MikroTik RouterOS • View topic - Redirect http traffic to other ether interface

NeODarK2 · **Posted:** Sat Feb 16, 2008 7:02 pm

Hi, I have three interfaces, one is my LAN (ether3) and the others interfaces are ether1 and ether2 I have two connections to internet, and I want to make ether1 primary, for all traffic, and I want to mark http packets (port 80) and send it to the ether2, my idea is that if I put the emule, I can see web pages without lag. Some person can help me??? thanks.

Chupaka · **Posted:** Sun Feb 17, 2008 12:58 am

mangle - prerouting - port 80 - mark-routing = 'new_route'
route - add - 0.0.0.0/0, gw = <your ether2 gateway>, mark = 'new_route'

NeODarK2 · **Posted:** Sun Feb 17, 2008 10:35 am

thanks for your reply my friend, but I make by this form, and only work a few minutes, later, I can´t see web pages, who´s the problem?

Chupaka · **Posted:** Sun Feb 17, 2008 5:37 pm

hmmm... post your firewall and routes config here

miahac · **Posted:** Sun Feb 17, 2008 8:22 pm

sorry to hijack thread but I am perusing a similar goal maybe we can work together to solve both problems. I have RB 333 with wireless AP on WLAN1 and WLAN2 and Ether1. WLAN3 is public IP wireless bridge to a location T1 line. Clients connect with PPPoE and are assigned a public IP from the T1 IP range. Ether3 goes to a cable modem.

I am trying to dump http traffic to the cable modem. I have tried a simple policy route, http://wiki.mikrotik.com/wiki/Policy_Routing_in_RouterOS_2.9.x but I think it does not work properly because the customers are not natted. I am wondering if the following is best?

Code:

/ip firewall mangle add chain=prerouting protocol=tcp dst-port=8080 action=mark-routing new-routing-mark=HTTP
passthrough=yes comment="" disabled=no

/ip route add gateway=x.x.x.x routing-mark=HTTP comment="HTTP Traffic" disabled=no
/ip route rule add src-address=0.0.0.0/0 table=HTTP action=lookup

/ip proxy
enabled: yes
src-address: 0.0.0.0
port: 8080
parent-proxy: 0.0.0.0:0
cache-drive: system
cache-administrator: "webmaster"
max-disk-cache-size: none
max-ram-cache-size: none
cache-only-on-disk: no
maximal-client-connections: 1000
maximal-server-connections: 1000
max-object-size: 512KiB
max-fresh-time: 3d

/ip firewall nat
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080

/ip firewall filter
chain=input in-interface=ether3 src-address=0.0.0.0/0 protocol=tcp dst-port=8080 action=drop

edit -- One more thing. I do not care if http traffic reverses to public IP's the publics are for things like vpn, voip etc.

miahac · **Posted:** Sun Feb 17, 2008 8:48 pm

will adding a dstnat have any effect? like ..

Code:

/ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-routing new-routing-mark=HTTP
passthrough=yes comment="" disabled=no

/ip firewall nat
chain=dstnat protocol=tcp dst-port=80 action=passthrough 

/ip route add gateway=x.x.x.x routing-mark=HTTP comment="HTTP Traffic" disabled=no
/ip route rule add src-address=0.0.0.0/0 table=HTTP action=lookup

macgaiver · **Posted:** Mon Feb 18, 2008 10:10 am

I suggest to route DNS requests also trough that interface

NeODarK2 · **Posted:** Tue Feb 19, 2008 12:23 pm

Thanks Chupaka now it´s work well, thanks again my friend

Who is online