mja
June 12, 2013, 1:22pm
1
Good day all
I have 2 Internet modem links, doing load balancing on a RB2011-UASRM but when logging to my bank/web hosting company/ and some others - kicks me off because my IP changes and I have to re-log every minute or less ( I believe this is because my traffic passes by one link and than to the other on different ips).
An example: when logging into the online banking site - I have to disable any WAN interface and stay “only with one interf.” in order to prevent from being kick/logged out.
Thanks.
Feklar
June 12, 2013, 3:12pm
2
Set PCC to “both addresses” instead of “both addresses and ports”
mja
June 12, 2013, 8:13pm
3
Set PCC to “both addresses” instead of “both addresses and ports”
So based on your suggestion and to my understanding I would have to use this as follow:(?):
add chain=prerouting dst-address-type=!local in-interface=bridge1 per-connection-classifier=both-addresses action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=bridge1 per-connection-classifier=both-addresses action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
Below is my current configuration.
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=192.168.30.0/24 action=accept in-interface=bridge1
add chain=prerouting dst-address=192.168.50.0/24 action=accept in-interface=bridge1
add chain=prerouting dst-address-type=!local in-interface=bridge1 per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=bridge1 per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=bridge1 action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=bridge1 action=mark-routing new-routing-mark=to_WAN2
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.30.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.50.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.30.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.50.1 distance=2 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
mja
June 13, 2013, 4:21am
4
Ok I have done it! The problem no longer persist - good.
However when doing a speed test things have changed = before I was having a result of 4 Mbps with WAN1 (1Mb) & WAN2 (3MB) but, after this change I’m only getting 3 Mbps which comes from interface WAN2. Is it possible to get back those 4 Mbps after changing “both addresses” instead of “both addresses and ports”?
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge1 new-connection-mark=WAN1_conn per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge1 new-connection-mark=WAN2_conn per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=bridge1 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=bridge1 new-routing-mark=to_WAN
mja
June 15, 2013, 10:40pm
5
Good day all,
I see I don’t get any help with my post here.
Where can I re-post my issue and get help on this?
Thanks