Income Traffic From Multiple Interfaces

RouterOS Beginner Basics
1

Hi ALL,

I’m configuring a RB1100 with 3 internet links but I’m getting the response of my income traffic lost when the income link is not the link with more priority in the routing rules.

Let me detail what is happening:

I have these links (all ips are fake):
ether1: 20.20.20.1 (Dedicated line 1 Mbps both ways, static ip) [should accept icmp and forward (nat) ssh to internal server]
ether2: 30.30.30.1 (ADSL 4 Mbps download and 1 Mbps upload, static ip) [ADSL should accept icmp and forward (nat) dns, http, https and ssh to internal server]
ether3: 40.40.40.1 (ADSL 20 Mbps download and 1 Mbps upload, dhcp from isp) [should accept icmp]
ether4: 192.168.120.4 (lan)

We want the outgoing traffic to go through ether3 first then ether2 and then ether1. I solved that with static routers and all worked well to outgoing traffic. When I disable one the traffic goes through the next interface.

Then I configured the income traffic in one interface (with nat) and that configuration went well (I made just ether1 and ether because ether2 and ether3 was in the other router in use by the users). When I migrated the other links to ether2 I realized that all outgoing traffic was going to the ether3 (highest in the routing table but good just to outgoing traffic). None of the connections from internet to ether2 were receiving response. If I remove the cable from ether3 all connections from internet to ether2 start to receive response and if then I remove the ether2 the ether1 start to reply to pings from internet. I’m testing with ping (so no nat) using a 3G connection to access from outside.

I’m new to RouterOS but I made some research and I tried to mark the connection with
/ip firewall mangle chain=prerouting action=mark-routing new-routing-mark=speedy passthrough=yes in-interface=ether2

and use the the routing-mask in the /ip route (I put the gateway as 30.30.30.2)
/ip route add dst-address=0.0.0.0/0 gateway=30.30.30.2 gateway-status=30.30.30.2 inactive distance=1 scope=30 target-scope=10 routing-mark=speedy

but it didn’t worked :frowning:

So if I understood it correctly, I have to mark the connection when it is incoming and then create a static route using this mark to force it to go to the same link it arrived in my network. Is this correct? or there is a better solution? are my rule in mangle prerouting and in /ip route correct?

Cheers,

Jonas

2

Guys,

I three internet links and I income traffic in all three links. How do I make the response leave through the same interface it came in? Now it just go to the link is in the top of my routing table. The connections are dnat’ed (except from icmp that doesn’t work either). If I change the routes the top one start replying the the others links stopped.

I tried to use routing-marks with no success. Does anyone know how to solve this?

Cheers,

Jonas

3

Look at the PCC wiki. The example contains the configuration you need. Mark connections in prerouting based on in-interface facing the WAN. Then mark return packets that came in from WAN1 with routing marks pointing them back out that way.