2 ISP providers (WAN) - one LAN with MikroTik in Game Centre

Hi, everybody
I had (still have) some problems with MikroTik Router 2.9.10. Some sorted out, but for some I gave up.
So I’d like to share what is working and ask everybody for an advice howto make the best configuration for Internet Cafe - Game Centre.
Of course we need Transparent Web Proxy, HotSpot - (with manager), Shaping, Managed P2P trafic, MSN, Yahoo messengers and Skype working, and, and at last on-line Games working.
The main problems are: Shaping, P2P trafic, UDP trafic (for games).
We have 2 aDSL connections with very low (256Kbps) upload trafic each. Download for us is ok (3072Kbps) each.

My idea is to send all browsing trafic (80, 21 ports) and P2P through one modem, all games trafic through another.
All chating prgs I don’t deside yet. (Need Your help).

Ok, just quick look to the configuration:

[admin@MikroTik] > ip address pr
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE
 0   192.168.0.1/24     192.168.0.0     192.168.0.255   ether1 
 1   192.168.1.1/24     192.168.1.0     192.168.1.255   ether2
 2   192.168.2.1/24     192.168.2.0     192.168.2.255   ether3

ether1 - Local
ether2 - Public (aDSL modem1)
ether3 - Public (aDSL modem2)

[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
 #     DST-ADDRESS        PREFSRC         G GATEWAY         DISTANCE INTERFACE
 0 ADC 192.168.0.0/24     192.168.0.1                                ether1
 1 ADC 192.168.1.0/24     192.168.1.1                                ether2
 2 ADC 192.168.2.0/24     192.168.2.1                                ether3
 3 A S 0.0.0.0/0                          r 192.168.2.254            ether3
 4 A S 0.0.0.0/0                          r 192.168.1.254            ether2

So here you can see that aDSL modem2 is Default Gateway.
If you will put this two gateways by command (twice)

add gateway/ip route add gateway=1.2.3.4

it will not work, so I’ve put a rule.

[admin@MikroTik] > ip route rule print
Flags: X - disabled, I - inactive
 0   routing-mark=games interface=ether2 action=lookup table=mdm1

Ok, We have a new routing table mdm1 and will try to send traffic through ADSL modem1 (not default).

• Somebody can ask “why not load-balancing?”. I do not why, but even load balancing is working well for browsing,
  but for on-line games like Battlefield2, CounterStrike – no.
  The connection with game server keeps disconnecting every time after few minutes.
  May be someone can explain me, what’s up?

After I’d put this route rule MikroTik has died for my local network (no ping) – winbox was just disconected. But DHCP was still working. Every computer could receive address from MT (it was magic). So I took it out and last gateway from MT console.
So I’ve put mangle rules, than route rule, than gateway in table mdm1. Now ping is OK-- MikroTik accesible from the LAN

[admin@MikroTik] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=prerouting src-address=192.168.0.131 action=mark-routing
     new-routing-mark=games passthrough=yes

 1   chain=prerouting src-address=192.168.0.132 action=mark-routing
     new-routing-mark=games passthrough=yes
 .
 .
 .

Wow, I almost forgot… Mascarading…

[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=dstnat protocol=tcp dst-port=80 src-address-list=users
     action=redirect to-ports=3128
 
 1   chain=srcnat out-interface=ether2 action=masquerade
 2   chain=srcnat out-interface=ether3 action=masquerade

[admin@MikroTik] > ip firewall address-list print
Flags: X - disabled, D - dynamic
 #   LIST       ADDRESS
 0   users      192.168.0.0/24

So idea to divide a traffic is very simple:

• All traffic will go through second gateway (not default) because of prerouting,
  but port 80 (browsing) will go through default GW, because of redirect port 80 to proxy …
  and proxy is working through default gw.

Only this configuration is working at the moment, nothing else
I tried mark routing in another way, for instance, P2P or port 21 - not working. Only addresses:

[admin@MikroTik] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=prerouting src-address=192.168.0.131 action=mark-routing
     new-routing-mark=games passthrough=yes

 1   chain=prerouting src-address=192.168.0.132 action=mark-routing
     new-routing-mark=games passthrough=yes
 .
 .
 .

Why? Something is wrong? I do not know.
Any ideas?

All the best for everyone.

Thanks all of You for attention and understanding.
Your advices realy helped me!

I realy don’t understand how to get through in this forum…
When somebody is asking something, an answer is “send your configuration”. Ok, i see.

If I’ve sent my configuration and made request for help, then nobody (?!), even Rocks from MikroTik can not give me a simple answer,
because (I guess) few tables (ip address, routes, mangle and nat) with one, two records is too complicated configuration to glance over

If my question is got lost in the text, can I ask again, please?

Why prerouting for an exact address is working perfectly, but to route any another kind of traffic (P2P, ftp) I CAN NOT?

If it is not working in the most simple configuration, how will it work in complicated? And why did I spend 95$
Now I think maybe to buy MikroTik was just a mistake: no support, no answers, no help.

Many, Many THANX. I’m realy apreciated any answer!
Silence is an answer as well.

How did you try to mangle other kind of traffic? Can you post your mangle rules?
Do not be angry when nobody replies with perfect solution within 1 hour after you post your problem, this forum is not 24/7 support.

God bless You Tonda for the answer.
I realy was frustrated and angry - sorry

This is one of a lot of trials:

/ip firewall mangle add chain=prerouting connection-type=ftp action=mark-routing new-routing-mark=ftp-trf passthrough=yes

/ip route rule add routing-mark=ftp-trf interface=ether2 action=lookup table=mdm1

But to check it again to be sure (is it working) I can only after midnight when no users - then I can see real traffic route for sure, because my posted configuration is working at the moment and there is traffic on both modems.

I’ll double check at night again - but not big hope

There are no trials: Mikrotik will do anything you tell him to do and nothing more. You must be sure in what you are doing…Try to log FTP connections, you will see what path these connections take.

False hope . I can tell straight and for sure now:

Ftp traffic takes default path (in this case ether4), not ether2.

Anyway, Tonda, thank You a lot and the bigest respect. I guess it should work, but…
Maybe wolfs from MicroTik will pay some attention - I have to reach them somehow.

Hai Mindows,

I also looking the configuration that you mention early for games centre. Can you share your configuration.

Thanks

Hi, philip

I’ve posted already in my first message.
rgds

This forum is for user to user support – and sometimes comments from Mikrotik staff.

Official support (that comes when you pay for a license) is only given when you write to support@mikrotik.com – as stated in the manuals and on the web site.

John

Thank You I didn’t know. I thought probably MikroTik staff takes care of this forum, because it is forum.mikrotik.com and not unhappy.mikrotikusers.com. I saw Mikrotik trade mark (or sign) in both upper corners of this forum, so I definatelly presumed
somebody will help me. Maybe some Rocks from the users pool… I red almost all messages on this forum and can tell You
that here is a lot of tough guys even girls (beutiful and smart - unusual suite ) – Maybe they will be able to explain, what’s up.

By the way I wish You and everyone a Merry Christmas!

Hold on for few days, I will be preparing one of my Mikrotiks to configuration simillar to yours, so I will drop here some info…