THG
March 31, 2010, 11:58am
1
Someone asked me to configure a router with two Internet connections, two LAN, two DMZs, and load balancing. First of all is it even possible? I think load balancing would complicate things, especially when there is servers on both LANs to be reachable from the Internet. I don’t expect anyone to explain how it should be done, just a hint would be appreciated.
Setup:
Router has four network interfaces.
Internet 1 = 90.225.80.1
LAN 1 = 192.168.1.0/24
HTTP Servers on both LAN, and probably some other services like SSH, VOIP and FTP.
nii
October 9, 2011, 8:06pm
2
Did you get an answer on your request yet ?
perhaps, I have any idea with this topology and there are several ways, that might help…
/ip address
add address=90.225.80.1/24 broadcast=90.225.80.255 comment="" disabled=no \
interface=Internet1 network=90.225.80.0
add address=90.225.90.1/24 broadcast=90.225.90.255 comment="" disabled=no \
interface=Internet2 network=90.225.90.0
add address=192.168.1.1/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=LAN21 network=192.168.1.0
add address=192.168.2.1/24 broadcast=192.168.2.255 comment="" disabled=no \
interface=LAN21 network=192.168.2.0
I assume that IP address to the internet with subnet ( /24)
/ip firewall mangle
add action=mark-connection chain=input comment="Alternative Load Balance" disabled=no \
in-interface=Internet1 new-connection-mark=INET-1 passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=\
Internet2 new-connection-mark=INET-2 passthrough=yes
add action=mark-connection chain=prerouting comment="Load Balance LAN1" \
connection-state=new disabled=no dst-port=80 in-interface=LAN1 \
new-connection-mark="INET-1 S" nth=2,1 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=new \
disabled=no dst-port=80 in-interface=LAN1 new-connection-mark="INET-2 S" \
nth=2,2 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="Load Balance LAN2" \
connection-state=new disabled=no dst-port=!80,22 in-interface=LAN2 \
new-connection-mark=INET-1 nth=2,1 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=new \
disabled=no dst-port=!80,22 in-interface=LAN2 new-connection-mark=INET-2 \
nth=2,2 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=new \
disabled=no dst-port=!53 in-interface=LAN2 new-connection-mark=INET-1 nth=\
2,1 passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment="" connection-state=new \
disabled=no dst-port=!53 in-interface=LAN2 new-connection-mark=INET-2 nth=\
2,2 passthrough=yes protocol=udp
add action=mark-routing chain=prerouting comment="Route With PCC Method" connection-mark=\
"INET-1 S" disabled=no in-interface=LAN21 new-routing-mark=INET-1 \
passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=\
"INET-2 S" disabled=no in-interface=LAN21 new-routing-mark=INET-2 \
passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=INET-1 \
disabled=no in-interface=LAN2 new-routing-mark=INET-1 passthrough=no
add action=mark-routing chain=prerouting comment="" connection-mark=INET-2 \
disabled=no in-interface=LAN2 new-routing-mark=INET-2 passthrough=no
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
Internet1 routing-mark=INET-1 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
Internet2 routing-mark=INET-2 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
Internet1,Internet2 scope=30 target-scope=10
add comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
Internet2 scope=30 target-scope=10
add comment="" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
Internet1 scope=30 target-scope=10
I beg you to customize with your network conditions, about the destination port declaration, e.g 80, 81,22,21 etc…