Load balancing - Dual WAN

bekward · June 27, 2015, 10:54am

Hello, I’m new to mikrotik routers, please move this topic to appropriate section if something wrong with my choice of it.
I want to use Mikrotik RB750 for dual wan, when one WAN is dead another live WAN must work and no failures in connection must be.
I have below configuration for it, and some questions about this configuration.

/interface ethernet set WAN1 mac-address=30:85:A9:EC:7C:BA
/interface ethernet set WAN2 mac-address=30:85:A9:EC:7C:BA

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=213.157.196.131,80.77.52.133,8.8.8.8

/ ip address
add address=10.0.1.10/22 network=10.0.1.0 broadcast=10.0.4.255 interface=Local

/ ip firewall mangle
add chain=prerouting dst-address=5.178.207.128/25 action=accept in-interface=Local

add chain=prerouting in-interface=WAN1 connection-mark=no-mark action=mark-connection
new-connection-mark=WAN1_conn

add chain=prerouting in-interface=Local connection-mark=no-mark dst-address-type=!local
per-connection-classifier=both-addresses:1/0 action=mark-connection new-connection-mark=WAN1_conn

add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing
new-routing-mark=to_WAN1

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1

/ ip route

add dst-address=0.0.0.0/0 gateway=5.178.207.129 routing-mark=to_WAN1 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=5.178.207.129 distance=1 check-gateway=ping

/ ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade

First question is about interfaces…
I name my first two interface as WAN1 and WAN2, they have as default master port “none”, but third interface as Local and it has master port WAN1, does I change it to “none” or leave it alone?
Second question is about this command:

/ ip firewall mangle
add chain=prerouting dst-address=5.178.212.150/25 action=accept in-interface=Local

when I execute it with terminal it doesn’t show any error, but when I check IP/Firewall/Mangle with winbox menu I see different IP there like 5.178.150.128/25 I corrected it with winbox menu but it says “IP address is expected” and doesn’t allow to include there /25
what can I do to write there correct IP?

And Last is this configuration correct for my goal?
Thank you all for answers in advance

bekward · June 30, 2015, 3:05pm

Another questions,
when I connected WAN1 all worked well, but when I connected WAN2 internet has gone, I disabled interface WAN2 and internet came to me
after this I tried to add

add chain=srcnat out-interface=WAN2 action=masquerade

for interface WAN2 and internet came to me after enabling WAN2 again.
Question 1. what exactly masquerade do?
Now WAN2 is primary connection and I can’t do anything to this (I want WAN1 to be primary).
now my main problem is that I can’t connect to open ports from WAN2 ex. if WAN1 is working and WAN1 when WAN2 is working.
Question 2. want that both WANs work together, how can I gain this?
Please answer.

bekward · July 4, 2015, 6:49am

some news and some new questions …

I have finished configuration, everything (except one thing …) works correctly,
Load balancing seems to work fine and failover too, but
when both WANs is active ( I mean when both is enabled) something happens to the 3389 port connection and I cannot connect to both WAN on this port, when I disable one of WANs it works fine, there is another (wireless) router after mikrotik, can it somehow call this situation or something wrong maybe in my configuration?
this is the only thing I can’t figure out at this moment.
I followed this video tutorial on youtube: https://www.youtube.com/watch?v=dnLKyu4_md8