[help] 2 internet gateway

winet · June 26, 2007, 7:06am

hi,

currently i have 2 internet gateways, but currently, i only route one of them for NAT routing.
here’s the codes:

[admin@MikroTik] ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf 
 #     DST-ADDRESS        PREF-SRC        G GATEWAY         DISTANCE INTERFACE 
 0 ADC 125.82.53.128/28   124.82.53.137                              internet
 1 ADC 172.16.1.0/24      172.16.1.2                                 internet2
 2 ADC 192.168.0.0/24     192.168.0.254                              local   
 3 A S 0.0.0.0/0                          r 125.82.53.129            internet

[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat src-address-list=localclients action=src-nat to-addresses=125.82.53.137 
     to-ports=0-65535

above codes, it is clear that all ‘localclients’ will route through 192.168.0.254(local interface of mikrotik), and routed to 125.82.53.128 and then to 125.82.53.137.
172.16.1.2 is another interface for my mikrotik, it connects to another internet gateway. now, what should i add if i want to add specific ports request to internet from ‘localclients’ to connect through 172.16.1.1 gateway(internet2), instead of 125.82.53.137?

help please, thank you

i’m sorry if it’s abit confusing.

janisk · June 26, 2007, 8:37am

IMHO you could use routing marks to mark packets and send out to the second interface

winet · June 26, 2007, 12:00pm

i’m sorry, it would be great if you can give me some example.

anyway, should i add more route for 0.0.0.0/0 to gateway 172.16.1.2. if so, wouldn’t it collide with the other gateway?

broken · July 2, 2007, 10:29am

I’ve tried to make MT as load balancer router for 2 different gateways (i’ve found tutorial @ google) and it worked for… few minutes. Problem was in traffic balance - some interfaces had hugh upload overload but another weren’t used. Another problem was in reseting connections Some traffic have been dropped and doesn’t reach destination host etc. etc. I’ve tried few solutions - for example pfSense ← it doesn’t work too. Now I use regular Linux for load balancing and it works quite good (much better than MT - even it’s the same kernel ). I used NND Linux Distribution - simple, small linux distro (http://nnd.freesco.pl) with custom written scripts.

valens · July 2, 2007, 4:19pm

@winet:

ROUTE MARK

/ip firewall mangle
add chain=forward src-address-list=localclients protocol=XXXX dst-port=XXX action=mark-routing new-routing-mark=YYYY

NAT (put this rule above other NAT rule)

/ip firewall nat
add chain=src-nat src-address-list=localclients protocol=XXXX dst-port=XXX out-interface=internet2 action=masq

STATIC ROUTE

/ip route
add routing-mark=YYYY gateway=172.16.1.1

doush · July 19, 2007, 8:30am

get an old PC and install pfsense (pfsense.com) for load balancing.

Then use pfsense LAN as your gateway to your MT box.

broken · July 19, 2007, 8:50am

pfSense has the same problem like mikrotik with load banalcing and connections dropping. Pure Linux with special patches ( http://www.ssi.bg/~ja/#routes ) works better. With this http://lukasz.bromirski.net/docs/translations/lartc-pl.html it’s easy to achive. Of course it’s in polish but you can find lartc documentation in many languages.

janisk · July 19, 2007, 9:49am

here are some neat examples of different approaches:
http://wiki.mikrotik.com/wiki/Routing

here is the link to the manual if you have any questions, first look there.
http://www.mikrotik.com/testdocs/ros/2.9/

i assume you have some prior knowledge of networking.
then, if something is not working as you expected it, come back with configuration that does not work.

as it is hard to know what you have looked at and where you made mistake in configuration as RouterOS is very powerful if configured correctly.