Finished 4Wan Load Balancing.
ether 1 to ether 4 are the wans.
cant access two local websites(Local Server) after the load balance.
this two local connection is coming from ether 4.
when i ping to the address it shows (admin prohibited)
Please Help me with this situation.
Wan balancing should not affect local access as long as you are using local ip. Otherwise you could be missing hairpin nat rule or any other error occurs in your configuration.
I don’t think that is the reason causing the problem. Somehow firewall is restricting the local address.
You may need to describe your setup more clearly. You have 4 WAN(ether1, ether2, ether3 & ether4) and a Local interface(etherX), Is the Local Server on one local interface and you are pinging from a local system or from the WAN behind the Load-balancing setup? Which type of load-balancing did you implement?
I have 4 WANS, Ether 1 to Ether 4 is the WANS.
Two Local Servers are coming from 1 Wan, that Wan port is Ether4.
Ether5 is Lan port.
Local Server IP Addresses is:
First server IP: 202.21.176.98
Second Server IP: 192.168.255.1
I am pinging from Lan.
This is my load Balance Script
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new in-interface=bridge new-connection-mark=conn1 nth=4,1
add action=mark-routing chain=prerouting connection-mark=conn1 in-interface=bridge new-routing-mark=conn1 passthrough=no
add action=mark-connection chain=prerouting connection-state=new in-interface=bridge new-connection-mark=conn2 nth=4,2
add action=mark-routing chain=prerouting connection-mark=conn2 in-interface=bridge new-routing-mark=conn2 passthrough=no
add action=mark-connection chain=prerouting connection-state=new in-interface=bridge new-connection-mark=conn3 nth=4,3
add action=mark-routing chain=prerouting connection-mark=conn3 in-interface=bridge new-routing-mark=conn3 passthrough=no
add action=mark-connection chain=prerouting connection-state=new in-interface=bridge new-connection-mark=conn4 nth=4,4
add action=mark-routing chain=prerouting connection-mark=conn4 in-interface=bridge new-routing-mark=conn4 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat connection-mark=conn1 out-interface=ether1
add action=masquerade chain=srcnat connection-mark=conn2 out-interface=ether2
add action=masquerade chain=srcnat connection-mark=conn3 out-interface=ether3
add action=masquerade chain=srcnat connection-mark=conn4 out-interface=ether4
/system script
add name=ether2_force policy=read,write source=“:if ([/interface find name="e
ther2"] = "") do={\r
\n\t:error "Target interface does not exist";\r
\n\t}\r
\n\t\r
\n:if ([/interface get [find name="ether2"] disabled ]) do={\r
\n\t:error "Target interface ether2 is disabled.";\r
\n\t}\r
\n\r
\n:if ([/ip dhcp-client find interface="ether2"] = "") do={\r
\n\t:error "Target interface is not running a DHCP client.";\r
\n\t}\r
\n\r
\n:if ([/ip dhcp-client get [find interface="ether2"] status] != "bound
") do={\r
\n\t:error "DHCP client is not bound to an address.";\r
\n\t}\r
\n\t\r
\n:local dhcpgateway [/ip dhcp-client get [find interface="ether2"] gate
way];\r
\n:if ($dhcpgateway = "") do={\r
\n\t:error "Interface has not been assigned a gateway address.";\r
\n\t}\r
\n\t\r
\n:local oldgatewayid [/ip route find comment="ether2_force"];\r
\n\r
\n:if ("$oldgatewayid" = "") do={\r
\n\t:log warning "Adding route";\r
\n\t:execute "/ip route add \\r
\n\t\tdst-address=0.0.0.0/0 \\r
\n\t\tcomment=ether2_force \\r
\n\t\trouting-mark=conn2 \\r
\n\t\tgateway=$dhcpgateway";\r
\n\t:error "All done.";\r
\n\t}\r
\n\r
\n:local oldgateway [/ip route get number="$oldgatewayid" gateway];\r
\n:if ("$oldgateway" != "$dhcpgateway") do={\r
\n\t/ip route set numbers="$oldgatewayid" gateway="$dhcpgateway";\r
\n\t}\r
\n\r
\n#The Same IP Gatway\r
\n\r
\n:local dhcpgateway [/ip dhcp-client get [find interface="ether2"] gate
way];\r
\n\r
\n /ip route set [find comment="ether2_force"] gateway=($dhcpgateway."
