Help Multiple Gateway

sopansetiawan · July 22, 2011, 7:40am

dear all,
i have a trouble in mikrotik with multiple gateway rules.. i can’t access my server from the outside of my network..
i’m using rb 1200 and 4 internet gateway..

ISP1---------->

ISP2---------->

ISP3----------> RB 1200 ----- MANAGEABLE SW ----> VLAN

ISP4---------->

SERVER------->

note:
LINE 1 USE PUBLIC IP
LINE 2,3,4 USE ADSL MODEM

this is rules that i used ini multiple gateway..
this is setup in ROUTES

 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          192.168.0.1               1
 1 A S  0.0.0.0/0                          49.128.x.x            1
 2 A S  ;;; Static Routing Web Server
        192.168.21.14/32                   ETH6_WEBSERV              1
 3 A S  ;;; Static Routing CCTV Server
        172.16.100.6/32                    ETH7_CCTVSERV             1
 4   S  ;;; Static Routing Pas Server
        172.16.100.9/32                    ETH8_PASSERV              1
 5 A S  0.0.0.0/0                          192.168.2.1               1
 6 A S  0.0.0.0/0                          192.168.1.1               1
 7 A S  0.0.0.0/0                          49.128.x.x           1
                                           192.168.1.1       
                                           192.168.0.1       
                                           192.168.2.1       
 8 ADC  49.128.x.x/28      49.128.x.x       ETH1_BOSINDO              0
 9 ADC  172.16.1.0/24      172.16.1.1      101_VLAN_APDEVICE         0
10 ADC  172.16.2.0/24      172.16.2.1      102_VLAN_APGINDUK         0
11 ADC  172.16.3.0/24      172.16.3.1      103_VLAN_APGSEL...        0
12 ADC  172.16.4.0/24      172.16.4.1      104_VLAN_KANTOR...        0
etc..

this is the setup in MANGLE

Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Routing Block for STUDENT HOTSPOT
     chain=prerouting action=mark-routing new-routing-mark=ROUTE_SISWA 
     passthrough=yes src-address=172.16.2.0/24 in-interface=102_VLAN_APGINDUK 

 1   chain=prerouting action=mark-routing new-routing-mark=ROUTE_SISWA 
     passthrough=yes src-address=172.16.3.0/24 
     in-interface=103_VLAN_APGSELATAN 

 2   chain=prerouting action=mark-routing new-routing-mark=ROUTE_SISWA 
     passthrough=yes src-address=172.16.10.0/24 
     in-interface=110_VLAN_PERPUSCLIENT 

 3   ;;; Routing Block for OFFICE
     chain=prerouting action=mark-routing new-routing-mark=ROUTE_OFFICE 
     passthrough=yes src-address=172.16.1.0/24 in-interface=101_VLAN_APDEVICE 

 4   chain=prerouting action=mark-routing new-routing-mark=ROUTE_OFFICE 
     passthrough=yes src-address=172.16.4.0/24 
     in-interface=104_VLAN_KANTORGURU 

 5   chain=prerouting action=mark-routing new-routing-mark=ROUTE_OFFICE 
     passthrough=yes src-address=172.16.5.0/24 in-interface=105_VLAN_KANTORTU 

 6   chain=prerouting action=mark-routing new-routing-mark=ROUTE_OFFICE 
     passthrough=yes src-address=172.16.9.0/24 
     in-interface=109_VLAN_PERPUSADMIN 

 7   chain=prerouting action=mark-routing new-routing-mark=ROUTE_OFFICE 
     passthrough=yes src-address=172.16.11.0/24 in-interface=111_VLAN_SATPAM 

 8   chain=prerouting action=mark-routing new-routing-mark=ROUTE_OFFICE 
     passthrough=yes src-address=172.16.12.0/24 
     in-interface=112_VLAN_SIDANGKECIL 

 9   chain=prerouting action=mark-routing new-routing-mark=ROUTE_OFFICE 
     passthrough=yes src-address=172.16.13.0/24 in-interface=113_VLAN_TEKNISI 

10   chain=prerouting action=mark-routing new-routing-mark=ROUTE_OFFICE 
     passthrough=yes src-address=172.16.14.0/24 in-interface=114_VLAN_MULMED 

11   chain=prerouting action=mark-routing new-routing-mark=ROUTE_OFFICE 
     passthrough=yes src-address=172.16.15.0/24 in-interface=115_VLAN_BK 

12   ;;; Routing Block for WEB SERVER
     chain=prerouting action=mark-routing new-routing-mark=ROUTE_SERVER_WEB 
     passthrough=yes dst-address=192.168.21.14 

13   ;;; Routing Block for CCTV SERVER
     chain=prerouting action=mark-routing new-routing-mark=ROUTE_SERVER_CCTV 
     passthrough=yes dst-address=172.16.100.6 

14   ;;; Routing Block for PAS SERVER
     chain=prerouting action=mark-routing new-routing-mark=ROUTE_SERVER_PAS 
     passthrough=yes dst-address=172.16.100.9 

15   ;;; Routing Block for Lab IPAIPS
     chain=prerouting action=mark-routing new-routing-mark=ROUTE_IPAIPS 
     passthrough=yes src-address=172.16.6.0/24 
     in-interface=106_VLAN_LABIPAIPS 

16   ;;; Routing Block for LAB TIK
     chain=prerouting action=mark-routing new-routing-mark=ROUTE_LABTIK 
     passthrough=yes src-address=172.16.7.0/24 in-interface=107_VLAN_LABKOM1 

17   chain=prerouting action=mark-routing new-routing-mark=ROUTE_LABTIK 
     passthrough=yes src-address=172.16.8.0/24 in-interface=108_VLAN_LABKOM2

this is Setup on NAT

Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Web Server Rule Policy
     chain=dstnat action=dst-nat to-addresses=192.168.21.14 to-ports=80 
     protocol=tcp dst-address=49.128.177.131 in-interface=ETH1_BOSINDO 
     dst-port=80 

 1   ;;; NAT for Internet Connection
     chain=srcnat action=masquerade out-interface=ETH1_BOSINDO 

 2   chain=srcnat action=masquerade out-interface=ETH2_SPEEDY1 

 3   chain=srcnat action=masquerade out-interface=ETH3_SPEEDY2 

 4   chain=srcnat action=masquerade out-interface=ETH4_SCHOOLNET

i hope you can help me to solve my problems…
thanks b4..

Egate · July 23, 2011, 7:38pm

Looks to me like your problem is your data does not access the way it entered. Try something like this in ip mangle.

add action=mark-connection chain=prerouting comment=\
    "Mark connections Wan1" disabled=no in-interface=\
    "Wan 1" new-connection-mark=Wan1_in_conn passthrough=yes
add action=mark-routing chain=output comment=\
    "Wan 1 connections to Local Wan 1" connection-mark=Wan1_in_conn \
    disabled=no new-routing-mark=Wan1 passthrough=no

Will have to make a route to wan 1 with routing mark. This will ensure data from Wlan1 will access on Wlan1.