I hope someone can help me with this as I’ve been struggling with it for the last two days.
I have two routers: A hotspot runs on Router A (172.23.0.0/24) and masquerades all traffic going to Router B (10.1.1.0/24). Router B connects to the Internet via an ADSL line.
I connected a second ADSL line to Router B two days ago and I want to do PCC load balancing across the two lines. Before I can do that, I want to disable the masquerade on Router A, so that Router B can see the individual IP addresses of the hotspot clients (172.23.0.0/24) and not just the masqueraded address (10.1.1.9) of Router A.
I deleted the masquerade rule on Router A and added this rule directly after the dynamically created hotspot rules in the NAT table:
/ip firewall nat
chain=srcnat action=accept
It worked perfectly for some Hotspot clients only, but for others it produced a very strange result. Their port 80 traffic was still being natted, while the ports that weren’t being natted had SYN RECEIVED tcp flags and would timeout.
I then tried adding this NAT rule, which also caused the port 80 traffic to bypass the masquerade, but the client still experiences the SYN RECEIVED timeout
Did you route the 172.23.0.0/24 net back to router A? It will need that without the masquerade. If 10.1.1.9 is the ip assigned to router A interface, then enter this in router B:
Wow… what a facepalm moment! I can’t believe I didn’t think of that.
Thanks VERY much, Tim. Problem solved!
EDIT: I should also point out that the reason it was working for some users, was because I had added a route to a small ip pool that I had been using for testing purposes earlier in the week, but had forgotten about.
Hi, did you configure anything else to make this work? I have tried to disable the masquerade, adding your rules and the ip route in the server with the loadbalancing but it doesn’t work.
