Load Balancing & Failover

azhar · July 31, 2023, 11:57am

I installed a Mkrotik RB750GL with the followin configuration:-

Port1 = WAN1 (192.168.100.10)
Port2 = WAN2 (192.168.200.10)
Port3 = LAN (192.168.6.1)
Port4 = Servers (192.0.0.99)
Port5 = 2nd Office (192.168.15.1)

When I configure this router for Load Balancing and fiailover, user on LAN (192.168.6.1) not able to access servers on Port 4 (192.0.0.0 Network). But my Mikrotik can ping those servers.

After disabling following mangle rules, my LAN users can access servers.
add action=mark-routing chain=output connection-mark=WAN1_Conn
new-routing-mark=To_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_Conn
new-routing-mark=To_WAN2 passthrough=yes

I’ve added the following mangle rules:-

/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.10.0/24 in-interface=
LAN-Bridge
add action=accept chain=prerouting dst-address=192.168.20.0/24 in-interface=
LAN-Bridge
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=WAN-1 new-connection-mark=WAN1_Conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=WAN-2 new-connection-mark=WAN2_Conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=LAN-Bridge new-connection-mark=
WAN1_Conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=LAN-Bridge new-connection-mark=
WAN2_Conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_Conn
in-interface=LAN-Bridge new-routing-mark=To_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_Conn
in-interface=LAN-Bridge new-routing-mark=To_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_Conn
new-routing-mark=To_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_Conn
new-routing-mark=To_WAN2 passthrough=yes

If anyone can help, it’ll be great.

K0NCTANT1N · July 31, 2023, 4:44pm

Incomplete information. It’s hard to answer.
/export file=anyname (delete router serial number, any public WAN IP information, etc.)

I changed my config.

http://forum.mikrotik.com/t/multiple-public-ip-and-gateway/167812/1
https://youtu.be/nlb7XAv57tw

anav · July 31, 2023, 4:46pm

Without the full config hard to say…
but looking at your first two mangle rule they are wrong and have nothing to do with your config aka load balancing.
a. There are no subnets 192.168.10.0 or 192.168.20.0 ???
b. they have nothing to do with load balancing

The fact that your users cannot access the servers doesnt make sense.
You only mark traffic NOT for local destination so that should not be the cause of any issues.

How do users access the servers by direct LAN Ip address??

azhar · August 1, 2023, 5:18am

Hi K0NCTANT1N
Here is my ful configuration file.

Anav,
My LAN users are on 192.168.6.0/24 network whereas my servers are on 192.0.0.0/24 network. So I placed this router between to communicate with the servers.
RB750GL.rsc (72.2 KB)

anav · August 1, 2023, 12:09pm

Need some cleanup, get rid of the regex 7 crap…
firewall rules need some work

But first thing is your WAn1,Wan2, why do you have them under IP DHCP servers, wrongo.

TWO approaches, do it under IPDHCP client or if you know the static settings simply
a. enter in the IP addresses of each WAN
b. create the manual route for each WAN.

Note; Dont need to see all the leases in a config…
Dont recommend setting internet detect to WAN