My MK server has 3 interfaces, LAN, WAN1, WAN2 and I do loadbalancing on both wans, however I can’t access either WAN subnets to get to the router’s config page.
LAN = 192.168.0.0/24
WAN1 = 192.168.1.0/24 (router’s ip is 192.168.1.98, MK’s interface is 99)
WAN2 = 192.168.2.0/24 (router’s ip is 192.168.2.98, MK’s interface is 99)
Both router’s are configured in bridge mode and I have 2 additional PPPoE interfaces
TEdata1 from wan1
TEdata2 from wan2
Here is my nat table, I tried masquerading everything but that doesn’t seem to have helped. Can anyone tell me what I need to change in order to get it to work ?
This is just basic networking. You need to put a src-nat masquerade rule for data going to 192.168.1.0/24, and make sure the mikrotik itself has a /24 address for both interfaces. At that point, it will work if you have the gateways on all your devices set properly.
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.99/24 192.168.0.0 192.168.0.255 LAN
1 192.168.1.99/24 192.168.1.0 192.168.1.255 WAN1
2 192.168.2.99/24 192.168.2.0 192.168.2.255 WAN2
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=192.168.0.0/24
out-interface=WAN
1 chain=srcnat action=masquerade src-address=192.168.1.0/24
I still can’t get my PC on 192.168.0.0/24 to ping/access my router at 192.168.1.97. I can get internet from it through the mikrotik router, but I’m blind to that subnet
Try posting the current routing table and firewall rulles. In an eaqrlier port there was a masquerade rule with an out onterface or “wan” rather than “wan1” or “wan2” so a clean overview of the current status would help.
You should not have to marsquerade the traffic out of the LAN connection and doing so can be dangerous so I suggest removing that entry.
yes I had posted that when I only had one operational line. Now I have 3 ethernet interfaces, LAN, WAN1, WAN2. The last 2 each connects to a single router in bridge mode. There are 2 more PPPoE interfaces called TEdata1(4mb) & TEdata2(2mb). I’ve removed the LAN masquerade rule, below is all the data you’ve requested.
Doesn’t seem to work. Wouldn’t IP routes be sufficient though ? Apparently dynamic routes aren’t exported, but here they are. Each interface created one of those
If you are masquerading the traffic headed out of the WAN interfaces then they should be able to communicate with the bridge mode modems just as any other external host.
I suggest that you do this:
Insert a bridge between one of the modems and the router. Attach a PC and set to another address on the relevant subnet. Check that the PC can communicate with both the modem and router on the expected addresses. I suspect that there is something wrong with the underlying assumptions.
That is how I’m forced to access the config pages atm, but unfortunately that results in the internet being disconnected from the rest of the network until I disable the bridge. I don’t understand why it doesn’t work, when i had a single line I also had this issue (when I started this topic), I don’t recall what I did and got it working. But now that I’ve implimented load balancing with a 2nd line I can’t get it to work anymore. I can ping both subnets from the MK server, and when bridged I can access the routers too, the problem seems to be in the NAT’ing/routing part.
Run traceroute from a PC on the LAN to the DSL modem’s IP and see how far it is getting. The last IP that reports should give a good clue as to what is wrong.
can’t seem to get any IP’s, it keeps going without getting a reading on any hop. However if I traceroute a website, the first hop is unknown and all the other hops appear starting with my ISP at 2nd. I’m guessing the first one is my router which I’m unable to access.
Are your mangle rules catching the traffic and routing it incorrectly ?
I tried disabling the mangle rules, no reply either
the problem in your configuration is the order in which the mangling rules are processed.
Plese move up at the beginning of the prerouting chain, the accepting rules :