%ether2")\r
\n\r
\n# Disable Schedule\r
\n\r
\n:local RCount [/system scheduler get [find name =schedule2] run-count]\r
\n\r
\n:if ($RCount >2) do={\r
\n/system scheduler set [find name="schedule2"] disable=yes\r
\n#: log warning phalla;\r
\n}”
add name=ether3_force policy=read,write source=“:if ([/interface find name="e
ther3"] = "") do={\r
\n\t:error "Target interface does not exist";\r
\n\t}\r
\n\t\r
\n:if ([/interface get [find name="ether3"] disabled ]) do={\r
\n\t:error "Target interface ether3 is disabled.";\r
\n\t}\r
\n\r
\n:if ([/ip dhcp-client find interface="ether3"] = "") do={\r
\n\t:error "Target interface is not running a DHCP client.";\r
\n\t}\r
\n\r
\n:if ([/ip dhcp-client get [find interface="ether3"] status] != "bound
") do={\r
\n\t:error "DHCP client is not bound to an address.";\r
\n\t}\r
\n\t\r
\n:local dhcpgateway [/ip dhcp-client get [find interface="ether3"] gate
way];\r
\n:if ($dhcpgateway = "") do={\r
\n\t:error "Interface has not been assigned a gateway address.";\r
\n\t}\r
\n\t\r
\n:local oldgatewayid [/ip route find comment="ether3_force"];\r
\n\r
\n:if ("$oldgatewayid" = "") do={\r
\n\t:log warning "Adding route";\r
\n\t:execute "/ip route add \\r
\n\t\tdst-address=0.0.0.0/0 \\r
\n\t\tcomment=ether3_force \\r
\n\t\trouting-mark=conn3 \\r
\n\t\tgateway=$dhcpgateway";\r
\n\t:error "All done.";\r
\n\t}\r
\n\r
\n:local oldgateway [/ip route get number="$oldgatewayid" gateway];\r
\n:if ("$oldgateway" != "$dhcpgateway") do={\r
\n\t/ip route set numbers="$oldgatewayid" gateway="$dhcpgateway";\r
\n\t}\r
\n\r
\n\r
\n#The Same IP Gatway\r
\n\r
\n:local dhcpgateway [/ip dhcp-client get [find interface="ether3"] gate
way];\r
\n\r
\n /ip route set [find comment="ether3_force"] gateway=($dhcpgateway."
%ether3")\r
\n\r
\n# Disable Schedule\r
\n\r
\n:local RCount [/system scheduler get [find name =schedule3] run-count]\r
\n\r
\n:if ($RCount >2) do={\r
\n/system scheduler set [find name="schedule3"] disable=yes\r
\n#: log warning phalla;\r
\n}”
add name=ether4_force policy=read,write source=“:if ([/interface find name="e
ther4"] = "") do={\r
\n\t:error "Target interface does not exist";\r
\n\t}\r
\n\t\r
\n:if ([/interface get [find name="ether4"] disabled ]) do={\r
\n\t:error "Target interface ether4 is disabled.";\r
\n\t}\r
\n\r
\n:if ([/ip dhcp-client find interface="ether4"] = "") do={\r
\n\t:error "Target interface is not running a DHCP client.";\r
\n\t}\r
\n\r
\n:if ([/ip dhcp-client get [find interface="ether4"] status] != "bound
") do={\r
\n\t:error "DHCP client is not bound to an address.";\r
\n\t}\r
\n\t\r
\n:local dhcpgateway [/ip dhcp-client get [find interface="ether4"] gate
way];\r
\n:if ($dhcpgateway = "") do={\r
\n\t:error "Interface has not been assigned a gateway address.";\r
\n\t}\r
\n\t\r
\n:local oldgatewayid [/ip route find comment="ether4_force"];\r
\n\r
\n:if ("$oldgatewayid" = "") do={\r
\n\t:log warning "Adding route";\r
\n\t:execute "/ip route add \\r
\n\t\tdst-address=0.0.0.0/0 \\r
\n\t\tcomment=ether4_force \\r
\n\t\trouting-mark=conn4 \\r
\n\t\tgateway=$dhcpgateway";\r
\n\t:error "All done.";\r
\n\t}\r
\n\r
\n:local oldgateway [/ip route get number="$oldgatewayid" gateway];\r
\n:if ("$oldgateway" != "$dhcpgateway") do={\r
\n\t/ip route set numbers="$oldgatewayid" gateway="$dhcpgateway";\r
\n\t}\r
\n\r
\n\r
\n\r
\n#The Same IP Gatway\r
\n\r
\n:local dhcpgateway [/ip dhcp-client get [find interface="ether4"] gate
way];\r
\n\r
\n /ip route set [find comment="ether4_force"] gateway=($dhcpgateway."
