Load Balancing - NTH - Mikrotik 3.10 Not working - need help
Posted: Mon Jul 07, 2008 6:11 pm
Hi all,
I have several days working on a Load Balancing solution over a Mikrotik 3.10. I have read all the wiki articles and all the forum post about nth and it's implementation, I have configured the router as I have read but it is impossible... this is not working and I am just sure that my problem is a trick but I am not able to see it. So please, help me discover where my configuration fails.
Here we go....
My interfaces configuration
I have three interfaces and two xDSL lines, one interface is for LAN, other interface ADSL1 has a RFC 1483 Fixed IP and ADSL2 has a PPPoE client over it with the next configuration...
I am trying to balance network load into the two adsl lines. So I have configured the Mangle as I see on the forum. I marked pakets...then connections and then routing ....
As you can see the first rule is a TS port mark in order to have TS administration on the LAN side windows 2000 Server.
The next 6 rules are the Packet Marks, the Connection Marks and the Routing Marks Assignaments.
OK. Just here all works good, the counters runs up and it maintain a correlation...
The problems begins here....
The first and second rules is a reverse nat to admin the lan interface of the router giving the PPPoE bridge, and a rule for TS.It works OK,
The next three rules comes from the mangle and makes the masquerading based on the connection-marks. The last rule is a general nat.
The problem here is that counters don't work correctly. Rule 2 works good but rule 3 is 0 and I suppouse that it's traffic is being applied to rule 4 (General)
I really don't know why.
The IP routes....
The IP routes has a default route number 0 and NTH routes.... based on routing marks assigned by NAT.
I also have a routing rule to 0.0.0.0/0 80.XXX.XXX.130 with routgin mark 200 due to my needs of remote administration.
The Ip routing rules are...
That's all folks.... THe route balancing is not working... all the traffic is going through the ADSL2 interface (aka pppoe) and only the administration traffic is working on ADSL1 (aka RFC1483).
I have tested all configuration possibilities, but I am not getting any results. If I dissabled the route rule 0, ir is suppoused that it will go applying the routing marks by nat... but the problem is that in connection log I have many "syn sent" entries and no traffic at all.
Greetings to all, greeted in advance for your time....
Tete
Spain.
I have several days working on a Load Balancing solution over a Mikrotik 3.10. I have read all the wiki articles and all the forum post about nth and it's implementation, I have configured the router as I have read but it is impossible... this is not working and I am just sure that my problem is a trick but I am not able to see it. So please, help me discover where my configuration fails.
Here we go....
My interfaces configuration
Code: Select all
/interface> print
Flags: X - disabled, R - running, D - dynamic, S - slave
# NAME TYPE MTU
0 R LAN ether 1500
1 R ADSL1 ether 1500
2 R ADSL2 ether 1500
3 R pppoe-adsl2-20mb
Code: Select all
/interface pppoe-client> print
Flags: X - disabled, R - running
0 R name="pppoe-adsl2-20mb" max-mtu=1480 max-mru=1480 mrru=disabled interface=ADSL2 user="user" password="*****"
profile=default-encryption service-name="Telefonica" ac-name="" add-default-route=no dial-on-demand=no use-peer-dns=yes allow=pap,chap
Code: Select all
/ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; ### TS
chain=prerouting action=mark-routing new-routing-mark=200 passthrough=yes src-address-list=Server Win2000 src-port=3389 protocol=tcp
1 X ;;; ### Marcado NTH de paquete 1
chain=prerouting action=mark-packet new-packet-mark=PAK1 passthrough=yes connection-state=new nth=2,1
2 X ;;; ### Marcado NTH de paquete 2
chain=prerouting action=mark-packet new-packet-mark=PAK2 passthrough=yes connection-state=new nth=2,2
3 X ;;; ### Marcado NTH de Conexion 1
chain=prerouting action=mark-connection new-connection-mark=ADSL1 passthrough=yes packet-mark=PAK1
4 X ;;; ### Marcado NTH de Conexion 2
chain=prerouting action=mark-connection new-connection-mark=ADSL2 passthrough=yes packet-mark=PAK2
5 X ;;; ### Marcado de Ruta 1
chain=prerouting action=mark-routing new-routing-mark=ADSL1 passthrough=no packet-mark=PAK1
6 X ;;; ### Marcado de Ruta 2
chain=prerouting action=mark-routing new-routing-mark=ADSL1 passthrough=no packet-mark=PAK2
The next 6 rules are the Packet Marks, the Connection Marks and the Routing Marks Assignaments.
OK. Just here all works good, the counters runs up and it maintain a correlation...
The problems begins here....
Code: Select all
/ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; ### Acceso TS
chain=dstnat action=dst-nat to-addresses=192.168.0.5 to-ports=3389 src-address-list=Network_admin dst-port=3389 protocol=tcp
1 X ;;; ### Nat para administrar router adsl 30mb
chain=srcnat action=masquerade out-interface=ADSL2
2 ;;; ### NAT NTH
chain=srcnat action=masquerade out-interface=ADSL1 connection-mark=ADSL1
3 chain=srcnat action=masquerade out-interface=pppoe-adsl2-20mb connection-mark=ADSL2
4 chain=srcnat action=masquerade
The next three rules comes from the mangle and makes the masquerading based on the connection-marks. The last rule is a general nat.
The problem here is that counters don't work correctly. Rule 2 works good but rule 3 is 0 and I suppouse that it's traffic is being applied to rule 4 (General)
I really don't know why.
The IP routes....
Code: Select all
/ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE
0 A S ;;; ### RUTA POR DEFECTO PPPoE
0.0.0.0/0 reachable pppoe-adsl2-20mb 1 pppoe-adsl2-20mb
1 A S ;;; ### NTH
0.0.0.0/0 reachable ADSL1 1 ADSL1
2 A S 0.0.0.0/0 reachable pppoe-adsl2-20mb 1 pppoe-adsl2-20mb
3 A S ;;; ### RUTA POR DEFECTO RFC1483
0.0.0.0/0 reachable 80.XXX.XXX.130 1 ADSL1
4 ADC 80.XXX.XXX.128/26 80.XXX..132 0 ADSL1
5 ADC 192.168.0.0/24 192.168.0.254 0 LAN
6 ADC 192.168.3.0/24 192.168.3.1 0 ADSL2
7 ADC 192.168.153.1/32 83.XX.XX.226
I also have a routing rule to 0.0.0.0/0 80.XXX.XXX.130 with routgin mark 200 due to my needs of remote administration.
The Ip routing rules are...
Code: Select all
/ip route rule> print
Flags: X - disabled, I - inactive
0 src-address=80.XXX.XXX.132/32 action=lookup table=200
1 X interface=pppoe-adsl2-20mb action=lookup table=100
2 routing-mark=200 action=lookup table=200
I have tested all configuration possibilities, but I am not getting any results. If I dissabled the route rule 0, ir is suppoused that it will go applying the routing marks by nat... but the problem is that in connection log I have many "syn sent" entries and no traffic at all.
Greetings to all, greeted in advance for your time....
Tete
Spain.