Dear All,
My proxy (192.168.2.2) connected to internet via mikrotik using load balancing between 2 lines. The Lines are fine.
Mikrotik IPs are 192.168.9.3 to modem and 192.168.2.1 to local
When I add (please ignore the syntax error, I get used to winbox ):
ip route: destination=0.0.0.0/0 gateway=192.168.1.1, 192.168.1.2 routing-mark=proxyroute
ip mangle: chain=prerouting src-address=192.168.2.2 connection-state=new action=mark-conn new-mark=connmark
ip mangle : chain=prerouting conn-mark=connmark action=mark-routing new-mark=proxyroute
It does not work, the client browser cannot receive website it asked for.
But when I omit line number 2 and change line number 3 with
ip mangle: chain=prerouting src-address=192.168.2.2 action=mark-routing new-mark=proxyroute
It works.
Is there any mistake I made?
Please, any suggestion welcome.
Dear all ;
The load balance is an important case to most of the MikroTik users .
can anyone guide us how to make a load balance between two internet or more so the traffic will be divided by them .
also what is the suitable document we should read in mikrotik web site for this ? .
waiting your feedback .
with best regards .
Hi ;
if your wan interface to internet with ip 192.168.9.3 and your local network interface ip 192.168.2.1
what are these ip’s for ? 192.168.1.1 & 192.168.1.2
what do you mean by " use it on another ip route ?
waiting your replies .
with best regards .
I have read your post a few times and am still not quite sure what your setup is…here is how it looks to me from your description…
WAN --| (Your post says your gateways are 192.168.1.1)
******WAN 192.168.9.3 MT Router LAN 192.168.2.1<->Proxy 192.168.2.2
WAN --| (and 192.168.1.2) How can your MT WAN be 192.168.9.3 with the GWs being 192.168.1.x?
Maybe if you lay this out a little better -
wan–|
*****<->WAN MT Box LAN<->Proxy <(are users here on the Proxy)
wan–| ^<-> users <(or here on the MT?)
Hi ;
as i am reading more about this topic and i will use load balance soon , i have a couple of questions .
like the web proxy cache , Do i have to make two redirect rule in the firewall nat ? one for each internet modem ? .
do i have to repeat the firewall filter and mangle rules for the new modem ? or just add a new gateway for the second internet modem ?
with best regards .
Dear all ;
the case of load balancing is very important to us .
now i am have two VSAT terminals i am connecting them to MT , follow the topics in wiki but there is problem doing the loadbalance .
on of the topics say to mark the connection with nth to odd and even and then to mark the route for the connection and use it with static route .
what i noticed is that the odd packets number more than the even packets all the time , and the packets marked for the route mark more than the packets marked with the connection that’s only for the odd while in the even case the number of packets are similar .
then by using a static route to ISP1 with odd mark and another static route to ISP2 with even mark and a third static route as the topic say to be used by the router itself to ISP1 , all the traffic going to only one internet gatway while the second one is not passing traffic .
if i add the second gateway to the third static route , then the two internet terminals start passing traffic but actully there is no internet at the client side .
and if i remove the third static route the internet stop as well .
i will write here the commands i am doing now to test the load balance :
lan > going to wire clients
wlan > going to wireless clients
iDirect > going to ISP1
Hughes > going to ISP2
with the configuration above i got the same number of packet for each mark , ex : wire odd packet & wire odd route = 100
wireless odd packet & wireless odd route = 230
so on .
and only with this configuration as i wrote above the two internet terminals are showing traffic .
please we all need help in this case as it help us to improve the weak service we are get from ISP .
anycomment and any practical had been done by anyone and work fine please give us your advice .
with best regards to all
It looks like you are using ROS 2.9.x can you confirm this? Things are different between v2.9.x and 3.x so confirmation is necessary to help you out…
Dear sir ;
yes now i am using 2.9.27 ,and i am realy thinking to upgrade to 3.6 with level 4 licence .
if you could help to advise me how to manage this with 2.9.27 and how to mange it with 3.x so when i upgrade i will not have to stop the service to clients for long time .
i will write the print command results this day but i am going only to remove the ip .
with best regards .
Hello again ;
here are the information you asked for , i just removed the ISP ip for it
[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
ADDRESS NETWORK BROADCAST INTERFACE
0 xxx.xxx.xxx.xxx/30 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx iDirect
1 yyy.yyy.yyy.yyy/28 yyy.yyy.yyy.yyy yyy.yyy.yyy.yyy hughes
2 192.168.3.1/24 192.168.3.0 192.168.3.255 lan
3 192.168.4.1/24 192.168.4.0 192.168.4.255 wlan1
4 D 192.168.3.5/32 192.168.3.4 0.0.0.0
5 D 192.168.3.3/32 192.168.3.2 0.0.0.0
6 D 192.168.4.118/32 192.168.4.117 0.0.0.0
7 D 192.168.4.116/32 192.168.4.115 0.0.0.0
8 D 192.168.4.3/32 192.168.4.2 0.0.0.0
9 D 192.168.4.104/32 192.168.4.103 0.0.0.0
10 D 192.168.4.9/32 192.168.4.8 0.0.0.0
11 D 192.168.4.120/32 192.168.4.119 0.0.0.0
12 D 192.168.3.102/32 192.168.3.101 0.0.0.0
13 D 192.168.4.5/32 192.168.4.4 0.0.0.0 <pppoe-dr.omar>
14 D 192.168.4.106/32 192.168.4.105 0.0.0.0
xxx.xxx.xxx.xxx the ip from ISP1
yyy.yyy.yyy.yyy the ip from ISP2
i am using two pppoe servers one for lan interface and the second one to wlan interface
for each client i assing two pools , each pool is only one ip , later i’ll use this ip’s in the simple queue .
