Hi Guys,
I hope someone can help.
I have 2 wan links and 1 lan link. I am balancing the wan links without problems but I am having an issue with incoming packets..
this is a drawing of my net
Internet----Router Wan1-------------Mikrotik-------Router Wan2—Internet
|
|
|
LAN
Between the WAN1 router and Mikrotik there is a switch with some servers. those servers cant connect to the mikrotik interface. I assume that the balancing is the issue.
Here is my config and it looks like that is taken care of but it does not work…
/interface ethernet
set [ find default-name=ether1 ] comment=WAN1 name=Wan1
set [ find default-name=ether2 ] comment=WAN2 name=Wan2
/ip pool
add name=dhcp_pool1 ranges=172.16.100.2-172.16.100.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=Lan name=dhcp1
/ip address
add address=192.168.1.250/24 interface=Wan1 network=192.168.1.0
add address=192.168.100.3/24 interface=Wan2 network=192.168.100.0
add address=172.16.100.1/24 interface=Lan network=172.16.100.0
/ip dhcp-server network
add address=172.16.100.0/24 dns-server=192.168.1.6 gateway=172.16.100.1
/ip firewall address-list
add address=192.168.1.0/24 list=ConnectedNetworks
add address=192.168.100.0/24 list=ConnectedNetworks
add address=172.16.100.0/24 list=MasqueradedNetworks
/ip firewall mangle
add chain=prerouting comment=“Allow connected networks to exit Mangle chain so
_we don’t load balance to our connected networks. Put all LAN and WAN con
nected networks in the address list [ConnectedNetworks]”
dst-address-list=ConnectedNetworks
add action=mark-connection chain=prerouting comment=
“Create Mangle rules that will sort the traffic into streams WAN1”
connection-mark=no-mark dst-address-type=!local in-interface=Lan
new-connection-mark=WAN1 per-connection-classifier=
both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting comment=
“Create Mangle rules that will sort the traffic into streams WAN2”
connection-mark=no-mark dst-address-type=!local in-interface=Lan
new-connection-mark=WAN2 per-connection-classifier=
both-addresses-and-ports:2/1
add action=mark-connection chain=prerouting comment=
“Create Mangle rules that will sort the traffic into streams WAN2”
connection-mark=no-mark dst-address-type=!local in-interface=Lan
new-connection-mark=WAN2 per-connection-classifier=
both-addresses-and-ports:2/2
add action=mark-routing chain=prer
outing comment=“Create the mangles to add the routing marks to the packets basedon the connection mark in the PREROUT
ING CHAIN” connection-mark=WAN1 in-interface=Lan new-routing-mark=
ether1-mark
add action=mark-routing chain=prerouting comment=“Create the mangles to add th
e routing marks to the packets basedon the connection mark in the PREROUT
ING CHAIN” connection-mark=WAN2 in-interface=Lan new-routing-mark=
ether2-mark
add action=mark-routing chain=output comment=“This rule ensures traffic from t
he router itself returns through the proper interface” connection-mark=
WAN1 new-routing-mark=ether1-mark
add action=mark-routing chain=output comment=“This rule ensures traffic from t
he router itself returns through the proper interface” connection-mark=
WAN2 new-routing-mark=ether2-mark
add action=mark-connection chain=prerouting comment=“Identify which WAN interf
ace the traffic came in and mark the connections appropriately”
connection-mark=no-mark in-interface=Wan1 new-connection-mark=WAN1
add action=mark-connection chain=prerouting comment=“Identify which WAN interf
ace the traffic came in and mark the connections appropriately”
connection-mark=no-mark in-interface=Wan2 new-connection-mark=WAN2
add action=mark-routing chain=output comment=“Mark traffic from the router”
new-routing-mark=ether1-mark src-address=192.168.1.250
add action=mark-routing chain=output comment=“Mark traffic from the router”
new-routing-mark=ether2-mark src-address=192.168.100.3
/ip firewall nat
add action=masquerade chain=srcnat comment=
“Masquerade traffic out WAN1 from [MasqueradeNetworks]” out-interface=
Wan1 src-address-list=MasqueradedNetworks
add action=masquerade chain=srcnat comment=
“Masquerade traffic out WAN2 from [MasqueradeNetworks]” out-interface=
Wan2 src-address-list=MasqueradedNetworks
/ip firewall service-port
set sip sip-direct-media=no
/ip route
add check-gateway=ping comment=“Default router WAN1, marked” distance=1
gateway=192.168.1.254 routing-mark=ether1-mark
add check-gateway=ping comment=“Default router WAN2, marked” distance=1
gateway=192.168.100.1 routing-mark=ether3-mark
add comment=“Default router WAN2, unmarked” distance=1 gateway=192.168.100.1
add comment=“Default router WAN1, unmarked” disabled=yes distance=2 gateway=
192.168.1.254