I’ve read a lot of post asking how we can make a load balance and web proxy can use it, to many people say that it’s not possible, but yes it is, only we need to do it’s mark in the output the packets go to destination port 80 and assign a routing mark, thats it.
I you found this useful don’t forget about the karma http://forum.mikrotik.com/t/forum-feature-karma-voting/37184/1 
Very useful, hoho
Although not understand what Karma is, but I vote, thank you for your help!
Hi, I’m new to the forums but I have been reading them for a while, english is not my primary language.
Can you guys tell me how to set up the mangle rules to use the web proxy when I’m using PCC load balance.
This is my current set up.
/ ip address
add address=192.168.5.1/24 network=192.168.5.0 broadcast=192.168.5.255 interface=Local
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=wan1
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=wan2
add address=192.168.3.1/24 network=192.168.3.0 broadcast=192.168.3.255 interface=wan3
/ ip firewall mangle
add chain=input in-interface=wan1 action=mark-connection new-connection-mark=wan1_conn
add chain=input in-interface=wan2 action=mark-connection new-connection-mark=wan2_conn
add chain=input in-interface=wan3 action=mark-connection new-connection-mark=wan3_conn
add chain=output connection-mark=wan1_conn action=mark-routing new-routing-mark=to_wan1
add chain=output connection-mark=wan2_conn action=mark-routing new-routing-mark=to_wan2
add chain=output connection-mark=wan3_conn action=mark-routing new-routing-mark=to_wan3
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/0
action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/1
action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/2
action=mark-connection new-connection-mark=wan3_conn passthrough=yes
add chain=prerouting connection-mark=wan1_conn in-interface=Local action=mark-routing new-routing-mark=to_wan1
add chain=prerouting connection-mark=wan2_conn in-interface=Local action=mark-routing new-routing-mark=to_wan2
add chain=prerouting connection-mark=wan3_conn in-interface=Local action=mark-routing new-routing-mark=to_wan3
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_wan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_wan2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_wan3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping
/ ip firewall nat
add chain=srcnat out-interface=wan1 action=masquerade
add chain=srcnat out-interface=wan2 action=masquerade
add chain=srcnat out-interface=wan3 action=masquerade
Thank you.
Hi. Can you guys please tell me what exactly I need to put in the mangle rules to get my web proxy working with PCC load balancer. Thank You!!!
As stated in the original post, also mark in the ‘output’ chain rather than just in ‘prerouting’.
My example above is wrong, I deleted it. Will cause problems.
Now, I adjusted it.
According to this do it.
Destination port 80, also need to do load balancing.
I tried what you said but it does not work, I’m trying to get transparent web proxy to work. After I add the NAT rule to redirect traffic from port 80 to port 8080 of the proxy everything on the LAN stops, no packets can get through. 
I am sure the above settings, in my RB450G, load balance、 web-proxy does work.
Just some of the details, I need to study.
Where the arrow mark, I do not know what use, but it does work.
Could it be because I’m not using pppoe over the wan side?
I’m not sure, because I did not test such an environment.
All the web-proxy related, I have come to give you an example for reference.
Maybe other people see, and can give you recommendations.
I tried everything you said but it still does not work, I think the problem is that I’m using static addresses on the WAN side and not pppoe. I might try setting up the pppoe interfaces tonight.
Is this the right way to set it up?
/ ip firewall mangle
add chain=input in-interface=pppoe-out1 action=mark-connection new-connection-mark=wan1_conn
add chain=input in-interface=pppoe-out2 action=mark-connection new-connection-mark=wan2_conn
add chain=input in-interface=pppoe-out3 action=mark-connection new-connection-mark=wan3_conn
add chain=output connection-mark=wan1_conn action=mark-routing new-routing-mark=to_wan1
add chain=output connection-mark=wan2_conn action=mark-routing new-routing-mark=to_wan2
add chain=output connection-mark=wan3_conn action=mark-routing new-routing-mark=to_wan3
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/0
action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/1
action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/2
action=mark-connection new-connection-mark=wan3_conn passthrough=yes
add chain=prerouting connection-mark=wan1_conn in-interface=Local action=mark-routing new-routing-mark=to_wan1
add chain=prerouting connection-mark=wan2_conn in-interface=Local action=mark-routing new-routing-mark=to_wan2
add chain=prerouting connection-mark=wan3_conn in-interface=Local action=mark-routing new-routing-mark=to_wan3
/ ip route
add dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_wan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_wan2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_wan3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-out1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-out2 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-out3 distance=3 check-gateway=ping
/ ip firewall nat
add chain=srcnat out-interface=pppoe-out1 action=masquerade
add chain=srcnat out-interface=pppoe-out2 action=masquerade
add chain=srcnat out-interface=pppoe-out3 action=masquerade
Any help would be appreciated!
ip route
add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
pppoe-out1 routing-mark=to_pppoe-out1
add check-gateway=ping comment=adsl1 disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=pppoe-out1
/ip firewall mangle
add action=mark-connection chain=input comment=“”
disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn
passthrough=yes
add action=mark-packet chain=output disabled=no dst-port=80 new-packet-mark=1
passthrough=yes per-connection-classifier=both-addresses:4/0 protocol=tcp
add action=mark-routing chain=output connection-mark=!pppoe-out1_conn
disabled=no new-routing-mark=to_pppoe-out1 packet-mark=1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out1_conn
disabled=no in-interface=LAN new-routing-mark=to_pppoe-out1 passthrough=
yes
add action=mark-connection chain=prerouting comment=“”
disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=
pppoe-out2_conn passthrough=yes per-connection-classifier=
both-addresses:4/1
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=redirect chain=dstnat disabled=no dst-port=80 in-interface=LAN
protocol=tcp to-ports=8080
This is my sample, PCC, WEB PROXY does work.