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
DST-ADDRESS PREF-SRC G GATEWAY DIS
0 ADC yyy.yyy.yyy.yyy/28 yyy.yyy.yyy.yyy
1 ADC xxx.xxx.xxx.xxx/30 xxx.xxx.xxx.xxx
2 ADC 192.168.3.2/32 192.168.3.3
3 ADC 192.168.3.4/32 192.168.3.5
4 ADC 192.168.3.101/32 192.168.3.102
5 ADC 192.168.3.0/24 192.168.3.1
6 ADC 192.168.4.2/32 192.168.4.3
7 ADC 192.168.4.4/32 192.168.4.5
8 ADC 192.168.4.8/32 192.168.4.9
9 ADC 192.168.4.103/32 192.168.4.104
10 ADC 192.168.4.105/32 192.168.4.106
11 ADC 192.168.4.115/32 192.168.4.116
12 ADC 192.168.4.117/32 192.168.4.118
13 ADC 192.168.4.119/32 192.168.4.120
14 ADC 192.168.4.0/24 192.168.4.1
15 X S 0.0.0.0/0 r xxx.xxx.xxx.xxx
16 X S 0.0.0.0/0 u yyy.yyy.yyy.yyy
17 A S 0.0.0.0/0 r xxx.xxx.xxx.xxx
you will see that there are two static routes disabled , because i not wish to stop the service to client .
once i enable the two static routes only one terminal work and when i add the GW yyy.yyy.yyy.yyy to the last row in the table which it appear active now , the two terminals start work put the internet stop .
in the table above the route marks not appear .
the row number 15 , with mark route odd
the row number 16 , with mark route even
[admin@MikroTik] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward protocol=tcp tcp-flags=syn connection-limit=24,32 action=jump jump-target=drop
1 chain=drop action=drop
as i just installed the server yesterday to another pc machine i only put one rule to limit client connections to internet
later rules will be added
[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 X chain=srcnat src-address=192.168.3.0/24 action=masquerade
1 X chain=srcnat src-address=192.168.4.0/24 action=masquerade
2 chain=srcnat action=masquerade
when i enable the static routes i enable rules 0 & 1 and disable 2
[admin@MikroTik] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; wireless odd connection mark
chain=prerouting in-interface=wlan1 connection-state=new nth=1,1,0 action=mark-packet
new-packet-mark=odd passthrough=yes
Look at this wiki article - this is what you are trying to do… If this does not make sense or you cannot get it to work - drop a line back here on the forum with your config and we will sort it out from there.
Two things jumped out at me - first you have no routing rules… In Winbox, /IP route , select the rule tab - at the very least you should have one rule and it should be;
i put reply put i lost it during sending the post .
i will use these nat rules and inform you .
during that please give us explaining to the rule tab in the ip route .
with best regards .
That rule is a ‘policy routing rule’. I can’t explain why MT ROS requires it, but I do know that when you are using connection tracking, (nat, mangle, etc), that MT ROS EXPECTS there to be at least one rule in policy routing. So using 0.0.0.0/0 with action=lookup and table=main sends connection tracking sub-module to your main routing table to look everything up in and thus route out the correct interface.
jwcn -
How do you know it’s an illegal copy? I have two boards that are on towers that still have 2.9.27 on them and I have a really remote MT that still has 2.8.26 on it - I can assure you they are all LEGAL copies…
Tell me you know how they are illegal and I’d be more than happy to stop helping…
2.9.27 is the most recent version that has been cracked. The only reason one would not upgrade would be because they can’t upgrade a cracked version and still avoid detection.
This is a common problem with new forum members. Download and install a cracked version, cry for help. It is an all too frequent problem.
This is why if you do a search for 2.9.27 MT locks every forum that involves it.
I don’t keep up on ‘cracked’ software - I only use legal software.
MT should then make a post to that effect - anyone with 2.9.27 is screwed. I hate pirates…I use to write code and don’t anymore - pirates are part of the reason…
I just didn’t make the cutoff date for the upgrades on these older RB112s - someday - when I replace those boards with something faster I’ll netinstall the latest legal version allowed for those boards. Too much trouble to climb a 150 tower with a laptop to do a netinstall for two boards…
):
