Load Balancing Problem

dbodeenisudm · November 14, 2011, 4:02pm

Hi; I followed the PCC Wiki and there is a problem; I cannot winbox into the ISP1 IP if the 8th rule in the mangle chain is enabled. Anyone know why? WAN gets a DHCP of 172.21.0.194. Can winbox in fine if I disable the 8th mangle rule; enabled cannot winbox in but can ping. Any ideas?

/ip address
add address=192.168.0.1/24 disabled=no interface=LAN network=192.168.0.0

/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ISP1
add action=masquerade chain=srcnat disabled=no out-interface=ISP2

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
172.21.0.1 routing-mark=to_ISP1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
172.21.25.1 routing-mark=to_ISP2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
172.21.0.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=
172.21.25.1 scope=30 target-scope=10

0 chain=prerouting action=accept dst-address=172.21.0.0/24 in-interface=LAN

1 chain=prerouting action=accept dst-address=172.21.25.0/24 in-interface=LAN

2 chain=prerouting action=mark-connection new-connection-mark=ISP1_conn passthrough=yes in-interface=ISP1 connection-mark=no-mark

3 chain=prerouting action=mark-connection new-connection-mark=ISP2_conn passthrough=yes in-interface=ISP2 connection-mark=no-mark

4 chain=prerouting action=mark-connection new-connection-mark=ISP1_conn passthrough=yes dst-address-type=!local in-interface=LAN connection-mark=no-mark
per-connection-classifier=both-addresses:2/0

5 chain=prerouting action=mark-connection new-connection-mark=ISP2_conn passthrough=yes dst-address-type=!local in-interface=LAN connection-mark=no-mark
per-connection-classifier=both-addresses:2/1

6 chain=prerouting action=mark-routing new-routing-mark=to_ISP1 passthrough=yes in-interface=LAN connection-mark=ISP1_conn

7 chain=prerouting action=mark-routing new-routing-mark=to_ISP2 passthrough=yes in-interface=LAN connection-mark=ISP2_conn

8 X chain=output action=mark-routing new-routing-mark=to_ISP1 passthrough=yes connection-mark=ISP1_conn

9 chain=output action=mark-routing new-routing-mark=to_ISP2 passthrough=yes connection-mark=ISP2_conn

Feklar · November 14, 2011, 6:29pm

Because you’re doing nothing to mark connections coming into the router so it remembers to use the right route when sending replies back. The Wiki for PCC has the rules for that, they are the ones in the input and output chains.

dbodeenisudm · November 14, 2011, 7:14pm

hmm

I followed the wiki exactly and have double and triple checked.

0 chain=prerouting action=accept dst-address=172.21.0.0/24 in-interface=LAN

1 chain=prerouting action=accept dst-address=172.21.25.0/24 in-interface=LA>

2 chain=prerouting action=mark-connection new-connection-mark=ISP1_conn
passthrough=yes in-interface=ISP1 connection-mark=no-mark

3 chain=prerouting action=mark-connection new-connection-mark=ISP2_conn
passthrough=yes in-interface=ISP2 connection-mark=no-mark

4 chain=prerouting action=mark-connection new-connection-mark=ISP1_conn
passthrough=yes dst-address-type=!local in-interface=LAN
connection-mark=no-mark per-connection-classifier=both-addresses:2/0

5 chain=prerouting action=mark-connection new-connection-mark=ISP2_conn
passthrough=yes dst-address-type=!local in-interface=LAN
connection-mark=no-mark per-connection-classifier=both-addresses:2/1

6 chain=prerouting action=mark-routing new-routing-mark=to_ISP1
passthrough=yes in-interface=LAN connection-mark=ISP1_conn

7 chain=prerouting action=mark-routing new-routing-mark=to_ISP2
passthrough=yes in-interface=LAN connection-mark=ISP2_conn

8 X chain=output action=mark-routing new-routing-mark=to_ISP1 passthrough=yes
connection-mark=ISP1_conn

9 chain=output action=mark-routing new-routing-mark=to_ISP2 passthrough=yes
connection-mark=ISP2_conn