%ether4")\r
\n\r
\n\r
\n# Disable Schedule\r
\n\r
\n:local RCount [/system scheduler get [find name =schedule4] run-count]\r
\n\r
\n:if ($RCount >2) do={\r
\n/system scheduler set [find name="schedule4"] disable=yes\r
\n#: log warning phalla;\r
\n}”
add name=ether1_force policy=read,write source=“:if ([/interface find name="e
ther1"] = "") do={\r
\n\t:error "Target interface does not exist";\r
\n\t}\r
\n\t\r
\n:if ([/interface get [find name="ether1"] disabled ]) do={\r
\n\t:error "Target interface ether1 is disabled.";\r
\n\t}\r
\n\r
\n:if ([/ip dhcp-client find interface="ether1"] = "") do={\r
\n\t:error "Target interface is not running a DHCP client.";\r
\n\t}\r
\n\r
\n:if ([/ip dhcp-client get [find interface="ether1"] status] != "bound
") do={\r
\n\t:error "DHCP client is not bound to an address.";\r
\n\t}\r
\n\t\r
\n:local dhcpgateway [/ip dhcp-client get [find interface="ether1"] gate
way];\r
\n:if ($dhcpgateway = "") do={\r
\n\t:error "Interface has not been assigned a gateway address.";\r
\n\t}\r
\n\t\r
\n:local oldgatewayid [/ip route find comment="ether1_force"];\r
\n\r
\n:if ("$oldgatewayid" = "") do={\r
\n\t:log warning "Adding route";\r
\n\t:execute "/ip route add \\r
\n\t\tdst-address=0.0.0.0/0 \\r
\n\t\tcomment=ether1_force \\r
\n\t\trouting-mark=conn1 \\r
\n\t\tgateway=$dhcpgateway";\r
\n\t:error "All done.";\r
\n\t}\r
\n\r
\n:local oldgateway [/ip route get number="$oldgatewayid" gateway];\r
\n:if ("$oldgateway" != "$dhcpgateway") do={\r
\n\t/ip route set numbers="$oldgatewayid" gateway="$dhcpgateway";\r
\n\t}\r
\n\r
\n#The Same IP Gatway\r
\n\r
\n:local dhcpgateway [/ip dhcp-client get [find interface="ether1"] gate
way];\r
\n\r
\n /ip route set [find comment="ether1_force"] gateway=($dhcpgateway."
%ether1")\r
\n\r
\n# Disable Schedule\r
\n\r
\n:local RCount [/system scheduler get [find name =schedule1] run-count]\r
\n\r
\n:if ($RCount >2) do={\r
\n/system scheduler set [find name="schedule1"] disable=yes\r
\n#: log warning phalla;\r
\n}”
/system scheduler
add disabled=yes interval=10s name=schedule1 on-event=
“\r
\n/system script run ether1_force” policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=
startup
add disabled=yes interval=10s name=schedule2 on-event=
“\r
\n/system script run ether2_force\r
\n” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-time=startup
add disabled=yes interval=10s name=schedule4 on-event=
“\r
\n/system script run ether4_force\r
\n” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-time=startup
add disabled=yes interval=10s name=schedule3 on-event=
“\r
\n/system script run ether3_force\r
\n” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-time=startup
add name=Enable-All-Schedules on-event=" /system scheduler set [find name="sc
hedule1"] disable=no;\r
\n\r
\n /system scheduler set [find name="schedule2"] disable=no;\r
\n\r
\n /system scheduler set [find name="schedule3"] disable=no;\r
\n\r
\n /system scheduler set [find name="schedule4"] disable=no;\r
\n\r
\n /system scheduler set [find name="schedule5"] disable=no;" policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=
startup