There are many different ways, you can setup your MikroTik as an inbound load balancer. Inbound load balancer, means load balancing traffic coming into your network, and spreading the traffic to several different servers on local IPs.
Load balancing per IP, means you are session safe. In this simple setup, we mark each connection depending on the source IP, one mark for all even IPs and another mark for all odd IPs. As long as you do not have a huge amount of users from the same company (IP), this will statistically provide you proper load balancing and as all IPs consistently are sent to the same server, it is session safe. IP 1.2.3.122 ends with an even digit (2) and gets marked "pi-even". If the last digit is odd, it gets marked "pi-odd".
1 2 3 4 5 6 | # Mark each connection based on division by 2. First change to the right folder: /ip firewall mangle # If source IP ends in an even digit and is incoming on our internet interface - mark packet pi-even add action=mark-connection chain=prerouting in-interface=vlan200-internet new-connection-mark=pi-even passthrough=yes per-connection-classifier=src-address:2/0 # If source IP ends in an odd digit - mark packet pi-odd add action=mark-connection chain=prerouting in-interface=vlan200-internet new-connection-mark=pi-odd passthrough=yes per-connection-classifier=src-address:2/1 |
Now we NAT the packets based one the mangle mark we just created. We send all even marked packets to one local IP, and the odd to another local IP.
1 2 3 4 5 6 | # Change to right folder /ip firewall nat # Send the even packets to local IP .10 if they arrive from correct source ip, port and interface add action=dst-nat chain=dstnat connection-mark=pi-even dst-address=200.210.220.10 dst-port=25 in-interface=vlan200-internet protocol=tcp to-addresses=192.168.0.10 comment=loadbalance-smtp-even # Send the odd packets to local IP .11 add action=dst-nat chain=dstnat connection-mark=pi-odd dst-address=200.210.220.10 dst-port=25 in-interface=vlan200-internet protocol=tcp to-addresses=192.168.0.11 comment=loadbalance-smtp-odd |
If you do not need failover, you are done - your packets will be load balanced. If you want to check out your NAT rules in Winbox, before they are enabled, you can add disabled=yes to the lines above, then you can review them in Winbox and press enable there.