocol=icmp
add action=drop chain=input comment="DROP ALL packets" in-interface-list=!LAN
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes
add action=accept chain=input in-interface=veth1 src-address-list=""
add action=accept chain=forward connection-state=established,related,untracked
add action=drop chain=forward connection-state=invalid
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ACT new-connection-mark=ACT_IN passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether7 new-connection-mark=AIRTEL_IN passthrough=yes
add action=mark-routing chain=output connection-mark=ACT_IN new-routing-mark=ACT_RTB passthrough=no
add action=mark-routing chain=output connection-mark=AIRTEL_IN new-routing-mark=AIRTEL_RTB passthrough=no
add action=mark-connection chain=prerouting dst-address-type=!local in-interface-list=LAN new-connection-mark=ACT_IN passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface-list=LAN new-connection-mark=AIRTEL_IN passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=ACT_IN in-interface-list=LAN new-routing-mark=ACT_RTB passthrough=no
add action=mark-routing chain=prerouting connection-mark=AIRTEL_IN in-interface-list=LAN new-routing-mark=AIRTEL_RTB passthrough=no
/ip firewall nat
add action=dst-nat chain=dstnat comment="force redirect DNS (UDP)" dst-port=53 in-interface-list=LAN protocol=udp to-addresses=192.168.100.2 \
to-ports=53
add action=dst-nat chain=dstnat comment="force redirect DNS (TCP)" dst-port=53 in-interface-list=LAN protocol=tcp to-addresses=192.168.100.2 \
to-ports=53
add action=masquerade chain=srcnat src-address-list=192.168.100.0/24
add action=masquerade chain=srcnat out-interface=ACT
add action=masquerade chain=srcnat out-interface=ether7
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=ACT routing-table=main suppress-hw-offload=no
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether7 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=main scope=10 suppress-hw-offload=no \
target-scope=14
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=main scope=10 suppress-hw-offload=no \
target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-table=ACT_RTB scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=ACT_RTB scope=10 suppress-hw-offload=no target-scope=14
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=AIRTEL_RTB scope=10 suppress-hw-offload=no \
target-scope=14
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=AIRTEL_RTB scope=10 suppress-hw-offload=no \
target-scope=14
add disabled=no dst-address=1.1.1.1/32 gateway=ACT routing-table=main scope=10 suppress-hw-offload=no target-scope=13
add disabled=no distance=1 dst-address=9.9.9.9/32 gateway=ether7 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=13
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=time.google.com
Any help will be much appreciated.