Source : https://datahunter.org/node/2595/revisions/13095/view
Step1: 為 NIC 改合適的名稱
/interface ethernet set [ find default-name=ether1 ] comment=WTT name=ISP_1 set [ find default-name=ether2 ] comment=HKBN name=ISP_2 set [ find default-name=ether5 ] arp=proxy-arp name=LAN
Step2: 把 Wan Port 歸類
/interface list add name=WAN /interface list member add interface=ISP_1 list=WAN add interface=ISP_2 list=WAN
Step3: 為 NIC 設定 IP
LAN
/ip address add address=192.168.8.1/24 interface=LAN network=192.168.8.0
ISP1 (DHCP)
/ip dhcp-client add default-route-distance=254 interface=ISP_1
ISP2 (Static IP)
/ip address add address=10.10.10.101/24 interface=ISP_2 network=10.10.10.0
Step4: Route
/ip route add distance=12 gateway=10.10.10.1
Step5: 應有的 Filter Rule
/ip firewall filter add action=fasttrack-connection chain=forward add action=accept chain=input protocol=icmp comment="#### allow ping #####" add action=accept chain=forward connection-state=established,related comment="#### First ####" add action=drop chain=forward connection-state=invalid add action=accept chain=input connection-state=established,related add action=drop chain=input connection-state=invalid add action=accept chain=input in-interface=LAN comment="#### LAN ####" add action=accept chain=forward in-interface=LAN add action=drop chain=input in-interface-list=WAN comment="#### LAST ####" add action=drop chain=forward in-interface-list=WAN
Step6: WTT FailOver rule (因為它是 DHCP, 所以要用 ‘/routing filter’ 設定 ‘check-gateway’ )
/routing filter
add action=accept chain=dynamic-in distance=254 set-check-gateway=ping \
set-distance=11
Step7: 上網 NAT
/ip firewall address-list add address=192.168.8.0/24 list=LAN
/ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN src-address-list=LAN comment="Internet NAT"
Step8: DNAT
/ip firewall filter
add action=accept chain=forward comment=NAT dst-port=55555 protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=55555 protocol=tcp to-addresses=\
192.168.8.2 to-ports=55555