I’m going to try your sample configuration late tonight or very early tomorrow morning and I will let you know how it goes.
I hope you succeed, and now, I’m going to bed.
Before I try the setup I want that some one on this forum takes a look on this configuration so if there are any mistakes let me know please.
/ip firewall mangle
add action=mark-connection chain=input in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yes
add action=mark-packet chain=output dst-port=80 new-packet-mark=1 passthrough=yes per-connection-classifier=both-addresses:3/0 \ protocol=tcp
add action=mark-routing chain=output connection-mark=!pppoe-out1_conn new-routing-mark=to_pppoe-out1 packet-mark=1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out1_conn in-interface=Local new-routing-mark=to_pppoe-out1 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=Local new-connection-mark=pppoe-out1_conn passthrough=yes per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=input in-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn passthrough=yes
add action=mark-packet chain=output dst-port=80 new-packet-mark=2 passthrough=yes per-connection-classifier=both-addresses:3/1 \ protocol=tcp
add action=mark-routing chain=output connection-mark=!pppoe-out2_conn new-routing-mark=to_pppoe-out2 packet-mark=2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out2_conn in-interface=Local new-routing-mark=to_pppoe-out2 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=Local new-connection-mark=pppoe-out2_conn passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=input in-interface=pppoe-out3 new-connection-mark=pppoe-out3_conn passthrough=yes
add action=mark-packet chain=output dst-port=80 new-packet-mark=3 passthrough=yes per-connection-classifier=both-addresses:3/2 \ protocol=tcp
add action=mark-routing chain=output connection-mark=!pppoe-out3_conn new-routing-mark=to_pppoe-out3 packet-mark=3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=pppoe-out3_conn in-interface=Local new-routing-mark=to_pppoe-out3 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=Local new-connection-mark=pppoe-out3_conn passthrough=yes per-connection-classifier=both-addresses:3/2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
add action=masquerade chain=srcnat out-interface=pppoe-out3
add action=redirect chain=dstnat dst-port=80 in-interface=Local protocol=tcp to-ports=8080
ip route
add comment=adsl1 distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_pppoe-out1
add check-gateway=ping comment=adsl1 distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1
add comment=adsl2 distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_pppoe-out2
add check-gateway=ping comment=adsl2 distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2
add comment=adsl3 distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_pppoe-out3
add check-gateway=ping comment=adsl3 distance=3 dst-address=0.0.0.0/0 gateway=pppoe-out3
I use a few days, found that while using load balancing and web-proxy, sometimes leading to high CPU occupied, especially encountered when multi-threaded HTTP download.
The most simple solution, in accordance with the example of doing so, as long as a rule. Other settings you do not need to make any changes.
But do have a flaw, that is browsing the Web and HTTP downloading when there is no load balancing, only work in a single line.
do not check the passthrough!!!
I think that having 3 pppoe with pcc and web proxy does not work well, I already tried it. Maybe web proxy only works with 1 wan
I’m using this configuration wiht static addresses on the wan sides, the web proxy works but it only uses one wan, is it not possible to use web proxy with PCC ??. If I disable the Redirect rule then all 3 wans are used. Anyone knows how to get PCC and web proxy working??
/ ip firewall mangle
add chain=input in-interface=wan1 action=mark-connection passthrough=yes new-connection-mark=wan1_conn
add chain=input in-interface=wan2 action=mark-connection passthrough=yes new-connection-mark=wan2_conn
add chain=input in-interface=wan3 action=mark-connection passthrough=yes new-connection-mark=wan3_conn
add chain=output connection-mark=wan1_conn action=mark-routing passthrough=yes new-routing-mark=to_wan1
add chain=output connection-mark=wan2_conn action=mark-routing passthrough=yes new-routing-mark=to_wan2
add chain=output connection-mark=wan3_conn action=mark-routing passthrough=yes new-routing-mark=to_wan3
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/0
action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/1
action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:3/2
action=mark-connection new-connection-mark=wan3_conn passthrough=yes
add chain=prerouting connection-mark=wan1_conn in-interface=Local action=mark-routing passthrough=yes new-routing-mark=to_wan1
add chain=prerouting connection-mark=wan2_conn in-interface=Local action=mark-routing passthrough=yes new-routing-mark=to_wan2
add chain=prerouting connection-mark=wan3_conn in-interface=Local action=mark-routing passthrough=yes new-routing-mark=to_wan3
chain=output action=mark-routing new-routing-mark=wan1 passthrough=yes dst-address=192.168.5.0/24 per-connection-classifier=both-addresses:3/0
chain=output action=mark-routing new-routing-mark=wan2 passthrough=yes dst-address=192.168.5.0/24 per-connection-classifier=both-addresses:3/1
chain=output action=mark-routing new-routing-mark=wan2 passthrough=yes dst-address=192.168.5.0/24 per-connection-classifier=both-addresses:3/2
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_wan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_wan2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_wan3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping
/ ip firewall nat
chain=dstnat action=redirect to-ports=3128 protocol=tcp in-interface=Local dst-port=80
add chain=srcnat out-interface=wan1 action=masquerade
add chain=srcnat out-interface=wan2 action=masquerade
add chain=srcnat out-interface=wan3 action=masquerade